Palo Alto Networks Prisma Access vulnerabilities
14 known vulnerabilities affecting palo_alto_networks/prisma_access.
Total CVEs
14
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH6MEDIUM6LOW2
Vulnerabilities
Page 1 of 1
CVE-2026-0228LOWCVSS 1.3≥ 10.2.0, < 10.2.10-h282026-02-11
CVE-2026-0228 [LOW] CWE-295 CVE-2026-0228: An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server A
An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.
cvelistv5nvd
CVE-2026-0227MEDIUMCVSS 6.6≥ 11.2, < 11.2.7-h8≥ 10.2, < 10.2.10-h29, 10.2.4-h432026-01-15
CVE-2026-0227 [MEDIUM] CWE-754 CVE-2026-0227: A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a
A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.
cvelistv5nvd
CVE-2025-4619MEDIUMCVSS 6.6≥ 10.2.0, < 10.2.10-h142025-11-13
CVE-2025-4619 [MEDIUM] CWE-754 CVE-2025-4619: A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthentic
A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.
This issue is applicable to the PAN-OS software versions listed below
cvelistv5nvd
CVE-2025-0133LOWCVSS 2.7PoCvAll2025-05-14
CVE-2025-0133 [LOW] CWE-79 CVE-2025-0133: A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal featur
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credentia
cvelistv5nvd
CVE-2025-0126HIGHCVSS 8.3≥ 10.2.0, < 10.2.4-h36≥ 11.2.0, < 11.2.4-h52025-04-11
CVE-2025-0126 [HIGH] CWE-384 CVE-2025-0126: When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker.
The SAML login for the PAN-OS® management interface is not
cvelistv5nvd
CVE-2025-0128HIGHCVSS 8.7≥ 10.2.0, < 10.2.4-h36≥ 11.2.0, < 11.2.4-h52025-04-11
CVE-2025-0128 [HIGH] CWE-754 CVE-2025-0128: A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authent
A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.
Cloud NGFW is
cvelistv5nvd
CVE-2024-8687MEDIUMCVSS 6.9≥ 10.2.0, < 10.2.9 on PAN-OS2024-09-11
CVE-2024-8687 [MEDIUM] CWE-497 CVE-2024-8687: An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a Gl
An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the Glob
cvelistv5nvd
CVE-2024-5913MEDIUMCVSS 6.8vNone2024-07-10
CVE-2024-5913 [MEDIUM] CWE-20 CVE-2024-5913: An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker
An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.
cvelistv5nvd
CVE-2024-3388MEDIUMCVSS 5.0≥ 10.2, < 10.2.42024-04-10
CVE-2024-3388 [MEDIUM] CWE-269 CVE-2024-3388: A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authen
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.
cvelistv5nvd
CVE-2022-0011MEDIUMCVSS 6.5v2.2 Preferredv2.1 Preferred, Innovation2022-02-10
CVE-2022-0011 [MEDIUM] CWE-436 CVE-2022-0011: PAN-OS software provides options to exclude specific websites from URL category enforcement and thos
PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile. When the entries in these
cvelistv5nvd
CVE-2021-3059HIGHCVSS 8.1v2.1 Innovationv2.1 Preferred2021-11-10
CVE-2021-3059 [HIGH] CWE-78 CVE-2021-3059: An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists w
An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS
cvelistv5nvd
CVE-2021-3056HIGHCVSS 8.8v2.1 Preferred2021-11-10
CVE-2021-3056 [HIGH] CWE-120 CVE-2021-3056: A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables
A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than P
cvelistv5nvd
CVE-2021-3061HIGHCVSS 7.2v2.1 Preferredv2.1 Innovation2021-11-10
CVE-2021-3061 [HIGH] CWE-78 CVE-2021-3061: An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI)
An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versi
cvelistv5nvd
CVE-2021-3060HIGHCVSS 8.1v2.1 Preferredv2.1 Innovation2021-11-10
CVE-2021-3060 [HIGH] CWE-78 CVE-2021-3060: An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature o
An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit t
cvelistv5nvd