CVE-2016-1712Improper Input Validation in Paloaltonetworks Pan-os

CWE-20Improper Input ValidationCWE-2644 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 85.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Paloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedAug 2
Latest updateMay 13

Description

Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDpaloaltonetworks/pan-os5.0.05.0.19+4
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-jpx6-p7fw-5482: Palo Alto Networks PAN-OS before 52022-05-13
CVEList
CVE-2016-1712: Palo Alto Networks PAN-OS before 52016-08-02

📋Vendor Advisories

1
Palo Alto
Local privilege escalation2016-07-13
CVE-2016-1712 — Improper Input Validation | cvebase