An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers with Prisma Access 2.1 Preferred and Prisma Access 2.1 Innovation firewalls are impacted by this issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: palo_alto
Published: 2021-11-10T17:10:24.593774Z
Updated: 2024-09-16T18:56:09.537Z
Reserved: 2021-01-06T00:00:00
Link: CVE-2021-3060
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-11-10T17:15:10.157
Modified: 2024-11-21T06:20:52.560
Link: CVE-2021-3060
Redhat
No data.