Page 6 of 92 results (0.015 seconds)

CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0

An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers that have Prisma Access 2.1 firewalls are impacted by this issue. Una vulnerabilidad de inyección de comandos del sistema operativo en la interfaz de línea de comandos (CLI) de PAN-OS de Palo Alto Networks permite que un administrador autenticado con acceso a la CLI ejecute comandos arbitrarios del sistema operativo para aumentar sus privilegios. Este problema afecta a: PAN-OS versiones 8.1 anteriores a PAN-OS 8.1.20-h1; PAN-OS versiones 9.0 anteriores a PAN-OS 9.0.14-h3; PAN-OS versiones 9.1 anteriores a PAN-OS 9.1.11-h2; PAN-OS versiones 10.0 anteriores a PAN-OS 10.0.8; PAN-OS versiones 10.1 anteriores a PAN-OS 10.1.3. • https://security.paloaltonetworks.com/CVE-2021-3061 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 1

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers with Prisma Access 2.1 Preferred and Prisma Access 2.1 Innovation firewalls are impacted by this issue. Una vulnerabilidad de inyección de comandos del sistema operativo en la función Simple Certificate Enrollment Protocol (SCEP) del software PAN-OS permite a un atacante no autenticado basado en la red con conocimientos específicos de la configuración del firewalls ejecutar código arbitrario con privilegios de usuario root. • https://github.com/anmolksachan/CVE-2021-3060 https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/certificate-management/configure-the-master-key.html https://docs.paloaltonetworks.com/prisma/prisma-access/innovation/2-1/prisma-access-panorama-admin/prepare-the-prisma-access-infrastructure/get-started-with-prisma-access-overview.html https://security.paloaltonetworks.com/CVE-2021-3060 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0

An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers that have Prisma Access 2.1 Preferred or Prisma Access 2.1 Innovation firewalls are impacted by this issue. Se presenta una vulnerabilidad de inyección de comandos del sistema operativo en la interfaz de administración de PAN-OS de Palo Alto Networks cuando se llevan a cabo actualizaciones dinámicas. • https://security.paloaltonetworks.com/CVE-2021-3059 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0

An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. This issue does not impact Prisma Access firewalls. Una vulnerabilidad de inyección de comandos del sistema operativo en la interfaz web de Palo Alto Networks PAN-OS permite a un administrador autenticado con permisos para usar la API XML la capacidad de ejecutar comandos arbitrarios del sistema operativo para escalar privilegios. Este problema afecta a: PAN-OS versiones 8.1 anteriores a PAN-OS 8.1.20-h1; PAN-OS versiones 9.0 anteriores a PAN-OS 9.0.14-h3; PAN-OS versiones 9.1 anteriores a PAN-OS 9.1.11-h2; PAN-OS versiones 10.0 anteriores a PAN-OS 10.0.8; PAN-OS versiones 10.1 anteriores a PAN-OS 10.1.3. • https://security.paloaltonetworks.com/CVE-2021-3058 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. Prisma Access customers with Prisma Access 2.1 Preferred firewalls are impacted by this issue. Una vulnerabilidad de corrupción de memoria en Palo Alto Networks PAN-OS GlobalProtect Clientless VPN permite a un atacante autenticado ejecutar código arbitrario con privilegios de usuario root durante la autenticación SAML. Este problema afecta a: PAN-OS versiones 8.1 anteriores a PAN-OS 8.1.20; PAN-OS versiones 9.0 anteriores a PAN-OS 9.0.14; PAN-OS versiones 9.1 anteriores a PAN-OS 9.1.9; PAN-OS versiones 10.0 anteriores a PAN-OS 10.0.1. • https://security.paloaltonetworks.com/CVE-2021-3056 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •