Palo Alto Networks PAN-OS
Moderate fix4 remedies
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*
Moderate fix4 remedies
- >= 11.2.0, <= 11.2.5
- >= 11.1.0, <= 11.1.9
- >= 10.2.0, <= 10.2.13
- >= 10.1.0, <= 10.1.14
Palo Alto Networks PAN-OS Command Injection Vulnerability for Authenticated Administrators
Vulnerability
Patched
A command injection vulnerability exists in Palo Alto Networks PAN-OS software, allowing authenticated administrators with CLI access to bypass system restrictions and execute arbitrary commands as the root user. This vulnerability is not present in Cloud NGFW or Prisma Access. The risk is lower when CLI access is limited to a small group of administrators.
Impact
Exploitation of this vulnerability allows for command injection, with executed commands running as the root user.
Remediation
Administrators can upgrade to PAN-OS 11.2.6 or later, 11.1.10 or later, 10.2.14 or later, or 10.1.14-h15 or later, depending on their current version. Those on older, unsupported PAN-OS versions should upgrade to a supported fixed version.
Added: Jun 13, 2025, 12:18 AM
Updated: Jun 13, 2025, 12:18 AM
Vulnerability Rating
Custom Algorithm
spread
5.7impact
7.5exploitability
3.0remediation
7.7relevance
0.2threat
0.0urgency
5.7incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.