CVE-2016-3655

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS versions 5.0.17 and prior Palo Alto Networks PAN-OS versions 6.0.12 and prior Palo Alto Networks PAN-OS versions 6.1.9 and prior Palo Alto Networks PAN-OS versions 7.0.4 and prior

Description The management web interface in Palo Alto Networks PAN-OS has an issue where the management API incorrectly parses input to a specific API call, leading to execution of arbitrary OS commands without authentication via the management interface. This issue can be exploited remotely by an unauthenticated user with network access to the device management web-based API.

Recommendations For versions 5.0.17 and prior, update to version 5.0.18 or later. For versions 6.0.12 and prior, update to version 6.0.13 or later. For versions 6.1.9 and prior, update to version 6.1.10 or later. For versions 7.0.4 and prior, update to version 7.0.5 or later.