CVE-2025-4615

The CVE-2025-4615 entry concerns Palo Alto Networks PAN-OS management web interface. An improper input neutralization vulnerability allows an authenticated administrator to bypass system restrictions and execute arbitrary commands. Affected PAN-OS versions are indicated in Nessus plugin reference...

The vulnerability in the web interface of the PAN-OS operating system of the Palo Alto Networks Panorama network switch management system allows a attacker to carry out cross-site scripting attacks.

The vulnerability of the PAN-OS operating system’s web interface in the Palo Alto Networks Panorama network switch management system is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site attacks remote...

CVE-2021-3054

A time-of-check to time-of-use TOCTOU race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-...

CVE-2021-3045

An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14;...

CVE-2020-2000

An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than...

Input validation

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than...

Command Injection in PAN-OS

A vulnerability exists in the PAN-OS web interface packet capture management that could allow an authenticated user to inject arbitrary commands. Ref PAN-81892 / CVE-2017-15940 PAN-OS contains a vulnerability that may allow for post authentication command injection This issue affects PAN-OS 6.1.1...

Palo Alto Networks Pan-OS Management Interface Cross-Site Scripting Vulnerability

PAN-OS is a security-specific operating system designed to control Palo Alto Networks' next-generation firewalls, providing a rich set of firewall, management, and network features. A cross-site scripting vulnerability exists in the Palo Alto Networks Pan-OS WEB management interface, which allows...