145 matches found
CVE-2025-0133 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal
A reflected cross-site scripting XSS vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The...
CVE-2025-0133 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal
A reflected cross-site scripting XSS vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The...
Palo Alto Networks PAN-OS 10.2.x < 10.2.17 / 11.1.x < 11.1.11 / 11.2.x < 11.2.7 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 10.2.x prior to 10.2.17, 11.1.x prior to 11.1.11, or 11.2.x prior to 11.2.7. It is, therefore, affected by a vulnerability. A reflected cross-site scripting XSS vulnerability in the GlobalProtect gateway and portal features of...
CVE-2023-20269
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or ...
VulnCheck KEV: CVE-2023-20269
Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or establish a clientless SSL VPN...
JSA10412 - VU#261869 - Clientless PCS products break web browser's domain-based security models
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Clientless PCS products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or...
Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions
Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances. The issue, assigned the identifier CVE-2022-20866 CVSS score: 7.4, has been described as a "logic error" when handling RSA keys on devices...
The vulnerability of the Clientless SSL VPN (WebVPN) component of the Cisco Adaptive Security Appliance Software (ASA) allows a attacker to perform a “HTTP request hijacking” attack.
The vulnerability of the Clientless SSL VPN WebVPN component of the Cisco Adaptive Security Appliance Software ASA relates to deficiencies in HTTP request processing. Exploiting this vulnerability could allow a malicious actor to carry out an “HTTP request hijacking” attack...
Cisco Adaptive Security Appliances Software 跨站脚本漏洞
Cisco ASA is a family of firewalls for enterprise security applications from Cisco. A cross-site scripting vulnerability exists in the Cisco Adaptive Security Appliance ASA Software that stems from incorrect validation of input passed to a clientless SSL VPN component...
Configure Enterprise File Shares to Use Microsoft Hidden Shares on Windows Server 2008
This article describes how to configure Enterprise File Shares on Access Gateway Enterprise Edition appliance to use Microsoft hidden shares and the %username% environment variable on Microsoft Windows Server 2008. Requirements Remote Desktop Protocol RDP or console access to the Windows Active...
Cisco Adaptive Security Appliance Software Clientless SSL VPN Heap Overflow (cisco-sa-asa-ssl-vpn-heap-zLX3FdX)
According to its self-reported version, Cisco ASA Software is affected by an heap overflow condition in the handler for HTTP authentication resources accessed through the Clientless SSL VPN portal which allows an authenticated, remote attacker to cause a denial of service condition or obtain...
CVE-2022-20737
A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device or to obtain portion...
The vulnerability of the Clientless SSL VPN microprogramming system software of Cisco Adaptive Security Appliance Software (ASA) allows a intruder to cause a service failure or expose protected information.
The vulnerability of the Clientless SSL VPN microprogramming system software of Cisco Adaptive Security Appliance ASA is caused by a buffer overflow in the dynamic memory. Exploiting this vulnerability can allow an attacker to cause a service failure or expose sensitive information...
CVE-2022-20737
A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device or to obtain portion...
Palo Alto Networks PAN-OS 8.1.x < 8.1.20 / 9.0.x < 9.0.14 / 9.1.x < 9.1.9 / 10.0.x < 10.0.1 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.20 or 9.0.x prior to 9.0.14 or 9.1.x prior to 9.1.9 or 10.0.x prior to 10.0.1. It is, therefore, affected by a vulnerability. - A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect...
The vulnerability of the Palo Alto Networks PAN-OS GlobalProtect Clientless VPN operating system allows a attacker to execute arbitrary code with root privileges.
The vulnerability of the Palo Alto Networks PAN-OS GlobalProtect Clientless VPN operating system stems from buffer overflows in the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with root privileges remotely...
Memory corruption
A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions...
CVE-2020-2050
An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to...
Authentication flaw
An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to...
5G, Security, IoT, Asavie and Akamai
Malicious actors never seem to rest and have always worked remotely. That simple realization hit home during recent global events. Specifically, Akamai saw an increase in malware traffic of over 400% between March 9, 2020 and May 11, 2020 from corporate devices, most of which were being used...