Описание
A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
8.1 High
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
Связанные уязвимости
A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a local authenticated user to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS 8.1.13 and all later PAN-OS 8.1 versions.
Уязвимость демона logd операционной системы PAN-OS, позволяющая нарушителю выполнить произвольный код и повысить свои привилегии
EPSS
8.1 High
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2