Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2020-1994
PUBLISHED
More InfoOfficial Page
Assigner-palo_alto
Assigner Org ID-d6c1279f-00f6-4ef7-9217-f89ffe703ec0
View Known Exploited Vulnerability (KEV) details
Published At-13 May, 2020 | 19:07
Updated At-16 Sep, 2024 | 22:15
Rejected At-
▼CVE Numbering Authority (CNA)
PAN-OS: Predictable temporary file vulnerability

A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7.

Affected Products
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
PAN-OS
Versions
Affected
  • 7.1.*
  • 8.0.*
  • From 8.1 before 8.1.13 (custom)
    • -> unaffectedfrom8.1.13
  • From 9.0 before 9.0.7 (custom)
    • -> unaffectedfrom9.0.7
Unaffected
  • From 9.1.0 before 9.1* (custom)
Problem Types
TypeCWE IDDescription
CWECWE-377CWE-377 Insecure Temporary File
Type: CWE
CWE ID: CWE-377
Description: CWE-377 Insecure Temporary File
Metrics
VersionBase scoreBase severityVector
3.14.1MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 4.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

This issue is fixed in PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.0, and all later PAN-OS versions. PAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies. PAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.

Configurations
Workarounds
Exploits
Credits
This issue was found by a customer.
Timeline
EventDate
Initial publication2020-05-13 00:00:00
Event: Initial publication
Date: 2020-05-13 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.paloaltonetworks.com/CVE-2020-1994
x_refsource_MISC
Hyperlink: https://security.paloaltonetworks.com/CVE-2020-1994
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.paloaltonetworks.com/CVE-2020-1994
x_refsource_MISC
x_transferred
Hyperlink: https://security.paloaltonetworks.com/CVE-2020-1994
Resource:
x_refsource_MISC
x_transferred
Details not found