Palo Alto Networks Security Advisories / PAN-SA-2016-0015

PAN-SA-2016-0015 Cron local privilege escalation


047910
Severity 6.4 · MEDIUM
Attack Vector LOCAL
Scope UNCHANGED
Attack Complexity HIGH
Confidentiality Impact HIGH
Privileges Required HIGH
Integrity Impact HIGH
User Interaction NONE
Availability Impact HIGH
JSON CSAF
Published 2016-07-14
Updated 2016-07-14
Reference 93612, PAN-SA-2016-0015

Description

Palo Alto Networks firewalls use the cron infrastructure to perform household system cleanup at regular intervals. Due to an error in user input normalization, a file locally created by an end user and placed in a specific directory could be executed in a higher privilege context (Ref. 93612).

Because no shell access is available to end-users, exploitation of this issue is unlikely.

This issue affects PAN-OS 5.0.18 and prior; PAN-OS 5.1.11 and prior; PAN-OS 6.0.13 and prior; PAN-OS 6.1.11 and prior; PAN-OS 7.0.6 and prior; PAN-OS 7.1.1 and prior

Product Status

VersionsAffectedUnaffected
PAN-OS 7.1<= 7.1.1>= 7.1.2
PAN-OS 7.0<= 7.0.6>= 7.0.7
PAN-OS 6.1<= 6.1.11>= 6.1.12
PAN-OS 6.0<= 6.0.13>= 6.0.14
PAN-OS 5.1<= 5.1.11>= 5.1.12
PAN-OS 5.0<= 5.0.18>= 5.0.19

Severity: MEDIUM

CVSSv3.1 Base Score: 6.4 (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)

Solution

PAN-OS 5.0.19 and later; PAN-OS 5.1.12 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.12 and later; PAN-OS 7.0.7 and later; PAN-OS 7.1.2 and later

Workarounds and Mitigations

N/A

Acknowledgments

Palo Alto Networks thanks Felix Wilhelm, ERNW Research for discovering and reporting the issue."
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2025 Palo Alto Networks, Inc. All rights reserved.