Command injection

2020-06-1018:15:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.3%

JSON

An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request to generate new certificates for use in the PAN-OS configuration. This issue affects: All versions of PAN-OS 8.0; PAN-OS 7.1 versions earlier than PAN-OS 7.1.26; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13.

CPENameOperatorVersion
pan-osge8.1.0
pan-oslt8.1.13
pan-osge8.0.0
pan-osle8.0.20
pan-osge7.1.0
pan-oslt7.1.26

Name	Operator	Version
pan-os	ge	8.1.0
pan-os	lt	8.1.13
pan-os	ge	8.0.0
pan-os	le	8.0.20
pan-os	ge	7.1.0
pan-os	lt	7.1.26

References

security.paloaltonetworks.com/CVE-2020-2029