| | Versions | Affected | Unaffected | | |
|---|
| 9.3
N | CVE-2024-5910
Expedition: Missing Authentication Leads to Admin Account Takeover | | | | 2024-07-10 | 2024-07-10 |
| 7 | CVE-2024-5911
PAN-OS: File Upload Vulnerability in the Panorama Web Interface | | none none none < 10.2.4 on Panorama < 10.1.9 on Panorama none | All All All >= 10.2.4 on Panorama >= 10.1.9 on Panorama all | 2024-07-10 | 2024-07-10 |
| 6.8 | CVE-2024-5912
Cortex XDR Agent: Improper File Signature Verification Checks | Cortex XDR Agent 8.4 Cortex XDR Agent 8.3-CE Cortex XDR Agent 8.3 Cortex XDR Agent 8.2 Cortex XDR Agent 7.9-CE | None None None < 8.2.2 < 7.9.102-CE | All All All >= 8.2.2 >= 7.9.102-CE | 2024-07-10 | 2024-07-10 |
| 5.4 | CVE-2024-5913
PAN-OS: Improper Input Validation Vulnerability in PAN-OS | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.1 < 11.1.4 < 11.0.5 < 10.2.10 < 10.1.14-h2 None | All >= 11.2.1 >= 11.1.4 >= 11.0.5 >= 10.2.10 >= 10.1.14-h2 All | 2024-07-10 | 2024-07-10 |
| 5.3 | CVE-2024-3596
PAN-OS: CHAP and PAP When Used with RADIUS Authentication Lead to Privilege Escalation | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 Prisma Access | None None < 11.1.3 < 11.0.4-h4, < 11.0.6 < 10.2.10 < 10.1.14 < 9.1.19 All | All All >= 11.1.3 >= 11.0.4-h4, 11.0.6 >= 10.2.10 >= 10.1.14 >= 9.1.19 None (Fix ETA: July 30) | 2024-07-10 | 2024-07-26 |
| i | PAN-SA-2024-0006
Informational Bulletin: Expedition Installation Script Resets Root Password | Expedition initSetup_v2.0 | | | 2024-07-10 | 2024-07-10 |
| i | CVE-2024-6387
Informational Bulletin: Impact of OpenSSH regreSSHion Vulnerability | Cloud NGFW PAN-OS Prisma Access | | | 2024-07-01 | 2024-07-03 |
| 6.8 | CVE-2024-5909
Cortex XDR Agent: Local Windows User Can Disable the Agent | Cortex XDR Agent 8.4 Cortex XDR Agent 8.3 Cortex XDR Agent 8.2 Cortex XDR Agent 8.1 Cortex XDR Agent 7.9-CE | None None < 8.2.1 on Windows < 8.1.2 on Windows < 7.9.102-CE on Windows | All All >= 8.2.1 on Windows >= 8.1.2 on Windows >= 7.9.102-CE on Windows | 2024-06-12 | 2024-06-12 |
| 5.5 | CVE-2024-5908
GlobalProtect App: Encrypted Credential Exposure via Log Files | GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.1 | < 6.2.3 < 6.1.3 < 6.0.8 < 5.1.12 | >= 6.2.3 >= 6.1.3 >= 6.0.8 >= 5.1.12 | 2024-06-12 | 2024-06-12 |
| 5.2 | CVE-2024-5907
Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability | Cortex XDR Agent 8.4 Cortex XDR Agent 8.3 Cortex XDR Agent 8.2 Cortex XDR Agent 8.1 Cortex XDR Agent 7.9-CE | None < 8.3.1 on Windows < 8.2.3 on Windows All < 7.9.102-CE on Windows | All >= 8.3.1 on Windows >= 8.2.3 on Windows None >= 7.9.102-CE on Windows | 2024-06-12 | 2024-06-12 |
| 4.8 | CVE-2024-5906
Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface | | < 32.05 (O’Neal - Update 5) | >= 32.05 (O’Neal - Update 5) | 2024-06-12 | 2024-06-12 |
| 2 | CVE-2024-5905
Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent | Cortex XDR Agent 8.4 Cortex XDR Agent 8.3 Cortex XDR Agent 8.2 Cortex XDR Agent 8.1 Cortex XDR Agent 7.9-CE | None None < 8.2.1 on Windows < 8.1.2 on Windows < 7.9.102-CE on Windows | All All >= 8.2.1 on Windows >= 8.1.2 on Windows >= 7.9.102-CE on Windows | 2024-06-12 | 2024-06-12 |
| 2.1 | CVE-2024-3661
Impact of TunnelVision Vulnerability | Cloud NGFW GlobalProtect app on Android GlobalProtect app on iOS GlobalProtect app on Linux GlobalProtect app on Windows and macOS PAN-OS Prisma Access | none none All versions without IncludeAllNetworks set to 1 All All versions without Endpoint Traffic Policy Enforcement set to All Traffic none none | All All All versions with IncludeAllNetworks set to 1 Upcoming major release All versions with Endpoint Traffic Policy Enforcement set to All Traffic All All | 2024-05-16 | 2024-05-16 |
| i | PAN-SA-2024-0005
Informational Bulletin: Proof of Concept (PoC) Bypasses Protection Modules in Cortex XDR Agent | Cortex XDR Agent 8.4 Cortex XDR Agent 8.3 Cortex XDR Agent 8.2 Cortex XDR Agent 8.1 Cortex XDR Agent 8.0 Cortex XDR Agent 7.9 Cortex XDR Agent 5.0 | < Agents with content update earlier than CU-1320 on Windows < Agents with content update earlier than CU-1320 on Windows < Agents with content update earlier than CU-1320 on Windows < Agents with content update earlier than CU-1320 on Windows < Agents with content update earlier than CU-1320 on Windows < Agents with content update earlier than CU-1320 on Windows All agents on Windows | >= Agents with CU-1320 or a later content update on Windows >= Agents with CU-1320 or a later content update on Windows >= Agents with CU-1320 or a later content update on Windows >= Agents with CU-1320 or a later content update on Windows >= Agents with CU-1320 or a later content update on Windows >= Agents with CU-1320 or a later content update on Windows none | 2024-04-24 | 2024-04-24 |
| 10
N | CVE-2024-3400
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect | | none < 11.1.0-h3, < 11.1.1-h1, < 11.1.2-h3 < 11.0.0-h3, < 11.0.1-h4, < 11.0.2-h4, < 11.0.3-h10, < 11.0.4-h1 < 10.2.0-h3, < 10.2.1-h2, < 10.2.2-h5, < 10.2.3-h13, < 10.2.4-h16, < 10.2.5-h6, < 10.2.6-h3, < 10.2.7-h8, < 10.2.8-h3, < 10.2.9-h1 none none none | All >= 11.1.0-h3, >= 11.1.1-h1, >= 11.1.2-h3 >= 11.0.0-h3, >= 11.0.1-h4, >= 11.0.2-h4, >= 11.0.3-h10, >= 11.0.4-h1 >= 10.2.0-h3, >= 10.2.1-h2, >= 10.2.2-h5, >= 10.2.3-h13, >= 10.2.4-h16, >= 10.2.5-h6, >= 10.2.6-h3, >= 10.2.7-h8, >= 10.2.8-h3, >= 10.2.9-h1 All All all | 2024-04-12 | 2024-05-03 |
| 8.3
N | CVE-2024-3383
PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE) | | none none < 11.0.3 < 10.2.5 < 10.1.11 none none | All All >= 11.0.3 >= 10.2.5 >= 10.1.11 All all | 2024-04-10 | 2024-04-10 |
| 8.2
N | CVE-2024-3384
PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets | | none none none < 10.0.12 < 9.1.15-h1 < 9.0.17 < 8.1.24 none | All All All >= 10.0.12 >= 9.1.15-h1 >= 9.0.17 >= 8.1.24 all | 2024-04-10 | 2024-04-10 |
| 8.2 | CVE-2024-3382
PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets | | none < 11.1.2 < 11.0.4 < 10.2.7-h3 none none none | All >= 11.1.2 >= 11.0.4 >= 10.2.7-h3 All All all | 2024-04-10 | 2024-04-10 |
| 8.2
N | CVE-2024-3385
PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 Prisma Access | none none < 11.0.3 < 10.2.8 < 10.1.12 < 9.1.17 < 9.0.17-h4 none | All All >= 11.0.3 >= 10.2.8 >= 10.1.12 >= 9.1.17 >= 9.0.17-h4 All | 2024-04-10 | 2024-04-10 |
| 6.9
N | CVE-2024-3386
PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 Prisma Access | none none < 11.0.1-h2, < 11.0.2 < 10.2.4-h2, < 10.2.5 < 10.1.9-h3, < 10.1.10 < 10.0.13 < 9.1.17 < 9.0.17-h2 none | All All >= 11.0.1-h2, >= 11.0.2 >= 10.2.4-h2, >= 10.2.5 >= 10.1.9-h3, >= 10.1.10 >= 10.0.13 >= 9.1.17 >= 9.0.17-h2 All | 2024-04-10 | 2024-04-10 |
| 6 | CVE-2024-3387
PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure | | none none < 11.0.4 on Panorama < 10.2.7-h3 on Panorama, < 10.2.8 on Panorama < 10.1.12 on Panorama none none | All All >= 11.0.4 on Panorama >= 10.2.7-h3 on Panorama, >= 10.2.8 on Panorama >= 10.1.12 on Panorama All all | 2024-04-10 | 2024-04-10 |
| 5.1 | CVE-2024-3388
PAN-OS: User Impersonation in GlobalProtect SSL VPN | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access | none none < 11.0.3 < 10.2.7-h3 < 10.1.11-h4 < 9.1.17 < 9.0.17-h4 < 8.1.26 < 10.2.4 | All All >= 11.0.3 >= 10.2.7-h3 >= 10.1.11-h4 >= 9.1.17 >= 9.0.17-h4 >= 8.1.26 >= 10.2.4 | 2024-04-10 | 2024-04-10 |
| i | PAN-SA-2024-0004
Informational Bulletin: OSS CVEs fixed in PAN-OS | | Versions prior to those listed above | | 2024-04-10 | |
| i | PAN-SA-2024-0003
Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION | | | | 2024-04-05 | |
| i | CVE-2024-3094
Informational: Impact of Malicious Code in XZ Tools and Libraries (CVE-2024-3094) | | | | 2024-04-01 | 2024-04-01 |
=
Exploitable over the network with low complexity, unauthenticated attack.