CVE-2020-2022
Description
An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrators session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacker to gain privileged access to the Panorama web interface. An attacker requires some knowledge of managed firewalls to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.915
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities affected in pan-os 9.1.2 | NCM |
| Multiple Vulnerabilities affected in pan-os 9.1.1 | NCM |
| Multiple Vulnerabilities affected in pan-os 9.1.4 | NCM |
| Multiple Vulnerabilities affected in pan-os 9.1.3 | NCM |
| Multiple Vulnerabilities affected in pan-os 9.0.10 | NCM |
| Multiple Vulnerabilities affected in pan-os 9.0.9 | NCM |
| Multiple Vulnerabilities affected in pan-os 8.1.16 | NCM |
| Multiple Vulnerabilities affected in pan-os 8.1.15 | NCM |
| Multiple Vulnerabilities affected in pan-os 8.1.14 | NCM |
| Multiple Vulnerabilities affected in pan-os 9.0.6 | NCM |
| Multiple Vulnerabilities affected in pan-os 8.1.13 | NCM |
| Multiple Vulnerabilities affected in pan-os 9.1.0 | NCM |
| Multiple Vulnerabilities affected in pan-os 8.1.8-h4 | NCM |
| Multiple Vulnerabilities affected in pan-os 8.1.8 | NCM |
| Multiple Vulnerabilities affected in pan-os 8.1.7 | NCM |
| Multiple Vulnerabilities affected in pan-os 8.1.2 | NCM |
| Multiple Vulnerabilities affected in pan-os 9.0.0 | NCM |
| Multiple Vulnerabilities affected in pan-os 8.1.12 | NCM |
| Multiple Vulnerabilities affected in pan-os 8.1.9 | NCM |
| Multiple Vulnerabilities affected in pan-os 8.1.8-h5 | NCM |
| Multiple Vulnerabilities affected in pan-os 9.0.4 | NCM |
| Multiple Vulnerabilities affected in pan-os 8.1.3 | NCM |
| Multiple Vulnerabilities affected in pan-os 9.0.5 | NCM |
| Multiple Vulnerabilities affected in pan-os 9.0.2-h4 | NCM |
| Multiple Vulnerabilities affected in pan-os 9.0.2 | NCM |
| Multiple Vulnerabilities affected in pan-os 9.0.1 | NCM |
| Multiple Vulnerabilities affected in pan-os 8.1.5 | NCM |
| Multiple Vulnerabilities affected in pan-os 8.1.4-h2 | NCM |
| Multiple Vulnerabilities affected in pan-os 8.1.4 | NCM |
| Multiple Vulnerabilities affected in pan-os 9.0.7 | NCM |
| Multiple Vulnerabilities affected in pan-os 8.1.0 | NCM |
| Multiple Vulnerabilities affected in pan-os 9.0.8 | NCM |
| Multiple Vulnerabilities affected in pan-os 9.0.3 | NCM |
| Multiple Vulnerabilities affected in pan-os 8.1.11 | NCM |
| Multiple Vulnerabilities affected in pan-os 8.1.6-h2 | NCM |
| Multiple Vulnerabilities affected in pan-os 8.1.6 | NCM |
| Multiple Vulnerabilities affected in pan-os 8.1.1 | NCM |
| Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-2022) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234