Recently Palo Alto Network addressed a critical vulnerability, tracked as CVE-2020-2021, affecting the PAN-OS operating system that powers its next-generation firewall. The flaw could allow unauthenticated network-based attackers to bypass authentication, it has been rated as critical severity and received a CVSS 3.x base score of 10.
Now the security firm addressed an OS command injection vulnerability tracked as CVE-2020-2034 that could allow unauthenticated remote attackers to execute arbitrary OS commands with root privileges on vulnerable devices.
The CVE-2020-2034 flaw can be exploited by attackers with network access to vulnerable servers, it has been rated as high severity and received a CVSS 3.x base score of 8.1.
Experts pointed out that the flaw doesn’t require user interaction to be exploited.
“An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network-based attacker to execute arbitrary OS commands with root privileges.” reads the advisory published by Palo Alto Networks. “An attacker would require some level of specific information about the configuration of an impacted firewall or perform brute-force attacks to exploit this issue. This issue cannot be exploited if the GlobalProtect portal feature is not enabled.”
At the time it is not clear what information of the firewall are needed to the attackers to exploit the flaw.
The vulnerability can not be exploited only if GlobalProtect portal feature is enabled, Prisma Access services are not impacted by this vulnerability.
This vulnerability affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; all versions of PAN-OS 8.0 and PAN-OS 7.1.
The vulnerability was discovered by Yamata Li of Palo Alto Networks Threat Research Team as part of an internal security review.
Palo Alto Networks is not aware of attacks in the wild attempting to exploit this vulnerability.
(SecurityAffairs – hacking, PAN-OS)