Palo Alto Networks PAN-OS
Easy fix20 remedies
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*
Easy fix20 remedies
- >= 12.1.0, < 12.1.7
- >= 11.2.7, < 11.2.7-h13
- >= 11.1.0, < 11.1.15
- >= 10.2.10, < 10.2.10-h36
Palo Alto Networks PAN-OS Command Injection Vulnerability Allowing Root Access for Authenticated Administrators
Vulnerability
Patched
Multiple command injection vulnerabilities have been identified in Palo Alto Networks PAN-OS software. These vulnerabilities allow an authenticated administrator to bypass system restrictions and execute arbitrary commands as a root user. The issues are present in PAN-OS versions 10.2, 11.1, 11.2, and 12.1, affecting PA-Series and VM-Series firewalls, as well as Panorama. However, Cloud NGFW and Prisma Access are not impacted. Exploitation requires access to the PAN-OS CLI or Web UI, and the risk is heightened when management interface access is allowed from external IP addresses.
Impact
Exploitation of these vulnerabilities could lead to unauthorized command execution with root privileges, allowing for significant system manipulation or control.
Remediation
Users can upgrade to the latest versions of PAN-OS 10.2, 11.1, 11.2, or 12.1. For specific upgrade instructions, refer to the Palo Alto Networks official documentation. Additionally, it's recommended to secure management interface access according to best practice guidelines, restricting access to trusted internal IP addresses.
Added: May 13, 2026, 7:36 PM
Updated: May 13, 2026, 7:36 PM
Vulnerability Rating
Custom Algorithm
spread
5.7impact
7.5exploitability
3.0remediation
8.3relevance
8.2threat
0.0urgency
5.7incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.