VYPR

Pan OS

by Paloaltonetworks

CVEs (240)

  • CVE-2016-2219MedJul 12, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2025-0136MedMay 14, 2025
    risk 0.34cvss epss 0.00

    Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This…

  • CVE-2026-0258MedMay 13, 2026
    risk 0.31cvss epss 0.00

    A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition. …

  • CVE-2025-0137MedMay 14, 2025
    risk 0.31cvss epss 0.00

    An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have…

  • CVE-2026-0269MedJun 10, 2026
    risk 0.30cvss epss 0.00

    A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter…

  • CVE-2026-0256MedMay 13, 2026
    risk 0.29cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and…

  • CVE-2024-9474KEVNov 18, 2024
    risk 0.29cvss epss 0.95

    A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

  • CVE-2024-0012KEVNov 18, 2024
    risk 0.29cvss epss 1.00

    An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other…

  • CVE-2024-3400KEVApr 12, 2024
    risk 0.29cvss epss 1.00

    A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root…

  • CVE-2018-10140MedAug 16, 2018
    risk 0.28cvss 4.3epss 0.02

    The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected.

  • CVE-2017-7217MedApr 14, 2017
    risk 0.28cvss 4.3epss 0.01

    The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters.

  • CVE-2019-1579KEVJul 19, 2019
    risk 0.25cvss epss 0.39

    Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code.

  • CVE-2025-0108KEVFeb 12, 2025
    risk 0.20cvss epss 0.98

    An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While…

  • CVE-2020-2021KEVJun 29, 2020
    risk 0.20cvss epss 0.04

    When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access…

  • CVE-2025-0133LowMay 14, 2025
    risk 0.18cvss epss 0.44

    A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a…

  • CVE-2024-3393KEVDec 27, 2024
    risk 0.18cvss epss 0.27

    A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will…

  • CVE-2025-0111KEVFeb 12, 2025
    risk 0.12cvss epss 0.02

    An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the…

  • CVE-2022-0028KEVAug 10, 2022
    risk 0.12cvss epss 0.02

    A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series…

  • CVE-2020-2038Sep 9, 2020
    risk 0.10cvss epss 0.86

    An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS…

  • CVE-2026-0228LowFeb 11, 2026
    risk 0.08cvss epss 0.00

    An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.

Page 4 of 12