PT-2021-18763 · Palo Alto Networks · Pan-Os
Published
2021-08-11
·
Updated
2021-08-19
·
CVE-2021-3050
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
PAN-OS versions 9.0.10 through 9.0.14
PAN-OS versions 9.1.4 through 9.1.10
PAN-OS versions 10.0.0 through 10.0.7
PAN-OS versions 10.1.0 through 10.1.1
Description
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges.
Recommendations
For PAN-OS versions 9.0.10 through 9.0.14, update to a version outside of this range to resolve the issue.
For PAN-OS versions 9.1.4 through 9.1.10, update to a version outside of this range to resolve the issue.
For PAN-OS versions 10.0.0 through 10.0.7, update to a version later than 10.0.7 to resolve the issue.
For PAN-OS versions 10.1.0 through 10.1.1, update to a version later than 10.1.1 to resolve the issue.
As a temporary workaround, consider restricting access to the web interface until a patch is available.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pan-Os