Vulnerabilities > CVE-2020-1997 - Open Redirect vulnerability in Paloaltonetworks Pan-Os

047910
CVSS 6.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
paloaltonetworks
CWE-601
nessus
NVD
Published: 2020-05-13
Updated: 2020-05-18

Summary

An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14.

Vulnerable Configurations

Part Description Count
OS
Paloaltonetworks
53

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Fake the Source of Data
    An adversary provides data under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or it might be an attempt by the adversary to assume the rights granted to another identity. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.

Nessus

NASL familyPalo Alto Local Security Checks
NASL idPALO_ALTO_CVE-2020-1997.NASL
descriptionThe version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 7.1.26 or 8.0.x prior to 8.0.14. It is, therefore, affected by an open redirection vulnerability. - An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14. (CVE-2020-1997) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen2020-05-23
modified2020-05-22
plugin id136818
published2020-05-22
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/136818
titlePalo Alto Networks PAN-OS 7.1.x < 7.1.26 / 8.0.x < 8.0.14 Open Redirection
code
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(136818);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/03");

  script_cve_id("CVE-2020-1997");
  script_xref(name:"IAVA", value:"2020-A-0222-S");

  script_name(english:"Palo Alto Networks PAN-OS 7.1.x < 7.1.26 / 8.0.x < 8.0.14 Open Redirection");

  script_set_attribute(attribute:"synopsis", value:
"The remote PAN-OS host is affected by an open redirection vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 7.1.26 or 8.0.x prior to 8.0.14.
It is, therefore, affected by an open redirection vulnerability.

  - An open redirection vulnerability in the GlobalProtect
    component of Palo Alto Networks PAN-OS allows an
    attacker to specify an arbitrary redirection target away
    from the trusted GlobalProtect gateway. If the user then
    successfully authenticates it will cause them to access
    an unexpected and potentially malicious website. This
    issue affects: PAN-OS 7.1 versions earlier than 7.1.26;
    PAN-OS 8.0 versions earlier than 8.0.14. (CVE-2020-1997)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security.paloaltonetworks.com/CVE-2020-1997");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/601.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to PAN-OS 7.1.26 / 8.0.14 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1997");
  script_cwe_id(601);

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/05/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/22");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:paloaltonetworks:pan-os");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Palo Alto Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("palo_alto_version.nbin");
  script_require_keys("Host/Palo_Alto/Firewall/Version", "Host/Palo_Alto/Firewall/Full_Version", "Host/Palo_Alto/Firewall/Source");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

vcf::palo_alto::initialize();

app_name = 'Palo Alto Networks PAN-OS';

app_info = vcf::get_app_info(app:app_name, kb_ver:'Host/Palo_Alto/Firewall/Full_Version', kb_source:'Host/Palo_Alto/Firewall/Source');

constraints = [
  { 'min_version' : '7.1.0', 'fixed_version' : '7.1.26' },
  { 'min_version' : '8.0.0', 'fixed_version' : '8.0.14' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

References