cbcvebase.

Paloaltonetworks PAN-OS vulnerabilities

211 known vulnerabilities affecting paloaltonetworks/pan-os.

Total CVEs
211
CISA KEV
14
actively exploited
Public exploits
17
Exploited in wild
15
Severity breakdown
CRITICAL36HIGH77MEDIUM89LOW9

Vulnerabilities

Page 9 of 11
CVE-2017-9467P4MEDIUMCVSS 6.1≤ 6.1.17v7.0.1+28 more2017-08-02
CVE-2017-9467 [MEDIUM] CWE-79 CVE-2017-9467: Cross-site scripting (XSS) vulnerability in the GlobalProtect external interface in Palo Alto Networ Cross-site scripting (XSS) vulnerability in the GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2023-6790P4MEDIUMCVSS 6.1≥ 8.1.0, < 8.1.25≥ 9.0.0, < 9.0.17+5 more2023-12-13
CVE-2023-6790 [MEDIUM] CWE-79 CVE-2023-6790: A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface.
nvd
CVE-2024-0010P4MEDIUMCVSS 6.1≥ 10.1.0, < 10.1.11v10.1.11+3 more2024-02-14
CVE-2024-0010 [MEDIUM] CWE-79 CVE-2024-0010: A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alt A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.
nvd
CVE-2018-9337P4MEDIUMCVSS 5.4≤ 6.1.20≥ 7.1.0, ≤ 7.1.17+2 more2018-07-03
CVE-2018-9337 [MEDIUM] CWE-79 CVE-2018-9337: The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.
nvd
CVE-2018-9335P4MEDIUMCVSS 5.4≤ 6.1.20≥ 7.1.0, ≤ 7.1.16+2 more2018-07-03
CVE-2018-9335 [MEDIUM] CWE-79 CVE-2018-9335: The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.
nvd
CVE-2018-9334P4MEDIUMCVSS 5.5≤ 6.1.20≥ 7.1.0, ≤ 7.1.16+2 more2018-07-03
CVE-2018-9334 [MEDIUM] CWE-269 CVE-2018-9334: The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PA The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup.
nvd
CVE-2021-3052P4MEDIUMCVSS 5.4≥ 8.1.0, < 8.1.20≥ 9.0.0, < 9.0.14+2 more2021-09-08
CVE-2021-3052 [MEDIUM] CWE-79 CVE-2021-3052: A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface e A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator. This issue
nvd
CVE-2023-6791P4MEDIUMCVSS 4.9≥ 8.1.0, < 8.1.24≥ 9.0.0, < 9.0.17+5 more2023-12-13
CVE-2023-6791 [MEDIUM] CWE-701 CVE-2023-6791: A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.
nvd
CVE-2023-0005P4MEDIUMCVSS 4.9≥ 8.1.0, < 8.1.24≥ 9.0.0, < 9.0.17+4 more2023-04-12
CVE-2023-0005 [MEDIUM] CWE-497 CVE-2023-0005: A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expo A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys.
nvd
CVE-2017-16878P4MEDIUMCVSS 6.1fixed in 8.0.72018-01-10
CVE-2017-16878 [MEDIUM] CWE-79 CVE-2017-16878: Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspecified configuration.
nvd
CVE-2017-7409P4MEDIUMCVSS 6.1≤ 7.0.142017-04-21
CVE-2017-7409 [MEDIUM] CWE-79 CVE-2017-7409: Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674.
nvd
CVE-2024-0011P4MEDIUMCVSS 6.1≥ 8.1.0, < 8.1.24≥ 9.0.0, < 9.0.17+3 more2024-02-14
CVE-2024-0011 [MEDIUM] CWE-79 CVE-2024-0011: A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Netw A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.
nvd
CVE-2018-9242P4MEDIUMCVSS 5.5≤ 6.1.20≥ 7.1.0, ≤ 7.1.16+1 more2018-07-03
CVE-2018-9242 [MEDIUM] CWE-20 CVE-2018-9242: The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PA The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters.
nvd
CVE-2023-0010P4MEDIUMCVSS 5.4≥ 8.1.0, ≤ 8.1.24≥ 9.0.0, ≤ 9.0.17+4 more2023-06-14
CVE-2023-0010 [MEDIUM] CWE-79 CVE-2023-0010: A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Netw A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link.
nvd
CVE-2013-5663P4MEDIUMCVSS 4.3≤ 4.0.8v4.0.0+21 more2013-08-31
CVE-2013-5663 [MEDIUM] CWE-264 CVE-2013-5663: The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP traffic, aka Ref ID 47195.
nvd
CVE-2020-2031P4MEDIUMCVSS 4.9≥ 9.1.0, < 9.1.32020-07-08
CVE-2020-2031 [MEDIUM] CWE-191 CVE-2020-2031: An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface all An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrators to issue a command from the command line interface that causes the component to stop responding. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putt
nvd
CVE-2023-38046P4MEDIUMCVSS 4.9≥ 10.2.0, < 10.2.4v11.0.02023-07-12
CVE-2023-38046 [MEDIUM] CWE-610 CVE-2023-38046: A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administr A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.
nvd
CVE-2024-5918P4MEDIUMCVSS 4.3≥ 10.1.0, < 10.1.11≥ 10.2.0, ≤ 10.2.4+2 more2024-11-14
CVE-2024-5918 [MEDIUM] CWE-295 CVE-2024-5918: An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an au An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client C
nvd
CVE-2020-1995P4MEDIUMCVSS 4.9≥ 9.1.0, < 9.1.22020-05-13
CVE-2020-1995 [MEDIUM] CWE-476 CVE-2020-1995: A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated admini A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue affects: PAN-OS 9.1 ver
nvd
CVE-2017-7217P4MEDIUMCVSS 4.3≤ 7.0.13v7.1.0+9 more2017-04-14
CVE-2017-7217 [MEDIUM] CWE-20 CVE-2017-7217: The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allow The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters.
nvd
Paloaltonetworks PAN-OS vulnerabilities | cvebase