CVE-2016-3654

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS versions 5.0.17 and prior Palo Alto Networks PAN-OS versions 5.1.10 and prior Palo Alto Networks PAN-OS versions 6.0.12 and prior Palo Alto Networks PAN-OS versions 6.1.9 and prior Palo Alto Networks PAN-OS versions 7.0.5 and prior

Description The device management command line interface (CLI) in Palo Alto Networks PAN-OS allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter. This issue requires successful authentication and can be used to execute OS commands with root privileges if the logged on user has administrative privileges. The vulnerability is exploitable only by authenticated administrators that are granted access to the device management CLI.

Recommendations For versions 5.0.17 and prior, update to version 5.0.18 or later. For versions 5.1.10 and prior, update to version 5.1.11 or later. For versions 6.0.12 and prior, update to version 6.0.13 or later. For versions 6.1.9 and prior, update to version 6.1.10 or later. For versions 7.0.5 and prior, update to version 7.0.5H2 or later.