EUVD-2018-20931

Malware in sbrugna...

EUVD-2020-12783

Malware in sbrugna...

EUVD-2016-4681

Malware in sbrugna...

EUVD-2019-10123

Malware in sbrugna...

EUVD-2018-20836

Malware in sbrugna...

EUVD-2021-26400

Malware in sbrugna...

EUVD-2020-22028

Malware in sbrugna...

EUVD-2012-6446

Malware in sbrugna...

EUVD-2019-10137

Malware in sbrugna...

CVE-2019-1582

Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session...

March episode “In the Trend of VM” (#13): vulnerabilities of Microsoft, PAN-OS, СommuniGate and who should patch hosts with deployed application

March episode "In the Trend of VM" 13: vulnerabilities of Microsoft, PAN-OS, СommuniGate and who should patch hosts with deployed application. I'm posting the translated video with a big delay, but it's better than never. Video on YouTube and LinkedIn Post on Habr rus Digest on the PT website...

Wiz observes exploitation in the wild of PAN-OS vulnerabilities

Detect and mitigate CVE-2024-0012 and CVE-2024-9474, PAN-OS vulnerabilities which Wiz Threat Research has observed being exploited in-the-wild. Organizations should patch urgently...

Palo Alto Networks PAN-OS 10.2.x < 10.2.0-h4 / 10.2.x < 10.2.1-h3 / 10.2.x < 10.2.2-h6 / 10.2.x < 10.2.3-h14 / 10.2.x < 10.2.4-h32 / 10.2.x < 10.2.5-h9 / 10.2.x < 10.2.6-h6 / 10.2.x < 10.2.7-h18 / 10.2.x < 10.2.8-h15 / 10.2.x < 10.2.9-h16 / 10.2.x < 10.2.10-h9 / 10.2.x < 10.2.11-h6 / 10.2.x < 10.2.12-h2 / 11.0.x < 11.0.0-h4 / 11.0.x < 11.0.1-h5 / 11.0.x < 11.0.2-h5 / 11.0.x < 11.0.3-h13 / 11.0.x < 11.0.4-h6 / 11.0.x < 11.0.5-h2 / 11.0.x < 11.0.6-h1 / 11.1.x < 11.1.0-h4 / 11.1.x < 11.1.1-h2 / 11.1.x < 11.1.2-h15 / 11.1.x < 11.1.3-h11 / 11.1.x < 11.1.4-h7 / 11.1.x < 11.1.5-h1 / 11.2.x < 11.2.1-h1 / 11.2.x < 11.2.2-h2 / 11.2.x < 11.2.3-h3 / 11.2.x < 11.2.4-h1 Multiple Vulnerabilities

The version of Palo Alto Networks PAN-OS running on the remote host is 10.2.x prior to 10.2.0-h4 or 10.2.x prior to 10.2.1-h3 or 10.2.x prior to 10.2.2-h6 or 10.2.x prior to 10.2.3-h14 or 10.2.x prior to 10.2.4-h32 or 10.2.x prior to 10.2.5-h9 or 10.2.x prior to 10.2.6-h6 or 10.2.x prior to...

Vulnerabilities fixed in Palo Alto PAN-OS and GlobalProtect

Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root privileges...

CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication

When Security Assertion Markup Language SAML authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled unchecked, improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources...

PT-2017-14301

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS versions prior to 6.1.19 Palo Alto Networks PAN-OS versions 7.0.x prior to 7.0.19 Palo Alto Networks PAN-OS versions 7.1.x prior to 7.1.14 Palo Alto Networks PAN-OS versions 8.0.x prior to 8.0.6 Description The issue...

Information Disclosure in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow for Information Disclosure. The Management Web Interface does not properly validate specific request parameters which can potentially allow for Information Disclosure. Ref PAN-70434 / CVE-2017-7216 Successfully exploiting thi...

Local Privilege Escalation

Palo Alto Networks firewalls do not properly validate certain environment variables which can potentially allow executing code with higher privileges Ref PAN-61104/100499/CVE-2016-9151 A potential attacker with local shell access could manipulate arbitrary environment variables which could result...

Unauthenticated Command Injection in Management Web Interface

Palo Alto Networks PAN-OS implements an API to enable programmatic device configuration and administration of the device. An issue was identified where the management API incorrectly parses input to a specific API call, leading to execution of arbitrary OS commands without authentication via the...

Verbose Error Messages

Under certain conditions, when unexpected input is provided to the web-based management UI, overly verbose error information is delivered back to the client. This does not directly result in any specific vulnerability, however this information is helpful to an attacker. Ref 33139 This issue resul...