Lucene search
K
PaloaltoRecent

510 matches found

Palo Alto Networks
Palo Alto Networks
•added 2019/10/15 7:0 a.m.•103 views

Local Privilege Escalation in GlobalProtect App for Linux and Mac OS

A Local Privilege Escalation vulnerability exists in GlobalProtect App for Linux and Mac OSX that can allow non-root users to overwrite root files on the file system. Ref GPC-8945, CVE-2019-17436 Successful exploitation of this issue may allow a low-privileged local user to escalate their...

3.5AI score0.0031EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/15 7:0 a.m.•7 views

Local Privilege Escalation in GlobalProtect App for Linux and Mac OS

A Local Privilege Escalation vulnerability exists in GlobalProtect App for Linux and Mac OSX that can allow non-root users to overwrite root files on the file system. Ref GPC-8945, CVE-2019-17436 Successful exploitation of this issue may allow a low-privileged local user to escalate their...

7.1CVSS7.2AI score0.0031EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•40 views

Command Injection in Zingbox Inspector

A security vulnerability exists in the Zingbox Inspector that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection. Ref: CVE-2019-15020 The vulnerability allows for an attacker in a position to intercept a software upda...

9.8AI score0.00889EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•8 views

Insecure Firmware Validation in Zingbox Inspector

A security vulnerability exists in the Zingbox Inspector that could allow an attacker to supply an invalid software update image to the Zingbox Inspector. Ref: CVE-2019-15019 The vulnerability allows for an attacker in a position to intercept a software update package to deliver a tampered softwa...

9.8CVSS7.1AI score0.01485EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•9 views

Insecure Password Storage in Zingbox Inspector

A security vulnerability exists in Zingbox Inspector that results in passwords for 3rd party integrations being stored in cleartext in device configuration. Ref: CVE-2019-15023 The vulnerability allows for the viewing of plaintext credentials stored within the Zingbox Inspector software and store...

7.5CVSS6.7AI score0.00845EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•11 views

Tenant authentication bypass in Zingbox Inspector

A security vulnerability exists in the Zingbox Inspector where authentication is not required when binding the Inspector instance to a different customer tenant. Ref: CVE-2019-15018 The vulnerability allows a user to bind the Zingbox Inspector to another tenant, which can impact the functionality...

7.5CVSS7.1AI score0.01182EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•8 views

Command Injection in Zingbox Inspector

A command injection vulnerability exists in the Zingbox Inspector CLI that allows for an authenticated user to execute arbitrary system commands. Ref: CVE-2019-15014 The vulnerability allows for authenticated users to execute arbitrary commands within the product CLI console. This issue affects...

8.8CVSS8AI score0.02294EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•10 views

ARP Spoofing in Zingbox Inspector

A security vulnerability exists in Zingbox Inspector that allows for the Inspector to be susceptible to ARP spoofing. Ref: CVE-2019-15022 The vulnerability allows for an attacker to perform ARP spoofing attacks against the Zingbox Inspector. This issue affects Zingbox Inspector, versions 1.294 an...

7.5CVSS7AI score0.01069EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•37 views

Command Injection in Zingbox Inspector

A command injection vulnerability exists in the Zingbox Inspector CLI that allows for an authenticated user to execute arbitrary system commands. Ref: CVE-2019-15014 The vulnerability allows for authenticated users to execute arbitrary commands within the product CLI console. This issue affects...

4.1AI score0.02294EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•9 views

Command Injection in Zingbox Inspector

A security vulnerability exists in the Zingbox Inspector that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection. Ref: CVE-2019-15020 The vulnerability allows for an attacker in a position to intercept a software upda...

9.8CVSS7.7AI score0.00889EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•55 views

Insecure Firmware Validation in Zingbox Inspector

A security vulnerability exists in the Zingbox Inspector that could allow an attacker to supply an invalid software update image to the Zingbox Inspector. Ref: CVE-2019-15019 The vulnerability allows for an attacker in a position to intercept a software update package to deliver a tampered softwa...

9.5AI score0.01485EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•6 views

Hardcoded Credentials in Zingbox Inspector

Hardcoded credentials for root and inspector user accounts are present in the system software. Ref: CVE-2019-15015 The vulnerability allows for users to authenticate to the software using hardcoded credentials if access to SSH on the Zingbox Inspector is not otherwise restricted see also...

8.4CVSS7.2AI score0.00356EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•42 views

Tenant authentication bypass in Zingbox Inspector

A security vulnerability exists in the Zingbox Inspector where authentication is not required when binding the Inspector instance to a different customer tenant. Ref: CVE-2019-15018 The vulnerability allows a user to bind the Zingbox Inspector to another tenant, which can impact the functionality...

3.1AI score0.01182EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•50 views

Remote Command Injection in Zingbox Inspector

A security vulnerability exists in Zingbox Inspector that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint. Ref: CVE-2019-1584 This vulnerability can on...

4.2AI score0.02845EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•48 views

ARP Spoofing in Zingbox Inspector

A security vulnerability exists in Zingbox Inspector that allows for the Inspector to be susceptible to ARP spoofing. Ref: CVE-2019-15022 The vulnerability allows for an attacker to perform ARP spoofing attacks against the Zingbox Inspector. This issue affects Zingbox Inspector, versions 1.294 an...

3AI score0.01069EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•42 views

Insecure Password Storage in Zingbox Inspector

A security vulnerability exists in Zingbox Inspector that results in passwords for 3rd party integrations being stored in cleartext in device configuration. Ref: CVE-2019-15023 The vulnerability allows for the viewing of plaintext credentials stored within the Zingbox Inspector software and store...

2.8AI score0.00845EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•9 views

Remote Command Injection in Zingbox Inspector

A security vulnerability exists in Zingbox Inspector that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint. Ref: CVE-2019-1584 This vulnerability can on...

9.8CVSS8AI score0.02845EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•41 views

Hardcoded Credentials in Zingbox Inspector

Hardcoded credentials for root and inspector user accounts are present in the system software. Ref: CVE-2019-15015 The vulnerability allows for users to authenticate to the software using hardcoded credentials if access to SSH on the Zingbox Inspector is not otherwise restricted see also...

3AI score0.00356EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•63 views

SSH Service Exposed in Zingbox Inspector

The SSH service is enabled on the Zingbox Inspector, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials. Ref: CVE-2019-15017 The vulnerability allows for users to authenticate to the softwar...

2.7AI score0.00356EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•8 views

SSH Service Exposed in Zingbox Inspector

The SSH service is enabled on the Zingbox Inspector, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials. Ref: CVE-2019-15017 The vulnerability allows for users to authenticate to the softwar...

8.4CVSS7AI score0.00356EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•55 views

Server-side Request Forgery in Zingbox Inspector

A security vulnerability exists in the Zingbox Inspector that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network. Ref: CVE-2019-15021 The vulnerability allows for an attacker to easily identify any running instances of Zingbox Inspector on a local are...

5.2AI score0.01036EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•7 views

Server-side Request Forgery in Zingbox Inspector

A security vulnerability exists in the Zingbox Inspector that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network. Ref: CVE-2019-15021 The vulnerability allows for an attacker to easily identify any running instances of Zingbox Inspector on a local are...

5.3CVSS7AI score0.01036EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•31 views

SQL Injection in Zingbox Inspector

An SQL injection vulnerability exists in the Zingbox Inspector management interface that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. Ref: CVE-2019-15016 The vulnerability allows for authenticated users to pass unsanitized commands ...

2.1AI score0.01161EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/10/01 7:0 a.m.•6 views

SQL Injection in Zingbox Inspector

An SQL injection vulnerability exists in the Zingbox Inspector management interface that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. Ref: CVE-2019-15016 The vulnerability allows for authenticated users to pass unsanitized commands ...

8.8CVSS7.8AI score0.01161EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/08/22 4:17 p.m.•68 views

Escalation of Privilege in Twistlock

An HTML injection vulnerability has been identified in the Twistlock Console that can lead to a DOM based XSS attack under certain configurations. Ref , CVE-2019-1583 Successful exploitation of this vulnerability allows a Twistlock user with Operator capabilities to escalate privileges to that of...

2.1AI score0.01168EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/08/22 4:17 p.m.•11 views

Escalation of Privilege in Twistlock

An HTML injection vulnerability has been identified in the Twistlock Console that can lead to a DOM based XSS attack under certain configurations. Ref , CVE-2019-1583 Successful exploitation of this vulnerability allows a Twistlock user with Operator capabilities to escalate privileges to that of...

8CVSS6.6AI score0.01168EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/08/21 10:13 p.m.•8 views

Remote code execution in PAN-OS SSH management interface

Palo Alto Networks is aware of a remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. Ref: PAN-123564/ CVE-2019-1581. Successful exploitati...

9.8CVSS8.8AI score0.03242EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/08/21 10:13 p.m.•9 views

Memory Corruption in PAN-OS

Palo Alto Networks is aware of a memory corruption vulnerability in PAN-OS Ref: PAN-123603/CVE-2019-1580. Successful exploitation will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon SSHD and corrupt arbitrary memory. This issue affects PAN-OS 7.1.24 and earlier,...

9.8CVSS7.5AI score0.03219EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/08/21 10:13 p.m.•86 views

Memory Corruption in PAN-OS

Palo Alto Networks is aware of a memory corruption vulnerability in PAN-OS Ref: PAN-123603/CVE-2019-1580. Successful exploitation will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon SSHD and corrupt arbitrary memory. This issue affects PAN-OS 7.1.24 and earlier,...

1.7AI score0.03219EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/08/21 10:13 p.m.•88 views

Remote code execution in PAN-OS SSH management interface

Palo Alto Networks is aware of a remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. Ref: PAN-123564/ CVE-2019-1581. Successful exploitati...

3.8AI score0.03242EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/08/21 10:13 p.m.•8 views

Memory Corruption in PAN-OS

Palo Alto Networks is aware of a memory corruption vulnerability in PAN-OS. Ref: PAN-123700/ CVE-2019-1582. Successful exploitation of this issue may allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. This issue affects PAN-OS 8.1...

7.2CVSS7.4AI score0.01036EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/08/21 10:13 p.m.•54 views

Memory Corruption in PAN-OS

Palo Alto Networks is aware of a memory corruption vulnerability in PAN-OS. Ref: PAN-123700/ CVE-2019-1582. Successful exploitation of this issue may allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. This issue affects PAN-OS 8.1...

1.7AI score0.01036EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/07/18 8:39 p.m.•207 views

Remote Code Execution in GlobalProtect Portal/Gateway Interface

Palo Alto Networks is aware of the reported remote code execution RCE vulnerability in its GlobalProtect portal and GlobalProtect Gateway interface products. The issue is already addressed in prior maintenance releases. Ref: CVE-2019-1579 Successful exploitation of this issue allows an...

1.2AI score0.39317EPSS
Exploits1References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/07/18 8:39 p.m.•11 views

Remote Code Execution in GlobalProtect Portal/Gateway Interface

Palo Alto Networks is aware of the reported remote code execution RCE vulnerability in its GlobalProtect portal and GlobalProtect Gateway interface products. The issue is already addressed in prior maintenance releases. Ref: CVE-2019-1579 Successful exploitation of this issue allows an...

8.1CVSS8.6AI score0.39317EPSS
Exploits1References1
Palo Alto Networks
Palo Alto Networks
•added 2019/07/15 10:15 p.m.•68 views

Command Injection in PAN-OS

A command injection vulnerability exists in the Palo Alto Networks PAN-OS Command Line Interface CLI. Ref PAN-111872/ CVE-2019-1576 Successful exploitation of this issue may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s...

4.2AI score0.01846EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/07/15 10:15 p.m.•10 views

Command Injection in PAN-OS

A command injection vulnerability exists in the Palo Alto Networks PAN-OS Command Line Interface CLI. Ref PAN-111872/ CVE-2019-1576 Successful exploitation of this issue may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s...

8.8CVSS7.9AI score0.01846EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/07/15 10:15 p.m.•7 views

Privilege Escalation in PAN-OS

Palo Alto Networks is aware of a use-after-free UAF vulnerability in the Linux kernel's sockfssetattr. Ref: PAN-113631/ CVE-2019-8912 Successful exploitation of this issue may allow an unprivileged local user to escalate their privileges on the system. This issue affects PAN-OS 7.1.23 and earlier...

7.8CVSS7.2AI score0.00651EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/07/15 10:15 p.m.•72 views

Privilege Escalation in PAN-OS

Palo Alto Networks is aware of a use-after-free UAF vulnerability in the Linux kernel's sockfssetattr. Ref: PAN-113631/ CVE-2019-8912 Successful exploitation of this issue may allow an unprivileged local user to escalate their privileges on the system. This issue affects PAN-OS 7.1.23 and earlier...

4.5AI score0.00651EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/07/15 10:15 p.m.•11 views

Information Disclosure in PAN-OS Management API Usage

An Information Disclosure vulnerability exists in PAN-OS Management API usage Ref PAN-107239 and PAN-118869 / CVE-2019-1575 Successful exploitation may allow for an authenticated user with read-only privileges to extract the API key of the device and the username/password from the XML API in PAN-...

8.8CVSS7.1AI score0.01683EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/07/15 10:15 p.m.•59 views

Information Disclosure in PAN-OS Management API Usage

An Information Disclosure vulnerability exists in PAN-OS Management API usage Ref PAN-107239 and PAN-118869 / CVE-2019-1575 Successful exploitation may allow for an authenticated user with read-only privileges to extract the API key of the device and the username/password from the XML API in PAN-...

1.6AI score0.01683EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/07/08 10:15 p.m.•60 views

Information Disclosure in WildFire Appliance (WF-500)

Palo Alto Networks has determined that the WildFire Appliance WF-500 is affected by the vulnerability disclosure known as LazyFP and has completed an update to address these issues. The WildFire Appliance WF-500 software update is now available to customers that use the WildFire Appliance WF-500...

1.8AI score0.00611EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/07/08 10:15 p.m.•12 views

Information Disclosure in WildFire Appliance (WF-500)

Palo Alto Networks has determined that the WildFire Appliance WF-500 is affected by the vulnerability disclosure known as LazyFP and has completed an update to address these issues. The WildFire Appliance WF-500 software update is now available to customers that use the WildFire Appliance WF-500...

5.6CVSS7.2AI score0.00611EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/06/27 11:50 p.m.•8 views

Code Injection Vulnerability in Traps

Code injection vulnerability exists in the Palo Alto Networks Traps. Ref: CVE-2019-1577 Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML. This issue affects Traps 5.0.5 and earlier, including all 4.x releases. These releases did not...

6.3CVSS7.3AI score0.00902EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/06/27 11:50 p.m.•216 views

Code Injection Vulnerability in Traps

Code injection vulnerability exists in the Palo Alto Networks Traps. Ref: CVE-2019-1577 Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML. This issue affects Traps 5.0.5 and earlier, including all 4.x releases. These releases did not...

0.4AI score0.00902EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/06/27 11:50 p.m.•201 views

Cross Site Scripting (XSS) in MineMeld

A reflected cross-site scripting XSS vulnerability exists in Palo Alto Networks MineMeld. Ref CVE-2019-1578 A remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser. This issue...

2.8AI score0.01068EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/06/27 11:50 p.m.•15 views

Cross Site Scripting (XSS) in MineMeld

A reflected cross-site scripting XSS vulnerability exists in Palo Alto Networks MineMeld. Ref CVE-2019-1578 A remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser. This issue...

6.1CVSS6.1AI score0.01068EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2019/06/27 12:0 a.m.•376 views

Information about TCP SACK Panic Findings in PAN-OS

Palo Alto Networks is aware of recent vulnerability disclosures known as TCP SACK Panic vulnerabilities. Ref: PAN-119745/ CVE-2019-11477, CVE-2019-11478, CVE-2019-11479...

7.8CVSS2.6AI score0.98745EPSS
Exploits4Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/05/29 12:0 a.m.•144 views

Information about Recent Intel Side Channel Vulnerabilities

Palo Alto Networks has determined that WildFire Appliance WF-500 and WildFire Cloud are affected by the recent vulnerability disclosures, known as Fallout, RIDL, and Zombieload. We are working to validate and implement software updates to address these issues. We will provide updates as they beco...

4.7CVSS2.9AI score0.01553EPSS
Exploits0Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2019/05/15 12:0 a.m.•88 views

Information about PAN-OS Finding

An issue was resolved in PAN-OS that resulted in configured Layer 3 interfaces erroneously opening ports 28869/tcp and 28870/tcp on the IP address assigned to the Layer 3 interface, which bind to an internal service that performs HTTP 301 redirection to the HTTPS port 443/tcp on the same interfac...

6.9AI score
Exploits0Affected Software2
Palo Alto Networks
Palo Alto Networks
•added 2019/05/06 10:15 p.m.•71 views

Cross Site Scripting (XSS) in Demisto

A cross-site scripting XSS vulnerability exists in the Palo Alto Networks Demisto. Ref CVE-2019-1568 Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. This issue affects Demisto 4.5 build 40249 Work around: N/A...

1.7AI score0.00871EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities510