End-of-Life (EoL)

PAN-OS 7.1.26 Addressed Issues

PAN-OS® 7.1.26 addressed issues.
Issue ID
Description
PAN-128248
A fix was made to address a vulnerability with a race condition due to an insecure creation of a file in a temporary directory in PAN-OS (CVE-2020-2016).
PAN-125122
A fix was made to address a cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS and Panorama that disclosed an authenticated PAN-OS administrator's PAN-OS session cookie (CVE-2020-2013).
PAN-124621
A fix was made to address an issue where an OS command injection vulnerability in the PAN-OS web management interface allowed authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request to generate new certificates for use in the PAN-OS configuration (CVE-2020-2029).
PAN-123661
A fix was made to address an authentication bypass vulnerability in the Panorama context switching feature (CVE-2020-2018).
PAN-121058
A fix was made to address a DOM-based cross site scripting vulnerability in the PAN-OS and Panorama management web interfaces (CVE-2020-2017).
PAN-118957
A fix was made to address an authentication bypass spoofing vulnerability in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS (CVE-2020-2002).
PAN-117479
A fix was made to address a vulnerability with the Nginx web server included with PAN-OS (CVE-2017-7529).
PAN-111636
A fix was made to address OpenSSH issues (PAN-SA-2020-0002 / CVE-2018-20685, CVE-2019-6109, and CVE-2019-6111).
PAN-111061
A fix was made to upgrade OpenSSH software included with PAN-OS (PAN-SA-2020-0005 / CVE-2016-10012).
PAN-108992
A fix was made to address an improper authorization vulnerability in PAN-OS (CVE-2020-1998).
PAN-100734
A fix was made to address a buffer flow vulnerability in the PAN-OS management interface where authenticated users were able to crash system processes or execute arbitrary code with root privileges (CVE-2020-2015).
PAN-82052
A fix was made to address an open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS (CVE-2020-1997).

Recommended For You