An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1.
Recent assessments:
wvu-r7 at September 10, 2020 4:23pm UTC reported:
Not enough is known about this vulnerability, but this requires admin creds to the management interface, so mitigate this by choosing secure passphrases, securing credential storage, etc.
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 2