PT-2024-10388 · Palo Alto Networks · Palo Alto Networks Globalprotect

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks GlobalProtect affected versions not specified Description: The issue is related to an insufficient certification validation in the GlobalProtect app, allowing attackers to connect the app to arbitrary servers. This can enab...

PAN-OS: Use of a Weak Cryptographic Algorithm for Stored Password Hashes

Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal non-FIPS-CC operationa...

CVE-2020-2028

An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1 versions earlier...

Command injection

An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1 versions earlier...

CVE-2020-2028 PAN-OS: OS command injection vulnerability in FIPS-CC mode certificate verification

An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1 versions earlier...

CVE-2020-2028

CVE-2020-2028 describes an OS command injection vulnerability in Palo Alto Networks PAN-OS management server that allows authenticated administrators to execute arbitrary commands with root privileges when uploading a new certificate in FIPS-CC mode. Affected products/versions are PAN-OS 7.1.x, a...

PAN-OS: OS command injection vulnerability in FIPS-CC mode certificate verification

An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode. Work around: This issue affects the management interface of PAN-OS and you can mitigate the...