Paloalto PAN-OS vulnerabilities

CVE-2022-32149 [HIGH] PAN-SA-2026-0005 Informational Bulletin: OSS CVEs Fixed in PAN-OS PAN-SA-2026-0005 Informational Bulletin: OSS CVEs Fixed in PAN-OS The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. While it was not determined that these CVEs have any significant impact on PAN-OS, they have been fixed out of an abundance of caution. CVE Summary CVE-2022-32149 This CVE is fixed in Openconfig plugin PA

CVE-2023-2176 [HIGH] PAN-SA-2026-0006 Informational Bulletin: Impact assessment of OSS CVEs in PAN-OS PAN-SA-2026-0006 Informational Bulletin: Impact assessment of OSS CVEs in PAN-OS The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the CVEs: CVE-2023-2176, CVE-2023-28464, CVE-2023-5633, CVE-2024-0646, CVE-2024-36886, CVE-2024-36971, CVE-2025-57052 Affected prod

CVE-2018-6594 [HIGH] PAN-SA-2025-0012 Informational Bulletin: OSS CVEs Fixed in PAN-OS PAN-SA-2025-0012 Informational Bulletin: OSS CVEs Fixed in PAN-OS The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. While it was not determined that these CVEs have any significant impact on PAN-OS, they have been fixed out of an abundance of caution. CVE Summary CVE-2018-6594 This CVE is fixed in PAN-OS 10.2.17, 11.1.1

CVE-2024-29995 [MEDIUM] CWE-1240 PAN-SA-2025-0010 Informational Bulletin: No Impact of the Marvin Attack on PAN-OS PAN-SA-2025-0010 Informational Bulletin: No Impact of the Marvin Attack on PAN-OS The Palo Alto Networks Product Security Assurance team has evaluated the applicability of CVEs related to the Marvin attack on PAN-OS. While we did not determine that any of these CVEs have significant impact on our PAN-OS software, some were fixed anyway out of an abundance of caution. You can also r

CVE-2015-5312 [HIGH] PAN-SA-2025-0006 Informational Bulletin: Impact of OSS CVEs in PAN-OS PAN-SA-2025-0006 Informational Bulletin: Impact of OSS CVEs in PAN-OS T he Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the CVEs: CVE-2015-5312, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4738, CVE-2018-1111, CVE-2018-14634, CVE-2018-18653, CVE-2019-0145, CVE-2

CVE-2024-9474 [CRITICAL] CWE-306 PAN-SA-2024-0015 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) PAN-SA-2024-0015 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit ot

CVE-2017-12424 [CRITICAL] PAN-SA-2024-0013 Informational Bulletin: Impact of OSS CVEs in PAN-OS PAN-SA-2024-0013 Informational Bulletin: Impact of OSS CVEs in PAN-OS The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the CVEs: CVE-2017-12424, CVE-2021-3114, CVE-2021-31525, CVE-2021-33195, CVE-2021-33197, CVE-2021-33198, CVE-2021-34558, CVE-2021-36221, CVE-2021-40

CVE-2019-17006 [CRITICAL] PAN-SA-2024-0012 Informational Bulletin: OSS CVEs fixed in PAN-OS PAN-SA-2024-0012 Informational Bulletin: OSS CVEs fixed in PAN-OS The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. While it was not determined that these CVEs have any significant impact on PAN-OS, they have been fixed out of an abundance of caution. CVE Summary CVE-2019-17006 This CVE is fixed in PAN-OS 10.2.0, a

CVE-2025-0130 [HIGH] CWE-754 PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot.

CVE-2024-9468 [HIGH] CWE-787 PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode. Affecte

CVE-2024-9471 [MEDIUM] CWE-269 PAN-OS: Privilege Escalation (PE) Vulnerability in XML API PAN-OS: Privilege Escalation (PE) Vulnerability in XML API A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator beyond what the XML API permits. Affected products: Cloud NGFW, PAN-OS, Prisma Access

CVE-2024-47076 [HIGH] CWE-78 Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products The Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-47076, CVE-2024-47177, CVE-2024-47175, and CVE-2024-47176 in the Common UNIX Printing System (CUPS) as they relate to our products. Based on current information, Palo Alto Networks products and cloud services do not contain affecte

CVE-2024-8686 [HIGH] CWE-78 PAN-OS: Command Injection Vulnerability PAN-OS: Command Injection Vulnerability A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall. Affected products: Cloud NGFW, PAN-OS, Prisma Access Solution: This issue is fixed in PAN-OS 11.2.3 and all later PAN-OS versions. Workaround: TBD

CVE-2024-8688 [MEDIUM] CWE-155 PAN-OS: Arbitrary File Read Vulnerability in the Command Line Interface (CLI) PAN-OS: Arbitrary File Read Vulnerability in the Command Line Interface (CLI) An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall. Affected products: Cloud NGFW, PAN-OS, Prisma A

CVE-2024-8691 [MEDIUM] CWE-863 PAN-OS: User Impersonation in GlobalProtect Portal PAN-OS: User Impersonation in GlobalProtect Portal A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonat

CVE-2024-8687 [MEDIUM] CWE-497 PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if t

CVE-2010-1622 [MEDIUM] PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the CVEs: CVE-2010-1622, CVE-2015-7552, CVE-2018-16840, CVE-2019-7639, CVE-2020-17049, CVE-2020-7774, CVE-2021-0131, CVE-2021-0132, CVE-2021-0133, CVE-

CVE-2024-5535 [CRITICAL] Informational Bulletin: Impact of OpenSSL Vulnerabilities CVE-2024-5535 and CVE-2024-6119 Informational Bulletin: Impact of OpenSSL Vulnerabilities CVE-2024-5535 and CVE-2024-6119 The Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-5535 and CVE-2024-6119 as they relate to our products. PAN-OS, Cloud NGFW, Prisma Access, and Cortex XDR Agent are not affected by CVE-2024-5535 or CVE-2024-6119. At present, no other Palo Alto Networks products ar

CVE-2024-5916 [MEDIUM] CWE-313 PAN-OS: Cleartext Exposure of External System Secrets PAN-OS: Cleartext Exposure of External System Secrets An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems. Affected products: Cloud NGFW, PAN-OS, Prisma

CVE-2024-3596 [CRITICAL] CWE-290 PAN-OS: CHAP and PAP When Used with RADIUS Authentication Lead to Privilege Escalation PAN-OS: CHAP and PAP When Used with RADIUS Authentication Lead to Privilege Escalation This vulnerability allows an attacker performing a meddler-in-the-middle attack between Palo Alto Networks PAN-OS firewall and a RADIUS server to bypass authentication and escalate privileges to ‘superuser’ when RADIUS authentication is in use and either CHAP or PAP is selected in the RADIUS