Pan Os
Monthly
Denial of service conditions in Palo Alto Networks PAN-OS allow unauthenticated network attackers to crash firewall dataplane processes by sending specially crafted traffic to or through a dataplane interface. Repeated exploitation escalates the impact: the firewall is forced into maintenance mode, effectively taking the security appliance offline and disrupting all traffic enforcement. No public exploit code has been identified at time of analysis, and Panorama management infrastructure is explicitly confirmed unaffected.
Command injection in the Palo Alto Networks PAN-OS management plane allows an authenticated administrator to execute arbitrary OS commands with root privileges on PA-Series, VM-Series, and Panorama appliances. The vulnerability is classified CWE-78 and is reachable via the network-accessible management interface, though the requirement for administrator-level credentials substantially constrains the attacker pool. No public exploit code has been identified at time of analysis, and no active exploitation has been confirmed by CISA KEV.
Server-side request forgery in Palo Alto Networks PAN-OS allows an authenticated administrator with access to the management web interface to weaponize the firewall as an unauthorized network relay, making requests to internal services on behalf of the attacker. Exploitation is constrained by the requirement for high-privilege administrator credentials (PR:H) and network reachability to the management interface, substantially limiting the realistic attacker population. No public exploit code or active exploitation has been identified; the vendor's own CVSS 4.0 supplemental metrics rate exploitation status as Unreported (E:U) and urgency as Amber.
XML injection in Palo Alto Networks PAN-OS Large Scale VPN (LSVPN) exposes unauthenticated remote attackers a path to inject malicious XML content into the LSVPN data pipeline, resulting in information disclosure or corruption of internal satellite configuration data. Only PAN-OS devices with LSVPN actively configured are affected; the vendor explicitly confirms Panorama, Cloud NGFW, and Prisma Access are not in scope. No public exploit has been identified at time of analysis, and the CVSS 4.0 supplemental E:U metric signals exploitation as currently unlikely, though the zero-authentication, network-accessible attack surface demands prompt attention from operators running LSVPN hub deployments.
Authentication bypass in the Large Scale VPN (LSVPN) feature of Palo Alto Networks PAN-OS enables unauthenticated network-adjacent attackers to establish unauthorized site-to-site VPN connections without valid credentials. The root cause is CWE-306 (Missing Authentication for Critical Function), where the LSVPN peer negotiation process fails to enforce authentication before allowing VPN tunnel establishment. While the CVSS 4.0 base score is 4.5, the subsequent-system confidentiality impact is rated High (SC:H), reflecting that a successful bypass grants the attacker routing-level access into networks protected by the VPN - a materially greater risk than the headline score suggests. No public exploit code exists and no active exploitation has been confirmed (CISA KEV not listed, E:U).
Unauthenticated file deletion in Palo Alto Networks PAN-OS allows network-reachable attackers to delete files from a temporary directory via the management web interface, affecting PA-Series and VM-Series firewalls and Panorama appliances. Real-world risk is substantially bounded by the vendor's documented best-practice guidance to restrict management interface access to trusted internal IP addresses, which eliminates external attack surface. No public exploit code has been identified, CISA KEV listing is absent, and the vendor-provided CVSS 4.0 score of 2.7 with an E:U supplemental metric reflects no known active exploitation.
Web session token theft from PAN-OS management interfaces affects PA-Series and VM-Series firewalls and Panorama deployments, enabling a network-adjacent unauthenticated attacker to hijack authenticated administrator sessions. Exploitation depends on a legitimate management user clicking an attacker-crafted malicious link while an active session exists - a social engineering prerequisite that substantially reduces real-world risk. No public exploit code exists (CVSS 4.0 E:U) and the issue is not listed in CISA KEV; the vendor rates overall CVSS 4.0 severity at 2.1, reflecting these mitigating factors.
Security policy bypass in Palo Alto Networks PAN-OS exposes protected services behind the firewall to traffic that should be blocked, exploitable by unauthenticated remote attackers via crafted IPv6 packets targeting the dataplane. The CVSS 4.0 score of 1.7 reflects that direct impact on the firewall itself is nil (VC:N/VI:N/VA:N), with only low-severity downstream effect on subsequent systems (SC:L/SI:L), and specific attack conditions must be present (AT:P). No public exploit code exists and no active exploitation has been reported (E:U), though the automatable flag (AU:Y) indicates the attack could in principle be scripted once conditions are met.
Multiple stored and reflected cross-site scripting vulnerabilities in PAN-OS expose the User-ID Authentication Portal (Captive Portal), GlobalProtect gateway/portal, and Clientless VPN web interfaces to unauthenticated attackers who can inject and execute arbitrary JavaScript in victim browsers. Affected deployments span PA-Series and VM-Series firewalls and Panorama management platforms; Cloud NGFW is explicitly not affected. No public exploit code exists (CVSS 4.0 E:U), and the vendor states risk is substantially reduced - potentially minimized - when portal and management access is restricted to trusted internal IP ranges per Palo Alto's recommended hardening guidelines.
Memory corruption in the User-ID Terminal Server Agent (TSA) of Palo Alto Networks PAN-OS lets an unauthenticated network attacker crash the service (DoS) or potentially execute arbitrary code by sending crafted traffic to the TSA listener. Multiple out-of-bounds write bugs are involved; the vendor's CVSS 4.0 vector flags the exploit as unproven (E:U), and no public exploit has been identified at time of analysis. Panorama is explicitly not affected, and exposure hinges on whether the optional TSA component is deployed and reachable.
Command injection in Palo Alto Networks PAN-OS enables an authenticated administrator to escape system-enforced restrictions and execute arbitrary OS commands as root via the CLI or Web UI. Affected deployments include PA-Series and VM-Series firewalls and Panorama (virtual and M-Series); Cloud NGFW and Prisma Access are explicitly excluded per the vendor advisory. No public exploit has been identified at time of analysis, and the CVSS 4.0 score of 6.1 accurately reflects the significant mitigating factor of requiring high-privilege administrative access before exploitation is possible.
Privilege escalation in Palo Alto Networks PAN-OS on PA-Series and VM-Series firewalls and Panorama appliances allows an authenticated CLI administrator to perform operations at the root OS level, bypassing intended privilege boundaries through a missing authorization control (CWE-862). The risk is substantially gated by the requirement for existing administrative CLI access (CVSS PR:H), making insider threats and compromised admin credentials the primary real-world attack paths. No public exploits or confirmed active exploitation have been identified at time of analysis, and the vendor's own E:U supplemental metric reinforces the low exploitation urgency - though root-level OS access to a firewall represents a severe impact if the prerequisite is met.
Memory corruption in PAN-OS tunnel traffic processing allows an authenticated, adjacent-network attacker to force the firewall into unplanned reboots or maintenance mode via a crafted packet, constituting a denial-of-service against the firewall itself. The CVSS 4.0 vector (AV:A/PR:L/VA:H) confirms the impact is purely availability - no confidentiality or integrity loss - and exploitation requires both authenticated access and adjacency to the tunnel interface. No public exploit code exists and no active exploitation has been reported; the vendor-assigned threat metric (E:U) reinforces that real-world risk is presently low.
Stored cross-site scripting in Palo Alto Networks PAN-OS allows a malicious authenticated administrator to persist a JavaScript payload via the web management interface, enabling potential execution of that script in the browsers of other administrative users who view the affected interface element. Affected platforms include PA-Series and VM-Series physical and virtual firewalls as well as Panorama (both virtual appliances and M-Series hardware). The CVSS 4.0 base score of 1.1 reflects the extremely constrained exploitability: high-privilege access is a prerequisite and passive user interaction by a second victim is required. No public exploit identified at time of analysis.
Stored cross-site scripting in Palo Alto Networks PAN-OS® web interface allows a malicious authenticated administrator to inject persistent JavaScript payloads that execute in the browsers of other users who view the affected pages. Affected deployments include PA-Series and VM-Series firewalls and Panorama (virtual and M-Series) running PAN-OS 10.2.x, 11.1.x, 11.2.x, and 12.1.x branches. No active exploitation is confirmed - EPSS stands at 0.04% (13th percentile), SSVC exploitation status is 'none', and no public exploit code has been identified at time of analysis. Vendor-released patches are available for all affected branches.
Server-side request forgery in the IKEv2 implementation of Palo Alto Networks PAN-OS allows unauthenticated remote attackers to coerce the firewall into issuing outbound network requests to arbitrary destinations or to trigger a denial-of-service condition. Affected are PAN-OS 10.2, 11.1, 11.2, and 12.1 branch trains; Panorama, Cloud NGFW, and Prisma Access are explicitly confirmed unaffected. No public exploit code has been identified and SSVC assessment confirms no current exploitation, though a vendor-released patch is available across all impacted branches.
Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS allow an authenticated administrator to escape system restrictions and execute arbitrary commands with root-level privileges on affected firewalls and Panorama management platforms. Affected deployments include PA-Series and VM-Series firewalls and Panorama (virtual and M-Series appliances) across PAN-OS versions 10.2, 11.1, 11.2, and 12.1. An attacker who already holds administrative credentials and can reach the CLI or Web UI can leverage these flaws to fully compromise the underlying OS. No public exploit code exists and no KEV listing is present at time of analysis, consistent with the very low EPSS score of 0.08% (24th percentile).
Multiple denial-of-service conditions in Palo Alto Networks PAN-OS allow unauthenticated remote attackers to crash or degrade firewall availability by sending specially crafted network traffic, with a high availability impact (VA:H) on the vulnerable system. Affected deployments span PAN-OS 10.2, 11.1, 11.2, and 12.1 branches as well as Prisma Access; vendor explicitly states Panorama and Cloud NGFW are not impacted, though Cloud NGFW appears in CPE strings - a discrepancy worth verifying. No public exploit identified at time of analysis, EPSS is very low (0.05%, 16th percentile), and SSVC classifies exploitation as none with non-automatable attack patterns, collectively suggesting a patch-cycle priority rather than an emergency response.
Remote code execution and denial-of-service in Palo Alto Networks PAN-OS software stems from a buffer overflow in the IKEv2 processing path, allowing unauthenticated network attackers to either crash the firewall or run arbitrary code with elevated privileges. The flaw affects multiple PAN-OS branches (11.1.x, 11.2.x, and 12.1.x) while Panorama, Cloud NGFW, and Prisma Access remain unaffected. There is no public exploit identified at time of analysis, EPSS sits at a low 0.06% (19th percentile), and CISA SSVC currently lists exploitation as 'none'.
Heap-based buffer overflow in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS allows unauthenticated remote attackers to trigger a denial-of-service condition across all PAN-OS platforms (except Cloud NGFW and Prisma Access) and potentially achieve arbitrary code execution on PA-Series hardware appliances via specially crafted network traffic. The flaw is rated CVSS 7.2 with high attack complexity; no public exploit identified at time of analysis and EPSS is 0.07%, but the technical impact is rated total by SSVC.
Authentication bypass in Palo Alto Networks PAN-OS allows unauthenticated network attackers to circumvent authentication controls when the Cloud Authentication Service (CAS) feature is enabled, with the highest risk when CAS is bound to the management interface. The flaw affects PA-Series and VM-Series firewalls as well as Panorama (virtual and M-Series); Cloud NGFW and Prisma Access are not impacted. No public exploit identified at time of analysis, and EPSS rates real-world exploitation probability low at 0.08%, but the high-value target profile and CWE-347 (Improper Verification of Cryptographic Signature) class - combined with the 'Jwt Attack' tag - warrant prompt patching.
Unauthenticated remote attackers can crash Palo Alto Networks PAN-OS firewalls through repeated requests, forcing the devices into maintenance mode and causing denial of service. This vulnerability affects Palo Alto firewalls and Prisma Access deployments with no available patch, creating ongoing operational risk. The attack requires no authentication or user interaction and can be exploited over the network.
Improper input neutralization in Palo Alto Networks PAN-OS management web interface allows authenticated high-privilege administrators to bypass system restrictions and execute arbitrary commands through command injection. The vulnerability affects PAN-OS across multiple versions (specific version ranges not independently confirmed from provided data), with a low EPSS exploitation probability (0.06%, 17th percentile) and no confirmed active exploitation or public proof-of-concept. Risk is significantly reduced when CLI access is restricted to a limited administrator group; Cloud NGFW and Prisma Access are unaffected.
Command injection vulnerability in Palo Alto Networks PAN-OS that allows an authenticated administrative user to execute arbitrary commands with root privileges. The vulnerability requires network access to the management web interface and successful authentication, making it a post-authentication remote code execution flaw. While the CVSS score of 7.2 is moderately high, the requirement for administrative credentials significantly limits its practical exploitability in most environments.
An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Palo Alto Networks PAN-OS management interface contains an authenticated file read vulnerability allowing reading of files accessible to the 'nobody' user, exploited alongside CVE-2025-0108 for configuration extraction.
Palo Alto Networks PAN-OS management web interface contains an authentication bypass allowing unauthenticated attackers to invoke PHP scripts, potentially leading to system compromise when chained with other vulnerabilities.
A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Denial of service conditions in Palo Alto Networks PAN-OS allow unauthenticated network attackers to crash firewall dataplane processes by sending specially crafted traffic to or through a dataplane interface. Repeated exploitation escalates the impact: the firewall is forced into maintenance mode, effectively taking the security appliance offline and disrupting all traffic enforcement. No public exploit code has been identified at time of analysis, and Panorama management infrastructure is explicitly confirmed unaffected.
Command injection in the Palo Alto Networks PAN-OS management plane allows an authenticated administrator to execute arbitrary OS commands with root privileges on PA-Series, VM-Series, and Panorama appliances. The vulnerability is classified CWE-78 and is reachable via the network-accessible management interface, though the requirement for administrator-level credentials substantially constrains the attacker pool. No public exploit code has been identified at time of analysis, and no active exploitation has been confirmed by CISA KEV.
Server-side request forgery in Palo Alto Networks PAN-OS allows an authenticated administrator with access to the management web interface to weaponize the firewall as an unauthorized network relay, making requests to internal services on behalf of the attacker. Exploitation is constrained by the requirement for high-privilege administrator credentials (PR:H) and network reachability to the management interface, substantially limiting the realistic attacker population. No public exploit code or active exploitation has been identified; the vendor's own CVSS 4.0 supplemental metrics rate exploitation status as Unreported (E:U) and urgency as Amber.
XML injection in Palo Alto Networks PAN-OS Large Scale VPN (LSVPN) exposes unauthenticated remote attackers a path to inject malicious XML content into the LSVPN data pipeline, resulting in information disclosure or corruption of internal satellite configuration data. Only PAN-OS devices with LSVPN actively configured are affected; the vendor explicitly confirms Panorama, Cloud NGFW, and Prisma Access are not in scope. No public exploit has been identified at time of analysis, and the CVSS 4.0 supplemental E:U metric signals exploitation as currently unlikely, though the zero-authentication, network-accessible attack surface demands prompt attention from operators running LSVPN hub deployments.
Authentication bypass in the Large Scale VPN (LSVPN) feature of Palo Alto Networks PAN-OS enables unauthenticated network-adjacent attackers to establish unauthorized site-to-site VPN connections without valid credentials. The root cause is CWE-306 (Missing Authentication for Critical Function), where the LSVPN peer negotiation process fails to enforce authentication before allowing VPN tunnel establishment. While the CVSS 4.0 base score is 4.5, the subsequent-system confidentiality impact is rated High (SC:H), reflecting that a successful bypass grants the attacker routing-level access into networks protected by the VPN - a materially greater risk than the headline score suggests. No public exploit code exists and no active exploitation has been confirmed (CISA KEV not listed, E:U).
Unauthenticated file deletion in Palo Alto Networks PAN-OS allows network-reachable attackers to delete files from a temporary directory via the management web interface, affecting PA-Series and VM-Series firewalls and Panorama appliances. Real-world risk is substantially bounded by the vendor's documented best-practice guidance to restrict management interface access to trusted internal IP addresses, which eliminates external attack surface. No public exploit code has been identified, CISA KEV listing is absent, and the vendor-provided CVSS 4.0 score of 2.7 with an E:U supplemental metric reflects no known active exploitation.
Web session token theft from PAN-OS management interfaces affects PA-Series and VM-Series firewalls and Panorama deployments, enabling a network-adjacent unauthenticated attacker to hijack authenticated administrator sessions. Exploitation depends on a legitimate management user clicking an attacker-crafted malicious link while an active session exists - a social engineering prerequisite that substantially reduces real-world risk. No public exploit code exists (CVSS 4.0 E:U) and the issue is not listed in CISA KEV; the vendor rates overall CVSS 4.0 severity at 2.1, reflecting these mitigating factors.
Security policy bypass in Palo Alto Networks PAN-OS exposes protected services behind the firewall to traffic that should be blocked, exploitable by unauthenticated remote attackers via crafted IPv6 packets targeting the dataplane. The CVSS 4.0 score of 1.7 reflects that direct impact on the firewall itself is nil (VC:N/VI:N/VA:N), with only low-severity downstream effect on subsequent systems (SC:L/SI:L), and specific attack conditions must be present (AT:P). No public exploit code exists and no active exploitation has been reported (E:U), though the automatable flag (AU:Y) indicates the attack could in principle be scripted once conditions are met.
Multiple stored and reflected cross-site scripting vulnerabilities in PAN-OS expose the User-ID Authentication Portal (Captive Portal), GlobalProtect gateway/portal, and Clientless VPN web interfaces to unauthenticated attackers who can inject and execute arbitrary JavaScript in victim browsers. Affected deployments span PA-Series and VM-Series firewalls and Panorama management platforms; Cloud NGFW is explicitly not affected. No public exploit code exists (CVSS 4.0 E:U), and the vendor states risk is substantially reduced - potentially minimized - when portal and management access is restricted to trusted internal IP ranges per Palo Alto's recommended hardening guidelines.
Memory corruption in the User-ID Terminal Server Agent (TSA) of Palo Alto Networks PAN-OS lets an unauthenticated network attacker crash the service (DoS) or potentially execute arbitrary code by sending crafted traffic to the TSA listener. Multiple out-of-bounds write bugs are involved; the vendor's CVSS 4.0 vector flags the exploit as unproven (E:U), and no public exploit has been identified at time of analysis. Panorama is explicitly not affected, and exposure hinges on whether the optional TSA component is deployed and reachable.
Command injection in Palo Alto Networks PAN-OS enables an authenticated administrator to escape system-enforced restrictions and execute arbitrary OS commands as root via the CLI or Web UI. Affected deployments include PA-Series and VM-Series firewalls and Panorama (virtual and M-Series); Cloud NGFW and Prisma Access are explicitly excluded per the vendor advisory. No public exploit has been identified at time of analysis, and the CVSS 4.0 score of 6.1 accurately reflects the significant mitigating factor of requiring high-privilege administrative access before exploitation is possible.
Privilege escalation in Palo Alto Networks PAN-OS on PA-Series and VM-Series firewalls and Panorama appliances allows an authenticated CLI administrator to perform operations at the root OS level, bypassing intended privilege boundaries through a missing authorization control (CWE-862). The risk is substantially gated by the requirement for existing administrative CLI access (CVSS PR:H), making insider threats and compromised admin credentials the primary real-world attack paths. No public exploits or confirmed active exploitation have been identified at time of analysis, and the vendor's own E:U supplemental metric reinforces the low exploitation urgency - though root-level OS access to a firewall represents a severe impact if the prerequisite is met.
Memory corruption in PAN-OS tunnel traffic processing allows an authenticated, adjacent-network attacker to force the firewall into unplanned reboots or maintenance mode via a crafted packet, constituting a denial-of-service against the firewall itself. The CVSS 4.0 vector (AV:A/PR:L/VA:H) confirms the impact is purely availability - no confidentiality or integrity loss - and exploitation requires both authenticated access and adjacency to the tunnel interface. No public exploit code exists and no active exploitation has been reported; the vendor-assigned threat metric (E:U) reinforces that real-world risk is presently low.
Stored cross-site scripting in Palo Alto Networks PAN-OS allows a malicious authenticated administrator to persist a JavaScript payload via the web management interface, enabling potential execution of that script in the browsers of other administrative users who view the affected interface element. Affected platforms include PA-Series and VM-Series physical and virtual firewalls as well as Panorama (both virtual appliances and M-Series hardware). The CVSS 4.0 base score of 1.1 reflects the extremely constrained exploitability: high-privilege access is a prerequisite and passive user interaction by a second victim is required. No public exploit identified at time of analysis.
Stored cross-site scripting in Palo Alto Networks PAN-OS® web interface allows a malicious authenticated administrator to inject persistent JavaScript payloads that execute in the browsers of other users who view the affected pages. Affected deployments include PA-Series and VM-Series firewalls and Panorama (virtual and M-Series) running PAN-OS 10.2.x, 11.1.x, 11.2.x, and 12.1.x branches. No active exploitation is confirmed - EPSS stands at 0.04% (13th percentile), SSVC exploitation status is 'none', and no public exploit code has been identified at time of analysis. Vendor-released patches are available for all affected branches.
Server-side request forgery in the IKEv2 implementation of Palo Alto Networks PAN-OS allows unauthenticated remote attackers to coerce the firewall into issuing outbound network requests to arbitrary destinations or to trigger a denial-of-service condition. Affected are PAN-OS 10.2, 11.1, 11.2, and 12.1 branch trains; Panorama, Cloud NGFW, and Prisma Access are explicitly confirmed unaffected. No public exploit code has been identified and SSVC assessment confirms no current exploitation, though a vendor-released patch is available across all impacted branches.
Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS allow an authenticated administrator to escape system restrictions and execute arbitrary commands with root-level privileges on affected firewalls and Panorama management platforms. Affected deployments include PA-Series and VM-Series firewalls and Panorama (virtual and M-Series appliances) across PAN-OS versions 10.2, 11.1, 11.2, and 12.1. An attacker who already holds administrative credentials and can reach the CLI or Web UI can leverage these flaws to fully compromise the underlying OS. No public exploit code exists and no KEV listing is present at time of analysis, consistent with the very low EPSS score of 0.08% (24th percentile).
Multiple denial-of-service conditions in Palo Alto Networks PAN-OS allow unauthenticated remote attackers to crash or degrade firewall availability by sending specially crafted network traffic, with a high availability impact (VA:H) on the vulnerable system. Affected deployments span PAN-OS 10.2, 11.1, 11.2, and 12.1 branches as well as Prisma Access; vendor explicitly states Panorama and Cloud NGFW are not impacted, though Cloud NGFW appears in CPE strings - a discrepancy worth verifying. No public exploit identified at time of analysis, EPSS is very low (0.05%, 16th percentile), and SSVC classifies exploitation as none with non-automatable attack patterns, collectively suggesting a patch-cycle priority rather than an emergency response.
Remote code execution and denial-of-service in Palo Alto Networks PAN-OS software stems from a buffer overflow in the IKEv2 processing path, allowing unauthenticated network attackers to either crash the firewall or run arbitrary code with elevated privileges. The flaw affects multiple PAN-OS branches (11.1.x, 11.2.x, and 12.1.x) while Panorama, Cloud NGFW, and Prisma Access remain unaffected. There is no public exploit identified at time of analysis, EPSS sits at a low 0.06% (19th percentile), and CISA SSVC currently lists exploitation as 'none'.
Heap-based buffer overflow in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS allows unauthenticated remote attackers to trigger a denial-of-service condition across all PAN-OS platforms (except Cloud NGFW and Prisma Access) and potentially achieve arbitrary code execution on PA-Series hardware appliances via specially crafted network traffic. The flaw is rated CVSS 7.2 with high attack complexity; no public exploit identified at time of analysis and EPSS is 0.07%, but the technical impact is rated total by SSVC.
Authentication bypass in Palo Alto Networks PAN-OS allows unauthenticated network attackers to circumvent authentication controls when the Cloud Authentication Service (CAS) feature is enabled, with the highest risk when CAS is bound to the management interface. The flaw affects PA-Series and VM-Series firewalls as well as Panorama (virtual and M-Series); Cloud NGFW and Prisma Access are not impacted. No public exploit identified at time of analysis, and EPSS rates real-world exploitation probability low at 0.08%, but the high-value target profile and CWE-347 (Improper Verification of Cryptographic Signature) class - combined with the 'Jwt Attack' tag - warrant prompt patching.
Unauthenticated remote attackers can crash Palo Alto Networks PAN-OS firewalls through repeated requests, forcing the devices into maintenance mode and causing denial of service. This vulnerability affects Palo Alto firewalls and Prisma Access deployments with no available patch, creating ongoing operational risk. The attack requires no authentication or user interaction and can be exploited over the network.
Improper input neutralization in Palo Alto Networks PAN-OS management web interface allows authenticated high-privilege administrators to bypass system restrictions and execute arbitrary commands through command injection. The vulnerability affects PAN-OS across multiple versions (specific version ranges not independently confirmed from provided data), with a low EPSS exploitation probability (0.06%, 17th percentile) and no confirmed active exploitation or public proof-of-concept. Risk is significantly reduced when CLI access is restricted to a limited administrator group; Cloud NGFW and Prisma Access are unaffected.
Command injection vulnerability in Palo Alto Networks PAN-OS that allows an authenticated administrative user to execute arbitrary commands with root privileges. The vulnerability requires network access to the management web interface and successful authentication, making it a post-authentication remote code execution flaw. While the CVSS score of 7.2 is moderately high, the requirement for administrative credentials significantly limits its practical exploitability in most environments.
An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Palo Alto Networks PAN-OS management interface contains an authenticated file read vulnerability allowing reading of files accessible to the 'nobody' user, exploited alongside CVE-2025-0108 for configuration extraction.
Palo Alto Networks PAN-OS management web interface contains an authentication bypass allowing unauthenticated attackers to invoke PHP scripts, potentially leading to system compromise when chained with other vulnerabilities.
A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.