Palo Alto Networks Security Advisories

Clear
version
severity
product
Clear
1 - 25 of 395
VersionsAffectedUnaffected
iCVE-2024-47076 Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products
Cloud NGFW
Cortex XDR
Cortex XDR Agent
Cortex XSIAM
Cortex XSOAR
GlobalProtect App
PAN-OS
Prisma Access
Prisma Access Browser
Prisma Cloud
Prisma Cloud Compute
Prisma SD-WAN
None
None
None
None
None
None
None
None
None
none
none
none
All
All
All
All
All
All
All
All
All
All
All
All
2024-09-262024-09-26
8.6CVE-2024-8686 PAN-OS: Command Injection Vulnerability
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
➔ View additional products
none
11.2.2
none
none
none
All
>= 11.2.3
All
All
all
2024-09-112024-09-11
8.6PAN-SA-2024-0009 Prisma Access Browser: Monthly Vulnerability Updates
Prisma Access Browser
< 128.91.2869.7
>= 128.138.2888.2
2024-09-112024-09-11
6.9CVE-2024-8687 PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes
Cloud NGFW
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.2
GlobalProtect App 5.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
none
none
< 6.2.1
< 6.1.2
< 6.0.7
< 5.2.13
< 5.1.12
none
none
< 11.0.1
< 10.2.4
< 10.1.9
< 10.0.12
< 9.1.16
< 9.0.17
< 8.1.25
< 10.2.9 on PAN-OS
All
All
>= 6.2.1
>= 6.1.2
>= 6.0.7
>= 5.2.13
>= 5.1.12
All
All
>= 11.0.1
>= 10.2.4
>= 10.1.9
>= 10.0.12
>= 9.1.16
>= 9.0.17
>= 8.1.25
>= 10.2.9 on PAN-OS
2024-09-112024-09-11
6.7CVE-2024-8688 PAN-OS: Arbitrary File Read Vulnerability in the Command Line Interface (CLI)
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
➔ View additional products
none
none
none
< 10.1.1
< 10.0.10
< 9.1.15
none
All
All
All
>= 10.1.1
>= 10.0.10
>= 9.1.15
all
2024-09-112024-09-11
6CVE-2024-8689 ActiveMQ Content Pack: Cleartext Exposure of Credentials
ActiveMQ Content Pack 1.1
< 1.1.15
>= 1.1.15
2024-09-112024-09-11
5.6CVE-2024-8690 Cortex XDR Agent: Local Windows Administrator Can Disable the Agent
Cortex XDR Agent 8.5
Cortex XDR Agent 8.4
Cortex XDR Agent 8.3-CE
Cortex XDR Agent 8.3
Cortex XDR Agent 8.2
Cortex XDR Agent 7.9.102-CE
None
None
None
None
None
All
All
All
All
All
All
None
2024-09-112024-09-11
5.3CVE-2024-8691 PAN-OS: User Impersonation in GlobalProtect Portal
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.1
PAN-OS 9.1
➔ View additional products
none
none
none
< 10.1.11
< 9.1.17
none
All
All
All
>= 10.1.11
>= 9.1.17
all
2024-09-112024-09-11
iPAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-OS
none
All
2024-09-04
iCVE-2024-5535 Informational Bulletin: Impact of OpenSSL Vulnerabilities CVE-2024-5535 and CVE-2024-6119
➔ View multiple products
none
all
2024-08-222024-09-04
8.6PAN-SA-2024-0007 Prisma Access Browser: Monthly Vulnerability Updates
Prisma Access Browser
< 126.183.2844.1
>= 127.100.2858.4
2024-08-142024-08-14
7CVE-2024-5914 Cortex XSOAR: Command Injection in CommonScripts Pack
Cortex XSOAR CommonScripts
< 1.12.33
>= 1.12.33
2024-08-142024-08-14
6CVE-2024-5916 PAN-OS: Cleartext Exposure of External System Secrets
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 9.1
Prisma Access
Before 8/15 on Azure, Before 8/23 on AWS
none
< 11.0.4
< 10.2.8
none
none
none
On or after 8/15 on Azure, On or after 8/23 on AWS
All
>= 11.0.4
>= 10.2.8
All
All
All
2024-08-142024-08-14
5.2CVE-2024-5915 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.1
< 6.3.1 on Windows
< 6.2.4 on Windows
< 6.1.5 on Windows
< 6.0.x on Windows
< 5.1.x on Windows
>= 6.3.1 on Windows
>= 6.2.4 on Windows
>= 6.1.5 on Windows
>= 6.0.x (ETA: November 2024) on Windows
>= 5.1.x (ETA: December 2024) on Windows
2024-08-142024-09-16
9.3 NCVE-2024-5910 Expedition: Missing Authentication Leads to Admin Account Takeover
Expedition 1.2
< 1.2.92
>= 1.2.92
2024-07-102024-07-10
7CVE-2024-5911 PAN-OS: File Upload Vulnerability in the Panorama Web Interface
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
PAN-OS 10.1
➔ View additional products
none
none
none
< 10.2.4 on Panorama
< 10.1.9 on Panorama
none
All
All
All
>= 10.2.4 on Panorama
>= 10.1.9 on Panorama
all
2024-07-102024-07-10
6.8CVE-2024-5912 Cortex XDR Agent: Improper File Signature Verification Checks
Cortex XDR Agent 8.5
Cortex XDR Agent 8.4
Cortex XDR Agent 8.3-CE
Cortex XDR Agent 8.3
Cortex XDR Agent 8.2
Cortex XDR Agent 7.9-CE
None
None
None
None
< 8.2.2
< 7.9.102-CE
All
All
All
All
>= 8.2.2
>= 7.9.102-CE
2024-07-102024-07-10
5.4CVE-2024-5913 PAN-OS: Improper Input Validation Vulnerability in PAN-OS
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.1
< 11.1.4
< 11.0.5
< 10.2.10
< 10.1.14-h2
None
All
>= 11.2.1
>= 11.1.4
>= 11.0.5
>= 10.2.10
>= 10.1.14-h2
All
2024-07-102024-07-10
5.3CVE-2024-3596 PAN-OS: CHAP and PAP When Used with RADIUS Authentication Lead to Privilege Escalation
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 9.1
Prisma Access
None
None
< 11.1.3
< 11.0.4-h5, < 11.0.6
< 10.2.10
< 10.1.14
< 9.1.19
All
All
All
>= 11.1.3
>= 11.0.4-h5, 11.0.6 (ETA: 9/26)
>= 10.2.10
>= 10.1.14
>= 9.1.19
None (Fix ETA: September 15)
2024-07-102024-07-26
iPAN-SA-2024-0006 Informational Bulletin: Expedition Installation Script Resets Root Password
Expedition initSetup_v2.0
< commit date 20240605
>= commit date 20240605
2024-07-102024-07-10
iCVE-2024-6387 Informational Bulletin: Impact of OpenSSH regreSSHion Vulnerability
Cloud NGFW
PAN-OS
Prisma Access
None
None
None
All
All
All
2024-07-012024-07-03
6.8CVE-2024-5909 Cortex XDR Agent: Local Windows User Can Disable the Agent
Cortex XDR Agent 8.4
Cortex XDR Agent 8.3
Cortex XDR Agent 8.2
Cortex XDR Agent 8.1
Cortex XDR Agent 7.9-CE
None
None
< 8.2.1 on Windows
< 8.1.2 on Windows
< 7.9.102-CE on Windows
All
All
>= 8.2.1 on Windows
>= 8.1.2 on Windows
>= 7.9.102-CE on Windows
2024-06-122024-06-12
5.5CVE-2024-5908 GlobalProtect App: Encrypted Credential Exposure via Log Files
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.1
< 6.2.3 on Windows and macOS, None on Linux
< 6.1.3 on Windows and macOS, None on Android and iOS, < 6.1.3 on Linux
< 6.0.8 on Windows and macOS, All on Linux
< 5.1.12 on Windows and macOS, All on Linux
>= 6.2.3 on Windows and macOS, All on Linux
>= 6.1.3 on Windows and macOS, All on Android and iOS, >= 6.1.3 on Linux
>= 6.0.8 on Windows and macOS, None on Linux
>= 5.1.12 on Windows and macOS, None on Linux
2024-06-122024-08-14
5.2CVE-2024-5907 Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability
Cortex XDR Agent 8.4
Cortex XDR Agent 8.3
Cortex XDR Agent 8.2
Cortex XDR Agent 8.1
Cortex XDR Agent 7.9-CE
None
< 8.3.1 on Windows
< 8.2.3 on Windows
All
< 7.9.102-CE on Windows
All
>= 8.3.1 on Windows
>= 8.2.3 on Windows
None
>= 7.9.102-CE on Windows
2024-06-122024-06-12
4.8CVE-2024-5906 Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
Prisma Cloud Compute 32
< 32.05 (O’Neal - Update 5)
>= 32.05 (O’Neal - Update 5)
2024-06-122024-06-12
1 - 25 of 395 Download
N = Exploitable over the network with low complexity, unauthenticated attack.
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2024 Palo Alto Networks, Inc. All rights reserved.