CVE-2012-6594 — OS Command Injection in Paloaltonetworks Pan-os

CWE-78 — OS Command Injection4 documents4 sources

Severity

9.0CRITICALNVD

EPSS

0.9%

top 24.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Paloaltonetworks Pan-os Paloalto Pan-os

Timeline

PublishedAug 31

Latest updateMay 13

Description

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x before 4.0.8, and 4.1.x before 4.1.1 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34299.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages2 packages

▶NVDpaloaltonetworks/pan-os3.1.10+10

▶Palo Altopaloalto/pan-os

🔴Vulnerability Details

GHSA

GHSA-82x3-75p8-9xmg: The device-management command-line interface in Palo Alto Networks PAN-OS before 3↗2022-05-13

▶

CVEList

CVE-2012-6594: The device-management command-line interface in Palo Alto Networks PAN-OS before 3↗2013-08-31

▶

📋Vendor Advisories

Palo Alto

Command Injection Vulnerability↗2012-04-27

▶