CVE-2016-3654

Published: Apr 12, 2016Modified: May 6, 2026

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter.

Affected (5)

Products: Paloaltonetworks: Pan Os

Paloaltonetworks

1 product

Pan Os

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Paloaltonetworks Pan Os	From 5.0.0 to 5.0.18
Paloaltonetworks Pan Os	From 5.1 to 5.1.11
Paloaltonetworks Pan Os	From 6.0.0 to 6.0.13
Paloaltonetworks Pan Os	From 6.1.0 to 6.1.10
Paloaltonetworks Pan Os	From 7.0.0 to 7.0.5

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://security.paloaltonetworks.com/CVE-2016-3654

Source: cve@mitre.org

https://security.paloaltonetworks.com/CVE-2016-3654

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.