Improper input validation in Palo Alto PAN-OS - #VU48411

 

Improper input validation in Palo Alto PAN-OS - #VU48411

Published: November 12, 2020


Vulnerability identifier: #VU48411
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Palo Alto Networks, Inc.
Affected software:
Palo Alto PAN-OS

Detailed vulnerability description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to improper input validation in the PAN-OS management web interface. A remote privileged user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may allow an attacker to execute arbitrary commands with root privileges.


Remediation

Install updates from vendor's website.

Sources