Paloalto Cloud Ngfw vulnerabilities

CVE-2025-0130 [HIGH] CWE-754 PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot.

CVE-2024-9468 [HIGH] CWE-787 PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode. Affecte

CVE-2024-9471 [MEDIUM] CWE-269 PAN-OS: Privilege Escalation (PE) Vulnerability in XML API PAN-OS: Privilege Escalation (PE) Vulnerability in XML API A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator beyond what the XML API permits. Affected products: Cloud NGFW, PAN-OS, Prisma Access

CVE-2024-47076 [HIGH] CWE-78 Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products The Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-47076, CVE-2024-47177, CVE-2024-47175, and CVE-2024-47176 in the Common UNIX Printing System (CUPS) as they relate to our products. Based on current information, Palo Alto Networks products and cloud services do not contain affecte

CVE-2024-8686 [HIGH] CWE-78 PAN-OS: Command Injection Vulnerability PAN-OS: Command Injection Vulnerability A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall. Affected products: Cloud NGFW, PAN-OS, Prisma Access Solution: This issue is fixed in PAN-OS 11.2.3 and all later PAN-OS versions. Workaround: TBD

CVE-2024-8688 [MEDIUM] CWE-155 PAN-OS: Arbitrary File Read Vulnerability in the Command Line Interface (CLI) PAN-OS: Arbitrary File Read Vulnerability in the Command Line Interface (CLI) An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall. Affected products: Cloud NGFW, PAN-OS, Prisma A

CVE-2024-8691 [MEDIUM] CWE-863 PAN-OS: User Impersonation in GlobalProtect Portal PAN-OS: User Impersonation in GlobalProtect Portal A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonat

CVE-2024-8687 [MEDIUM] CWE-497 PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if t

CVE-2024-5535 [CRITICAL] Informational Bulletin: Impact of OpenSSL Vulnerabilities CVE-2024-5535 and CVE-2024-6119 Informational Bulletin: Impact of OpenSSL Vulnerabilities CVE-2024-5535 and CVE-2024-6119 The Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-5535 and CVE-2024-6119 as they relate to our products. PAN-OS, Cloud NGFW, Prisma Access, and Cortex XDR Agent are not affected by CVE-2024-5535 or CVE-2024-6119. At present, no other Palo Alto Networks products ar

CVE-2024-5916 [MEDIUM] CWE-313 PAN-OS: Cleartext Exposure of External System Secrets PAN-OS: Cleartext Exposure of External System Secrets An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems. Affected products: Cloud NGFW, PAN-OS, Prisma

CVE-2024-3596 [CRITICAL] CWE-290 PAN-OS: CHAP and PAP When Used with RADIUS Authentication Lead to Privilege Escalation PAN-OS: CHAP and PAP When Used with RADIUS Authentication Lead to Privilege Escalation This vulnerability allows an attacker performing a meddler-in-the-middle attack between Palo Alto Networks PAN-OS firewall and a RADIUS server to bypass authentication and escalate privileges to ‘superuser’ when RADIUS authentication is in use and either CHAP or PAP is selected in the RADIUS

CVE-2024-5911 [HIGH] CWE-434 PAN-OS: File Upload Vulnerability in the Panorama Web Interface PAN-OS: File Upload Vulnerability in the Panorama Web Interface An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which requires manual intervention to bring the Panora

CVE-2024-5913 [MEDIUM] CWE-20 PAN-OS: Improper Input Validation Vulnerability in PAN-OS PAN-OS: Improper Input Validation Vulnerability in PAN-OS An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges. Affected products: Cloud NGFW, PAN-OS, Prisma Access Solution: This issue is fixed in PAN-OS 10.1.14-h2, PAN-OS 10.2.10, PAN-OS 11.0.5, PAN-OS 11.1.4, PAN-OS 11.2.1, and

CVE-2024-6387 [HIGH] CWE-364 Informational Bulletin: Impact of OpenSSH regreSSHion Vulnerability Informational Bulletin: Impact of OpenSSH regreSSHion Vulnerability The Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-6387, known as "regreSSHion", as it relates to our products. The SSH features in PAN-OS are not affected by CVE-2024-6387. At present, no other Palo Alto Networks products are known to contain the vulnerable software packages and be impacted by these iss

CVE-2024-3661 [HIGH] CWE-306 Impact of TunnelVision Vulnerability Impact of TunnelVision Vulnerability The Palo Alto Networks Product Security Assurance team has evaluated the TunnelVision vulnerability as it relates to our products. This issue allows an attacker with the ability to send DHCP messages on the same local area network, such as a rogue Wi-Fi network, to leak traffic outside of the GlobalProtect tunnel, allowing the attacker to read, disrupt, or possibly modify network traffic that

CVE-2024-3400 [CRITICAL] CWE-20 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root p

CVE-2024-3383 [CRITICAL] CWE-282 PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE) PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE) A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your

CVE-2024-3382 [HIGH] CWE-770 PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabl

CVE-2024-3385 [HIGH] CWE-20 PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: -

CVE-2024-3384 [HIGH] CWE-1286 PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back onl