CVE-2020-1992: 
PAN-OS vulnerability analysis and mitigation

A format string vulnerability (CVE-2020-1992) was discovered in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC). The vulnerability affects Palo Alto Networks PAN-OS versions 9.0 (before 9.0.7) and 9.1 (before 9.1.2) specifically on PA-7000 Series devices with an LFC installed and configured. The issue requires WildFire services to be configured and enabled, and does not affect PAN-OS 8.1 and earlier releases or any other PA Series firewalls (Palo Advisory).

The vulnerability is classified as a format string vulnerability (CWE-134) that could allow remote attackers to exploit the Varrcvr daemon. The CVSS v3.1 base score is 8.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating that the attack requires network access, has high attack complexity, requires no privileges or user interaction, and can result in high impacts to confidentiality, integrity, and availability (NVD, Palo Advisory).

If successfully exploited, the vulnerability can allow attackers to crash the Varrcvr daemon, creating a denial of service condition. More critically, there is potential for attackers to execute code with root privileges on affected systems (Palo Advisory).

The vulnerability has been fixed in PAN-OS versions 9.0.7, 9.1.2, and all later versions. Palo Alto Networks has stated that there are no viable workarounds for this issue, making updating to a patched version the only effective mitigation (Palo Advisory).

The vulnerability was discovered in production use by a customer of Palo Alto Networks (Palo Advisory).