05-31-2020 07:39 PM
The vulnerability by itself really wouldn't be something that I would worry about, because you need to actually get direct shell access to the device in order to take advantage of it. PAN-OS already doesn't give a user direct shell access even when authenticated.
In short, to take advantage of this vulnerability the attacker would need to:
1) Gain administrative access to the device.
- You hopefully already have this secured by permitted-ips so they would first need to compromise the proper internal machines.
2) Gain direct shell access.
- There are other vulnerabilities that have allowed unrestricted shell access, you'll want to see if any of them actually effect your current PAN-OS release.
3) Lastly exploit this vulnerability to actually gain root access on the underlying operating system.
The risk of exploit here is relatively low, and properly securing your management access is going to negate most concern I would ever have of real world exploit. Part of proper management security would be ensuring that admins have a proper password on their account, so I would recommend setting up a good password policy if you aren't already enforcing one.
