Palo Alto Networks PAN-OS < 3.1.10 / 4.x < 4.0.4 Multiple Command Injections
Critical Nessus Plugin ID 72819
SynopsisThe remote host is affected by multiple command injection vulnerabilities.
DescriptionThe remote host is running a version of Palo Alto Networks PAN-OS prior to 3.1.10 / 4.0.4. It is, therefore, affected by multiple command injection vulnerabilities :
- A vulnerability exists that allows an unauthenticated user to inject commands as root on the device.
(CVE-2012-6593 / PAN-SA-2012-0004)
- A vulnerability exists that allows an authenticated user to inject arbitrary shell commands via the CLI.
(CVE-2012-6602 / PAN-SA-2012-0013)
SolutionUpgrade to PAN-OS version 3.1.10 / 4.0.4 or later.