CVE-2020-1981: 
PAN-OS vulnerability analysis and mitigation

A predictable temporary filename vulnerability (CVE-2020-1981) was discovered in PAN-OS, affecting versions earlier than PAN-OS 8.1.13. The vulnerability was disclosed on March 11, 2020, and was found during an internal security review by Palo Alto Networks. This issue specifically impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.13, while PAN-OS 7.1, 9.0, and later versions are not affected (Palo Alto).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.0 (HIGH) with the following metrics: Attack Vector: Local, Attack Complexity: High, Privileges Required: Low, User Interaction: None, Scope: Unchanged, and Impact scores of High for Confidentiality, Integrity, and Availability. The vulnerability is classified under CWE-377 (Insecure Temporary File) (Palo Alto).

If exploited, this vulnerability allows a local attacker who has bypassed the restricted shell to execute commands as a low privileged user and subsequently gain root access on the PAN-OS hardware or virtual appliance (Palo Alto).

The vulnerability has been fixed in PAN-OS 8.1.13 and all later PAN-OS 8.1 versions. As a mitigation measure, organizations are advised to follow best practices for securing the PAN-OS management interface, which helps reduce exposure to potential attackers. Detailed guidelines are available in the Best Practices for Securing Administrative Access documentation for PAN-OS 8.1 (Palo Alto).