HKCert
  

Palo Alto Products Multiple Vulnerabilities

Release Date: 15 / 05 / 2020
Last Update: 19 / 05 / 2020
Risk Level:  


Multiple vulnerabilities were identified in Palo Alto Products, a remote user could exploit some of these vulnerabilities to trigger remote code execution, elevation of privilege, bypass security restriction and sensitive information disclosure on the targeted system.

  • Elevation of Privilege
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure
  • Nginx (CVE-2017-7529)
    PAN-OS 7.1 versions earlier than 7.1.26;
    PAN-OS 8.1 versions earlier than 8.1.13;
    PAN-OS 9.0 versions earlier than 9.0.6;
    All versions of PAN-OS 8.0.

 

  • Panorama management service (CVE-2020-2012)
    PAN-OS for Panorama 8.1 versions earlier than 8.1.13;
    PAN-OS for Panorama 9.0 versions earlier than 9.0.7;
    All versions of PAN-OS for Panorama 7.1 and 8.0.

 

  • Panorama proxy service (CVE-2020-2018)
    PAN-OS 7.1 versions earlier than 7.1.26;
    PAN-OS 8.1 versions earlier than 8.1.12;
    PAN-OS 9.0 versions earlier than 9.0.6;
    All versions of PAN-OS 8.0.

 

  • Panorama management server (CVE-2020-1996)
    PAN-OS 8.1 versions earlier than 8.1.14;
    PAN-OS 9.0 versions earlier than 9.0.9;
    All versions of PAN-OS 7.1 and 8.0.

 

  • PAN-OS (CVE-2020-2001)
    PAN-OS 8.1 versions earlier than 8.1.12 on Panorama;
    PAN-OS 9.0 versions earlier than 9.0.6 on Panorama;
    All PAN-OS 7.1 Panorama and 8.0 Panorama versions.

 

  • PAN-OS (CVE-2020-2018)
    PAN-OS 7.1 versions earlier than 7.1.26;
    PAN-OS 8.1 versions earlier than 8.1.12;
    PAN-OS 9.0 versions earlier than 9.0.6;
    All versions of PAN-OS 8.0.

 

  • PAN-OS (CVE-2020-1997)
    PAN-OS 7.1 versions earlier than 7.1.26;
    PAN-OS 8.0 versions earlier than 8.0.14.

 

  • PAN-OS (CVE-2020-2016)
    PAN-OS 7.1 versions earlier than 7.1.26;
    PAN-OS 8.1 versions earlier than 8.1.13;
    PAN-OS 9.0 versions earlier than 9.0.6;
    All versions of PAN-OS 8.0.

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor. For detail, please refer to the link below: