Palo Alto Networks Security Advisories - September 9th, 2020

icecream-guy · September 09, 2020, 12:08:16 PM

New Palo Alto Networks Security Advisories.
Palo Alto Networks has published 9 new Security Advisories at https://security.paloaltonetworks.com on September 9, 2020:

PAN-OS
________________________________________
CVE-2020-2040 PAN-OS: Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled (Severity: CRITICAL)
https://security.paloaltonetworks.com/CVE-2020-2040

CVE-2020-2036 PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-2036

CVE-2020-2041 PAN-OS: Management web interface denial-of-service (DoS) (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-2041

CVE-2020-2037 PAN-OS: OS command injection vulnerability in the management web interface (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-2037

CVE-2020-2038 PAN-OS: OS command injection vulnerability in the management web interface (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-2038

CVE-2020-2042 PAN-OS: Buffer overflow in the management web interface (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-2042

CVE-2020-2039 PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2020-2039

CVE-2020-2043 PAN-OS: Passwords may be logged in clear text when using after-change-detail custom syslog field for config logs (Severity: LOW)
https://security.paloaltonetworks.com/CVE-2020-2043

CVE-2020-2044 PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history (Severity: LOW)
https://security.paloaltonetworks.com/CVE-2020-2044

Palo Alto Networks Security Advisories - September 9th, 2020

icecream-guy