{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T16:46:56.528","vulnerabilities":[{"cve":{"id":"CVE-2021-3060","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2021-11-10T17:15:10.157","lastModified":"2024-11-21T06:20:52.560","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers with Prisma Access 2.1 Preferred and Prisma Access 2.1 Innovation firewalls are impacted by this issue."},{"lang":"es","value":"Una vulnerabilidad de inyección de comandos del sistema operativo en la función Simple Certificate Enrollment Protocol (SCEP) del software PAN-OS permite a un atacante no autenticado basado en la red con conocimientos específicos de la configuración del firewalls ejecutar código arbitrario con privilegios de usuario root. El atacante debe tener acceso de red a las interfaces de GlobalProtect para explotar este problema. Este problema afecta a: PAN-OS versiones 8.1 anteriores a PAN-OS 8.1.20-h1; PAN-OS versiones 9.0 anteriores a PAN-OS 9.0.14-h3; PAN-OS versiones 9.1 anteriores a PAN-OS 9.1.11-h2; PAN-OS versiones 10.0 anteriores a PAN-OS 10.0.8; PAN-OS versiones 10.1 anteriores a PAN-OS 10.1.3. Los clientes de Prisma Access con firewalls Prisma Access versión 2.1 Preferred y Prisma Access versión  2.1 Innovation están afectados por este problema"}],"metrics":{"cvssMetricV31":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:prisma_access:2.1:*:*:*:innovation:*:*:*","matchCriteriaId":"926E678E-AD52-472F-89E3-69C82F67414D"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:prisma_access:2.1:*:*:*:preferred:*:*:*","matchCriteriaId":"B277183B-3FC8-472D-83AD-CAB5F4783B7F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0","versionEndIncluding":"8.1.20","matchCriteriaId":"8E492841-3CD5-4DDF-B43C-EE04B5556BE2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndIncluding":"9.0.14","matchCriteriaId":"9E95975B-A993-48FE-BA16-C89BEB075CBE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"9.1.0","versionEndIncluding":"9.1.11","matchCriteriaId":"7C95A07E-5F94-4907-A283-954B7924DA3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.8","matchCriteriaId":"C408A950-281A-49DC-9376-F1D943280371"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndExcluding":"10.1.3","matchCriteriaId":"40AFDDF3-0AB4-4A18-93E9-01EE5BDE9D2E"}]}]}],"references":[{"url":"https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/certificate-management/configure-the-master-key.html","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]},{"url":"https://docs.paloaltonetworks.com/prisma/prisma-access/innovation/2-1/prisma-access-panorama-admin/prepare-the-prisma-access-infrastructure/get-started-with-prisma-access-overview.html","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]},{"url":"https://security.paloaltonetworks.com/CVE-2021-3060","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]},{"url":"https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/certificate-management/configure-the-master-key.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://docs.paloaltonetworks.com/prisma/prisma-access/innovation/2-1/prisma-access-panorama-admin/prepare-the-prisma-access-infrastructure/get-started-with-prisma-access-overview.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://security.paloaltonetworks.com/CVE-2021-3060","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}