Palo Alto Networks PAN-OS 3.1.10 / 4.x < 4.0.5 Multiple Command Injections
Critical Nessus Plugin ID 72818
SynopsisThe remote host is affected by multiple command injection vulnerabilities.
DescriptionThe remote host is running a version of Palo Alto Networks PAN-OS prior to 3.1.10 / 4.0.5. It is, therefore, affected by multiple command injection vulnerabilities :
- A vulnerability exists that allows an authenticated user to inject arbitrary shell commands via the CLI.
(CVE-2012-6591 / PAN-SA-2012-0002)
- A vulnerability exists that allows an unauthenticated user to inject commands as root on the device.
(CVE-2012-6592 / PAN-SA-2012-0003)
SolutionUpgrade to PAN-OS version 3.1.10 / 4.0.5 or later.