CVE-2020-1979

HIGH Year: 2020
CVSS v3 Score
7.8
High
CVSS v2 Score
4.6
Medium
Weakness Type
CWE-134
View all →

Vulnerability Description

A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.

Related Vulnerabilities

CVE-2011-1588

HIGH
CVSS:7.8(High)

Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.

CWE-1342011

CVE-2015-8106

HIGH
CVSS:7.8(High)

Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command i...

CWE-1342015

CVE-2015-8107

HIGH
CVSS:7.8(High)

Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.

CWE-1342015

CVE-2017-5613

HIGH
CVSS:7.8(High)

Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.

CWE-1342017

CVE-2018-1566

HIGH
CVSS:7.8(High)

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023.

CWE-1342018

CVE-2018-16554

HIGH
CVSS:7.8(High)

The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of incons...

CWE-1342018