CVE-2020-2012
HIGHPalo Alto Networks Pan-OS 7.1.0-7.1.25 - Unauthenticated XML External Entity Injection
Title source: llmDescription
Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. This issue affects: All versions of PAN-OS for Panorama 7.1 and 8.0; PAN-OS for Panorama 8.1 versions earlier than 8.1.13; PAN-OS for Panorama 9.0 versions earlier than 9.0.7.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://security.paloaltonetworks.com/CVE-2020-2012
Scores
CVSS v3
7.5
EPSS
0.0351
EPSS Percentile
87.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (1)
paloaltonetworks/pan-os
7.1.0 - 7.1.26
Published
May 13, 2020
Tracked Since
Feb 18, 2026