Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting

PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute...

Palo Alto Networks PAN-OS 8.1.x < 8.1.23-h1 / 9.0.x < 9.0.16-h3 / 9.1.x < 9.1.14-h4 / 10.0.x < 10.0.11-h1 / 10.1.x < 10.1.6-h6 / 10.2.x < 10.2.2-h2 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.23-h1 or 9.0.x prior to 9.0.16-h3 or 9.1.x prior to 9.1.14-h4 or 10.0.x prior to 10.0.11-h1 or 10.1.x prior to 10.1.6-h6 or 10.2.x prior to 10.2.2-h2. It is, therefore, affected by a vulnerability. - A PAN-O...

CVE-2021-3060

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol SCEP feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have...

CVE-2021-3058

An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1;...

Command injection

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol SCEP feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have...

Command injection

An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface CLI enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9....

Memory corruption

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions...

CVE-2021-3063 PAN-OS: Denial-of-Service (DoS) Vulnerability in GlobalProtect Portal and Gateway Interfaces

An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send specifically crafted traffic to a GlobalProtect interface that causes the service to stop responding...

CVE-2021-3061 PAN-OS: OS Command Injection Vulnerability in the Command Line Interface (CLI)

An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface CLI enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9....

CVE-2021-3059 PAN-OS: OS Command Injection Vulnerability When Performing Dynamic Updates

An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than...

CVE-2021-3055

An improper restriction of XML external entity XXE reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash...

CVE-2021-3053 PAN-OS: Exceptional Condition Denial-of-Service (DoS)

An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request...

CVE-2021-3045

An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14;...

CVE-2021-3048

Certain invalid URL entries contained in an External Dynamic List EDL cause the Device Server daemon devsrvr to stop responding. This condition causes subsequent commits on the firewall to fail and prevents administrators from performing commits and configuration changes even though the firewall...

CVE-2021-3050 PAN-OS: OS Command Injection Vulnerability in Web Interface

An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 9.0 version 9.0.10 through PAN-OS 9.0.14; PAN-OS 9.1 version 9.1.4 through PAN-OS 9.1.10;...

CVE-2021-3048 PAN-OS: Invalid URLs in an External Dynamic List (EDL) can Lead to Firewall Outage

Certain invalid URL entries contained in an External Dynamic List EDL cause the Device Server daemon devsrvr to stop responding. This condition causes subsequent commits on the firewall to fail and prevents administrators from performing commits and configuration changes even though the firewall...

CVE-2021-3045 PAN-OS: OS Command Argument Injection in Web Interface

An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14;...

CVE-2021-3032 PAN-OS: Configuration secrets for log forwarding may be logged in system logs

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of...

CVE-2020-2022

An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacke...

Information disclosure

An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacke...