CVE-2020-2016
13.05.2020, 19:15
A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0.
| Vendor | Product | Version |
|---|---|---|
| paloaltonetworks | pan-os | 7.1.0 ≤ 𝑥 < 7.1.26 |
| paloaltonetworks | pan-os | 8.0.0 ≤ 𝑥 ≤ 8.0.20 |
| paloaltonetworks | pan-os | 8.1.0 ≤ 𝑥 < 8.1.13 |
| paloaltonetworks | pan-os | 9.0.0 ≤ 𝑥 < 9.0.6 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-377 - Insecure Temporary FileCreating and using insecure temporary files can leave application and system data vulnerable to attack.
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.