Palo Alto Networks Security Advisories / CVE-2019-1576

CVE-2019-1576 Command Injection in PAN-OS

047910
Severity 8.8 · HIGH
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required LOW
Integrity Impact HIGH
User Interaction NONE
Availability Impact HIGH
NVD JSON
Published 2019-07-15
Updated
Reference PAN-111872 PAN-SA-2019-0018
Discovered externally

Description

A command injection vulnerability exists in the Palo Alto Networks PAN-OS Command Line Interface (CLI). (Ref PAN-111872/ CVE-2019-1576)

Successful exploitation of this issue may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions.

This issue affects PAN-OS 9.0.2 and earlier. PAN-OS 7.1, PAN-OS 8.0 and PAN-OS 8.1 are NOT affected.

Product Status

VersionsAffectedUnaffected
PAN-OS 9.0<= 9.0.2>= 9.0.3

Severity:HIGH

CVSSv3.1 Base Score:8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Weakness Type

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

Solution

PAN-OS 9.0.3 and later

Workarounds and Mitigations

N/A

Acknowledgments

Palo Alto Networks would like to thank Joe Graham at Rochester Institute of Technology for reporting this issue.
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure Policy Report vulnerabilitiesManage subscriptions
© 2023 Palo Alto Networks, Inc. All rights reserved.