A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with Virtual system administrator (read-only) access could use an XML API key of a Virtual system administrator to perform write operations on the virtual system configuration even though they should be limited to read-only operations.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Pan-os | Paloaltonetworks | 9.0.0 (including) | 10.0.0 (excluding) |
Pan-os | Paloaltonetworks | 10.1.0 (including) | 10.1.11 (excluding) |
Pan-os | Paloaltonetworks | 10.2.0 (including) | 10.2.8 (excluding) |
Pan-os | Paloaltonetworks | 11.0.0 (including) | 11.0.3 (excluding) |