Filtered by vendor Paloaltonetworks
Subscribe
Total
309 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6599 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | 9.0 HIGH | N/A |
|
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476.
|
|||||
| CVE-2012-6603 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | 10.0 HIGH | N/A |
|
The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034.
|
|||||
| CVE-2012-6591 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | 9.0 HIGH | N/A |
|
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 31116.
|
|||||
| CVE-2013-5664 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via crafted data, aka Ref ID 50908.
|
|||||
| CVE-2012-6593 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | 10.0 HIGH | N/A |
|
Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 30088.
|
|||||
| CVE-2012-6597 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | 6.3 MEDIUM | N/A |
|
Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (management-server crash) by using the command-line interface for a crafted command, aka Ref ID 35254.
|
|||||
| CVE-2012-6606 | 1 Paloaltonetworks | 2 Globalprotect, Netconnect | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof portal servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2012-6600 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | 9.0 HIGH | N/A |
|
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502.
|
|||||
| CVE-2012-6594 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | 9.0 HIGH | N/A |
|
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x before 4.0.8, and 4.1.x before 4.1.1 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34299.
|
|||||
| CVE-2012-6590 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote attackers to obtain verbose error information via crafted input, aka Ref ID 33139.
|
|||||
| CVE-2012-6601 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | 10.0 HIGH | N/A |
|
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to execute arbitrary code via unspecified vectors, aka Ref ID 36983.
|
|||||
| CVE-2012-6602 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | 9.0 HIGH | N/A |
|
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 30122.
|
|||||
| CVE-2012-6592 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | 10.0 HIGH | N/A |
|
Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 31091.
|
|||||
| CVE-2012-6605 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | 9.0 HIGH | N/A |
|
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 34896.
|
|||||
| CVE-2023-0003 | 2 Fedoraproject, Paloaltonetworks | 2 Fedora, Cortex Xsoar | 2025-02-13 | N/A | 6.5 MEDIUM |
|
A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.
|
|||||
| CVE-2024-3388 | 1 Paloaltonetworks | 2 Pan-os, Prisma Access | 2025-01-24 | N/A | 4.1 MEDIUM |
|
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.
|
|||||
| CVE-2024-5920 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | N/A | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator's browser.
|
|||||
| CVE-2024-5919 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | N/A | 6.5 MEDIUM |
|
A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.
|
|||||
| CVE-2024-5917 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | N/A | 4.9 MEDIUM |
|
A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible.
|
|||||
| CVE-2024-2552 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | N/A | 6.0 MEDIUM |
|
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.
|
|||||
| CVE-2024-2551 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | N/A | 7.5 HIGH |
|
A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.
|
|||||
| CVE-2024-2550 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | N/A | 7.5 HIGH |
|
A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.
|
|||||
| CVE-2024-5913 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | N/A | 6.1 MEDIUM |
|
An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.
|
|||||
| CVE-2024-3386 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | N/A | 5.3 MEDIUM |
|
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.
|
|||||
| CVE-2024-3385 | 1 Paloaltonetworks | 8 Pa-5410, Pa-5420, Pa-5430 and 5 more | 2025-01-24 | N/A | 7.5 HIGH |
|
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.
This affects the following hardware firewall models:
- PA-5400 Series firewalls
- PA-7000 Series firewalls
|
|||||
| CVE-2024-3384 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | N/A | 7.5 HIGH |
|
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.
|
|||||
| CVE-2024-3383 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | N/A | 7.4 HIGH |
|
A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.
|
|||||
| CVE-2024-3382 | 1 Paloaltonetworks | 6 Pa-5410, Pa-5420, Pa-5430 and 3 more | 2025-01-22 | N/A | 7.5 HIGH |
|
A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.
|
|||||
| CVE-2024-3661 | 9 Apple, Cisco, Citrix and 6 more | 12 Iphone Os, Macos, Anyconnect Vpn Client and 9 more | 2025-01-15 | N/A | 7.6 HIGH |
|
DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
|
|||||
| CVE-2024-0007 | 1 Paloaltonetworks | 4 Pan-os, Panorama M-200, Panorama M-500 and 1 more | 2024-12-17 | N/A | 6.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator.
|
|||||
| CVE-2024-0008 | 1 Paloaltonetworks | 1 Pan-os | 2024-12-09 | N/A | 6.6 MEDIUM |
|
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.
|
|||||
| CVE-2024-0009 | 1 Paloaltonetworks | 1 Pan-os | 2024-12-09 | N/A | 6.3 MEDIUM |
|
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.
|
|||||
| CVE-2024-0010 | 1 Paloaltonetworks | 1 Pan-os | 2024-12-09 | N/A | 4.3 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.
|
|||||
| CVE-2024-0011 | 1 Paloaltonetworks | 1 Pan-os | 2024-12-09 | N/A | 4.3 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.
|
|||||
| CVE-2024-9473 | 1 Paloaltonetworks | 1 Globalprotect | 2024-11-21 | N/A | 7.8 HIGH |
|
A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect.
|
|||||
| CVE-2024-5909 | 1 Paloaltonetworks | 1 Cortex Xdr Agent | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
|
|||||
| CVE-2024-5908 | 1 Paloaltonetworks | 1 Globalprotect | 2024-11-21 | N/A | 7.5 HIGH |
|
A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these encrypted credentials are exposed to recipients of the application logs.
|
|||||
| CVE-2024-5907 | 1 Paloaltonetworks | 1 Cortex Xdr Agent | 2024-11-21 | N/A | 7.0 HIGH |
|
A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.
|
|||||
| CVE-2024-5906 | 1 Paloaltonetworks | 1 Prisma Cloud | 2024-11-21 | N/A | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user's browser when accessed by that other user.
|
|||||
| CVE-2024-5905 | 1 Paloaltonetworks | 1 Cortex Xdr Agent | 2024-11-21 | N/A | 4.4 MEDIUM |
|
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability.
|
|||||