Severity Rating: HIGH
Software Affected
PAN-OS 9.0 versions prior to 9.0.7
PAN-OS 8.1 versions prior to 8.1.13
All versions of PAN-OS 7.1 and PAN-OS 8.0
GlobalProtect app 5.1 versions prior to 5.1.4
GlobalProtect app 5.0 versions prior to 5.0.10
Overview
Multiple vulnerabilities have been reported in Palo Alto Networks products
which could allow an attacker to execute arbitrary code, gain elevated
privileges or gain unauthorized access on a targeted system.
Description
1. Arbitrary code execution vulnerability ( CVE-2020-2027 )
This vulnerability exists in authd component of the PAN-OS management
server due to a buffer overflow error.
Successful exploitation of this vulnerability could allow an authenticated
remote attacker with administrator privileges to disrupt system processes
and execute arbitrary code on the targeted system.
2. OScommand injection vulnerability ( CVE-2020-2028 )
This vulnerability exists in PAN-OS management server. An authenticated
remote attacker with administrator privileges could exploit this
vulnerability while uploading a new certificate in FIPS-CC mode on an
affected system.
Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary OS commands with root privileges on the targeted system.
3. OScommand injection vulnerability ( CVE-2020-2029 )
This vulnerability exists in PAN-OS web management interface. An
authenticated remote attacker with administrator privileges could exploit
this vulnerability by sending a malicious request to generate new
certificates for use in the PAN-OS configuration on an affected system.
Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary OS commands with root privileges on the targeted system.
4. Privilege escalation vulnerability ( CVE-2020-2032 )
This vulnerability exists in GlobalProtect app on Windows due to a race
condition. A local attacker could exploit this vulnerability while
performing a GlobalProtect app upgrade on an affected system.
Successful exploitation of this vulnerability could allow the attacker to
gain elevated privileges on the targeted system.
5. Unauthorized access vulnerability ( CVE-2020-2033 )
This vulnerability exists in GlobalProtect app when the pre-logon feature
is enabled, due to a missing certificate validation. A man-in-the-middle
attacker on the same LAN segment as the affected system could exploit this
vulnerability by manipulating ARP or conducting ARP spoofing attacks to
access the pre-logon authentication cookie.
Successful exploitation of this vulnerability could allow the attacker to
access the GlobalProtect Server as allowed by configured security rules for
the "pre-login" user.
Solution
Apply appropriate updates as mentioned by the vendor:
https://security.paloaltonetworks.com/CVE-2020-2028
https://security.paloaltonetworks.com/CVE-2020-2027
https://security.paloaltonetworks.com/CVE-2020-2029
https://security.paloaltonetworks.com/CVE-2020-2032
https://security.paloaltonetworks.com/CVE-2020-2033
Vendor Information
Palo Alto Networks
https://security.paloaltonetworks.com/CVE-2020-2027
https://security.paloaltonetworks.com/CVE-2020-2028
https://security.paloaltonetworks.com/CVE-2020-2029
https://security.paloaltonetworks.com/CVE-2020-2032
https://security.paloaltonetworks.com/CVE-2020-2033
References
CyberSecurityHelp
https://www.cybersecurity-help.cz/vdb/SB2020061107
https://www.cybersecurity-help.cz/vdb/SB2020061101
CVE Name
CVE-2020-2027
CVE-2020-2028
CVE-2020-2029
CVE-2020-2032
CVE-2020-2033
Software Affected
PAN-OS 9.0 versions prior to 9.0.7
PAN-OS 8.1 versions prior to 8.1.13
All versions of PAN-OS 7.1 and PAN-OS 8.0
GlobalProtect app 5.1 versions prior to 5.1.4
GlobalProtect app 5.0 versions prior to 5.0.10
Overview
Multiple vulnerabilities have been reported in Palo Alto Networks products
which could allow an attacker to execute arbitrary code, gain elevated
privileges or gain unauthorized access on a targeted system.
Description
1. Arbitrary code execution vulnerability ( CVE-2020-2027 )
This vulnerability exists in authd component of the PAN-OS management
server due to a buffer overflow error.
Successful exploitation of this vulnerability could allow an authenticated
remote attacker with administrator privileges to disrupt system processes
and execute arbitrary code on the targeted system.
2. OScommand injection vulnerability ( CVE-2020-2028 )
This vulnerability exists in PAN-OS management server. An authenticated
remote attacker with administrator privileges could exploit this
vulnerability while uploading a new certificate in FIPS-CC mode on an
affected system.
Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary OS commands with root privileges on the targeted system.
3. OScommand injection vulnerability ( CVE-2020-2029 )
This vulnerability exists in PAN-OS web management interface. An
authenticated remote attacker with administrator privileges could exploit
this vulnerability by sending a malicious request to generate new
certificates for use in the PAN-OS configuration on an affected system.
Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary OS commands with root privileges on the targeted system.
4. Privilege escalation vulnerability ( CVE-2020-2032 )
This vulnerability exists in GlobalProtect app on Windows due to a race
condition. A local attacker could exploit this vulnerability while
performing a GlobalProtect app upgrade on an affected system.
Successful exploitation of this vulnerability could allow the attacker to
gain elevated privileges on the targeted system.
5. Unauthorized access vulnerability ( CVE-2020-2033 )
This vulnerability exists in GlobalProtect app when the pre-logon feature
is enabled, due to a missing certificate validation. A man-in-the-middle
attacker on the same LAN segment as the affected system could exploit this
vulnerability by manipulating ARP or conducting ARP spoofing attacks to
access the pre-logon authentication cookie.
Successful exploitation of this vulnerability could allow the attacker to
access the GlobalProtect Server as allowed by configured security rules for
the "pre-login" user.
Solution
Apply appropriate updates as mentioned by the vendor:
https://security.paloaltonetworks.com/CVE-2020-2028
https://security.paloaltonetworks.com/CVE-2020-2027
https://security.paloaltonetworks.com/CVE-2020-2029
https://security.paloaltonetworks.com/CVE-2020-2032
https://security.paloaltonetworks.com/CVE-2020-2033
Vendor Information
Palo Alto Networks
https://security.paloaltonetworks.com/CVE-2020-2027
https://security.paloaltonetworks.com/CVE-2020-2028
https://security.paloaltonetworks.com/CVE-2020-2029
https://security.paloaltonetworks.com/CVE-2020-2032
https://security.paloaltonetworks.com/CVE-2020-2033
References
CyberSecurityHelp
https://www.cybersecurity-help.cz/vdb/SB2020061107
https://www.cybersecurity-help.cz/vdb/SB2020061101
CVE Name
CVE-2020-2027
CVE-2020-2028
CVE-2020-2029
CVE-2020-2032
CVE-2020-2033
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.