CVE-2012-6595OS Command Injection in Paloaltonetworks Pan-os

CWE-78OS Command Injection4 documents4 sources
Severity
9.0CRITICALNVD
EPSS
0.7%
top 27.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Paloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedAug 31
Latest updateMay 13

Description

The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34595.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages2 packages

NVDpaloaltonetworks/pan-os11 versions+10
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-6p3c-2p8f-4427: The device-management command-line interface in Palo Alto Networks PAN-OS 42022-05-13
CVEList
CVE-2012-6595: The device-management command-line interface in Palo Alto Networks PAN-OS 42013-08-31

📋Vendor Advisories

1
Palo Alto
Command Injection Vulnerability2012-04-27
CVE-2012-6595 — OS Command Injection | cvebase