Unrated severityNVD Advisory· Published Jul 8, 2020· Updated Sep 16, 2024
PAN-OS: OS command injection vulnerability in GlobalProtect portal
CVE-2020-2034
Description
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtect portal feature is not enabled. This issue impacts PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; all versions of PAN-OS 8.0 and PAN-OS 7.1. Prisma Access services are not impacted by this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2PAN-OS 9.1 <9.1.3, 8.1 <8.1.15, 9.0 <9.0.9, all 8.0 and 7.1+ 1 more
- (no CPE)range: PAN-OS 9.1 <9.1.3, 8.1 <8.1.15, 9.0 <9.0.9, all 8.0 and 7.1
- (no CPE)range: 8.0.*
Patches
Vulnerability mechanics
References
1- security.paloaltonetworks.com/CVE-2020-2034mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.