CVE-2023-6792: 
PAN-OS vulnerability analysis and mitigation

An OS command injection vulnerability was discovered in the XML API of Palo Alto Networks PAN-OS software, identified as CVE-2023-6792. The vulnerability was disclosed on December 13, 2023, affecting multiple versions of PAN-OS including versions 8.1.x, 9.0.x, 9.1.x, 10.0.x, and 10.1.x. This security flaw specifically impacts PAN-OS configurations with XML API access enabled (Palo Advisory).

The vulnerability is classified as an OS Command Injection (CWE-88) that allows argument delimiter injection in commands. It received a CVSS v3.1 base score of 5.9 (Medium severity) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N. The attack vector is network-based with low attack complexity, requiring high privileges but no user interaction (Palo Advisory, NVD).

If successfully exploited, this vulnerability enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. The impact assessment indicates high confidentiality impact, low integrity impact, and no availability impact (Palo Advisory).

The vulnerability has been patched in PAN-OS versions 8.1.24, 9.0.17, 9.1.15, 10.0.12, 10.1.6, and all later versions. For customers with a Threat Prevention subscription, enabling Threat ID 91715 (introduced in Applications and Threats content update 8473) can block attacks. Additional mitigation involves following best practices for securing administrative access as documented in the PAN-OS technical documentation (Palo Advisory).

The vulnerability was discovered and reported by Ethan Shackelford of IOActive, demonstrating active security research engagement with Palo Alto Networks' products (Palo Advisory).