Paloalto Cloud Ngfw vulnerabilities

CVE-2023-38046 [MEDIUM] CWE-610 PAN-OS: Read System Files and Resources During Configuration Commit PAN-OS: Read System Files and Resources During Configuration Commit A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system. Affected products: Cloud NGFW, PAN-OS, Prisma Access Solution: This issue is fixed in PAN-OS 10.2.4, PAN-OS

CVE-2023-0010 [MEDIUM] CWE-79 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link. Aff

CVE-2023-0007 [MEDIUM] CWE-80 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed. Affected p

CVE-2023-0008 [MEDIUM] CWE-73 PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition. Affected products: Cloud NGFW, PAN-OS, Prisma Access Solution: This issue is fixed in PAN-OS 8.1.25, PAN

CVE-2023-0005 [MEDIUM] CWE-497 PAN-OS: Exposure of Sensitive Information Vulnerability PAN-OS: Exposure of Sensitive Information Vulnerability A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys. Affected products: Cloud NGFW, PAN-OS, Prisma Access Solution: This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15, PAN-OS 10.0.12, PAN-OS 10.1.8

CVE-2023-0004 [MEDIUM] CWE-703 PAN-OS: Local File Deletion Vulnerability PAN-OS: Local File Deletion Vulnerability A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. These files can include logs and system components that impact the integrity and availability of PAN-OS software. Affected products: Cloud NGFW, PAN-OS, Prisma Access Solution: This issue is fixed in

CVE-2023-22809 [HIGH] Impact of Sudo Vulnerability CVE-2023-22809 Impact of Sudo Vulnerability CVE-2023-22809 The Palo Alto Networks Product Security Assurance team has evaluated the sudo software vulnerability CVE-2023-22809 and has determined that the following Palo Alto Networks products do not expose the sudo program and, therefore, do not offer any scenarios required for successful exploitation of this vulnerability. Affected products: Cloud NGFW, PAN-OS, Prisma Access, Prisma SD-WAN ION

CVE-2022-0030 [HIGH] CWE-290 PAN-OS: Authentication Bypass in Web Interface PAN-OS: Authentication Bypass in Web Interface An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions. Affected products: Cloud NGFW, PAN-OS, Prisma Access Solution: This issue is fixed in PAN-OS 8.1.24 and

CVE-2022-28199 [HIGH] CWE-20 Informational: PAN-OS: Impact of the NVIDIA Dataplane Development Kit (DPDK) Vulnerability CVE-2022-28199 Informational: PAN-OS: Impact of the NVIDIA Dataplane Development Kit (DPDK) Vulnerability CVE-2022-28199 The Palo Alto Networks Product Security Assurance team evaluated the NVIDIA Dataplane Development Kit (DPDK) vulnerability (CVE-2022-28199) as it relates to our products. This vulnerability causes networking stacks that use the NVIDIA distribution of the DP

CVE-2022-0028 [HIGH] CWE-406 PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) fire

CVE-2024-0012 [CRITICAL] CWE-306 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escala

CVE-2025-0128 [HIGH] CWE-754 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter

CVE-2025-4230 [HIGH] CWE-78 PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI. The security risk posed by this issue is significantly minimiz

CVE-2025-0114 [HIGH] CWE-400 PAN-OS: Denial of Service (DoS) in GlobalProtect PAN-OS: Denial of Service (DoS) in GlobalProtect A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect portal and the GlobalProtect gateway. This issue does not apply to Cloud N

CVE-2025-0127 [HIGH] CWE-78 PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed. Cloud NGFW

CVE-2024-9472 [HIGH] CWE-476 PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (

CVE-2025-0126 [HIGH] CWE-384 PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. The SAML login for the PAN-OS® manageme

CVE-2025-4231 [HIGH] CWE-77 PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and P

CVE-2024-3393 [HIGH] CWE-754 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the fir

CVE-2025-0108 [HIGH] CWE-306 PAN-OS: Authentication Bypass in the Management Web Interface PAN-OS: Authentication Bypass in the Management Web Interface An authentication bypass in the in the management web interface of Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does