Rewterz Threat Advisory – Multiple Palo Alto Network Security Vulnerabilities

Rewterz Threat Advisory – Netwalker Exploits Vulnerabilities to Target Corporate Networks

September 10, 2020

Rewterz Threat Advisory – Additional Palo Alto PAN-OS Issues

September 11, 2020

Rewterz Threat Advisory – Multiple Palo Alto Network Security Vulnerabilities

Severity

High

Analysis Summary

CVE-2020-2036

A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator’s browser and perform administrative actions.

CVE-2020-2037, CVE-2020-2038

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.

Impact

Cross-site scripting
Command injection

Affected Vendors

Palo Alto

Affected Products

PAN OS

Remediation

Refer to vendor advisory for the complete list of affected products and their respective patches.

https://security.paloaltonetworks.com/CVE-2020-2036

https://security.paloaltonetworks.com/CVE-2020-2037

https://security.paloaltonetworks.com/CVE-2020-2038

Rewterz Threat Advisory – Netwalker Exploits Vulnerabilities to Target Corporate Networks

Rewterz Threat Advisory – Additional Palo Alto PAN-OS Issues

Rewterz Threat Advisory – Multiple Palo Alto Network Security Vulnerabilities

Severity

Analysis Summary

CVE-2020-2036

CVE-2020-2037, CVE-2020-2038

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan