8.5
CVE-2020-2016
- EPSS 0.21%
- Veröffentlicht 13.05.2020 19:15:14
- Zuletzt bearbeitet 21.11.2024 05:24:27
- Quelle psirt@paloaltonetworks.com
- Teams Watchlist Login
- Unerledigt Login
A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Paloaltonetworks ≫ Pan-os Version >= 7.1.0 < 7.1.26
Paloaltonetworks ≫ Pan-os Version >= 8.0.0 <= 8.0.20
Paloaltonetworks ≫ Pan-os Version >= 8.1.0 < 8.1.13
Paloaltonetworks ≫ Pan-os Version >= 9.0.0 < 9.0.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.433 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 8.5 | 6.8 | 10 |
AV:N/AC:M/Au:S/C:C/I:C/A:C
|
| psirt@paloaltonetworks.com | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
CWE-377 Insecure Temporary File
Creating and using insecure temporary files can leave application and system data vulnerable to attack.