Palo Alto Networks PAN-OS vulnerabilities
170 known vulnerabilities affecting palo_alto_networks/pan-os.
Total CVEs
170
CISA KEV
10
actively exploited
Public exploits
9
Exploited in wild
11
Severity breakdown
CRITICAL14HIGH70MEDIUM73LOW13
Vulnerabilities
Page 6 of 9
CVE-2025-0115P3MEDIUMCVSS 6.8≥ 11.2.0, < 11.2.3≥ 11.1.0, < 11.1.5+3 more2025-03-12
CVE-2025-0115 [MEDIUM] CWE-41 CVE-2025-0115: A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-
A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files.
The attacker must have network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. You can greatly reduce the risk of this issue by restricting access to
nvd
CVE-2022-0011P3MEDIUMCVSS 6.5v9.0.*≥ 8.1, < 8.1.21+3 more2022-02-10
CVE-2022-0011 [MEDIUM] CWE-436 CVE-2022-0011: PAN-OS software provides options to exclude specific websites from URL category enforcement and thos
PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile. When the entries in these
nvd
CVE-2024-0009P3MEDIUMCVSS 6.3≥ 10.2, < 10.2.4≥ 11.0, < 11.0.12024-02-14
CVE-2024-0009 [MEDIUM] CWE-940 CVE-2024-0009: An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PA
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.
nvd
CVE-2023-0004P3MEDIUMCVSS 6.5≥ 8.1, < 8.1.24≥ 9.0, < 9.0.17+3 more2023-04-12
CVE-2023-0004 [MEDIUM] CWE-703 CVE-2023-0004: A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated a
A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges.
These files can include logs and system components that impact the integrity and availability of PAN-OS software.
nvd
CVE-2020-2016P4HIGHCVSS 7.0v8.0.*≥ 7.1, < 7.1.26+2 more2020-05-13
CVE-2020-2016 [HIGH] CWE-377 CVE-2020-2016: A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS
A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root use
nvd
CVE-2024-3387P4MEDIUMCVSS 5.9≥ 10.1.0, < 10.1.12≥ 10.2.0, < 10.2.7-h3+2 more2024-04-10
CVE-2024-3387 [MEDIUM] CWE-326 CVE-2024-3387: A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an atta
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sens
nvd
CVE-2023-6795P4MEDIUMCVSS 4.7≥ 8.1, < 8.1.24-h1≥ 9.0, < 9.0.17+3 more2023-12-13
CVE-2023-6795 [MEDIUM] CWE-78 CVE-2023-6795: An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated
An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
nvd
CVE-2018-10139P4MEDIUMCVSS 6.1v6.1.21 and earlierv7.1.18 and earlier+1 more2018-08-16
CVE-2018-10139 [MEDIUM] CWE-79 CVE-2018-10139: The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-O
The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected.
nvd
CVE-2021-3048P4MEDIUMCVSS 5.9≥ 9.0, < 9.0.14≥ 9.1, < 9.1.9+1 more2021-08-11
CVE-2021-3048 [MEDIUM] CWE-20 CVE-2021-3048: Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daem
Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. This condition causes subsequent commits on the firewall to fail and prevents administrators from performing commits and configuration changes even though the firewall remains otherwise functional. If the firewall then re
nvd
CVE-2022-0023P4MEDIUMCVSS 5.9≥ 8.1, < 8.1.22≥ 9.1, < 9.1.13+3 more2022-04-13
CVE-2022-0023 [MEDIUM] CWE-755 CVE-2022-0023: An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo
An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to send this request result in denial-of-service to all PA
nvd
CVE-2025-4229P4MEDIUMCVSS 6.0≥ 11.2.0, < 11.2.7≥ 11.1.0, < 11.1.10+2 more2025-06-13
CVE-2025-4229 [MEDIUM] CWE-497 CVE-2025-4229: An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software
An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall.
Cloud NGFW and Prisma® Access are not affected by this vulnerabil
nvd
CVE-2020-1999P4MEDIUMCVSS 5.3v7.1.*v8.0.*+3 more2020-11-12
CVE-2020-1999 [MEDIUM] CWE-754 CVE-2020-1999: A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that
A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets. This technique evades signature-based threat detection. This issue impacts: PAN-OS 8.1 versi
nvd
CVE-2023-6794P4MEDIUMCVSS 4.7≥ 8.1, < 8.1.26≥ 9.0, < 9.0.17-h1+1 more2023-12-13
CVE-2023-6794 [MEDIUM] CWE-434 CVE-2023-6794: An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticate
An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
nvd
CVE-2020-1997P4MEDIUMCVSS 6.1≥ 7.1, < 7.1.26≥ 8.0, < 8.0.142020-05-13
CVE-2020-1997 [MEDIUM] CWE-601 CVE-2020-1997: An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows
An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1
nvd
CVE-2024-2552P4MEDIUMCVSS 6.0≥ 11.2.0, < 11.2.4≥ 11.1.0, < 11.1.5+2 more2024-11-14
CVE-2024-2552 [MEDIUM] CWE-22 CVE-2024-2552: A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated adm
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.
nvd
CVE-2020-1996P4MEDIUMCVSS 5.3v7.1.*v8.0.*+2 more2020-05-13
CVE-2020-1996 [MEDIUM] CWE-862 CVE-2020-1996: A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a
A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log file This issue affects: All versions of PAN-OS 7.1 and 8.0
nvd
CVE-2021-3045P4MEDIUMCVSS 4.9≥ 8.1, < 8.1.19≥ 9.0, < 9.0.14+1 more2021-08-11
CVE-2021-3045 [MEDIUM] CWE-88 CVE-2021-3045: An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enable
An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10. PAN-OS 1
nvd
CVE-2026-0258P4MEDIUMCVSS 4.8≥ 12.1.0, < 12.1.7, 12.1.4-h5≥ 11.2.0, < 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17+2 more2026-05-13
CVE-2026-0258 [MEDIUM] CWE-918 CVE-2026-0258: A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks
A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition.
Panorama, Cloud NGFW and Prisma® Access are not impacted by these vulnerabilit
nvd
CVE-2025-0116P4MEDIUMCVSS 6.8≥ 11.2.0, < 11.2.5≥ 11.1.0, < 11.1.8+2 more2025-03-12
CVE-2025-0116 [MEDIUM] CWE-754 CVE-2025-0116: A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to
A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this condition causes the firewall to enter maintenance mode.
This issue does not apply to Cloud NGFWs or Pr
nvd
CVE-2020-2017P4MEDIUMCVSS 6.1v8.0.*≥ 7.1, < 7.1.26+2 more2020-05-13
CVE-2020-2017 [MEDIUM] CWE-79 CVE-2020-2017: A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfac
A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue a
nvd