Palo Alto Networks Latest Vulnerabilities

November 18

Palo Alto Networks PAN-OS Privilege Escalation Vulnerability Affects Firewall

CVE-2024-9474
Palo Alto NetworksCloud Ngfw๐Ÿ‘พ7.2HIGH

Authentication Bypass Vulnerability Affects Palo Alto Networks PAN-OS Software

CVE-2024-0012
Palo Alto NetworksCloud Ngfw๐Ÿ”ฅ๐Ÿ˜„๐Ÿ‘พ9.8CRITICAL

November 14

Unathorized Access to GlobalProtect Service through Null Pointer Dereference Vulnerability

CVE-2024-2550
Palo Alto NetworksCloud Ngfw๐Ÿ‘พ

Palo Alto Networks PAN-OS Software Vulnerable to Cross-Site Scripting Attacks

CVE-2024-5920
Palo Alto NetworksCloud Ngfw๐Ÿ‘พ

Unauthenticated Server-Side Request Forgery Attack on PAN-OS Software Allows Proxy Access to Internal Network Resources

CVE-2024-5917
Palo Alto NetworksCloud Ngfw๐Ÿ‘พ

Palo Alto Networks PAN-OS Command Injection Vulnerability Allows Administrator Deletions

CVE-2024-2552
Palo Alto NetworksCloud Ngfw๐Ÿ‘พ

Improper Certificate Validation Vulnerability in Palo Alto Networks PAN-OS Software

CVE-2024-5918
Palo Alto NetworksCloud Ngfw๐Ÿ‘พ

Blind XML External Entities Injection Vulnerability Allows File Exfiltration

CVE-2024-5919
Palo Alto NetworksCloud Ngfw๐Ÿ‘พ

Unauthenticated Null Pointer Dereference Vulnerability Leads to DoS Condition and Maintenance Mode

CVE-2024-2551
Palo Alto NetworksCloud Ngfw๐Ÿ‘พ

Palo Alto Networks PAN-OS Software Under Denial of Service Attack via Null Pointer Dereference

CVE-2024-9472
Palo Alto NetworksCloud Ngfw๐Ÿ‘พ

October 9

UnAuthenticated SQL Injection Vulnerability in Palo Alto Networks Expedition

CVE-2024-9465
Palo Alto NetworksExpedition๐Ÿ‘พ9.1CRITICAL

OS Command Injection Vulnerability in Palo Alto Networks Expedition

CVE-2024-9464
Palo Alto NetworksExpedition๐Ÿ˜„๐Ÿ‘พ6.5MEDIUM

Privilege Escalation Vulnerability in Palo Alto Networks GlobalProtect for Windows

CVE-2024-9473
Palo Alto NetworksGlobalprotect App๐Ÿ‘พ7.8HIGH

Cortex XDR Agent: Local Windows User Can Disable the Agent

CVE-2024-9469
Palo Alto NetworksCortex Xdr Agent๐Ÿ‘พ5.5MEDIUM

Expedition: Reflected Cross-Site Scripting Vulnerability Leads to Expedition Session Disclosure

CVE-2024-9467
Palo Alto NetworksExpedition๐Ÿ‘พ6.1MEDIUM

Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9463
Palo Alto NetworksExpedition๐Ÿ‘พ7.5HIGH

PAN-OS: Privilege Escalation (PE) Vulnerability in XML API

CVE-2024-9471
Palo Alto NetworksPan-os๐Ÿ‘พ4.7MEDIUM

PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet

CVE-2024-9468
Palo Alto NetworksPan-os๐Ÿ‘พ

Cortex XSOAR: Information Disclosure Vulnerability

CVE-2024-9470
Palo Alto NetworksCortex Xsoar๐Ÿ‘พ

Sensitive Information Vulnerability in Palo Alto Networks Expedition

CVE-2024-9466
Palo Alto NetworksExpedition๐Ÿ‘พ6.5MEDIUM

September 11

Palo Alto Networks GlobalProtect Vulnerability: Impersonation of Authenticated Users

CVE-2024-8691
Palo Alto NetworksPan-os๐Ÿ‘พ7.1HIGH

Palo Alto Networks Cortex XDR Agent Vulnerability Allows Malware Disablement

CVE-2024-8690
Palo Alto NetworksCortex Xdr Agent๐Ÿ‘พ4.4MEDIUM

Cleartext Exposure of Configured ActiveMQ Credentials in Log Bundles

CVE-2024-8689
Palo Alto NetworksActiveMQ Content Pack๐Ÿ‘พ

Improper Neutralization of Matching Symbols Vulnerability in Palo Alto Networks PAN-OS CLI

CVE-2024-8688
Palo Alto NetworksPan-os๐Ÿ‘พ4.4MEDIUM

GlobalProtect Information Exposure Vulnerability

CVE-2024-8687
Palo Alto NetworksPan-os๐Ÿ‘พ7.1HIGH

Palo Alto Networks PAN-OS Command Injection Vulnerability Allows Rooted Access

CVE-2024-8686
Palo Alto NetworksPan-os๐Ÿ‘พ7.2HIGH

August 14

Palo Alto Networks GlobalProtect App Privilege Escalation Vulnerability Allows Local User Elevated Access

CVE-2024-5915
Palo Alto NetworksGlobalprotect App๐Ÿ‘พ7.8HIGH

Information Exposure Vulnerability in Palo Alto Networks PAN-OS software

CVE-2024-5916
Palo Alto NetworksPan-os4.4MEDIUM

Unauthenticated Command Injection Vulnerability in Palo Alto Networks Cortex XSOAR CommonScripts Pack

CVE-2024-5914
Palo Alto NetworksCortex Xsoar Commonscr...9.8CRITICAL

July 10

Attackers can elevate privileges by tampering with physical file system

CVE-2024-5913
Palo Alto NetworksPan-os๐Ÿ‘พ6.1MEDIUM

Improper File Signature Check Could Bypass Executable Blocking

CVE-2024-5912
Palo Alto NetworksCortex Xdr Agent๐Ÿ‘พ

Panorama vulnerability allows unauthorized access and system disruption

CVE-2024-5911
Palo Alto NetworksPan-os๐Ÿ‘พ

Expedition Admin Account Takeover Risk Due to Missing Authentication

CVE-2024-5910
Palo Alto NetworksExpedition๐Ÿ”ฅ๐Ÿ˜„๐Ÿ‘พ9.8CRITICAL

June 12

Difficult-to-exploit privilege escalation vulnerability in Palo Alto Networks Cortex XDR agent on Windows devices

CVE-2024-5907
Palo Alto NetworksCortex Xdr Agent๐Ÿ‘พ7HIGH

Palo Alto Networks Prisma Cloud Compute Cross-Site Scripting Vulnerability

CVE-2024-5906
Palo Alto NetworksPrisma Cloud4.8MEDIUM

Encrypted User Credentials Exposed in Application Logs

CVE-2024-5908
Palo Alto NetworksGlobalprotect App๐Ÿ‘พ7.5HIGH

Low Privileged User Can Disable Palo Alto Networks Cortex XDR Agent on Windows Devices

CVE-2024-5909
Palo Alto NetworksCortex Xdr Agent5.5MEDIUM

Local Privileged User Vulnerability Affects Cortex XDR Agent on Windows Devices

CVE-2024-5905
Palo Alto NetworksCortex Xdr Agent4.4MEDIUM

April 12

Palo Alto Networks PAN-OS Command Injection Vulnerability

CVE-2024-3400
Palo Alto NetworksPan-os๐Ÿ”ฅ๐Ÿ˜„๐Ÿ‘พ10CRITICAL

April 10

Attacker can impersonate another user and send network packets to internal assets

CVE-2024-3388
Palo Alto NetworksPan-os4.1MEDIUM

Attacker can perform MitM attack to capture encrypted traffic

CVE-2024-3387
Palo Alto NetworksPan-os5.3MEDIUM

Incorrect String Comparison Vulnerability Affects Predefined Decryption Exclusions in Palo Alto Networks PAN-OS Software

CVE-2024-3386
Palo Alto NetworksPan-os๐Ÿ‘พ5.3MEDIUM

Remote Attackers Can Reboot Palo Alto Networks Firewalls, Requiring Manual Intervention

CVE-2024-3385
Palo Alto NetworksPan-os7.5HIGH

Palo Alto Networks PAN-OS Software Vulnerability Allows Remote Reboot of Firewalls

CVE-2024-3384
Palo Alto NetworksPan-os7.5HIGH

Palo Alto Networks PAN-OS Vulnerability: Modification of User-ID Groups

CVE-2024-3383
Palo Alto NetworksPan-os๐Ÿ‘พ7.4HIGH

Memory Leak in PAN-OS Software Allows Attackers to Bypass Firewall

CVE-2024-3382
Palo Alto NetworksPan-os7.5HIGH

March 13

Improper Authorization Vulnerability in Palo Alto Networks Panorama Software

CVE-2024-2433
Palo Alto NetworksPan-os๐Ÿ‘พ4.3MEDIUM

Palo Alto Networks GlobalProtect Privilege Escalation Vulnerability

CVE-2024-2432
Palo Alto NetworksGlobalprotect App4.5MEDIUM

Non-Privileged User Disables GlobalProtect App in Configurations Allowing Passcode Disablement

CVE-2024-2431
Palo Alto NetworksGlobalprotect App๐Ÿ‘พ5.5MEDIUM

February 14

Palo Alto Networks PAN-OS Software Vulnerable to Reflected Cross-Site Scripting Attacks

CVE-2024-0011
Palo Alto NetworksPan-os๐Ÿ‘พ4.3MEDIUM

Palo Alto Networks PAN-OS Portal Feature Vulnerable to Reflected Cross-Site Scripting Attacks

CVE-2024-0010
Palo Alto NetworksPan-os๐Ÿ‘พ4.3MEDIUM

Improper Verification Vulnerability in GlobalProtect Gateway Could Enable Unauthorized Access

CVE-2024-0009
Palo Alto NetworksPan-os๐Ÿ‘พ6.3MEDIUM

Unauthorized Access Vulnerability in PAN-OS Software

CVE-2024-0008
Palo Alto NetworksPan-os๐Ÿ‘พ6.6MEDIUM

Palo Alto Networks PAN-OS Software Vulnerable to Cross-Site Scripting Attacks

CVE-2024-0007
Palo Alto NetworksPan-os๐Ÿ‘พ6.8MEDIUM

December 13

PAN-OS: OS Command Injection Vulnerability in the XML API

CVE-2023-6792
Palo Alto NetworksPan-os๐Ÿ‘พ5.5MEDIUM

PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator

CVE-2023-6793
Palo Alto NetworksPAN-OS2.7LOW

PAN-OS: File Upload Vulnerability in the Web Interface

CVE-2023-6794
Palo Alto NetworksPAN-OS5.5MEDIUM

PAN-OS: OS Command Injection Vulnerability in the Web Interface

CVE-2023-6795
Palo Alto NetworksPAN-OS5.5MEDIUM

PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface

CVE-2023-6790
Palo Alto NetworksPAN-OS8.8HIGH

PAN-OS: Plaintext Disclosure of External System Integration Credentials

CVE-2023-6791
Palo Alto NetworksPAN-OS4.9MEDIUM

PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

CVE-2023-6789
Palo Alto NetworksPAN-OS4.3MEDIUM

November 8

Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine

CVE-2023-3282
Palo Alto NetworksCortex Xsoar๐Ÿ‘พ6.4MEDIUM

September 13

Cortex XDR Agent: Local Windows User Can Disable the Agent

CVE-2023-3280
Palo Alto NetworksCortex XDR Agent5.5MEDIUM

July 12

PAN-OS: Read System Files and Resources During Configuration Commit

CVE-2023-38046
Palo Alto NetworksPAN-OS4.9MEDIUM

June 14

PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication

CVE-2023-0010
Palo Alto NetworksPan-os๐Ÿ‘พ5.4MEDIUM

GlobalProtect App: Local Privilege Escalation (PE) Vulnerability

CVE-2023-0009
Palo Alto NetworksGlobalprotect App๐Ÿ‘พ7.8HIGH

May 10

PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface

CVE-2023-0008
Palo Alto NetworksPan-os๐Ÿ‘พ4.4MEDIUM

PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface

CVE-2023-0007
Palo Alto NetworksPan-os๐Ÿ‘พ6.5MEDIUM

April 12

GlobalProtect App: Local File Deletion Vulnerability

CVE-2023-0006
Palo Alto NetworksGlobalprotect App๐Ÿ‘พ6.3MEDIUM

PAN-OS: Exposure of Sensitive Information Vulnerability

CVE-2023-0005
Palo Alto NetworksPan-os๐Ÿ‘พ4.1MEDIUM

PAN-OS: Local File Deletion Vulnerability

CVE-2023-0004
Palo Alto NetworksPan-os๐Ÿ‘พ6.5MEDIUM

February 8

Cortex XDR Agent: Cleartext Exposure of Agent Admin Password

CVE-2023-0001
Palo Alto NetworksCortex Xdr Agent6MEDIUM

Cortex XDR Agent: Product Disruption by Local Windows User

CVE-2023-0002
Palo Alto NetworksCortex Xdr Agent5.5MEDIUM

Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server

CVE-2023-0003
Palo Alto NetworksCortex Xsoar6.5MEDIUM

November 9

Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine

CVE-2022-0031
Palo Alto NetworksCortex Xsoar6.7MEDIUM

October 12

PAN-OS: Authentication Bypass in Web Interface

CVE-2022-0030
Palo Alto NetworksPan-os๐Ÿ‘พ8.1HIGH

September 14

Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File

CVE-2022-0029
Palo Alto NetworksCortex Xdr Agent๐Ÿ‘พ5.5MEDIUM

August 10

PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering

CVE-2022-0028
Palo Alto NetworksCloud Ngfw๐Ÿ‘พ8.6HIGH

May 11

Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports

CVE-2022-0027
Palo Alto NetworksCortex Xsoar4.3MEDIUM

Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability

CVE-2022-0026
Palo Alto NetworksCortex Xdr Agent๐Ÿ‘พ6.7MEDIUM

PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit

CVE-2022-0024
Palo Alto NetworksPan-os๐Ÿ‘พ7.2HIGH

Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability

CVE-2022-0025
Palo Alto NetworksCortex Xdr Agent๐Ÿ‘พ6.7MEDIUM

April 13

PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy

CVE-2022-0023
Palo Alto NetworksPan-os๐Ÿ‘พ5.9MEDIUM

March 9

PAN-OS: Use of a Weak Cryptographic Algorithm for Stored Password Hashes

CVE-2022-0022
Palo Alto NetworksPan-os๐Ÿ‘พ4.1MEDIUM

February 10

PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering

CVE-2022-0011
Palo Alto NetworksPan-os6.5MEDIUM

GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux

CVE-2022-0019
Palo Alto NetworksGlobalprotect App๐Ÿ‘พ4.7MEDIUM

GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled

CVE-2022-0018
Palo Alto NetworksGlobalProtect App6.5MEDIUM

Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface

CVE-2022-0020
Palo Alto NetworksCortex Xsoar๐Ÿ‘พ6.8MEDIUM

February 9

GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon

CVE-2022-0021
Palo Alto NetworksGlobalprotect App๐Ÿ‘พ3.3LOW

GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon

CVE-2022-0016
Palo Alto NetworksGlobalprotect App๐Ÿ‘พ7.4HIGH

GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation

CVE-2022-0017
Palo Alto NetworksGlobalprotect App๐Ÿ‘พ7HIGH

January 12

Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File

CVE-2022-0013
Palo Alto NetworksCortex Xdr Agent๐Ÿ‘พ5MEDIUM

Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability

CVE-2022-0012
Palo Alto NetworksCortex Xdr Agent๐Ÿ‘พ6.1MEDIUM

Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability

CVE-2022-0015
Palo Alto NetworksCortex Xdr Agent๐Ÿ‘พ7.8HIGH

Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session

CVE-2022-0014
Palo Alto NetworksCortex Xdr Agent๐Ÿ‘พ6.7MEDIUM

November 10

PAN-OS: Improper Access Control Vulnerability Exposing AWS Instance Metadata Endpoint to GlobalProtect Users

CVE-2021-3062
Palo Alto NetworksPan-os๐Ÿ‘พ8.1HIGH

PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP)

CVE-2021-3060
Palo Alto NetworksPan-os๐Ÿ‘พ8.1HIGH

PAN-OS: Denial-of-Service (DoS) Vulnerability in GlobalProtect Portal and Gateway Interfaces

CVE-2021-3063
Palo Alto NetworksPan-os๐Ÿ‘พ7.5HIGH

PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces

CVE-2021-3064
Palo Alto NetworksPan-os๐Ÿ‘พ9.8CRITICAL

PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication

CVE-2021-3056
Palo Alto NetworksPan-os๐Ÿ‘พ8.8HIGH