CVE-2020-2009

HIGH Year: 2020
CVSS v3 Score
7.2
High
CVSS v2 Score
9.0
Critical
Weakness Type
CWE-73
View all →

Vulnerability Description

An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases this results in arbitrary code execution with root permissions. This issue affects: All versions of PAN-OS 7.1; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7.

Related Vulnerabilities

CVE-2020-2008

HIGH
CVSS:7.2(High)

An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system ...

CWE-732020

CVE-2023-2554

HIGH
CVSS:7.2(High)

External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0.

CWE-732023

CVE-2024-27943

HIGH
CVSS:7.2(High)

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. ...

CWE-732024

CVE-2024-27944

HIGH
CVSS:7.2(High)

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the system....

CWE-732024

CVE-2024-27945

HIGH
CVSS:7.2(High)

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation direct...

CWE-732024

CVE-2024-37295

HIGH
CVSS:7.2(High)

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like imag...

CWE-732024