CVE-2021-3061 vulnerability in Palo Alto Networks Products
Published on November 10, 2021
PAN-OS: OS Command Injection Vulnerability in the Command Line Interface (CLI)
An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers that have Prisma Access 2.1 firewalls are impacted by this issue.
Vulnerability Analysis
CVE-2021-3061 can be exploited with local system access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Timeline
Initial publication
Weakness Type
What is a Shell injection Vulnerability?
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CVE-2021-3061 has been classified to as a Shell injection vulnerability or weakness.
Products Associated with CVE-2021-3061
stack.watch emails you whenever new vulnerabilities are published in Palo Alto Networks Prisma Access or Palo Alto Networks PAN-OS. Just hit a watch button to start following.
Affected Versions
Palo Alto Networks PAN-OS:- Version 8.1 and below 8.1.20-h1 is affected.
- Version 9.0 and below 9.0.14-h3 is affected.
- Version 10.0 and below 10.0.8 is affected.
- Version 10.1 and below 10.1.3 is affected.
- Version 9.1 and below 9.1.11-h2 is affected.
- Version 2.2 all is unaffected.
- Version 2.1 Preferred is affected.
- Version 2.1 Innovation is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.