Security News > 2020 > May > Palo Alto Networks Patches Many Vulnerabilities in PAN-OS
Palo Alto Networks this week informed customers that it has patched over two dozen vulnerabilities in PAN-OS, the software that runs on the company's next-generation firewalls.
Another potentially serious issue is CVE-2020-2012, a high-severity XXE vulnerability that allows a remote and unauthenticated attacker with access to the Panorama interface to read arbitrary files from the system.
Some old vulnerabilities affecting the previous Nginx version included in PAN-OS can also be exploited without authentication, including some that have been rated high severity.
The latest versions of PAN-OS also address high-severity vulnerabilities that can be exploited to escalate privileges, execute shell commands or code with root permissions, hijack administrator accounts, launch XSS attacks, bypass authentication, and delete files.
"This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log file," Palo Alto Networks said in its advisory.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-13 | CVE-2020-2012 | XXE vulnerability in Paloaltonetworks Pan-Os Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. | 7.5 |