CVE-2020-2009
HIGHPalo Alto Networks PAN-OS <8.1.14, <9.0.7 - Remote Code Execution
Title source: manualDescription
An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases this results in arbitrary code execution with root permissions. This issue affects: All versions of PAN-OS 7.1; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://security.paloaltonetworks.com/CVE-2020-2009
Scores
CVSS v3
7.2
EPSS
0.0195
EPSS Percentile
77.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-610
CWE-73
Status
published
Products (1)
paloaltonetworks/pan-os
7.1.0 - 7.1.26
Published
May 13, 2020
Tracked Since
Feb 18, 2026