VYPR

Pan OS

by Paloaltonetworks

CVEs (240)

  • CVE-2021-3036Apr 20, 2021
    risk 0.00cvss epss 0.00

    An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that…

  • CVE-2021-3032Jan 13, 2021
    risk 0.00cvss epss 0.00

    An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information…

  • CVE-2021-3031Jan 13, 2021
    risk 0.00cvss epss 0.01

    Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall…

  • CVE-2020-2050Nov 12, 2020
    risk 0.00cvss epss 0.01

    An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and…

  • CVE-2020-2048Nov 12, 2020
    risk 0.00cvss epss 0.00

    An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier…

  • CVE-2020-2022Nov 12, 2020
    risk 0.00cvss epss 0.01

    An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability…

  • CVE-2020-2000Nov 12, 2020
    risk 0.00cvss epss 0.03

    An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1…

  • CVE-2020-1999Nov 12, 2020
    risk 0.00cvss epss 0.01

    A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets. This technique…

  • CVE-2020-2044Sep 9, 2020
    risk 0.00cvss epss 0.01

    An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command…

  • CVE-2020-2043Sep 9, 2020
    risk 0.00cvss epss 0.01

    An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field…

  • CVE-2020-2042Sep 9, 2020
    risk 0.00cvss epss 0.02

    A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. This issue impacts only PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.

  • CVE-2020-2041Sep 9, 2020
    risk 0.00cvss epss 0.02

    An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service…

  • CVE-2020-2040Sep 9, 2020
    risk 0.00cvss epss 0.04

    A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. This issue impacts:…

  • CVE-2020-2037Sep 9, 2020
    risk 0.00cvss epss 0.04

    An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS…

  • CVE-2020-2035Aug 12, 2020
    risk 0.00cvss epss 0.01

    When SSL/TLS Forward Proxy Decryption mode has been configured to decrypt the web transactions, the PAN-OS URL filtering feature inspects the HTTP Host and URL path headers for policy enforcement on the decrypted HTTPS web transactions but does not consider Server Name…

  • CVE-2020-2031Jul 8, 2020
    risk 0.00cvss epss 0.01

    An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrators to issue a command from the command line interface that causes the component to stop responding. Repeated attempts to send this request result in…

  • CVE-2020-2030Jul 8, 2020
    risk 0.00cvss epss 0.03

    An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; and all versions of PAN-OS 7.1 and PAN-OS…

  • CVE-2020-1982Jul 8, 2020
    risk 0.00cvss epss 0.00

    Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. These cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure. Conditions…

  • CVE-2020-2029Jun 10, 2020
    risk 0.00cvss epss 0.02

    An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request to generate new certificates for use in the PAN-OS configuration. This issue…

  • CVE-2020-2028Jun 10, 2020
    risk 0.00cvss epss 0.02

    An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1…

Page 9 of 12