Vulnerability Description
A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account and further manipulate devices managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All version of PAN-OS 8.0;
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paloaltonetworks | Pan-Os | >= 7.1.0, <= 7.1.26 |
Related Weaknesses (CWE)
References
- https://security.paloaltonetworks.com/CVE-2020-2013Vendor Advisory
- https://security.paloaltonetworks.com/CVE-2020-2013Vendor Advisory
FAQ
What is CVE-2020-2013?
CVE-2020-2013 is a vulnerability with a CVSS score of 8.3 (HIGH). A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrato...
How severe is CVE-2020-2013?
CVE-2020-2013 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-2013?
Check the references section above for vendor advisories and patch information. Affected products include: Paloaltonetworks Pan-Os.