VYPR

Prisma Access Agent

by Paloaltonetworks

CVEs (74)

  • CVE-2024-5911Jul 10, 2024
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter…

  • CVE-2024-3388Apr 10, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from…

  • CVE-2024-3387Apr 10, 2024
    risk 0.00cvss epss 0.00

    A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing…

  • CVE-2024-3386Apr 10, 2024
    risk 0.00cvss epss 0.00

    An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally…

  • CVE-2024-3385Apr 10, 2024
    risk 0.00cvss epss 0.01

    A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This…

  • CVE-2024-3384Apr 10, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which…

  • CVE-2024-3383Apr 10, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to…

  • CVE-2024-3382Apr 10, 2024
    risk 0.00cvss epss 0.01

    A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS…

  • CVE-2024-2433Mar 13, 2024
    risk 0.00cvss epss 0.01

    An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log…

  • CVE-2024-0011Feb 14, 2024
    risk 0.00cvss epss 0.00

    A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing…

  • CVE-2024-0010Feb 14, 2024
    risk 0.00cvss epss 0.01

    A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that…

  • CVE-2024-0009Feb 14, 2024
    risk 0.00cvss epss 0.00

    An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.

  • CVE-2024-0008Feb 14, 2024
    risk 0.00cvss epss 0.01

    Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.

  • CVE-2024-0007Feb 14, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated…

Page 4 of 4