Hello, welcome to the Thursday, July 9th, 2020 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

In Diaries today, we got a nice walkthrough by Xavier showing how he de-obuscated a Windows script that he recently came across.

This script essentially carries the second stage along with it as a large array that's then

being decoded via character substitution and, well, good old basics,

for encoding in part.

But well, imagine that,

perimeter device securities are still coming out.

And today it's Palo Alto Network's turn

with an update for PanOS.

Now, this is a little bit an interesting issue here.

Palo Alto rates this as a CVSS score of 8.1,

but again, it is an unauthenticated network-based attack

that can execute arbitrary operating system commands

with root privileges, which I think really sort of puts it more in the 9 to 10 range

as far as vulnerabilities go.

They state that the attacker would require some level of specific information about the configuration of an impacted firewall.

My guess, and I'm totally guessing here, is maybe IP addresses, and the attacker would be able to prude force these parameters.

Now, to be vulnerable, you need to have the Global Protect Portal feature

enabled. Another little twist to this vulnerability. While this is a new distinct vulnerability

CVE 2020-2034, the advisory states that if you applied the patch for CVE 2020, 2021, then you're also protected

for this issue. I'm not aware of any additional details or exploits for this vulnerability,

...