CVE-2020-2040 | PAN-OS»º³åÇøÒç³öÎó²îͨ¸æ

Ðû²¼Ê±¼ä 2020-09-11


0x00 Îó²î¸ÅÊö


CVE   ID

CVE-2020-2040

ʱ    ¼ä

2020-09-11

Àà    ÐÍ

»º³åÇøÒç³ö

µÈ    ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£

 8.0ËùÓа汾 £»£»£»£»£»£»

< 8.1.15 µÄ 8.1°æ±¾;

< 9.0.9µÄ9.0°æ±¾ £»£»£»£»£»£»

<9.1.3µÄ9.1°æ±¾ £»£»£»£»£»£»

10°æ±¾²»ÊÜÓ°Ïì¡£¡£¡£¡£


2020Äê09ÔÂ09ÈÕ£¬£¬£¬£¬Palo Alto Networks£¨PAN£©Ðû²¼ÁË9·ÝÇ徲ͨ¸æ£¬£¬£¬£¬ÆäÖÐÖ»ÓÐÒ»¸ö±»ÆÀΪÑÏÖØ£¬£¬£¬£¬ÆäÎó²î±àºÅΪCVE-2020-2040£¬£¬£¬£¬CVSSÆÀ·ÖΪ9.8¡£¡£¡£¡£¸ÃÎó²îÊÇPAN-OSÉϵÄÒ»¸ö»º³åÇøÒç³öÎó²î£¬£¬£¬£¬ÆäʹÓÃÄѶȵÍ£¬£¬£¬£¬ÎÞÐèÓû§½»»¥¡£¡£¡£¡£PAN-OSÊÇÒ»¸öÔËÐÐÔÚPalo Alto Networks·À»ðǽºÍÆóÒµVPNÉè±¹ØÁ¬Ä²Ù×÷ϵͳ¡£¡£¡£¡£Palo Alto NetworksÌåÏÖ£¬£¬£¬£¬×èÖ¹ÏÖÔÚ»¹ÉÐδ·¢Ã÷¸ÃÎó²îÔÚÒ°ÍⱻʹÓᣡ£¡£¡£

¸ÃÎó²îµÄ±¨¸æ×÷Õß˵£º¡°ÈôÊDz»¸üУ¬£¬£¬£¬¹¥»÷Õß¿ÉÒÔʹÓÃÕâЩÎó²îÀ´ÇÔÈ¡Ãô¸ÐÊý¾Ý£¬£¬£¬£¬»òÕßͨ¹ý¹¥»÷À´»ñÈ¡ÄÚ²¿ÍøÂçµÄ»á¼ûȨÏÞ¡£¡£¡£¡£¡±

¡°¿ÉʹÓÃÕâЩÎó²îÔÚ²Ù×÷ϵͳÖлñÈ¡rootÌØȨ£¬£¬£¬£¬´Ó¶øʹºÚ¿ÍÄܹ»ÔÚPalo AltoÓ¦ÓóÌÐòÖÐʹÓÃÖÎÀíÔ±¼¶±ðµÄȨÏÞÖ´ÐÐÈκβÙ×÷¡£¡£¡£¡£¡±

 

0x01 Îó²îÏêÇé


image.png


δ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷Õßͨ¹ýÏòCaptive Portal»òMulti-Factor Authentication½Ó¿Ú·¢ËͶñÒâÇëÇóÀ´Ê¹ÓÃCVE-2020-2040¡£¡£¡£¡£ÀÖ³ÉʹÓôËÎó²î¿ÉÄܵ¼ÖÂϵͳÀú³ÌÖÐÖ¹£¬£¬£¬£¬²¢ÔÊÐíʹÓÃrootÌØȨÔÚPAN-OS×°±¸ÉÏÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¸ÃÎó²î½öµ±ÆôÓÃÁËÇ¿ÖÆÃÅ»§ºÍ¶àÖØÉí·ÝÑéÖ¤£¨MFA£©Ê±²Å±£´æ¡£¡£¡£¡£

ͨ¹ýShodanµÄËÑË÷ÏÔʾ£¬£¬£¬£¬ÏÖÔÚÓÐÁè¼Ý14000¸öPAN-OS×°±¸¿É¹ûÕæ»á¼û¡£¡£¡£¡£¿ÉÊÇ£¬£¬£¬£¬ÏÖÔÚÉв»ÇåÎú14000¸öPAN-OS×°±¸ÖÐÓм¸¶à¸öÒ×Êܹ¥»÷¡£¡£¡£¡£

image.png


³ýCVE-2020-2040Í⣬£¬£¬£¬PAN»¹Ðû²¼ÁËÒÔÏÂ8ÏîÓйØPAN-OSÖÐÎó²îµÄÇ徲ͨ¸æ£¬£¬£¬£¬ÈçÏ£º

image.png

ÆäÖУ¬£¬£¬£¬CVE-2020-2041ÊÇÓÉÓÚPalo Alto Networks PAN-OS 8.1µÄappwebÊØ»¤³ÌÐòµÄ²»Çå¾²ÉèÖõ¼ÖµÄÎó²î£¬£¬£¬£¬Ëü¿ÉÄÜÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄÔ¶³ÌÓû§½«´ó×Ú¶ñÒâÇëÇó·¢Ë͵½ÊÜÓ°ÏìµÄ×°±¸µ¼ÖÂÆäЧÀÍÍ߽⡣¡£¡£¡£

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚ£¬£¬£¬£¬Palo Alto NetworksÒÑÐû²¼ÊÜCVE-2020-2040Îó²îÓ°ÏìµÄ°æ±¾ºÍ´ËÎó²îµÄ¸üа汾£¬£¬£¬£¬ÈçÏ£º

image.png

ÓÉÓÚPAN-OS°æ±¾8.0µÄËùÓа汾¾ùÊܵ½Ó°Ï죬£¬£¬£¬Òò´Ë½â¾ö¸ÃÎó²îµÄΨһ½â¾ö¼Æ»®ÊÇÉý¼¶µ½8.0Ö®ÍâµÄÁíÒ»¸öÇå¾²°æ±¾°æ±¾8.1.15¼°Æä¸ü¸ß°æ±¾¡£¡£¡£¡£±ðµÄ£¬£¬£¬£¬PANÌåÏÖGlobalProtect VPNºÍPAN-OSÖÎÀíWeb½çÃæ²»ÊÜCVE-2020-2040µÄÓ°Ïì¡£¡£¡£¡£

PAN-OS 8.1.15¡¢PAN-OS 9.0.9¡¢PAN-OS 9.1.3¼°ÒÔÉÏ°æ±¾ÖÐÒÑÐÞ¸´´ËÎó²î£¬£¬£¬£¬½¨ÒéÏà¹ØÓû§ÊµÊ±¸üе½Çå¾²°æ±¾¡£¡£¡£¡£

°æ±¾Éý¼¶Óë¸ü¶àÏêϸÐÅÏ¢Çë²Î¿¼£º

https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/software-and-content-updates/pan-os-software-updates.html

0x03 Ïà¹ØÐÂÎÅ

https://www.bankinfosecurity.com/palo-alto-networks-patches-6-firewall-vulnerabilities-a-14977

https://zh-cn.tenable.com/blog/cve-2020-2040-critical-buffer-overflow-vulnerability-in-pan-os-devices-disclosed?tns_redirect=true

0x04 ²Î¿¼Á´½Ó

https://www.security-database.com/detail.php?alert=CVE-2020-2040

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2040

0x05 ʱ¼äÏß

2020-09-11 VSRCÐû²¼Îó²îͨ¸æ


 

image.png