Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-1999— PAN-OS: Threat signatures are evaded by specifically crafted packets

CVSS 5.3 · Medium EPSS 0.29% · P53
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-1999

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
PAN-OS: Threat signatures are evaded by specifically crafted packets
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets. This technique evades signature-based threat detection. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.17; PAN-OS 9.0 versions earlier than 9.0.11; PAN-OS 9.1 versions earlier than 9.1.5; All versions of PAN-OS 7.1 and PAN-OS 8.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对因果或异常条件的不恰当检查
Source: NVD (National Vulnerability Database)
Vulnerability Title
Palo Alto Networks PAN-OS 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Palo Alto Networks PAN-OS是美国Palo Alto Networks公司的一套为其防火墙设备开发的操作系统。 Palo Alto Networks PAN-OS 存在代码问题漏洞,该漏洞允许攻击者可利用该漏洞与网络中的设备通信,而不通过专门设计的TCP数据包发送数据来分析威胁。该技术避开了基于签名的威胁检测。以下产品及版本受到影响: 8.1.17之前的8.1版本,9.0.11之前的9.0版本,9.1.5之前的9.1版本,PAN-OS 7.1所有版本和PAN-OS 8.0版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Palo Alto NetworksPAN-OS 7.1.* -

II. Public POCs for CVE-2020-1999

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-1999

登录查看更多情报信息。

Same Patch Batch · Palo Alto Networks · 2020-11-12 · 5 CVEs total

CVE-2020-20508.2 HIGHPAN-OS: Authentication bypass vulnerability in GlobalProtect SSL VPN client certificate ve
CVE-2020-20227.5 HIGHPAN-OS: Panorama session disclosure during context switch into managed device
CVE-2020-20007.2 HIGHPAN-OS: OS command injection and memory corruption vulnerability
CVE-2020-20483.3 LOWPAN-OS: System proxy passwords may be logged in clear text while viewing system state

IV. Related Vulnerabilities

Same product: PAN-OS
Same vendor: Palo Alto Networks
Same weakness: CWE-754

V. Comments for CVE-2020-1999

No comments yet

Leave a comment