{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-28T23:41:54.597","vulnerabilities":[{"cve":{"id":"CVE-2020-1993","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2020-05-13T19:15:12.330","lastModified":"2026-06-17T03:02:47.423","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID. This issue affects: All PAN-OS 7.1 and 8.0 versions; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.8."},{"lang":"es","value":"La funcionalidad GlobalProtect Portal en PAN-OS, no establece un nuevo identificador de sesión después de un inicio de sesión de usuario con éxito, que permite ataques de fijación de sesión, si un atacante es capaz de controlar el ID de sesión de un usuario. Este problema afecta: Todas las versiones de PAN-OS 7.1 y 8.0; PAN-OS versiones 8.1 anteriores a 8.1.14; PAN-OS versiones 9.0 anteriores a 9.0.8."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"7.1.*","status":"affected"},{"version":"8.1","lessThan":"8.1.14","versionType":"custom","status":"affected","changes":[{"at":"8.1.14","status":"unaffected"}]},{"version":"9.0","lessThan":"9.0.8","versionType":"custom","status":"affected","changes":[{"at":"9.0.8","status":"unaffected"}]},{"version":"9.2.0","lessThan":"9.2*","versionType":"custom","status":"unaffected"},{"version":"9.1.0","lessThan":"9.1*","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-384"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"7.1.0","versionEndIncluding":"7.1.26","matchCriteriaId":"9223062F-C3E8-4D86-88E4-70D775D1151F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndIncluding":"8.0.20","matchCriteriaId":"2BEFBF38-AF84-4477-A6B9-5BDD51D54F4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0","versionEndIncluding":"8.1.13","matchCriteriaId":"D9DB0756-BC99-46B0-9524-178B6398C82C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndIncluding":"9.0.7","matchCriteriaId":"1AB4B7D2-D873-4E97-8ABE-B1807F3F4379"}]}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2020-1993","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]},{"url":"https://security.paloaltonetworks.com/CVE-2020-1993","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}