Lucene search
K
PaloaltoMost viewed

510 matches found

Palo Alto Networks
Palo Alto Networks
added 2017/04/28 4:45 p.m.1207 views

Brute force attack on the PAN-OS GlobalProtect external interface

A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for an attacker to brute force a username on PAN-OS GlobalProtect external Interface. The vulnerability is caused by PAN-OS provided different responses when supplying login credentials. Ref PAN-72769 /...

3.9AI score0.01835EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/04/20 6:0 p.m.788 views

OpenSSL Vulnerability

The OpenSSL library has been found to contain vulnerability CVE-2017-3731. Palo Alto Networks software makes use of the vulnerable library and may be affected. Ref PAN-73914 / CVE-2017-3731 The OpenSSL library in use by PAN-OS is patched on a regular basis. This issue affects PAN-OS 6.1, PAN-OS...

2.8AI score0.57595EPSS
Exploits1References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2018/10/12 2:35 a.m.771 views

Cross-Site Scripting (XSS) in GlobalProtect Portal Login Page

A Cross-Site Scripting XSS vulnerability exists in the PAN-OS GlobalProtect Portal Login page. Ref. PAN-99830; CVE-2018-10141 Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. This issue affects PAN-OS 8.1.3 and earlier. PAN-OS 8.0...

2.1AI score0.03883EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2018/10/11 12:0 a.m.754 views

OpenSSL Vulnerabilities in PAN-OS

The OpenSSL library has been found to contain vulnerabilities CVE-2018-0732, CVE-2018-0737, and CVE-2018-0739. Palo Alto Networks software makes use of the vulnerable library and is affected. Ref PAN-98504/ CVE-2018-0732, CVE-2018-0737, and CVE-2018-0739...

5CVSS3.2AI score0.49268EPSS
Exploits0Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2018/07/20 12:30 a.m.688 views

Denial of Service in PAN-OS Management Web Interface

Palo Alto Networks makes use of a 3rd-party component impacted by CVE-2018-8715. This issue has been confirmed to present a risk for denial of service to the PAN-OS Management Web Interface. Ref PAN-93089, CVE-2018-8715 A specially crafted HTTP POST request with an invalid “If-modified" header...

1.5AI score0.19854EPSS
Exploits2References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/08/30 11:0 p.m.669 views

XML External Entity (XXE) in PAN-OS

A vulnerability exists in PAN-OS’s GlobalProtect internal and external gateway interface that could allow for XML External Entity XXE attack. PAN-OS does not properly parse XML input. Ref PAN-75688 / CVE-2017-9458 Successful exploitation of this issue may allow disclosure of information, denial o...

4.3AI score0.02465EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/06/07 12:25 a.m.644 views

OpenSSL Vulnerability

The OpenSSL library has been found to contain vulnerability CVE-2016-8610. Palo Alto Networks software makes use of the vulnerable library and may be affected. Ref PAN-68543 / CVE-2016-8610 The OpenSSL library in use by PAN-OS is patched on a regular basis. This issue affects PAN-OS 6.1.17 and...

2.7AI score0.39657EPSS
Exploits1References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/12/06 12:5 a.m.641 views

Vulnerability in PAN-OS and Panorama on Management Interface

Through the exploitation of a combination of unrelated vulnerabilities, and via the management interface of the device, an attacker could remotely execute code on PAN-OS or Panorama in the context of the highest privileged user. Ref PAN-61094 / PAN-80990 / PAN-80993 / PAN-80994 / CVE-2017-15944...

1.3AI score0.9834EPSS
Exploits13References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2018/09/19 8:40 p.m.633 views

Information about SegmentSmack findings

Palo Alto Networks is aware of recent vulnerability disclousre, known as SegmentSmack, that affects Linux kernel 4.9 and later. At this time, our findings show that Palo Alto Networks PAN-OS devices are not vulnerable to this disclosure CVE-2018-5390. PAN-OS/Panorama platforms are not impacted by...

0.7AI score0.7354EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
added 2018/01/04 12:0 a.m.633 views

Information about Meltdown and Spectre findings

Palo Alto Networks is aware of recent vulnerability disclosures, known as Meltdown and Spectre, that affect modern CPU architectures. At this time, our findings show that these vulnerabilities pose no increased risk to Palo Alto Networks PAN-OS devices. CVE-2017-5715, CVE-2017-5753, and...

4.7CVSS2.6AI score0.93838EPSS
Exploits13
Palo Alto Networks
Palo Alto Networks
added 2018/09/19 8:40 p.m.632 views

Information about FragmentSmack findings

Palo Alto Networks is aware of recent vulnerability disclosure, known as FragmentSmack, that affects Linux kernel 3.9 and later. At this time, our findings show that some Palo Alto Networks devices running specific versions of PAN-OS are vulnerable to this disclosure. CVE-2018-5391. This security...

0.6AI score0.24575EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/07/27 5:15 p.m.614 views

NTP Vulnerability

The Network Time Protocol NTP library has been found to contain a vulnerability CVE-2017-6460. Palo Alto Networks software makes use of the vulnerable library and may be affected. This issue only affects the management plane of the firewall. Ref PAN-76130 / CVE-2017-6460 Successful exploitation o...

2.2AI score0.02682EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2018/05/15 9:35 p.m.613 views

Meltdown and Spectre update for WildFire-500 Appliance

Palo Alto Networks has determined that the WildFire-500 WF-500 appliance is affected by the vulnerability disclosures known as Meltdown and Spectre, and has completed an update to address these issues. The WF-500 software update is now available to customers that use the WF-500 appliance for...

3.7AI score0.74041EPSS
Exploits9References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2018/01/02 6:9 p.m.595 views

Cross Site Scripting Vulnerability in PAN-OS GlobalProtect

A vulnerability exists in PAN-OS GlobalProtect when either the gateway or the portal are configured. This issue could allow for a cross-site scripting XSS attack. Ref PAN-81586 / CVE-2017-15941 Successful exploitation of this issue may allow an attacker to inject arbitrary javascript or HTML. Thi...

1.8AI score0.01195EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/12/06 12:0 a.m.593 views

Denial of Service Against GlobalProtect

A vulnerability exists in PAN-OS that could lead to denying access to GlobalProtect portal, GlobalProtect gateway or preventing configuration commits. Ref PAN-78127 / CVE-2017-15942 PAN-OS contains a vulnerability in GlobalProtect that may allow a non-authenticated third party to mount a Denial o...

2.8AI score0.02234EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/04/20 6:0 p.m.593 views

Cross-Site Scripting in PAN-OS

A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for a cross-site scripting XSS attack. PAN-OS does not properly validate specific request parameters. Ref PAN-70674 / CVE-2017-7409 Successful exploitation of this issue may allow an attacker to inject arbitrar...

3AI score0.00961EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/07/20 8:10 p.m.589 views

Vulnerability in the PAN-OS DNS Proxy

A Remote Code Execution vulnerability exists in the PAN-OS DNS Proxy. This issue affects customers who have DNS Proxy enabled in PAN-OS. This issue affects both the Data and Management planes of the firewall. When DNS Proxy processes a specially crafted fully qualified domain names FQDN, it is...

4.5AI score0.06072EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/02/21 7:31 p.m.584 views

Cross-Site Scripting in the Management Web Interface

A persistent cross-site scripting XSS vulnerability exists in the management web interface ref PAN-66838 / CVE-2017-5584. PAN-OS contains a post-authentication vulnerability that may allow for a persistent cross-site scripting XSS attack of the management web interface. Successful exploitation of...

2.5AI score0.00836EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/01/26 6:30 p.m.583 views

Local Privilege Escalation in Terminal Server Agent

A local privilege escalation vulnerability exists in Terminal Server Agent ref PAN-67756 / CVE-2017-5329. Terminal Server Agent contains a vulnerability that may allow for an out of bounds write. Successful exploitation of this issue may allow an attacker to elevate their permissions. This issue...

3.2AI score0.00976EPSS
Exploits4References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2016/11/17 5:0 p.m.581 views

Local Privilege Escalation

Palo Alto Networks firewalls do not properly validate certain environment variables which can potentially allow executing code with higher privileges Ref PAN-61104/100499/CVE-2016-9151 A potential attacker with local shell access could manipulate arbitrary environment variables which could result...

4.5AI score0.01207EPSS
Exploits2References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/12/06 12:15 a.m.580 views

Command Injection in PAN-OS

A vulnerability exists in the PAN-OS web interface packet capture management that could allow an authenticated user to inject arbitrary commands. Ref PAN-81892 / CVE-2017-15940 PAN-OS contains a vulnerability that may allow for post authentication command injection This issue affects PAN-OS 6.1.1...

1.2AI score0.0493EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2018/06/29 12:0 a.m.569 views

Cross-Site Scripting (XSS) in PAN-OS Management Web Interface

A Cross-Site Scripting XSS vulnerability exists in the PAN-OS session browser. Ref. PAN-93244; CVE-2018-9335 Successful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML. An attacker would need to successfully authenticate prior to exploiting this issue. This...

1.2AI score0.0101EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2018/08/15 10:10 p.m.568 views

Cross-Site Scripting (XSS) in GlobalProtect Gateway

A Cross-Site Scripting XSS vulnerability exists in a PAN-OS response for GlobalProtect Gateway. Ref. PAN-84836; CVE-2018-10139 Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. This issue affects PAN-OS 6.1.21 and earlier, PAN-OS...

2.2AI score0.01515EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/05/23 3:0 a.m.569 views

Kernel Vulnerability

A vulnerability exists in the kernel of PAN-OS that may result in Information Disclosure. The challenge ACK rate limiting in the kernel's networking subsystem may allow an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rat...

2.1AI score0.15073EPSS
Exploits3References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/02/21 7:32 p.m.568 views

Information Disclosure in the Management Web Interface

A vulnerability exists in the Management Web Interface that could result in Information Disclosure. Ref PAN-70428 / CVE-2017-5583 PAN-OS contains a post-authentication vulnerability that may allow for Information Disclosure. Successful exploitation allows an attacker to download arbitrary files...

2.2AI score0.01492EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2018/08/17 12:0 a.m.567 views

Information about L1 Terminal Fault findings

Palo Alto Networks is aware of recent vulnerability disclosures, known as L1 Terminal Fault, that affect modern CPU architectures. At this time, our findings show that these vulnerabilities pose no increased risk to Palo Alto Networks PAN-OS devices. CVE-2018-3615, CVE-2018-3620, and CVE-2017-364...

5.4CVSS2.7AI score0.06301EPSS
Exploits0
Palo Alto Networks
Palo Alto Networks
added 2017/06/19 8:30 p.m.558 views

Kernel Vulnerability

A vulnerability exists in the Linux kernel of PAN-OS that may result in Remote Code Execution. A vulnerability in the Linux kernel networking subsystem for UDP could enable an attacker to execute arbitrary code within the context of the kernel. The Data Plane DP of PAN-OS is not affected by this...

2.6AI score0.12791EPSS
Exploits1References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/12/06 12:5 a.m.556 views

Server-Side Request Forgery in PAN-OS

A vulnerability exists in the PAN-OS web interface in the configuration file import for applications, spyware and vulnerability objects. Exploitation of this vulnerability allows for the parsing of external entities and could lead a PAN-OS device to connect to and disclose limited information to...

2.5AI score0.01705EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2018/06/27 4:45 a.m.553 views

Cross Site Scripting in PAN-OS

A Cross-Site Scripting XSS vulnerability exists in the PAN-OS URL filtering “continue page” Ref PAN-OS 90835, CVE-2018-7636. PAN-OS software does not properly validate specific request parameters. Successful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML i...

0.9AI score0.01084EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/04/10 5:30 p.m.546 views

Information Disclosure in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow for Information Disclosure. The Management Web Interface does not properly validate specific request parameters which can potentially allow for Information Disclosure. Ref PAN-70434 / CVE-2017-7216 Successfully exploiting thi...

2.7AI score0.01197EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2018/06/29 12:0 a.m.544 views

Cross-Site Scripting (XSS) in PAN-OS Management Web Interface

A Cross-Site Scripting XSS vulnerability exists in a PAN-OS web interface administration page. Ref. PAN-93242; CVE-2018-9337 Successful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML An attacker would need to successfully authenticate prior to exploiting...

1.3AI score0.0101EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/02/21 7:30 p.m.534 views

Kernel Vulnerability

A vulnerability exists in the kernel of PAN-OS that may result in an elevation of privilege. This issue is publicly known as Dirty COW ref PAN-68074 / CVE-2016-5195. PAN-OS may be impacted by the Dirty COW CVE-2016-5195 attack. A race condition was found in the way the Linux kernel's memory...

1.7AI score0.83524EPSS
Exploits81References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/08/30 11:0 p.m.527 views

Cross-Site Scripting in PAN-OS

A vulnerability exists in PAN-OS’s GlobalProtect internal and external gateway interface. This issue could allow for a cross-site scripting XSS attack. PAN-OS does not properly validate specific request parameters. Ref PAN-76003 / CVE-2017-12416 Successful exploitation of this issue may allow an...

3.1AI score0.01195EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/12/06 12:20 a.m.525 views

GlobalProtect App Vulnerability

An "image path execution hijacking" vulnerability affects the Palo Alto Networks Global Protect Client. Exploitation of this issue requires the root privileges on the local station. An attacker could exploit this vulnerability to obtain a certain level of persistence on the compromised host. ref...

3AI score0.00434EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/07/20 8:10 p.m.522 views

Cross-Site Scripting in PAN-OS

A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for a cross-site scripting XSS attack. PAN-OS does not properly validate specific request parameters. Ref PAN-77294 / CVE-2017-9467 Successful exploitation of this issue may allow an attacker to inject arbitrar...

3.1AI score0.01195EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2018/06/29 12:0 a.m.521 views

Local Privilege Escalation in Management Web Interface

A vulnerability exists in the Management web interface that could allow local privilege escalation. The Management web interface does not properly validate specific request parameters, which can potentially allow deletion of files in the system. Ref. PAN-90954; CVE-2018-9242 Successful exploitati...

2.8AI score0.00426EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2018/01/02 6:9 p.m.521 views

ROBOT attack against PAN-OS

ROBOT is an attack that affects the TLS RSA key exchange and could lead to decryption of captured sessions if the TLS server originally serving said captured session is still alive, vulnerable and using the same private key. PAN-89936 / CVE-2017-17841 While SSL Decryption and GlobalProtect are...

1.2AI score0.02408EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2018/01/02 6:9 p.m.521 views

Cross Site Scripting in PAN-OS Captive Portal

A vulnerability exists in PAN-OS Captive Portal that could allow for a cross-site scripting XSS attack to be performed against clients viewing the captive portal page when configured in a certain way. Ref PAN-85238 / CVE-2017-16878 Successful exploitation of this issue may allow an attacker to...

1.4AI score0.01122EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2018/06/29 12:0 a.m.518 views

Information Disclosure in the PAN-OS Management Web Interface

A local privilege escalation vulnerability exists in the PAN-OS management web interface that allows the administrator to access the password hashes of local users by manipulating the HTML markup. Ref. PAN-91564; CVE-2018-9334 Successful exploitation of this issue requires the attacker to be...

1.7AI score0.00378EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/01/26 6:31 p.m.517 views

Spoofing in Terminal Server Agent

A spoofing vulnerability exists in Terminal Server Agent ref PAN-67269 / CVE-2017-5328. Terminal Server Agent contains a vulnerability whereby a user can spoof the identity of another authenticated user. This issue affects Terminal Server Agent 6.0; Terminal Server Agent 7.0.6 and earlier Work...

2.1AI score0.00909EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/04/07 5:0 p.m.516 views

Temporary DoS for Traps Agent

A vulnerability exists with the Traps ESM Console that could allow an attacker to cause a temporary Denial of Service DoS to a Traps agent. The ESM Console does not properly validate requests to revoke a Traps agent license. Ref CYV-11547 / CVE-2017-7408 Successfully exploiting this issue revokes...

2.8AI score0.01906EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/04/10 5:30 p.m.515 views

Local Privilege Escalation in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow for local privilege escalation. The Management Web Interface does not properly validate specific request parameters which can potentially allow executing code with higher privileges. Ref PAN-70426/ CVE-2017-7218 Successfully...

2.2AI score0.00544EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/03/15 5:30 p.m.515 views

Information Disclosure in Terminal Server Agent

An information disclosure vulnerability exists in the Terminal Server TS agent. Session information may be disclosed due to insecure permissions WINAGENT-43 / CVE-2017-6356. The information disclosure is limited to session information. This issue affects TS agent 6.0, TS agent 7.0, and TS agent...

2.3AI score0.00978EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
added 2017/04/10 5:30 p.m.513 views

Tampering of temporary export files in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow an attacker to tamper with export files. The Management Web Interface does not properly validate specific request parameters which can potentially allow arbitrary data to be written to export files. Ref PAN- 70436 /...

2.9AI score0.01065EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/07/20 8:10 p.m.511 views

Cross-Site Scripting in the Management Web Interface

A reflected cross-site scripting XSS vulnerability exists in the management web interface. PAN-OS contains an unauthenticated vulnerability that may allow for a reflected cross-site scripting XSS attack of the management web interface. ref PAN-76455 / CVE-2017-9459. Successful exploitation of thi...

1.6AI score0.01195EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2018/08/15 10:10 p.m.509 views

Denial of Service in PAN-OS Management Web Interface

A Denial of Service exists in PAN-OS Management Web Interface that allows an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. Ref PAN-100189, CVE-2018-10140 This vulnerability can be triggered by an authenticated user...

2.4AI score0.01925EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/04/28 4:45 p.m.509 views

Information Disclosure in the Management Web Interface

A vulnerability exists in the Management Web Interface of PAN-OS, that could allow for Information Disclosure. The Management Web Interface does not properly validate certain permissions which could allow for Information Disclosure. Ref PAN-70541 / CVE-2017-7644 Successfully exploiting this issue...

2.8AI score0.0102EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/05/23 3:0 a.m.495 views

WGET Vulnerability

The wget library has been found to contain a vulnerability CVE 2016-4971. wget allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. Palo Alto Networks software makes use of the vulnerable library and may be affected. Ref PAN-59677/ CVE...

1.4AI score0.45935EPSS
Exploits8References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2016/11/17 5:2 p.m.464 views

OpenSSH Vulnerability

Palo Alto Networks makes use of a the OpenSSH tool. CVE-2016-6210 was recently confirmed to be applicable to the version in use by PAN-OS. Ref 100977/CVE-2016-6210. To exploit this vulnerability, an attacker would have to guess usernames defined as system administrators on the firewall. This issu...

2.4AI score0.88944EPSS
Exploits12References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2022/03/31 2:30 a.m.456 views

Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965

The Palo Alto Networks Product Security Assurance team has completed its evaluation of the Spring Cloud Function vulnerability CVE-2022-22963 and Spring Core vulnerability CVE-2022-22965 for all products and services. All Palo Alto Networks cloud services with possible impact have been mitigated...

9.8CVSS0.1AI score0.99939EPSS
Exploits132References4
Total number of security vulnerabilities510