CVE-2020-2028 - Vulnerability Details - OpenCVE

An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13; PAN-OS 9.0 versions earlier than PAN-OS 9.0.7.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Paloaltonetworks	Pan-os

Configuration 1 [-]

OR	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::

No data.

References

Link	Providers
https://security.paloaltonetworks.com/CVE-2020-2028

History

No history.

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2020-06-10T17:28:28.840562Z

Updated: 2024-09-16T18:18:19.426Z

Reserved: 2019-12-04T00:00:00

Link: CVE-2020-2028

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-06-10T18:15:11.610

Modified: 2024-11-21T05:24:29.547

Link: CVE-2020-2028

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [{"status": "affected", "version": "7.1.*"}, {"status": "affected", "version": "8.0.*"}, {"changes": [{"at": "8.1.13", "status": "unaffected"}], "lessThan": "8.1.13", "status": "affected", "version": "8.1", "versionType": "custom"}, {"changes": [{"at": "9.0.7", "status": "unaffected"}], "lessThan": "9.0.7", "status": "affected", "version": "9.0", "versionType": "custom"}, {"lessThan": "9.1*", "status": "unaffected", "version": "9.1.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "This issue was found by Nicholas Newsom of Palo Alto Networks during internal security review."}], "datePublic": "2020-06-10T00:00:00", "descriptions": [{"lang": "en", "value": "An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13; PAN-OS 9.0 versions earlier than PAN-OS 9.0.7."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 OS Command Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-10T17:28:28", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2020-2028"}], "solutions": [{"lang": "en", "value": "This issue is fixed in PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.0, and all later PAN-OS versions."}, {"lang": "en", "value": "PAN-OS 8.0 is end-of-life (as of October 31, 2019) and is no longer covered by our Product Security Assurance policies.\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes."}], "source": {"defect": ["PAN-125804"], "discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2020-06-10T00:00:00", "value": "Initial publication"}], "title": "PAN-OS: OS command injection vulnerability in FIPS-CC mode certificate verification", "workarounds": [{"lang": "en", "value": "This issue affects the management interface of PAN-OS and you can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2020-06-10T16:00:00.000Z", "ID": "CVE-2020-2028", "STATE": "PUBLIC", "TITLE": "PAN-OS: OS command injection vulnerability in FIPS-CC mode certificate verification"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PAN-OS", "version": {"version_data": [{"version_affected": "<", "version_name": "8.1", "version_value": "8.1.13"}, {"version_affected": "<", "version_name": "9.0", "version_value": "9.0.7"}, {"version_affected": "!>=", "version_name": "8.1", "version_value": "8.1.13"}, {"version_affected": "!>=", "version_name": "9.0", "version_value": "9.0.7"}, {"version_affected": "!>=", "version_name": "9.1", "version_value": "9.1.0"}, {"version_affected": "=", "version_name": "7.1", "version_value": "7.1.*"}, {"version_affected": "=", "version_name": "8.0", "version_value": "8.0.*"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "credit": [{"lang": "eng", "value": "This issue was found by Nicholas Newsom of Palo Alto Networks during internal security review."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13; PAN-OS 9.0 versions earlier than PAN-OS 9.0.7."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-78 OS Command Injection"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2020-2028", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2020-2028"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.0, and all later PAN-OS versions."}, {"lang": "en", "value": "PAN-OS 8.0 is end-of-life (as of October 31, 2019) and is no longer covered by our Product Security Assurance policies.\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes."}], "source": {"defect": ["PAN-125804"], "discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2020-06-10T00:00:00", "value": "Initial publication"}], "work_around": [{"lang": "en", "value": "This issue affects the management interface of PAN-OS and you can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:54:00.584Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2020-2028"}]}]}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2020-2028", "datePublished": "2020-06-10T17:28:28.840562Z", "dateReserved": "2019-12-04T00:00:00", "dateUpdated": "2024-09-16T18:18:19.426Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "9223062F-C3E8-4D86-88E4-70D775D1151F", "versionEndIncluding": "7.1.26", "versionStartIncluding": "7.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "2BEFBF38-AF84-4477-A6B9-5BDD51D54F4F", "versionEndIncluding": "8.0.20", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE88801C-4736-4FCF-90A4-4B4D72774502", "versionEndExcluding": "8.1.13", "versionStartIncluding": "8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "215D027B-4831-4BB9-8CEF-D5657D27EE9C", "versionEndExcluding": "9.0.7", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13; PAN-OS 9.0 versions earlier than PAN-OS 9.0.7."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de comandos del Sistema Operativo en el servidor de administraci\u00f3n de PAN-OS, permite a administradores autenticados ejecutar comandos arbitrarios del sistema operativo con privilegios root al cargar un nuevo certificado en modo FIPS-CC. Este problema afecta: Todas las versiones de PAN-OS 7.1 y PAN-OS versi\u00f3n 8.0; PAN-OS versiones 8.1 anteriores a PAN-OS 8.1.13; PAN-OS versiones 9.0 anteriores a PAN-OS 9.0.7"}], "id": "CVE-2020-2028", "lastModified": "2024-11-21T05:24:29.547", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-10T18:15:11.610", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2020-2028"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2020-2028"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}