CVE-2020-2040 is a critical buffer overflow vulnerability in PAN-OS when either the Captive Portal or Multi-Factor Authentication (MFA) feature has been enabled. According to PAN’s advisory, a remote, unauthenticated attacker could exploit this vulnerability by sending a malicious request to a vulnerable PAN-OS device when one of these features is enabled. Successful exploitation of this vulnerability could result in the disruption of system processes, as well as allow arbitrary code execution on the PAN-OS devices with root privileges. The vulnerability received a critical CVSSv3 score of 9.8.
|Palo Alto Networks PAN-OS 9.0.8|
|Palo Alto Networks PAN-OS 8.1.14|
|Palo Alto Networks PAN-OS 9.1.2|