Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-2039

An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. It is possible for an attacker to disrupt the availability of the management web interface by repeatedly uploading files until available disk space is exhausted. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.

Published

2020-09-09T17:15:25.823

Last Modified

2024-11-21T05:24:31.500

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-400
Type: Primary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	paloaltonetworks	pan-os	< 8.1.16	Yes
Operating System	paloaltonetworks	pan-os	< 9.0.10	Yes
Operating System	paloaltonetworks	pan-os	< 9.1.4	Yes
Operating System	paloaltonetworks	pan-os	< 10.0.1	Yes

References

https://security.paloaltonetworks.com/CVE-2020-2039 Vendor Advisory ([email protected])
https://security.paloaltonetworks.com/CVE-2020-2039 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)