Command Injection in PAN-OS (PAN-SA-2019-0018)

Last revised: 07/15/2019


A command injection vulnerability exists in the Palo Alto Networks PAN-OS Command Line Interface (CLI). (Ref PAN-111872/ CVE-2019-1576)

Severity: Medium

Successful exploitation of this issue may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions.

Products Affected

PAN-OS 9.0.2 and earlier. PAN-OS 7.1, PAN-OS 8.0 and PAN-OS 8.1 are NOT affected.

Available Updates

PAN-OS 9.0.3 and later

Workarounds and Mitigations



Palo Alto Networks would like to thank Joe Graham at Rochester Institute of Technology for reporting this issue.