PAN-OS: Panorama SD WAN arbitrary file creation
Description
An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases this results in arbitrary code execution with root permissions. This issue affects: All versions of PAN-OS 7.1; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Palo Alto Networks PAN-OS Panorama SD WAN component allows authenticated admin to create arbitrary files on managed firewalls, potentially leading to root RCE.
Vulnerability
An external control of filename vulnerability (CWE-73) exists in the SD WAN component of Palo Alto Networks PAN-OS Panorama. An authenticated administrator can send a crafted request that results in the creation and write of an arbitrary file on all firewalls managed by Panorama. This issue affects all versions of PAN-OS 7.1; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. PAN-OS 8.0 is end-of-life, and PAN-OS 7.1 is on extended support until June 30, 2020 [1].
Exploitation
An attacker must have valid administrative credentials to the Panorama management interface. The attacker sends a specially crafted request to the SD WAN component, controlling the filename and content. No user interaction is required, and the attack is performed over the network with low complexity [1].
Impact
Successful exploitation allows arbitrary file write on all managed firewalls, potentially leading to arbitrary code execution with root privileges on the firewalls. This can result in full compromise of the managed devices, affecting confidentiality, integrity, and availability (CVSSv3.1 Base Score 7.2) [1].
Mitigation
Fixed versions are PAN-OS 8.1.14 and 9.0.7, and all later versions. PAN-OS 7.1 and 8.0 do not have fixes and are not recommended for use. Workarounds include following best practices for securing the PAN-OS management interface, such as restricting access via IP whitelisting and using strong authentication [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: PAN-OS 7.1 all, PAN-OS 8.1 < 8.1.14, PAN-OS 9.0 < 9.0.7
- Range: 7.1.*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- security.paloaltonetworks.com/CVE-2020-2009mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.