510 matches found
Cross Site Scripting (XSS) in Demisto
A cross-site scripting XSS vulnerability exists in the Palo Alto Networks Demisto. Ref CVE-2019-1568 Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. This issue affects Demisto 4.5 build 40249 Work around: N/A...
Cross-Site Scripting in Expedition Migration Tool
A cross-site scripting XSS vulnerability exist in the Palo Alto Networks Migration Tool “Expedition”. Ref MT-1009/ CVE-2019-1574 Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML in the Devices View. This issue affects Expedition 1.1....
Cross-Site Scripting in Expedition Migration Tool
A cross-site scripting XSS vulnerability exist in the Palo Alto Networks Migration Tool “Expedition”. Ref MT-1009/ CVE-2019-1574 Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML in the Devices View. This issue affects Expedition 1.1....
Information Disclosure in GlobalProtect App
An information disclosure vulnerability exists in the GlobalProtect App for Windows and macOS VU192371. Successful exploitation of this issue would allow a local authenticated attacker to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the...
Information Disclosure in GlobalProtect App
An information disclosure vulnerability exists in the GlobalProtect App for Windows and macOS VU192371. Successful exploitation of this issue would allow a local authenticated attacker to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the...
Authentication Bypass in PAN-OS Management Web Interface
An Authentication Bypass vulnerability exists in the PAN-OS Management Web Interface. Ref PAN-113675, CVE-2019-1572 Successful exploitation of this issue may allow an unauthenticated remote user to access php files. This issue affects Only PAN-OS 9.0.0 Work around: This issue affects the web-base...
Authentication Bypass in PAN-OS Management Web Interface
An Authentication Bypass vulnerability exists in the PAN-OS Management Web Interface. Ref PAN-113675, CVE-2019-1572 Successful exploitation of this issue may allow an unauthenticated remote user to access php files. This issue affects Only PAN-OS 9.0.0 Work around: This issue affects the web-base...
Denial of Service in PAN-OS Management Interface
A Denial of Service vulnerability exists in the SNMP library that affects PAN-OS Management Interface. Ref PAN-106922, CVE-2018-18065. Successful exploitation of this issue would allow a remote unauthenticated user to cause the SNMP daemon to crash, resulting in a denial of service. The...
Privilege Escalation in PAN-OS
Palo Alto Networks is aware of an integer overflow vulnerability in the Linux kernel's createelftables function. Ref PAN-105966, CVE-2018-14634 Successful exploitation of this issue may allow an unprivileged local user to escalate their privileges on the system. To successfully exploit this...
Denial of Service in PAN-OS Management Interface
A Denial of Service vulnerability exists in the SNMP library that affects PAN-OS Management Interface. Ref PAN-106922, CVE-2018-18065. Successful exploitation of this issue would allow a remote unauthenticated user to cause the SNMP daemon to crash, resulting in a denial of service. The...
Privilege Escalation in PAN-OS
Palo Alto Networks is aware of an integer overflow vulnerability in the Linux kernel's createelftables function. Ref PAN-105966, CVE-2018-14634 Successful exploitation of this issue may allow an unprivileged local user to escalate their privileges on the system. To successfully exploit this...
Cross-Site Scripting in Expedition Migration Tool
Three cross-site scripting XSS vulnerabilities exist in the Palo Alto Networks Migration Tool “Expedition”. Ref MT-926/ CVE-2019-1569; MT-927/ CVE-2019-1570; MT-928, MT-929/ CVE-2019-1571...
Stored Cross-Site Scripting in Expedition Migration Tool
A stored cross-site scripting XSS vulnerability exists in the Palo Alto Networks Migration Tool “Expedition”. Ref MT-908/ CVE-2019-1567 Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML in the User Mapping Settings. This issue affects...
Stored Cross-Site Scripting in Expedition Migration Tool
A stored cross-site scripting XSS vulnerability exists in the Palo Alto Networks Migration Tool “Expedition”. Ref MT-908/ CVE-2019-1567 Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML in the User Mapping Settings. This issue affects...
Cross-Site Scripting (XSS) in PAN-OS External Dynamic Lists
A Cross-Site Scripting XSS vulnerability exists in the PAN-OS External Dynamic Lists. Ref. PAN-106776; CVE-2019-1565 Successful exploitation of this issue may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject...
Cross-Site Scripting (XSS) in PAN-OS External Dynamic Lists
A Cross-Site Scripting XSS vulnerability exists in the PAN-OS External Dynamic Lists. Ref. PAN-106776; CVE-2019-1565 Successful exploitation of this issue may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject...
Cross-Site Scripting (XSS) in PAN-OS Management Web Interface
A Cross-Site Scripting XSS vulnerability exists in the PAN-OS Management Web Interface. Ref. PAN-107262; CVE-2019-1566 Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. This issue affects PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 an...
Cross-Site Scripting (XSS) in PAN-OS Management Web Interface
A Cross-Site Scripting XSS vulnerability exists in the PAN-OS Management Web Interface. Ref. PAN-107262; CVE-2019-1566 Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. This issue affects PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 an...
Remote Code Execution in Expedition Migration Tool
A remote code execution vulnerability exists in the Palo Alto Networks Migration Tool “Expedition”. Ref MT-794/ CVE-2018-10143 Successful exploitation of this issue may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application...
Remote Code Execution in Expedition Migration Tool
A remote code execution vulnerability exists in the Palo Alto Networks Migration Tool “Expedition”. Ref MT-794/ CVE-2018-10143 Successful exploitation of this issue may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application...
Information Disclosure in Expedition Migration Tool
An information disclosure vulnerability exists in the Palo Alto Networks Migration Tool “Expedition”. Ref MT-750/CVE-2018-10142 Successful exploitation of this issue may allow an unauthenticated attacker to enumerate files on the operating system. This issue affects Expedition 1.0.106 and earlier...
Information Disclosure in Expedition Migration Tool
An information disclosure vulnerability exists in the Palo Alto Networks Migration Tool “Expedition”. Ref MT-750/CVE-2018-10142 Successful exploitation of this issue may allow an unauthenticated attacker to enumerate files on the operating system. This issue affects Expedition 1.0.106 and earlier...
Cross-Site Scripting (XSS) in GlobalProtect Portal Login Page
A Cross-Site Scripting XSS vulnerability exists in the PAN-OS GlobalProtect Portal Login page. Ref. PAN-99830; CVE-2018-10141 Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. This issue affects PAN-OS 8.1.3 and earlier. PAN-OS 8.0...
Cross-Site Scripting (XSS) in GlobalProtect Portal Login Page
A Cross-Site Scripting XSS vulnerability exists in the PAN-OS GlobalProtect Portal Login page. Ref. PAN-99830; CVE-2018-10141 Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. This issue affects PAN-OS 8.1.3 and earlier. PAN-OS 8.0...
OpenSSL Vulnerabilities in PAN-OS
The OpenSSL library has been found to contain vulnerabilities CVE-2018-0732, CVE-2018-0737, and CVE-2018-0739. Palo Alto Networks software makes use of the vulnerable library and is affected. Ref PAN-98504/ CVE-2018-0732, CVE-2018-0737, and CVE-2018-0739...
Information about SegmentSmack findings
Palo Alto Networks is aware of recent vulnerability disclousre, known as SegmentSmack, that affects Linux kernel 4.9 and later. At this time, our findings show that Palo Alto Networks PAN-OS devices are not vulnerable to this disclosure CVE-2018-5390. PAN-OS/Panorama platforms are not impacted by...
Information about SegmentSmack findings
Palo Alto Networks is aware of recent vulnerability disclousre, known as SegmentSmack, that affects Linux kernel 4.9 and later. At this time, our findings show that Palo Alto Networks PAN-OS devices are not vulnerable to this disclosure CVE-2018-5390. PAN-OS/Panorama platforms are not impacted by...
Information about FragmentSmack findings
Palo Alto Networks is aware of recent vulnerability disclosure, known as FragmentSmack, that affects Linux kernel 3.9 and later. At this time, our findings show that some Palo Alto Networks devices running specific versions of PAN-OS are vulnerable to this disclosure. CVE-2018-5391. This security...
Information about FragmentSmack findings
Palo Alto Networks is aware of recent vulnerability disclosure, known as FragmentSmack, that affects Linux kernel 3.9 and later. At this time, our findings show that some Palo Alto Networks devices running specific versions of PAN-OS are vulnerable to this disclosure. CVE-2018-5391. This security...
Information about L1 Terminal Fault findings
Palo Alto Networks is aware of recent vulnerability disclosures, known as L1 Terminal Fault, that affect modern CPU architectures. At this time, our findings show that these vulnerabilities pose no increased risk to Palo Alto Networks PAN-OS devices. CVE-2018-3615, CVE-2018-3620, and CVE-2017-364...
Cross-Site Scripting (XSS) in GlobalProtect Gateway
A Cross-Site Scripting XSS vulnerability exists in a PAN-OS response for GlobalProtect Gateway. Ref. PAN-84836; CVE-2018-10139 Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. This issue affects PAN-OS 6.1.21 and earlier, PAN-OS...
Denial of Service in PAN-OS Management Web Interface
A Denial of Service exists in PAN-OS Management Web Interface that allows an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. Ref PAN-100189, CVE-2018-10140 This vulnerability can be triggered by an authenticated user...
Cross-Site Scripting (XSS) in GlobalProtect Gateway
A Cross-Site Scripting XSS vulnerability exists in a PAN-OS response for GlobalProtect Gateway. Ref. PAN-84836; CVE-2018-10139 Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. This issue affects PAN-OS 6.1.21 and earlier, PAN-OS...
Denial of Service in PAN-OS Management Web Interface
A Denial of Service exists in PAN-OS Management Web Interface that allows an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. Ref PAN-100189, CVE-2018-10140 This vulnerability can be triggered by an authenticated user...
Denial of Service in PAN-OS Management Web Interface
Palo Alto Networks makes use of a 3rd-party component impacted by CVE-2018-8715. This issue has been confirmed to present a risk for denial of service to the PAN-OS Management Web Interface. Ref PAN-93089, CVE-2018-8715 A specially crafted HTTP POST request with an invalid “If-modified" header...
Denial of Service in PAN-OS Management Web Interface
Palo Alto Networks makes use of a 3rd-party component impacted by CVE-2018-8715. This issue has been confirmed to present a risk for denial of service to the PAN-OS Management Web Interface. Ref PAN-93089, CVE-2018-8715 A specially crafted HTTP POST request with an invalid “If-modified" header...
Local Privilege Escalation in Management Web Interface
A vulnerability exists in the Management web interface that could allow local privilege escalation. The Management web interface does not properly validate specific request parameters, which can potentially allow deletion of files in the system. Ref. PAN-90954; CVE-2018-9242 Successful exploitati...
Information Disclosure in the PAN-OS Management Web Interface
A local privilege escalation vulnerability exists in the PAN-OS management web interface that allows the administrator to access the password hashes of local users by manipulating the HTML markup. Ref. PAN-91564; CVE-2018-9334 Successful exploitation of this issue requires the attacker to be...
Cross-Site Scripting (XSS) in PAN-OS Management Web Interface
A Cross-Site Scripting XSS vulnerability exists in the PAN-OS session browser. Ref. PAN-93244; CVE-2018-9335 Successful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML. An attacker would need to successfully authenticate prior to exploiting this issue. This...
Cross-Site Scripting (XSS) in PAN-OS Management Web Interface
A Cross-Site Scripting XSS vulnerability exists in the PAN-OS session browser. Ref. PAN-93244; CVE-2018-9335 Successful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML. An attacker would need to successfully authenticate prior to exploiting this issue. This...
Cross-Site Scripting (XSS) in PAN-OS Management Web Interface
A Cross-Site Scripting XSS vulnerability exists in a PAN-OS web interface administration page. Ref. PAN-93242; CVE-2018-9337 Successful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML An attacker would need to successfully authenticate prior to exploiting...
Cross-Site Scripting (XSS) in PAN-OS Management Web Interface
A Cross-Site Scripting XSS vulnerability exists in a PAN-OS web interface administration page. Ref. PAN-93242; CVE-2018-9337 Successful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML An attacker would need to successfully authenticate prior to exploiting...
Local Privilege Escalation in Management Web Interface
A vulnerability exists in the Management web interface that could allow local privilege escalation. The Management web interface does not properly validate specific request parameters, which can potentially allow deletion of files in the system. Ref. PAN-90954; CVE-2018-9242 Successful exploitati...
Information Disclosure in the PAN-OS Management Web Interface
A local privilege escalation vulnerability exists in the PAN-OS management web interface that allows the administrator to access the password hashes of local users by manipulating the HTML markup. Ref. PAN-91564; CVE-2018-9334 Successful exploitation of this issue requires the attacker to be...
Cross Site Scripting in PAN-OS
A Cross-Site Scripting XSS vulnerability exists in the PAN-OS URL filtering “continue page” Ref PAN-OS 90835, CVE-2018-7636. PAN-OS software does not properly validate specific request parameters. Successful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML i...
Cross Site Scripting in PAN-OS
A Cross-Site Scripting XSS vulnerability exists in the PAN-OS URL filtering “continue page” Ref PAN-OS 90835, CVE-2018-7636. PAN-OS software does not properly validate specific request parameters. Successful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML i...
Meltdown and Spectre update for WildFire-500 Appliance
Palo Alto Networks has determined that the WildFire-500 WF-500 appliance is affected by the vulnerability disclosures known as Meltdown and Spectre, and has completed an update to address these issues. The WF-500 software update is now available to customers that use the WF-500 appliance for...
Meltdown and Spectre update for WildFire-500 Appliance
Palo Alto Networks has determined that the WildFire-500 WF-500 appliance is affected by the vulnerability disclosures known as Meltdown and Spectre, and has completed an update to address these issues. The WF-500 software update is now available to customers that use the WF-500 appliance for...
Information about Meltdown and Spectre findings
Palo Alto Networks is aware of recent vulnerability disclosures, known as Meltdown and Spectre, that affect modern CPU architectures. At this time, our findings show that these vulnerabilities pose no increased risk to Palo Alto Networks PAN-OS devices. CVE-2017-5715, CVE-2017-5753, and...
ROBOT attack against PAN-OS
ROBOT is an attack that affects the TLS RSA key exchange and could lead to decryption of captured sessions if the TLS server originally serving said captured session is still alive, vulnerable and using the same private key. PAN-89936 / CVE-2017-17841 While SSL Decryption and GlobalProtect are...