cbcvebase.

Palo Alto Networks PAN-OS vulnerabilities

170 known vulnerabilities affecting palo_alto_networks/pan-os.

Total CVEs
170
CISA KEV
10
actively exploited
Public exploits
9
Exploited in wild
11
Severity breakdown
CRITICAL14HIGH70MEDIUM73LOW13

Vulnerabilities

Page 1 of 9
CVE-2024-3400P1CRITICALCVSS 10.0KEVPoCRansomware≥ 10.2.0, < 10.2.9-h1≥ 11.0.0, < 11.0.4-h1+1 more2024-04-12
CVE-2024-3400 [CRITICAL] CWE-20 CVE-2024-3400: A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect featur A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma
nvd
CVE-2024-0012P1CRITICALCVSS 9.8KEVPoCRansomware≥ 11.2.0, < 11.2.4-h1≥ 11.1.0, < 11.1.5-h1+2 more2024-11-18
CVE-2024-0012 [CRITICAL] CWE-306 CVE-2024-0012: An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker w An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https:/
nvd
CVE-2025-0108P1CRITICALCVSS 9.1KEVPoC≥ 10.1.0, < 10.1.14-h9≥ 10.2.0, < 10.2.7-h24+2 more2025-02-12
CVE-2025-0108 [CRITICAL] CWE-306 CVE-2025-0108: An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attack An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it ca
nvd
CVE-2026-0257P1CRITICALCVSS 9.1KEVPoC≥ 12.1.0, < 12.1.7, 12.1.4-h6≥ 11.2.0, < 11.2.12, 11.2.10-h7, 11.2.7-h14, 11.2.4-h17+2 more2026-05-13
CVE-2026-0257 [CRITICAL] CWE-565 CVE-2026-0257: Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.
nvd
CVE-2024-9474P1HIGHCVSS 7.2KEVPoCRansomware≥ 11.2.0, < 11.2.4-h1≥ 11.1.0, < 11.1.5-h1+3 more2024-11-18
CVE-2024-9474 [HIGH] CWE-78 CVE-2024-9474: A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administr A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
nvd
CVE-2026-0300P1CRITICALCVSS 9.8KEVRansomware≥ 12.1.0, < 12.1.7≥ 11.2.0, < 11.2.12+2 more2026-05-06
CVE-2026-0300 [CRITICAL] CWE-787 CVE-2026-0300: A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service o A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you sec
nvd
CVE-2024-3393P1HIGHCVSS 7.5KEVPoC≥ 11.2.0, < 11.2.3≥ 11.1.0, < 11.1.2-h16+2 more2024-12-27
CVE-2024-3393 [HIGH] CWE-754 CVE-2024-3393: A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
nvd
CVE-2020-2021P1CRITICALCVSS 10.0KEVRansomwarev8.0.*≥ 8.1, < 8.1.15+2 more2020-06-29
CVE-2020-2021 [CRITICAL] CWE-347 CVE-2020-2021: When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulner
nvd
CVE-2025-0111P1MEDIUMCVSS 6.5KEV≥ 10.1.0, < 10.1.14-h9≥ 10.2.0, < 10.2.7-h24+2 more2025-02-12
CVE-2025-0111 [MEDIUM] CWE-73 CVE-2025-0111: An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authen An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to on
nvd
CVE-2022-0028P2HIGHCVSS 8.6KEV≥ 8.1, < 8.1.23-h1≥ 9.0, < 9.0.16-h3+4 more2022-08-10
CVE-2022-0028 [HIGH] CWE-406 CVE-2022-0028: A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct refle A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target. To be misused by
nvd
CVE-2020-2034P1HIGHCVSS 8.1Exploitedv8.0.*v7.1.*+3 more2020-07-08
CVE-2020-2034 [HIGH] CWE-78 CVE-2020-2034: An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated n An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtect portal feature is not enabled. This issue impacts PAN-O
nvd
CVE-2020-2038P2HIGHCVSS 7.2PoC≥ 10.0, < 10.0.1≥ 9.0, < 9.0.10+1 more2020-09-09
CVE-2020-2038 [HIGH] CWE-78 CVE-2020-2038: An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated a An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1.
nvd
CVE-2020-2036P2HIGHCVSS 8.8PoC≥ 9.0, < 9.0.9≥ 8.1, < 8.1.162020-09-09
CVE-2020-2036 [HIGH] CWE-79 CVE-2020-2036: A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrato
nvd
CVE-2021-3064P2CRITICALCVSS 9.8≥ 8.1, < 8.1.172021-11-10
CVE-2021-3064 [CRITICAL] CWE-121 CVE-2021-3064: A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway inte A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This iss
nvd
CVE-2021-3060P2HIGHCVSS 8.1≥ 8.1, < 8.1.20-h1≥ 9.0, < 9.0.14-h3+3 more2021-11-10
CVE-2021-3060 [HIGH] CWE-78 CVE-2021-3060: An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature o An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit t
nvd
CVE-2019-1581P2CRITICALCVSS 9.8≥ 7.1, < 7.1.24-h1, 7.1.25≥ 8.0, < 8.0.19-h1, 8.0.20+2 more2019-08-23
CVE-2019-1581 [CRITICAL] CWE-78 CVE-2019-1581: A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25; 8.0 versions prior to 8.0.19-h1, 8.0.20; 8.1 versions prior to 8.1.9-h4,
nvd
CVE-2020-2040P2CRITICALCVSS 9.8v8.0.*≥ 9.0, < 9.0.9+2 more2020-09-09
CVE-2020-2040 [CRITICAL] CWE-120 CVE-2020-2040: A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system proce A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1
nvd
CVE-2019-17440P2CRITICALCVSS 9.8≥ 9.0, < 9.0.5-h32019-12-20
CVE-2019-17440 [CRITICAL] CWE-923 CVE-2019-17440: Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with s Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and confi
nvd
CVE-2025-0133P3LOWCVSS 2.7PoC≥ 11.2.0, < 11.2.7≥ 11.1.0, < 11.1.6-h14+2 more2025-05-14
CVE-2025-0133 [LOW] CWE-79 CVE-2025-0133: A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal featur A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credentia
nvd
CVE-2020-2018P2CRITICALCVSS 9.0v8.0.*≥ 7.1, < 7.1.26+2 more2020-05-13
CVE-2020-2018 [CRITICAL] CWE-287 CVE-2020-2018: An authentication bypass vulnerability in the Panorama context switching feature allows an attacker An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. An attacker requires some knowledge of managed firewalls to exploit this issue. This issue does not affect Panorama configured with custom certific
nvd
Palo Alto Networks PAN-OS vulnerabilities | cvebase