Rewterz Threat Advisory – Additional Palo Alto PAN-OS Issues

Severity

Medium

Analysis Summary

CVE-2020-2040

A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. 

CVE-2020-2041

An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.

Impact

• Execution of arbitrary code
• Service crash

Affected Vendors

Palo Alto

Remediation

Refer to vendor advisory for the complete list of affected products and their respective patches.

https://security.paloaltonetworks.com/CVE-2020-2040

https://security.paloaltonetworks.com/CVE-2020-2041