CVE-2020-1975 MEDIUM

CVE-2020-1975: Missing XML Validation in PAN-OS Web Interface

Vendor Palo Alto Networks
Product PAN-OS
Weakness CWE-112
Published February 12, 2020
Last update September 16, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6. This issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions.

Key dates

02Disclosure timeline

February 12, 2020 CVE published
September 16, 2024 Record updated