Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_114282HistoryMay 21, 2024 - 12:00 a.m.
Palo Alto PAN-OS GlobalProtect Remote Code Execution
2024-05-2100:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
palo alto
globalprotect
remote code execution
pan-os
arbitrary file write
vulnerability
firewall
root privileges
file upload
scanner
AI Score
8.3
Confidence
Low
Palo Alto PAN-OS versions 11.1.x < 11.1.0-h3 / 11.1.1-h1 / 11.1.2-h3, 11.0.x < 11.0.0-h3 / 11.0.1-h4 / 11.0.2-h4 / 11.0.3-h10 / 11.0.4-h1, 10.2.x < 10.2.0-h3 / 10.2.1-h2 / 10.2.2-h5 / 10.2.3-h13 / 10.2.4-h16 / 10.2.5-h6 / 10.2.6-h3 / 10.2.7-h8 / 10.2.8-h3 / 10.2.9-h1 suffer from an arbitrary file write vulnerability in the GlobalProtect feature, enabling a remote and unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Note that this plugin requires the βFile Uploadβ assessment option enabled in the scan configuration.
No source dataAI Score
8.3
Confidence
Low