Rewterz Threat Advisory – Netwalker Exploits Vulnerabilities to Target Corporate Networks
September 10, 2020Rewterz Threat Advisory – Additional Palo Alto PAN-OS Issues
September 11, 2020Rewterz Threat Advisory – Netwalker Exploits Vulnerabilities to Target Corporate Networks
September 10, 2020Rewterz Threat Advisory – Additional Palo Alto PAN-OS Issues
September 11, 2020Severity
High
Analysis Summary
CVE-2020-2036
A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator’s browser and perform administrative actions.
CVE-2020-2037, CVE-2020-2038
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.
Impact
- Cross-site scripting
- Command injection
Affected Vendors
Palo Alto
Affected Products
PAN OS
Remediation
Refer to vendor advisory for the complete list of affected products and their respective patches.
https://security.paloaltonetworks.com/CVE-2020-2036