CVE-2020-1980

HIGH Year: 2020
CVSS v3 Score
7.8
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-77
View all →

Vulnerability Description

A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS 8.1.13, and all later versions.

Related Vulnerabilities

CVE-2010-4345

HIGH
CVSS:7.8(High)

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary comma...

CWE-772010

CVE-2014-1834

HIGH
CVSS:7.8(High)

The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password.

CWE-772014

CVE-2014-4677

HIGH
CVSS:7.8(High)

The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters ...

CWE-772014

CVE-2014-5220

HIGH
CVSS:7.8(High)

The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.

CWE-772014

CVE-2014-9114

HIGH
CVSS:7.8(High)

Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

CWE-772014

CVE-2015-2210

HIGH
CVSS:7.8(High)

The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command she...

CWE-772015