510 matches found
PAN-OS: Impact of Telnet Remote-Code-Execution (RCE) Vulnerability (CVE-2020-10188)
A buffer overflow vulnerability in the Telnet-based administrative management service included with PAN-OS software allows remote attackers to execute arbitrary code. The Telnet-based administrative management service is disabled by default and this issue is not exploitable if this service is...
PAN-OS: Improper SAML Authentication Vulnerability in GlobalProtect Portal
An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway when they are configured to use SAML authentication. Work around: You can disable SA...
PAN-OS: OS Command Injection Vulnerability in Web Interface
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 9.0 version 9.0.10 through PAN-OS 9.0.14; PAN-OS 9.1 version 9.1.4 through PAN-OS 9.1.10;...
PAN-OS: Weak Cryptography Used in Web Interface Authentication
A cryptographically weak pseudo-random number generator PRNG is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to...
PAN-OS: OS Command Argument Injection in Web Interface
An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. Work around: This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can...
PAN-OS: Invalid URLs in an External Dynamic List (EDL) can Lead to Firewall Outage
Certain invalid URL entries contained in an External Dynamic List EDL cause the Device Server daemon devsrvr to stop responding. This condition causes subsequent commits on the firewall to fail and prevents administrators from performing commits and configuration changes even though the firewall...
Informational: Impact of Microsoft PowerShell Vulnerability CVE-2021-26701 on Cortex XSOAR
Palo Alto Networks Cortex XSOAR maintains Docker Images with PowerShell available for customers to use. The base docker images with PowerShell were updated on May 19, 2021 with PowerShell version 7.1.3. Palo Alto Networks urges customers to upgrade their docker images to a version with the tag...
Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation
A local privilege escalation PE vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the...
Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console
A reflected cross-site scripting XSS vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versio...
Cortex XSOAR: Unauthorized Usage of the REST API
An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. Work around: Until the XSOAR server is upgraded, to completely prevent the issu...
Cortex XDR Agent: Improper control of user-controlled file leads to local privilege escalation
A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory...
Prisma Cloud Compute: User role authorization secret for Console leaked through log file export
An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log...
Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.139. Checkov 1.0 versions are not impacted. Work around: Do not run Checkov on...
PAN-OS: Secrets for scheduled configuration exports are logged in system logs
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS...
Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted. Work around: Do not run Checkov on...
PAN-OS: Administrator secrets are logged in web server logs when using the PAN-OS XML API incorrectly
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to...
GlobalProtect App: Windows VPN kernel driver denial of service (DoS)
A denial-of-service DoS vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death BSOD error. Work around: No work around available...
PAN-OS: Informational: Impact of the OpenSSH vulnerability CVE-2021-28041
The Palo Alto Networks Product Security Assurance team has evaluated the OpenSSH software CVE-2021-28041 vulnerability. PAN-OS software does not utilize the ssh-agent component or provide access to the agent socket related to this vulnerability. There are no scenarios that enable successful...
Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs
An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on SSO integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the...
Informational: Impact of Python Test Suite Vulnerability CVE-2020-27619
The Palo Alto Networks Product Security Assurance team evaluated the Python test suite vulnerability CVE-2020-27619. There are no scenarios that enable successful exploitation of the vulnerability in Cortex XSOAR or PAN-OS software. No product release contains the Python test suite that is...
Informational: Impact of Sudo Vulnerability CVE-2021-3156
Palo Alto Networks Product Security Assurance team has evaluated the Sudo software vulnerability CVE-2021-3156. PAN-OS software, Prisma Cloud compute, and Prisma SD-WAN CloudGenix devices do not include the Sudo program and, therefore, no scenarios required for successful exploitation exist in...
Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console
An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized use...
PAN-OS: Configuration secrets for log forwarding may be logged in system logs
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of...
PAN-OS: Information exposure in Ethernet data frame construction (Etherleak)
Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-5000 Series, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall...
Cortex XDR Agent: Exceptional condition denial-of-service (DoS)
An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR...
Cortex XDR Agent: Improper control of loaded DLL leads to local privilege escalation
A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory...
PAN-OS: Threat signatures are evaded by specifically crafted packets
A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to evade threat prevention signatures using specifically crafted TCP packets. This CVE has no impact on the confidentiality and availability of PAN-OS. This issue does not let an...
PAN-OS: Authentication bypass vulnerability in GlobalProtect client certificate verification
An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to...
PAN-OS: System proxy passwords may be logged in clear text while viewing system state
An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. Work around: This issue impacts the management web interface. You...
PAN-OS: Panorama session disclosure during context switch into managed device
An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacke...
PAN-OS: OS command injection and memory corruption vulnerability
An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. Work around: Until PAN-OS software is upgraded to a...
PAN-OS: Passwords may be logged in clear text when using after-change-detail custom syslog field for config logs
An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple tim...
PAN-OS: OS command injection vulnerability in the management web interface
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. Work around: Until PAN-OS software is upgraded to a fixed version, enabling signatures for Unique Threat ID 59954 on traffic...
PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history
An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command op-command usage but...
PAN-OS: Buffer overflow in the management web interface
A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. Work around: This issue impacts the PAN-OS management web interface but you can mitigate the impact o...
PAN-OS: OS command injection vulnerability in the management web interface
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. Work around: Until PAN-OS software is upgraded to a fixed version, enabling signatures for Unique Threat ID 59971 on traffic...
PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload
An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. It is possible for an attacker to disrupt the...
PAN-OS: Management web interface denial-of-service (DoS)
An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS...
PAN-OS: Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled
A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. This issue impacts: All versions of...
PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface
A reflected cross-site scripting XSS vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could...
PAN-OS: URL filtering policy is not enforced on TLS handshakes for decrypted HTTPS sessions
When SSL/TLS Forward Proxy Decryption mode has been configured to decrypt the web transactions, the PAN-OS URL filtering feature inspects the HTTP Host and URL path headers for policy enforcement on the decrypted HTTPS web transactions but does not consider Server Name Indication SNI field within...
PAN-OS: OS command injection vulnerability in GlobalProtect portal
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network-based attacker to execute arbitrary OS commands with root privileges. An attacker would require some level of specific information about the configuration of an impacted firewall or perform...
PAN-OS: TLS 1.0 usage for certain communications with Palo Alto Networks cloud delivered services
Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. These cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure. Conditions required for exploitati...
PAN-OS: OS command injection vulnerability in the management interface
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. Work around: This issue impacts the PAN-OS management interface but you can mitigate the impact of this issue by following best...
PAN-OS: Integer underflow in the management interface
An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrators to issue a command from the command line interface that causes the component to stop responding. Repeated attempts to send this request result in denial of service ...
PAN-OS: Authentication Bypass in SAML Authentication
When Security Assertion Markup Language SAML authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled unchecked, improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources...
GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing...
PAN-OS: Buffer overflow in authd authentication response
A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. Work around: This issue affects the management interface of PAN-OS and you can mitiga...
GlobalProtect App: File race condition vulnerability leads to local privilege escalation during upgrade
A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. This issue can be exploited only while performing a GlobalProtect app upgrade. Work around: No work around available...
PAN-OS: OS command injection vulnerability in FIPS-CC mode certificate verification
An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode. Work around: This issue affects the management interface of PAN-OS and you can mitigate the...