Palo Alto Networks Security Advisories / CVE-2016-1712

CVE-2016-1712 Local privilege escalation

047910
Severity 7.8 · HIGH
Attack Vector LOCAL
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required LOW
Integrity Impact HIGH
User Interaction NONE
Availability Impact HIGH
NVD JSON
Published 2016-07-13
Updated
Reference 92293 PAN-SA-2016-0012

Description

Palo Alto Networks firewalls do not properly sanitize the root_reboot local invocation which can potentially allow executing code with higher privileges (Ref. 92293) (CVE-2016-1712).

Exploitation of this privilege escalation is restricted to local users. Potential attackers would have to first obtain a shell on the device before they could attempt to escalate privileges through this vulnerability.

This issue affects PAN-OS 5.0.18 and earlier; PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.11 and earlier; PAN-OS 7.0.7 and earlier

Product Status

VersionsAffectedUnaffected
PAN-OS 7.0<= 7.0.7>= 7.0.8
PAN-OS 6.1<= 6.1.11>= 6.1.12
PAN-OS 6.0<= 6.0.13>= 6.0.14
PAN-OS 5.1<= 5.1.11>= 5.1.12
PAN-OS 5.0<= 5.0.18>= 5.0.19

Severity: HIGH

CVSSv3.0 Base Score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Weakness Type

CWE-20 Improper Input Validation

Solution

PAN-OS 5.0.19 and later; PAN-OS 5.1.12 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.12 and later; PAN-OS 7.0.8 and later

Workarounds and Mitigations

N/A

Acknowledgments

Kasif Dekel, CheckPoint Security Team
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2024 Palo Alto Networks, Inc. All rights reserved.