A vulnerability exists whereby an unauthenticated user can get administrator access to the device via the web management UI without supplying credentials. (Ref #37034)
This vulnerability can result in total compromise of the device.
This issue affects PAN-OS 4.1.3 and earlier; PAN-OS 4.0.9 and earlier; PAN-OS 3.1.11 and earlier.
Work around:
This issue affects the management interface of the device. Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.