10 matches found
EUVD-2020-22057
Malware in sbrugna...
CVE-2025-0126 PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. T...
About Authentication Bypass – PAN-OS (CVE-2025-0108) vulnerability
About Authentication Bypass - PAN-OS CVE-2025-0108 vulnerability. PAN-OS is the operating system used in all Palo Alto Network NGFWs. This vulnerability allows an unauthenticated attacker to gain access to the PAN-OS management web interface. The attacker can then "invoke certain PHP scripts",...
CVE-2025-0109
An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but doe...
CVE-2025-0111 PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface
An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by...
PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface
An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but doe...
Denial of Service in PAN-OS Management Interface
A Denial of Service vulnerability exists in the SNMP library that affects PAN-OS Management Interface. Ref PAN-106922, CVE-2018-18065. Successful exploitation of this issue would allow a remote unauthenticated user to cause the SNMP daemon to crash, resulting in a denial of service. The...
Denial of Service in PAN-OS Management Interface
A Denial of Service vulnerability exists in the SNMP library that affects PAN-OS Management Interface. Ref PAN-106922, CVE-2018-18065. Successful exploitation of this issue would allow a remote unauthenticated user to cause the SNMP daemon to crash, resulting in a denial of service. The...
Information Disclosure in the PAN-OS Management Web Interface
A local privilege escalation vulnerability exists in the PAN-OS management web interface that allows the administrator to access the password hashes of local users by manipulating the HTML markup. Ref. PAN-91564; CVE-2018-9334 Successful exploitation of this issue requires the attacker to be...
Information Disclosure in the Management Web Interface
A vulnerability exists in the Management Web Interface of PAN-OS, that could allow for Information Disclosure. The Management Web Interface does not properly validate certain permissions which could allow for Information Disclosure. Ref PAN-70541 / CVE-2017-7644 Successfully exploiting this issue...