BugZero | Palo Alto Networks BugID PAN-138727 - A fix was made to address a time-of-check to time-...

Palo Alto Networks - Defect ID: PAN-138727

A fix was made to address a time-of-check to time-of-use (TOCTOU) race condition in the PAN-OS web interface that enabled an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges ( CVE-2021-3054 ).

Palo Alto Networks - Defect ID: PAN-138727

A fix was made to address a time-of-check to time-of-use (TOCTOU) race condition in the PAN-OS web interface that enabled an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges ( CVE-2021-3054 ).

Last update date: 1/1/1970

Overall: 6.36.3

Severity: 6.46.4

Community: 3.73.7

Lifecycle: 1010.0

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 6.36.3

Severity: 6.46.4

Community: 3.73.7

Lifecycle: 1010.0

What is the BugZero Risk Score?

Vendor details

No defect details.

The earliest recollection of this bug is traced back to PAN-OS 10.1.2 - January 09, 2024. This bug is fixed in PAN-OS versions 10.1.2, 9.1.11, 8.1.20. A fix was made to address a time-of-check to time-of-use (TOCTOU) race condition in the PAN-OS web interface that enabled an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges ( CVE-2021-3054 ). For more information: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-release-notes/pan-os-10-1-2-known-and-addressed-issues/pan-os-10-1-2-addressed-issues https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-20-addressed-issues https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-11-addressed-issues

Original Vendor Announcement

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Palo Alto Networks - Defect ID: PAN-138727

A fix was made to address a time-of-check to time-of-use (TOCTOU) race condition in the PAN-OS web interface that enabled an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges ( CVE-2021-3054 ).

Palo Alto Networks - Defect ID: PAN-138727

A fix was made to address a time-of-check to time-of-use (TOCTOU) race condition in the PAN-OS web interface that enabled an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges ( CVE-2021-3054 ).

Last update date: 1/1/1970

Vendor details

Vendor details

Description

Links

Top Palo Alto Networks defects by risk score

Ready to prevent the next vendor outage?