Home  :  Support   :  Security Advisories

Security Advisories

This section provides a listing of all security vulnerabilities identified in currently supported Palo Alto Networks products. Each vulnerability is given a criticality rating and an updated status on any updates or mitigations regarding each discovered vulnerablity. Each vulnerability listing also provides a list of the versions of PAN OS the vulnerability is known to affect.

Please disclose vulnerability discoveries to the Palo Alto Networks Product Security Incident Response Team (PSIRT)

Security Advisory Listing

 Title  ID  Severity  Products Affected  First  Published  Last  Updated
Detail
Information about PAN-OS Finding
PAN-SA-2019-0011 Info Firewalls with GlobalProtect enabled and running PAN-OS 8.0.8 to PAN-OS 8.0.11-h1 or PAN-OS 8.1.0 to PAN-OS 8.1.1. Firewalls without GlobalProtect enabled and running PAN-OS 8.0.8 to PAN-OS 8.0.13 or PAN-OS 8.1.0 to PAN-OS 8.1.3. Firewalls running PAN-OS 7.1 or PAN-OS 9.0 are NOT affected. 05/15/2019 05/16/2019
Detail
Cross Site Scripting (XSS) in Demisto
PAN-SA-2019-0010 Medium Demisto 4.5 build 40249 05/06/2019 05/06/2019
Detail
Cross-Site Scripting in Expedition Migration Tool
PAN-SA-2019-0009 Low Expedition 1.1.12 and earlier. Note that this issue only impacts the Palo Alto Networks Migration Tool (“Expedition”), a tool available from the Palo Alto Networks Live site. This issue does not affect PAN-OS or any other supported product or service. For more information on Expedition, see: https://live.paloaltonetworks.com/t5/Expedition-Migration-Tool/ct-p/migration_tool. 04/11/2019 04/11/2019
Detail
Information Disclosure in GlobalProtect Agent
PAN-SA-2019-0008 Medium GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS. GlobalProtect Agent for macOS 5.0 is NOT affected. 04/09/2019 04/11/2019
Detail
Authentication Bypass in PAN-OS Management Web Interface
PAN-SA-2019-0005 Critical Only PAN-OS 9.0.0 03/28/2019 03/28/2019
Detail
Privilege Escalation in PAN-OS
PAN-SA-2019-0006 Medium This only affects 64bit systems with more than 32 GB of available memory. The affected platform and versions are PAN-OS 7.1.22 and earlier running on M-500 and WF-500; PAN-OS 8.0.15 and earlier running on PA-5220, PA-5250, PA-5260, M-500 and WF-500; and PAN-OS 8.1.6 and earlier running on PA-5220, PA-5250, PA-5260, PA-5280, M-500, M-600 and WF-500. PAN-OS 9.0 is NOT affected. 03/20/2019 03/20/2019
Detail
Denial of Service in PAN-OS Management Interface
PAN-SA-2019-0007 Medium PAN-OS 7.1.22 and earlier, PAN-OS 8.0.15 and earlier, PAN-OS 8.1.6 and earlier. PAN-OS 9.0 is NOT affected 03/20/2019 03/20/2019
Detail
Cross-Site Scripting in Expedition Migration Tool
PAN-SA-2019-0004 Low Expedition 1.1.8 and earlier. Note that this issue only impacts the Palo Alto Networks Migration Tool (“Expedition”), a tool available from the Palo Alto Networks Live site. This issue does not affect PAN-OS or any other supported product or service. For more information on Expedition, see: https://live.paloaltonetworks.com/t5/Expedition-Migration-Tool/ct-p/migration_tool. 03/12/2019 03/12/2019
Detail
Stored Cross-Site Scripting in Expedition Migration Tool
PAN-SA-2019-0003 Low Expedition 1.1.6 and earlier 02/28/2019 02/28/2019
Detail
Cross-Site Scripting (XSS) in PAN-OS External Dynamic Lists
PAN-SA-2019-0001 Medium PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier. 01/23/2019 01/23/2019
Detail
Cross-Site Scripting (XSS) in PAN-OS Management Web Interface
PAN-SA-2019-0002 High PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier. 01/23/2019 01/23/2019
Detail
Remote Code Execution in Expedition Migration Tool
PAN-SA-2018-0017 High Expedition 1.0.107 and earlier. Note that this issue only impacts the Palo Alto Networks Migration Tool (“Expedition”), a tool available from the Palo Alto Networks Live site. This issue does not affect PAN-OS or any other supported product or service. For more information on Expedition, see: https://live.paloaltonetworks.com/t5/Expedition-Migration-Tool/ct-p/migration_tool. 12/11/2018 12/11/2018
Detail
Information about FragmentSmack findings
PAN-SA-2018-0012 Medium PAN-OS 6.1.21 and earlier running on PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series, PA-7050. PAN-OS 7.1.19 and earlier running on PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series, PA-7050 and PA-7080. PAN-OS 8.0.12 and earlier running on PA-200, PA-220, PA-500, PA-800 Series, PA-3000 Series, PA-5000 Series, PA-5220, PA-5250, PA-5260, PA-7050 and PA-7080. PAN-OS 8.1.4 and earlier running on PA-200, PA-220, PA-220R, PA-500, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5000 Series, PA-5220, PA-5250, PA-5260, PA-5280, PA-7050 and PA-7080. 09/19/2018 11/29/2018
Detail
OpenSSL Vulnerabilities in PAN-OS
PAN-SA-2018-0015 Medium PAN-OS 6.1.20 and earlier, PAN-OS 7.1.20 and earlier, PAN-OS 8.0.13 and earlier, and PAN-OS 8.1.3 and earlier. WF-500 running WF-500 software versions PAN-OS 6.1.20 and earlier, PAN-OS 7.1.20 and earlier, PAN-OS 8.0.13 and earlier, and PAN-OS 8.1.3 and earlier. 10/11/2018 11/20/2018
Detail
Information Disclosure in Expedition Migration Tool
PAN-SA-2018-0016 Medium Expedition 1.0.106 and earlier. Note that this issue only impacts the Palo Alto Networks Migration Tool (“Expedition”), a tool available from the Palo Alto Networks Live site. This issue does not affect PAN-OS or any other supported product or service. For more information on Expedition, see: https://live.paloaltonetworks.com/t5/Expedition-Migration-Tool/ct-p/migration_tool. 11/20/2018 11/20/2018
Detail
Cross-Site Scripting (XSS) in GlobalProtect Portal Login Page
PAN-SA-2018-0014 High PAN-OS 8.1.3 and earlier. PAN-OS 8.0, PAN-OS 7.1 and PAN-OS 6.1 are NOT affected. 10/11/2018 10/18/2018
Detail
Information about SegmentSmack findings
PAN-SA-2018-0013 Info N/A 09/19/2018 09/19/2018
Detail
Information about L1 Terminal Fault findings
PAN-SA-2018-0011 Info N/A 08/17/2018 08/17/2018
Detail
Cross-Site Scripting (XSS) in GlobalProtect Gateway
PAN-SA-2018-0009 Medium PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier. PAN-OS 8.1.0 is NOT affected. 08/15/2018 08/17/2018
Detail
Denial of Service in PAN-OS Management Web Interface
PAN-SA-2018-0010 Low PAN-OS 8.1.2 and earlier. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected. 08/15/2018 08/15/2018
Detail
Denial of Service in PAN-OS Management Web Interface
PAN-SA-2018-0008 High PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.0. Global Protect is NOT affected. 07/19/2018 07/19/2018
Detail
Information Disclosure in the PAN-OS Management Web Interface
PAN-SA-2018-0005 Low PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 06/28/2018 07/09/2018
Detail
Local Privilege Escalation in Management Web Interface
PAN-SA-2018-0004 Low PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier. PAN-OS 8.1 is not affected. 06/28/2018 06/28/2018
Detail
Cross-Site Scripting (XSS) in PAN-OS Management Web Interface
PAN-SA-2018-0006 Medium PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier 06/28/2018 06/28/2018
Detail
Cross-Site Scripting (XSS) in PAN-OS Management Web Interface
PAN-SA-2018-0007 Medium PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier 06/28/2018 06/28/2018