PAN-OS: OS Command Injection Vulnerability in the Command Line Interface (CLI)

CVE-2021-3061

6.4MEDIUM

Key Information

Vendor: Palo Alto Networks
Status: Pan-os; Prisma Access
Vendor: CVE Published:; 10 November 2021

Badges

👾 Exploit Exists

Summary

An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers that have Prisma Access 2.1 firewalls are impacted by this issue.

Affected Version(s)

PAN-OS < 8.1.20-h1

PAN-OS < 9.0.14-h3

PAN-OS < 10.0.8

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Aug 3, 2024
Risk change from: 7.2 to: 6.4 - (MEDIUM)
Feb 22, 2024
Initial publication
Nov 10, 2021
Vulnerability published.
Nov 10, 2021
Vulnerability Reserved.
Jan 6, 2021

Collectors

NVD DatabaseMitre Database

Credit

Palo Alto Networks thanks CJ, an external security researcher, and Ben Nott from Palo Alto Networks for discovering and reporting this issue.