CVE-2020-2038 - Vulnerability Details - OpenCVE

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.88016.

Key SSVC decision points have not yet been added.

Vendors	Products
Paloaltonetworks Subscribe	Pan-os Subscribe

Configuration 1 [-]

OR	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

This issue is fixed in PAN-OS 9.0.10, PAN-OS 9.1.4, PAN-OS 10.0.1, and all later PAN-OS versions.

Workaround

This issue impacts the PAN-OS management web interface but you can mitigate the impact of this issue by following best practices for securing the PAN-OS management web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.

References

Link	Providers
http://packetstormsecurity.com/files/168008/PAN-OS-10.0-Remote-Code-Execution.html
http://packetstormsecurity.com/files/168408/Palo-Alto-Networks-Authenticated-Remote-Code-Execution.html
https://security.paloaltonetworks.com/CVE-2020-2038

History

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.92357}`	epss `{'score': 0.92484}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2020-09-09T16:45:26.588785Z

Updated: 2024-09-16T16:47:58.614Z

Reserved: 2019-12-04T00:00:00

Link: CVE-2020-2038

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-09-09T17:15:25.760

Modified: 2024-11-21T05:24:31.310

Link: CVE-2020-2038

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-78

{"containers": {"cna": {"affected": [{"product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [{"status": "unaffected", "version": "8.1.*"}, {"changes": [{"at": "10.0.1", "status": "unaffected"}], "lessThan": "10.0.1", "status": "affected", "version": "10.0", "versionType": "custom"}, {"changes": [{"at": "9.0.10", "status": "unaffected"}], "lessThan": "9.0.10", "status": "affected", "version": "9.0", "versionType": "custom"}, {"changes": [{"at": "9.1.4", "status": "unaffected"}], "lessThan": "9.1.4", "status": "affected", "version": "9.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks Mikhail Klyuchnikov and Nikita Abramov of Positive Technologies for discovering and reporting this issue."}], "datePublic": "2020-09-09T00:00:00", "descriptions": [{"lang": "en", "value": "An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1."}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 OS Command Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-16T15:06:18", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2020-2038"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/168008/PAN-OS-10.0-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/168408/Palo-Alto-Networks-Authenticated-Remote-Code-Execution.html"}], "solutions": [{"lang": "en", "value": "This issue is fixed in PAN-OS 9.0.10, PAN-OS 9.1.4, PAN-OS 10.0.1, and all later PAN-OS versions."}], "source": {"defect": ["PAN-101484"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2020-09-09T00:00:00", "value": "Initial publication"}], "title": "PAN-OS: OS command injection vulnerability in the management web interface", "workarounds": [{"lang": "en", "value": "This issue impacts the PAN-OS management web interface but you can mitigate the impact of this issue by following best practices for securing the PAN-OS management web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2020-09-09T16:00:00.000Z", "ID": "CVE-2020-2038", "STATE": "PUBLIC", "TITLE": "PAN-OS: OS command injection vulnerability in the management web interface"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PAN-OS", "version": {"version_data": [{"version_affected": "<", "version_name": "10.0", "version_value": "10.0.1"}, {"version_affected": "<", "version_name": "9.0", "version_value": "9.0.10"}, {"version_affected": "<", "version_name": "9.1", "version_value": "9.1.4"}, {"version_affected": "!>=", "version_name": "10.0", "version_value": "10.0.1"}, {"version_affected": "!>=", "version_name": "9.0", "version_value": "9.0.10"}, {"version_affected": "!>=", "version_name": "9.1", "version_value": "9.1.4"}, {"version_affected": "!", "version_name": "8.1", "version_value": "8.1.*"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "credit": [{"lang": "eng", "value": "Palo Alto Networks thanks Mikhail Klyuchnikov and Nikita Abramov of Positive Technologies for discovering and reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-78 OS Command Injection"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2020-2038", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2020-2038"}, {"name": "http://packetstormsecurity.com/files/168008/PAN-OS-10.0-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/168008/PAN-OS-10.0-Remote-Code-Execution.html"}, {"name": "http://packetstormsecurity.com/files/168408/Palo-Alto-Networks-Authenticated-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/168408/Palo-Alto-Networks-Authenticated-Remote-Code-Execution.html"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in PAN-OS 9.0.10, PAN-OS 9.1.4, PAN-OS 10.0.1, and all later PAN-OS versions."}], "source": {"defect": ["PAN-101484"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2020-09-09T00:00:00", "value": "Initial publication"}], "work_around": [{"lang": "en", "value": "This issue impacts the PAN-OS management web interface but you can mitigate the impact of this issue by following best practices for securing the PAN-OS management web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:54:00.693Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2020-2038"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/168008/PAN-OS-10.0-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/168408/Palo-Alto-Networks-Authenticated-Remote-Code-Execution.html"}]}]}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2020-2038", "datePublished": "2020-09-09T16:45:26.588785Z", "dateReserved": "2019-12-04T00:00:00", "dateUpdated": "2024-09-16T16:47:58.614Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "B274DF14-BD36-46DF-91EF-0293CC082B41", "versionEndExcluding": "9.0.10", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "F307ABF3-27DB-4C76-A488-60E1F6A6D17F", "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "09926771-7377-487B-B660-809265E7D8A2", "versionEndExcluding": "10.0.1", "versionStartIncluding": "10.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1."}, {"lang": "es", "value": "Una vulnerabilidad de Inyecci\u00f3n de Comandos del Sistema Operativo en la interfaz de administraci\u00f3n de PAN-OS que permite a los administradores autenticados ejecutar comandos de Sistema Operativo arbitrarios con privilegios root. Este problema impacta a: Versiones PAN-OS 9.0 anteriores a 9.0.10; Versiones PAN-OS 9.1 anteriores a 9.1.4; Versiones PAN-OS 10.0 anteriores a 10.0.1."}], "id": "CVE-2020-2038", "lastModified": "2024-11-21T05:24:31.310", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-09T17:15:25.760", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/168008/PAN-OS-10.0-Remote-Code-Execution.html"}, {"source": "psirt@paloaltonetworks.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/168408/Palo-Alto-Networks-Authenticated-Remote-Code-Execution.html"}, {"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2020-2038"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/168008/PAN-OS-10.0-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/168408/Palo-Alto-Networks-Authenticated-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2020-2038"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}