CVE-2021-3050: PAN-OS: OS Command Injection Vulnerability in Web Interface
First published: Wed Aug 11 2021(Updated: )
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 9.0 version 9.0.10 through PAN-OS 9.0.14; PAN-OS 9.1 version 9.1.4 through PAN-OS 9.1.10; PAN-OS 10.0 version 10.0.7 and earlier PAN-OS 10.0 versions; PAN-OS 10.1 version 10.1.0 through PAN-OS 10.1.1. Prisma Access firewalls and firewalls running PAN-OS 8.1 versions are not impacted by this issue.
Credit: psirt@paloaltonetworks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Palo Alto Networks PAN-OS | >=9.0.0<9.0.15 | |
| Palo Alto Networks PAN-OS | >=9.1.0<9.1.11 | |
| Palo Alto Networks PAN-OS | >=10.0.0<10.0.8 | |
| Palo Alto Networks PAN-OS | >=10.1.0<10.1.2 |
Remedy
We intend to fix this issue in PAN-OS 9.0.15 (ETA November 2021), PAN-OS 9.1.11 (ETA September 2021), PAN-OS 10.0.8 (ETA September 2021), PAN-OS 10.1.2 (ETA September 2021) and all later PAN-OS versions.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-3050?
CVE-2021-3050 is an OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface that allows authenticated administrators to execute arbitrary OS commands to escalate privileges.
How does CVE-2021-3050 impact PAN-OS?
CVE-2021-3050 impacts PAN-OS 9.0 version 9.0.10 through PAN-OS 9.0.14, PAN-OS 9.1 version 9.1.4 through PAN-OS 9.1.10, PAN-OS 10.0 version 10.0.0 through PAN-OS 10.0.8, and PAN-OS 10.1 version 10.1.0 through PAN-OS 10.1.2.
What is the severity level of CVE-2021-3050?
CVE-2021-3050 has a severity level of 8.8, which is classified as critical.
How can I fix CVE-2021-3050?
To fix CVE-2021-3050, users should upgrade PAN-OS to the recommended versions: PAN-OS 9.0.15 or later, PAN-OS 9.1.11 or later, PAN-OS 10.0.9 or later, and PAN-OS 10.1.3 or later.
Where can I find more information about CVE-2021-3050?
More information about CVE-2021-3050 can be found at the following reference: https://security.paloaltonetworks.com/CVE-2021-3050
- agent/weakness
- agent/type
- agent/softwarecombine
- agent/severity
- agent/author
- agent/references
- agent/remedy
- agent/title
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/paloaltonetworks
- canonical/palo alto networks pan-os
- version/palo alto networks pan-os/9.0.0
- version/palo alto networks pan-os/9.1.0
- version/palo alto networks pan-os/10.0.0
- version/palo alto networks pan-os/10.1.0