Lucene search

K
PaloaltonetworksPan-os

220 matches found

CVE
CVE
added 2024/07/10 7:15 p.m.6499 views

CVE-2024-5911

An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which requi...

7CVSS6.6AI score0.00146EPSS
CVE
CVE
added 2016/11/10 9:59 p.m.1976 views

CVE-2016-5195

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

7.2CVSS7.8AI score0.94181EPSS
CVE
CVE
added 2024/10/09 5:15 p.m.1136 views

CVE-2024-9468

A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering mai...

8.2CVSS6.8AI score0.0019EPSS
CVE
CVE
added 2019/07/19 10:15 p.m.1117 views

CVE-2019-1579

Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code.

8.1CVSS8.4AI score0.92678EPSS
CVE
CVE
added 2020/06/29 3:15 p.m.1092 views

CVE-2020-2021

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources...

10CVSS9.5AI score0.11497EPSS
CVE
CVE
added 2019/02/27 11:29 p.m.778 views

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is receiv...

5.9CVSS6.3AI score0.04426EPSS
CVE
CVE
added 2022/08/10 4:15 p.m.755 views

CVE-2022-0028

A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewal...

8.6CVSS8.4AI score0.05447EPSS
CVE
CVE
added 2024/04/12 8:15 a.m.731 views

CVE-2024-3400

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the f...

10CVSS9.8AI score0.94345EPSS
CVE
CVE
added 2017/12/11 5:29 p.m.728 views

CVE-2017-15944

Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.

9.8CVSS9.5AI score0.94017EPSS
CVE
CVE
added 2024/09/11 5:15 p.m.567 views

CVE-2024-8686

A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall.

8.6CVSS7.2AI score0.00479EPSS
CVE
CVE
added 2024/12/27 10:15 a.m.507 views

CVE-2024-3393

A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to ...

8.7CVSS6.5AI score0.6473EPSS
CVE
CVE
added 2025/02/12 9:15 p.m.397 views

CVE-2025-0108

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP ...

9.1CVSS8.1AI score0.94039EPSS
CVE
CVE
added 2024/11/18 4:15 p.m.308 views

CVE-2024-0012

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege e...

9.8CVSS7.5AI score0.94234EPSS
CVE
CVE
added 2024/11/18 4:15 p.m.303 views

CVE-2024-9474

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

7.2CVSS6.7AI score0.94174EPSS
CVE
CVE
added 2017/11/13 10:29 p.m.247 views

CVE-2016-8610

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail t...

7.5CVSS7.4AI score0.70009EPSS
CVE
CVE
added 2016/06/30 5:59 p.m.228 views

CVE-2016-4971

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.

8.8CVSS8.3AI score0.73862EPSS
CVE
CVE
added 2018/10/08 6:29 p.m.214 views

CVE-2018-18065

_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

6.5CVSS6.2AI score0.04942EPSS
CVE
CVE
added 2025/02/12 9:15 p.m.183 views

CVE-2025-0111

An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by re...

7.1CVSS6.7AI score0.03095EPSS
CVE
CVE
added 2021/11/10 5:15 p.m.168 views

CVE-2021-3064

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the Glo...

10CVSS9.7AI score0.47835EPSS
CVE
CVE
added 2024/07/10 7:15 p.m.165 views

CVE-2024-5913

An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.

6.8CVSS6.1AI score0.00057EPSS
CVE
CVE
added 2020/07/08 5:15 p.m.154 views

CVE-2020-2034

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtec...

9.3CVSS8.6AI score0.6142EPSS
CVE
CVE
added 2019/08/23 6:15 p.m.124 views

CVE-2019-1580

Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.

10CVSS9.6AI score0.02201EPSS
CVE
CVE
added 2019/08/23 6:15 p.m.122 views

CVE-2019-1581

A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25; 8.0 versions prior ...

9.8CVSS9.8AI score0.04072EPSS
CVE
CVE
added 2021/01/13 6:15 p.m.120 views

CVE-2021-3031

Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ether...

4.3CVSS4.7AI score0.03428EPSS
CVE
CVE
added 2019/08/23 6:15 p.m.107 views

CVE-2019-1582

Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session.

7.2CVSS7.1AI score0.00571EPSS
CVE
CVE
added 2020/11/12 12:15 a.m.106 views

CVE-2020-2050

An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to rest...

8.2CVSS8.4AI score0.00104EPSS
CVE
CVE
added 2020/05/13 7:15 p.m.104 views

CVE-2020-2015

A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions ...

9CVSS9AI score0.01737EPSS
CVE
CVE
added 2020/11/12 12:15 a.m.102 views

CVE-2020-2000

An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than P...

9CVSS7.6AI score0.01715EPSS
CVE
CVE
added 2019/07/16 2:15 p.m.96 views

CVE-2019-1575

Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and ...

8.8CVSS8.6AI score0.0072EPSS
CVE
CVE
added 2021/04/20 4:15 a.m.95 views

CVE-2021-3036

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to u...

4.4CVSS4.5AI score0.00143EPSS
CVE
CVE
added 2022/02/10 6:15 p.m.94 views

CVE-2022-0011

PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list (EDL)...

6.5CVSS6.4AI score0.0051EPSS
CVE
CVE
added 2023/05/10 5:15 p.m.93 views

CVE-2023-0008

A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.

4.4CVSS4.8AI score0.00157EPSS
CVE
CVE
added 2022/05/11 5:15 p.m.92 views

CVE-2022-0024

A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed...

9CVSS7.2AI score0.00869EPSS
CVE
CVE
added 2021/11/10 5:15 p.m.89 views

CVE-2021-3060

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have ne...

9.3CVSS8.4AI score0.43237EPSS
CVE
CVE
added 2020/11/12 12:15 a.m.86 views

CVE-2020-1999

A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets. This technique evades signature-based...

5.3CVSS5.2AI score0.00112EPSS
CVE
CVE
added 2020/11/12 12:15 a.m.85 views

CVE-2020-2022

An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacker ...

7.5CVSS7.4AI score0.03335EPSS
CVE
CVE
added 2020/11/12 12:15 a.m.84 views

CVE-2020-2048

An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; ...

3.3CVSS3.8AI score0.00057EPSS
CVE
CVE
added 2022/03/09 6:15 p.m.84 views

CVE-2022-0022

Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operationa...

4.6CVSS4.7AI score0.00077EPSS
CVE
CVE
added 2024/08/14 5:15 p.m.84 views

CVE-2024-5916

An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to ext...

6CVSS6AI score0.00066EPSS
CVE
CVE
added 2021/04/20 4:15 a.m.83 views

CVE-2021-3037

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS con...

2.3CVSS3.4AI score0.00164EPSS
CVE
CVE
added 2022/04/13 7:15 p.m.83 views

CVE-2022-0023

An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to s...

5.9CVSS5.6AI score0.00573EPSS
CVE
CVE
added 2019/07/16 2:15 p.m.82 views

CVE-2019-1576

Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions.

8.8CVSS8.9AI score0.04708EPSS
CVE
CVE
added 2020/05/13 7:15 p.m.81 views

CVE-2020-2009

An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases this results in arb...

9CVSS7.3AI score0.01523EPSS
CVE
CVE
added 2022/10/12 5:15 p.m.79 views

CVE-2022-0030

An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions.

8.1CVSS8.2AI score0.00102EPSS
CVE
CVE
added 2023/05/10 5:15 p.m.76 views

CVE-2023-0007

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed.

6.5CVSS5AI score0.00448EPSS
CVE
CVE
added 2020/05/13 7:15 p.m.75 views

CVE-2020-2018

An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. An attacker requires some knowledge of managed firewalls to exploit this issue. This issue doe...

9.3CVSS9.3AI score0.00155EPSS
CVE
CVE
added 2020/08/12 5:15 p.m.75 views

CVE-2020-2035

When SSL/TLS Forward Proxy Decryption mode has been configured to decrypt the web transactions, the PAN-OS URL filtering feature inspects the HTTP Host and URL path headers for policy enforcement on the decrypted HTTPS web transactions but does not consider Server Name Indication (SNI) field within...

3.5CVSS3.8AI score0.00332EPSS
CVE
CVE
added 2024/04/10 5:15 p.m.74 views

CVE-2024-3383

A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your exis...

9.1CVSS6.6AI score0.00326EPSS
CVE
CVE
added 2025/06/13 12:15 a.m.74 views

CVE-2025-4231

A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access a...

8.6CVSS6.9AI score0.00355EPSS
CVE
CVE
added 2020/05/13 7:15 p.m.73 views

CVE-2020-2008

An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. This issue affects:...

9CVSS7.5AI score0.02993EPSS
Total number of security vulnerabilities220