VYPR

PAN-OS

by PAN OS

CVEs (3)

  • CVE-2020-1981HigMar 11, 2020
    risk 0.46cvss 7.0epss 0.00

    A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This…

  • CVE-2020-1998MedMay 13, 2020
    risk 0.35cvss 5.4epss 0.01

    An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and…

  • CVE-2020-1993LowMay 13, 2020
    risk 0.24cvss 3.7epss 0.00

    The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID. This issue affects: All PAN-OS 7.1 and 8.0 versions; PAN-OS 8.1 versions…