Lucene search
K

60 matches found

Nuclei
Nuclei
added 16 hours ago79 views

Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting

PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute...

8.8CVSS7.2AI score0.2389EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/04/10 12:0 a.m.22 views

Palo Alto Networks PAN-OS 8.1.x < 8.1.24 / 9.0.x < 9.0.17 / 9.1.x < 9.1.15-h1 / 10.0.x < 10.0.12 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.24 or 9.0.x prior to 9.0.17 or 9.1.x prior to 9.1.15-h1 or 10.0.x prior to 10.0.12. It is, therefore, affected by a vulnerability. - A vulnerability in Palo Alto Networks PAN-OS software enables a remote...

7.5CVSS7.4AI score0.00885EPSS
Exploits0References2
NVD
NVD
added 2022/10/12 5:15 p.m.33 views

CVE-2022-0030

An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions...

8.1CVSS0.0083EPSS
Exploits0References1
OSV
OSV
added 2022/10/12 5:15 p.m.8 views

CVE-2022-0030

An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions...

8.1CVSS5.8AI score0.0083EPSS
Exploits0References1
Prion
Prion
added 2022/10/12 5:15 p.m.21 views

Authentication flaw

An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions...

5.1CVSS8AI score0.0083EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/10/12 4:30 p.m.96 views

CVE-2022-0030

Summary of CVE-2022-0030 (PAN-OS) Affected: Palo Alto Networks PAN-OS 8.1.x prior to 8.1.24 (web interface).Vulnerability: Authentication bypass allowing a network-based attacker with specific knowledge of the target firewall or Panorama to impersonate an existing PAN-OS administrator and perform...

8.1CVSS8.2AI score0.0083EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/10/12 12:0 a.m.28 views

Palo Alto Networks PAN-OS 8.1.x < 8.1.24 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.24. It is, therefore, affected by a vulnerability. - An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the...

8.1CVSS7.8AI score0.0083EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/08/11 12:0 a.m.64 views

Palo Alto Networks PAN-OS 8.1.x < 8.1.23-h1 / 9.0.x < 9.0.16-h3 / 9.1.x < 9.1.14-h4 / 10.0.x < 10.0.11-h1 / 10.1.x < 10.1.6-h6 / 10.2.x < 10.2.2-h2 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.23-h1 or 9.0.x prior to 9.0.16-h3 or 9.1.x prior to 9.1.14-h4 or 10.0.x prior to 10.0.11-h1 or 10.1.x prior to 10.1.6-h6 or 10.2.x prior to 10.2.2-h2. It is, therefore, affected by a vulnerability. - A PAN-O...

8.6CVSS8.1AI score0.02041EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/11/12 12:0 a.m.51 views

Palo Alto Networks PAN-OS 8.1.x < 8.1.17 Memory Corruption

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.17. It is, therefore, affected by a memory corruption vulnerability. This vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based...

10CVSS8.9AI score0.19087EPSS
Exploits1References3
NVD
NVD
added 2021/11/10 5:15 p.m.26 views

CVE-2021-3060

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol SCEP feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have...

9.3CVSS0.33875EPSS
Exploits1References3
NVD
NVD
added 2021/11/10 5:15 p.m.23 views

CVE-2021-3058

An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1;...

9CVSS0.01649EPSS
Exploits0References1
Prion
Prion
added 2021/11/10 5:15 p.m.20 views

Memory corruption

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions...

8.5CVSS8.9AI score0.01488EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/11/10 5:15 p.m.22 views

Command injection

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol SCEP feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have...

9.3CVSS8.5AI score0.33875EPSS
Exploits1References3Affected Software2
Prion
Prion
added 2021/11/10 5:15 p.m.14 views

Command injection

An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface CLI enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9....

9CVSS7.4AI score0.00859EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2021/11/10 5:15 p.m.40 views

Memory corruption

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the...

10CVSS9.7AI score0.19087EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/11/10 5:10 p.m.26 views

CVE-2021-3063 PAN-OS: Denial-of-Service (DoS) Vulnerability in GlobalProtect Portal and Gateway Interfaces

An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send specifically crafted traffic to a GlobalProtect interface that causes the service to stop responding...

7.5CVSS7.6AI score0.00904EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/11/10 5:10 p.m.22 views

CVE-2021-3061 PAN-OS: OS Command Injection Vulnerability in the Command Line Interface (CLI)

An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface CLI enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9....

6.4CVSS7.6AI score0.00859EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/11/10 5:10 p.m.21 views

CVE-2021-3059 PAN-OS: OS Command Injection Vulnerability When Performing Dynamic Updates

An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than...

8.1CVSS8.7AI score0.0154EPSS
Exploits0References1
NVD
NVD
added 2021/09/08 5:15 p.m.23 views

CVE-2021-3055

An improper restriction of XML external entity XXE reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash...

7.5CVSS0.01073EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/08 5:10 p.m.20 views

CVE-2021-3053 PAN-OS: Exceptional Condition Denial-of-Service (DoS)

An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request...

7.5CVSS7.6AI score0.01008EPSS
Exploits0References1
Rows per page
Query Builder