Palo Alto Networks Security Advisories / CVE-2024-9471

CVE-2024-9471 PAN-OS: Privilege Escalation (PE) Vulnerability in XML API

Urgency REDUCED

047910
Severity 5.1 · MEDIUM
Response Effort LOW
Recovery AUTOMATIC
Value Density DIFFUSE
Attack Vector NETWORK
Attack Complexity LOW
Attack Requirements NONE
Automatable NO
User Interaction NONE
Product Confidentiality LOW
Product Integrity LOW
Product Availability LOW
Privileges Required HIGH
Subsequent Confidentiality NONE
Subsequent Integrity NONE
Subsequent Availability NONE
NVD JSON
Published 2024-10-09
Updated 2024-10-09
Reference PAN-217511 and PAN-152631
Discovered externally

Description

A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator beyond what the XML API permits.

Product Status

VersionsAffectedUnaffected
Cloud NGFW NoneAll
PAN-OS 11.1NoneAll
PAN-OS 11.0< 11.0.3>= 11.0.3
PAN-OS 10.2< 10.2.8>= 10.2.8
PAN-OS 10.1< 10.1.11>= 10.1.11
PAN-OS 9.1AllNone
PAN-OS 9.0AllNone
Prisma Access NoneAll

Required Configuration for Exposure

This issue is applicable only to PAN-OS configurations that have XML API access enabled.

You can find more information about the XML API here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/enable-api-access

Severity: MEDIUM

CVSSv4.0 Base Score: 5.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-269 Improper Privilege Management

Solution

This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions.

Workarounds and Mitigations

This issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the effect this issue has on your environment by following the Administrative Access Best Practices in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.

Each XML API key is associated with a specific user. XML API keys are not meant to be shared between users.

Acknowledgments

Palo Alto Networks thanks an external reporter for discovering and reporting this issue.

CPEs

cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h6:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h5:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h5:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h8:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h7:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h6:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h5:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h7:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h6:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h5:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h8:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h7:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h6:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h5:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h6:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h5:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.19:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.18:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.17:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h5:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.15:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.15:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h8:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h7:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h6:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h5:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h5:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h7:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h6:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h5:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h5:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.10:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.9:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.8:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.7:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.6:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.5:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.4:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.3:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.3:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.2:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.2:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.1:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h5:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h7:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h6:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h5:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.15:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.13:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.12:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.11:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.10:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.9:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.9:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.8:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.7:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.6:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.5:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.4:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.2:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.1:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:9.0.0:-:*:*:*:*:*:*

Timeline

Clarified the impact and noted that XML API keys should not be shared between users
Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2024 Palo Alto Networks, Inc. All rights reserved.