CVE-2020-2040 | PAN-OS»º³åÇøÒç³öÎó²îͨ¸æ

Ðû²¼Ê±¼ä 2020-09-11


0x00 Îó²î¸ÅÊö


CVE   ID

CVE-2020-2040

ʱ    ¼ä

2020-09-11

Àà    ÐÍ

»º³åÇøÒç³ö

µÈ    ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£

 8.0ËùÓа汾£»£»£»£»

< 8.1.15 µÄ 8.1°æ±¾;

< 9.0.9µÄ9.0°æ±¾£»£»£»£»

<9.1.3µÄ9.1°æ±¾£»£»£»£»

10°æ±¾²»ÊÜÓ°Ïì ¡£¡£


2020Äê09ÔÂ09ÈÕ£¬£¬£¬Palo Alto Networks£¨PAN£©Ðû²¼ÁË9·ÝÇ徲ͨ¸æ£¬£¬£¬ÆäÖÐÖ»ÓÐÒ»¸ö±»ÆÀΪÑÏÖØ£¬£¬£¬ÆäÎó²î±àºÅΪCVE-2020-2040£¬£¬£¬CVSSÆÀ·ÖΪ9.8 ¡£¡£¸ÃÎó²îÊÇPAN-OSÉϵÄÒ»¸ö»º³åÇøÒç³öÎó²î£¬£¬£¬ÆäʹÓÃÄѶȵͣ¬£¬£¬ÎÞÐèÓû§½»»¥ ¡£¡£PAN-OSÊÇÒ»¸öÔËÐÐÔÚPalo Alto Networks·À»ðǽºÍÆóÒµVPNÉè±¹ØÁ¬Ä²Ù×÷ϵͳ ¡£¡£Palo Alto NetworksÌåÏÖ£¬£¬£¬×èÖ¹ÏÖÔÚ»¹ÉÐδ·¢Ã÷¸ÃÎó²îÔÚÒ°ÍⱻʹÓà ¡£¡£

¸ÃÎó²îµÄ±¨¸æ×÷Õß˵£º¡°ÈôÊDz»¸üУ¬£¬£¬¹¥»÷Õß¿ÉÒÔʹÓÃÕâЩÎó²îÀ´ÇÔÈ¡Ãô¸ÐÊý¾Ý£¬£¬£¬»òÕßͨ¹ý¹¥»÷À´»ñÈ¡ÄÚ²¿ÍøÂçµÄ»á¼ûȨÏÞ ¡£¡£¡±

¡°¿ÉʹÓÃÕâЩÎó²îÔÚ²Ù×÷ϵͳÖлñÈ¡rootÌØȨ£¬£¬£¬´Ó¶øʹºÚ¿ÍÄܹ»ÔÚPalo AltoÓ¦ÓóÌÐòÖÐʹÓÃÖÎÀíÔ±¼¶±ðµÄȨÏÞÖ´ÐÐÈκβÙ×÷ ¡£¡£¡±

 

0x01 Îó²îÏêÇé


image.png


δ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷Õßͨ¹ýÏòCaptive Portal»òMulti-Factor Authentication½Ó¿Ú·¢ËͶñÒâÇëÇóÀ´Ê¹ÓÃCVE-2020-2040 ¡£¡£ÀÖ³ÉʹÓôËÎó²î¿ÉÄܵ¼ÖÂϵͳÀú³ÌÖÐÖ¹£¬£¬£¬²¢ÔÊÐíʹÓÃrootÌØȨÔÚPAN-OS×°±¸ÉÏÖ´ÐÐí§Òâ´úÂë ¡£¡£¸ÃÎó²î½öµ±ÆôÓÃÁËÇ¿ÖÆÃÅ»§ºÍ¶àÖØÉí·ÝÑéÖ¤£¨MFA£©Ê±²Å±£´æ ¡£¡£

ͨ¹ýShodanµÄËÑË÷ÏÔʾ£¬£¬£¬ÏÖÔÚÓÐÁè¼Ý14000¸öPAN-OS×°±¸¿É¹ûÕæ»á¼û ¡£¡£¿ÉÊÇ£¬£¬£¬ÏÖÔÚÉв»ÇåÎú14000¸öPAN-OS×°±¸ÖÐÓм¸¶à¸öÒ×Êܹ¥»÷ ¡£¡£

image.png


³ýCVE-2020-2040Í⣬£¬£¬PAN»¹Ðû²¼ÁËÒÔÏÂ8ÏîÓйØPAN-OSÖÐÎó²îµÄÇ徲ͨ¸æ£¬£¬£¬ÈçÏ£º

image.png

ÆäÖУ¬£¬£¬CVE-2020-2041ÊÇÓÉÓÚPalo Alto Networks PAN-OS 8.1µÄappwebÊØ»¤³ÌÐòµÄ²»Çå¾²ÉèÖõ¼ÖµÄÎó²î£¬£¬£¬Ëü¿ÉÄÜÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄÔ¶³ÌÓû§½«´ó×Ú¶ñÒâÇëÇó·¢Ë͵½ÊÜÓ°ÏìµÄ×°±¸µ¼ÖÂÆäЧÀÍÍ߽⠡£¡£

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚ£¬£¬£¬Palo Alto NetworksÒÑÐû²¼ÊÜCVE-2020-2040Îó²îÓ°ÏìµÄ°æ±¾ºÍ´ËÎó²îµÄ¸üа汾£¬£¬£¬ÈçÏ£º

image.png

ÓÉÓÚPAN-OS°æ±¾8.0µÄËùÓа汾¾ùÊܵ½Ó°Ï죬£¬£¬Òò´Ë½â¾ö¸ÃÎó²îµÄΨһ½â¾ö¼Æ»®ÊÇÉý¼¶µ½8.0Ö®ÍâµÄÁíÒ»¸öÇå¾²°æ±¾°æ±¾8.1.15¼°Æä¸ü¸ß°æ±¾ ¡£¡£±ðµÄ£¬£¬£¬PANÌåÏÖGlobalProtect VPNºÍPAN-OSÖÎÀíWeb½çÃæ²»ÊÜCVE-2020-2040µÄÓ°Ïì ¡£¡£

PAN-OS 8.1.15¡¢PAN-OS 9.0.9¡¢PAN-OS 9.1.3¼°ÒÔÉÏ°æ±¾ÖÐÒÑÐÞ¸´´ËÎó²î£¬£¬£¬½¨ÒéÏà¹ØÓû§ÊµÊ±¸üе½Çå¾²°æ±¾ ¡£¡£

°æ±¾Éý¼¶Óë¸ü¶àÏêϸÐÅÏ¢Çë²Î¿¼£º

https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/software-and-content-updates/pan-os-software-updates.html

0x03 Ïà¹ØÐÂÎÅ

https://www.bankinfosecurity.com/palo-alto-networks-patches-6-firewall-vulnerabilities-a-14977

https://zh-cn.tenable.com/blog/cve-2020-2040-critical-buffer-overflow-vulnerability-in-pan-os-devices-disclosed?tns_redirect=true

0x04 ²Î¿¼Á´½Ó

https://www.security-database.com/detail.php?alert=CVE-2020-2040

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2040

0x05 ʱ¼äÏß

2020-09-11 VSRCÐû²¼Îó²îͨ¸æ


 

image.png