Command Injection in PAN-OS (PAN-SA-2017-0028)

Last revised: 12/05/2017


A vulnerability exists in the PAN-OS web interface packet capture management that could allow an authenticated user to inject arbitrary commands. (Ref # PAN-81892 / CVE-2017-15940)

Severity: High

PAN-OS contains a vulnerability that may allow for post authentication command injection

Products Affected

PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.13 and earlier, PAN-OS 8.0.5 and earlier

Available Updates

PAN-OS 6.1.19 and later, PAN-OS 7.0.19 and later, PAN-OS 7.1.14 and later, PAN-OS 8.0.6 and later

Workarounds and Mitigations

This issue affects the management interface of the device and is strongly mitigated by following best practices for the isolation of management interfaces for security appliances. We recommend that the management interface be isolated and strictly limited only to security administration personnel through either network segmentation or using the IP access control list restriction feature within PAN-OS.


Palo Alto Networks would like to thank Won Lae Lee from Samsung for reporting this issue