Cloud NGFW

CVEs (62)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2024-5920	Paloaltonetworks Pan Os	—	0.01	Nov 14, 2024	A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator's browser.
CVE-2024-5917	Paloaltonetworks Pan Os	—	0.00	Nov 14, 2024	A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible.
CVE-2024-2552	Paloaltonetworks Pan Os	—	0.00	Nov 14, 2024	A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.
CVE-2024-5918	Paloaltonetworks Pan Os	—	0.00	Nov 14, 2024	An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate."
CVE-2024-5919	Paloaltonetworks Pan Os	—	0.00	Nov 14, 2024	A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.
CVE-2024-2551	Paloaltonetworks Pan Os	—	0.00	Nov 14, 2024	A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.
CVE-2024-9471	Paloaltonetworks Pan Os	—	0.00	Oct 9, 2024	A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should be limited to read-only operations.
CVE-2024-9468	Paloaltonetworks Pan Os	—	0.01	Oct 9, 2024	A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.
CVE-2024-8691	Paloaltonetworks Pan Os	—	0.00	Sep 11, 2024	A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker.
CVE-2024-8688	Paloaltonetworks Pan Os	—	0.00	Sep 11, 2024	An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall.
CVE-2024-8687	Paloaltonetworks Pan Os	—	0.00	Sep 11, 2024	An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so.
CVE-2024-8686	Paloaltonetworks Pan Os	—	0.00	Sep 11, 2024	A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall.
CVE-2024-5916	Paloaltonetworks Pan Os	—	0.00	Aug 14, 2024	An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems.
CVE-2024-5913	Paloaltonetworks Pan Os	—	0.00	Jul 10, 2024	An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.
CVE-2024-5911	Paloaltonetworks Pan Os	—	0.00	Jul 10, 2024	An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which requires manual intervention to bring the Panorama back online.
CVE-2024-3388	Paloaltonetworks Pan Os	—	0.00	Apr 10, 2024	A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.
CVE-2024-3387	Paloaltonetworks Pan Os	—	0.00	Apr 10, 2024	A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.
CVE-2024-3386	Paloaltonetworks Pan Os	—	0.00	Apr 10, 2024	An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.
CVE-2024-3385	Paloaltonetworks Pan Os	—	0.03	Apr 10, 2024	A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: - PA-5400 Series firewalls - PA-7000 Series firewalls
CVE-2024-3384	Paloaltonetworks Pan Os	—	0.01	Apr 10, 2024	A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.

CVE-2024-5920Nov 14, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator's browser.
CVE-2024-5917Nov 14, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible.
CVE-2024-2552Nov 14, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.
CVE-2024-5918Nov 14, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate."
CVE-2024-5919Nov 14, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.
CVE-2024-2551Nov 14, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.
CVE-2024-9471Oct 9, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should be limited to read-only operations.
CVE-2024-9468Oct 9, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.01
A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.
CVE-2024-8691Sep 11, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker.
CVE-2024-8688Sep 11, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall.
CVE-2024-8687Sep 11, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so.
CVE-2024-8686Sep 11, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall.
CVE-2024-5916Aug 14, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems.
CVE-2024-5913Jul 10, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.
CVE-2024-5911Jul 10, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which requires manual intervention to bring the Panorama back online.
CVE-2024-3388Apr 10, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.
CVE-2024-3387Apr 10, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.
CVE-2024-3386Apr 10, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.
CVE-2024-3385Apr 10, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.03
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: - PA-5400 Series firewalls - PA-7000 Series firewalls
CVE-2024-3384Apr 10, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.01
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.

Page 2 of 4