CVE-2020-2034

HIGH EXPLOITED

Paloaltonetworks Pan-os < 7.1.26 - OS Command Injection

Title source: rule

Description

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtect portal feature is not enabled. This issue impacts PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; all versions of PAN-OS 8.0 and PAN-OS 7.1. Prisma Access services are not impacted by this vulnerability.

Exploits (1)

nomisec SCANNER 13 stars

by blackhatethicalhacking · poc

https://github.com/blackhatethicalhacking/CVE-2020-2034-POC

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://security.paloaltonetworks.com/CVE-2020-2034

Scores

CVSS v3 8.1

EPSS 0.7777

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-07-31

CWE

CWE-78

Status published

Products (1)

paloaltonetworks/pan-os 7.1.0 - 7.1.26

Published Jul 08, 2020

Tracked Since Feb 18, 2026