Palo Alto Networks Security Advisories / CVE-2016-9151

CVE-2016-9151 Local Privilege Escalation


Severity 7.8 · HIGH
Attack Vector LOCAL
Attack Complexity LOW
Privileges Required LOW
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH

Description

Palo Alto Networks firewalls do not properly validate certain environment variables which can potentially allow executing code with higher privileges (Ref # PAN-61104/100499/CVE-2016-9151)

A potential attacker with local shell access could manipulate arbitrary environment variables which could result in a process running with higher privileges.

This issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier

Product Status

PAN-OS

VersionsAffectedUnaffected
5.0<= 5.0.19>= 5.0.20
5.1<= 5.1.12>= 5.1.13
6.0<= 6.0.14>= 6.0.15
6.1<= 6.1.14>= 6.1.15
7.0<= 7.0.10>= 7.0.11
7.1<= 7.1.5>= 7.1.6

Severity: HIGH

CVSSv3.1 Base Score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Solution

PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.6 and later

Workarounds and Mitigations

Exploitation of this privilege escalation is restricted to local users. Potential attackers would have to first obtain a shell on the device before they could attempt to escalate privileges through this vulnerability.

Acknowledgements

Palo Alto Networks would like to thank Tavis Ormandy from the Google Security Team for reporting this issue to us.
© 2020 Palo Alto Networks, Inc. All rights reserved.