Security Advisories
This section provides a listing of all security vulnerabilities identified in currently supported Palo Alto Networks products. Each vulnerability is given a criticality rating and an updated status on any updates or mitigations regarding each discovered vulnerablity. Each vulnerability listing also provides a list of the versions of PAN OS the vulnerability is known to affect.
Please disclose vulnerability discoveries to the Palo Alto Networks Product Security Incident Response Team (PSIRT)
Security Advisory Listing
| Title | ID | Severity | Products Affected | First Published | Last Updated |
|---|
S(smrqt03ur0byxar2jkpzvkft))/Content/Images/DetailIcon.gif "Detail") Information about TCP SACK Panic Findings in PAN-OS
|
PAN-SA-2019-0013 | High | PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2-h3 and earlier. GlobalProtect Gateway and GlobalProtect portal are NOT affected by these issues. | 06/27/2019 | 06/28/2019 |
|
Code Injection Vulnerability in Traps
|
PAN-SA-2019-0014 | Low | Traps 5.0.5 and earlier, including all 4.x releases. These releases did not have the file protection (SPROT) enabled by default. Traps 5.0.6, 6.0 and later are NOT affected. | 06/27/2019 | 06/27/2019 |
|
Cross Site Scripting (XSS) in MineMeld
|
PAN-SA-2019-0015 | Low | Open Source Community Supported MineMeld version 0.9.60 and earlier. AutoFocus-Hosted MineMeld is NOT affected. | 06/27/2019 | 06/27/2019 |
|
Information about Recent Intel Side Channel Vulnerabilities
|
PAN-SA-2019-0012 | Low | WF-500 (WildFire Appliance) running any version of appliance software: PAN-OS 9.0, PAN-OS 8.1, PAN-OS 8.0 and PAN-OS 7.1. WildFire Cloud is affected by this issue. The Traps agent does not detect/prevent this specific type of CPU-level side-channel attack. | 05/29/2019 | 06/27/2019 |
|
Information about PAN-OS Finding
|
PAN-SA-2019-0011 | Info | Firewalls with GlobalProtect enabled and running PAN-OS 8.0.8 to PAN-OS 8.0.11-h1 or PAN-OS 8.1.0 to PAN-OS 8.1.1. Firewalls without GlobalProtect enabled and running PAN-OS 8.0.8 to PAN-OS 8.0.13 or PAN-OS 8.1.0 to PAN-OS 8.1.3. Firewalls running PAN-OS 7.1 or PAN-OS 9.0 are NOT affected. | 05/15/2019 | 05/16/2019 |
|
Cross Site Scripting (XSS) in Demisto
|
PAN-SA-2019-0010 | Medium | Demisto 4.5 build 40249 | 05/06/2019 | 05/06/2019 |
|
Cross-Site Scripting in Expedition Migration Tool
|
PAN-SA-2019-0009 | Low | Expedition 1.1.12 and earlier. Note that this issue only impacts the Palo Alto Networks Migration Tool (“Expedition”), a tool available from the Palo Alto Networks Live site. This issue does not affect PAN-OS or any other supported product or service. For more information on Expedition, see: https://live.paloaltonetworks.com/t5/Expedition-Migration-Tool/ct-p/migration_tool. | 04/11/2019 | 04/11/2019 |
|
Information Disclosure in GlobalProtect Agent
|
PAN-SA-2019-0008 | Medium | GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS. GlobalProtect Agent for macOS 5.0 is NOT affected. | 04/09/2019 | 04/11/2019 |
|
Authentication Bypass in PAN-OS Management Web Interface
|
PAN-SA-2019-0005 | Critical | Only PAN-OS 9.0.0 | 03/28/2019 | 03/28/2019 |
|
Privilege Escalation in PAN-OS
|
PAN-SA-2019-0006 | Medium | This only affects 64bit systems with more than 32 GB of available memory. The affected platform and versions are PAN-OS 7.1.22 and earlier running on M-500 and WF-500; PAN-OS 8.0.15 and earlier running on PA-5220, PA-5250, PA-5260, M-500 and WF-500; and PAN-OS 8.1.6 and earlier running on PA-5220, PA-5250, PA-5260, PA-5280, M-500, M-600 and WF-500. PAN-OS 9.0 is NOT affected. | 03/20/2019 | 03/20/2019 |
|
Denial of Service in PAN-OS Management Interface
|
PAN-SA-2019-0007 | Medium | PAN-OS 7.1.22 and earlier, PAN-OS 8.0.15 and earlier, PAN-OS 8.1.6 and earlier. PAN-OS 9.0 is NOT affected | 03/20/2019 | 03/20/2019 |
|
Cross-Site Scripting in Expedition Migration Tool
|
PAN-SA-2019-0004 | Low | Expedition 1.1.8 and earlier. Note that this issue only impacts the Palo Alto Networks Migration Tool (“Expedition”), a tool available from the Palo Alto Networks Live site. This issue does not affect PAN-OS or any other supported product or service. For more information on Expedition, see: https://live.paloaltonetworks.com/t5/Expedition-Migration-Tool/ct-p/migration_tool. | 03/12/2019 | 03/12/2019 |
|
Stored Cross-Site Scripting in Expedition Migration Tool
|
PAN-SA-2019-0003 | Low | Expedition 1.1.6 and earlier | 02/28/2019 | 02/28/2019 |
|
Cross-Site Scripting (XSS) in PAN-OS External Dynamic Lists
|
PAN-SA-2019-0001 | Medium | PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier. | 01/23/2019 | 01/23/2019 |
|
Cross-Site Scripting (XSS) in PAN-OS Management Web Interface
|
PAN-SA-2019-0002 | High | PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier. | 01/23/2019 | 01/23/2019 |
|
Remote Code Execution in Expedition Migration Tool
|
PAN-SA-2018-0017 | High | Expedition 1.0.107 and earlier. Note that this issue only impacts the Palo Alto Networks Migration Tool (“Expedition”), a tool available from the Palo Alto Networks Live site. This issue does not affect PAN-OS or any other supported product or service. For more information on Expedition, see: https://live.paloaltonetworks.com/t5/Expedition-Migration-Tool/ct-p/migration_tool. | 12/11/2018 | 12/11/2018 |
|
Information about FragmentSmack findings
|
PAN-SA-2018-0012 | Medium | PAN-OS 6.1.21 and earlier running on PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series, PA-7050. PAN-OS 7.1.19 and earlier running on PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series, PA-7050 and PA-7080. PAN-OS 8.0.12 and earlier running on PA-200, PA-220, PA-500, PA-800 Series, PA-3000 Series, PA-5000 Series, PA-5220, PA-5250, PA-5260, PA-7050 and PA-7080. PAN-OS 8.1.4 and earlier running on PA-200, PA-220, PA-220R, PA-500, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5000 Series, PA-5220, PA-5250, PA-5260, PA-5280, PA-7050 and PA-7080. | 09/19/2018 | 11/29/2018 |
|
OpenSSL Vulnerabilities in PAN-OS
|
PAN-SA-2018-0015 | Medium | PAN-OS 6.1.20 and earlier, PAN-OS 7.1.20 and earlier, PAN-OS 8.0.13 and earlier, and PAN-OS 8.1.3 and earlier. WF-500 running WF-500 software versions PAN-OS 6.1.20 and earlier, PAN-OS 7.1.20 and earlier, PAN-OS 8.0.13 and earlier, and PAN-OS 8.1.3 and earlier. | 10/11/2018 | 11/20/2018 |
|
Information Disclosure in Expedition Migration Tool
|
PAN-SA-2018-0016 | Medium | Expedition 1.0.106 and earlier. Note that this issue only impacts the Palo Alto Networks Migration Tool (“Expedition”), a tool available from the Palo Alto Networks Live site. This issue does not affect PAN-OS or any other supported product or service. For more information on Expedition, see: https://live.paloaltonetworks.com/t5/Expedition-Migration-Tool/ct-p/migration_tool. | 11/20/2018 | 11/20/2018 |
|
Cross-Site Scripting (XSS) in GlobalProtect Portal Login Page
|
PAN-SA-2018-0014 | High | PAN-OS 8.1.3 and earlier. PAN-OS 8.0, PAN-OS 7.1 and PAN-OS 6.1 are NOT affected. | 10/11/2018 | 10/18/2018 |
|
Information about SegmentSmack findings
|
PAN-SA-2018-0013 | Info | N/A | 09/19/2018 | 09/19/2018 |
|
Information about L1 Terminal Fault findings
|
PAN-SA-2018-0011 | Info | N/A | 08/17/2018 | 08/17/2018 |
|
Cross-Site Scripting (XSS) in GlobalProtect Gateway
|
PAN-SA-2018-0009 | Medium | PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier. PAN-OS 8.1.0 is NOT affected. | 08/15/2018 | 08/17/2018 |
|
Denial of Service in PAN-OS Management Web Interface
|
PAN-SA-2018-0010 | Low | PAN-OS 8.1.2 and earlier. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected. | 08/15/2018 | 08/15/2018 |
|
Denial of Service in PAN-OS Management Web Interface
|
PAN-SA-2018-0008 | High | PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.0. Global Protect is NOT affected. | 07/19/2018 | 07/19/2018 |