Paloaltonetworks PAN-OS vulnerabilities
211 known vulnerabilities affecting paloaltonetworks/pan-os.
Total CVEs
211
CISA KEV
14
actively exploited
Public exploits
17
Exploited in wild
15
Severity breakdown
CRITICAL36HIGH77MEDIUM89LOW9
Vulnerabilities
Page 5 of 11
CVE-2020-2007P3HIGHCVSS 7.2≥ 7.1.0, ≤ 7.1.26≥ 8.0.0, ≤ 8.0.20+2 more2020-05-13
CVE-2020-2007 [HIGH] CWE-78 CVE-2020-2007: An OS command injection vulnerability in the management server component of PAN-OS allows an authent
An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges. This issue affects: All PAN-OS 7.1 versions; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7.
nvd
CVE-2020-2009P3HIGHCVSS 7.2≥ 7.1.0, ≤ 7.1.26≥ 8.0.0, ≤ 8.0.20+2 more2020-05-13
CVE-2020-2009 [HIGH] CWE-73 CVE-2020-2009: An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS P
An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases this results in arbitrary code execution with root permissions. This issue a
nvd
CVE-2021-3058P3HIGHCVSS 7.2≥ 8.1.0, ≤ 8.1.20≥ 9.0.0, ≤ 9.0.14+3 more2021-11-10
CVE-2021-3058 [HIGH] CWE-78 CVE-2021-3058: An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an auth
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.
nvd
CVE-2021-3061P3HIGHCVSS 7.2≥ 8.1.0, ≤ 8.1.20≥ 9.0.0, ≤ 9.0.14+3 more2021-11-10
CVE-2021-3061 [HIGH] CWE-78 CVE-2021-3061: An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI)
An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versi
nvd
CVE-2020-2008P3HIGHCVSS 7.2≥ 7.1.0, ≤ 7.1.26≥ 8.0.0, ≤ 8.0.20+1 more2020-05-13
CVE-2020-2008 [HIGH] CWE-73 CVE-2020-2008: An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS
An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions e
nvd
CVE-2020-2027P3HIGHCVSS 7.2≥ 7.1.0, ≤ 7.1.26≥ 8.0.0, ≤ 8.0.20+2 more2020-06-10
CVE-2020-2027 [HIGH] CWE-121 CVE-2020-2027: A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authen
A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13; PAN-OS 9.0 versions earlier than
nvd
CVE-2022-0024P3HIGHCVSS 7.2≥ 8.1.0, < 8.1.23≥ 9.0.0, < 9.0.16+3 more2022-05-11
CVE-2022-0024 [HIGH] CWE-138 CVE-2022-0024: A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-b
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls. This issue does
nvd
CVE-2025-0130P3HIGHCVSS 7.5≥ 11.1.0, < 11.1.6≥ 11.2.0, < 11.2.5+1 more2025-05-14
CVE-2025-0130 [HIGH] CWE-754 CVE-2025-0130: A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled
A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mod
nvd
CVE-2020-2041P3HIGHCVSS 7.5≥ 8.0.0, ≤ 8.0.20≥ 8.1.0, < 8.1.162020-09-09
CVE-2020-2041 [HIGH] CWE-16 CVE-2020-2041: An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unau
An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenanc
nvd
CVE-2020-2042P3HIGHCVSS 7.2≥ 10.0.0, < 10.0.12020-09-09
CVE-2020-2042 [HIGH] CWE-121 CVE-2020-2042: A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administ
A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. This issue impacts only PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.
nvd
CVE-2020-1990P3HIGHCVSS 7.2≥ 8.1.0, < 8.1.13≥ 9.0.0, < 9.0.72020-04-08
CVE-2020-1990 [HIGH] CWE-121 CVE-2020-1990: A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an a
A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 8.1 versions before 8.1.13; 9.0 versions before 9.0.7. This issue does not affect PAN-OS 7.1.
nvd
CVE-2026-0227P3HIGHCVSS 7.5≥ 10.1.0, < 10.1.14≥ 10.2.0, < 10.2.7+25 more2026-01-15
CVE-2026-0227 [HIGH] CWE-754 CVE-2026-0227: A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a
A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.
nvd
CVE-2023-6792P3MEDIUMCVSS 6.3≥ 8.1.0, < 8.1.24≥ 9.0.0, < 9.0.17+3 more2023-12-13
CVE-2023-6792 [MEDIUM] CWE-88 CVE-2023-6792: An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables a
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
nvd
CVE-2025-0114P3HIGHCVSS 7.5≥ 10.1.0, < 10.1.14≥ 10.2.0, < 10.2.5+2 more2025-03-12
CVE-2025-0114 [HIGH] CWE-400 CVE-2025-0114: A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS so
A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect portal and the GlobalProtect gateway.
This issue does not
nvd
CVE-2020-2011P3HIGHCVSS 7.5≥ 7.1.0, ≤ 7.1.26≥ 8.0.0, ≤ 8.0.20+2 more2020-05-13
CVE-2020-2011 [HIGH] CWE-20 CVE-2020-2011: An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS
An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS Panorama ser
nvd
CVE-2020-1979P3HIGHCVSS 7.8fixed in 8.1.132020-03-11
CVE-2020-1979 [HIGH] CWE-134 CVE-2020-1979: A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based att
A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on
nvd
CVE-2019-1559P3MEDIUMCVSS 5.9≥ 7.1.0, < 7.1.15≥ 8.0.0, < 8.0.20+2 more2019-02-27
CVE-2019-1559 [MEDIUM] CWE-203 CVE-2019-1559: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to sen
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behave
nvd
CVE-2024-2550P3HIGHCVSS 7.5≥ 10.2.0, < 10.2.7≥ 11.0.0, < 11.0.6+6 more2024-11-14
CVE-2024-2550 [HIGH] CWE-476 CVE-2024-2550: A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS s
A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall enterin
nvd
CVE-2024-9468P3HIGHCVSS 7.5≥ 10.2.0, < 10.2.4≥ 10.2.5, < 10.2.7+9 more2024-10-09
CVE-2024-9468 [HIGH] CWE-787 CVE-2024-9468: A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated at
A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.
nvd
CVE-2024-5919P3MEDIUMCVSS 6.5≥ 10.1.0, < 10.1.10≥ 10.2.0, < 10.2.5+1 more2024-11-14
CVE-2024-5919 [MEDIUM] CWE-611 CVE-2024-5919: A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS softwar
A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.
nvd