CVE-2021-3060 PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP)

🗓️ 10 Nov 2021 17:10:24Reported by palo_altoType

CVE-2021-3060 PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP

Reporter	Title	Published	Views	Family All 13
GithubExploit	Exploit for OS Command Injection in Paloaltonetworks Prisma_Access	5 Oct 202307:04	–	githubexploit
BDU FSTEC	The vulnerability in the implementation of the Certificate Enrollment Protocol (SCEP) protocol in the PAN-OS operating system allows a perpetrator to execute any code with root privileges.	18 Nov 202100:00	–	bdu_fstec
Circl	CVE-2021-3060	10 Nov 202120:36	–	circl
CNNVD	Palo Alto Networks PAN-OS 操作系统命令注入漏洞	10 Nov 202100:00	–	cnnvd
CNVD	Palo Alto Networks PAN-OS SCEP feature command injection vulnerability	13 Nov 202100:00	–	cnvd
Check Point Advisories	Palo Alto Networks Multiple Products Command Injection (CVE-2021-3060)	31 Aug 202200:00	–	checkpoint_advisories
CVE	CVE-2021-3060	10 Nov 202117:10	–	cve
NCSC	Vulnerabilities fixed in Palo Alto PAN-OS and GlobalProtect	11 Nov 202100:00	–	ncsc
NVD	CVE-2021-3060	10 Nov 202117:15	–	nvd
OSV	CVE-2021-3060	10 Nov 202117:15	–	osv

[
  {
    "product": "PAN-OS",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "8.1.20-h1",
            "status": "unaffected"
          }
        ],
        "lessThan": "8.1.20-h1",
        "status": "affected",
        "version": "8.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "9.0.14-h3",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.0.14-h3",
        "status": "affected",
        "version": "9.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "9.1.11-h2",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.1.11-h2",
        "status": "affected",
        "version": "9.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "10.0.8",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.0.8",
        "status": "affected",
        "version": "10.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "10.1.3",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.1.3",
        "status": "affected",
        "version": "10.1",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Prisma Access",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "affected",
        "version": "2.1 Preferred"
      },
      {
        "status": "affected",
        "version": "2.1 Innovation"
      },
      {
        "lessThan": "2.2*",
        "status": "unaffected",
        "version": "all",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
docs	www.docs.paloaltonetworks.com/prisma/prisma-access/innovation/2-1/prisma-access-panorama-admin/prepare-the-prisma-access-infrastructure/get-started-with-prisma-access-overview.html
docs	www.docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/certificate-management/configure-the-master-key.html
security	www.security.paloaltonetworks.com/CVE-2021-3060

10 Nov 2021 17:10Current

8.7High risk

Vulners AI Score8.7

CVSS 3.18.1

EPSS0.33875

CWE-78