Palo Alto Networks Security Advisories

1 - 25 of 304
VersionsAffectedUnaffected
7.2CVE-2022-0024 PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.1.5
< 10.0.10
< 9.1.13
< 9.0.16
< 8.1.23
>= 10.2.0
>= 10.1.5
>= 10.0.10
>= 9.1.13
>= 9.0.16
>= 8.1.23
2022-05-112022-05-11
6.7CVE-2022-0025 Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
Cortex XDR Agent 7.5 CE
Cortex XDR Agent 7.7
Cortex XDR Agent 7.6
Cortex XDR Agent 7.5
Cortex XDR Agent 7.4
Cortex XDR Agent 6.1
Cortex XDR Agent 5.0
none
< 7.7.1.62043 without CU-500 on Windows
none
none
none
none
none
all
7.7.* with CU-500, >= 7.7.1.62043 on Windows
all
all
all
all
all
2022-05-112022-05-11
6.7CVE-2022-0026 Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability
Cortex XDR Agent 7.5 CE
Cortex XDR Agent 7.7
Cortex XDR Agent 7.6
Cortex XDR Agent 7.5
Cortex XDR Agent 7.4
Cortex XDR Agent 6.1
7.5.* without CU-330 on Windows
7.7.* without CU-330 on Windows
7.6.* without CU-330 on Windows
7.5.* without CU-330 on Windows
7.4.* without CU-330 on Windows
6.1.* without CU-330 on Windows
7.5.* with CU-330 on Windows
7.7.* with CU-330 on Windows
7.6.* with CU-330 on Windows
7.5.* with CU-330 on Windows
7.4.* with CU-330 on Windows
6.1.* with CU-330 on Windows
2022-05-112022-05-11
4.3CVE-2022-0027 Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports
Cortex XSOAR 6.6
Cortex XSOAR 6.5
Cortex XSOAR 6.2
Cortex XSOAR 6.1
< 6.6.0.2585049
6.5.*
6.2.*
6.1.*
>= 6.6.0.2585049
none
none
none
2022-05-112022-05-11
3.3PAN-SA-2022-0001 Cortex XDR Agent: Supervisor Password Hash Disclosure Vulnerability When Generating Support Files
Cortex XDR Agent
all
none
2022-04-142022-04-14
0PAN-SA-2022-0002 Informational: Cortex XDR Agent: Product Disruption by Local Windows Administrator
Cortex XDR Agent
all on Windows
all on Linux and macOS
2022-04-142022-05-13
5.9CVE-2022-0023 PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 3.0
Prisma Access 2.2
Prisma Access 2.1
none
< 10.1.5
< 10.0.10
< 9.1.13
< 9.0.16
< 8.1.22
none
none
none
10.2.*
>= 10.1.5
>= 10.0.10
>= 9.1.13
>= 9.0.16
>= 8.1.22
Preferred, Innovation
Preferred
Preferred, Innovation
2022-04-132022-04-13
7.5 NCVE-2022-0778 Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778
Cortex XDR Agent 7.7
Cortex XDR Agent 7.6
Cortex XDR Agent 7.5-CE
Cortex XDR Agent 7.5
Cortex XDR Agent 7.4
Cortex XDR Agent 6.1
Cortex XSOAR
GlobalProtect App 6.0
GlobalProtect App 5.3
GlobalProtect App 5.2
GlobalProtect App 5.1
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 3.1
Prisma Access 3.0
Prisma Access 2.2
Prisma Access 2.1
Prisma Cloud
< 7.7.0.60725 on Windows, < 7.7.0.2356 on macOS, < 7.7.0.59559 on Linux
< 7.6.2.60545 on Windows, < 7.6.2.2311 on macOS, < 7.6.2.59612 on Linux
< 7.5.100.60642 on Windows, < 7.5.100.2276 on macOS, < 7.5.100.59687 on Linux
< 7.5.3.60113 on Windows, < 7.5.3.2265 on macOS, < 7.5.3.59465 on Linux
7.4.*
< 6.1.9.61370 on Windows, < 6.1.7.1690 on macOS, < 6.1.7.60245 on Linux
none
< 6.0.1
< 5.3.4
< 5.2.12
< 5.1.11
< 10.2.1
< 10.1.5-h1
< 10.0.10
< 9.1.13-h3
< 9.0.16-h2
< 8.1.23
Preferred, Innovation
Preferred, Innovation
Preferred
Preferred, Innovation
none
>= 7.7.0.60725 on Windows, >= 7.7.0.2356 on macOS, >= 7.7.0.59559 on Linux
>= 7.6.2.60545 on Windows, >= 7.6.2.2311 on macOS, >= 7.6.2.59612 on Linux
>= 7.5.100.60642 on Windows, >= 7.5.100.2276 on macOS, >= 7.5.100.59687 on Linux
>= 7.5.3.60113 on Windows, >= 7.5.3.2265 on macOS, >= 7.5.3.59465 on Linux
none
>= 6.1.9.61370 on Windows, >= 6.1.7.1690 on macOS, >= 6.1.7.60245 on Linux
all
>= 6.0.1
>= 5.3.4
>= 5.2.12
>= 5.1.11
>= 10.2.1
>= 10.1.5-h1
>= 10.0.10
>= 9.1.13-h3
>= 9.0.16-h2
>= 8.1.23
none
none
none
none
all
2022-03-312022-05-28
0CVE-2022-22963 Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965
AutoFocus
Bridgecrew
Cortex Data Lake
Cortex XDR Agent
Cortex Xpanse
Cortex XSOAR
Enterprise Data Loss Prevention
Exact Data Matching CLI
Expanse
Expedition Migration Tool
GlobalProtect App
IoT Security
Okyo Garde
Palo Alto Networks App for Splunk
PAN-OS
Prisma Cloud
Prisma Cloud Compute
Prisma SD-WAN (CloudGenix)
Prisma SD-WAN ION
SaaS Security
User-ID Agent
WildFire Appliance (WF-500)
WildFire Cloud
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
2022-03-312022-04-25
4.1CVE-2022-0022 PAN-OS: Use of a Weak Cryptographic Algorithm for Stored Password Hashes
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 3.0
Prisma Access 2.2
Prisma Access 2.1
none
none
< 10.0.7
< 9.1.11
9.0.*
< 8.1.21
none
none
none
10.2.*
10.1.*
>= 10.0.7
>= 9.1.11
none
>= 8.1.21
Preferred, Innovation
Preferred
Preferred, Innovation
2022-03-092022-03-09
0CVE-2021-44142 Informational: Impact of the Samba Vulnerability CVE-2021-44142 on PAN-OS
PAN-OS
Prisma Access
none
none
all
all
2022-03-092022-03-09
7.4CVE-2022-0016 GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon With SAML Authentication
GlobalProtect App 5.3
GlobalProtect App 5.2
GlobalProtect App 5.1
none
< 5.2.9 on Windows and MacOS
none
5.3.*
>= 5.2.9 on Windows and MacOS
>= 5.1.*
2022-02-092022-03-09
7CVE-2022-0017 GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation
GlobalProtect App 5.3
GlobalProtect App 5.2
GlobalProtect App 5.1
none
< 5.2.5 on Windows
< 5.1.10 on Windows
5.3.*
>= 5.2.5 on Windows
>= 5.1.10 on Windows
2022-02-092022-02-09
6.8CVE-2022-0020 Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface
Cortex XSOAR 6.5.0
Cortex XSOAR 6.2.0
Cortex XSOAR 6.1.0
none
< 1958888
all
all
>= 1958888
none
2022-02-092022-02-09
6.5CVE-2022-0011 PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 3.0
Prisma Access 2.2
Prisma Access 2.1
< 10.1.3
< 10.0.8
< 9.1.12
9.0.*
< 8.1.21
none
Preferred
Preferred, Innovation
>= 10.1.3
>= 10.0.8
>= 9.1.12
none
>= 8.1.21
Preferred, Innovation
none
none
2022-02-092022-03-09
6.1CVE-2022-0018 GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled
GlobalProtect App 5.3
GlobalProtect App 5.2
GlobalProtect App 5.1
none
< 5.2.9 on Windows and MacOS
< 5.1.10 on Windows and MacOS
5.3.*
>= 5.2.9 on Windows and MacOS
>= 5.1.10 on Windows and MacOS
2022-02-092022-02-09
4.7CVE-2022-0019 GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux
GlobalProtect App 5.3
GlobalProtect App 5.2
GlobalProtect App 5.1
< 5.3.2 on Linux
<= 5.2.7 on Linux
< 5.1.10 on Linux
>= 5.3.2 on Linux
none
>= 5.1.10 on Linux
2022-02-092022-02-09
3.3CVE-2022-0021 GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon
GlobalProtect App 5.3
GlobalProtect App 5.2
GlobalProtect App 5.1
none
< 5.2.9 on Windows
none
5.3.*
>= 5.2.9 on Windows
5.1.*
2022-02-092022-02-09
7.8CVE-2022-0015 Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
Cortex XDR Agent 7.6
Cortex XDR Agent 7.5
Cortex XDR Agent 7.4
Cortex XDR Agent 7.3
Cortex XDR Agent 7.2
Cortex XDR Agent 6.1
Cortex XDR Agent 5.0
none
none
none
none
none
< 6.1.9
< 5.0.12
7.6.*
7.5.*
7.4.*
7.3.*
7.2.*
>= 6.1.9
>= 5.0.12
2022-01-122022-01-12
6.7CVE-2022-0014 Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session
Cortex XDR Agent 7.6
Cortex XDR Agent 7.5
Cortex XDR Agent 7.4
Cortex XDR Agent 7.3
Cortex XDR Agent 7.2
Cortex XDR Agent 6.1
Cortex XDR Agent 5.0
none
none
none
< 7.3.2 on Windows
< 7.2.4 on Windows
< 6.1.9 on Windows
< 5.0.12 on Windows
7.6.*
7.5.*
7.4.*
>= 7.3.2 on Windows
>= 7.2.4 on Windows
>= 6.1.9 on Windows
>= 5.0.12 on Windows
2022-01-122022-01-14
6.1CVE-2022-0012 Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability
Cortex XDR Agent 7.6
Cortex XDR Agent 7.5
Cortex XDR Agent 7.4
Cortex XDR Agent 7.3
Cortex XDR Agent 7.2
Cortex XDR Agent 6.1
Cortex XDR Agent 5.0
none
none
none
< 7.3.2 on Windows
< 7.2.4 on Windows
< 6.1.9 on Windows
< 5.0.12 on Windows
7.6.*
7.5.*
7.4.*
>= 7.3.2 on Windows
>= 7.2.4 on Windows
>= 6.1.9 on Windows
>= 5.0.12 on Windows
2022-01-122022-01-14
5CVE-2022-0013 Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File
Cortex XDR Agent 7.5
Cortex XDR Agent 7.4
Cortex XDR Agent 7.3
Cortex XDR Agent 7.2
Cortex XDR Agent 6.1
Cortex XDR Agent 5.0
none
none
< 7.3.2 on Windows
< 7.2.4 on Windows
< 6.1.9 on Windows
< 5.0.12 on Windows
7.5.*
7.4.*
>= 7.3.2 on Windows
>= 7.2.4 on Windows
>= 6.1.9 on Windows
>= 5.0.12 on Windows
2022-01-122022-01-14
9.8 NCVE-2021-44228 Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832
Bridgecrew
Cortex Data Lake
Cortex XDR Agent
Cortex Xpanse
Cortex XSOAR
Enterprise Data Loss Prevention
Exact Data Matching CLI
Expedition
GlobalProtect App
IoT Security
Okyo Garde
PAN-DB Private Cloud
PAN-OS for Firewall and Wildfire
PAN-OS for Panorama
Prisma Access
Prisma Cloud
Prisma Cloud Compute
Prisma SD-WAN (CloudGenix)
SaaS Security
Traps
User-ID Agent
WildFire Appliance
WildFire Cloud
none
none
none
none
none
none
< 2.1
none
none
none
none
none
none
< 9.0.15, < 10.0.8-h8, < 9.1.12-h3
none
none
none
none
none
none
none
none
none
all
all
all
all
all
all
>= 2.1
all
all
all
all
all
all
8.1.*, 10.1.*, >= 9.0.15, >= 10.0.8-h8, >= 9.1.12-h3
all
all
all
all
all
all
all
all
all
2021-12-102022-01-22
0CVE-2021-41617 Informational: Impact of the OpenSSH Vulnerability CVE-2021-41617 on PAN-OS
PAN-OS
none
all
2021-11-302021-11-30
9.8 NCVE-2021-3064 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 2.2
Prisma Access 2.1
none
none
none
none
< 8.1.17
none
none
10.1.*
10.0.*
9.1.*
9.0.*
>= 8.1.17
all
all
2021-11-102021-11-10
1 - 25 of 304 Download
N = Exploitable over the network with low complexity, unauthenticated attack.
© 2022 Palo Alto Networks, Inc. All rights reserved.