Vulnerabilities > CVE-2020-1981 - Exposure of Resource to Wrong Sphere vulnerability in Paloaltonetworks Pan-Os

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

paloaltonetworks

CWE-668

nessus

NVD

Published: 2020-03-11

Updated: 2020-03-13

Summary

A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.

Vulnerable Configurations

Part	Description	Count
OS	Paloaltonetworks Paloaltonetworks PAN OS 8.1.0 Paloaltonetworks PAN OS 8.1.1 Paloaltonetworks PAN OS 8.1.2 Paloaltonetworks PAN OS 8.1.3 Paloaltonetworks PAN OS 8.1.4 Paloaltonetworks PAN OS 8.1.5 Paloaltonetworks PAN OS 8.1.6 Paloaltonetworks PAN OS 8.1.7 Paloaltonetworks PAN OS 8.1.8 Paloaltonetworks PAN OS 8.1.9 Paloaltonetworks PAN OS 8.1.11 Paloaltonetworks PAN OS 8.1.12	16

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

Nessus

NASL family	Palo Alto Local Security Checks
NASL id	PALO_ALTO_CVE-2020-1981.NASL
description	The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.13. It is, therefore, affected by a vulnerability. - A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only PAN-OS 8.1 versions earlier than PAN- OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. (CVE-2020-1981) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-05-23
modified	2020-03-19
plugin id	134710
published	2020-03-19
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134710
title	Palo Alto Networks PAN-OS 8.1.x < 8.1.13 Vulnerability
code	# # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(134710); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/22"); script_cve_id("CVE-2020-1981"); script_xref(name:"IAVA", value:"2020-A-0105-S"); script_name(english:"Palo Alto Networks PAN-OS 8.1.x < 8.1.13 Vulnerability"); script_set_attribute(attribute:"synopsis", value: "The remote PAN-OS host is affected by vulnerability"); script_set_attribute(attribute:"description", value: "The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.13. It is, therefore, affected by a vulnerability. - A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only PAN-OS 8.1 versions earlier than PAN- OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. (CVE-2020-1981) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://security.paloaltonetworks.com/CVE-2020-1981"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/377.html"); script_set_attribute(attribute:"solution", value: "Upgrade to PAN-OS 8.1.13 or later"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1981"); script_cwe_id(377); script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/11"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/19"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:paloaltonetworks:pan-os"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Palo Alto Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("palo_alto_version.nbin"); script_require_keys("Host/Palo_Alto/Firewall/Version", "Host/Palo_Alto/Firewall/Full_Version", "Host/Palo_Alto/Firewall/Source"); exit(0); } include('vcf.inc'); include('vcf_extras.inc'); vcf::palo_alto::initialize(); app_name = 'Palo Alto Networks PAN-OS'; app_info = vcf::get_app_info(app:app_name, kb_ver:'Host/Palo_Alto/Firewall/Full_Version', kb_source:'Host/Palo_Alto/Firewall/Source'); constraints = [ { 'min_version' : '8.1.0', 'fixed_version' : '8.1.13' } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

References

https://security.paloaltonetworks.com/CVE-2020-1981