CVE-2020-2022

HIGH Year: 2020
CVSS v3 Score
7.5
High
CVSS v2 Score
5.1
Medium
Weakness Type
CWE-200
View all →

Vulnerability Description

An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacker to gain privileged access to the Panorama web interface. An attacker requires some knowledge of managed firewalls to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.

Related Vulnerabilities

CVE-2010-1432

HIGH
CVSS:7.5(High)

Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5...

CWE-2002010

CVE-2010-2450

HIGH
CVSS:7.5(High)

The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default ...

CWE-2002010

CVE-2011-2480

HIGH
CVSS:7.5(High)

Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allo...

CWE-2002011

CVE-2011-3269

HIGH
CVSS:7.5(High)

Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut.

CWE-2002011

CVE-2011-3613

HIGH
CVSS:7.5(High)

An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.

CWE-2002011