Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
paloaltoPalo Alto Networks Product Security Incident Response TeamPA-CVE-2020-10188
HistorySep 08, 2021 - 4:00 p.m.

PAN-OS: Impact of Telnet Remote-Code-Execution (RCE) Vulnerability (CVE-2020-10188)

2021-09-0816:00:00
Palo Alto Networks Product Security Incident Response Team
securityadvisories.paloaltonetworks.com
33

0.833 High

EPSS

Percentile

98.4%

JSON

A buffer overflow vulnerability in the Telnet-based administrative management service included with PAN-OS software allows remote attackers to execute arbitrary code.

The Telnet-based administrative management service is disabled by default and this issue is not exploitable if this service is disabled.

This issue does not impact SSH or HTTPS management interfaces. This issue does not affect Prisma Access.

Work around:
Disabling the Telnet-based administrative management service completely eliminates risks of exploitation of this issue.

This issue requires the attacker to have network access to the PAN-OS Telnet interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.

If the Telnet-based administrative management service is required and you cannot immediately upgrade your PAN-OS software, enable signatures for Unique Threat ID 59125 on traffic destined for the Telnet interface to block attacks against CVE-2020-10188.

Related

prion 1
nessus 39
fedora 3
openvas 19
broadcom 1
mageia 2
redhat 7
cvelist 1
arista 1
centos 2
ubuntucve 1
ubuntu 2
amazon 2
oraclelinux 4
f5 1
redhatcve 1
cisa 1
veracode 1
debiancve 1
checkpoint_advisories 1
osv 1
cisco 1
cve 1
archlinux 1
jvn 1
oracle 1
prion
prion
Buffer overflow
2020-03-06 15:15:00
nessus
nessus
RHEL 8 : telnet (RHSA-2020:1318)
2020-04-07 00:00:00
RHEL 7 : telnet (RHSA-2022:0011)
2022-01-04 00:00:00
Debian DLA-2176-1 : inetutils security update
2020-05-15 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: telnet-0.17-77.fc30
2020-04-04 04:19:03
[SECURITY] Fedora 32 Update: telnet-0.17-79.fc32
2020-04-01 16:35:49
[SECURITY] Fedora 31 Update: telnet-0.17-78.fc31
2020-04-04 03:23:08
openvas
openvas
Debian: Security Advisory (DLA-2341-1)
2020-08-25 00:00:00
Mageia: Security Advisory (MGASA-2020-0169)
2022-01-28 00:00:00
Fedora: Security Advisory for telnet (FEDORA-2020-6b07ff2526)
2020-04-05 00:00:00
broadcom
broadcom
BSA-2021-1013
2021-07-10 00:00:00
mageia
mageia
Updated krb5-appl packages fix security vulnerability
2020-04-15 13:12:14
Updated netkit-telnet packages fix security vulnerability
2020-05-15 18:48:04
redhat
redhat
(RHSA-2020:1342) Important: telnet security update
2020-04-07 07:01:47
(RHSA-2020:1335) Important: telnet security update
2020-04-06 14:39:35
(RHSA-2022:0011) Important: telnet security update
2022-01-04 07:56:18
cvelist
cvelist
CVE-2020-10188
2020-03-06 14:07:21
arista
arista
Security Advisory 0048
2020-05-13 00:00:00
centos
centos
telnet security update
2020-04-08 15:30:05
krb5 security update
2020-04-08 15:29:38
ubuntucve
ubuntucve
CVE-2020-10188
2020-03-06 00:00:00
ubuntu
ubuntu
Inetutils vulnerability
2021-08-19 00:00:00
Inetutils vulnerability
2021-08-20 00:00:00
amazon
amazon
Important: telnet
2020-06-23 06:42:00
Important: telnet
2020-05-05 01:20:00
oraclelinux
oraclelinux
telnet security update
2020-04-11 00:00:00
telnet security update
2020-04-07 00:00:00
krb5-appl security update
2020-04-13 00:00:00
f5
f5
K22130301 : Telnet vulnerability CVE-2020-10188
2020-05-07 00:00:00
redhatcve
redhatcve
CVE-2020-10188
2020-03-09 15:41:07
cisa
cisa
Cisco Releases Security Advisory for Telnet Vulnerability in IOS XE Software
2020-06-25 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2022-01-14 06:00:46
debiancve
debiancve
CVE-2020-10188
2020-03-06 15:15:14
checkpoint_advisories
checkpoint_advisories
Netkit Telnet Buffer Overflow (CVE-2020-10188)
2020-12-27 00:00:00
osv
osv
inetutils vulnerability
2021-08-20 17:56:24
cisco
cisco
Telnet Vulnerability Affecting Cisco Products: June 2020
2020-06-24 16:00:00
cve
cve
CVE-2020-10188
2020-03-06 15:15:14
archlinux
archlinux
[ASA-202106-20] inetutils: arbitrary code execution
2021-06-09 00:00:00
jvn
jvn
JVN#96561229: Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM
2022-05-09 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00

0.833 High

EPSS

Percentile

98.4%

JSON
Related for PA-CVE-2020-10188
prion1nessus39fedora3openvas19broadcom1mageia2redhat7cvelist1arista1centos2ubuntucve1ubuntu2amazon2oraclelinux4f51redhatcve1cisa1veracode1debiancve1checkpoint_advisories1osv1cisco1cve1archlinux1jvn1oracle1