Palo Alto Networks PAN-OS vulnerabilities

CVE-2024-8691 [MEDIUM] CWE-863 CVE-2024-8691: A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a maliciou A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that t

CVE-2024-8687 [MEDIUM] CWE-497 CVE-2024-8687: An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a Gl An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the Glob

CVE-2024-8688 [MEDIUM] CWE-155 CVE-2024-8688: An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS comman An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall.

CVE-2024-5916 [MEDIUM] CWE-313 CVE-2024-5916: An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system a An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems.

CVE-2024-5911 [HIGH] CWE-434 CVE-2024-5911: An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authentica An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which requires manual intervention to bring the Panorama back onlin

CVE-2024-5913 [MEDIUM] CWE-20 CVE-2024-5913: An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.

CVE-2024-3400 [CRITICAL] CWE-20 CVE-2024-3400: A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect featur A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma

CVE-2024-3383 [CRITICAL] CWE-282 CVE-2024-3383: A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identit A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.

CVE-2024-3384 [HIGH] CWE-1286 CVE-2024-3384: A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS fir A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.

CVE-2024-3382 [HIGH] CWE-770 CVE-2024-3382: A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.

CVE-2024-3385 [HIGH] CWE-20 CVE-2024-3385: A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reb A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: - PA-5400 Series firewalls -

CVE-2024-3388 [MEDIUM] CWE-269 CVE-2024-3388: A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authen A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.

CVE-2024-3386 [MEDIUM] CWE-436 CVE-2024-3386: An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefin An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.

CVE-2024-3387 [MEDIUM] CWE-326 CVE-2024-3387: A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an atta A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sens

CVE-2024-2433 [LOW] CWE-269 CVE-2024-2433: An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authentic An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. T

CVE-2024-0008 [HIGH] CWE-613 CVE-2024-0008: Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in cert Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.

CVE-2024-0007 [MEDIUM] CWE-79 CVE-2024-0007: A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator.

CVE-2024-0009 [MEDIUM] CWE-940 CVE-2024-0009: An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PA An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.

CVE-2024-0010 [MEDIUM] CWE-79 CVE-2024-0010: A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alt A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.

CVE-2024-0011 [MEDIUM] CWE-79 CVE-2024-0011: A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Netw A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.