Palo Alto Networks next-generation firewall (NGFW) is one of the leading enterprise firewalls used by companies around the world to protect against various cyber-attacks. It runs on its own operating system «PAN-OS».
In this article, we will analyze the vulnerabilities that lead to:
- Arbitrary OS command execution by an authorized user — CVE-2020-2037 and CVE-2020-2038
- DoS by an unauthorized user — CVE-2020-2039
- Reflected Cross Site Scripting (XSS) — CVE-2020-2036
Using these vulnerabilities, an attacker can gain access to sensitive data, disrupt the availability of firewall components or gain access to internal network segments.
Continue reading