Cloud NGFW
CVEs (62)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-3383 | 0.00 | — | 0.01 | Apr 10, 2024 | A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to… | |||
| CVE-2024-3382 | 0.00 | — | 0.01 | Apr 10, 2024 | A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS… | |||
| CVE-2024-2433 | 0.00 | — | 0.01 | Mar 13, 2024 | An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log… | |||
| CVE-2024-0011 | 0.00 | — | 0.00 | Feb 14, 2024 | A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing… | |||
| CVE-2024-0010 | 0.00 | — | 0.01 | Feb 14, 2024 | A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that… | |||
| CVE-2024-0009 | 0.00 | — | 0.00 | Feb 14, 2024 | An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address. | |||
| CVE-2024-0008 | 0.00 | — | 0.01 | Feb 14, 2024 | Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. | |||
| CVE-2024-0007 | 0.00 | — | 0.00 | Feb 14, 2024 | A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated… | |||
| CVE-2023-6793 | 0.00 | — | 0.01 | Dec 13, 2023 | An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage. | |||
| CVE-2023-6791 | 0.00 | — | 0.01 | Dec 13, 2023 | A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface. | |||
| CVE-2023-6789 | 0.00 | — | 0.00 | Dec 13, 2023 | A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload… | |||
| CVE-2023-6795 | 0.00 | — | 0.01 | Dec 13, 2023 | An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. | |||
| CVE-2023-6794 | 0.00 | — | 0.01 | Dec 13, 2023 | An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. | |||
| CVE-2023-6792 | 0.00 | — | 0.01 | Dec 13, 2023 | An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. | |||
| CVE-2023-6790 | 0.00 | — | 0.01 | Dec 13, 2023 | A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface. | |||
| CVE-2023-38046 | 0.00 | — | 0.00 | Jul 12, 2023 | A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system. | |||
| CVE-2023-0010 | 0.00 | — | 0.00 | Jun 14, 2023 | A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted… | |||
| CVE-2023-0008 | 0.00 | — | 0.01 | May 10, 2023 | A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition. | |||
| CVE-2023-0007 | 0.00 | — | 0.00 | May 10, 2023 | A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when… | |||
| CVE-2023-0005 | 0.00 | — | 0.00 | Apr 12, 2023 | A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys. |
- CVE-2024-3383Apr 10, 2024risk 0.00cvss —epss 0.01
A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to…
- CVE-2024-3382Apr 10, 2024risk 0.00cvss —epss 0.01
A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS…
- CVE-2024-2433Mar 13, 2024risk 0.00cvss —epss 0.01
An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log…
- CVE-2024-0011Feb 14, 2024risk 0.00cvss —epss 0.00
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing…
- CVE-2024-0010Feb 14, 2024risk 0.00cvss —epss 0.01
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that…
- CVE-2024-0009Feb 14, 2024risk 0.00cvss —epss 0.00
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.
- CVE-2024-0008Feb 14, 2024risk 0.00cvss —epss 0.01
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.
- CVE-2024-0007Feb 14, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated…
- CVE-2023-6793Dec 13, 2023risk 0.00cvss —epss 0.01
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.
- CVE-2023-6791Dec 13, 2023risk 0.00cvss —epss 0.01
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.
- CVE-2023-6789Dec 13, 2023risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload…
- CVE-2023-6795Dec 13, 2023risk 0.00cvss —epss 0.01
An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
- CVE-2023-6794Dec 13, 2023risk 0.00cvss —epss 0.01
An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
- CVE-2023-6792Dec 13, 2023risk 0.00cvss —epss 0.01
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
- CVE-2023-6790Dec 13, 2023risk 0.00cvss —epss 0.01
A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface.
- CVE-2023-38046Jul 12, 2023risk 0.00cvss —epss 0.00
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.
- CVE-2023-0010Jun 14, 2023risk 0.00cvss —epss 0.00
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted…
- CVE-2023-0008May 10, 2023risk 0.00cvss —epss 0.01
A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.
- CVE-2023-0007May 10, 2023risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when…
- CVE-2023-0005Apr 12, 2023risk 0.00cvss —epss 0.00
A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys.
Page 3 of 4