A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator’s PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator’s account and further manipulate devices managed by Panorama.
This issue affects:

PAN-OS 7.1 versions earlier than 7.1.26;

PAN-OS 8.0 versions earlier than 8.0.21;

PAN-OS 8.1 versions earlier than 8.1.13;

PAN-OS 9.0 versions earlier than 9.0.6;

and PAN-OS 9.1 versions earlier than 9.1.1.

Source: CVE-2020-2013

댓글 남기기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다

Time limit is exhausted. Please reload the CAPTCHA.