8.8
CVE-2020-1998
- EPSS 0.22%
- Published 13.05.2020 19:15:12
- Last modified 21.11.2024 05:11:49
- Source psirt@paloaltonetworks.com
- Teams watchlist Login
- Open Login
An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0.
Data is provided by the National Vulnerability Database (NVD)
Paloaltonetworks ≫ Pan-os Version >= 7.1.0 < 7.1.26
Paloaltonetworks ≫ Pan-os Version >= 8.0.0 <= 8.0.20
Paloaltonetworks ≫ Pan-os Version >= 8.1.0 < 8.1.13
Paloaltonetworks ≫ Pan-os Version >= 9.0.0 < 9.0.6
Paloaltonetworks ≫ Pan-os Version >= 9.1.0 < 9.1.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.444 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| psirt@paloaltonetworks.com | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
CWE-285 Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.