PAN-OS CLI Improper Neutralization Allows Arbitrary File Read
CVE-2024-8688 Published on September 11, 2024
PAN-OS: Arbitrary File Read Vulnerability in the Command Line Interface (CLI)
An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall.
Timeline
Initial publication
Weakness Type
Improper Neutralization of Wildcards or Matching Symbols
The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as wildcards or matching symbols when they are sent to a downstream component. As data is parsed, an injected element may cause the process to take unexpected actions.
Products Associated with CVE-2024-8688
Want to know whenever a new CVE is published for Palo Alto Networks PAN-OS? stack.watch will email you.
Affected Versions
Palo Alto Networks PAN-OS:- Version 9.1.0 and below 9.1.15 is affected.
- Version 10.0.0 and below 10.0.10 is affected.
- Version 10.1.0 and below 10.1.1 is affected.
- Version 10.2.0 is unaffected.
- Version 11.0.0 is unaffected.
- Version 11.1.0 is unaffected.
- Version 11.2.0 is unaffected.
- Version All is unaffected.
- Version All is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.