image credit: Unsplash

Palo Alto Networks Patches Command Injection Vulnerabilities in PAN-OS

Based on their CVSS score, the more serious of the flaws is CVE-2020-2034, which impacts the GlobalProtect portal and allows an unauthenticated attacker with network access to the targeted system to execute arbitrary operating system commands with root permissions.

“An attacker would require some level of specific information about the configuration of an impacted firewall or perform brute-force attacks to exploit this issue,” the vendor said in its advisory.

Read More on Security Week