CVE-2020-1979 - OpenCVE

A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Paloaltonetworks	Pan-os

Configuration 1 [-]

cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2020-1979	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: palo_alto

Published: 2020-03-11T00:00:00

Updated: 2020-05-13T19:07:13

Reserved: 2019-12-04T00:00:00

Link: CVE-2020-1979

JSON object: View

NVD Information

Status : Modified

Published: 2020-03-11T19:15:13.327

Modified: 2020-05-13T20:15:14.057

Link: CVE-2020-1979

JSON object: View

Redhat Information

No data.

CWE

CWE-134

{"containers": {"cna": {"affected": [{"product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "8.1.13", "status": "unaffected"}], "lessThan": "8.1.13", "status": "affected", "version": "8.1", "versionType": "custom"}, {"lessThan": "9.0*", "status": "unaffected", "version": "9.0.0", "versionType": "custom"}, {"lessThan": "7.1*", "status": "unaffected", "version": "7.1.0", "versionType": "custom"}, {"lessThan": "9.1*", "status": "unaffected", "version": "9.1.0", "versionType": "custom"}]}], "configurations": [{"lang": "en", "value": "N/A"}], "credits": [{"lang": "en", "value": "This issue was discovered by Nicholas Newsom of Palo Alto Networks during an internal security review."}], "datePublic": "2020-03-11T00:00:00", "descriptions": [{"lang": "en", "value": "A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-134", "description": "CWE-134 Use of Externally-Controlled Format String", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-05-13T19:07:13", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2020-1979"}], "solutions": [{"lang": "en", "value": "This issue is fixed in PAN-OS 8.1.13 and all later PAN-OS 8.1 versions."}], "source": {"defect": ["PAN-97584"], "discovery": "USER"}, "timeline": [{"lang": "en", "time": "2020-03-11T00:00:00", "value": "Initial publication"}, {"lang": "en", "time": "2020-05-12T00:00:00", "value": "Updated attack vector, description and acknowledgement."}], "title": "PAN-OS: A format string vulnerability in PAN-OS log daemon (logd) on Panorama allows local privilege escalation", "workarounds": [{"lang": "en", "value": "This issue affects the management interface of Panorama and is mitigated by following best practices for securing the Panorama management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/best-practices-for-securing-administrative-access."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2020-03-11T16:00:00.000Z", "ID": "CVE-2020-1979", "STATE": "PUBLIC", "TITLE": "PAN-OS: A format string vulnerability in PAN-OS log daemon (logd) on Panorama allows local privilege escalation"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PAN-OS", "version": {"version_data": [{"version_affected": "<", "version_name": "8.1", "version_value": "8.1.13"}, {"version_affected": "!>=", "version_name": "8.1", "version_value": "8.1.13"}, {"version_affected": "!>=", "version_name": "9.0", "version_value": "9.0.0"}, {"version_affected": "!>=", "version_name": "7.1", "version_value": "7.1.0"}, {"version_affected": "!>=", "version_name": "9.1", "version_value": "9.1.0"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "configuration": [{"lang": "en", "value": "N/A"}], "credit": [{"lang": "eng", "value": "This issue was discovered by Nicholas Newsom of Palo Alto Networks during an internal security review."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-134 Use of Externally-Controlled Format String"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2020-1979", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2020-1979"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in PAN-OS 8.1.13 and all later PAN-OS 8.1 versions."}], "source": {"defect": ["PAN-97584"], "discovery": "USER"}, "timeline": [{"lang": "en", "time": "2020-03-11T00:00:00", "value": "Initial publication"}, {"lang": "en", "time": "2020-05-12T00:00:00", "value": "Updated attack vector, description and acknowledgement."}], "work_around": [{"lang": "en", "value": "This issue affects the management interface of Panorama and is mitigated by following best practices for securing the Panorama management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/best-practices-for-securing-administrative-access."}]}}}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2020-1979", "datePublished": "2020-03-11T00:00:00", "dateReserved": "2019-12-04T00:00:00", "dateUpdated": "2020-05-13T19:07:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EFCB6EB-7933-4F9F-90E7-C2D185AC9966", "versionEndExcluding": "8.1.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions."}, {"lang": "es", "value": "Una vulnerabilidad de la cadena de formato en el demonio de registro (logd) de PAN-OS en Panorama permite a un atacante basado en la red con conocimiento de los dispositivos de cortafuegos registrados y acceso a las interfaces de gesti\u00f3n de Panorama ejecutar un c\u00f3digo arbitrario, omitiendo el shell restringido y escalando privilegios. Este problema afecta s\u00f3lo a las versiones de PAN-OS 8.1 anteriores a PAN-OS 8.1.13 en Panorama. Este problema no afecta a las versiones de PAN-OS 7.1, PAN-OS 9.0 o posteriores."}], "id": "CVE-2020-1979", "lastModified": "2020-05-13T20:15:14.057", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2020-03-11T19:15:13.327", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2020-1979"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-134"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}