Palo Alto Networks PAN-OS 7.1.x < 7.1.26 / 8.0.x < 8.0.14 Open Redirection

Medium Nessus Plugin ID 136818

Synopsis

The remote PAN-OS host is affected by an open redirection vulnerability.

Description

The version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 7.1.26 or 8.0.x prior to 8.0.14.
It is, therefore, affected by an open redirection vulnerability.

- An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26;
PAN-OS 8.0 versions earlier than 8.0.14. (CVE-2020-1997)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to PAN-OS 7.1.26 / 8.0.14 or later.

See Also

https://security.paloaltonetworks.com/CVE-2020-1997

https://cwe.mitre.org/data/definitions/601.html

Plugin Details

Severity: Medium

ID: 136818

File Name: palo_alto_CVE-2020-1997.nasl

Version: 1.1

Type: combined

Published: 2020/05/22

Updated: 2020/05/22

Dependencies: 72816

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2020-1997

CVSS v2.0

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS v3.0

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vulnerability Information

CPE: cpe:/o:paloaltonetworks:pan-os

Required KB Items: Host/Palo_Alto/Firewall/Version, Host/Palo_Alto/Firewall/Full_Version, Host/Palo_Alto/Firewall/Source

Patch Publication Date: 2020/05/13

Vulnerability Publication Date: 2020/05/13

Reference Information

CVE: CVE-2020-1997

IAVA: 2020-A-0222

CWE: 601