...
BugZero updated this defect 288 days ago.
The earliest recollection of this bug is traced back to PAN-OS 10.1.2 - January 09, 2024. This bug is fixed in PAN-OS versions 10.1.2, 8.1.20, 9.1.11. A fix was made to address a time-of-check to time-of-use (TOCTOU) race condition in the PAN-OS web interface that enabled an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges ( CVE-2021-3054 ). For more information: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-release-notes/pan-os-10-1-2-known-and-addressed-issues/pan-os-10-1-2-addressed-issues https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-20-addressed-issues https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-11-addressed-issues