CVE-2023-6792

Description

An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Affected products

Palo Alto Networks / Cloud NGFWAll – All
Palo Alto Networks / pan-os9.0 – 9.0.17
Palo Alto Networks / pan-os9.1 – 9.1.15
Palo Alto Networks / pan-os10.0 – 10.0.12
Palo Alto Networks / pan-os10.1 – 10.1.6
Palo Alto Networks / pan-os8.1 – 8.1.24
Palo Alto Networks / pan-os11.0 – All
Palo Alto Networks / pan-os11.1 – All
Palo Alto Networks / pan-os10.2 – All
Palo Alto Networks / Prisma AccessAll – All

References

MISChttps://security.paloaltonetworks.com/CVE-2023-6792