Palo Alto Networks Security Advisories

1 - 25 of 356
VersionsAffectedUnaffected
5.7CVE-2024-2431 GlobalProtect App: Local User Can Disable GlobalProtect
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.2
GlobalProtect App 5.1
none
< 6.1.1
< 6.0.4
< 5.2.13
< 5.1.12
All
>= 6.1.1
>= 6.0.4
>= 5.2.13
>= 5.1.12
2024-03-132024-03-13
5.2CVE-2024-2432 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.1
< 6.2.1 on Windows
< 6.1.2 on Windows
< 6.0.8 on Windows
< 5.1.12 on Windows
>= 6.2.1 on Windows
>= 6.1.2 on Windows
>= 6.0.8 on Windows
>= 5.1.12 on Windows
2024-03-132024-03-18
5.1CVE-2024-2433 PAN-OS: Improper Privilege Management Vulnerability in Panorama Software Leads to Availability Loss
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 9.1
PAN-OS 9.0
Prisma Access
none
none
< 11.0.3 on Panorama
< 10.2.8 on Panorama
< 10.1.12 on Panorama
< 9.1.17 on Panorama
< 9.0.17-h4 on Panorama
none
All
All
>= 11.0.3 on Panorama
>= 10.2.8 on Panorama
>= 10.1.12 on Panorama
>= 9.1.17 on Panorama
>= 9.0.17-h4 on Panorama
All
2024-03-132024-03-13
iPAN-SA-2024-0002 Impact of Leaky Vessels Vulnerabilities (CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653)
none
all
2024-02-222024-02-22
6.3CVE-2024-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
➔ View additional products
none
none
none
< 10.1.6 on Panorama
< 10.0.11 on Panorama
< 9.1.16 on Panorama
< 9.0.17 on Panorama
< 8.1.24-h1 on Panorama, < 8.1.25 on Panorama
none
All
All on Panorama
All on Panorama
>= 10.1.6 on Panorama
>= 10.0.11 on Panorama
>= 9.1.16 on Panorama
>= 9.0.17 on Panorama
>= 8.1.24-h1 on Panorama, >= 8.1.25 on Panorama
all
2024-02-142024-02-14
5.4CVE-2024-0008 PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
Prisma Access
none
none
< 11.0.2
< 10.2.5
< 10.1.10-h1, < 10.1.11
< 10.0.12-h1, < 10.0.13
< 9.1.17
< 9.0.17-h2, < 9.0.18
none
All
All
>= 11.0.2
>= 10.2.5
>= 10.1.10-h1, >= 10.1.11
>= 10.0.12-h1, >= 10.0.13
>= 9.1.17
>= 9.0.17-h2, >= 9.0.18
All
2024-02-142024-02-14
5.3CVE-2024-0009 PAN-OS: Improper IP Address Verification in GlobalProtect Gateway
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
➔ View additional products
none
none
< 11.0.1
< 10.2.4
none
none
All
All
>= 11.0.1
>= 10.2.4
All
all
2024-02-142024-02-14
5.1CVE-2024-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.1
PAN-OS 9.1
PAN-OS 9.0
➔ View additional products
none
none
none
< 10.1.11-h1, < 10.1.12
< 9.1.17
< 9.0.17-h4
none
All
All
All
>= 10.1.11-h1, >= 10.1.12
>= 9.1.17
>= 9.0.17-h4
all
2024-02-142024-02-14
5.1CVE-2024-0011 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
➔ View additional products
none
none
none
< 10.1.3
< 10.0.11
< 9.1.13
< 9.0.17
< 8.1.24
none
All
All
All
>= 10.1.3
>= 10.0.11
>= 9.1.13
>= 9.0.17
>= 8.1.24
all
2024-02-142024-02-24
iPAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-OS
none
All
2024-02-14
iCVE-2023-48795 Impact of Terrapin SSH Attack
PAN-OS
Devices using affected ciphers
Devices not using affected ciphers
2024-01-092024-01-17
7.5CVE-2023-6790 PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
none
none
< 11.0.1
< 10.2.4
< 10.1.9
< 10.0.12
< 9.1.16
< 9.0.17
< 8.1.25
none
All
All
>= 11.0.1
>= 10.2.4
>= 10.1.9
>= 10.0.12
>= 9.1.16
>= 9.0.17
>= 8.1.25
All
2023-12-132023-12-13
6.1CVE-2023-6791 PAN-OS: Plaintext Disclosure of External System Integration Credentials
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
none
none
< 11.0.1
< 10.2.4
< 10.1.9
< 10.0.12
< 9.1.16
< 9.0.17
< 8.1.24-h1
none
All
All
>= 11.0.1
>= 10.2.4
>= 10.1.9
>= 10.0.12
>= 9.1.16
>= 9.0.17
>= 8.1.24-h1
All
2023-12-132023-12-13
5.9CVE-2023-6792 PAN-OS: OS Command Injection Vulnerability in the XML API
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
➔ View additional products
none
none
none
< 10.1.6
< 10.0.12
< 9.1.15
< 9.0.17
< 8.1.24
none
All
All
All
>= 10.1.6
>= 10.0.12
>= 9.1.15
>= 9.0.17
>= 8.1.24
all
2023-12-132023-12-13
5.9CVE-2023-6795 PAN-OS: OS Command Injection Vulnerability in the Web Interface
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
➔ View additional products
none
none
none
< 10.1.3
< 10.0.9
< 9.1.12
< 9.0.17
< 8.1.24-h1
none
All
All
All
>= 10.1.3
>= 10.0.9
>= 9.1.12
>= 9.0.17
>= 8.1.24-h1
all
2023-12-132023-12-13
5.9CVE-2023-6794 PAN-OS: File Upload Vulnerability in the Web Interface
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
➔ View additional products
none
none
none
< 9.1.14
< 9.0.17-h1
< 8.1.26
none
All
All
All
>= 9.1.14
>= 9.0.17-h1
>= 8.1.26
all
2023-12-132023-12-13
5.1CVE-2023-6793 PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
none
none
< 11.0.2
< 10.2.5
< 10.1.11
All
< 9.1.17
< 9.0.17-h4
none
none
All
All
>= 11.0.2
>= 10.2.5
>= 10.1.11
None
>= 9.1.17
>= 9.0.17-h4
All
All
2023-12-132023-12-13
4.8CVE-2023-6789 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
none
none
< 11.0.2
< 10.2.5
< 10.1.11
All
< 9.1.17
< 9.0.17-h4
< 8.1.26
none
All
All
>= 11.0.2
>= 10.2.5
>= 10.1.11
None
>= 9.1.17
>= 9.0.17-h4
>= 8.1.26
All
2023-12-132023-12-13
4.9CVE-2023-3282 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine
Cortex XSOAR 8
Cortex XSOAR 6.12
Cortex XSOAR 6.11
Cortex XSOAR 6.10
none
none
none
< 6.10.0.250144 on Linux
All
All
All
>= 6.10.0.250144 on Linux
2023-11-082023-11-08
iCVE-2023-38545 Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546)
none
all
2023-10-122023-10-31
4.3CVE-2023-3281 Cortex XSOAR: Cleartext Exposure of Client Certificate Key in Kafka v3 Integration
Cortex XSOAR Kafka Integration v3
< 2.0.16
>= 2.0.16
2023-10-112023-10-11
iCVE-2023-44487 Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945)
none
all
2023-10-112023-10-25
0CVE-2023-4863 Impact of libwebp Vulnerability CVE-2023-4863
PAN-OS
none
All
2023-10-022023-10-02
8.2 NCVE-2023-38802 PAN-OS: Denial-of-Service (DoS) Vulnerability in BGP Software
Cloud NGFW
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
Prisma SD-WAN ION 6.2
Prisma SD-WAN ION 6.1
Prisma SD-WAN ION 5.6
none
< 11.0.3
< 10.2.6
< 10.1.11
< 9.1.16-h3
< 9.0.17-h4
< 8.1.26
Customers whose most recent software upgrade was before 09/30
< 6.2.3
< 6.1.5
none
All
>= 11.0.3
>= 10.2.6
>= 10.1.11
>= 9.1.16-h3
>= 9.0.17-h4
>= 8.1.26
Customers who have received a software upgrade or are using new software on or after 09/30
>= 6.2.3
>= 6.1.5
All
2023-09-132024-01-18
5.5CVE-2023-3280 Cortex XDR Agent: Local Windows User Can Disable the Agent
Cortex XDR Agent 8.1
Cortex XDR Agent 8.0
Cortex XDR Agent 7.9-CE
Cortex XDR Agent 7.9
Cortex XDR Agent 7.5-CE
Cortex XDR Agent 5.0
none
< 8.0.2 on Windows
< 7.9.101-CE on Windows
< 7.9.3 on Windows
All on Windows
All on Windows
All
>= 8.0.2 with CU-1000 or a later content update on Windows
>= 7.9.101-CE with CU-1000 or a later content update on Windows
>= 7.9.3 with CU-1000 or a later content update on Windows
none
none
2023-09-132023-09-22
1 - 25 of 356 Download
N = Exploitable over the network with low complexity, unauthenticated attack.
© 2024 Palo Alto Networks, Inc. All rights reserved.