CVE-2020-1979
HIGHPAN-OS < 8.1.13 - Remote Code Execution via Format String in Log Daemon
Title source: llmDescription
A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://security.paloaltonetworks.com/CVE-2020-1979
Scores
CVSS v3
8.1
EPSS
0.0100
EPSS Percentile
58.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-134
Status
published
Products (1)
paloaltonetworks/pan-os
< 8.1.13
Published
Mar 11, 2020
Tracked Since
Feb 18, 2026