Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPalo Alto Networks PAN-OS
OSPaloaltonetworks< 6.1.197.0.0 – 7.0.19 (bez)7.1.0 – 7.1.14 (bez)8.0.0 – 8.0.6 (bez)
CISA KEV — detailsi
- Vendori
- Palo Alto Networks ↗
- Producti
- PAN-OS
- Added to KEVi
- August 18, 2022
- Remediation deadline (US Federal)i
- September 8, 2022(overdue)
Apply updates per vendor instructions.
Palo Alto Networks PAN-OS contains multiple, unspecified vulnerabilities which can allow for remote code execution when chained.
Related vulnerabilities
Buffer overflow RCE z uprawnieniami root w PAN-OS Captive Portal
Authentication bypass w PAN-OS umożliwiający przejęcie uprawnień administratora
RCE jako root w GlobalProtect — command injection w PAN-OS
When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider C...
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces tha...