CVE-2020-1979 - OpenCVE

A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Paloaltonetworks	Pan-os

Configuration 1 [-]

cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security.paloaltonetworks.com/CVE-2020-1979

History

No history.

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2020-03-11T18:58:21.177187Z

Updated: 2024-09-17T00:10:53.810Z

Reserved: 2019-12-04T00:00:00

Link: CVE-2020-1979

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-03-11T19:15:13.327

Modified: 2020-05-13T20:15:14.057

Link: CVE-2020-1979

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "8.1.13", "status": "unaffected"}], "lessThan": "8.1.13", "status": "affected", "version": "8.1", "versionType": "custom"}, {"lessThan": "9.0*", "status": "unaffected", "version": "9.0.0", "versionType": "custom"}, {"lessThan": "7.1*", "status": "unaffected", "version": "7.1.0", "versionType": "custom"}, {"lessThan": "9.1*", "status": "unaffected", "version": "9.1.0", "versionType": "custom"}]}], "configurations": [{"lang": "en", "value": "N/A"}], "credits": [{"lang": "en", "value": "This issue was discovered by Nicholas Newsom of Palo Alto Networks during an internal security review."}], "datePublic": "2020-03-11T00:00:00", "descriptions": [{"lang": "en", "value": "A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-134", "description": "CWE-134 Use of Externally-Controlled Format String", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-05-13T19:07:13", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2020-1979"}], "solutions": [{"lang": "en", "value": "This issue is fixed in PAN-OS 8.1.13 and all later PAN-OS 8.1 versions."}], "source": {"defect": ["PAN-97584"], "discovery": "USER"}, "timeline": [{"lang": "en", "time": "2020-03-11T00:00:00", "value": "Initial publication"}, {"lang": "en", "time": "2020-05-12T00:00:00", "value": "Updated attack vector, description and acknowledgement."}], "title": "PAN-OS: A format string vulnerability in PAN-OS log daemon (logd) on Panorama allows local privilege escalation", "workarounds": [{"lang": "en", "value": "This issue affects the management interface of Panorama and is mitigated by following best practices for securing the Panorama management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/best-practices-for-securing-administrative-access."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2020-03-11T16:00:00.000Z", "ID": "CVE-2020-1979", "STATE": "PUBLIC", "TITLE": "PAN-OS: A format string vulnerability in PAN-OS log daemon (logd) on Panorama allows local privilege escalation"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PAN-OS", "version": {"version_data": [{"version_affected": "<", "version_name": "8.1", "version_value": "8.1.13"}, {"version_affected": "!>=", "version_name": "8.1", "version_value": "8.1.13"}, {"version_affected": "!>=", "version_name": "9.0", "version_value": "9.0.0"}, {"version_affected": "!>=", "version_name": "7.1", "version_value": "7.1.0"}, {"version_affected": "!>=", "version_name": "9.1", "version_value": "9.1.0"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "configuration": [{"lang": "en", "value": "N/A"}], "credit": [{"lang": "eng", "value": "This issue was discovered by Nicholas Newsom of Palo Alto Networks during an internal security review."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-134 Use of Externally-Controlled Format String"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2020-1979", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2020-1979"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in PAN-OS 8.1.13 and all later PAN-OS 8.1 versions."}], "source": {"defect": ["PAN-97584"], "discovery": "USER"}, "timeline": [{"lang": "en", "time": "2020-03-11T00:00:00", "value": "Initial publication"}, {"lang": "en", "time": "2020-05-12T00:00:00", "value": "Updated attack vector, description and acknowledgement."}], "work_around": [{"lang": "en", "value": "This issue affects the management interface of Panorama and is mitigated by following best practices for securing the Panorama management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/best-practices-for-securing-administrative-access."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:54:00.395Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2020-1979"}]}]}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2020-1979", "datePublished": "2020-03-11T18:58:21.177187Z", "dateReserved": "2019-12-04T00:00:00", "dateUpdated": "2024-09-17T00:10:53.810Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EFCB6EB-7933-4F9F-90E7-C2D185AC9966", "versionEndExcluding": "8.1.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions."}, {"lang": "es", "value": "Una vulnerabilidad de la cadena de formato en el demonio de registro (logd) de PAN-OS en Panorama permite a un atacante basado en la red con conocimiento de los dispositivos de cortafuegos registrados y acceso a las interfaces de gesti\u00f3n de Panorama ejecutar un c\u00f3digo arbitrario, omitiendo el shell restringido y escalando privilegios. Este problema afecta s\u00f3lo a las versiones de PAN-OS 8.1 anteriores a PAN-OS 8.1.13 en Panorama. Este problema no afecta a las versiones de PAN-OS 7.1, PAN-OS 9.0 o posteriores."}], "id": "CVE-2020-1979", "lastModified": "2020-05-13T20:15:14.057", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2020-03-11T19:15:13.327", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2020-1979"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-134"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}