CVE-2020-1979

HIGH

Paloaltonetworks Pan-os < 8.1.13 - Format String Vulnerability

Title source: rule

Description

A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.

References (1)

[Vendor Advisory] https://security.paloaltonetworks.com/CVE-2020-1979

Scores

CVSS v3 8.1

EPSS 0.0024

EPSS Percentile 46.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-134

Status published

Products (1)

paloaltonetworks/pan-os < 8.1.13

Published Mar 11, 2020

Tracked Since Feb 18, 2026