Lucene search

K

Pan Security Vulnerabilities

cve
cve

CVE-2020-2001

An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges. This issue affects: All...

9.8CVSS

9.4AI Score

0.001EPSS

2020-05-13 07:15 PM
43
cve
cve

CVE-2020-1993

The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID. This issue affects: All PAN-OS 7.1 and 8.0 versions; PAN-OS 8.1 versions earlier than...

5.4CVSS

5.3AI Score

0.001EPSS

2020-05-13 07:15 PM
37
cve
cve

CVE-2020-1997

An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and...

6.1CVSS

6.2AI Score

0.001EPSS

2020-05-13 07:15 PM
40
cve
cve

CVE-2020-1994

A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions...

4.4CVSS

4.6AI Score

0.0004EPSS

2020-05-13 07:15 PM
51
cve
cve

CVE-2020-1995

A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it...

4.9CVSS

4.9AI Score

0.001EPSS

2020-05-13 07:15 PM
49
cve
cve

CVE-2020-2002

An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use....

8.1CVSS

8.4AI Score

0.002EPSS

2020-05-13 07:15 PM
43
2
cve
cve

CVE-2020-1992

A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS....

9.8CVSS

9.4AI Score

0.013EPSS

2020-04-08 07:15 PM
21
cve
cve

CVE-2020-1990

A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 8.1 versions before 8.1.13; 9.0 versions.....

7.2CVSS

7.2AI Score

0.001EPSS

2020-04-08 07:15 PM
29
cve
cve

CVE-2020-1978

TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials. These credentials are equivalent to the credentials associated with the Contributor role in...

5.8CVSS

4.6AI Score

0.0004EPSS

2020-04-08 07:15 PM
22
cve
cve

CVE-2020-1980

A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions....

7.8CVSS

7.5AI Score

0.0004EPSS

2020-03-11 07:15 PM
32
cve
cve

CVE-2020-1979

A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue...

8.1CVSS

7.8AI Score

0.0004EPSS

2020-03-11 07:15 PM
45
cve
cve

CVE-2020-1981

A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only...

7.8CVSS

7.7AI Score

0.0004EPSS

2020-03-11 07:15 PM
28
cve
cve

CVE-2020-1975

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than...

8.8CVSS

8.5AI Score

0.001EPSS

2020-02-12 11:15 PM
50
cve
cve

CVE-2019-17440

Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080.....

10CVSS

9.6AI Score

0.002EPSS

2019-12-20 04:15 PM
34
cve
cve

CVE-2019-17437

An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0....

7.8CVSS

7.7AI Score

0.0004EPSS

2019-12-05 03:15 PM
28
cve
cve

CVE-2019-1581

A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25; 8.0 versions prior....

9.8CVSS

9.7AI Score

0.008EPSS

2019-08-23 06:15 PM
104
cve
cve

CVE-2019-1582

Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive...

7.2CVSS

7.1AI Score

0.001EPSS

2019-08-23 06:15 PM
93
cve
cve

CVE-2019-1580

Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary...

9.8CVSS

9.6AI Score

0.007EPSS

2019-08-23 06:15 PM
110
cve
cve

CVE-2019-1579

Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary...

8.1CVSS

8.4AI Score

0.967EPSS

2019-07-19 10:15 PM
1015
In Wild
2
cve
cve

CVE-2019-1575

Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and....

8.8CVSS

8.6AI Score

0.001EPSS

2019-07-16 02:15 PM
67
cve
cve

CVE-2019-1576

Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s...

8.8CVSS

8.9AI Score

0.003EPSS

2019-07-16 02:15 PM
64
cve
cve

CVE-2019-1572

PAN-OS 9.0.0 may allow an unauthenticated remote user to access php...

7.5CVSS

7.5AI Score

0.004EPSS

2019-03-26 10:29 PM
30
cve
cve

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is...

5.9CVSS

6.1AI Score

0.01EPSS

2019-02-27 11:29 PM
559
2
cve
cve

CVE-2019-1566

The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or...

6.1CVSS

6.3AI Score

0.001EPSS

2019-01-30 08:29 PM
24
cve
cve

CVE-2019-1565

The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or...

5.4CVSS

5.4AI Score

0.001EPSS

2019-01-30 08:29 PM
30
cve
cve

CVE-2018-10141

GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or...

6.1CVSS

6.2AI Score

0.001EPSS

2018-10-12 10:29 PM
36
cve
cve

CVE-2018-18065

_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of...

6.5CVSS

6.2AI Score

0.004EPSS

2018-10-08 06:29 PM
174
cve
cve

CVE-2018-10139

The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT...

6.1CVSS

6.3AI Score

0.001EPSS

2018-08-16 06:29 PM
34
cve
cve

CVE-2018-10140

The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT...

4.3CVSS

4.4AI Score

0.001EPSS

2018-08-16 06:29 PM
24
cve
cve

CVE-2018-9337

The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or...

5.4CVSS

5.5AI Score

0.001EPSS

2018-07-03 09:29 PM
23
cve
cve

CVE-2018-7636

The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted...

6.1CVSS

6.1AI Score

0.001EPSS

2018-07-03 09:29 PM
21
cve
cve

CVE-2018-9242

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request...

5.5CVSS

5.5AI Score

0.001EPSS

2018-07-03 09:29 PM
31
cve
cve

CVE-2018-9334

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML...

5.5CVSS

5.6AI Score

0.0004EPSS

2018-07-03 09:29 PM
24
cve
cve

CVE-2018-9335

The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or...

5.4CVSS

5.6AI Score

0.001EPSS

2018-07-03 09:29 PM
22
cve
cve

CVE-2017-15941

Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.7, when the GlobalProtect gateway or portal is configured, allows remote attackers to inject arbitrary web script or HTML via unspecified...

6.1CVSS

6AI Score

0.001EPSS

2018-01-10 06:29 PM
24
cve
cve

CVE-2017-16878

Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspecified...

6.1CVSS

6AI Score

0.001EPSS

2018-01-10 06:29 PM
26
cve
cve

CVE-2017-17841

Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT...

5.9CVSS

6AI Score

0.002EPSS

2018-01-10 06:29 PM
28
cve
cve

CVE-2017-15942

Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management...

7.5CVSS

7.5AI Score

0.004EPSS

2017-12-11 05:29 PM
35
cve
cve

CVE-2017-15944

Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management...

9.8CVSS

9.5AI Score

0.973EPSS

2017-12-11 05:29 PM
617
In Wild
7
cve
cve

CVE-2017-15940

The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified...

9.8CVSS

9.2AI Score

0.064EPSS

2017-12-11 05:29 PM
34
cve
cve

CVE-2017-15943

The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and...

5.3CVSS

7AI Score

0.002EPSS

2017-12-11 05:29 PM
29
cve
cve

CVE-2016-8610

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail.....

7.5CVSS

7.4AI Score

0.202EPSS

2017-11-13 10:29 PM
187
cve
cve

CVE-2017-12416

Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to...

6.1CVSS

6AI Score

0.001EPSS

2017-09-07 01:29 PM
25
cve
cve

CVE-2017-9458

XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or...

9.8CVSS

9.3AI Score

0.008EPSS

2017-09-07 01:29 PM
23
cve
cve

CVE-2017-9459

Cross-site scripting (XSS) vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified...

6.1CVSS

6AI Score

0.001EPSS

2017-08-02 07:29 PM
30
cve
cve

CVE-2017-9467

Cross-site scripting (XSS) vulnerability in the GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified...

6.1CVSS

6AI Score

0.001EPSS

2017-08-02 07:29 PM
22
cve
cve

CVE-2017-8390

The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain...

9.8CVSS

9.6AI Score

0.067EPSS

2017-08-02 07:29 PM
22
cve
cve

CVE-2015-6531

Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image...

7.8CVSS

7.8AI Score

0.004EPSS

2017-06-01 04:29 PM
18
cve
cve

CVE-2017-7216

The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request...

6.5CVSS

5.9AI Score

0.001EPSS

2017-05-02 03:59 PM
20
cve
cve

CVE-2017-7945

The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account...

9.8CVSS

9AI Score

0.006EPSS

2017-04-29 12:59 AM
30
Total number of security vulnerabilities188