PT-2021-18774 · Palo Alto Networks · Pan-Os
Cj
·
Published
2021-11-10
·
Updated
2021-11-15
·
CVE-2021-3058
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
PAN-OS versions prior to 8.1.20-h1
PAN-OS versions prior to 9.0.14-h3
PAN-OS versions prior to 9.1.11-h2
PAN-OS versions prior to 10.0.8
PAN-OS versions prior to 10.1.3
Description
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges.
Recommendations
For versions prior to 8.1.20-h1, update to PAN-OS 8.1.20-h1 or later.
For versions prior to 9.0.14-h3, update to PAN-OS 9.0.14-h3 or later.
For versions prior to 9.1.11-h2, update to PAN-OS 9.1.11-h2 or later.
For versions prior to 10.0.8, update to PAN-OS 10.0.8 or later.
For versions prior to 10.1.3, update to PAN-OS 10.1.3 or later.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pan-Os