Description
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
High
User Interaction
None
Confidentiality (Vulnerable System)
None
Integrity (Vulnerable System)
High
Availability (Vulnerable System)
None
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
AU
None
R
Unchanged
V
Changed
RE
High
U
Red
Affected products
- Palo Alto Networks / Cloud NGFWAll – All
- Palo Alto Networks / pan-os11.2.0 – 11.2.4-h1
- Palo Alto Networks / pan-os11.1.0 – 11.1.5-h1
- Palo Alto Networks / pan-os11.0.0 – 11.0.6-h1
- Palo Alto Networks / pan-os10.2.0 – 10.2.12-h2
- Palo Alto Networks / pan-os10.1.0 – 10.1.14-h6
- Palo Alto Networks / Prisma AccessAll – All
Exploits & proofs of concept
- nucleiPAN-OS Management Web Interface - Command Injectionby watchTowr,iamnoooob,rootxharsh,pdresearch