VYPR

Pan OS

by Paloaltonetworks

CVEs (240)

  • CVE-2020-1996May 13, 2020
    risk 0.00cvss epss 0.01

    A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries…

  • CVE-2020-1995May 13, 2020
    risk 0.00cvss epss 0.01

    A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the…

  • CVE-2020-1994May 13, 2020
    risk 0.00cvss epss 0.00

    A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13;…

  • CVE-2020-1993May 13, 2020
    risk 0.00cvss epss 0.00

    The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID. This issue affects: All PAN-OS 7.1 and 8.0 versions; PAN-OS 8.1 versions…

  • CVE-2020-1992Apr 8, 2020
    risk 0.00cvss epss 0.03

    A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. This issue affects Palo…

  • CVE-2020-1990Apr 8, 2020
    risk 0.00cvss epss 0.02

    A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 8.1 versions before…

  • CVE-2020-1979Mar 11, 2020
    risk 0.00cvss epss 0.01

    A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating…

  • CVE-2020-1980Mar 11, 2020
    risk 0.00cvss epss 0.01

    A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later…

  • CVE-2020-1981Mar 11, 2020
    risk 0.00cvss epss 0.00

    A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This…

  • CVE-2020-1975Feb 12, 2020
    risk 0.00cvss epss 0.01

    Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0…

  • CVE-2019-17440Dec 20, 2019
    risk 0.00cvss epss 0.02

    Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to…

  • CVE-2019-17437Dec 5, 2019
    risk 0.00cvss epss 0.00

    An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions…

  • CVE-2019-1582Aug 23, 2019
    risk 0.00cvss epss 0.01

    Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session.

  • CVE-2019-1581Aug 23, 2019
    risk 0.00cvss epss 0.03

    A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25;…

  • CVE-2019-1580Aug 23, 2019
    risk 0.00cvss epss 0.03

    Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.

  • CVE-2019-1575Jul 16, 2019
    risk 0.00cvss epss 0.02

    Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML…

  • CVE-2019-1576Jul 16, 2019
    risk 0.00cvss epss 0.02

    Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions.

  • CVE-2019-1572Mar 26, 2019
    risk 0.00cvss epss 0.02

    PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files.

  • CVE-2019-1566Jan 30, 2019
    risk 0.00cvss epss 0.01

    The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.

  • CVE-2019-1565Jan 30, 2019
    risk 0.00cvss epss 0.01

    The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary…

Page 11 of 12