Home  :  Support   :  Security Advisories

Security Advisories

This section provides a listing of all security vulnerabilities identified in currently supported Palo Alto Networks products. Each vulnerability is given a criticality rating and an updated status on any updates or mitigations regarding each discovered vulnerablity. Each vulnerability listing also provides a list of the versions of PAN OS the vulnerability is known to affect.

Please disclose vulnerability discoveries to the Palo Alto Networks Product Security Incident Response Team (PSIRT)

Security Advisory Listing

 Title  ID  Severity  Products Affected  First  Published  Last  Updated
Detail
Local privilege escalation
PAN-SA-2016-0012 Medium PAN-OS 5.0.18 and earlier, PAN-OS 5.1.11 and earlier, PAN-OS 6.0.13 and earlier, PAN-OS 6.1.11 and earlier, PAN-OS 7.0.7 and earlier 07/13/2016 09/12/2016
Detail
Web interface denial of service
PAN-SA-2016-0024 Medium PAN-OS 5.1.11 and earlier, PAN-OS 6.0.13 and earlier, PAN-OS 6.1.12 and earlier, PAN-OS 7.0.8 and earlier, PAN-OS 7.1.2 and earlier 09/08/2016 09/08/2016
Detail
OpenSSL Vulnerabilities
PAN-SA-2016-0023 Low GlobalProtect Agent 3.1.0 and earlier 09/02/2016 09/02/2016
Detail
Remote Text File Access on Traps Endpoint Server Management
PAN-SA-2016-0022 High Traps ESM Core version 3.3.3 and earlier 08/25/2016 08/25/2016
Detail
Cross-site scripting vulnerability
PAN-SA-2016-0009 Low PAN-OS 7.0.1 to PAN-OS 7.0.7 06/27/2016 08/24/2016
Detail
OpenSSH vulnerabilities
PAN-SA-2016-0011 Low PAN-OS 7.0.9 and earlier, PAN-OS 7.1.2 and earlier 07/12/2016 08/16/2016
Detail
Glibc DNS Resolver Vulnerability
PAN-SA-2016-0021 Low PAN-OS 5.0.X, PAN-OS 5.1.X, PAN-OS 6.0.X, PAN-OS 6.1.12 and earlier, PAN-OS 7.0.7 and earlier, PAN-OS 7.1.3 and earlier 08/15/2016 08/15/2016
Detail
OpenSSL Vulnerabilities
PAN-SA-2016-0020 High PAN-OS 5.0.X, PAN-OS-5.1.X, PAN-OS 6.0.13 and earlier, PAN-OS 6.1.12 and earlier, PAN-OS 7.0.8 and earlier, PAN-OS 7.1.3 and earlier 08/15/2016 08/15/2016
Detail
NTP Vulnerabilities
PAN-SA-2016-0019 Low PAN-OS 5.0.X, PAN-OS 5.1.X, PAN-OS 6.0.X, PAN-OS 6.1.12 and earlier, PAN-OS 7.0.8 and earlier, PAN-OS 7.1.3 and earlier 08/15/2016 08/15/2016
Detail
WildFire Cross-Site Scripting Vulnerability
PAN-SA-2016-0018 Medium Palo Alto Networks hosted WildFire cloud from January to August 9th 2016 08/12/2016 08/12/2016
Detail
Local Privilege Escalation in GlobalProtect Agent for OS X
PAN-SA-2016-0017 High GlobalProtect Agent for OS X 2.3.4 and earlier, GlobalProtect 3.0.2 and earlier 08/04/2016 08/04/2016
Detail
Web Interface Privilege Escalation
PAN-SA-2016-0016 High PAN-OS 5.0.18 and earlier, PAN-OS 5.1.11 and earlier, PAN-OS 6.0.13 and earlier, PAN-OS 6.1.10 and earlier, PAN-OS 7.0.4 and earlier 07/14/2016 07/22/2016
Detail
Cron local privilege escalation
PAN-SA-2016-0015 Medium PAN-OS 5.0.18 and prior, PAN-OS 5.1.11 and prior, PAN-OS 6.0.13 and prior, PAN-OS 6.1.11 and prior, PAN-OS 7.0.6 and prior, PAN-OS 7.1.1 and prior 07/14/2016 07/14/2016
Detail
Cross-site scripting issue in policy
PAN-SA-2016-0014 Medium PAN-OS 5.0.18 and earlier, PAN-OS 5.1.11 and earlier, PAN-OS 6.0.13 and earlier, PAN-OS 6.1.11 and earlier, PAN-OS 7.0.7 and earlier 07/14/2016 07/14/2016
Detail
Captive Portal denial of service
PAN-SA-2016-0013 Medium PAN-OS 5.0.18 and earlier, PAN-OS 6.0.13 and earlier, PAN-OS 6.1.11 and earlier, PAN-OS 7.0.6 and earlier, PAN-OS 7.1.1 and earlier 07/14/2016 07/14/2016
Detail
Update Server API Exposure
PAN-SA-2016-0010 Medium Palo Alto Networks update server 07/01/2016 07/01/2016
Detail
PAN-OS API denial of service
PAN-SA-2016-0008 Medium PAN-OS 7.0.1 to PAN-OS 7.0.7 06/27/2016 06/27/2016
Detail
User-ID API Access
PAN-SA-2016-0007 Medium Windows devices running all versions of User-ID agent up to 7.0.3 05/23/2016 05/26/2016
Detail
HTTP Header Evasion
PAN-SA-2016-0006 Medium PAN-OS releases 5.0.X, 6.0.X, 6.1.X, 7.0.X and 7.1.0 04/18/2016 04/18/2016
Detail
Unauthenticated Buffer Overflow in GlobalProtect/SSL VPN Web Interface
PAN-SA-2016-0005 Critical PAN-OS releases 5.0.17 and prior, 6.0.12 and prior, 6.1.9 and prior, 7.0.4 and prior 02/24/2016 03/24/2016
Detail
Unauthenticated Stack Exhaustion in GlobalProtect/SSL VPN Web Interface
PAN-SA-2016-0004 Medium PAN-OS releases 5.0.17 and prior, 6.0.12 and prior, 6.1.9 and prior, 7.0.5 and prior 02/24/2016 03/24/2016
Detail
Unauthenticated Command Injection in Management Web Interface
PAN-SA-2016-0003 High PAN-OS releases 5.0.17 and prior, 6.0.12 and prior, 6.1.9 and prior, 7.0.4 and prior 02/24/2016 03/24/2016
Detail
Command Injection in Command Line Interface
PAN-SA-2016-0002 Low PAN-OS releases 5.0.17 and prior, 5.1.10 and prior, 6.0.12 and prior, 6.1.9 and prior, 7.0.5 and prior 02/24/2016 03/24/2016
Detail
ESM Console XSS vulnerability (CVE-2015-2223)
PAN-SA-2016-0001 Medium Traps ESM Console version 3.2.1 and earlier 02/23/2016 02/23/2016
Detail
API key automatic revocation
PAN-SA-2015-0006 Medium PAN-OS versions prior to PAN-OS 7.0.2 and PAN-OS 6.1.7 11/09/2015 11/11/2015