Paloaltonetworks PAN-OS vulnerabilities
211 known vulnerabilities affecting paloaltonetworks/pan-os.
Total CVEs
211
CISA KEV
14
actively exploited
Public exploits
17
Exploited in wild
15
Severity breakdown
CRITICAL36HIGH77MEDIUM89LOW9
Vulnerabilities
Page 10 of 11
CVE-2024-8688P4MEDIUMCVSS 4.4≥ 9.1.0, < 9.1.15≥ 10.0.0, < 10.0.10+1 more2024-09-11
CVE-2024-8688 [MEDIUM] CWE-155 CVE-2024-8688: An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS comman
An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall.
nvd
CVE-2017-5584P4MEDIUMCVSS 5.4v5.1v6.0+50 more2017-03-15
CVE-2017-5584 [MEDIUM] CWE-79 CVE-2017-5584: Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-O
Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2016-2219P4MEDIUMCVSS 5.4v7.0v7.0.1+6 more2016-07-12
CVE-2016-2219 [MEDIUM] CWE-79 CVE-2016-2219: Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.
Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-5664P4MEDIUMCVSS 4.3v4.0.0v4.0.1+27 more2013-08-31
CVE-2013-5664 [MEDIUM] CWE-79 CVE-2013-5664: Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto
Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via crafted data, aka Ref ID 50908.
nvd
CVE-2018-10140P4MEDIUMCVSS 4.3≥ 8.1.0, ≤ 8.1.22018-08-16
CVE-2018-10140 [MEDIUM] CWE-20 CVE-2018-10140: The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an auth
The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected.
nvd
CVE-2020-1982P4MEDIUMCVSS 4.8≥ 8.0.0, ≤ 8.0.20≥ 8.1.0, < 8.1.14+2 more2020-07-08
CVE-2020-1982 [MEDIUM] CWE-326 CVE-2020-1982: Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which i
Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. These cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure. Conditions required for exploitation of known TLS 1.0 weaknesses do not exist for the comm
nvd
CVE-2012-6596P4MEDIUMCVSS 5.0v4.0.0v4.0.1+10 more2013-08-31
CVE-2012-6596 [MEDIUM] CWE-255 CVE-2012-6596: Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 stores cleartext LDAP bind passw
Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 stores cleartext LDAP bind passwords in authd.log, which allows context-dependent attackers to obtain sensitive information by reading this file, aka Ref ID 35493.
nvd
CVE-2024-5920P4MEDIUMCVSS 4.8≥ 10.1.0, < 10.1.14≥ 10.2.0, < 10.2.11+2 more2024-11-14
CVE-2024-5920 [MEDIUM] CWE-79 CVE-2024-5920: A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenti
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in
nvd
CVE-2022-0022P4MEDIUMCVSS 4.4≥ 8.1.0, < 8.1.21≥ 9.0.0, ≤ 9.0.15+2 more2022-03-09
CVE-2022-0022 [MEDIUM] CWE-916 CVE-2022-0022: Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password has
Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode. An attacker must have access to the account pa
nvd
CVE-2012-6590P4MEDIUMCVSS 4.3v4.0.0v4.0.1+6 more2013-08-31
CVE-2012-6590 [MEDIUM] CWE-200 CVE-2012-6590: The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote attackers
The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote attackers to obtain verbose error information via crafted input, aka Ref ID 33139.
nvd
CVE-2014-3764P4MEDIUMCVSS 4.3≤ 5.0.14v5.1+15 more2015-01-06
CVE-2014-3764 [MEDIUM] CWE-79 CVE-2014-3764: Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto N
Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563.
nvd
CVE-2023-0008P4MEDIUMCVSS 4.4≥ 8.1.0, < 8.1.25≥ 9.0.0, < 9.0.17+5 more2023-05-10
CVE-2023-0008 [MEDIUM] CWE-73 CVE-2023-0008: A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-
A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.
nvd
CVE-2021-3036P4MEDIUMCVSS 4.4≥ 8.1.0, < 8.1.19≥ 9.0.0, < 9.0.12+2 more2021-04-20
CVE-2021-3036 [MEDIUM] CWE-532 CVE-2021-3036: An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to use the PAN-OS XML API and exists only when a client inc
nvd
CVE-2020-1994P4MEDIUMCVSS 4.4≥ 7.1.0, ≤ 7.1.26≥ 8.0.0, ≤ 8.0.20+2 more2020-05-13
CVE-2020-1994 [MEDIUM] CWE-377 CVE-2020-1994: A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell ac
A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7.
nvd
CVE-2023-0007P4MEDIUMCVSS 4.8≥ 8.1.0, < 8.1.25≥ 9.0.0, < 9.0.17+2 more2023-05-10
CVE-2023-0007 [MEDIUM] CWE-80 CVE-2023-0007: A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama applian
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed.
nvd
CVE-2023-6789P4MEDIUMCVSS 4.8≥ 8.1.0, < 8.1.26≥ 9.0.0, < 9.0.17+4 more2023-12-13
CVE-2023-6789 [MEDIUM] CWE-79 CVE-2023-6789: A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspec
nvd
CVE-2024-0007P4MEDIUMCVSS 4.8≥ 8.1.0, < 8.1.24≥ 9.0.0, < 9.0.17+4 more2024-02-14
CVE-2024-0007 [MEDIUM] CWE-79 CVE-2024-0007: A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator.
nvd
CVE-2020-1978P4MEDIUMCVSS 4.4v9.0.02020-04-08
CVE-2020-1978 [MEDIUM] CWE-255 CVE-2020-1978: TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform c
TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials. These credentials are equivalent to the credentials associated with the Contributor role in Azure. A user with the credentials will be able to manag
nvd
CVE-2021-3031P4MEDIUMCVSS 4.3≥ 8.1.0, < 8.1.18≥ 9.0.0, < 9.0.12+1 more2021-01-13
CVE-2021-3031 [MEDIUM] CVE-2021-3031: Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series,
Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PA
nvd
CVE-2021-3032P4MEDIUMCVSS 4.4≥ 8.1.0, < 8.1.18≥ 9.0.0, < 9.0.12+2 more2021-01-13
CVE-2021-3032 [MEDIUM] CWE-532 CVE-2021-3032: An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of the configuration including the username and password in
nvd