Palo Alto Networks Palo Alto Networks

  1. Vendors
  2. Palo Alto Networks

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Palo Alto Networks product.

RSS Feeds for Palo Alto Networks security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Palo Alto Networks products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Palo Alto Networks Sorted by Most Security Vulnerabilities since 2018

Palo Alto Networks PAN-OS156 vulnerabilities
PAN-OS is the software that runs all Palo Alto Networks next-generation firewalls.

Palo Alto Networks Globalprotect30 vulnerabilities

Palo Alto Networks Expedition14 vulnerabilities

Palo Alto Networks Cortex Xdr Agent7 vulnerabilities

Palo Alto Networks Cortex Xsoar7 vulnerabilities

Palo Alto Networks Prisma Access6 vulnerabilities

Palo Alto Networks Prisma Cloud4 vulnerabilities

Palo Alto Networks Expedition Migration Tool3 vulnerabilities

Palo Alto Networks Prisma Browser3 vulnerabilities

Palo Alto Networks Terminal Services Agent3 vulnerabilities

Palo Alto Networks Bridgecrew Checkov2 vulnerabilities

Palo Alto Networks Traps2 vulnerabilities

Palo Alto Networks Vm Series1 vulnerability

Palo Alto Networks Twistlock1 vulnerability

Palo Alto Networks Minemeld1 vulnerability

Palo Alto Networks Demisto1 vulnerability

Palo Alto Networks Cortex Xsoar Commonscripts1 vulnerability

By the Year

In 2025 there have been 30 vulnerabilities in Palo Alto Networks with an average score of 6.1 out of ten. Last year, in 2024 Palo Alto Networks had 49 security vulnerabilities published. Right now, Palo Alto Networks is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 0.45




Year Vulnerabilities Average Score
2025 30 6.12
2024 49 6.57
2023 15 5.39
2022 9 6.47
2021 30 6.56
2020 61 6.83
2019 23 6.61
2018 11 6.20

It may take a day or so for new Palo Alto Networks vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Palo Alto Networks Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-4618 Nov 14, 2025
Sensitive Info Disclosure in Palo Alto Prisma Browser A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue.
Prisma Browser
CVE-2025-4617 Nov 14, 2025
Prisma Browser Windows Screenshot Bypass via Local Auth An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser. Browser self-protection should be enabled to mitigate this issue.
Prisma Browser
CVE-2025-4616 Nov 14, 2025
Palo Alto Prisma Browser: Local non-admin can bypass via input val flaw An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to revert the browsers security controls.
Prisma Browser
CVE-2025-4619 Nov 13, 2025
Palo Alto PAN-OS DoS Reboot via DataPlane Packet A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. This issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma® Access software. This issue does not affect Cloud NGFW. We have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows. Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process.
PAN-OS
Prisma Access
CVE-2025-4615 Oct 09, 2025
Authenticated Admin Bypass in PANOS Web UI CVE20254615 An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.
PAN-OS
Prisma Access
CVE-2025-4614 Oct 09, 2025
PAN-OS session token leakage allows admin impersonation (CVE20254614) An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked.   The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.
PAN-OS
CVE-2025-4234 Sep 12, 2025
Cortex XDR M365 Defender Pack logs expose user creds A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs.
CVE-2025-4235 Sep 12, 2025
Palo Alto User-ID Credential Agent: Service Account Password Disclosure An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent (Windows-based) can expose the service account password under specific non-default configurations. This allows an unprivileged Domain User to escalate privileges by exploiting the accounts permissions. The impact varies by configuration: * Minimally Privileged Accounts: Enable disruption of User-ID Credential Agent operations (e.g., uninstalling or disabling the agent service), weakening network security policies that leverage Credential Phishing Prevention https://docs.paloaltonetworks.com/advanced-url-filtering/administration/url-filtering-features/credential-phishing-prevention under a Domain Credential Filter https://docs.paloaltonetworks.com/advanced-url-filtering/administration/url-filtering-features/credential-phishing-prevention/methods-to-check-for-corporate-credential-submissions configuration. * Elevated Accounts (Server Operator, Domain Join, Legacy Features): Permit increased impacts, including server control (e.g., shutdown/restart), domain manipulation (e.g., rogue computer objects), and network compromise via reconnaissance or client probing.
CVE-2025-2183 Aug 13, 2025
GlobalProtect Insufficient Cert Validation Enables Malicious Software An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.
Globalprotect
CVE-2025-2182 Aug 13, 2025
PAN-OS MACsec CAK Disclosure in PA-7500 NGFW Clusters A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is no impact in non-clustered firewalls or clusters of firewalls that do not enable MACsec.
PAN-OS
CVE-2025-2179 Jul 29, 2025
Local Privilege Escalation: GlobalProtect App Linux Can Disable App An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect App on Linux devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on Windows, macOS, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
Globalprotect
CVE-2025-0140 Jul 09, 2025
Privilege Abuse Allows Non-Admin to Disable Palo Alto GlobalProtect on macOS An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
Globalprotect
CVE-2025-4227 Jun 13, 2025
Palo Alto GP Improper Access Control in Endpoint Traffic Policy Enforcement An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect app allows certain packets to remain unencrypted instead of being properly secured within the tunnel. An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute.
Globalprotect
CVE-2025-4232 Jun 13, 2025
Palo Alto GlobalProtect: Wildcard Escalation in Log Collection An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect app on macOS allows a non administrative user to escalate their privileges to root.
Globalprotect
CVE-2025-0135 May 14, 2025
MacOS Priv. Escalation: GlobalProtect App Privilege Misassignment An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
Globalprotect
CVE-2025-0137 May 14, 2025
PAN-OS Improper Input Neutralization in Mgt Web UI Enables Admin Impersonation An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
PAN-OS
CVE-2025-0133 May 14, 2025
XSS in GlobalProtect Gateway/Portal (PAN-OS) – Phishing Risk to Authenticated Users A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credential theftparticularly if you enabled Clientless VPN. There is no availability impact to GlobalProtect features or GlobalProtect users. Attackers cannot use this vulnerability to tamper with or modify contents or configurations of the GlobalProtect portal or gateways. The integrity impact of this vulnerability is limited to enabling an attacker to create phishing and credential-stealing links that appear to be hosted on the GlobalProtect portal. For GlobalProtect users with Clientless VPN enabled, there is a limited impact on confidentiality due to inherent risks of Clientless VPN that facilitate credential theft. You can read more about this risk in the informational bulletin PAN-SA-2025-0005 https://security.paloaltonetworks.com/PAN-SA-2025-0005 https://security.paloaltonetworks.com/PAN-SA-2025-0005 . There is no impact to confidentiality for GlobalProtect users if you did not enable (or you disable) Clientless VPN.
Globalprotect
CVE-2025-0123 Apr 11, 2025
PAN-OS Packet Capture Allows Unlicensed View of Clear-Text HTTP/2 (Up to 11.0) A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted. In normal conditions, decrypted packet captures are available to firewall administrators after they obtain and install a free Decryption Port Mirror license. The license requirement ensures that this feature can only be used after approved personnel purposefully activate the license. For more information, review how to configure decryption port mirroring https://docs.paloaltonetworks.com/network-security/decryption/administration/monitoring-decryption/configure-decryption-port-mirroring . The administrator must obtain network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. Risk of this issue can be greatly reduced by restricting access to the management interface to only trusted administrators and from only internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . Customer firewall administrators do not have access to the packet capture feature in Cloud NGFW. This feature is available only to authorized Palo Alto Networks personnel permitted to perform troubleshooting. Prisma® Access is not impacted by this vulnerability.
PAN-OS
CVE-2025-0120 Apr 11, 2025
Palo Alto Networks GlobalProtect Win PrivEsc via Race Condition A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.
Globalprotect
CVE-2025-0125 Apr 11, 2025
Palo Alto PAN-OS Auth Admin Impersonation via Web UI An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW and all Prisma® Access instances.
PAN-OS
CVE-2025-0127 Apr 11, 2025
PAN-OS VM-Series Cmd Injection: Auth Admin Bypasses to Root A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed. Cloud NGFW and Prisma® Access are not affected by this vulnerability.
PAN-OS
CVE-2025-0118 Mar 12, 2025
Palo Alto GlobalProtect Win: Authenticated Remote XSS Allows RCE via ActiveX A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate to a malicious page during the GlobalProtect SAML login process on a Windows device. This issue does not apply to the GlobalProtect app on other (non-Windows) platforms.
Globalprotect
CVE-2025-0115 Mar 12, 2025
Palo Alto PAN-OS: Authenticated Admin File Read via CLI A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. You can greatly reduce the risk of this issue by restricting access to the management interface to only trusted users and internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access.
PAN-OS
CVE-2025-0116 Mar 12, 2025
Palo Alto PAN-OS LLDP DoS Reboot via Unauth Adjacent Attacker A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this condition causes the firewall to enter maintenance mode. This issue does not apply to Cloud NGFWs or Prisma Access software.
PAN-OS
CVE-2025-0110 Feb 12, 2025
Palo Alto PAN-OS OpenConfig Plugin Command Injection (CVE-2025-0110) A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface to bypass system restrictions and run arbitrary commands. The commands are run as the __openconfig user (which has the Device Administrator role) on the firewall. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
PAN-OS
CVE-2025-0108 Feb 12, 2025
PAN-OS Auth Bypass: Unauth Access to Mgmt Web Interface PHP Scripts An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.
PAN-OS
CVE-2025-0111 Feb 12, 2025
PAN-OS Authenticated Web Interface File-Read Exploit An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the nobody user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.
PAN-OS
CVE-2025-0107 Jan 11, 2025
Palo Alto Networks Expedition: OS Command Injection Exposes Credentials An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.
Expedition
CVE-2025-0105 Jan 11, 2025
Palo Alto Expedition: Unauth Deletion of www-data Files (CVE-2025-0105) An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.
Expedition
CVE-2025-0103 Jan 11, 2025
Palo Alto Networks Expedition SQLi Exposes DB Hashes & API Keys An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system.
Expedition
CVE-2024-3393 Dec 27, 2024
Palo Alto Networks PAN-OS DNS Security Denial of Service Vulnerability A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
PAN-OS
CVE-2024-5921 Nov 27, 2024
Palo Alto Networks GlobalProtect App Insufficient Certificate Validation Vulnerability An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories.
Globalprotect
CVE-2024-0012 Nov 18, 2024
Auth Bypass PAN-OS 10.211.2 via Web UI: Gain Admin Privileges An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
PAN-OS
CVE-2024-9474 Nov 18, 2024
PANOS Privilege Escalation via MGT Interface Grants Root Access A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
PAN-OS
CVE-2024-9472 Nov 14, 2024
PAN-OS DoS via Null Pointer on PA-* Series (10.2.7-H12 .. 11.2.2-H1) A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode. Palo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected. This issue only affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series running these specific versions of PAN-OS: * 10.2.7-h12 * 10.2.8-h10 * 10.2.9-h9 * 10.2.9-h11 * 10.2.10-h2 * 10.2.10-h3 * 10.2.11 * 10.2.11-h1 * 10.2.11-h2 * 10.2.11-h3 * 11.1.2-h9 * 11.1.2-h12 * 11.1.3-h2 * 11.1.3-h4 * 11.1.3-h6 * 11.2.2 * 11.2.2-h1
PAN-OS
CVE-2024-2550 Nov 14, 2024
PAN-OS GlobalProtect Null Pointer Deref DoS A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.
PAN-OS
CVE-2024-2551 Nov 14, 2024
PAN-OS Core Service DoS via Null Pointer Deref A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.
PAN-OS
CVE-2024-2552 Nov 14, 2024
Pan-OS Auth Admin CmdInject Allows File Deletion A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.
PAN-OS
CVE-2024-5917 Nov 14, 2024
PAN-OS SSRF via Admin Web Interface Proxy Attack A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible.
PAN-OS
CVE-2024-5919 Nov 14, 2024
Palo Alto PAN-OS Blind XXE Exfiltration Vulnerability A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.
PAN-OS
CVE-2024-5920 Nov 14, 2024
XSS in PAN-OS Panorama Admin Push Enables Admin Impersonation A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator's browser.
PAN-OS
CVE-2024-9468 Oct 09, 2024
PAN-OS Data Plane Memory Corruption Causing DoS A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.
PAN-OS
CVE-2024-9469 Oct 09, 2024
Cortex XDR Agent: Non-Admin Can Disable via Detection Bypass A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
Cortex Xdr Agent
CVE-2024-9473 Oct 09, 2024
Local Auth Priv Esc via GlobalProtect MSI Repair on Windows A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect.
Globalprotect
CVE-2024-9471 Oct 09, 2024
Privilege Escalation (PE) via PAN-OS XML API A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should be limited to read-only operations.
PAN-OS
CVE-2024-9463 Oct 09, 2024
OS cmd injection in Palo Alto Expedition runs as root An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
Expedition
CVE-2024-9465 Oct 09, 2024
SQLi in Palo Alto Expedition DB leaks credentials & files An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.
Expedition
CVE-2024-9464 Oct 09, 2024
OS Cmd Injection in Palo Alto Expedition Enables Root Execution An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
Expedition
CVE-2024-9467 Oct 09, 2024
Authenticated XSS in Palo Alto Expedition Web UI leads to session theft A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.
Expedition
CVE-2024-9466 Oct 09, 2024
Cleartext Storage of Sensitive Credentials in Palo Alto Networks Expedition A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.
Expedition
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.