CVE-2023-6795: 
PAN-OS vulnerability analysis and mitigation

An OS command injection vulnerability (CVE-2023-6795) was discovered in Palo Alto Networks PAN-OS software. The vulnerability was disclosed on December 13, 2023, affecting multiple versions of PAN-OS including versions 8.1.x, 9.0.x, 9.1.x, 10.0.x, and 10.1.x. This security flaw enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall (Palo Alto Advisory, NVD).

The vulnerability is classified as an OS Command Injection (CWE-78) with a CVSS v3.1 base score of 5.9 (Medium severity). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring high privileges (PR:H) and no user interaction (UI:N). The vulnerability can lead to high confidentiality impact and low integrity impact, with no availability impact (Palo Alto Advisory).

If exploited, this vulnerability allows an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the affected firewall. The impact assessment indicates high confidentiality impact, low integrity impact, and no availability impact (Palo Alto Advisory).

The vulnerability has been fixed in PAN-OS versions 8.1.24-h1, 9.0.17, 9.1.12, 10.0.9, 10.1.3, and all later PAN-OS versions. Organizations can mitigate the impact by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation. Customers affected by the PAN-OS root and default certificate expiration issue should carefully select the fixed version when upgrading (Palo Alto Advisory).