cnvd - cnvd-2020-63188

cnvd-2020-63188

Vulnerability from cnvd

Title

Palo Alto Networks Panorama信息泄露漏洞

Description

Palo Alto Networks Panorama是美国Palo Alto Networks公司的一套支持集中管理、配置防火墙的解决方案。该产品支持网络流量监控和威胁管理等功能。 Palo Alto Networks Panorama 存在信息泄露漏洞，该漏洞源于存在一个信息暴露漏洞，当管理员执行到该设备的上下文切换时，该信息暴露了web界面管理员与被管理设备的会话令牌。攻击者可利用该漏洞获得访问全景网络界面的特权。

Severity

高

Patch Name

Palo Alto Networks Panorama信息泄露漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://security.paloaltonetworks.com/CVE-2020-2022

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-2022

Impacted products

Name
['Palo Alto Networks PAN-OS >=8.1，<=8.1.17', 'Palo Alto Networks PAN-OS >=9.0，<=9.0.11', 'Palo Alto Networks PAN-OS >=9.1，<=9.1.5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-2022",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-2022"
    }
  },
  "description": "Palo Alto Networks Panorama\u662f\u7f8e\u56fdPalo Alto Networks\u516c\u53f8\u7684\u4e00\u5957\u652f\u6301\u96c6\u4e2d\u7ba1\u7406\u3001\u914d\u7f6e\u9632\u706b\u5899\u7684\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u7f51\u7edc\u6d41\u91cf\u76d1\u63a7\u548c\u5a01\u80c1\u7ba1\u7406\u7b49\u529f\u80fd\u3002\n\nPalo Alto Networks Panorama \u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5b58\u5728\u4e00\u4e2a\u4fe1\u606f\u66b4\u9732\u6f0f\u6d1e\uff0c\u5f53\u7ba1\u7406\u5458\u6267\u884c\u5230\u8be5\u8bbe\u5907\u7684\u4e0a\u4e0b\u6587\u5207\u6362\u65f6\uff0c\u8be5\u4fe1\u606f\u66b4\u9732\u4e86web\u754c\u9762\u7ba1\u7406\u5458\u4e0e\u88ab\u7ba1\u7406\u8bbe\u5907\u7684\u4f1a\u8bdd\u4ee4\u724c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u5f97\u8bbf\u95ee\u5168\u666f\u7f51\u7edc\u754c\u9762\u7684\u7279\u6743\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://security.paloaltonetworks.com/CVE-2020-2022",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-63188",
  "openTime": "2020-11-14",
  "patchDescription": "Palo Alto Networks Panorama\u662f\u7f8e\u56fdPalo Alto Networks\u516c\u53f8\u7684\u4e00\u5957\u652f\u6301\u96c6\u4e2d\u7ba1\u7406\u3001\u914d\u7f6e\u9632\u706b\u5899\u7684\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u7f51\u7edc\u6d41\u91cf\u76d1\u63a7\u548c\u5a01\u80c1\u7ba1\u7406\u7b49\u529f\u80fd\u3002\r\n\r\nPalo Alto Networks Panorama \u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5b58\u5728\u4e00\u4e2a\u4fe1\u606f\u66b4\u9732\u6f0f\u6d1e\uff0c\u5f53\u7ba1\u7406\u5458\u6267\u884c\u5230\u8be5\u8bbe\u5907\u7684\u4e0a\u4e0b\u6587\u5207\u6362\u65f6\uff0c\u8be5\u4fe1\u606f\u66b4\u9732\u4e86web\u754c\u9762\u7ba1\u7406\u5458\u4e0e\u88ab\u7ba1\u7406\u8bbe\u5907\u7684\u4f1a\u8bdd\u4ee4\u724c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u5f97\u8bbf\u95ee\u5168\u666f\u7f51\u7edc\u754c\u9762\u7684\u7279\u6743\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Palo Alto Networks Panorama\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Palo Alto Networks PAN-OS \u003e=8.1\uff0c\u003c=8.1.17",
      "Palo Alto Networks PAN-OS \u003e=9.0\uff0c\u003c=9.0.11",
      "Palo Alto Networks PAN-OS \u003e=9.1\uff0c\u003c=9.1.5"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-2022",
  "serverity": "\u9ad8",
  "submitTime": "2020-11-13",
  "title": "Palo Alto Networks Panorama\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2020-2022 (GCVE-0-2020-2022)

Vulnerability from cvelistv5

Published

2020-11-12 00:05

Modified

2024-09-16 17:08

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-200 - Information Exposure

Summary

An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacker to gain privileged access to the Panorama web interface. An attacker requires some knowledge of managed firewalls to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.

References

URL

Tags

https://security.paloaltonetworks.com/CVE-2020-2022

x_refsource_MISC