Palo Alto Networks PAN-OS Vulnerability Let Attacker Run Arbitrary Commands as Root User
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A newly disclosed command injection vulnerability in Palo Alto Networks’ PAN-OS operating system poses significant security risks to enterprise firewall infrastructures worldwide.
The vulnerability, catalogued as CVE-2025-4230, enables authenticated administrators with command-line interface (CLI) access to execute arbitrary commands with root-level privileges, potentially compromising entire network security architectures.
Published on June 11, 2025, the security advisory highlights the ongoing challenges facing network security vendors in maintaining robust system integrity against sophisticated attack vectors.
PAN-OS Admin Command Injection Vulnerability
The CVE-2025-4230 vulnerability represents a classic example of CWE-78 (Improper Neutralization of Special Elements used in an OS Command), commonly known as OS Command Injection.
This security flaw allows malicious actors to exploit insufficient input validation within the PAN-OS CLI interface, enabling them to bypass system restrictions and execute unauthorized commands with elevated privileges.
The vulnerability follows the CAPEC-248 attack pattern (Command Injection), where attackers leverage improper sanitization of user-supplied input to inject malicious commands into system calls.
The exploitation requires authenticated administrator access to the PAN-OS CLI, which significantly limits the attack surface but does not eliminate the substantial risk posed to organizations with multiple administrative users.
Technical analysis reveals that the command injection occurs through insufficient input validation mechanisms within the CLI processing engine.
When administrators input commands containing specially crafted characters or sequences, the system fails to properly neutralize these elements before executing them in the underlying operating system context.
This fundamental weakness allows attackers to append additional commands or modify existing command parameters to achieve unauthorized system access.
The vulnerability discovery is credited to Visa Inc., demonstrating the valuable role of private sector security research in identifying critical infrastructure vulnerabilities.
Risk Factors Details Affected ProductsPAN-OS 11.2 versions prior to 11.2.6, PAN-OS 11.1 versions before 11.1.10, PAN-OS 10.2 versions earlier than 10.2.14, and PAN-OS 10.1 versions before 10.1.14-h15ImpactAuthenticated admin CLI users can execute arbitrary root-level commandsExploit Prerequisites– Valid administrator credentials- CLI accessCVSS 3.1 Score5.7 (Medium)
Affected Systems
The vulnerability affects multiple PAN-OS versions across different release branches, with specific version ranges requiring immediate attention.
PAN-OS 11.2 versions prior to 11.2.6, PAN-OS 11.1 versions before 11.1.10, PAN-OS 10.2 versions earlier than 10.2.14, and PAN-OS 10.1 versions before 10.1.14-h15 are all susceptible to this command injection attack.
The Common Vulnerability Scoring System (CVSS) assessment assigns this vulnerability a base score of 5.7, categorizing it as Medium severity.
The CVSS vector string CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/R:U/V:D/U:Amber indicates local attack vector requirements, low attack complexity, high privileges required, and high impact on confidentiality, integrity, and availability.
Notably, Palo Alto Networks’ Cloud NGFW and Prisma Access platforms remain unaffected by this vulnerability, suggesting different architectural implementations or additional security controls within these cloud-based offerings.
The company emphasizes that no special configuration is required for systems to be vulnerable, meaning default installations are susceptible to exploitation.
Remediation
Palo Alto Networks has released patched versions addressing the command injection vulnerability across all affected product lines.
Organizations must upgrade to PAN-OS 11.2.6, 11.1.10, 10.2.14, or 10.1.14-h15 depending on their current deployment version.
The company explicitly states that no workarounds or mitigations are available, making immediate patching the only viable security response.
Palo Alto Networks reports no known malicious exploitation of this issue, though the moderate urgency classification suggests organizations should prioritize remediation efforts.
Security professionals should implement additional access controls limiting CLI access to essential personnel only, as the company notes that restricting administrative access significantly reduces the security risk posed by this vulnerability.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Palo Alto Networks PAN-OS Vulnerability Let Attacker Run Arbitrary Commands as Root User
Author: Guru BaranA newly disclosed command injection vulnerability in Palo Alto Networks’ PAN-OS operating system poses significant security risks to enterprise firewall infrastructures worldwide.
The vulnerability, catalogued as CVE-2025-4230, enables authenticated administrators with command-line interface (CLI) access to execute arbitrary commands with root-level privileges, potentially compromising entire network security architectures.
Published on June 11, 2025, the security advisory highlights the ongoing challenges facing network security vendors in maintaining robust system integrity against sophisticated attack vectors.
PAN-OS Admin Command Injection Vulnerability
The CVE-2025-4230 vulnerability represents a classic example of CWE-78 (Improper Neutralization of Special Elements used in an OS Command), commonly known as OS Command Injection.
This security flaw allows malicious actors to exploit insufficient input validation within the PAN-OS CLI interface, enabling them to bypass system restrictions and execute unauthorized commands with elevated privileges.
The vulnerability follows the CAPEC-248 attack pattern (Command Injection), where attackers leverage improper sanitization of user-supplied input to inject malicious commands into system calls.
The exploitation requires authenticated administrator access to the PAN-OS CLI, which significantly limits the attack surface but does not eliminate the substantial risk posed to organizations with multiple administrative users.
Technical analysis reveals that the command injection occurs through insufficient input validation mechanisms within the CLI processing engine.
When administrators input commands containing specially crafted characters or sequences, the system fails to properly neutralize these elements before executing them in the underlying operating system context.
This fundamental weakness allows attackers to append additional commands or modify existing command parameters to achieve unauthorized system access.
The vulnerability discovery is credited to Visa Inc., demonstrating the valuable role of private sector security research in identifying critical infrastructure vulnerabilities.
Risk Factors Details Affected ProductsPAN-OS 11.2 versions prior to 11.2.6, PAN-OS 11.1 versions before 11.1.10, PAN-OS 10.2 versions earlier than 10.2.14, and PAN-OS 10.1 versions before 10.1.14-h15ImpactAuthenticated admin CLI users can execute arbitrary root-level commandsExploit Prerequisites– Valid administrator credentials- CLI accessCVSS 3.1 Score5.7 (Medium)
Affected Systems
The vulnerability affects multiple PAN-OS versions across different release branches, with specific version ranges requiring immediate attention.
PAN-OS 11.2 versions prior to 11.2.6, PAN-OS 11.1 versions before 11.1.10, PAN-OS 10.2 versions earlier than 10.2.14, and PAN-OS 10.1 versions before 10.1.14-h15 are all susceptible to this command injection attack.
The Common Vulnerability Scoring System (CVSS) assessment assigns this vulnerability a base score of 5.7, categorizing it as Medium severity.
The CVSS vector string CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/R:U/V:D/U:Amber indicates local attack vector requirements, low attack complexity, high privileges required, and high impact on confidentiality, integrity, and availability.
Notably, Palo Alto Networks’ Cloud NGFW and Prisma Access platforms remain unaffected by this vulnerability, suggesting different architectural implementations or additional security controls within these cloud-based offerings.
The company emphasizes that no special configuration is required for systems to be vulnerable, meaning default installations are susceptible to exploitation.
Remediation
Palo Alto Networks has released patched versions addressing the command injection vulnerability across all affected product lines.
Organizations must upgrade to PAN-OS 11.2.6, 11.1.10, 10.2.14, or 10.1.14-h15 depending on their current deployment version.
The company explicitly states that no workarounds or mitigations are available, making immediate patching the only viable security response.
Palo Alto Networks reports no known malicious exploitation of this issue, though the moderate urgency classification suggests organizations should prioritize remediation efforts.
Security professionals should implement additional access controls limiting CLI access to essential personnel only, as the company notes that restricting administrative access significantly reduces the security risk posed by this vulnerability.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
