4 matches found
CVE-2020-2036
A reflected cross-site scripting XSS vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could...
CVE-2020-1978
TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability HA inadvertently collect Azure dashboard service account credentials. These credentials are equivalent to the credentials associated with the Contributor role in...
CVE-2020-1975
Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than...
CVE-2019-17440
Improper restriction of communications to Log Forwarding Card LFC on PA-7000 Series devices with second-generation Switch Management Card SMC may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and...