Palo Alto Networks has published three Security Advisories https://securityadvisories.paloaltonetworks.com/.
PAN-SA-2019-00017 – Privilege Escalation in PAN-OS
• Severity = Medium
• Fixed in PAN-OS 7.1.24 and later, PAN-OS 8.0.18 and later, PAN-OS 8.1.9 and later, and PAN-OS 9.0.3 and later.
• Affected Versions: PAN-OS 7.1.23 and earlier, PAN-OS 8.0.17 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier
• CVE-2019-8912
PAN-SA-2019-00018 – Command Injection in PAN-OS
• Severity = Medium
• Fixed PAN-OS 9.0.3
• Affected Versions: PAN-OS 9.0.2-h4 and earlier ONLY
• CVE-2019-1576
PAN-SA-2019-00019 – Information Disclosure in PAN-OS Management API Usage
• Severity = Medium
• Fixed PAN-OS 7.1.24 and later, PAN-OS 8.0.19 and later, PAN-OS 8.1.5-h5 and later and PAN-OS 9.0.2-h4 and later.
• Affected Versions: PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and PAN-OS 9.0.2 and earlier.
• CVE-2019-1575
Regards,
Palo Alto Networks
Product Security Incident Response Team