cbcvebase.

Palo Alto Networks PAN-OS vulnerabilities

170 known vulnerabilities affecting palo_alto_networks/pan-os.

Total CVEs
170
CISA KEV
10
actively exploited
Public exploits
9
Exploited in wild
11
Severity breakdown
CRITICAL14HIGH70MEDIUM73LOW13

Vulnerabilities

Page 9 of 9
CVE-2021-3047P4LOWCVSS 3.1≥ 8.1, < 8.1.19≥ 9.0, < 9.0.14+2 more2021-08-11
CVE-2021-3047 [LOW] CWE-338 CVE-2021-3047: A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to impersonate another authenticated web interface administrator's
nvd
CVE-2020-2044P4LOWCVSS 3.3v8.0.*≥ 8.1, < 8.1.16+2 more2020-09-09
CVE-2020-2044 [LOW] CWE-532 CVE-2020-2044: An information exposure through log file vulnerability where an administrator's password or other se An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command (op-command) usage but did not mask all sensitive information. The opcmdhistory.
nvd
CVE-2020-2043P4LOWCVSS 3.3≥ 8.1, < 8.1.16≥ 9.0, < 9.0.10+1 more2020-09-09
CVE-2020-2043 [LOW] CWE-532 CVE-2020-2043: An information exposure through log file vulnerability where sensitive fields are recorded in the co An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple times in one log entry. The first instance of the sensitive fi
nvd
CVE-2020-2048P4LOWCVSS 3.3≥ 8.1, < 8.1.17≥ 9.0, < 9.0.11+1 more2020-11-12
CVE-2020-2048 [LOW] CWE-532 CVE-2020-2048: An information exposure through log file vulnerability exists where the password for the configured An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1
nvd
CVE-2026-0266P4LOWCVSS 1.1≥ 12.1.0, < 12.1.5≥ 11.2.0, < 11.2.11+2 more2026-06-10
CVE-2026-0266 [LOW] CWE-79 CVE-2026-0266: A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a maliciou A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma® Access are not affected by
nvd
CVE-2020-2035P4LOWCVSS 3.0v8.1.*v9.0.*+3 more2020-08-12
CVE-2020-2035 [LOW] CWE-20 CVE-2020-2035: When SSL/TLS Forward Proxy Decryption mode has been configured to decrypt the web transactions, the When SSL/TLS Forward Proxy Decryption mode has been configured to decrypt the web transactions, the PAN-OS URL filtering feature inspects the HTTP Host and URL path headers for policy enforcement on the decrypted HTTPS web transactions but does not consider Server Name Indication (SNI) field within the TLS Client Hello handshake. This allows a compromised
nvd
CVE-2024-2433P4LOWCVSS 2.7≥ 9.0, < 9.0.17-h4≥ 9.1, < 9.1.17+3 more2024-03-13
CVE-2024-2433 [LOW] CWE-269 CVE-2024-2433: An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authentic An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. T
nvd
CVE-2023-6793P4LOWCVSS 2.7≥ 9.0, < 9.0.17-h4≥ 9.1, < 9.1.17+4 more2023-12-13
CVE-2023-6793 [LOW] CWE-269 CVE-2023-6793: An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an auth An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.
nvd
CVE-2025-4614P4LOWCVSS 2.7≥ 11.2.0, < 11.2.8≥ 11.1.0, < 11.1.12+1 more2025-10-09
CVE-2025-4614 [LOW] CWE-497 CVE-2025-4614: An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authentica An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue is significantly minimized when CLI access is restricted t
nvd
CVE-2021-3037P4LOWCVSS 2.3≥ 8.1, < 8.1.19≥ 9.0, < 9.0.13+1 more2021-04-20
CVE-2021-3037 [LOW] CWE-534 CVE-2021-3037: An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS configuration to the destination server.
nvd
Palo Alto Networks PAN-OS vulnerabilities | cvebase