---
licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0)
licence_link: https://creativecommons.org/licenses/by/4.0/
licence_restrictions: https://cert.europa.eu/legal-notice
licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies
title: 'Command Injection Vulnerability in PaloAlto PAN-OS'
number: '2024-098'
version: '1.0'
original_date: '2024-09-11'
date: '2024-09-16'
---

_History:_

* _16/09/2024 --- v1.0 -- Initial publication_

# Summary

On September 11, 2024, a high-severity command injection vulnerability has been addressed in PaloAlto PAN-OS. If exploited, this flaw could allow an authenticated attacker to execute arbitrary commands as root on the firewall.

# Technical Details

The vulnerability **CVE-2024-8686**, with a CVSS score of 8.6, is a command injection vulnerability in Palo Alto Networks PAN-OS software. It enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall.

# Affected Products

This vulnerability affects PAN-OS version 11.2.2.

# Recommendations

CERT-EU strongly recommends updating affected PAN-OS installations to the latest version [1].

# References

[1] <https://security.paloaltonetworks.com/CVE-2024-8686>