Lucene search
K
PaloaltoRecent

510 matches found

Palo Alto Networks
Palo Alto Networks
•added 2018/01/02 6:9 p.m.•13 views

Cross Site Scripting Vulnerability in PAN-OS GlobalProtect

A vulnerability exists in PAN-OS GlobalProtect when either the gateway or the portal are configured. This issue could allow for a cross-site scripting XSS attack. Ref PAN-81586 / CVE-2017-15941 Successful exploitation of this issue may allow an attacker to inject arbitrary javascript or HTML. Thi...

6.1CVSS6.1AI score0.01195EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2018/01/02 6:9 p.m.•522 views

Cross Site Scripting in PAN-OS Captive Portal

A vulnerability exists in PAN-OS Captive Portal that could allow for a cross-site scripting XSS attack to be performed against clients viewing the captive portal page when configured in a certain way. Ref PAN-85238 / CVE-2017-16878 Successful exploitation of this issue may allow an attacker to...

1.4AI score0.01122EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2018/01/02 6:9 p.m.•522 views

ROBOT attack against PAN-OS

ROBOT is an attack that affects the TLS RSA key exchange and could lead to decryption of captured sessions if the TLS server originally serving said captured session is still alive, vulnerable and using the same private key. PAN-89936 / CVE-2017-17841 While SSL Decryption and GlobalProtect are...

1.2AI score0.02408EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2018/01/02 6:9 p.m.•7 views

Cross Site Scripting in PAN-OS Captive Portal

A vulnerability exists in PAN-OS Captive Portal that could allow for a cross-site scripting XSS attack to be performed against clients viewing the captive portal page when configured in a certain way. Ref PAN-85238 / CVE-2017-16878 Successful exploitation of this issue may allow an attacker to...

6.1CVSS6.1AI score0.01122EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2018/01/02 6:9 p.m.•596 views

Cross Site Scripting Vulnerability in PAN-OS GlobalProtect

A vulnerability exists in PAN-OS GlobalProtect when either the gateway or the portal are configured. This issue could allow for a cross-site scripting XSS attack. Ref PAN-81586 / CVE-2017-15941 Successful exploitation of this issue may allow an attacker to inject arbitrary javascript or HTML. Thi...

1.8AI score0.01195EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/12/06 12:20 a.m.•10 views

GlobalProtect App Vulnerability

An "image path execution hijacking" vulnerability affects the Palo Alto Networks Global Protect Client. Exploitation of this issue requires the root privileges on the local station. An attacker could exploit this vulnerability to obtain a certain level of persistence on the compromised host. ref...

6.7CVSS6.9AI score0.00434EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2017/12/06 12:20 a.m.•526 views

GlobalProtect App Vulnerability

An "image path execution hijacking" vulnerability affects the Palo Alto Networks Global Protect Client. Exploitation of this issue requires the root privileges on the local station. An attacker could exploit this vulnerability to obtain a certain level of persistence on the compromised host. ref...

3AI score0.00434EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/12/06 12:15 a.m.•11 views

Command Injection in PAN-OS

A vulnerability exists in the PAN-OS web interface packet capture management that could allow an authenticated user to inject arbitrary commands. Ref PAN-81892 / CVE-2017-15940 PAN-OS contains a vulnerability that may allow for post authentication command injection This issue affects PAN-OS 6.1.1...

9.8CVSS7.5AI score0.0493EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2017/12/06 12:15 a.m.•581 views

Command Injection in PAN-OS

A vulnerability exists in the PAN-OS web interface packet capture management that could allow an authenticated user to inject arbitrary commands. Ref PAN-81892 / CVE-2017-15940 PAN-OS contains a vulnerability that may allow for post authentication command injection This issue affects PAN-OS 6.1.1...

1.2AI score0.0493EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/12/06 12:5 a.m.•10 views

Vulnerability in PAN-OS and Panorama on Management Interface

Through the exploitation of a combination of unrelated vulnerabilities, and via the management interface of the device, an attacker could remotely execute code on PAN-OS or Panorama in the context of the highest privileged user. Ref PAN-61094 / PAN-80990 / PAN-80993 / PAN-80994 / CVE-2017-15944...

9.8CVSS8.3AI score0.9834EPSS
Exploits13References1
Palo Alto Networks
Palo Alto Networks
•added 2017/12/06 12:5 a.m.•642 views

Vulnerability in PAN-OS and Panorama on Management Interface

Through the exploitation of a combination of unrelated vulnerabilities, and via the management interface of the device, an attacker could remotely execute code on PAN-OS or Panorama in the context of the highest privileged user. Ref PAN-61094 / PAN-80990 / PAN-80993 / PAN-80994 / CVE-2017-15944...

1.3AI score0.9834EPSS
Exploits13References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/12/06 12:5 a.m.•6 views

Server-Side Request Forgery in PAN-OS

A vulnerability exists in the PAN-OS web interface in the configuration file import for applications, spyware and vulnerability objects. Exploitation of this vulnerability allows for the parsing of external entities and could lead a PAN-OS device to connect to and disclose limited information to...

5.3CVSS6.9AI score0.01705EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2017/12/06 12:5 a.m.•557 views

Server-Side Request Forgery in PAN-OS

A vulnerability exists in the PAN-OS web interface in the configuration file import for applications, spyware and vulnerability objects. Exploitation of this vulnerability allows for the parsing of external entities and could lead a PAN-OS device to connect to and disclose limited information to...

2.5AI score0.01705EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/12/06 12:0 a.m.•11 views

Denial of Service Against GlobalProtect

A vulnerability exists in PAN-OS that could lead to denying access to GlobalProtect portal, GlobalProtect gateway or preventing configuration commits. Ref PAN-78127 / CVE-2017-15942 PAN-OS contains a vulnerability in GlobalProtect that may allow a non-authenticated third party to mount a Denial o...

7.5CVSS7AI score0.02234EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2017/12/06 12:0 a.m.•594 views

Denial of Service Against GlobalProtect

A vulnerability exists in PAN-OS that could lead to denying access to GlobalProtect portal, GlobalProtect gateway or preventing configuration commits. Ref PAN-78127 / CVE-2017-15942 PAN-OS contains a vulnerability in GlobalProtect that may allow a non-authenticated third party to mount a Denial o...

2.8AI score0.02234EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/08/30 11:0 p.m.•669 views

XML External Entity (XXE) in PAN-OS

A vulnerability exists in PAN-OS’s GlobalProtect internal and external gateway interface that could allow for XML External Entity XXE attack. PAN-OS does not properly parse XML input. Ref PAN-75688 / CVE-2017-9458 Successful exploitation of this issue may allow disclosure of information, denial o...

4.3AI score0.02465EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/08/30 11:0 p.m.•13 views

XML External Entity (XXE) in PAN-OS

A vulnerability exists in PAN-OS’s GlobalProtect internal and external gateway interface that could allow for XML External Entity XXE attack. PAN-OS does not properly parse XML input. Ref PAN-75688 / CVE-2017-9458 Successful exploitation of this issue may allow disclosure of information, denial o...

9.8CVSS7.2AI score0.02465EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2017/08/30 11:0 p.m.•15 views

Cross-Site Scripting in PAN-OS

A vulnerability exists in PAN-OS’s GlobalProtect internal and external gateway interface. This issue could allow for a cross-site scripting XSS attack. PAN-OS does not properly validate specific request parameters. Ref PAN-76003 / CVE-2017-12416 Successful exploitation of this issue may allow an...

6.1CVSS6AI score0.01195EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2017/08/30 11:0 p.m.•528 views

Cross-Site Scripting in PAN-OS

A vulnerability exists in PAN-OS’s GlobalProtect internal and external gateway interface. This issue could allow for a cross-site scripting XSS attack. PAN-OS does not properly validate specific request parameters. Ref PAN-76003 / CVE-2017-12416 Successful exploitation of this issue may allow an...

3.1AI score0.01195EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/07/27 5:15 p.m.•615 views

NTP Vulnerability

The Network Time Protocol NTP library has been found to contain a vulnerability CVE-2017-6460. Palo Alto Networks software makes use of the vulnerable library and may be affected. This issue only affects the management plane of the firewall. Ref PAN-76130 / CVE-2017-6460 Successful exploitation o...

2.2AI score0.02682EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/07/27 5:15 p.m.•7 views

NTP Vulnerability

The Network Time Protocol NTP library has been found to contain a vulnerability CVE-2017-6460. Palo Alto Networks software makes use of the vulnerable library and may be affected. This issue only affects the management plane of the firewall. Ref PAN-76130 / CVE-2017-6460 Successful exploitation o...

8.8CVSS7AI score0.02682EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2017/07/20 8:10 p.m.•10 views

Vulnerability in the PAN-OS DNS Proxy

A Remote Code Execution vulnerability exists in the PAN-OS DNS Proxy. This issue affects customers who have DNS Proxy enabled in PAN-OS. This issue affects both the Data and Management planes of the firewall. When DNS Proxy processes a specially crafted fully qualified domain names FQDN, it is...

9.8CVSS8AI score0.06072EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2017/07/20 8:10 p.m.•590 views

Vulnerability in the PAN-OS DNS Proxy

A Remote Code Execution vulnerability exists in the PAN-OS DNS Proxy. This issue affects customers who have DNS Proxy enabled in PAN-OS. This issue affects both the Data and Management planes of the firewall. When DNS Proxy processes a specially crafted fully qualified domain names FQDN, it is...

4.5AI score0.06072EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/07/20 8:10 p.m.•523 views

Cross-Site Scripting in PAN-OS

A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for a cross-site scripting XSS attack. PAN-OS does not properly validate specific request parameters. Ref PAN-77294 / CVE-2017-9467 Successful exploitation of this issue may allow an attacker to inject arbitrar...

3.1AI score0.01195EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/07/20 8:10 p.m.•9 views

Cross-Site Scripting in PAN-OS

A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for a cross-site scripting XSS attack. PAN-OS does not properly validate specific request parameters. Ref PAN-77294 / CVE-2017-9467 Successful exploitation of this issue may allow an attacker to inject arbitrar...

6.1CVSS6AI score0.01195EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2017/07/20 8:10 p.m.•512 views

Cross-Site Scripting in the Management Web Interface

A reflected cross-site scripting XSS vulnerability exists in the management web interface. PAN-OS contains an unauthenticated vulnerability that may allow for a reflected cross-site scripting XSS attack of the management web interface. ref PAN-76455 / CVE-2017-9459. Successful exploitation of thi...

1.6AI score0.01195EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/07/20 8:10 p.m.•12 views

Cross-Site Scripting in the Management Web Interface

A reflected cross-site scripting XSS vulnerability exists in the management web interface. PAN-OS contains an unauthenticated vulnerability that may allow for a reflected cross-site scripting XSS attack of the management web interface. ref PAN-76455 / CVE-2017-9459. Successful exploitation of thi...

6.1CVSS5.9AI score0.01195EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2017/06/19 8:30 p.m.•11 views

Kernel Vulnerability

A vulnerability exists in the Linux kernel of PAN-OS that may result in Remote Code Execution. A vulnerability in the Linux kernel networking subsystem for UDP could enable an attacker to execute arbitrary code within the context of the kernel. The Data Plane DP of PAN-OS is not affected by this...

9.8CVSS8.1AI score0.12791EPSS
Exploits1References1
Palo Alto Networks
Palo Alto Networks
•added 2017/06/19 8:30 p.m.•559 views

Kernel Vulnerability

A vulnerability exists in the Linux kernel of PAN-OS that may result in Remote Code Execution. A vulnerability in the Linux kernel networking subsystem for UDP could enable an attacker to execute arbitrary code within the context of the kernel. The Data Plane DP of PAN-OS is not affected by this...

2.6AI score0.12791EPSS
Exploits1References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/06/07 12:25 a.m.•8 views

OpenSSL Vulnerability

The OpenSSL library has been found to contain vulnerability CVE-2016-8610. Palo Alto Networks software makes use of the vulnerable library and may be affected. Ref PAN-68543 / CVE-2016-8610 The OpenSSL library in use by PAN-OS is patched on a regular basis. This issue affects PAN-OS 6.1.17 and...

7.5CVSS7.1AI score0.39657EPSS
Exploits1References1
Palo Alto Networks
Palo Alto Networks
•added 2017/06/07 12:25 a.m.•645 views

OpenSSL Vulnerability

The OpenSSL library has been found to contain vulnerability CVE-2016-8610. Palo Alto Networks software makes use of the vulnerable library and may be affected. Ref PAN-68543 / CVE-2016-8610 The OpenSSL library in use by PAN-OS is patched on a regular basis. This issue affects PAN-OS 6.1.17 and...

2.7AI score0.39657EPSS
Exploits1References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/05/23 3:0 a.m.•8 views

WGET Vulnerability

The wget library has been found to contain a vulnerability CVE 2016-4971. wget allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. Palo Alto Networks software makes use of the vulnerable library and may be affected. Ref PAN-59677/ CVE...

8.8CVSS7.1AI score0.45935EPSS
Exploits8References1
Palo Alto Networks
Palo Alto Networks
•added 2017/05/23 3:0 a.m.•496 views

WGET Vulnerability

The wget library has been found to contain a vulnerability CVE 2016-4971. wget allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. Palo Alto Networks software makes use of the vulnerable library and may be affected. Ref PAN-59677/ CVE...

1.4AI score0.45935EPSS
Exploits8References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/05/23 3:0 a.m.•20 views

Kernel Vulnerability

A vulnerability exists in the kernel of PAN-OS that may result in Information Disclosure. The challenge ACK rate limiting in the kernel's networking subsystem may allow an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rat...

4.8CVSS6.6AI score0.15073EPSS
Exploits3References1
Palo Alto Networks
Palo Alto Networks
•added 2017/05/23 3:0 a.m.•571 views

Kernel Vulnerability

A vulnerability exists in the kernel of PAN-OS that may result in Information Disclosure. The challenge ACK rate limiting in the kernel's networking subsystem may allow an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rat...

2.1AI score0.15073EPSS
Exploits3References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/04/28 4:45 p.m.•7 views

Brute force attack on the PAN-OS GlobalProtect external interface

A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for an attacker to brute force a username on PAN-OS GlobalProtect external Interface. The vulnerability is caused by PAN-OS provided different responses when supplying login credentials. Ref PAN-72769 /...

9.8CVSS7AI score0.01835EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2017/04/28 4:45 p.m.•1208 views

Brute force attack on the PAN-OS GlobalProtect external interface

A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for an attacker to brute force a username on PAN-OS GlobalProtect external Interface. The vulnerability is caused by PAN-OS provided different responses when supplying login credentials. Ref PAN-72769 /...

3.9AI score0.01835EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/04/28 4:45 p.m.•15 views

Information Disclosure in the Management Web Interface

A vulnerability exists in the Management Web Interface of PAN-OS, that could allow for Information Disclosure. The Management Web Interface does not properly validate certain permissions which could allow for Information Disclosure. Ref PAN-70541 / CVE-2017-7644 Successfully exploiting this issue...

6.5CVSS6.8AI score0.0102EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2017/04/28 4:45 p.m.•510 views

Information Disclosure in the Management Web Interface

A vulnerability exists in the Management Web Interface of PAN-OS, that could allow for Information Disclosure. The Management Web Interface does not properly validate certain permissions which could allow for Information Disclosure. Ref PAN-70541 / CVE-2017-7644 Successfully exploiting this issue...

2.8AI score0.0102EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/04/20 6:0 p.m.•8 views

Cross-Site Scripting in PAN-OS

A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for a cross-site scripting XSS attack. PAN-OS does not properly validate specific request parameters. Ref PAN-70674 / CVE-2017-7409 Successful exploitation of this issue may allow an attacker to inject arbitrar...

6.1CVSS6AI score0.00961EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2017/04/20 6:0 p.m.•594 views

Cross-Site Scripting in PAN-OS

A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for a cross-site scripting XSS attack. PAN-OS does not properly validate specific request parameters. Ref PAN-70674 / CVE-2017-7409 Successful exploitation of this issue may allow an attacker to inject arbitrar...

3AI score0.00961EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/04/20 6:0 p.m.•3 views

OpenSSL Vulnerability

The OpenSSL library has been found to contain vulnerability CVE-2017-3731. Palo Alto Networks software makes use of the vulnerable library and may be affected. Ref PAN-73914 / CVE-2017-3731 The OpenSSL library in use by PAN-OS is patched on a regular basis. This issue affects PAN-OS 6.1, PAN-OS...

7.5CVSS7.1AI score0.57595EPSS
Exploits1References1
Palo Alto Networks
Palo Alto Networks
•added 2017/04/20 6:0 p.m.•789 views

OpenSSL Vulnerability

The OpenSSL library has been found to contain vulnerability CVE-2017-3731. Palo Alto Networks software makes use of the vulnerable library and may be affected. Ref PAN-73914 / CVE-2017-3731 The OpenSSL library in use by PAN-OS is patched on a regular basis. This issue affects PAN-OS 6.1, PAN-OS...

2.8AI score0.57595EPSS
Exploits1References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/04/10 5:30 p.m.•16 views

Information Disclosure in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow for Information Disclosure. The Management Web Interface does not properly validate specific request parameters which can potentially allow for Information Disclosure. Ref PAN-70434 / CVE-2017-7216 Successfully exploiting thi...

6.5CVSS6.8AI score0.01197EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2017/04/10 5:30 p.m.•555 views

Information Disclosure in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow for Information Disclosure. The Management Web Interface does not properly validate specific request parameters which can potentially allow for Information Disclosure. Ref PAN-70434 / CVE-2017-7216 Successfully exploiting thi...

2.7AI score0.01197EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/04/10 5:30 p.m.•517 views

Local Privilege Escalation in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow for local privilege escalation. The Management Web Interface does not properly validate specific request parameters which can potentially allow executing code with higher privileges. Ref PAN-70426/ CVE-2017-7218 Successfully...

2.2AI score0.00544EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/04/10 5:30 p.m.•10 views

Local Privilege Escalation in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow for local privilege escalation. The Management Web Interface does not properly validate specific request parameters which can potentially allow executing code with higher privileges. Ref PAN-70426/ CVE-2017-7218 Successfully...

7.8CVSS6.9AI score0.00544EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2017/04/10 5:30 p.m.•514 views

Tampering of temporary export files in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow an attacker to tamper with export files. The Management Web Interface does not properly validate specific request parameters which can potentially allow arbitrary data to be written to export files. Ref PAN- 70436 /...

2.9AI score0.01065EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
•added 2017/04/10 5:30 p.m.•17 views

Tampering of temporary export files in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow an attacker to tamper with export files. The Management Web Interface does not properly validate specific request parameters which can potentially allow arbitrary data to be written to export files. Ref PAN- 70436 /...

4.3CVSS6.9AI score0.01065EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
•added 2017/04/07 5:0 p.m.•9 views

Temporary DoS for Traps Agent

A vulnerability exists with the Traps ESM Console that could allow an attacker to cause a temporary Denial of Service DoS to a Traps agent. The ESM Console does not properly validate requests to revoke a Traps agent license. Ref CYV-11547 / CVE-2017-7408 Successfully exploiting this issue revokes...

7.5CVSS7AI score0.01906EPSS
Exploits0References1
Total number of security vulnerabilities510