Paloaltonetworks PAN-OS vulnerabilities
211 known vulnerabilities affecting paloaltonetworks/pan-os.
Total CVEs
211
CISA KEV
14
actively exploited
Public exploits
17
Exploited in wild
15
Severity breakdown
CRITICAL36HIGH77MEDIUM89LOW9
Vulnerabilities
Page 11 of 11
CVE-2024-5916P4MEDIUMCVSS 4.4≥ 10.2.0, < 10.2.8≥ 11.0.0, < 11.0.42024-08-14
CVE-2024-5916 [MEDIUM] CWE-313 CVE-2024-5916: An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system a
An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems.
nvd
CVE-2015-4162P4MEDIUMCVSS 4.0≤ 5.0.15v6.0+11 more2015-06-02
CVE-2015-4162 [MEDIUM] CVE-2015-4162: XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x bef
XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data.
nvd
CVE-2025-0124P4LOWCVSS 3.8≥ 10.1.0, < 10.1.14≥ 10.2.0, < 10.2.10+4 more2025-04-11
CVE-2025-0124 [LOW] CWE-73 CVE-2025-0124: An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an a
An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files.
The attacker must have network access to the manag
nvd
CVE-2021-3047P4LOWCVSS 3.1≥ 8.1.0, < 8.1.19≥ 9.0.0, < 9.0.14+2 more2021-08-11
CVE-2021-3047 [LOW] CWE-338 CVE-2021-3047: A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the
A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to impersonate another authenticated web interface administrator's
nvd
CVE-2020-2044P4LOWCVSS 3.3≥ 8.0.0, ≤ 8.0.20≥ 8.1.0, < 8.1.16+2 more2020-09-09
CVE-2020-2044 [LOW] CWE-532 CVE-2020-2044: An information exposure through log file vulnerability where an administrator's password or other se
An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command (op-command) usage but did not mask all sensitive information. The opcmdhistory.
nvd
CVE-2020-2043P4LOWCVSS 3.3≥ 8.1.0, ≤ 8.1.15≥ 9.0.0, < 9.0.10+1 more2020-09-09
CVE-2020-2043 [LOW] CWE-532 CVE-2020-2043: An information exposure through log file vulnerability where sensitive fields are recorded in the co
An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple times in one log entry. The first instance of the sensitive fi
nvd
CVE-2020-2048P4LOWCVSS 3.3≥ 8.1.0, < 8.1.17≥ 9.0.0, < 9.0.11+1 more2020-11-12
CVE-2020-2048 [LOW] CWE-532 CVE-2020-2048: An information exposure through log file vulnerability exists where the password for the configured
An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1
nvd
CVE-2024-2433P4LOWCVSS 2.7fixed in 9.0.17≥ 9.1.0, < 9.1.17+4 more2024-03-13
CVE-2024-2433 [LOW] CWE-269 CVE-2024-2433: An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authentic
An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images.
T
nvd
CVE-2023-6793P4LOWCVSS 2.7≥ 9.1.0, < 9.1.17≥ 10.0.0, ≤ 10.0.12+3 more2023-12-13
CVE-2023-6793 [LOW] CWE-269 CVE-2023-6793: An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an auth
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.
nvd
CVE-2025-4614P4LOWCVSS 2.7≥ 10.2.0, < 10.2.17≥ 11.1.0, < 11.1.6+2 more2025-10-09
CVE-2025-4614 [LOW] CWE-497 CVE-2025-4614: An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authentica
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked.
The security risk posed by this issue is significantly minimized when CLI access is restricted t
nvd
CVE-2021-3037P4LOWCVSS 2.3≥ 8.1.0, < 8.1.19≥ 9.0.0, < 9.0.13+1 more2021-04-20
CVE-2021-3037 [LOW] CWE-534 CVE-2021-3037: An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS configuration to the destination server.
nvd
← Previous11 / 11