Skip to main content

Pan Os

222 CVEs product

Monthly

CVE-2021-3050 HIGH This Week

An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Paloalto Pan Os
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-3048 MEDIUM This Month

Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2021-3047 LOW Monitor

A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
3.1
EPSS
0.5%
CVE-2021-3046 MEDIUM This Month

An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-3045 MEDIUM This Month

An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Paloalto Pan Os
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-3037 LOW Monitor

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
2.3
EPSS
0.3%
CVE-2021-3036 MEDIUM This Month

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-3032 MEDIUM This Month

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-3031 MEDIUM This Month

Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-2050 HIGH This Week

An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
CVSS 3.1
8.2
EPSS
1.0%
CVE-2020-2048 LOW Monitor

An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-2022 HIGH This Week

An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-2000 HIGH This Week

An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-1999 MEDIUM This Month

A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-2044 LOW Monitor

An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
3.3
EPSS
0.7%
CVE-2020-2043 LOW Monitor

An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
3.3
EPSS
0.7%
CVE-2020-2042 HIGH This Week

A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Paloalto Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2020-2041 HIGH This Week

An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-2040 CRITICAL Act Now

A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Paloalto Pan Os
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2020-2039 MEDIUM This Month

An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
CVSS 3.1
5.3
EPSS
46.4%
CVE-2020-2038 HIGH POC THREAT Act Now

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Paloalto Command Injection Pan Os
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
86.1%
CVE-2020-2037 HIGH This Week

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
3.6%
CVE-2020-2036 HIGH POC THREAT This Week

A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.1
8.8
EPSS
23.9%
CVE-2020-2035 LOW Monitor

When SSL/TLS Forward Proxy Decryption mode has been configured to decrypt the web transactions, the PAN-OS URL filtering feature inspects the HTTP Host and URL path headers for policy enforcement on. Rated low severity (CVSS 3.0), this vulnerability is remotely exploitable. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
3.0
EPSS
0.8%
CVE-2020-2034 HIGH This Week

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
8.1
EPSS
6.6%
CVE-2020-2031 MEDIUM This Month

An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrators to issue a command from the command line interface that causes the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Integer Overflow Pan Os
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2020-2030 HIGH This Week

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2020-1982 MEDIUM This Month

Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2020-2021 CRITICAL KEV THREAT Act Now

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Paloalto Pan Os
NVD
CVSS 3.1
10.0
EPSS
4.4%
CVE-2020-2029 HIGH This Week

An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2020-2028 HIGH This Week

An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2020-2027 HIGH This Week

A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Paloalto Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2020-2018 CRITICAL Act Now

An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
CVSS 3.1
9.0
EPSS
1.3%
CVE-2020-2017 MEDIUM This Month

A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-2016 HIGH This Week

A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Paloalto Pan Os
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2020-2015 HIGH This Week

A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Paloalto Pan Os
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-2014 HIGH This Week

An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-2013 HIGH This Week

A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-2012 HIGH This Week

Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto XXE Pan Os
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-2011 HIGH This Week

An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-2010 HIGH This Week

An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2020-2009 HIGH This Week

An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Paloalto Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2020-2008 HIGH This Week

An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2020-2007 HIGH This Week

An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2020-2006 HIGH This Week

A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Paloalto Pan Os
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-2005 MEDIUM This Month

A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-2003 MEDIUM This Month

An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-2002 HIGH This Week

An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2020-2001 CRITICAL Act Now

An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-1998 HIGH This Week

An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-1997 MEDIUM This Month

An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Open Redirect Pan Os
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-1996 MEDIUM This Month

A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-1995 MEDIUM This Month

A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Paloalto Pan Os
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2020-1994 MEDIUM This Month

A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-1993 MEDIUM This Month

The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Session Fixation Information Disclosure Pan Os
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2020-1992 CRITICAL Act Now

A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-1990 HIGH This Week

A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Paloalto Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2020-1978 MEDIUM This Month

TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Microsoft Authentication Bypass Vm Series Pan Os
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-1981 HIGH This Week

A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Pan Os
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-1980 HIGH This Week

A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges.1 versions earlier than PAN-OS 8.1.13. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-1979 HIGH This Week

A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Paloalto Pan Os
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-1975 HIGH This Week

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Pan Os
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-17440 CRITICAL Act Now

Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-17437 HIGH This Week

An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser.1 versions prior to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-1582 HIGH This Week

Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Buffer Overflow Memory Corruption Pan Os
NVD
CVSS 3.0
7.2
EPSS
1.0%
CVE-2019-1581 CRITICAL Act Now

A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto RCE Command Injection Pan Os
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2019-1580 CRITICAL Act Now

Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Buffer Overflow Memory Corruption Pan Os
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2019-1579 HIGH POC KEV THREAT This Week

Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Paloalto RCE Pan Os
NVD
CVSS 3.1
8.1
EPSS
39.3%
CVE-2019-1576 HIGH This Week

Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-1575 HIGH This Week

Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-1572 HIGH This Week

PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto PHP Information Disclosure Pan Os
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2019-1559 MEDIUM PATCH This Month

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Oracle Ubuntu Linux Debian Linux +79
NVD
CVSS 3.1
5.9
EPSS
17.1%
CVE-2019-1566 MEDIUM This Month

The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto XSS Pan Os
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-1565 MEDIUM This Month

The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto XSS Pan Os
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-10141 MEDIUM POC This Month

GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.0
6.1
EPSS
3.9%
CVE-2018-18065 MEDIUM POC PATCH THREAT This Month

_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Net Snmp Debian Linux Ubuntu Linux +7
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
17.2%
CVE-2018-14634 HIGH POC KEV PATCH THREAT This Week

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Linux Buffer Overflow Pan Os Big Ip Access Policy Manager +26
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
14.8%
CVE-2018-10140 MEDIUM This Month

The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto Pan Os
NVD
CVSS 3.0
4.3
EPSS
1.9%
CVE-2018-10139 MEDIUM This Month

The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-9337 MEDIUM This Month

The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-9335 MEDIUM This Month

The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-9334 MEDIUM This Month

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Pan Os
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-9242 MEDIUM This Month

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Paloalto Pan Os
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-7636 MEDIUM This Month

The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2017-15943 MEDIUM This Month

The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Paloalto Pan Os
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2017-15942 HIGH This Week

Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2017-15940 CRITICAL Act Now

The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Paloalto Command Injection Pan Os
NVD
CVSS 3.0
9.8
EPSS
6.1%
CVE-2016-8610 HIGH PATCH Act Now

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 71.1%.

Denial Of Service OpenSSL Debian Linux Enterprise Linux Desktop Enterprise Linux Server +41
NVD
CVSS 3.1
7.5
EPSS
71.1%
CVE-2017-9458 CRITICAL Act Now

XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SSRF Paloalto XXE Pan Os
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2017-12416 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.0
6.1
EPSS
0.6%
EPSS 2% CVSS 8.8
HIGH This Week

An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Paloalto Pan Os
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
EPSS 0% CVSS 3.1
LOW Monitor

A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Paloalto Pan Os
NVD
EPSS 0% CVSS 2.3
LOW Monitor

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
EPSS 1% CVSS 8.2
HIGH This Week

An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
EPSS 0% CVSS 3.3
LOW Monitor

An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
EPSS 3% CVSS 7.2
HIGH This Week

An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Paloalto +2
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
EPSS 1% CVSS 3.3
LOW Monitor

An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
EPSS 1% CVSS 3.3
LOW Monitor

An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
EPSS 2% CVSS 7.2
HIGH This Week

A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Paloalto +1
NVD
EPSS 46% CVSS 5.3
MEDIUM This Month

An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
EPSS 86% CVSS 7.2
HIGH POC THREAT Act Now

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Paloalto Command Injection Pan Os
NVD Exploit-DB
EPSS 4% CVSS 7.2
HIGH This Week

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
EPSS 24% CVSS 8.8
HIGH POC THREAT This Week

A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
EPSS 1% CVSS 3.0
LOW Monitor

When SSL/TLS Forward Proxy Decryption mode has been configured to decrypt the web transactions, the PAN-OS URL filtering feature inspects the HTTP Host and URL path headers for policy enforcement on. Rated low severity (CVSS 3.0), this vulnerability is remotely exploitable. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
EPSS 7% CVSS 8.1
HIGH This Week

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrators to issue a command from the command line interface that causes the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Integer Overflow +1
NVD
EPSS 3% CVSS 7.2
HIGH This Week

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
EPSS 4% CVSS 10.0
CRITICAL KEV THREAT Act Now

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Paloalto +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
EPSS 2% CVSS 7.2
HIGH This Week

An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
EPSS 2% CVSS 7.2
HIGH This Week

A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow +2
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
EPSS 1% CVSS 7.0
HIGH This Week

A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Paloalto Pan Os
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Paloalto +1
NVD
EPSS 3% CVSS 8.8
HIGH This Week

An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto XXE Pan Os
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
EPSS 2% CVSS 7.2
HIGH This Week

An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
EPSS 2% CVSS 7.2
HIGH This Week

An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Paloalto Pan Os
NVD
EPSS 3% CVSS 7.2
HIGH This Week

An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Command Injection +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow +2
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
EPSS 1% CVSS 8.1
HIGH This Week

An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Open Redirect Pan Os
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Paloalto +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Session Fixation Information Disclosure +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
EPSS 2% CVSS 7.2
HIGH This Week

A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Paloalto +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Microsoft Authentication Bypass +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Pan Os
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges.1 versions earlier than PAN-OS 8.1.13. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Paloalto Pan Os
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Pan Os
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser.1 versions prior to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Buffer Overflow Memory Corruption +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto RCE Command Injection +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Buffer Overflow Memory Corruption +1
NVD
EPSS 39% CVSS 8.1
HIGH POC KEV THREAT This Week

Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Paloalto RCE Pan Os
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
EPSS 2% CVSS 7.5
HIGH This Week

PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto PHP Information Disclosure +1
NVD
EPSS 17% CVSS 5.9
MEDIUM PATCH This Month

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Oracle +81
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto XSS Pan Os
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto XSS Pan Os
NVD
EPSS 4% CVSS 6.1
MEDIUM POC This Month

GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
EPSS 17% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Net Snmp +9
NVD Exploit-DB
EPSS 15% CVSS 7.8
HIGH POC KEV PATCH THREAT This Week

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Linux Buffer Overflow +28
NVD Exploit-DB
EPSS 2% CVSS 4.3
MEDIUM This Month

The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto Pan Os
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Pan Os
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Paloalto Pan Os
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Paloalto Pan Os
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
EPSS 6% CVSS 9.8
CRITICAL Act Now

The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Paloalto Command Injection +1
NVD
EPSS 71% CVSS 7.5
HIGH PATCH Act Now

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 71.1%.

Denial Of Service OpenSSL Debian Linux +43
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SSRF Paloalto +2
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy