CVE-2020-1997

Published: May 13, 2020Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14.

Affected (2)

Products: Paloaltonetworks: Pan Os

Paloaltonetworks

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Paloaltonetworks Pan Os	From 7.1.0 to 7.1.26
Paloaltonetworks Pan Os	From 8.0.0 to 8.0.14

Related CWEs

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

https://security.paloaltonetworks.com/CVE-2020-1997

Source: psirt@paloaltonetworks.com

Vendor Advisory

https://security.paloaltonetworks.com/CVE-2020-1997

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.