VDB
CISA-2023-6792
CISA-2023-6792
PUBLISHED
CVSS 5.5 MEDIUM
Reported by palo_alto · Published December 13, 2023
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Palo Alto Networks | PAN-OS | 8.1, 9.0, 9.1 |
| Palo Alto Networks | Prisma Access | All |
| Palo Alto Networks | Cloud NGFW | All |
| Palo Alto Networks | Cloud NGFW | All, All |
| Palo Alto Networks | PAN-OS | 9.1, 11.0, 11.1 |
| Palo Alto Networks | Prisma Access | All, All |
Timeline
- Dec 13, 2023 CVE Published
- Oct 8, 2024 CVE Updated