CVE-2020-1992 - OpenCVE

A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.2 on PA-7000 Series devices with an LFC installed and configured. This issue requires WildFire services to be configured and enabled. This issue does not affect PAN-OS 8.1 and earlier releases. This issue does not affect any other PA Series firewalls.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Paloaltonetworks	Pa-7080 Pa-7050 Pan-os

Configuration 1 [-]

AND

OR	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::

OR	cpe:2.3:h:paloaltonetworks:pa-7050:-:::::::*
	cpe:2.3:h:paloaltonetworks:pa-7080:-:::::::*

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2020-1992	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: palo_alto

Published: 2020-04-08T00:00:00

Updated: 2020-04-08T18:41:58

Reserved: 2019-12-04T00:00:00

Link: CVE-2020-1992

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-04-08T19:15:14.213

Modified: 2020-04-10T13:16:09.687

Link: CVE-2020-1992

JSON object: View

Redhat Information

No data.

CWE

CWE-134

{"containers": {"cna": {"affected": [{"platforms": ["PA-7000 series with LFC"], "product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "9.0.7", "status": "unaffected"}], "lessThan": "9.0.7", "status": "affected", "version": "9.0", "versionType": "custom"}, {"changes": [{"at": "9.1.2", "status": "unaffected"}], "lessThan": "9.1.2", "status": "affected", "version": "9.1", "versionType": "custom"}]}, {"product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [{"status": "unaffected", "version": "8.1.*"}, {"status": "unaffected", "version": "8.0.*"}, {"status": "unaffected", "version": "7.1.*"}]}], "configurations": [{"lang": "en", "value": "This issue requires WildFire services to be configured and enabled."}], "credits": [{"lang": "en", "value": "This issue was found by a customer."}], "datePublic": "2020-04-08T00:00:00", "descriptions": [{"lang": "en", "value": "A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.2 on PA-7000 Series devices with an LFC installed and configured. This issue requires WildFire services to be configured and enabled. This issue does not affect PAN-OS 8.1 and earlier releases. This issue does not affect any other PA Series firewalls."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-134", "description": "CWE-134 Use of Externally-Controlled Format String", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-04-08T18:41:58", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2020-1992"}], "solutions": [{"lang": "en", "value": "This issue is fixed in PAN-OS 9.0.7, PAN-OS 9.1.2 and all later versions."}], "source": {"defect": ["PAN-135103"], "discovery": "USER"}, "timeline": [{"lang": "en", "time": "2020-04-08T00:00:00", "value": "Initial publication"}], "title": "PAN-OS on PA-7000 Series: Varrcvr daemon network-based denial of service or privilege escalation", "workarounds": [{"lang": "en", "value": "There are no viable workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2020-04-08T16:00:00.000Z", "ID": "CVE-2020-1992", "STATE": "PUBLIC", "TITLE": "PAN-OS on PA-7000 Series: Varrcvr daemon network-based denial of service or privilege escalation"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PAN-OS", "version": {"version_data": [{"platform": "PA-7000 series with LFC", "version_affected": "<", "version_name": "9.0", "version_value": "9.0.7"}, {"platform": "PA-7000 series with LFC", "version_affected": "<", "version_name": "9.1", "version_value": "9.1.2"}, {"platform": "PA-7000 series with LFC", "version_affected": "!>=", "version_name": "9.0", "version_value": "9.0.7"}, {"platform": "PA-7000 series with LFC", "version_affected": "!>=", "version_name": "9.1", "version_value": "9.1.2"}, {"version_affected": "!", "version_name": "8.1", "version_value": "8.1.*"}, {"version_affected": "!", "version_name": "8.0", "version_value": "8.0.*"}, {"version_affected": "!", "version_name": "7.1", "version_value": "7.1.*"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "configuration": [{"lang": "en", "value": "This issue requires WildFire services to be configured and enabled."}], "credit": [{"lang": "eng", "value": "This issue was found by a customer."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.2 on PA-7000 Series devices with an LFC installed and configured. This issue requires WildFire services to be configured and enabled. This issue does not affect PAN-OS 8.1 and earlier releases. This issue does not affect any other PA Series firewalls."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-134 Use of Externally-Controlled Format String"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2020-1992", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2020-1992"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in PAN-OS 9.0.7, PAN-OS 9.1.2 and all later versions."}], "source": {"defect": ["PAN-135103"], "discovery": "USER"}, "timeline": [{"lang": "en", "time": "2020-04-08T00:00:00", "value": "Initial publication"}], "work_around": [{"lang": "en", "value": "There are no viable workarounds for this issue."}]}}}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2020-1992", "datePublished": "2020-04-08T00:00:00", "dateReserved": "2019-12-04T00:00:00", "dateUpdated": "2020-04-08T18:41:58", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "215D027B-4831-4BB9-8CEF-D5657D27EE9C", "versionEndExcluding": "9.0.7", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "393C1028-D9B7-4CB3-96F7-5675D79525CD", "versionEndExcluding": "9.1.2", "versionStartIncluding": "9.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:paloaltonetworks:pa-7050:-:*:*:*:*:*:*:*", "matchCriteriaId": "1536A4E4-D769-45C8-B85C-4A1A4F4AAEC0", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-7080:-:*:*:*:*:*:*:*", "matchCriteriaId": "01AEF722-2554-4B30-8821-84B20F3BA8CC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.2 on PA-7000 Series devices with an LFC installed and configured. This issue requires WildFire services to be configured and enabled. This issue does not affect PAN-OS 8.1 and earlier releases. This issue does not affect any other PA Series firewalls."}, {"lang": "es", "value": "Una vulnerabilidad de cadena de formato en el demonio Varrcvr de PAN-OS en dispositivos PA-7000 Series con Log Forwarding Card (LFC), permite a atacantes remotos bloquear el demonio creando una condici\u00f3n de denegaci\u00f3n de servicio o potencialmente ejecutar c\u00f3digo con privilegios root. Este problema afecta a Palo Alto Networks PAN-OS versiones 9.0 anteriores a 9.0.7; versiones PAN-OS 9.1 anteriores a 9.1.2 en dispositivos PA-7000 Series con un LFC instalado y configurado. Este problema requiere que los servicios WildFire est\u00e9n configurados y habilitados. Este problema no afecta a PAN-OS versiones 8.1 y anteriores. Este problema no afecta a ning\u00fan otro firewall de PA Series."}], "id": "CVE-2020-1992", "lastModified": "2020-04-10T13:16:09.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2020-04-08T19:15:14.213", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2020-1992"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-134"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}