CVE-2016-3654 — Improper Input Validation in Paloaltonetworks Pan-os

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.5%

top 33.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Paloaltonetworks Pan-os Paloalto Pan-os

Timeline

PublishedApr 12

Latest updateMay 13

Description

The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDpaloaltonetworks/pan-os5.0.0 — 5.0.18+4

▶Palo Altopaloalto/pan-os

🔴Vulnerability Details

GHSA

GHSA-4j2c-2fj7-7484: The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5↗2022-05-13

▶

CVEList

CVE-2016-3654: The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5↗2016-04-12

▶

📋Vendor Advisories

Palo Alto

Command Injection in Command Line Interface↗2016-02-24

▶