PAN-OS Panorama

CVEs (14)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2025-0107	Paloaltonetworks Pan Os	0.06	—	0.80	Jan 11, 2025	An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API…
CVE-2025-0106	Paloaltonetworks Pan Os	0.00	—	0.01	Jan 11, 2025	A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem.
CVE-2025-0105	Paloaltonetworks Pan Os	0.00	—	0.04	Jan 11, 2025	An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.
CVE-2025-0104	Paloaltonetworks Pan Os	0.00	—	0.01	Jan 11, 2025	A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browser if that authenticated user clicks a malicious link that allows phishing…
CVE-2025-0103	Paloaltonetworks Pan Os	0.00	—	0.00	Jan 11, 2025	An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read…
CVE-2024-2433	Paloaltonetworks Pan Os	0.00	—	0.00	Mar 13, 2024	An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log…
CVE-2020-2022	Paloaltonetworks Pan Os	0.00	—	0.01	Nov 12, 2020	An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability…
CVE-2020-2018	Paloaltonetworks Pan Os	0.00	—	0.00	May 13, 2020	An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. An attacker requires some knowledge of managed firewalls to exploit this…
CVE-2020-2017	Paloaltonetworks Pan Os	0.00	—	0.00	May 13, 2020	A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in…
CVE-2020-2013	Paloaltonetworks Pan Os	0.00	—	0.00	May 13, 2020	A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected…
CVE-2020-2011	Paloaltonetworks Pan Os	0.00	—	0.01	May 13, 2020	An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. Repeated…
CVE-2020-2009	Paloaltonetworks Pan Os	0.00	—	0.02	May 13, 2020	An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases…
CVE-2020-2001	Paloaltonetworks Pan Os	0.00	—	0.02	May 13, 2020	An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges. This…
CVE-2020-1996	Paloaltonetworks Pan Os	0.00	—	0.01	May 13, 2020	A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries…

CVE-2025-0107Jan 11, 2025
Paloaltonetworks
Pan Os
risk 0.06cvss —epss 0.80
An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API…
CVE-2025-0106Jan 11, 2025
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.01
A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem.
CVE-2025-0105Jan 11, 2025
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.04
An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.
CVE-2025-0104Jan 11, 2025
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.01
A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browser if that authenticated user clicks a malicious link that allows phishing…
CVE-2025-0103Jan 11, 2025
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read…
CVE-2024-2433Mar 13, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log…
CVE-2020-2022Nov 12, 2020
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.01
An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability…
CVE-2020-2018May 13, 2020
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. An attacker requires some knowledge of managed firewalls to exploit this…
CVE-2020-2017May 13, 2020
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in…
CVE-2020-2013May 13, 2020
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected…
CVE-2020-2011May 13, 2020
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.01
An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. Repeated…
CVE-2020-2009May 13, 2020
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.02
An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases…
CVE-2020-2001May 13, 2020
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.02
An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges. This…
CVE-2020-1996May 13, 2020
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.01
A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries…