PAN-OS: Panorama context switch session cookie disclosure
Description
A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account and further manipulate devices managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All version of PAN-OS 8.0;
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Palo Alto PAN-OS Panorama context switch transmits administrator session cookies in cleartext, enabling account takeover via network interception.
Vulnerability
A cleartext transmission of sensitive information vulnerability exists in Palo Alto Networks PAN-OS Panorama. When an authenticated PAN-OS administrator issues a context switch request into a managed firewall using an affected Panorama version, the administrator's PAN-OS session cookie is transmitted over cleartext to the firewall [1]. This issue affects PAN-OS 7.1 versions earlier than 7.1.26, PAN-OS 8.1 versions earlier than 8.1.13, PAN-OS 9.0 versions earlier than 9.0.6, PAN-OS 9.1 versions earlier than 9.1.1, and all versions of PAN-OS 8.0 [1].
Exploitation
An attacker with the ability to intercept network traffic between the Panorama management interface and the managed firewall can capture the cleartext session cookie [1]. The attack requires the administrator to initiate a context switch request, and the attacker must be positioned to eavesdrop on that specific network communication [1]. The CVSS vector indicates user interaction is required (administrator performs the context switch), the attack complexity is high (requires specific network positioning and timing), and no privileges are needed to begin the attack [1].
Impact
Successful exploitation allows the attacker to use the captured administrator session cookie to access the administrator's account [1]. With that access, the attacker can further manipulate devices managed by Panorama, potentially compromising the entire managed firewall network. The CVSSv3.1 base score is 8.3 (High) with impacts to confidentiality, integrity, and availability all rated as High, and the scope is Changed (the attack can impact resources beyond the original vulnerable component) [1].
Mitigation
Palo Alto Networks has fixed this issue in PAN-OS 7.1.26, 8.1.13, 9.0.6, 9.1.1, and all later PAN-OS versions [1]. PAN-OS 8.0 is end-of-life as of October 31, 2019, and is no longer covered by product security assurance policies [1]. A workaround mitigation is to shorten the administrator session idle timeout to reduce the window in which an exposed session cookie remains valid [1]. Additionally, following best practices for securing the PAN-OS management interface (e.g., restricting network access to trusted IPs) is strongly recommended [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <7.1.26 || >=8.0.0 <8.1.13 || >=9.0.0 <9.0.6 || >=9.1.0 <9.1.1
- Range: 8.0.*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- security.paloaltonetworks.com/CVE-2020-2013mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.