Palo Alto Networks Security Advisories

1 - 25 of 314
VersionsAffectedUnaffected
6.7CVE-2022-0031 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine
Cortex XSOAR 6.9
Cortex XSOAR 6.8
Cortex XSOAR 6.6
Cortex XSOAR 6.5
< 6.9.0.130766 on Linux, <= 6.9.0.3387847 on Linux
all
all
all
>= 6.9.0.130766 on Linux
none
none
none
2022-11-092022-11-19
iCVE-2022-42889 Impact of Apache Text Commons Vulnerability CVE-2022-42889
AutoFocus
Bridgecrew
Cloud NGFW
Cortex Data Lake
Cortex XDR
Cortex XDR Agent
Cortex Xpanse
Cortex XSOAR
Enterprise Data Loss Prevention
Exact Data Matching CLI
Expanse
Expedition Migration Tool
GlobalProtect App
IoT Security
Okyo Garde
Palo Alto Networks App for Splunk
PAN-OS
Prisma Access
Prisma Cloud
Prisma Cloud Compute
Prisma SD-WAN (CloudGenix)
Prisma SD-WAN ION
SaaS Security
User-ID Agent
WildFire Appliance (WF-500)
WildFire Cloud
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
2022-11-092022-11-09
iPAN-SA-2022-0006 Impact of OpenSSL 3.0 Vulnerabilities CVE-2022-3786 and CVE-2022-3602
AutoFocus
Bridgecrew
Cloud NGFW
Cortex Data Lake
Cortex XDR
Cortex XDR Agent
Cortex Xpanse
Cortex XSOAR
Enterprise Data Loss Prevention
Exact Data Matching CLI
Expanse
Expedition Migration Tool
GlobalProtect App
IoT Security
Okyo Garde
Palo Alto Networks App for Splunk
PAN-OS
Prisma Access
Prisma Cloud
Prisma Cloud Compute
Prisma SD-WAN (CloudGenix)
Prisma SD-WAN ION
SaaS Security
User-ID Agent
WildFire Appliance (WF-500)
WildFire Cloud
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
2022-10-312022-11-09
8.1CVE-2022-0030 PAN-OS: Authentication Bypass in Web Interface
Cloud NGFW
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
none
none
none
none
none
none
< 8.1.24
none
All
All
All
All
All
All
>= 8.1.24
All
2022-10-122022-10-12
5.5CVE-2022-0029 Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File
Cortex XDR Agent 7.5 CE
Cortex XDR Agent 7.8
Cortex XDR Agent 7.7
Cortex XDR Agent 5.0
< 7.5.101-CE on Windows
none
< 7.7.3 on Windows
< 5.0.12-hotfix update on Windows
>= 7.5.101-CE
all
>= 7.7.3
>= 5.0.12-hotfix update
2022-09-142022-09-14
iPAN-SA-2022-0005 Informational: Cortex XDR Agent: Product Disruption by Local Windows Administrator
Cortex XDR Agent
All agents with a content update earlier than CU-630 on Windows
All agents with CU-630 or a later content update
2022-09-142022-09-14
0CVE-2022-28199 Informational: PAN-OS: Impact of the NVIDIA Dataplane Development Kit (DPDK) Vulnerability CVE-2022-28199
Cloud NGFW
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 3.1
Prisma Access 3.0
Prisma Access 2.2
Prisma Access 2.1
none
none
none
none
none
none
none
none
none
none
none
all
all
all
all
all
all
all
all
all
all
all
2022-09-142022-09-14
iPAN-SA-2022-0004 Informational: Cortex XDR Agent: Allow List is Visible to Low Privileged Users
Cortex XDR Agent
All agents with a content update earlier than CU-630 on Windows
All agents with CU-630 or a later content update
2022-09-142022-09-14
8.6 NCVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering
Cloud NGFW
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 3.1
Prisma Access 3.0
Prisma Access 2.2
Prisma Access 2.1
none
< 10.2.2-h2
< 10.1.6-h6
< 10.0.11-h1
< 9.1.14-h4
< 9.0.16-h3
< 8.1.23-h1
none
none
none
none
All
>= 10.2.2-h2
>= 10.1.6-h6
>= 10.0.11-h1
>= 9.1.14-h4
>= 9.0.16-h3
>= 8.1.23-h1
All
All
All
All
2022-08-102022-08-19
iPAN-SA-2022-0003 Informational: Cortex XDR Agent: Proof of Concept (PoC) Reduces Effectiveness of Anti-Ransomware Protection Module
Cortex XDR Agent
All agents with a content update earlier than CU-610
All agents with CU-610 or a later content update
2022-08-102022-08-10
7.2CVE-2022-0024 PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.1.5
< 10.0.10
< 9.1.13
< 9.0.16
< 8.1.23
>= 10.2.0
>= 10.1.5
>= 10.0.10
>= 9.1.13
>= 9.0.16
>= 8.1.23
2022-05-112022-05-11
6.7CVE-2022-0026 Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability
Cortex XDR Agent 7.5 CE
Cortex XDR Agent 7.7
Cortex XDR Agent 7.6
Cortex XDR Agent 7.5
Cortex XDR Agent 7.4
Cortex XDR Agent 6.1
7.5.* without CU-330 on Windows
7.7.* without CU-330 on Windows
7.6.* without CU-330 on Windows
7.5.* without CU-330 on Windows
7.4.* without CU-330 on Windows
6.1.* without CU-330 on Windows
7.5.* with CU-330 on Windows
7.7.* with CU-330 on Windows
7.6.* with CU-330 on Windows
7.5.* with CU-330 on Windows
7.4.* with CU-330 on Windows
6.1.* with CU-330 on Windows
2022-05-112022-05-11
6.7CVE-2022-0025 Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
Cortex XDR Agent 7.5 CE
Cortex XDR Agent 7.7
Cortex XDR Agent 7.6
Cortex XDR Agent 7.5
Cortex XDR Agent 7.4
Cortex XDR Agent 6.1
Cortex XDR Agent 5.0
none
< 7.7.1.62043 without CU-500 on Windows
none
none
none
none
none
all
7.7.* with CU-500, >= 7.7.1.62043 on Windows
all
all
all
all
all
2022-05-112022-05-11
4.3CVE-2022-0027 Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports
Cortex XSOAR 6.6
Cortex XSOAR 6.5
Cortex XSOAR 6.2
Cortex XSOAR 6.1
< 6.6.0.2585049
6.5.*
6.2.*
6.1.*
>= 6.6.0.2585049
none
none
none
2022-05-112022-05-11
3.3PAN-SA-2022-0001 Cortex XDR Agent: Supervisor Password Hash Disclosure Vulnerability When Generating Support Files
Cortex XDR Agent
all
none
2022-04-142022-04-14
iPAN-SA-2022-0002 Informational: Cortex XDR Agent: Product Disruption by Local Windows Administrator
Cortex XDR Agent
all on Windows
all on Linux and macOS
2022-04-142022-05-13
5.9CVE-2022-0023 PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 3.0
Prisma Access 2.2
Prisma Access 2.1
none
< 10.1.5
< 10.0.10
< 9.1.13
< 9.0.16
< 8.1.22
none
none
none
10.2.*
>= 10.1.5
>= 10.0.10
>= 9.1.13
>= 9.0.16
>= 8.1.22
Preferred, Innovation
Preferred
Preferred, Innovation
2022-04-132022-04-13
7.5 NCVE-2022-0778 Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778
Cortex XDR Agent 7.7
Cortex XDR Agent 7.6
Cortex XDR Agent 7.5-CE
Cortex XDR Agent 7.5
Cortex XDR Agent 7.4
Cortex XDR Agent 6.1
Cortex XSOAR
GlobalProtect App 6.0
GlobalProtect App 5.3
GlobalProtect App 5.2
GlobalProtect App 5.1
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 3.1
Prisma Access 3.0
Prisma Access 2.2
Prisma Access 2.1
Prisma Cloud
< 7.7.0.60725 on Windows, < 7.7.0.2356 on macOS, < 7.7.0.59559 on Linux
< 7.6.2.60545 on Windows, < 7.6.2.2311 on macOS, < 7.6.2.59612 on Linux
< 7.5.100.60642 on Windows, < 7.5.100.2276 on macOS, < 7.5.100.59687 on Linux
< 7.5.3.60113 on Windows, < 7.5.3.2265 on macOS, < 7.5.3.59465 on Linux
7.4.*
< 6.1.9.61370 on Windows, < 6.1.7.1690 on macOS, < 6.1.7.60245 on Linux
none
< 6.0.1 on Windows and macOS, < 6.0.2 on Android and iOS
< 5.3.4
< 5.2.12
< 5.1.11
< 10.2.1
< 10.1.5-h1
< 10.0.10
< 9.1.13-h3
< 9.0.16-h2
< 8.1.23
Preferred, Innovation
Preferred, Innovation
Preferred
Preferred, Innovation
none
>= 7.7.0.60725 on Windows, >= 7.7.0.2356 on macOS, >= 7.7.0.59559 on Linux
>= 7.6.2.60545 on Windows, >= 7.6.2.2311 on macOS, >= 7.6.2.59612 on Linux
>= 7.5.100.60642 on Windows, >= 7.5.100.2276 on macOS, >= 7.5.100.59687 on Linux
>= 7.5.3.60113 on Windows, >= 7.5.3.2265 on macOS, >= 7.5.3.59465 on Linux
none
>= 6.1.9.61370 on Windows, >= 6.1.7.1690 on macOS, >= 6.1.7.60245 on Linux
all
>= 6.0.1 on Windows and macOS, >= 6.0.2 on Android and iOS
>= 5.3.4
>= 5.2.12
>= 5.1.11
>= 10.2.1
>= 10.1.5-h1
>= 10.0.10
>= 9.1.13-h3
>= 9.0.16-h2
>= 8.1.23
none
none
none
none
all
2022-03-312022-06-24
0CVE-2022-22963 Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965
AutoFocus
Bridgecrew
Cortex Data Lake
Cortex XDR Agent
Cortex Xpanse
Cortex XSOAR
Enterprise Data Loss Prevention
Exact Data Matching CLI
Expanse
Expedition Migration Tool
GlobalProtect App
IoT Security
Okyo Garde
Palo Alto Networks App for Splunk
PAN-OS
Prisma Cloud
Prisma Cloud Compute
Prisma SD-WAN (CloudGenix)
Prisma SD-WAN ION
SaaS Security
User-ID Agent
WildFire Appliance (WF-500)
WildFire Cloud
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
none
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
2022-03-312022-04-25
4.1CVE-2022-0022 PAN-OS: Use of a Weak Cryptographic Algorithm for Stored Password Hashes
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 3.0
Prisma Access 2.2
Prisma Access 2.1
none
none
< 10.0.7
< 9.1.11
9.0.*
< 8.1.21
none
none
none
10.2.*
10.1.*
>= 10.0.7
>= 9.1.11
none
>= 8.1.21
Preferred, Innovation
Preferred
Preferred, Innovation
2022-03-092022-03-09
0CVE-2021-44142 Informational: Impact of the Samba Vulnerability CVE-2021-44142 on PAN-OS
PAN-OS
Prisma Access
none
none
all
all
2022-03-092022-03-09
7.4CVE-2022-0016 GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon With SAML Authentication
GlobalProtect App 5.3
GlobalProtect App 5.2
GlobalProtect App 5.1
none
< 5.2.9 on Windows and MacOS
none
5.3.*
>= 5.2.9 on Windows and MacOS
>= 5.1.*
2022-02-092022-03-09
7CVE-2022-0017 GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation
GlobalProtect App 5.3
GlobalProtect App 5.2
GlobalProtect App 5.1
none
< 5.2.5 on Windows
< 5.1.10 on Windows
5.3.*
>= 5.2.5 on Windows
>= 5.1.10 on Windows
2022-02-092022-02-09
6.8CVE-2022-0020 Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface
Cortex XSOAR 6.5.0
Cortex XSOAR 6.2.0
Cortex XSOAR 6.1.0
none
< 1958888
all
all
>= 1958888
none
2022-02-092022-02-09
6.5CVE-2022-0011 PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 3.0
Prisma Access 2.2
Prisma Access 2.1
< 10.1.3
< 10.0.8
< 9.1.12
9.0.*
< 8.1.21
none
Preferred
Preferred, Innovation
>= 10.1.3
>= 10.0.8
>= 9.1.12
none
>= 8.1.21
Preferred, Innovation
none
none
2022-02-092022-03-09
1 - 25 of 314 Download
N = Exploitable over the network with low complexity, unauthenticated attack.
© 2022 Palo Alto Networks, Inc. All rights reserved.