CVE-2021-3060

PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP)

Severity Score

8.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers with Prisma Access 2.1 Preferred and Prisma Access 2.1 Innovation firewalls are impacted by this issue.

Una vulnerabilidad de inyección de comandos del sistema operativo en la función Simple Certificate Enrollment Protocol (SCEP) del software PAN-OS permite a un atacante no autenticado basado en la red con conocimientos específicos de la configuración del firewalls ejecutar código arbitrario con privilegios de usuario root. El atacante debe tener acceso de red a las interfaces de GlobalProtect para explotar este problema. Este problema afecta a: PAN-OS versiones 8.1 anteriores a PAN-OS 8.1.20-h1; PAN-OS versiones 9.0 anteriores a PAN-OS 9.0.14-h3; PAN-OS versiones 9.1 anteriores a PAN-OS 9.1.11-h2; PAN-OS versiones 10.0 anteriores a PAN-OS 10.0.8; PAN-OS versiones 10.1 anteriores a PAN-OS 10.1.3. Los clientes de Prisma Access con firewalls Prisma Access versión 2.1 Preferred y Prisma Access versión 2.1 Innovation están afectados por este problema

*Credits: Palo Alto Networks thanks CJ, an external security researcher, for discovering and reporting this issue.

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-06 CVE Reserved
2021-11-10 CVE Published
2023-10-05 First Exploit
2024-07-26 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC
https://github.com/anmolksachan/CVE-2021-3060	2023-10-05

URL	Date	SRC

URL	Date	SRC
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/certificate-management/configure-the-master-key.html	2021-11-15
https://docs.paloaltonetworks.com/prisma/prisma-access/innovation/2-1/prisma-access-panorama-admin/prepare-the-prisma-access-infrastructure/get-started-with-prisma-access-overview.html	2021-11-15
https://security.paloaltonetworks.com/CVE-2021-3060	2021-11-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Paloaltonetworks Search vendor "Paloaltonetworks"		Prisma Access Search vendor "Paloaltonetworks" for product "Prisma Access"				2.1 Search vendor "Paloaltonetworks" for product "Prisma Access" and version "2.1"		innovation		Affected
Paloaltonetworks Search vendor "Paloaltonetworks"		Prisma Access Search vendor "Paloaltonetworks" for product "Prisma Access"				2.1 Search vendor "Paloaltonetworks" for product "Prisma Access" and version "2.1"		preferred		Affected
Paloaltonetworks Search vendor "Paloaltonetworks"		Pan-os Search vendor "Paloaltonetworks" for product "Pan-os"				>= 8.1.0 <= 8.1.20 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 8.1.0 <= 8.1.20"		-		Affected
Paloaltonetworks Search vendor "Paloaltonetworks"		Pan-os Search vendor "Paloaltonetworks" for product "Pan-os"				>= 9.0.0 <= 9.0.14 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.0.0 <= 9.0.14"		-		Affected
Paloaltonetworks Search vendor "Paloaltonetworks"		Pan-os Search vendor "Paloaltonetworks" for product "Pan-os"				>= 9.1.0 <= 9.1.11 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.1.0 <= 9.1.11"		-		Affected
Paloaltonetworks Search vendor "Paloaltonetworks"		Pan-os Search vendor "Paloaltonetworks" for product "Pan-os"				>= 10.0.0 < 10.0.8 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 10.0.0 < 10.0.8"		-		Affected
Paloaltonetworks Search vendor "Paloaltonetworks"		Pan-os Search vendor "Paloaltonetworks" for product "Pan-os"				>= 10.1.0 < 10.1.3 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 10.1.0 < 10.1.3"		-		Affected