CVE-2016-3655Improper Input Validation in Paloaltonetworks Pan-os

CWE-20Improper Input ValidationCWE-78OS Command Injection4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
1.3%
top 20.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Paloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedApr 12
Latest updateMay 13

Description

The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDpaloaltonetworks/pan-os5.0.05.0.18+4
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-4chq-8rg2-9c6v: The management web interface in Palo Alto Networks PAN-OS before 52022-05-13
CVEList
CVE-2016-3655: The management web interface in Palo Alto Networks PAN-OS before 52016-04-12

📋Vendor Advisories

1
Palo Alto
Unauthenticated Command Injection in Management Web Interface2016-02-24
CVE-2016-3655 — Improper Input Validation | cvebase