Text only | Text with Images

Networking-Forums.com

Professional Discussions => Vendor Advisories => Topic started by: icecream-guy on April 09, 2020, 03:21:37 PM

Title: Palo Alto Networks Security Advisories - April 8, 2020
Post by: icecream-guy on April 09, 2020, 03:21:37 PM
New Palo Alto Networks Security Advisories.
Palo Alto Networks has published 12 new Security Advisories at https://security.paloaltonetworks.com on April 8, 2020:

PAN-OS
________________________________________
CVE-2020-1992 PAN-OS on PA-7000 Series: Varrcvr daemon network-based denial of service or privilege escalation (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-1992

CVE-2020-1990 PAN-OS: Buffer overflow in the management server (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-1990

PAN-SA-2020-0002 PAN-OS: OpenSSH software upgraded to resolve multiple vulnerabilities (Severity: MEDIUM)
https://security.paloaltonetworks.com/PAN-SA-2020-0002

PAN-SA-2020-0003 Informational: Third-party or open source vulnerabilities that do not affect Palo Alto Networks Products (Severity: NONE)
https://security.paloaltonetworks.com/PAN-SA-2020-0003

Traps, Cortex XDR
________________________________________
CVE-2020-1991 Traps: Insecure temporary file vulnerability may allow privilege escalation on Windows (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-1991

Secdo
________________________________________
CVE-2020-1984 Secdo: Privilege escalation via hardcoded script path (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-1984

CVE-2020-1985 Secdo: Incorrect Default Permissions (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-1985

CVE-2020-1986 Secdo: Local authenticated users can cause Windows system crash (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2020-1986

Global Protect Agent
________________________________________
CVE-2020-1989 Global Protect Agent: Incorrect privilege assignment allows local privilege escalation (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2020-1989

CVE-2020-1988 Global Protect Agent: Local privilege escalation due to an unquoted search path vulnerability (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2020-1988

CVE-2020-1987 Global Protect Agent: VPN cookie local information disclosure (Severity: LOW)
https://security.paloaltonetworks.com/CVE-2020-1987

VM-Series Plugin
________________________________________
CVE-2020-1978 VM-Series on Microsoft Azure: Inadvertent collection of credentials in Tech support files on HA configured VMs (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2020-1978


Please visit our Security Advisories website to learn more at https://security.paloaltonetworks.com/.
If you have questions, please contact support https://www.paloaltonetworks.com/company/contact-support.

Regards,
Product Security Incident Response Team
Palo Alto Networks
Text only | Text with Images