Home

CVE-2020-1975

Description

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6. This issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.384

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities affected in pan-os 8.1.8-h4NCM
Multiple Vulnerabilities affected in pan-os 8.1.8NCM
Multiple Vulnerabilities affected in pan-os 8.1.7NCM
Multiple Vulnerabilities affected in pan-os 8.1.2NCM
Multiple Vulnerabilities affected in pan-os 9.0.3NCM
Multiple Vulnerabilities affected in pan-os 8.1.9NCM
Multiple Vulnerabilities affected in pan-os 8.1.8-h5NCM
Multiple Vulnerabilities affected in pan-os 8.1.3NCM
Multiple Vulnerabilities affected in pan-os 8.1.5NCM
Multiple Vulnerabilities affected in pan-os 8.1.4-h2NCM
Multiple Vulnerabilities affected in pan-os 8.1.4NCM
Multiple Vulnerabilities affected in pan-os 9.0.4NCM
Multiple Vulnerabilities affected in pan-os 9.0.0NCM
Multiple Vulnerabilities affected in pan-os 8.1.0NCM
Multiple Vulnerabilities affected in pan-os 9.0.5NCM
Multiple Vulnerabilities affected in pan-os 9.0.2-h4NCM
Multiple Vulnerabilities affected in pan-os 9.0.2NCM
Multiple Vulnerabilities affected in pan-os 9.0.1NCM
Multiple Vulnerabilities affected in pan-os 8.1.11NCM
Multiple Vulnerabilities affected in pan-os 8.1.6-h2NCM
Multiple Vulnerabilities affected in pan-os 8.1.6NCM
Multiple Vulnerabilities affected in pan-os 8.1.1NCM
Missing XML Validation Vulnerability (CVE-2020-1975)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234