Attacker Value
Very High
(1 user assessed)
Exploitability
Low
(1 user assessed)
User Interaction
None
Privileges Required
High
Attack Vector
Network
1

CVE-2020-2038

Disclosure Date: September 09, 2020
Add any MITRE ATT&CK Tactics to the list below that apply to this CVE.

Description

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1.

Add Assessment

1
Ratings
Technical Analysis

Not enough is known about this vulnerability, but this requires admin creds to the management interface, so mitigate this by choosing secure passphrases, securing credential storage, etc.

General Information

Vendors

  • Palo Alto Networks

Products

  • PAN-OS

Additional Info

Technical Analysis