Palo Alto Networks Latest Vulnerabilities
October 9
CVE-2024-9467
Palo Alto NetworksExpedition6.1MEDIUM
UnAuthenticated SQL Injection Vulnerability in Palo Alto Networks Expedition
CVE-2024-9465
Palo Alto NetworksExpedition👾9.1CRITICAL
Privilege Escalation Vulnerability in Palo Alto Networks GlobalProtect for Windows
CVE-2024-9473
Palo Alto NetworksGlobalprotect App👾7.8HIGH
Sensitive Information Vulnerability in Palo Alto Networks Expedition
CVE-2024-9466
Palo Alto NetworksExpedition👾6.5MEDIUM
Cortex XDR Agent: Local Windows User Can Disable the Agent
CVE-2024-9469
Palo Alto NetworksCortex Xdr Agent👾5.5MEDIUM
Cortex XSOAR: Information Disclosure Vulnerability
CVE-2024-9470
Palo Alto NetworksCortex Xsoar👾
Palo Alto Networks Expedition OS Command Injection Vulnerability
CVE-2024-9463
Palo Alto NetworksExpedition7.5HIGH
CVE-2024-9471
Palo Alto NetworksPan-os4.7MEDIUM
OS Command Injection Vulnerability in Palo Alto Networks Expedition
CVE-2024-9464
Palo Alto NetworksExpedition😄👾6.5MEDIUM
September 11
Palo Alto Networks GlobalProtect Vulnerability: Impersonation of Authenticated Users
CVE-2024-8691
Palo Alto NetworksPan-os👾
Palo Alto Networks Cortex XDR Agent Vulnerability Allows Malware Disablement
CVE-2024-8690
Palo Alto NetworksCortex Xdr Agent👾4.4MEDIUM
Cleartext Exposure of Configured ActiveMQ Credentials in Log Bundles
CVE-2024-8689
Palo Alto NetworksActiveMQ Content Pack👾
Improper Neutralization of Matching Symbols Vulnerability in Palo Alto Networks PAN-OS CLI
CVE-2024-8688
Palo Alto NetworksPan-os👾4.4MEDIUM
GlobalProtect Information Exposure Vulnerability
CVE-2024-8687
Palo Alto NetworksPan-os👾7.1HIGH
Palo Alto Networks PAN-OS Command Injection Vulnerability Allows Rooted Access
CVE-2024-8686
Palo Alto NetworksPan-os👾7.2HIGH
August 14
Unauthenticated Command Injection Vulnerability in Palo Alto Networks Cortex XSOAR CommonScripts Pack
CVE-2024-5914
Palo Alto NetworksCortex Xsoar Commonscr...9.8CRITICAL
Palo Alto Networks GlobalProtect App Privilege Escalation Vulnerability Allows Local User Elevated Access
CVE-2024-5915
Palo Alto NetworksGlobalprotect App👾7.8HIGH
Information Exposure Vulnerability in Palo Alto Networks PAN-OS software
CVE-2024-5916
Palo Alto NetworksPan-os4.4MEDIUM
July 10
Attackers can elevate privileges by tampering with physical file system
CVE-2024-5913
Palo Alto NetworksPan-os👾6.1MEDIUM
Improper File Signature Check Could Bypass Executable Blocking
CVE-2024-5912
Palo Alto NetworksCortex Xdr Agent👾
Panorama vulnerability allows unauthorized access and system disruption
CVE-2024-5911
Palo Alto NetworksPan-os👾
Expedition Admin Account Takeover Risk Due to Missing Authentication
CVE-2024-5910
Palo Alto NetworksExpedition👾
June 12
Difficult-to-exploit privilege escalation vulnerability in Palo Alto Networks Cortex XDR agent on Windows devices
CVE-2024-5907
Palo Alto NetworksCortex Xdr Agent👾7HIGH
Local Privileged User Vulnerability Affects Cortex XDR Agent on Windows Devices
CVE-2024-5905
Palo Alto NetworksCortex Xdr Agent4.4MEDIUM
Encrypted User Credentials Exposed in Application Logs
CVE-2024-5908
Palo Alto NetworksGlobalprotect App👾7.5HIGH
Low Privileged User Can Disable Palo Alto Networks Cortex XDR Agent on Windows Devices
CVE-2024-5909
Palo Alto NetworksCortex Xdr Agent5.5MEDIUM
Palo Alto Networks Prisma Cloud Compute Cross-Site Scripting Vulnerability
CVE-2024-5906
Palo Alto NetworksPrisma Cloud4.8MEDIUM
April 12
Palo Alto Networks PAN-OS Command Injection Vulnerability
CVE-2024-3400
Palo Alto NetworksPan-os🔥😄👾10CRITICAL
April 10
Attacker can impersonate another user and send network packets to internal assets
CVE-2024-3388
Palo Alto NetworksPan-os4.1MEDIUM
Attacker can perform MitM attack to capture encrypted traffic
CVE-2024-3387
Palo Alto NetworksPan-os5.3MEDIUM
Incorrect String Comparison Vulnerability Affects Predefined Decryption Exclusions in Palo Alto Networks PAN-OS Software
CVE-2024-3386
Palo Alto NetworksPan-os👾5.3MEDIUM
Remote Attackers Can Reboot Palo Alto Networks Firewalls, Requiring Manual Intervention
CVE-2024-3385
Palo Alto NetworksPan-os7.5HIGH
Palo Alto Networks PAN-OS Software Vulnerability Allows Remote Reboot of Firewalls
CVE-2024-3384
Palo Alto NetworksPan-os7.5HIGH
Palo Alto Networks PAN-OS Vulnerability: Modification of User-ID Groups
CVE-2024-3383
Palo Alto NetworksPan-os👾7.4HIGH
Memory Leak in PAN-OS Software Allows Attackers to Bypass Firewall
CVE-2024-3382
Palo Alto NetworksPan-os7.5HIGH
March 13
Improper Authorization Vulnerability in Palo Alto Networks Panorama Software
CVE-2024-2433
Palo Alto NetworksPan-os👾4.3MEDIUM
Palo Alto Networks GlobalProtect Privilege Escalation Vulnerability
CVE-2024-2432
Palo Alto NetworksGlobalprotect App4.5MEDIUM
Non-Privileged User Disables GlobalProtect App in Configurations Allowing Passcode Disablement
CVE-2024-2431
Palo Alto NetworksGlobalprotect App👾5.5MEDIUM
February 14
Palo Alto Networks PAN-OS Software Vulnerable to Reflected Cross-Site Scripting Attacks
CVE-2024-0011
Palo Alto NetworksPan-os👾4.3MEDIUM
Palo Alto Networks PAN-OS Portal Feature Vulnerable to Reflected Cross-Site Scripting Attacks
CVE-2024-0010
Palo Alto NetworksPan-os👾4.3MEDIUM
Improper Verification Vulnerability in GlobalProtect Gateway Could Enable Unauthorized Access
CVE-2024-0009
Palo Alto NetworksPan-os👾6.3MEDIUM
Unauthorized Access Vulnerability in PAN-OS Software
CVE-2024-0008
Palo Alto NetworksPan-os👾6.6MEDIUM
Palo Alto Networks PAN-OS Software Vulnerable to Cross-Site Scripting Attacks
CVE-2024-0007
Palo Alto NetworksPan-os👾6.8MEDIUM
December 13
PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
CVE-2023-6789
Palo Alto NetworksPAN-OS4.3MEDIUM
PAN-OS: OS Command Injection Vulnerability in the Web Interface
CVE-2023-6795
Palo Alto NetworksPAN-OS5.5MEDIUM
PAN-OS: File Upload Vulnerability in the Web Interface
CVE-2023-6794
Palo Alto NetworksPAN-OS5.5MEDIUM
PAN-OS: OS Command Injection Vulnerability in the XML API
CVE-2023-6792
Palo Alto NetworksPan-os👾5.5MEDIUM
PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator
CVE-2023-6793
Palo Alto NetworksPAN-OS2.7LOW
PAN-OS: Plaintext Disclosure of External System Integration Credentials
CVE-2023-6791
Palo Alto NetworksPAN-OS4.9MEDIUM
PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface
CVE-2023-6790
Palo Alto NetworksPAN-OS8.8HIGH
November 8
Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine
CVE-2023-3282
Palo Alto NetworksCortex Xsoar👾6.4MEDIUM
September 13
Cortex XDR Agent: Local Windows User Can Disable the Agent
CVE-2023-3280
Palo Alto NetworksCortex XDR Agent5.5MEDIUM
July 12
PAN-OS: Read System Files and Resources During Configuration Commit
CVE-2023-38046
Palo Alto NetworksPAN-OS4.9MEDIUM
June 14
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
CVE-2023-0009
Palo Alto NetworksGlobalprotect App👾7.8HIGH
PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication
CVE-2023-0010
Palo Alto NetworksPan-os👾5.4MEDIUM
May 10
PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface
CVE-2023-0008
Palo Alto NetworksPan-os👾4.4MEDIUM
PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface
CVE-2023-0007
Palo Alto NetworksPan-os👾6.5MEDIUM
April 12
GlobalProtect App: Local File Deletion Vulnerability
CVE-2023-0006
Palo Alto NetworksGlobalprotect App👾6.3MEDIUM
PAN-OS: Exposure of Sensitive Information Vulnerability
CVE-2023-0005
Palo Alto NetworksPan-os👾4.1MEDIUM
PAN-OS: Local File Deletion Vulnerability
CVE-2023-0004
Palo Alto NetworksPan-os👾6.5MEDIUM
February 8
Cortex XDR Agent: Cleartext Exposure of Agent Admin Password
CVE-2023-0001
Palo Alto NetworksCortex Xdr Agent6MEDIUM
Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server
CVE-2023-0003
Palo Alto NetworksCortex Xsoar6.5MEDIUM
Cortex XDR Agent: Product Disruption by Local Windows User
CVE-2023-0002
Palo Alto NetworksCortex Xdr Agent5.5MEDIUM
November 9
Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine
CVE-2022-0031
Palo Alto NetworksCortex Xsoar6.7MEDIUM
October 12
PAN-OS: Authentication Bypass in Web Interface
CVE-2022-0030
Palo Alto NetworksPan-os👾8.1HIGH
September 14
Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File
CVE-2022-0029
Palo Alto NetworksCortex Xdr Agent👾5.5MEDIUM
August 10
PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering
CVE-2022-0028
Palo Alto NetworksCloud Ngfw👾8.6HIGH
May 11
Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports
CVE-2022-0027
Palo Alto NetworksCortex Xsoar4.3MEDIUM
PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit
CVE-2022-0024
Palo Alto NetworksPan-os👾7.2HIGH
Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
CVE-2022-0025
Palo Alto NetworksCortex Xdr Agent👾6.7MEDIUM
Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability
CVE-2022-0026
Palo Alto NetworksCortex Xdr Agent👾6.7MEDIUM
April 13
PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy
CVE-2022-0023
Palo Alto NetworksPan-os👾5.9MEDIUM
March 9
PAN-OS: Use of a Weak Cryptographic Algorithm for Stored Password Hashes
CVE-2022-0022
Palo Alto NetworksPan-os👾4.1MEDIUM
February 10
GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux
CVE-2022-0019
Palo Alto NetworksGlobalprotect App👾4.7MEDIUM
GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled
CVE-2022-0018
Palo Alto NetworksGlobalProtect App6.5MEDIUM
PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering
CVE-2022-0011
Palo Alto NetworksPan-os6.5MEDIUM
Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface
CVE-2022-0020
Palo Alto NetworksCortex Xsoar👾6.8MEDIUM
February 9
GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon
CVE-2022-0021
Palo Alto NetworksGlobalprotect App👾3.3LOW
GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon
CVE-2022-0016
Palo Alto NetworksGlobalprotect App👾7.4HIGH
GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation
CVE-2022-0017
Palo Alto NetworksGlobalprotect App👾7HIGH
January 12
Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability
CVE-2022-0012
Palo Alto NetworksCortex Xdr Agent👾6.1MEDIUM
Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session
CVE-2022-0014
Palo Alto NetworksCortex Xdr Agent👾6.7MEDIUM
Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File
CVE-2022-0013
Palo Alto NetworksCortex Xdr Agent👾5MEDIUM
Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
CVE-2022-0015
Palo Alto NetworksCortex Xdr Agent👾7.8HIGH
November 10
PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces
CVE-2021-3064
Palo Alto NetworksPan-os👾9.8CRITICAL
PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP)
CVE-2021-3060
Palo Alto NetworksPan-os👾8.1HIGH
PAN-OS: Improper Access Control Vulnerability Exposing AWS Instance Metadata Endpoint to GlobalProtect Users
CVE-2021-3062
Palo Alto NetworksPan-os👾8.1HIGH
PAN-OS: OS Command Injection Vulnerability in Web Interface XML API
CVE-2021-3058
Palo Alto NetworksPan-os👾8.8HIGH
PAN-OS: OS Command Injection Vulnerability in the Command Line Interface (CLI)
CVE-2021-3061
Palo Alto NetworksPan-os👾6.4MEDIUM
PAN-OS: Denial-of-Service (DoS) Vulnerability in GlobalProtect Portal and Gateway Interfaces
CVE-2021-3063
Palo Alto NetworksPan-os👾7.5HIGH
PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication
CVE-2021-3056
Palo Alto NetworksPan-os👾8.8HIGH
PAN-OS: OS Command Injection Vulnerability When Performing Dynamic Updates
CVE-2021-3059
Palo Alto NetworksPan-os👾8.1HIGH
October 13
GlobalProtect App: Buffer Overflow Vulnerability When Connecting to Portal or Gateway
CVE-2021-3057
Palo Alto NetworksGlobalprotect App👾8.1HIGH
September 8
Cortex XSOAR: Improper Authorization of Incident Investigations Vulnerability
CVE-2021-3049
Palo Alto NetworksCortex Xsoar👾2.6LOW
PAN-OS: Unsigned Code Execution During Plugin Installation Race Condition Vulnerability
CVE-2021-3054
Palo Alto NetworksPan-os👾7.2HIGH
PAN-OS: Reflected Cross-Site Scripting (XSS) in Web Interface
CVE-2021-3052
Palo Alto NetworksPan-os👾8HIGH
PAN-OS: XML External Entity (XXE) Reference Vulnerability in the PAN-OS Web Interface
CVE-2021-3055
Palo Alto NetworksPan-os👾6.5MEDIUM
PAN-OS: Exceptional Condition Denial-of-Service (DoS)
CVE-2021-3053
Palo Alto NetworksPan-os👾7.5HIGH
Cortex XSOAR: Authentication Bypass in SAML Authentication
CVE-2021-3051
Palo Alto NetworksCortex Xsoar👾8.1HIGH
August 11
PAN-OS: Invalid URLs in an External Dynamic List (EDL) can Lead to Firewall Outage
CVE-2021-3048
Palo Alto NetworksPan-os5.9MEDIUM