CVE-2017-15940Command Injection in Paloaltonetworks Pan-os

CWE-77Command Injection4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
6.1%
top 9.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Paloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedDec 11
Latest updateMay 13

Description

The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDpaloaltonetworks/pan-os7.0.07.0.19+3
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-8r9h-33x8-xjgw: The web interface packet capture management component in Palo Alto Networks PAN-OS before 62022-05-13
CVEList
CVE-2017-15940: The web interface packet capture management component in Palo Alto Networks PAN-OS before 62017-12-11

📋Vendor Advisories

1
Palo Alto
Command Injection in PAN-OS2017-12-06
CVE-2017-15940 — Command Injection in Paloaltonetworks | cvebase