CVE-2021-3061

Name of the Vulnerable Software and Affected Versions PAN-OS versions earlier than 8.1.20-h1 PAN-OS versions earlier than 9.0.14-h3 PAN-OS versions earlier than 9.1.11-h2 PAN-OS versions earlier than 10.0.8 PAN-OS versions earlier than 10.1.3 Prisma Access 2.1 firewalls

Description An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges.

Recommendations For PAN-OS 8.1 versions earlier than 8.1.20-h1, update to PAN-OS 8.1.20-h1 or later. For PAN-OS 9.0 versions earlier than 9.0.14-h3, update to PAN-OS 9.0.14-h3 or later. For PAN-OS 9.1 versions earlier than 9.1.11-h2, update to PAN-OS 9.1.11-h2 or later. For PAN-OS 10.0 versions earlier than 10.0.8, update to PAN-OS 10.0.8 or later. For PAN-OS 10.1 versions earlier than 10.1.3, update to PAN-OS 10.1.3 or later. As a temporary workaround for Prisma Access 2.1 firewalls, consider restricting access to the CLI until a patch is available.