CVE-2021-3050: 
PAN-OS vulnerability analysis and mitigation

An OS command injection vulnerability was discovered in the Palo Alto Networks PAN-OS web interface (CVE-2021-3050). The vulnerability enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. The affected versions include PAN-OS 9.0 (versions 9.0.10 through 9.0.14), PAN-OS 9.1 (versions 9.1.4 through 9.1.10), PAN-OS 10.0 (version 10.0.7 and earlier), and PAN-OS 10.1 (versions 10.1.0 through 10.1.1). Notably, Prisma Access firewalls and firewalls running PAN-OS 8.1 versions are not impacted by this issue (Palo Alto Advisory).

The vulnerability is classified as an OS Command Injection (CWE-78) with a CVSSv3.1 Base Score of 8.8 (HIGH), indicating a serious security risk. The attack vector is network-based with low attack complexity, requiring low privileges and no user interaction. The vulnerability has high impact ratings for confidentiality, integrity, and availability (Palo Alto Advisory).

If exploited, this vulnerability allows authenticated administrators to execute arbitrary operating system commands, leading to privilege escalation on the affected systems. The high CVSS impact scores across confidentiality, integrity, and availability indicate that successful exploitation could result in significant system compromise (Palo Alto Advisory).

Palo Alto Networks released fixes in PAN-OS versions 9.0.15, 9.1.11, 10.0.8, and 10.1.2. As a workaround, administrators can enable signatures for Unique Threat ID 91439 on traffic destined for the web interface to block attacks. Additionally, following best practices for securing the PAN-OS web interface is recommended to mitigate the impact (Palo Alto Advisory).