Paloalto Prisma Access vulnerabilities

CVE-2025-0108 [HIGH] CWE-306 PAN-OS: Authentication Bypass in the Management Web Interface PAN-OS: Authentication Bypass in the Management Web Interface An authentication bypass in the in the management web interface of Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does

CVE-2024-2550 [HIGH] CWE-476 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway Using a Specially Crafted Packet PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway Using a Specially Crafted Packet A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) co

CVE-2024-2551 [HIGH] CWE-476 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the fir

CVE-2025-0111 [HIGH] CWE-73 PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface An authenticated file read vulnerability in the management web interface of the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. The attacker must have network acc

CVE-2024-2552 [MEDIUM] CWE-22 PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI) PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI) A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall. Affected products: Cloud NGFW, PAN-OS, Prisma Access Solution: This issue is fixed in PAN-OS 10.2.12, PAN-O

CVE-2025-0123 [MEDIUM] CWE-312 PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature (https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture) in decrypted HTTP/2 data streams traversing n

CVE-2025-0116 [MEDIUM] CWE-754 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted LLDP Frame PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted LLDP Frame A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this condition causes the firewall to enter maintenance mode. This

CVE-2025-4229 [MEDIUM] CWE-497 PAN-OS: Traffic Information Disclosure Vulnerability PAN-OS: Traffic Information Disclosure Vulnerability An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall. Cloud NGFW and Prisma® Access are not affected by this vulnerability. Aff

CVE-2025-0137 [MEDIUM] CWE-83 PAN-OS: Improper Neutralization of Input in the Management Web Interface PAN-OS: Improper Neutralization of Input in the Management Web Interface An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface

CVE-2024-5919 [MEDIUM] CWE-611 PAN-OS: Authenticated XML External Entities (XXE) Injection Vulnerability PAN-OS: Authenticated XML External Entities (XXE) Injection Vulnerability A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface. Affected products: Cloud NGFW

CVE-2026-0227 [MEDIUM] CWE-754 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode. Affected products: Cloud NGFW, PAN-OS, Prisma Access Solution: VERSION MIN

CVE-2025-0125 [MEDIUM] CWE-83 PAN-OS: Improper Neutralization of Input in the Management Web Interface PAN-OS: Improper Neutralization of Input in the Management Web Interface An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface

CVE-2025-4614 [MEDIUM] CWE-497 PAN-OS: Session Token Disclosure Vulnerability PAN-OS: Session Token Disclosure Vulnerability An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group

CVE-2025-4619 [MEDIUM] CWE-754 PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Packets PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Packets A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. This issue is applicable to the PAN-OS

CVE-2025-0115 [MEDIUM] CWE-41 PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. You can greatly reduce the risk of this issue by restr

CVE-2024-5918 [MEDIUM] CWE-295 PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack

CVE-2024-5920 [MEDIUM] CWE-79 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in PAN-OS Enables Impersonation of a Legitimate Administrator PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in PAN-OS Enables Impersonation of a Legitimate Administrator A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a l

CVE-2025-0136 [MEDIUM] CWE-319 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Clo

CVE-2025-0124 [MEDIUM] CWE-73 PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files.

CVE-2025-0109 [MEDIUM] CWE-73 PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does no