Vulnerability Description
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paloaltonetworks | Pan-Os | >= 9.0.0, < 9.0.10 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/168008/PAN-OS-10.0-Remote-Code-Execution.htExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/168408/Palo-Alto-Networks-Authenticated-RemExploitThird Party AdvisoryVDB Entry
- https://security.paloaltonetworks.com/CVE-2020-2038Vendor Advisory
- http://packetstormsecurity.com/files/168008/PAN-OS-10.0-Remote-Code-Execution.htExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/168408/Palo-Alto-Networks-Authenticated-RemExploitThird Party AdvisoryVDB Entry
- https://security.paloaltonetworks.com/CVE-2020-2038Vendor Advisory
FAQ
What is CVE-2020-2038?
CVE-2020-2038 is a vulnerability with a CVSS score of 7.2 (HIGH). An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 ...
How severe is CVE-2020-2038?
CVE-2020-2038 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-2038?
Check the references section above for vendor advisories and patch information. Affected products include: Paloaltonetworks Pan-Os.