CVE-2020-2012 HIGH

CVE-2020-2012: PAN-OS: Panorama: XML external entity reference ('XXE') vulnerability leads the to information leak

Vendor Palo Alto Networks
Product PAN-OS
Weakness CWE-611 · XXE
Published May 13, 2020
Last update September 17, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. This issue affects: All versions of PAN-OS for Panorama 7.1 and 8.0; PAN-OS for Panorama 8.1 versions earlier than 8.1.13; PAN-OS for Panorama 9.0 versions earlier than 9.0.7.

Key dates

02Disclosure timeline

May 13, 2020 CVE published
September 17, 2024 Record updated