VDB

CISA-2023-6792

CISA-2023-6792 PUBLISHED CVSS 5.5 MEDIUM

Reported by palo_alto · Published December 13, 2023

An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Affected Products

VendorProductVersions
Palo Alto NetworksPAN-OS8.1, 9.0, 9.1
Palo Alto NetworksPrisma AccessAll
Palo Alto NetworksCloud NGFWAll
Palo Alto NetworksCloud NGFWAll, All
Palo Alto NetworksPAN-OS9.1, 11.0, 11.1
Palo Alto NetworksPrisma AccessAll, All

Timeline

  • Dec 13, 2023 CVE Published
  • Oct 8, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›