Palo Alto Networks Security Advisories

1 - 25 of 326

CVSS	Summary	Versions	Affected	Unaffected	Published	Updated
6.5	CVE-2023-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface	Cloud NGFW PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 ➔ View additional products	none none none < 10.0.7 on Panorama < 9.1.16 on Panorama < 9.0.17 on Panorama < 8.1.25 on Panorama none	All All All >= 10.0.7 on Panorama >= 9.1.16 on Panorama >= 9.0.17 on Panorama >= 8.1.25 on Panorama all	2023-05-10	2023-05-10
4.4	CVE-2023-0008 PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface	Cloud NGFW PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access	none < 11.0.1 < 10.2.4 < 10.1.10 < 10.0.12 < 9.1.16 < 9.0.17 < 8.1.25 none	All >= 11.0.1 >= 10.2.4 >= 10.1.10 >= 10.0.12 >= 9.1.16 >= 9.0.17 >= 8.1.25 All	2023-05-10	2023-05-11
6.5	CVE-2023-0004 PAN-OS: Local File Deletion Vulnerability	Cloud NGFW PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access	none none none < 10.1.6 < 10.0.11 < 9.1.15 < 9.0.17 < 8.1.24 none	All All All >= 10.1.6 >= 10.0.11 >= 9.1.15 >= 9.0.17 >= 8.1.24 All	2023-04-12	2023-04-19
6.3	CVE-2023-0006 GlobalProtect App: Local File Deletion Vulnerability	GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.2	< 6.1.1 on Windows < 6.0.4 on Windows < 5.2.13 on Windows	>= 6.1.1 on Windows >= 6.0.4 on Windows >= 5.2.13 on Windows	2023-04-12	2023-04-12
4.1	CVE-2023-0005 PAN-OS: Exposure of Sensitive Information Vulnerability	Cloud NGFW PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access	none none < 10.2.3 < 10.1.8 < 10.0.12 < 9.1.15 < 9.0.17 < 8.1.24 none	All All >= 10.2.3 >= 10.1.8 >= 10.0.12 >= 9.1.15 >= 9.0.17 >= 8.1.24 All	2023-04-12	2023-04-12
i	PAN-SA-2023-0002 Informational Bulletin: Impact of Rorschach Ransomware	Cortex XDR Agent 5.0 Cortex XDR Agent 7.5 CE Cortex XDR Agent 7.8 Cortex XDR Agent 7.9 CE Cortex XDR Agent 8.0	All agents on Windows All agents on Windows < Agents with content update earlier than CU-240 on Windows < Agents with content update earlier than CU-240 on Windows < Agents with content update earlier than CU-240 on Windows	none none >= Agents with CU-240 or a later content update on Windows >= Agents with CU-240 or a later content update on Windows >= Agents with CU-240 or a later content update on Windows	2023-04-04	2023-04-12
6.5	CVE-2023-0003 Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server	Cortex XSOAR 8.1 Cortex XSOAR 6.10 Cortex XSOAR 6.9 Cortex XSOAR 6.8 Cortex XSOAR 6.6	none < 6.10.0.185964 < 6.9.B185415 < 6.8.B185719 < 6.6.B186115	all >= 6.10.0.185964 >= 6.9.B185415 >= 6.8.B185719 >= 6.6.B186115	2023-02-08	2023-02-08
6	CVE-2023-0001 Cortex XDR Agent: Cleartext Exposure of Agent Admin Password	Cortex XDR Agent 7.9 Cortex XDR Agent 7.8 Cortex XDR Agent 7.5 Cortex XDR Agent 5.0	none none < 7.5.101-CE on Windows none	all all >= 7.5.101-CE on Windows all	2023-02-08	2023-02-08
5.5	CVE-2023-0002 Cortex XDR Agent: Product Disruption by Local Windows User	Cortex XDR Agent 7.9 Cortex XDR Agent 7.8 Cortex XDR Agent 7.5 Cortex XDR Agent 5.0	none none < 7.5.101-CE on Windows < 5.0.12.22203 on Windows	all all >= 7.5.101-CE on Windows >= 5.0.12.22203 on Windows	2023-02-08	2023-02-08
i	PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023	➔ View multiple products	none	all	2023-02-08	2023-02-08
i	CVE-2023-22809 Impact of Sudo Vulnerability CVE-2023-22809	➔ View multiple products	none	all	2023-02-08	2023-02-08
i	PAN-SA-2022-0007 Impact of OpenSSL 3.0 Vulnerability CVE-2022-3996	➔ View multiple products	none	all	2022-12-23	2022-12-23
6.7	CVE-2022-0031 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine	Cortex XSOAR 6.9 Cortex XSOAR 6.8 Cortex XSOAR 6.6 Cortex XSOAR 6.5	< 6.9.0.130766 on Linux, <= 6.9.0.3387847 on Linux all all all	>= 6.9.0.130766 on Linux none none none	2022-11-09	2022-11-19
i	CVE-2022-42889 Impact of Apache Text Commons Vulnerability CVE-2022-42889	➔ View multiple products	none	all	2022-11-09	2022-11-09
i	PAN-SA-2022-0006 Impact of OpenSSL 3.0 Vulnerabilities CVE-2022-3786 and CVE-2022-3602	➔ View multiple products	none	all	2022-10-31	2022-11-09
8.1	CVE-2022-0030 PAN-OS: Authentication Bypass in Web Interface	Cloud NGFW PAN-OS 10.2 PAN-OS 10.1 PAN-OS 8.1 ➔ View additional products	none none none < 8.1.24 none	All All All >= 8.1.24 all	2022-10-12	2022-10-12
5.5	CVE-2022-0029 Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File	Cortex XDR Agent 7.5 CE Cortex XDR Agent 7.8 Cortex XDR Agent 7.7 Cortex XDR Agent 5.0	< 7.5.101-CE on Windows none < 7.7.3 on Windows < 5.0.12-hotfix update on Windows	>= 7.5.101-CE all >= 7.7.3 >= 5.0.12-hotfix update	2022-09-14	2022-09-14
i	PAN-SA-2022-0005 Informational: Cortex XDR Agent: Product Disruption by Local Windows Administrator	Cortex XDR Agent	All agents with a content update earlier than CU-860 on Windows	All agents with CU-860 or a later content update	2022-09-14	2023-03-08
0	CVE-2022-28199 Informational: PAN-OS: Impact of the NVIDIA Dataplane Development Kit (DPDK) Vulnerability CVE-2022-28199	➔ View multiple products	none	all	2022-09-14	2022-09-14
i	PAN-SA-2022-0004 Informational: Cortex XDR Agent: Allow List is Visible to Low Privileged Users	Cortex XDR Agent	All agents with a content update earlier than CU-630 on Windows	All agents with CU-630 or a later content update	2022-09-14	2022-09-14
8.6 N	CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering	Cloud NGFW PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access 3.1 Prisma Access 3.0 ➔ View additional products	none < 10.2.2-h2 < 10.1.6-h6 < 10.0.11-h1 < 9.1.14-h4 < 9.0.16-h3 < 8.1.23-h1 none none none	All >= 10.2.2-h2 >= 10.1.6-h6 >= 10.0.11-h1 >= 9.1.14-h4 >= 9.0.16-h3 >= 8.1.23-h1 All All all	2022-08-10	2022-08-19
i	PAN-SA-2022-0003 Informational: Cortex XDR Agent: Proof of Concept (PoC) Reduces Effectiveness of Anti-Ransomware Protection Module	Cortex XDR Agent	All agents with a content update earlier than CU-610	All agents with CU-610 or a later content update	2022-08-10	2022-08-10
7.2	CVE-2022-0024 PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit	PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1	none < 10.1.5 < 10.0.10 < 9.1.13 < 9.0.16 < 8.1.23	>= 10.2.0 >= 10.1.5 >= 10.0.10 >= 9.1.13 >= 9.0.16 >= 8.1.23	2022-05-11	2022-05-11
6.7	CVE-2022-0026 Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability	Cortex XDR Agent 7.5 CE Cortex XDR Agent 7.7 Cortex XDR Agent 7.6 Cortex XDR Agent 7.5 Cortex XDR Agent 7.4 Cortex XDR Agent 6.1	7.5.* without CU-330 on Windows 7.7.* without CU-330 on Windows 7.6.* without CU-330 on Windows 7.5.* without CU-330 on Windows 7.4.* without CU-330 on Windows 6.1.* without CU-330 on Windows	7.5.* with CU-330 on Windows 7.7.* with CU-330 on Windows 7.6.* with CU-330 on Windows 7.5.* with CU-330 on Windows 7.4.* with CU-330 on Windows 6.1.* with CU-330 on Windows	2022-05-11	2022-05-11
6.7	CVE-2022-0025 Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability	Cortex XDR Agent 7.5 CE Cortex XDR Agent 7.7 Cortex XDR Agent 7.6 Cortex XDR Agent 7.5 ➔ View additional products	none < 7.7.1.62043 without CU-500 on Windows none none none	all 7.7.* with CU-500, >= 7.7.1.62043 on Windows all all all	2022-05-11	2022-05-11

1 - 25 of 326 Download

N = Exploitable over the network with low complexity, unauthenticated attack.