Palo Alto Networks PAN-OS 7.1.x < 7.1.26 / 8.0.x < 8.0.14 Open Redirection

medium Nessus Plugin ID 136818

Synopsis

The remote PAN-OS host is affected by an open redirection vulnerability.

Description

The version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 7.1.26 or 8.0.x prior to 8.0.14.
It is, therefore, affected by an open redirection vulnerability.

- An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26;
PAN-OS 8.0 versions earlier than 8.0.14. (CVE-2020-1997)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to PAN-OS 7.1.26 / 8.0.14 or later.

See Also

https://security.paloaltonetworks.com/CVE-2020-1997

https://cwe.mitre.org/data/definitions/601.html

Plugin Details

Severity: Medium

ID: 136818

File Name: palo_alto_CVE-2020-1997.nasl

Version: 1.3

Type: combined

Published: 5/22/2020

Updated: 10/13/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2020-1997

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:paloaltonetworks:pan-os

Required KB Items: Host/Palo_Alto/Firewall/Version, Host/Palo_Alto/Firewall/Full_Version, Host/Palo_Alto/Firewall/Source

Exploit Ease: No known exploits are available

Patch Publication Date: 5/13/2020

Vulnerability Publication Date: 5/13/2020

Reference Information

CVE: CVE-2020-1997

CWE: 601

IAVA: 2020-A-0222-S