Cloud NGFW

CVEs (62)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2024-3383	Paloaltonetworks Pan Os	—	0.00	Apr 10, 2024	A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.
CVE-2024-3382	Paloaltonetworks Pan Os	—	0.00	Apr 10, 2024	A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.
CVE-2024-2433	Paloaltonetworks Pan Os	—	0.00	Mar 13, 2024	An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. This issue affects only the web interface of the management plane; the dataplane is unaffected.
CVE-2024-0011	Paloaltonetworks Pan Os	—	0.01	Feb 14, 2024	A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.
CVE-2024-0010	Paloaltonetworks Pan Os	—	0.04	Feb 14, 2024	A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.
CVE-2024-0009	Paloaltonetworks Pan Os	—	0.00	Feb 14, 2024	An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.
CVE-2024-0008	Paloaltonetworks Pan Os	—	0.00	Feb 14, 2024	Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.
CVE-2024-0007	Paloaltonetworks Pan Os	—	0.01	Feb 14, 2024	A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator.
CVE-2023-6793	Paloaltonetworks Pan Os	—	0.00	Dec 13, 2023	An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.
CVE-2023-6791	Paloaltonetworks Pan Os	—	0.00	Dec 13, 2023	A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.
CVE-2023-6789	Paloaltonetworks Pan Os	—	0.00	Dec 13, 2023	A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.
CVE-2023-6795	Paloaltonetworks Pan Os	—	0.00	Dec 13, 2023	An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
CVE-2023-6794	Paloaltonetworks Pan Os	—	0.00	Dec 13, 2023	An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
CVE-2023-6792	Paloaltonetworks Pan Os	—	0.00	Dec 13, 2023	An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
CVE-2023-6790	Paloaltonetworks Pan Os	—	0.00	Dec 13, 2023	A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface.
CVE-2023-38046	Paloaltonetworks Pan Os	—	0.00	Jul 12, 2023	A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.
CVE-2023-0010	Paloaltonetworks Pan Os	—	0.01	Jun 14, 2023	A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link.
CVE-2023-0008	Paloaltonetworks Pan Os	—	0.00	May 10, 2023	A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.
CVE-2023-0007	Paloaltonetworks Pan Os	—	0.01	May 10, 2023	A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed.
CVE-2023-0005	Paloaltonetworks Pan Os	—	0.00	Apr 12, 2023	A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys.

CVE-2024-3383Apr 10, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.
CVE-2024-3382Apr 10, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.
CVE-2024-2433Mar 13, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. This issue affects only the web interface of the management plane; the dataplane is unaffected.
CVE-2024-0011Feb 14, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.01
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.
CVE-2024-0010Feb 14, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.04
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.
CVE-2024-0009Feb 14, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.
CVE-2024-0008Feb 14, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.
CVE-2024-0007Feb 14, 2024
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator.
CVE-2023-6793Dec 13, 2023
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.
CVE-2023-6791Dec 13, 2023
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.
CVE-2023-6789Dec 13, 2023
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.
CVE-2023-6795Dec 13, 2023
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
CVE-2023-6794Dec 13, 2023
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
CVE-2023-6792Dec 13, 2023
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
CVE-2023-6790Dec 13, 2023
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface.
CVE-2023-38046Jul 12, 2023
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.
CVE-2023-0010Jun 14, 2023
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.01
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link.
CVE-2023-0008May 10, 2023
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.
CVE-2023-0007May 10, 2023
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed.
CVE-2023-0005Apr 12, 2023
Paloaltonetworks
Pan Os
risk 0.00cvss —epss 0.00
A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys.

Page 3 of 4