Rapid7 Vulnerability & Exploit Database

PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit

Back to Search

PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit

Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
05/11/2022
Created
05/14/2022
Added
05/12/2022
Modified
05/24/2022

Description

A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls. This issue does not impact Panorama appliances or Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.23; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5.

Solution(s)

  • palo-alto-networks-pan-os-upgrade-10-0
  • palo-alto-networks-pan-os-upgrade-10-1
  • palo-alto-networks-pan-os-upgrade-8-1
  • palo-alto-networks-pan-os-upgrade-9-0
  • palo-alto-networks-pan-os-upgrade-9-1

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;