CVE-2024-8686: 
PAN-OS vulnerability analysis and mitigation

A command injection vulnerability (CVE-2024-8686) was discovered in Palo Alto Networks PAN-OS software that enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall. The vulnerability affects PAN-OS version 11.2.2 and earlier versions in the 11.2 series (Palo Advisory).

The vulnerability has been assigned a CVSS v4.0 base score of 8.6 (HIGH) with the following vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber. The vulnerability is classified as CWE-78 (Improper Neutralization of Special Elements used in an OS Command) (NVD, Palo Advisory).

If exploited, this vulnerability allows an authenticated administrator to execute arbitrary commands with root privileges on the affected firewall, potentially leading to complete system compromise and unauthorized access to sensitive information (Palo Advisory).

The vulnerability has been fixed in PAN-OS 11.2.3 and all later PAN-OS versions. Organizations running affected versions should upgrade to a patched version as soon as possible (Palo Advisory).