CVE-2016-9151 Local Privilege Escalation
Palo Alto Networks firewalls do not properly validate certain environment variables which can potentially allow executing code with higher privileges (Ref # PAN-61104/100499/CVE-2016-9151)
A potential attacker with local shell access could manipulate arbitrary environment variables which could result in a process running with higher privileges.
This issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier
|PAN-OS 7.1||<= 7.1.5||>= 7.1.6|
|PAN-OS 7.0||<= 7.0.10||>= 7.0.11|
|PAN-OS 6.1||<= 6.1.14||>= 6.1.15|
|PAN-OS 6.0||<= 6.0.14||>= 6.0.15|
|PAN-OS 5.1||<= 5.1.12||>= 5.1.13|
|PAN-OS 5.0||<= 5.0.19||>= 5.0.20|
CVSSv3.0 Base Score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.6 and later
Workarounds and Mitigations
Exploitation of this privilege escalation is restricted to local users. Potential attackers would have to first obtain a shell on the device before they could attempt to escalate privileges through this vulnerability.