Paloaltonetworks Prisma Access vulnerabilities

CVE-2022-0011 [MEDIUM] CWE-436 CVE-2022-0011: PAN-OS software provides options to exclude specific websites from URL category enforcement and thos PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile. When the entries in these

CVE-2021-3061 [HIGH] CWE-78 CVE-2021-3061: An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versi

CVE-2021-3060 [HIGH] CWE-78 CVE-2021-3060: An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature o An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit t