CVE-2020-2040: Critical Buffer Overflow Vulnerability in PAN-OS Devices Disclosed

PAN-OS devices that have enabled the captive portal or multi-factor authentication features are vulnerable to a critical buffer overflow flaw.

On September 9, Palo Alto Networks (PAN) published nine security advisories for a series of vulnerabilities affecting PAN-OS, a custom operating system (OS) found in PAN’s next-generation firewalls. Of the nine security advisories, only one is rated critical.

CVE-2020-2040 is a critical buffer overflow vulnerability in PAN-OS when either the Captive Portal or Multi-Factor Authentication (MFA) feature has been enabled. 

For more information about this vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.