First published: Wed Nov 10 2021(Updated: )
An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers that have Prisma Access 2.1 firewalls are impacted by this issue.
Credit: psirt@paloaltonetworks.com
Affected Software | Affected Version | How to fix |
---|---|---|
Paloaltonetworks Prisma Access | =2.1 | |
Paloaltonetworks Prisma Access | =2.1 | |
Paloaltonetworks Pan-os | >=8.1.0<=8.1.20 | |
Paloaltonetworks Pan-os | >=9.0.0<=9.0.14 | |
Paloaltonetworks Pan-os | >=9.1.0<=9.1.11 | |
Paloaltonetworks Pan-os | >=10.0.0<10.0.8 | |
Paloaltonetworks Pan-os | >=10.1.0<10.1.3 |
This issue is fixed in PAN-OS 8.1.20-h1, PAN-OS 9.0.14-h3, PAN-OS 9.1.11-h2, PAN-OS 10.0.8, PAN-OS 10.1.3, and all later PAN-OS versions. This issue is fixed in Prisma Access 2.2 Preferred and all later Prisma Access versions.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-3061 is an OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) that allows an authenticated administrator to execute arbitrary OS commands and escalate privileges.
CVE-2021-3061 has a severity score of 7.2 out of 10, which is considered critical.
CVE-2021-3061 affects PAN-OS versions earlier than 8.1.20-h1, 9.0.x versions, 9.1.x versions, 10.0.x versions, and 10.1.x versions.
To fix CVE-2021-3061, Palo Alto Networks recommends upgrading to PAN-OS version 8.1.20-h1 or later, 9.0.15 or later, 9.1.12 or later, 10.0.9 or later, or 10.1.4 or later.
You can find more information about CVE-2021-3061 on the Palo Alto Networks Security Advisories page: https://security.paloaltonetworks.com/CVE-2021-3061