3 matches found
CVE-2016-3655
The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call...
CVE-2016-3655
The CVE corresponds to an unauthenticated remote command-injection vulnerability in the PAN-OS management Web API. Affected PAN-OS releases: 5.0.x before 5.0.18; 6.0.x before 6.0.13; 6.1.x before 6.1.10; and 7.0.x before 7.0.5. The issue allows an attacker with network access to the device manage...
Unauthenticated Command Injection in Management Web Interface
Palo Alto Networks PAN-OS implements an API to enable programmatic device configuration and administration of the device. An issue was identified where the management API incorrectly parses input to a specific API call, leading to execution of arbitrary OS commands without authentication via the...