github - ghsa-x3hm-crq5-m74w

ghsa-x3hm-crq5-m74w

Vulnerability from github

Published

2022-05-24 17:10

Modified

2022-05-24 17:10

Details

A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a local authenticated user to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS 8.1.13 and all later PAN-OS 8.1 versions.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-1979"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-03-11T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a local authenticated user to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS 8.1.13 and all later PAN-OS 8.1 versions.",
  "id": "GHSA-x3hm-crq5-m74w",
  "modified": "2022-05-24T17:10:47Z",
  "published": "2022-05-24T17:10:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1979"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2020-1979"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2020-1979 (GCVE-0-2020-1979)

Vulnerability from cvelistv5

Published

2020-03-11 18:58

Modified

2024-09-17 00:10

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-134 - Use of Externally-Controlled Format String

Summary

A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.

References

URL

Tags

https://security.paloaltonetworks.com/CVE-2020-1979

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Palo Alto Networks	PAN-OS	Version: 8.1 < 8.1.13 Patch: 9.0.0 < 9.0* Patch: 7.1.0 < 7.1* Patch: 9.1.0 < 9.1*

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:54:00.395Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2020-1979"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "8.1.13",
                  "status": "unaffected"
                }
              ],
              "lessThan": "8.1.13",
              "status": "affected",
              "version": "8.1",
              "versionType": "custom"
            },
            {
              "lessThan": "9.0*",
              "status": "unaffected",
              "version": "9.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.1*",
              "status": "unaffected",
              "version": "7.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.1*",
              "status": "unaffected",
              "version": "9.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "N/A"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Nicholas Newsom of Palo Alto Networks during an internal security review."
        }
      ],
      "datePublic": "2020-03-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "CWE-134 Use of Externally-Controlled Format String",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-05-13T19:07:13",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2020-1979"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in PAN-OS 8.1.13 and all later PAN-OS 8.1 versions."
        }
      ],
      "source": {
        "defect": [
          "PAN-97584"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2020-03-11T00:00:00",
          "value": "Initial publication"
        },
        {
          "lang": "en",
          "time": "2020-05-12T00:00:00",
          "value": "Updated attack vector, description and acknowledgement."
        }
      ],
      "title": "PAN-OS: A format string vulnerability in PAN-OS log daemon (logd) on Panorama allows local privilege escalation",
      "workarounds": [
        {
          "lang": "en",
          "value": "This issue affects the management interface of Panorama and is mitigated by following best practices for securing the Panorama management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/best-practices-for-securing-administrative-access."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2020-03-11T16:00:00.000Z",
          "ID": "CVE-2020-1979",
          "STATE": "PUBLIC",
          "TITLE": "PAN-OS: A format string vulnerability in PAN-OS log daemon (logd) on Panorama allows local privilege escalation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PAN-OS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "8.1",
                            "version_value": "8.1.13"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "8.1",
                            "version_value": "8.1.13"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "9.0",
                            "version_value": "9.0.0"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "7.1",
                            "version_value": "7.1.0"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "9.1",
                            "version_value": "9.1.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "N/A"
          }
        ],
        "credit": [
          {
            "lang": "eng",
            "value": "This issue was discovered by Nicholas Newsom of Palo Alto Networks during an internal security review."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-134 Use of Externally-Controlled Format String"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2020-1979",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2020-1979"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in PAN-OS 8.1.13 and all later PAN-OS 8.1 versions."
          }
        ],
        "source": {
          "defect": [
            "PAN-97584"
          ],
          "discovery": "USER"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2020-03-11T00:00:00",
            "value": "Initial publication"
          },
          {
            "lang": "en",
            "time": "2020-05-12T00:00:00",
            "value": "Updated attack vector, description and acknowledgement."
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "This issue affects the management interface of Panorama and is mitigated by following best practices for securing the Panorama management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/best-practices-for-securing-administrative-access."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2020-1979",
    "datePublished": "2020-03-11T18:58:21.177187Z",
    "dateReserved": "2019-12-04T00:00:00",
    "dateUpdated": "2024-09-17T00:10:53.810Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.