Prisma Access@* Security Vulnerabilities and Issues — Prisma Access@* CVE List

Lucene search

PaloaltonetworksPrisma Access*

9 matches found

CVE•added 2022/02/10 6:15 p.m.•94 views

CVE-2022-0011

PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list (EDL)...

6.5CVSS6.4AI score0.0051EPSS

CVE•added 2021/11/10 5:15 p.m.•89 views

CVE-2021-3060

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have ne...

9.3CVSS8.4AI score0.43237EPSS

CVE•added 2025/04/11 2:15 a.m.•73 views

CVE-2025-0128

A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes...

8.7CVSS6.7AI score0.0006EPSS

CVE•added 2024/04/10 5:15 p.m.•72 views

CVE-2024-3388

A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal asset...

5CVSS6.5AI score0.00132EPSS

CVE•added 2024/09/11 5:15 p.m.•66 views

CVE-2024-8687

An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall,...

7.1CVSS6.8AI score0.00059EPSS

CVE•added 2021/11/10 5:15 p.m.•53 views

CVE-2021-3056

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earli...

8.8CVSS9AI score0.00751EPSS

CVE•added 2021/11/10 5:15 p.m.•53 views

CVE-2021-3059

An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than P...

8.1CVSS8.5AI score0.01033EPSS

CVE•added 2025/04/11 2:15 a.m.•51 views

CVE-2025-0126

When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. The...

8.3CVSS6.5AI score0.00061EPSS

CVE•added 2021/11/10 5:15 p.m.•42 views

CVE-2021-3061

An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9....

9CVSS7.2AI score0.00602EPSS