CVE-2018-9242

Name of the Vulnerable Software and Affected Versions PAN-OS versions 6.1.20 and earlier PAN-OS versions 7.1.16 and earlier PAN-OS versions 8.0.9 and earlier

Description A vulnerability in the Management web interface may allow an attacker to delete files in the system via specific request parameters. This issue can potentially be exploited for local privilege escalation. The Management web interface does not properly validate specific request parameters. Successful exploitation of this issue requires the attacker to be authenticated.

Recommendations For PAN-OS versions 6.1.20 and earlier, update to a version later than 6.1.20 to resolve the issue. For PAN-OS versions 7.1.16 and earlier, update to a version later than 7.1.16 to resolve the issue. For PAN-OS versions 8.0.9 and earlier, update to a version later than 8.0.9 to resolve the issue. As a temporary workaround, consider restricting access to the Management web interface to minimize the risk of exploitation.