CVE-2016-3654
published 2016-04-12CVE-2016-3654: The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10…
PriorityP348high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
EPSS
2.58%
83.3th percentile
The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | >= 5.0.0 < 5.0.18 | 5.0.18 |
| paloaltonetworks | pan-os | >= 5.1 < 5.1.11 | 5.1.11 |
| paloaltonetworks | pan-os | >= 6.0.0 < 6.0.13 | 6.0.13 |
| paloaltonetworks | pan-os | >= 6.1.0 < 6.1.10 | 6.1.10 |
| paloaltonetworks | pan-os | 7.0.0 – 7.0.5 | — |
CVSS provenance
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
Command Injection in Command Line Interface
vendor_paloalto·2016-02-24·CVSS 7.2
CVE-2016-3654 [HIGH] CWE-20 Command Injection in Command Line Interface
Command Injection in Command Line Interface
Palo Alto Networks firewalls implement a command line interface for interactive configuration through a serial interface or a remote SSH session. An issue was identified that can cause incorrect parsing of a specific SSH command parameter, leading to arbitrary command execution on the OS level. This vulnerability requires successful authentication but can be used to execute OS commands with root privileges if the logged on user has administrative privileges. (Ref #89706) (CVE-2016-3654)
This vulnerability is exploitable only by authenticated administrators that are granted access to the device management CLI.
This issue affects PAN-OS releases 5.0.17 and prior; 5.1.10 and prior; 6.0.12 and prior; 6.1.9 and prior; 7.0.5 and prior
Affected produc
GHSA
GHSA-4j2c-2fj7-7484: The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5
ghsa_unreviewed·2022-05-13
CVE-2016-3654 [HIGH] CWE-20 GHSA-4j2c-2fj7-7484: The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5
The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-04-12
Published