Palo Alto Networks Latest Vulnerabilities

November 27

Insufficient Certificate Validation Vulnerability Affects GlobalProtect App for Android

CVE-2024-5921

Palo Alto NetworksGlobalprotect App👾

November 18

Palo Alto Networks PAN-OS Privilege Escalation Vulnerability Affects Firewall

CVE-2024-9474

Palo Alto NetworksCloud Ngfw👾7.2HIGH

Authentication Bypass Vulnerability Affects Palo Alto Networks PAN-OS Software

CVE-2024-0012

Palo Alto NetworksCloud Ngfw🔥😄👾9.8CRITICAL

November 14

Unathorized Access to GlobalProtect Service through Null Pointer Dereference Vulnerability

CVE-2024-2550

Palo Alto NetworksCloud Ngfw👾

Palo Alto Networks PAN-OS Software Vulnerable to Cross-Site Scripting Attacks

CVE-2024-5920

Palo Alto NetworksCloud Ngfw👾

Unauthenticated Server-Side Request Forgery Attack on PAN-OS Software Allows Proxy Access to Internal Network Resources

CVE-2024-5917

Palo Alto NetworksCloud Ngfw👾

Palo Alto Networks PAN-OS Command Injection Vulnerability Allows Administrator Deletions

CVE-2024-2552

Palo Alto NetworksCloud Ngfw👾

Improper Certificate Validation Vulnerability in Palo Alto Networks PAN-OS Software

CVE-2024-5918

Palo Alto NetworksCloud Ngfw👾

Blind XML External Entities Injection Vulnerability Allows File Exfiltration

CVE-2024-5919

Palo Alto NetworksCloud Ngfw👾

Unauthenticated Null Pointer Dereference Vulnerability Leads to DoS Condition and Maintenance Mode

CVE-2024-2551

Palo Alto NetworksCloud Ngfw👾

Palo Alto Networks PAN-OS Software Under Denial of Service Attack via Null Pointer Dereference

CVE-2024-9472

Palo Alto NetworksCloud Ngfw👾

October 9

UnAuthenticated SQL Injection Vulnerability in Palo Alto Networks Expedition

CVE-2024-9465

Palo Alto NetworksExpedition👾9.1CRITICAL

Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9463

Palo Alto NetworksExpedition👾7.5HIGH

Privilege Escalation Vulnerability in Palo Alto Networks GlobalProtect for Windows

CVE-2024-9473

Palo Alto NetworksGlobalprotect App👾7.8HIGH

Expedition: Reflected Cross-Site Scripting Vulnerability Leads to Expedition Session Disclosure

CVE-2024-9467

Palo Alto NetworksExpedition👾6.1MEDIUM

Cortex XSOAR: Information Disclosure Vulnerability

CVE-2024-9470

Palo Alto NetworksCortex Xsoar👾

Sensitive Information Vulnerability in Palo Alto Networks Expedition

CVE-2024-9466

Palo Alto NetworksExpedition👾6.5MEDIUM

OS Command Injection Vulnerability in Palo Alto Networks Expedition

CVE-2024-9464

Palo Alto NetworksExpedition😄👾6.5MEDIUM

PAN-OS: Privilege Escalation (PE) Vulnerability in XML API

CVE-2024-9471

Palo Alto NetworksPan-os👾4.7MEDIUM

Cortex XDR Agent: Local Windows User Can Disable the Agent

CVE-2024-9469

Palo Alto NetworksCortex Xdr Agent👾5.5MEDIUM

PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet

CVE-2024-9468

Palo Alto NetworksPan-os👾

September 11

Palo Alto Networks GlobalProtect Vulnerability: Impersonation of Authenticated Users

CVE-2024-8691

Palo Alto NetworksPan-os👾7.1HIGH

Palo Alto Networks Cortex XDR Agent Vulnerability Allows Malware Disablement

CVE-2024-8690

Palo Alto NetworksCortex Xdr Agent👾4.4MEDIUM

Cleartext Exposure of Configured ActiveMQ Credentials in Log Bundles

CVE-2024-8689

Palo Alto NetworksActiveMQ Content Pack👾

Improper Neutralization of Matching Symbols Vulnerability in Palo Alto Networks PAN-OS CLI

CVE-2024-8688

Palo Alto NetworksPan-os👾4.4MEDIUM

GlobalProtect Information Exposure Vulnerability

CVE-2024-8687

Palo Alto NetworksPan-os👾7.1HIGH

Palo Alto Networks PAN-OS Command Injection Vulnerability Allows Rooted Access

CVE-2024-8686

Palo Alto NetworksPan-os👾7.2HIGH

August 14

Palo Alto Networks GlobalProtect App Privilege Escalation Vulnerability Allows Local User Elevated Access

CVE-2024-5915

Palo Alto NetworksGlobalprotect App👾7.8HIGH

Unauthenticated Command Injection Vulnerability in Palo Alto Networks Cortex XSOAR CommonScripts Pack

CVE-2024-5914

Palo Alto NetworksCortex Xsoar Commonscr...9.8CRITICAL

Information Exposure Vulnerability in Palo Alto Networks PAN-OS software

CVE-2024-5916

Palo Alto NetworksPan-os4.4MEDIUM

July 10

Attackers can elevate privileges by tampering with physical file system

CVE-2024-5913

Palo Alto NetworksPan-os👾6.1MEDIUM

Improper File Signature Check Could Bypass Executable Blocking

CVE-2024-5912

Palo Alto NetworksCortex Xdr Agent👾

Panorama vulnerability allows unauthorized access and system disruption

CVE-2024-5911

Palo Alto NetworksPan-os👾

Expedition Admin Account Takeover Risk Due to Missing Authentication

CVE-2024-5910

Palo Alto NetworksExpedition🔥😄👾9.8CRITICAL

June 12

Local Privileged User Vulnerability Affects Cortex XDR Agent on Windows Devices

CVE-2024-5905

Palo Alto NetworksCortex Xdr Agent4.4MEDIUM

Low Privileged User Can Disable Palo Alto Networks Cortex XDR Agent on Windows Devices

CVE-2024-5909

Palo Alto NetworksCortex Xdr Agent5.5MEDIUM

Difficult-to-exploit privilege escalation vulnerability in Palo Alto Networks Cortex XDR agent on Windows devices

CVE-2024-5907

Palo Alto NetworksCortex Xdr Agent👾7HIGH

Encrypted User Credentials Exposed in Application Logs

CVE-2024-5908

Palo Alto NetworksGlobalprotect App👾7.5HIGH

Palo Alto Networks Prisma Cloud Compute Cross-Site Scripting Vulnerability

CVE-2024-5906

Palo Alto NetworksPrisma Cloud4.8MEDIUM

April 12

Palo Alto Networks PAN-OS Command Injection Vulnerability

CVE-2024-3400

Palo Alto NetworksPan-os🔥😄👾10CRITICAL

April 10

Attacker can impersonate another user and send network packets to internal assets

CVE-2024-3388

Palo Alto NetworksPan-os4.1MEDIUM

Attacker can perform MitM attack to capture encrypted traffic

CVE-2024-3387

Palo Alto NetworksPan-os5.3MEDIUM

Incorrect String Comparison Vulnerability Affects Predefined Decryption Exclusions in Palo Alto Networks PAN-OS Software

CVE-2024-3386

Palo Alto NetworksPan-os👾5.3MEDIUM

Remote Attackers Can Reboot Palo Alto Networks Firewalls, Requiring Manual Intervention

CVE-2024-3385

Palo Alto NetworksPan-os7.5HIGH

Palo Alto Networks PAN-OS Software Vulnerability Allows Remote Reboot of Firewalls

CVE-2024-3384

Palo Alto NetworksPan-os7.5HIGH

Palo Alto Networks PAN-OS Vulnerability: Modification of User-ID Groups

CVE-2024-3383

Palo Alto NetworksPan-os👾7.4HIGH

Memory Leak in PAN-OS Software Allows Attackers to Bypass Firewall

CVE-2024-3382

Palo Alto NetworksPan-os7.5HIGH

March 13

Improper Authorization Vulnerability in Palo Alto Networks Panorama Software

CVE-2024-2433

Palo Alto NetworksPan-os👾4.3MEDIUM

Palo Alto Networks GlobalProtect Privilege Escalation Vulnerability

CVE-2024-2432

Palo Alto NetworksGlobalprotect App4.5MEDIUM

Non-Privileged User Disables GlobalProtect App in Configurations Allowing Passcode Disablement

CVE-2024-2431

Palo Alto NetworksGlobalprotect App👾5.5MEDIUM

February 14

Palo Alto Networks PAN-OS Software Vulnerable to Reflected Cross-Site Scripting Attacks

CVE-2024-0011

Palo Alto NetworksPan-os👾6.1MEDIUM

Palo Alto Networks PAN-OS Portal Feature Vulnerable to Reflected Cross-Site Scripting Attacks

CVE-2024-0010

Palo Alto NetworksPan-os👾6.1MEDIUM

Improper Verification Vulnerability in GlobalProtect Gateway Could Enable Unauthorized Access

CVE-2024-0009

Palo Alto NetworksPan-os👾6.3MEDIUM

Unauthorized Access Vulnerability in PAN-OS Software

CVE-2024-0008

Palo Alto NetworksPan-os👾8.8HIGH

Palo Alto Networks PAN-OS Software Vulnerable to Cross-Site Scripting Attacks

CVE-2024-0007

Palo Alto NetworksPan-os👾4.8MEDIUM

December 13

PAN-OS: File Upload Vulnerability in the Web Interface

CVE-2023-6794

Palo Alto NetworksPAN-OS5.5MEDIUM

PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator

CVE-2023-6793

Palo Alto NetworksPan-os👾2.7LOW

PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

CVE-2023-6789

Palo Alto NetworksPAN-OS4.3MEDIUM

PAN-OS: OS Command Injection Vulnerability in the XML API

CVE-2023-6792

Palo Alto NetworksPan-os👾5.5MEDIUM

PAN-OS: OS Command Injection Vulnerability in the Web Interface

CVE-2023-6795

Palo Alto NetworksPAN-OS5.5MEDIUM

PAN-OS: Plaintext Disclosure of External System Integration Credentials

CVE-2023-6791

Palo Alto NetworksPAN-OS4.9MEDIUM

PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface

CVE-2023-6790

Palo Alto NetworksPAN-OS8.8HIGH

November 8

Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine

CVE-2023-3282

Palo Alto NetworksCortex Xsoar👾6.4MEDIUM

September 13

Cortex XDR Agent: Local Windows User Can Disable the Agent

CVE-2023-3280

Palo Alto NetworksCortex XDR Agent5.5MEDIUM

July 12

PAN-OS: Read System Files and Resources During Configuration Commit

CVE-2023-38046

Palo Alto NetworksPAN-OS4.9MEDIUM

June 14

GlobalProtect App: Local Privilege Escalation (PE) Vulnerability

CVE-2023-0009

Palo Alto NetworksGlobalprotect App👾7.8HIGH

PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication

CVE-2023-0010

Palo Alto NetworksPan-os👾5.4MEDIUM

May 10

PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface

CVE-2023-0008

Palo Alto NetworksPan-os👾4.4MEDIUM

PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface

CVE-2023-0007

Palo Alto NetworksPan-os👾6.5MEDIUM

April 12

PAN-OS: Exposure of Sensitive Information Vulnerability

CVE-2023-0005

Palo Alto NetworksPan-os👾4.1MEDIUM

PAN-OS: Local File Deletion Vulnerability

CVE-2023-0004

Palo Alto NetworksPan-os👾6.5MEDIUM

GlobalProtect App: Local File Deletion Vulnerability

CVE-2023-0006

Palo Alto NetworksGlobalprotect App👾6.3MEDIUM

February 8

Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server

CVE-2023-0003

Palo Alto NetworksCortex Xsoar6.5MEDIUM

Cortex XDR Agent: Cleartext Exposure of Agent Admin Password

CVE-2023-0001

Palo Alto NetworksCortex Xdr Agent6MEDIUM

Cortex XDR Agent: Product Disruption by Local Windows User

CVE-2023-0002

Palo Alto NetworksCortex Xdr Agent5.5MEDIUM

November 9

Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine

CVE-2022-0031

Palo Alto NetworksCortex Xsoar6.7MEDIUM

October 12

PAN-OS: Authentication Bypass in Web Interface

CVE-2022-0030

Palo Alto NetworksPan-os👾8.1HIGH

September 14

Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File

CVE-2022-0029

Palo Alto NetworksCortex Xdr Agent👾5.5MEDIUM

August 10

PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering

CVE-2022-0028

Palo Alto NetworksCloud Ngfw👾8.6HIGH

May 11

PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit

CVE-2022-0024

Palo Alto NetworksPan-os👾7.2HIGH

Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability

CVE-2022-0026

Palo Alto NetworksCortex Xdr Agent👾6.7MEDIUM

Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports

CVE-2022-0027

Palo Alto NetworksCortex Xsoar4.3MEDIUM

Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability

CVE-2022-0025

Palo Alto NetworksCortex Xdr Agent👾6.7MEDIUM

April 13

PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy

CVE-2022-0023

Palo Alto NetworksPan-os👾5.9MEDIUM

March 9

PAN-OS: Use of a Weak Cryptographic Algorithm for Stored Password Hashes

CVE-2022-0022

Palo Alto NetworksPan-os👾4.1MEDIUM

February 10

GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux

CVE-2022-0019

Palo Alto NetworksGlobalprotect App👾4.7MEDIUM

PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering

CVE-2022-0011

Palo Alto NetworksPan-os6.5MEDIUM

GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled

CVE-2022-0018

Palo Alto NetworksGlobalProtect App6.5MEDIUM

Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface

CVE-2022-0020

Palo Alto NetworksCortex Xsoar👾6.8MEDIUM

February 9

GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation

CVE-2022-0017

Palo Alto NetworksGlobalprotect App👾7HIGH

GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon

CVE-2022-0021

Palo Alto NetworksGlobalprotect App👾3.3LOW

GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon

CVE-2022-0016

Palo Alto NetworksGlobalprotect App👾7.4HIGH

January 12

Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability

CVE-2022-0012

Palo Alto NetworksCortex Xdr Agent👾6.1MEDIUM

Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File

CVE-2022-0013

Palo Alto NetworksCortex Xdr Agent👾5MEDIUM

Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session

CVE-2022-0014

Palo Alto NetworksCortex Xdr Agent👾6.7MEDIUM

Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability

CVE-2022-0015

Palo Alto NetworksCortex Xdr Agent👾7.8HIGH

November 10

PAN-OS: Improper Access Control Vulnerability Exposing AWS Instance Metadata Endpoint to GlobalProtect Users

CVE-2021-3062

Palo Alto NetworksPan-os👾8.1HIGH

PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces

CVE-2021-3064

Palo Alto NetworksPan-os👾9.8CRITICAL

PAN-OS: OS Command Injection Vulnerability in Web Interface XML API

CVE-2021-3058

Palo Alto NetworksPan-os👾8.8HIGH

PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP)

CVE-2021-3060

Palo Alto NetworksPan-os👾8.1HIGH