Palo Alto PAN-OS XML API Command Injection (Authenticated)
CVE-2023-6792 Published on December 13, 2023
PAN-OS: OS Command Injection Vulnerability in the XML API
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
Vulnerability Analysis
CVE-2023-6792 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and no impact on availability.
Timeline
Initial publication
Weakness Type
What is an Argument Injection Vulnerability?
The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
CVE-2023-6792 has been classified to as an Argument Injection vulnerability or weakness.
Products Associated with CVE-2023-6792
Want to know whenever a new CVE is published for Palo Alto Networks PAN-OS? stack.watch will email you.
Affected Versions
Palo Alto Networks PAN-OS:- Version 8.1 and below 8.1.24 is affected.
- Version 9.0 and below 9.0.17 is affected.
- Version 9.1 and below 9.1.15 is affected.
- Version 10.0 and below 10.0.12 is affected.
- Version 10.1 and below 10.1.6 is affected.
- Version 10.2 and below All is unaffected.
- Version 11.0 and below All is unaffected.
- Version 11.1 and below All is unaffected.
- Version All is unaffected.
- Version All is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.