Security News > 2020 > September > Palo Alto Networks Patches Serious DoS, Code Execution Flaws in PAN-OS
Palo Alto Networks this week announced that it has patched critical and high-severity denial-of-service and arbitrary code execution vulnerabilities in its PAN-OS firewall software.
Another potentially serious vulnerability, classified as high severity and tracked as CVE-2020-2041, allows a remote, unauthenticated attacker to get all PAN-OS services to enter a DoS condition by causing the device to restart and enter maintenance mode.
The aforementioned vulnerabilities were discovered internally by Palo Alto Networks.
"Attackers will be able to perform any actions on behalf of this user in the context of the Palo Alto application, spoof pages, and develop attacks," Positive Technologies explained.
Palo Alto Networks says it's not aware of any attacks exploiting these vulnerabilities.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-09 | CVE-2020-2041 | Unspecified vulnerability in Paloaltonetworks Pan-Os An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. | 7.8 |