Paloaltonetworks PAN-OS vulnerabilities
211 known vulnerabilities affecting paloaltonetworks/pan-os.
Total CVEs
211
CISA KEV
14
actively exploited
Public exploits
17
Exploited in wild
15
Severity breakdown
CRITICAL36HIGH77MEDIUM89LOW9
Vulnerabilities
Page 3 of 11
CVE-2012-6593P3CRITICALCVSS 10.0≤ 3.1.9v4.0.0+3 more2013-08-31
CVE-2012-6593 [CRITICAL] CWE-78 CVE-2012-6593: Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote attackers to execute ar
Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 30088.
nvd
CVE-2012-6592P3CRITICALCVSS 10.0≤ 3.1.9v4.0.0+4 more2013-08-31
CVE-2012-6592 [CRITICAL] CWE-78 CVE-2012-6592: Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute ar
Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 31091.
nvd
CVE-2019-1580P3CRITICALCVSS 9.8≤ 7.1.24≥ 8.0.0, ≤ 8.0.19+2 more2019-08-23
CVE-2019-1580 [CRITICAL] CWE-787 CVE-2019-1580: Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier,
Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.
nvd
CVE-2019-1576P3HIGHCVSS 8.8≥ 9.0.0, ≤ 9.0.22019-07-16
CVE-2019-1576 [HIGH] CWE-78 CVE-2019-1576: Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to
Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions.
nvd
CVE-2016-3657P3CRITICALCVSS 9.8≥ 5.0.0, < 5.0.18≥ 5.1, < 5.1.11+3 more2016-04-12
CVE-2016-3657 [CRITICAL] CWE-119 CVE-2016-3657: Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before
Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of service (device crash) or possibly execute arbitrary code via an SSL VPN request.
nvd
CVE-2012-6595P3CRITICALCVSS 9.0v4.0.0v4.0.1+9 more2013-08-31
CVE-2012-6595 [CRITICAL] CWE-78 CVE-2012-6595: The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34595.
nvd
CVE-2020-2039P3MEDIUMCVSS 5.3≥ 8.1.0, < 8.1.16≥ 9.0.0, < 9.0.10+2 more2020-09-09
CVE-2020-2039 [MEDIUM] CWE-400 CVE-2020-2039: An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote
An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. It is possible for an attacker to disrupt the availability of the management web interface by repeatedly uplo
nvd
CVE-2020-1998P3HIGHCVSS 8.8≥ 7.1.0, < 7.1.26≥ 8.0.0, ≤ 8.0.20+3 more2020-05-13
CVE-2020-1998 [HIGH] CWE-285 CVE-2020-1998: An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linu
An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user. This issue affects: PAN-OS 7.1 versio
nvd
CVE-2012-6600P3CRITICALCVSS 9.0v4.0.0v4.0.1+9 more2013-08-31
CVE-2012-6600 [CRITICAL] CWE-78 CVE-2012-6600: The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502.
nvd
CVE-2012-6599P3CRITICALCVSS 9.0v4.0.0v4.0.1+7 more2013-08-31
CVE-2012-6599 [CRITICAL] CWE-78 CVE-2012-6599: The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476.
nvd
CVE-2012-6598P3CRITICALCVSS 9.0v4.0.0v4.0.1+6 more2013-08-31
CVE-2012-6598 [CRITICAL] CWE-78 CVE-2012-6598: The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33080.
nvd
CVE-2012-6591P3CRITICALCVSS 9.0≤ 3.1.9v4.0.0+4 more2013-08-31
CVE-2012-6591 [CRITICAL] CWE-78 CVE-2012-6591: The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x be
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 31116.
nvd
CVE-2012-6594P3CRITICALCVSS 9.0≤ 3.1.10v3.1.9+9 more2013-08-31
CVE-2012-6594 [CRITICAL] CWE-78 CVE-2012-6594: The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x befor
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x before 4.0.8, and 4.1.x before 4.1.1 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34299.
nvd
CVE-2012-6603P3CRITICALCVSS 10.0≤ 3.1.11v3.1.9+14 more2013-08-31
CVE-2012-6603 [CRITICAL] CWE-287 CVE-2012-6603: The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x bef
The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034.
nvd
CVE-2020-1975P3HIGHCVSS 8.8≥ 8.1.0, < 8.1.12≥ 9.0.0, < 9.0.62020-02-12
CVE-2020-1975 [HIGH] CWE-112 CVE-2020-1975: Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS softwa
Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6. This issue does not affect PAN-OS 7.1, PAN-OS
nvd
CVE-2021-3062P3HIGHCVSS 8.8≥ 8.1.0, < 8.1.20≥ 9.0.0, < 9.0.14+2 more2021-11-10
CVE-2021-3062 [HIGH] CWE-284 CVE-2021-3062: An improper access control vulnerability in PAN-OS software enables an attacker with authenticated a
An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of this vulnerability enables an attacker to perform any operations allowed by the EC2 role in AWS. Thi
nvd
CVE-2021-3059P3HIGHCVSS 8.1≥ 8.1.0, ≤ 8.1.20≥ 9.0.0, ≤ 9.0.14+3 more2021-11-10
CVE-2021-3059 [HIGH] CWE-78 CVE-2021-3059: An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists w
An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS
nvd
CVE-2020-2050P3HIGHCVSS 8.2≥ 8.1.0, < 8.1.17≥ 9.0.0, < 9.0.11+2 more2020-11-12
CVE-2020-2050 [HIGH] CWE-285 CVE-2020-2050: An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Ne
An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to restricted VPN network resources when the gateway or portal
nvd
CVE-2022-0030P3HIGHCVSS 8.1≥ 8.1.0, < 8.1.242022-10-12
CVE-2022-0030 [HIGH] CWE-290 CVE-2022-0030: An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a n
An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions.
nvd
CVE-2020-2012P3HIGHCVSS 7.5≥ 7.1.0, ≤ 7.1.26≥ 8.0.0, ≤ 8.0.20+2 more2020-05-13
CVE-2020-2012 [HIGH] CWE-611 CVE-2020-2012: Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Pa
Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. This issue affects: All versions of PAN-OS for Panorama 7.1 and 8.0; PAN-OS for Panorama 8.1
nvd