Rewterz

Rewterz Threat Advisory – Netwalker Exploits Vulnerabilities to Target Corporate Networks

September 10, 2020
Rewterz

Rewterz Threat Advisory – Additional Palo Alto PAN-OS Issues

September 11, 2020

Rewterz Threat Advisory – Multiple Palo Alto Network Security Vulnerabilities

Severity

High

Analysis Summary

CVE-2020-2036

A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator’s browser and perform administrative actions. 

CVE-2020-2037, CVE-2020-2038

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.

Impact

  • Cross-site scripting
  • Command injection

Affected Vendors

Palo Alto

Affected Products

PAN OS

Remediation

Refer to vendor advisory for the complete list of affected products and their respective patches.

https://security.paloaltonetworks.com/CVE-2020-2036

https://security.paloaltonetworks.com/CVE-2020-2037

https://security.paloaltonetworks.com/CVE-2020-2038

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.