Very High
CVE-2020-2034 — PAN-OS: OS command injection vulnerability in GlobalProtect portal
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2020-2034 — PAN-OS: OS command injection vulnerability in GlobalProtect portal
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtect portal feature is not enabled. This issue impacts PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; all versions of PAN-OS 8.0 and PAN-OS 7.1. Prisma Access services are not impacted by this vulnerability.
Add Assessment
Ratings
-
Attacker ValueVery High
-
ExploitabilityVery High
Technical Analysis
fghfgjj
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
Vendors
- Palo Alto Networks
Products
- PAN-OS
Exploited in the Wild
Would you like to delete this Exploited in the Wild Report?
Yes, delete this reportReferences
Miscellaneous
Additional Info
Technical Analysis
On July 8, 2020, Palo Alto Networks published details on an OS command injection vulnerability in their PAN-OS GlobalProtect portal. The vulnerability allows an unauthenticated network-based attacker to execute arbitrary OS commands with root privileges and carries a CVSSv3 base score of 8.1. An attacker would require some level of specific information about the configuration of an impacted firewall or perform brute-force attacks to exploit this issue. According to the advisory, this issue cannot be exploited if the GlobalProtect portal feature is not enabled.
Affected products include:
- PAN-OS 9.1 versions earlier than PAN-OS 9.1.3
- PAN-OS 8.1 versions earlier than PAN-OS 8.1.15
- PAN-OS 9.0 versions earlier than PAN-OS 9.0.9
- All versions of PAN-OS 8.0 and PAN-OS 7.1
Palo Alto Networks’s advisory notes that Prisma Access services and firewalls upgraded to the latest version of PAN-OS to resolve CVE-2020-2021 are not impacted by this vulnerability.
Rapid7 Analysis: Rapid7’s Project Sonar has identified just shy of 50,000 vulnerable PAN-OS instances on the public internet. At time of writing, there were no public proofs-of-concept for CVE-2020-2034, and Palo Alto Networks underlined that they are unaware of any active exploitation. Nevertheless, June 29’s publication of CVE-2020-2021 (a vulnerability in signature verification in PAN-OS’s SAML authentication that carried a CVSSv3 base score of 10) brought increased scrutiny to PAN-OS—which in turn increases the likelihood of exploitation by both APT and commodity threat actors, regardless of whether that exploitation has thus far been detected.
A Bishop Fox security researcher published a scanning tool to identify GlobalProtect portal instances and determine their underlying versions of PAN-OS.
Guidance: Palo Alto Networks customers should update to an unaffected version of PAN-OS as soon as is practical.
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Hey @WorldHack666 thank you for contributing an Attacker Value and Exploitability score! In your opinion, why do you think this has high attacker value? I’m grateful you added an assessment, I just think the community favors assessments with a little more detail and background behind the ratings.