CVE-2016-1712 Local privilege escalation
Description
Palo Alto Networks firewalls do not properly sanitize the root_reboot local invocation which can potentially allow executing code with higher privileges (Ref. 92293) (CVE-2016-1712).
Exploitation of this privilege escalation is restricted to local users. Potential attackers would have to first obtain a shell on the device before they could attempt to escalate privileges through this vulnerability.
This issue affects PAN-OS 5.0.18 and earlier; PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.11 and earlier; PAN-OS 7.0.7 and earlier
Product Status
Versions | Affected | Unaffected |
---|---|---|
PAN-OS 7.0 | <= 7.0.7 | >= 7.0.8 |
PAN-OS 6.1 | <= 6.1.11 | >= 6.1.12 |
PAN-OS 6.0 | <= 6.0.13 | >= 6.0.14 |
PAN-OS 5.1 | <= 5.1.11 | >= 5.1.12 |
PAN-OS 5.0 | <= 5.0.18 | >= 5.0.19 |
Severity: HIGH
CVSSv3.0 Base Score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Weakness Type
CWE-20 Improper Input Validation
Solution
PAN-OS 5.0.19 and later; PAN-OS 5.1.12 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.12 and later; PAN-OS 7.0.8 and later
Workarounds and Mitigations
N/A