cvelistv5 - CVE-2021-3045

CVE-2021-3045 (GCVE-0-2021-3045)

Vulnerability from cvelistv5

Published

2021-08-11 17:10

Modified

2024-09-16 23:35

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-88 - Argument Injection or Modification

Summary

An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10. PAN-OS 10.0 and later versions are not impacted.

References

URL

Tags

	psirt@paloaltonetworks.com	https://security.paloaltonetworks.com/CVE-2021-3045	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://security.paloaltonetworks.com/CVE-2021-3045	Vendor Advisory

Impacted products

	Vendor	Product	Version
	Palo Alto Networks	PAN-OS	Version: 8.1 < 8.1.19 Version: 9.0 < 9.0.14 Version: 9.1 < 9.1.10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:45:51.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2021-3045"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "10.0.*"
            },
            {
              "status": "unaffected",
              "version": "10.1.*"
            },
            {
              "changes": [
                {
                  "at": "8.1.19",
                  "status": "unaffected"
                }
              ],
              "lessThan": "8.1.19",
              "status": "affected",
              "version": "8.1",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "9.0.14",
                  "status": "unaffected"
                }
              ],
              "lessThan": "9.0.14",
              "status": "affected",
              "version": "9.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "9.1.10",
                  "status": "unaffected"
                }
              ],
              "lessThan": "9.1.10",
              "status": "affected",
              "version": "9.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks thanks Brandon Vincent for discovering and reporting this issue."
        }
      ],
      "datePublic": "2021-08-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10. PAN-OS 10.0 and later versions are not impacted."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-88",
              "description": "CWE-88 Argument Injection or Modification",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-11T17:10:14",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2021-3045"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in PAN-OS 8.1.19, PAN-OS 9.0.14, PAN-OS 9.1.10, and all later PAN-OS versions."
        }
      ],
      "source": {
        "defect": [
          "PAN-147781"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2021-08-11T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "PAN-OS: OS Command Argument Injection in Web Interface",
      "workarounds": [
        {
          "lang": "en",
          "value": "This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2021-08-11T16:00:00.000Z",
          "ID": "CVE-2021-3045",
          "STATE": "PUBLIC",
          "TITLE": "PAN-OS: OS Command Argument Injection in Web Interface"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PAN-OS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "8.1",
                            "version_value": "8.1.19"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "9.0",
                            "version_value": "9.0.14"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "9.1",
                            "version_value": "9.1.10"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "8.1",
                            "version_value": "8.1.19"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "9.0",
                            "version_value": "9.0.14"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "9.1",
                            "version_value": "9.1.10"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "10.0",
                            "version_value": "10.0.*"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "10.1",
                            "version_value": "10.1.*"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Brandon Vincent for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10. PAN-OS 10.0 and later versions are not impacted."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-88 Argument Injection or Modification"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2021-3045",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2021-3045"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in PAN-OS 8.1.19, PAN-OS 9.0.14, PAN-OS 9.1.10, and all later PAN-OS versions."
          }
        ],
        "source": {
          "defect": [
            "PAN-147781"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2021-08-11T00:00:00",
            "value": "Initial publication"
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices."
          }
        ],
        "x_advisoryEoL": false,
        "x_affectedList": [
          "PAN-OS 9.1.9",
          "PAN-OS 9.1.8",
          "PAN-OS 9.1.7",
          "PAN-OS 9.1.6",
          "PAN-OS 9.1.5",
          "PAN-OS 9.1.4",
          "PAN-OS 9.1.3-h1",
          "PAN-OS 9.1.3",
          "PAN-OS 9.1.2-h1",
          "PAN-OS 9.1.2",
          "PAN-OS 9.1.1",
          "PAN-OS 9.1.0-h3",
          "PAN-OS 9.1.0-h2",
          "PAN-OS 9.1.0-h1",
          "PAN-OS 9.1.0",
          "PAN-OS 9.1",
          "PAN-OS 9.0.13",
          "PAN-OS 9.0.12",
          "PAN-OS 9.0.11",
          "PAN-OS 9.0.10",
          "PAN-OS 9.0.9-h1",
          "PAN-OS 9.0.9",
          "PAN-OS 9.0.8",
          "PAN-OS 9.0.7",
          "PAN-OS 9.0.6",
          "PAN-OS 9.0.5",
          "PAN-OS 9.0.4",
          "PAN-OS 9.0.3-h3",
          "PAN-OS 9.0.3-h2",
          "PAN-OS 9.0.3-h1",
          "PAN-OS 9.0.3",
          "PAN-OS 9.0.2-h4",
          "PAN-OS 9.0.2-h3",
          "PAN-OS 9.0.2-h2",
          "PAN-OS 9.0.2-h1",
          "PAN-OS 9.0.2",
          "PAN-OS 9.0.1",
          "PAN-OS 9.0.0",
          "PAN-OS 9.0",
          "PAN-OS 8.1.18",
          "PAN-OS 8.1.17",
          "PAN-OS 8.1.16",
          "PAN-OS 8.1.15-h3",
          "PAN-OS 8.1.15-h2",
          "PAN-OS 8.1.15-h1",
          "PAN-OS 8.1.15",
          "PAN-OS 8.1.14-h2",
          "PAN-OS 8.1.14-h1",
          "PAN-OS 8.1.14",
          "PAN-OS 8.1.13",
          "PAN-OS 8.1.12",
          "PAN-OS 8.1.11",
          "PAN-OS 8.1.10",
          "PAN-OS 8.1.9-h4",
          "PAN-OS 8.1.9-h3",
          "PAN-OS 8.1.9-h2",
          "PAN-OS 8.1.9-h1",
          "PAN-OS 8.1.9",
          "PAN-OS 8.1.8-h5",
          "PAN-OS 8.1.8-h4",
          "PAN-OS 8.1.8-h3",
          "PAN-OS 8.1.8-h2",
          "PAN-OS 8.1.8-h1",
          "PAN-OS 8.1.8",
          "PAN-OS 8.1.7",
          "PAN-OS 8.1.6-h2",
          "PAN-OS 8.1.6-h1",
          "PAN-OS 8.1.6",
          "PAN-OS 8.1.5",
          "PAN-OS 8.1.4",
          "PAN-OS 8.1.3",
          "PAN-OS 8.1.2",
          "PAN-OS 8.1.1",
          "PAN-OS 8.1.0",
          "PAN-OS 8.1"
        ],
        "x_likelyAffectedList": [
          "PAN-OS 8.0.20",
          "PAN-OS 8.0.19-h1",
          "PAN-OS 8.0.19",
          "PAN-OS 8.0.18",
          "PAN-OS 8.0.17",
          "PAN-OS 8.0.16",
          "PAN-OS 8.0.15",
          "PAN-OS 8.0.14",
          "PAN-OS 8.0.13",
          "PAN-OS 8.0.12",
          "PAN-OS 8.0.11-h1",
          "PAN-OS 8.0.10",
          "PAN-OS 8.0.9",
          "PAN-OS 8.0.8",
          "PAN-OS 8.0.7",
          "PAN-OS 8.0.6-h3",
          "PAN-OS 8.0.6-h2",
          "PAN-OS 8.0.6-h1",
          "PAN-OS 8.0.6",
          "PAN-OS 8.0.5",
          "PAN-OS 8.0.4",
          "PAN-OS 8.0.3-h4",
          "PAN-OS 8.0.3-h3",
          "PAN-OS 8.0.3-h2",
          "PAN-OS 8.0.3-h1",
          "PAN-OS 8.0.3",
          "PAN-OS 8.0.2",
          "PAN-OS 8.0.1",
          "PAN-OS 8.0.0",
          "PAN-OS 8.0",
          "PAN-OS 7.1.26",
          "PAN-OS 7.1.25",
          "PAN-OS 7.1.24-h1",
          "PAN-OS 7.1.24",
          "PAN-OS 7.1.23",
          "PAN-OS 7.1.22",
          "PAN-OS 7.1.21",
          "PAN-OS 7.1.20",
          "PAN-OS 7.1.19",
          "PAN-OS 7.1.18",
          "PAN-OS 7.1.17",
          "PAN-OS 7.1.16",
          "PAN-OS 7.1.15",
          "PAN-OS 7.1.14",
          "PAN-OS 7.1.13",
          "PAN-OS 7.1.12",
          "PAN-OS 7.1.11",
          "PAN-OS 7.1.10",
          "PAN-OS 7.1.9-h4",
          "PAN-OS 7.1.9-h3",
          "PAN-OS 7.1.9-h2",
          "PAN-OS 7.1.9-h1",
          "PAN-OS 7.1.9",
          "PAN-OS 7.1.8",
          "PAN-OS 7.1.7",
          "PAN-OS 7.1.6",
          "PAN-OS 7.1.5",
          "PAN-OS 7.1.4-h2",
          "PAN-OS 7.1.4-h1",
          "PAN-OS 7.1.4",
          "PAN-OS 7.1.3",
          "PAN-OS 7.1.2",
          "PAN-OS 7.1.1",
          "PAN-OS 7.1.0",
          "PAN-OS 7.1"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2021-3045",
    "datePublished": "2021-08-11T17:10:14.663259Z",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-09-16T23:35:37.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-3045\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2021-08-11T17:15:07.377\",\"lastModified\":\"2024-11-21T06:20:50.137\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10. PAN-OS 10.0 and later versions are not impacted.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de inyecci\u00f3n de argumentos de comandos del Sistema Operativo en la interfaz web de PAN-OS de Palo Alto Networks, permite a un administrador autenticado leer cualquier archivo arbitrario del sistema de archivos. Este problema afecta a: PAN-OS versiones 8.1 anteriores a PAN-OS 8.1.19; PAN-OS versiones 9.0 anteriores a PAN-OS 9.0.14; PAN-OS versiones 9.1 anteriores a PAN-OS 9.1.10. PAN-OS versiones 10.0 y posteriores no est\u00e1n afectadas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-88\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-88\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndExcluding\":\"8.1.19\",\"matchCriteriaId\":\"186F919F-1EF1-4190-9852-2D64CF508E87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.14\",\"matchCriteriaId\":\"E9EE274A-3AF1-4204-B43D-1EA54C6442CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.1.0\",\"versionEndExcluding\":\"9.1.10\",\"matchCriteriaId\":\"6EED4206-00CC-449A-9681-612EC258CCEF\"}]}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/CVE-2021-3045\",\"source\":\"psirt@paloaltonetworks.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.paloaltonetworks.com/CVE-2021-3045\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

fkie_cve-2021-3045

Vulnerability from fkie_nvd

Published

2021-08-11 17:15

Modified

2024-11-21 06:20

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	psirt@paloaltonetworks.com	https://security.paloaltonetworks.com/CVE-2021-3045	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://security.paloaltonetworks.com/CVE-2021-3045	Vendor Advisory

Impacted products

Vendor	Product	Version
paloaltonetworks	pan-os	*
paloaltonetworks	pan-os	*
paloaltonetworks	pan-os	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "186F919F-1EF1-4190-9852-2D64CF508E87",
              "versionEndExcluding": "8.1.19",
              "versionStartIncluding": "8.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9EE274A-3AF1-4204-B43D-1EA54C6442CC",
              "versionEndExcluding": "9.0.14",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EED4206-00CC-449A-9681-612EC258CCEF",
              "versionEndExcluding": "9.1.10",
              "versionStartIncluding": "9.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10. PAN-OS 10.0 and later versions are not impacted."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de inyecci\u00f3n de argumentos de comandos del Sistema Operativo en la interfaz web de PAN-OS de Palo Alto Networks, permite a un administrador autenticado leer cualquier archivo arbitrario del sistema de archivos. Este problema afecta a: PAN-OS versiones 8.1 anteriores a PAN-OS 8.1.19; PAN-OS versiones 9.0 anteriores a PAN-OS 9.0.14; PAN-OS versiones 9.1 anteriores a PAN-OS 9.1.10. PAN-OS versiones 10.0 y posteriores no est\u00e1n afectadas"
    }
  ],
  "id": "CVE-2021-3045",
  "lastModified": "2024-11-21T06:20:50.137",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "psirt@paloaltonetworks.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-11T17:15:07.377",
  "references": [
    {
      "source": "psirt@paloaltonetworks.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2021-3045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2021-3045"
    }
  ],
  "sourceIdentifier": "psirt@paloaltonetworks.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-88"
        }
      ],
      "source": "psirt@paloaltonetworks.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-88"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2021-3045

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2021-3045

Aliases

CVE-2021-3045

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-3045",
    "description": "An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10. PAN-OS 10.0 and later versions are not impacted.",
    "id": "GSD-2021-3045"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-3045"
      ],
      "details": "An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10. PAN-OS 10.0 and later versions are not impacted.",
      "id": "GSD-2021-3045",
      "modified": "2023-12-13T01:23:34.297499Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@paloaltonetworks.com",
        "DATE_PUBLIC": "2021-08-11T16:00:00.000Z",
        "ID": "CVE-2021-3045",
        "STATE": "PUBLIC",
        "TITLE": "PAN-OS: OS Command Argument Injection in Web Interface"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "PAN-OS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "8.1",
                          "version_value": "8.1.19"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "9.0",
                          "version_value": "9.0.14"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "9.1",
                          "version_value": "9.1.10"
                        },
                        {
                          "version_affected": "!\u003e=",
                          "version_name": "8.1",
                          "version_value": "8.1.19"
                        },
                        {
                          "version_affected": "!\u003e=",
                          "version_name": "9.0",
                          "version_value": "9.0.14"
                        },
                        {
                          "version_affected": "!\u003e=",
                          "version_name": "9.1",
                          "version_value": "9.1.10"
                        },
                        {
                          "version_affected": "!",
                          "version_name": "10.0",
                          "version_value": "10.0.*"
                        },
                        {
                          "version_affected": "!",
                          "version_name": "10.1",
                          "version_value": "10.1.*"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Palo Alto Networks"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Palo Alto Networks thanks Brandon Vincent for discovering and reporting this issue."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10. PAN-OS 10.0 and later versions are not impacted."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-88 Argument Injection or Modification"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://security.paloaltonetworks.com/CVE-2021-3045",
            "refsource": "MISC",
            "url": "https://security.paloaltonetworks.com/CVE-2021-3045"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "This issue is fixed in PAN-OS 8.1.19, PAN-OS 9.0.14, PAN-OS 9.1.10, and all later PAN-OS versions."
        }
      ],
      "source": {
        "defect": [
          "PAN-147781"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "eng",
          "time": "2021-08-11T16:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "work_around": [
        {
          "lang": "eng",
          "value": "This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices."
        }
      ],
      "x_advisoryEoL": false,
      "x_affectedList": [
        "PAN-OS 9.1.9",
        "PAN-OS 9.1.8",
        "PAN-OS 9.1.7",
        "PAN-OS 9.1.6",
        "PAN-OS 9.1.5",
        "PAN-OS 9.1.4",
        "PAN-OS 9.1.3-h1",
        "PAN-OS 9.1.3",
        "PAN-OS 9.1.2-h1",
        "PAN-OS 9.1.2",
        "PAN-OS 9.1.1",
        "PAN-OS 9.1.0-h3",
        "PAN-OS 9.1.0-h2",
        "PAN-OS 9.1.0-h1",
        "PAN-OS 9.1.0",
        "PAN-OS 9.1",
        "PAN-OS 9.0.13",
        "PAN-OS 9.0.12",
        "PAN-OS 9.0.11",
        "PAN-OS 9.0.10",
        "PAN-OS 9.0.9-h1",
        "PAN-OS 9.0.9",
        "PAN-OS 9.0.8",
        "PAN-OS 9.0.7",
        "PAN-OS 9.0.6",
        "PAN-OS 9.0.5",
        "PAN-OS 9.0.4",
        "PAN-OS 9.0.3-h3",
        "PAN-OS 9.0.3-h2",
        "PAN-OS 9.0.3-h1",
        "PAN-OS 9.0.3",
        "PAN-OS 9.0.2-h4",
        "PAN-OS 9.0.2-h3",
        "PAN-OS 9.0.2-h2",
        "PAN-OS 9.0.2-h1",
        "PAN-OS 9.0.2",
        "PAN-OS 9.0.1",
        "PAN-OS 9.0.0",
        "PAN-OS 9.0",
        "PAN-OS 8.1.18",
        "PAN-OS 8.1.17",
        "PAN-OS 8.1.16",
        "PAN-OS 8.1.15-h3",
        "PAN-OS 8.1.15-h2",
        "PAN-OS 8.1.15-h1",
        "PAN-OS 8.1.15",
        "PAN-OS 8.1.14-h2",
        "PAN-OS 8.1.14-h1",
        "PAN-OS 8.1.14",
        "PAN-OS 8.1.13",
        "PAN-OS 8.1.12",
        "PAN-OS 8.1.11",
        "PAN-OS 8.1.10",
        "PAN-OS 8.1.9-h4",
        "PAN-OS 8.1.9-h3",
        "PAN-OS 8.1.9-h2",
        "PAN-OS 8.1.9-h1",
        "PAN-OS 8.1.9",
        "PAN-OS 8.1.8-h5",
        "PAN-OS 8.1.8-h4",
        "PAN-OS 8.1.8-h3",
        "PAN-OS 8.1.8-h2",
        "PAN-OS 8.1.8-h1",
        "PAN-OS 8.1.8",
        "PAN-OS 8.1.7",
        "PAN-OS 8.1.6-h2",
        "PAN-OS 8.1.6-h1",
        "PAN-OS 8.1.6",
        "PAN-OS 8.1.5",
        "PAN-OS 8.1.4",
        "PAN-OS 8.1.3",
        "PAN-OS 8.1.2",
        "PAN-OS 8.1.1",
        "PAN-OS 8.1.0",
        "PAN-OS 8.1"
      ],
      "x_likelyAffectedList": [
        "PAN-OS 8.0.20",
        "PAN-OS 8.0.19-h1",
        "PAN-OS 8.0.19",
        "PAN-OS 8.0.18",
        "PAN-OS 8.0.17",
        "PAN-OS 8.0.16",
        "PAN-OS 8.0.15",
        "PAN-OS 8.0.14",
        "PAN-OS 8.0.13",
        "PAN-OS 8.0.12",
        "PAN-OS 8.0.11-h1",
        "PAN-OS 8.0.10",
        "PAN-OS 8.0.9",
        "PAN-OS 8.0.8",
        "PAN-OS 8.0.7",
        "PAN-OS 8.0.6-h3",
        "PAN-OS 8.0.6-h2",
        "PAN-OS 8.0.6-h1",
        "PAN-OS 8.0.6",
        "PAN-OS 8.0.5",
        "PAN-OS 8.0.4",
        "PAN-OS 8.0.3-h4",
        "PAN-OS 8.0.3-h3",
        "PAN-OS 8.0.3-h2",
        "PAN-OS 8.0.3-h1",
        "PAN-OS 8.0.3",
        "PAN-OS 8.0.2",
        "PAN-OS 8.0.1",
        "PAN-OS 8.0.0",
        "PAN-OS 8.0",
        "PAN-OS 7.1.26",
        "PAN-OS 7.1.25",
        "PAN-OS 7.1.24-h1",
        "PAN-OS 7.1.24",
        "PAN-OS 7.1.23",
        "PAN-OS 7.1.22",
        "PAN-OS 7.1.21",
        "PAN-OS 7.1.20",
        "PAN-OS 7.1.19",
        "PAN-OS 7.1.18",
        "PAN-OS 7.1.17",
        "PAN-OS 7.1.16",
        "PAN-OS 7.1.15",
        "PAN-OS 7.1.14",
        "PAN-OS 7.1.13",
        "PAN-OS 7.1.12",
        "PAN-OS 7.1.11",
        "PAN-OS 7.1.10",
        "PAN-OS 7.1.9-h4",
        "PAN-OS 7.1.9-h3",
        "PAN-OS 7.1.9-h2",
        "PAN-OS 7.1.9-h1",
        "PAN-OS 7.1.9",
        "PAN-OS 7.1.8",
        "PAN-OS 7.1.7",
        "PAN-OS 7.1.6",
        "PAN-OS 7.1.5",
        "PAN-OS 7.1.4-h2",
        "PAN-OS 7.1.4-h1",
        "PAN-OS 7.1.4",
        "PAN-OS 7.1.3",
        "PAN-OS 7.1.2",
        "PAN-OS 7.1.1",
        "PAN-OS 7.1.0",
        "PAN-OS 7.1"
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.1.19",
                "versionStartIncluding": "8.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.0.14",
                "versionStartIncluding": "9.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.10",
                "versionStartIncluding": "9.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "ID": "CVE-2021-3045"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10. PAN-OS 10.0 and later versions are not impacted."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-88"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "N/A",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2021-3045"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-08-19T18:19Z",
      "publishedDate": "2021-08-11T17:15Z"
    }
  }
}

ghsa-xch5-226j-jph3

Vulnerability from github

Published

2022-05-24 19:10

Modified

2022-05-24 19:10

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-3045"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-88"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-11T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10. PAN-OS 10.0 and later versions are not impacted.",
  "id": "GHSA-xch5-226j-jph3",
  "modified": "2022-05-24T19:10:41Z",
  "published": "2022-05-24T19:10:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3045"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2021-3045"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cnvd-2021-61953

Vulnerability from cnvd

Title

Palo Alto Networks PAN-OS操作系统命令注入漏洞（CNVD-2021-61953）

Description

PAN-OS是专门针对安全性而设计、用于控制Palo Alto Networks防火墙的作业系统,具有丰富的防火墙、管理及网路功能。 PAN-OS的Web界面存在OS命令参数注入漏洞。攻击者可利用该漏洞从文件系统中读取任意文件。

Severity

中

Patch Name

Palo Alto Networks PAN-OS操作系统命令注入漏洞（CNVD-2021-61953）的补丁

Patch Description

PAN-OS是专门针对安全性而设计、用于控制Palo Alto Networks防火墙的作业系统,具有丰富的防火墙、管理及网路功能。 PAN-OS的Web界面存在OS命令参数注入漏洞。攻击者可利用该漏洞从文件系统中读取任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://security.paloaltonetworks.com/CVE-2021-3045

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-3045

Impacted products

Name
['Palo Alto Networks PAN-OS 8.1;<8.1.19', 'Palo Alto Networks PAN-OS 9.0;<9.0.14', 'Palo Alto Networks PAN-OS 9.1*;<9.1.10']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-3045",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-3045"
    }
  },
  "description": "PAN-OS\u662f\u4e13\u95e8\u9488\u5bf9\u5b89\u5168\u6027\u800c\u8bbe\u8ba1\u3001\u7528\u4e8e\u63a7\u5236Palo Alto Networks\u9632\u706b\u5899\u7684\u4f5c\u4e1a\u7cfb\u7edf,\u5177\u6709\u4e30\u5bcc\u7684\u9632\u706b\u5899\u3001\u7ba1\u7406\u53ca\u7f51\u8def\u529f\u80fd\u3002\n\nPAN-OS\u7684Web\u754c\u9762\u5b58\u5728OS\u547d\u4ee4\u53c2\u6570\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u6587\u4ef6\u7cfb\u7edf\u4e2d\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://security.paloaltonetworks.com/CVE-2021-3045",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-61953",
  "openTime": "2021-08-14",
  "patchDescription": "PAN-OS\u662f\u4e13\u95e8\u9488\u5bf9\u5b89\u5168\u6027\u800c\u8bbe\u8ba1\u3001\u7528\u4e8e\u63a7\u5236Palo Alto Networks\u9632\u706b\u5899\u7684\u4f5c\u4e1a\u7cfb\u7edf,\u5177\u6709\u4e30\u5bcc\u7684\u9632\u706b\u5899\u3001\u7ba1\u7406\u53ca\u7f51\u8def\u529f\u80fd\u3002\r\n\r\nPAN-OS\u7684Web\u754c\u9762\u5b58\u5728OS\u547d\u4ee4\u53c2\u6570\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u6587\u4ef6\u7cfb\u7edf\u4e2d\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Palo Alto Networks PAN-OS\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2021-61953\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Palo Alto Networks PAN-OS 8.1*;\u003c8.1.19",
      "Palo Alto Networks PAN-OS 9.0*;\u003c9.0.14",
      "Palo Alto Networks PAN-OS 9.1*;\u003c9.1.10"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-3045",
  "serverity": "\u4e2d",
  "submitTime": "2021-08-12",
  "title": "Palo Alto Networks PAN-OS\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2021-61953\uff09"
}

CERTFR-2021-AVI-621

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Palo Alto Networks	Cortex XSOAR	Cortex XSOAR PowerShell Image versions 7.1.x antérieures à 7.1.3.20270
Palo Alto Networks	PAN-OS	PAN-OS versions 10.1.x antérieures à 10.1.2
Palo Alto Networks	PAN-OS	PAN-OS versions 9.1.x antérieures à 9.1.11
Palo Alto Networks	PAN-OS	PAN-OS versions 10.0.x antérieures à 10.0.8
Palo Alto Networks	PAN-OS	PAN-OS versions 8.1.x antérieures à 8.1.19
Palo Alto Networks	PAN-OS	PAN-OS versions 9.0.x antérieures à 9.0.15

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-3045 (GCVE-0-2021-3045)

Vulnerability from cvelistv5

fkie_cve-2021-3045

Vulnerability from fkie_nvd

gsd-2021-3045

Vulnerability from gsd

ghsa-xch5-226j-jph3

Vulnerability from github

cnvd-2021-61953

Vulnerability from cnvd

CERTFR-2021-AVI-621

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature