Operational Defect Database

BugZero updated this defect 77 days ago.

Palo Alto Networks | PAN-151978

A fix was made to address an insecure configuration of a daemon ( appweb ) that allowed a remote unauthenticated user to send a specifically crafted request to the device that caused the Appweb service to crash. Repeated attempts to send this request resulted in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode ( CVE-2020-2041 ).

Last update date:

5/2/2024

Affected products:

Pan OS

Affected releases:

No affected releases provided.

Fixed releases:

8.1.16

Description:

The earliest recollection of this bug is traced back to PAN-OS 8.1.16 - May 02, 2024. This bug is fixed in PAN-OS versions 8.1.16. A fix was made to address an insecure configuration of a daemon ( appweb ) that allowed a remote unauthenticated user to send a specifically crafted request to the device that caused the Appweb service to crash. Repeated attempts to send this request resulted in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode ( CVE-2020-2041 ). For more information: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-16-addressed-issues

Additional Resources / Links

Share:

BugZero® Risk Score

What's this?

Coming soon

Status

Addressed

Learn More

Search:

...