New Palo Alto Networks Security Advisories. May 13, 2020

Started by icecream-guy, May 14, 2020, 05:28:00 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

icecream-guy

May 14, 2020, 05:28:00 AM
New Palo Alto Networks Security Advisories.
Palo Alto Networks has published 28 new Security Advisories at https://security.paloaltonetworks.com on May 13, 2020:

PAN-OS
________________________________________
CVE-2020-2018 PAN-OS: Panorama proxy service authorization bypass (Severity: CRITICAL)
https://security.paloaltonetworks.com/CVE-2020-2018

CVE-2020-2014 PAN-OS: OS injection vulnerability in PAN-OS management server (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-2014

CVE-2020-2015 PAN-OS: Buffer overflow in the management server (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-2015

CVE-2020-2017 PAN-OS: DOM-Based cross site scripting vulnerability in management web interface (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-2017

CVE-2020-2013 PAN-OS: Panorama context switch session cookie disclosure (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-2013

CVE-2020-2001 PAN-OS: Panorama External control of file vulnerability leads to privilege escalation (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-2001

CVE-2020-2002 PAN-OS: Spoofed Kerberos key distribution center authentication bypass (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-2002

PAN-SA-2020-0005 PAN-OS: OpenSSH software upgraded to resolve multiple vulnerabilities (Severity: HIGH)
https://security.paloaltonetworks.com/PAN-SA-2020-0005

CVE-2020-2011 PAN-OS: Panorama registration denial of service (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-2011

CVE-2020-2012 PAN-OS: Panorama: XML external entity reference ('XXE') vulnerability leads the to information leak (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-2012

PAN-SA-2020-0006 PAN-OS: Nginx software upgraded to resolve multiple vulnerabilities (Severity: HIGH)
https://security.paloaltonetworks.com/PAN-SA-2020-0006

CVE-2020-2006 PAN-OS: Buffer overflow in management server payload parser (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-2006

CVE-2020-2007 PAN-OS: OS command injection in management server (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-2007

CVE-2020-2008 PAN-OS: OS command injection or arbitrary file deletion vulnerability (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-2008

CVE-2020-2009 PAN-OS: Panorama SD WAN arbitrary file creation (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-2009

CVE-2020-2010 PAN-OS: Authenticated user command injection vulnerability (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-2010

CVE-2020-2005 PAN-OS: GlobalProtect Clientless VPN session hijacking (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-2005

CVE-2020-2016 PAN-OS: Temporary file race condition vulnerability in PAN-OS leads to local privilege escalation (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-2016

CVE-2020-2003 PAN-OS: Authenticated administrator can delete arbitrary system file (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2020-2003

CVE-2020-1998 PAN-OS: Improper SAML SSO authorization of shared local users (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2020-1998

CVE-2017-7529 PAN-OS: Nginx integer overflow may lead to information leak (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2017-7529

CVE-2020-1996 PAN-OS: Panorama management server log injection (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2020-1996

CVE-2020-1997 PAN-OS: GlobalProtect registration open redirect (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2020-1997

CVE-2020-1995 PAN-OS: Management server rasmgr denial of service (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2020-1995

CVE-2020-1994 PAN-OS: Predictable temporary file vulnerability (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2020-1994

CVE-2020-1993 PAN-OS: GlobalProtect Portal PHP session fixation vulnerability (Severity: LOW)
https://security.paloaltonetworks.com/CVE-2020-1993

PAN-SA-2020-0004 Informational: Third-party or open source vulnerabilities that do not affect PAN-OS (Severity: NONE)
https://security.paloaltonetworks.com/PAN-SA-2020-0004

GlobalProtect App
________________________________________
CVE-2020-2004 GlobalProtect App: Passwords may be logged in clear text while collecting troubleshooting logs (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2020-2004


Please visit our Security Advisories website to learn more at https://security.paloaltonetworks.com/.
If you have questions, please contact support https://www.paloaltonetworks.com/company/contact-support.

Regards,
Product Security Incident Response Team
Palo Alto Networks
:professorcat:

My Moral Fibers have been cut.
Print
Go Up Pages1
User actions