| | Versions | Affected | Unaffected | | |
---|
9.3 | CVE-2024-0012
PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.4-h1 < 11.1.5-h1 < 11.0.6-h1 < 10.2.12-h2 None None | All >= 11.2.4-h1 >= 11.1.5-h1 >= 11.0.6-h1 >= 10.2.12-h2 All All | 2024-11-18 | 2024-11-20 |
6.9 | CVE-2024-9474
PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.4-h1 < 11.1.5-h1 < 11.0.6-h1 < 10.2.12-h2 < 10.1.14-h6 None | All >= 11.2.4-h1 >= 11.1.5-h1 >= 11.0.6-h1 >= 10.2.12-h2 >= 10.1.14-h6 All | 2024-11-18 | 2024-11-21 |
8.6 | PAN-SA-2024-0016
Chromium: Monthly Vulnerability Updates | | | | 2024-11-13 | 2024-11-13 |
1 | CVE-2024-5920
PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in PAN-OS Enables Impersonation of a Legitimate Administrator | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None None < 11.1.4 < 11.0.6 < 10.2.11 < 10.1.14 None | All All >= 11.1.4 >= 11.0.6 >= 10.2.11 >= 10.1.14 All | 2024-11-13 | 2024-11-13 |
6.6 | CVE-2024-2550
PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway Using a Specially Crafted Packet | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None None < 11.1.5 < 11.0.6 < 10.2.11 None None | All All >= 11.1.5 >= 11.0.6 >= 10.2.11 All All | 2024-11-13 | 2024-11-13 |
6.6 | CVE-2024-2551
PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None None None < 11.0.5 < 10.2.4-h6, < 10.2.5 < 10.1.14 None | All All All >= 11.0.5 >= 10.2.4-h6, >= 10.2.5 >= 10.1.14 All | 2024-11-13 | 2024-11-13 |
4.3 | CVE-2024-2552
PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI) | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.4 < 11.1.5 < 11.0.6 < 10.2.12 None None | All >= 11.2.4 >= 11.1.5 >= 11.0.6 >= 10.2.12 All All | 2024-11-13 | 2024-11-13 |
1.7 | CVE-2024-5917
PAN-OS: Server-Side Request Forgery in WildFire | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 | None None None None < 10.2.2 < 10.1.7 | All All All All >= 10.2.2 >= 10.1.7 | 2024-11-13 | 2024-11-13 |
1.3 | CVE-2024-5918
PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None None None < 11.0.3 < 10.2.4-h5 < 10.1.11 None | All All All >= 11.0.3 >= 10.2.4-h5 >= 10.1.11 All | 2024-11-13 | 2024-11-13 |
1.2 | CVE-2024-5919
PAN-OS: Authenticated XML External Entities (XXE) Injection Vulnerability | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None None None < 11.0.2 < 10.2.5 < 10.1.10 None | All All All >= 11.0.2 >= 10.2.5 >= 10.1.10 All | 2024-11-13 | 2024-11-13 |
6.6 | CVE-2024-9472
PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.2-h3, < 11.2.3 < 11.1.2-h14, < 11.1.3-h10 None < 10.2.7-h16, < 10.2.8-h13, < 10.2.9-14, < 10.2.10-h7, < 10.2.11-h4 None None | All >= 11.2.2-h3, >= 11.2.3 >= 11.1.2-h14, >= 11.1.3-h10 All >= 10.2.7-h16, >= 10.2.8-h13, >= 10.2.9-14, >= 10.2.10-h7, >= 10.2.11-h4 All All | 2024-11-13 | 2024-11-13 |
i | PAN-SA-2024-0014
Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent | | | | 2024-11-07 | |
i | PAN-SA-2024-0013
Informational Bulletin: Impact of OSS CVEs in PAN-OS | | | | 2024-11-01 | |
i | PAN-SA-2024-0012
Informational Bulletin: OSS CVEs fixed in PAN-OS | | Versions prior to those listed above | | 2024-10-29 | |
9.9
N | PAN-SA-2024-0010
Expedition: Multiple Vulnerabilities in Expedition Lead to Exposure of Firewall Credentials | Cloud NGFW Expedition PAN-OS Panorama Prisma Access | | | 2024-10-09 | 2024-11-14 |
8.6 | PAN-SA-2024-0011
Chromium: Monthly Vulnerability Updates | | | | 2024-10-09 | 2024-10-09 |
8.2 | CVE-2024-9468
PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None None < 11.1.3 < 11.0.4-h5, < 11.0.6 < 10.2.9-h11, < 10.2.10-h4, < 10.2.11 None None | All All >= 11.1.3 >= 11.0.4-h5, >= 11.0.6 >= 10.2.9-h11, >= 10.2.10-h4, >= 10.2.11 All All | 2024-10-09 | 2024-10-14 |
5.7 | CVE-2024-9469
Cortex XDR Agent: Local Windows User Can Disable the Agent | Cortex XDR Agent 8.6 Cortex XDR Agent 8.5 Cortex XDR Agent 8.4 Cortex XDR Agent 8.3-CE Cortex XDR Agent 8.3 Cortex XDR Agent 7.9-CE | None None < 8.4.1 on Windows None < 8.3.1 on Windows < 7.9.102-CE on Windows | All All >= 8.4.1 on Windows All >= 8.3.1 on Windows >= 7.9.102-CE on Windows | 2024-10-09 | 2024-10-09 |
5.3 | CVE-2024-9470
Cortex XSOAR: Information Disclosure Vulnerability | Cortex XSOAR 8.0 Cortex XSOAR 6.13 Cortex XSOAR 6.12 | None None < 6.12.0 (Build 1271551) | All All >= 6.12.0 (Build 1271551) | 2024-10-09 | 2024-10-09 |
5.2 | CVE-2024-9473
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.1 | < 6.3.1-c383 on Windows < 6.2.5 on Windows < 6.1.4-c720 on Windows, = 6.1.5 on Windows < 6.0.10-c823 on Windows All on Windows | >= 6.3.1-c383 on Windows >= 6.2.5 on Windows >= 6.1.4-c720 on Windows >= 6.0.10-c823 on Windows None on Windows | 2024-10-09 | 2024-10-24 |
5.1 | CVE-2024-9471
PAN-OS: Privilege Escalation (PE) Vulnerability in XML API | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 Prisma Access | None None < 11.0.3 < 10.2.8 < 10.1.11 All All None | All All >= 11.0.3 >= 10.2.8 >= 10.1.11 None None All | 2024-10-09 | 2024-10-09 |
i | CVE-2024-47076
Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products | Cloud NGFW Cortex XDR Cortex XDR Agent Cortex XSIAM Cortex XSOAR GlobalProtect App PAN-OS Prisma Access Prisma Access Browser Prisma Cloud Prisma Cloud Compute Prisma SD-WAN | None None None None None None None None None None None None | All All All All All All All All All All All All | 2024-09-26 | 2024-09-26 |
8.6 | PAN-SA-2024-0009
Prisma Access Browser: Monthly Vulnerability Updates | | | | 2024-09-11 | 2024-09-11 |
8.6 | CVE-2024-8686
PAN-OS: Command Injection Vulnerability | | | | 2024-09-11 | 2024-09-11 |
6.9 | CVE-2024-8687
PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes | Cloud NGFW GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.2 GlobalProtect App 5.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access | None None < 6.2.1 < 6.1.2 < 6.0.7 < 5.2.13 < 5.1.12 None None < 11.0.1 < 10.2.4 < 10.1.9 < 10.0.12 < 9.1.16 < 9.0.17 < 8.1.25 < 10.2.9 on PAN-OS | All All >= 6.2.1 >= 6.1.2 >= 6.0.7 >= 5.2.13 >= 5.1.12 All All >= 11.0.1 >= 10.2.4 >= 10.1.9 >= 10.0.12 >= 9.1.16 >= 9.0.17 >= 8.1.25 >= 10.2.9 on PAN-OS | 2024-09-11 | 2024-09-11 |
6.7 | CVE-2024-8688
PAN-OS: Arbitrary File Read Vulnerability in the Command Line Interface (CLI) | | None None None < 10.1.1 < 10.0.10 < 9.1.15 None | All All All >= 10.1.1 >= 10.0.10 >= 9.1.15 all | 2024-09-11 | 2024-09-11 |
6 | CVE-2024-8689
ActiveMQ Content Pack: Cleartext Exposure of Credentials | ActiveMQ Content Pack 1.1 | | | 2024-09-11 | 2024-09-11 |
5.6 | CVE-2024-8690
Cortex XDR Agent: Local Windows Administrator Can Disable the Agent | Cortex XDR Agent 8.5 Cortex XDR Agent 8.4 Cortex XDR Agent 8.3-CE Cortex XDR Agent 8.3 Cortex XDR Agent 8.2 Cortex XDR Agent 7.9.102-CE | | | 2024-09-11 | 2024-09-11 |
5.3 | CVE-2024-8691
PAN-OS: User Impersonation in GlobalProtect Portal | | None None None < 10.1.11 < 9.1.17 None | All All All >= 10.1.11 >= 9.1.17 all | 2024-09-11 | 2024-09-11 |
i | PAN-SA-2024-0008
Informational Bulletin: Impact of OSS CVEs in PAN-OS | | | | 2024-09-04 | |
i | CVE-2024-5535
Informational Bulletin: Impact of OpenSSL Vulnerabilities CVE-2024-5535 and CVE-2024-6119 | | | | 2024-08-22 | 2024-09-04 |
8.6 | PAN-SA-2024-0007
Prisma Access Browser: Monthly Vulnerability Updates | | | | 2024-08-14 | 2024-08-14 |
7 | CVE-2024-5914
Cortex XSOAR: Command Injection in CommonScripts Pack | Cortex XSOAR CommonScripts | | | 2024-08-14 | 2024-08-14 |
6 | CVE-2024-5916
PAN-OS: Cleartext Exposure of External System Secrets | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 Prisma Access | Before 8/15 on Azure, Before 8/23 on AWS None < 11.0.4 < 10.2.8 None None None | On or after 8/15 on Azure, On or after 8/23 on AWS All >= 11.0.4 >= 10.2.8 All All All | 2024-08-14 | 2024-08-14 |
5.2 | CVE-2024-5915
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.1 | < 6.3.1 on Windows < 6.2.4 on Windows < 6.1.5 on Windows < 6.0.10-c826 on Windows < 5.1.x on Windows | >= 6.3.1 on Windows >= 6.2.4 on Windows >= 6.1.5 on Windows >= 6.0.10-c826 on Windows >= 5.1.x (ETA: December 2024) on Windows | 2024-08-14 | 2024-11-06 |
=
Exploitable over the network with low complexity, unauthenticated attack.