CVE-2020-2002 - OpenCVE

An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All version of PAN-OS 8.0.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Paloaltonetworks	Pan-os

Configuration 1 [-]

OR	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2020-2002	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: palo_alto

Published: 2020-05-13T00:00:00

Updated: 2020-05-14T15:40:56

Reserved: 2019-12-04T00:00:00

Link: CVE-2020-2002

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-05-13T19:15:12.987

Modified: 2020-05-19T16:02:21.327

Link: CVE-2020-2002

JSON object: View

Redhat Information

No data.

CWE

CWE-290

{"containers": {"cna": {"affected": [{"product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [{"status": "affected", "version": "8.0.*"}, {"changes": [{"at": "8.1.13", "status": "unaffected"}], "lessThan": "8.1.13", "status": "affected", "version": "8.1", "versionType": "custom"}, {"changes": [{"at": "9.0.6", "status": "unaffected"}], "lessThan": "9.0.6", "status": "affected", "version": "9.0", "versionType": "custom"}, {"changes": [{"at": "7.1.26", "status": "unaffected"}], "lessThan": "7.1.26", "status": "affected", "version": "7.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Palo Alto Networks would like to thank Yoav Iellin, Yaron Kassner, and Rotem Zach from Silverfort for discovering and reporting this issue."}], "datePublic": "2020-05-13T00:00:00", "descriptions": [{"lang": "en", "value": "An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All version of PAN-OS 8.0."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-290", "description": "CWE-290 Authentication Bypass by Spoofing", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-05-14T15:40:56", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2020-2002"}], "solutions": [{"lang": "en", "value": "This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.6, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies."}], "source": {"defect": ["PAN-118957"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2020-05-13T00:00:00", "value": "Initial publication"}], "title": "PAN-OS: Spoofed Kerberos key distribution center authentication bypass", "workarounds": [{"lang": "en", "value": "Ensure that PAN-OS communicates to Kerberos server over a secured network with access restricted to trusted users.\n\nPlease review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2020-05-13T16:00:00.000Z", "ID": "CVE-2020-2002", "STATE": "PUBLIC", "TITLE": "PAN-OS: Spoofed Kerberos key distribution center authentication bypass"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PAN-OS", "version": {"version_data": [{"version_affected": "<", "version_name": "8.1", "version_value": "8.1.13"}, {"version_affected": "<", "version_name": "9.0", "version_value": "9.0.6"}, {"version_affected": "<", "version_name": "7.1", "version_value": "7.1.26"}, {"version_affected": "!>=", "version_name": "8.1", "version_value": "8.1.13"}, {"version_affected": "!>=", "version_name": "9.0", "version_value": "9.0.6"}, {"version_affected": "!>=", "version_name": "7.1", "version_value": "7.1.26"}, {"version_affected": "=", "version_name": "8.0", "version_value": "8.0.*"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "credit": [{"lang": "eng", "value": "Palo Alto Networks would like to thank Yoav Iellin, Yaron Kassner, and Rotem Zach from Silverfort for discovering and reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All version of PAN-OS 8.0."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-290 Authentication Bypass by Spoofing"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2020-2002", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2020-2002"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.6, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies."}], "source": {"defect": ["PAN-118957"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2020-05-13T00:00:00", "value": "Initial publication"}], "work_around": [{"lang": "en", "value": "Ensure that PAN-OS communicates to Kerberos server over a secured network with access restricted to trusted users.\n\nPlease review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com."}]}}}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2020-2002", "datePublished": "2020-05-13T00:00:00", "dateReserved": "2019-12-04T00:00:00", "dateUpdated": "2020-05-14T15:40:56", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7F96FF9-52CD-4906-A742-AA418D5015C0", "versionEndExcluding": "7.1.26", "versionStartIncluding": "7.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "2BEFBF38-AF84-4477-A6B9-5BDD51D54F4F", "versionEndIncluding": "8.0.20", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE88801C-4736-4FCF-90A4-4B4D72774502", "versionEndExcluding": "8.1.13", "versionStartIncluding": "8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6B860AF-A793-4ED4-8D35-1D69E2F16A3E", "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All version of PAN-OS 8.0."}, {"lang": "es", "value": "Existe una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n mediante suplantaci\u00f3n de identidad en el daemon de autenticaci\u00f3n y los componentes de ID de usuario de PAN-OS de Palo Alto Networks al no verificar la integridad del centro de distribuci\u00f3n de claves (KDC) Kerberos antes de autenticar a los usuarios. Esto afecta a todas las formas de autenticaci\u00f3n que usan un perfil de autenticaci\u00f3n Kerberos. Un atacante de tipo intermediario con la capacidad de interceptar la comunicaci\u00f3n entre PAN-OS y KDC puede iniciar sesi\u00f3n en PAN-OS como administrador. Este problema afecta: PAN-OS 7.1 versiones anteriores a la versi\u00f3n 7.1.26; PAN-OS 8.1 versiones anteriores a la versi\u00f3n 8.1.13; PAN-OS 9.0 versiones anteriores a la versi\u00f3n 9.0.6; Todas las versiones de PAN-OS 8.0."}], "id": "CVE-2020-2002", "lastModified": "2020-05-19T16:02:21.327", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2020-05-13T19:15:12.987", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2020-2002"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-290"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}