Get support
Security advisories
Report vulnerabilities
Subscribe
RSS feed
Palo Alto Networks Security Advisories
Clear
Options
version
severity
CRITICAL
HIGH
MEDIUM
LOW
NONE
product
ActiveMQ Content Pack
1
AutoFocus
6
Bridgecrew
7
Bridgecrew Checkov
2
Cloud NGFW
55
Cortex Data Lake
7
Cortex XDR
9
Cortex XDR Agent
40
Cortex XSIAM
1
Cortex XSOAR
24
Cortex XSOAR CommonScripts
1
Cortex XSOAR Kafka Integration
1
Cortex XSOAR PowerShell Image
1
Cortex Xpanse
7
Demisto
1
Enterprise Data Loss Prevention
7
Exact Data Matching CLI
7
Expanse
6
Expedition
10
Expedition Migration Tool
6
GlobalProtect App
45
GlobalProtect app on Android
1
GlobalProtect app on Linux
1
GlobalProtect app on Windows and macOS
1
GlobalProtect app on iOS
1
IoT Security
7
MineMeld
1
NetConnect
1
Okyo Garde
7
PAN-DB Private Cloud
1
PAN-OS
281
PAN-OS for Firewall and Wildfire
1
Palo Alto Networks App for Splunk
6
Panorama
1
Prisma Access
71
Prisma Access Browser
4
Prisma Cloud
12
Prisma Cloud Compute
16
Prisma SD-WAN
1
Prisma SD-WAN (CloudGenix)
9
Prisma SD-WAN ION
12
SaaS Security
7
Secdo
3
Terminal Server Agent
4
Traps
3
Traps ESM Console
2
Traps ESM Core
1
Twistlock Console
1
Update server
1
User-ID Agent
9
VM-Series Plugin
1
WildFire Appliance
4
WildFire Appliance (WF-500)
6
WildFire Cloud
9
Zingbox Inspector
11
Clear
1 - 25 of 404
Newest
Updated
Severe
Earliest published
Earliest updated
Least Severe
Sort ID ↑
Sort ID ↓
CVSS
Summary
Versions
Affected
Unaffected
Published
Updated
i
PAN-SA-2024-0013 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-OS
None
All
2024-11-01
i
PAN-SA-2024-0012 Informational Bulletin: OSS CVEs fixed in PAN-OS
PAN-OS
Versions prior to those listed above
Versions listed above
2024-10-29
9.9
N
PAN-SA-2024-0010 Expedition: Multiple Vulnerabilities in Expedition Lead to Exposure of Firewall Credentials
Cloud NGFW
Expedition
PAN-OS
Panorama
Prisma Access
none
< 1.2.96
none
none
none
All
>= 1.2.96
All
All
All
2024-10-09
2024-10-09
8.6
PAN-SA-2024-0011 Chromium: Monthly Vulnerability Updates
Prisma Access Browser
< 129.59.2896.5
>= 129.101.2913.3
2024-10-09
2024-10-09
8.2
CVE-2024-9468 PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
none
None
< 11.1.3
< 11.0.4-h5, < 11.0.6
< 10.2.9-h11, < 10.2.10-h4, < 10.2.11
none
none
All
All
>= 11.1.3
>= 11.0.4-h5, >= 11.0.6
>= 10.2.9-h11, >= 10.2.10-h4, >= 10.2.11
All
All
2024-10-09
2024-10-14
5.7
CVE-2024-9469 Cortex XDR Agent: Local Windows User Can Disable the Agent
Cortex XDR Agent 8.6
Cortex XDR Agent 8.5
Cortex XDR Agent 8.4
Cortex XDR Agent 8.3-CE
Cortex XDR Agent 8.3
Cortex XDR Agent 7.9-CE
None
None
< 8.4.1 on Windows
None
< 8.3.1 on Windows
< 7.9.102-CE on Windows
All
All
>= 8.4.1 on Windows
All
>= 8.3.1 on Windows
>= 7.9.102-CE on Windows
2024-10-09
2024-10-09
5.3
CVE-2024-9470 Cortex XSOAR: Information Disclosure Vulnerability
Cortex XSOAR 8.0
Cortex XSOAR 6.13
Cortex XSOAR 6.12
None
None
< 6.12.0 (Build 1271551)
All
All
>= 6.12.0 (Build 1271551)
2024-10-09
2024-10-09
5.2
CVE-2024-9473 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.1
< 6.3.1-c383 on Windows
< 6.2.5 on Windows
< 6.1.4-c720 on Windows, = 6.1.5 on Windows
< 6.0.10-c823 on Windows
All on Windows
>= 6.3.1-c383 on Windows
>= 6.2.5 on Windows
>= 6.1.4-c720 on Windows
>= 6.0.10-c823 on Windows
None on Windows
2024-10-09
2024-10-24
5.1
CVE-2024-9471 PAN-OS: Privilege Escalation (PE) Vulnerability in XML API
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 9.1
PAN-OS 9.0
Prisma Access
none
none
< 11.0.3
< 10.2.8
< 10.1.11
All
All
none
All
All
>= 11.0.3
>= 10.2.8
>= 10.1.11
None
None
All
2024-10-09
2024-10-09
i
CVE-2024-47076 Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products
Cloud NGFW
Cortex XDR
Cortex XDR Agent
Cortex XSIAM
Cortex XSOAR
GlobalProtect App
PAN-OS
Prisma Access
Prisma Access Browser
Prisma Cloud
Prisma Cloud Compute
Prisma SD-WAN
None
None
None
None
None
None
None
None
None
none
none
none
All
All
All
All
All
All
All
All
All
All
All
All
2024-09-26
2024-09-26
8.6
PAN-SA-2024-0009 Prisma Access Browser: Monthly Vulnerability Updates
Prisma Access Browser
< 128.91.2869.7
>= 128.138.2888.2
2024-09-11
2024-09-11
8.6
CVE-2024-8686 PAN-OS: Command Injection Vulnerability
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
➔ View additional products
none
11.2.2
none
none
none
All
>= 11.2.3
All
All
all
2024-09-11
2024-09-11
6.9
CVE-2024-8687 PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes
Cloud NGFW
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.2
GlobalProtect App 5.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
none
none
< 6.2.1
< 6.1.2
< 6.0.7
< 5.2.13
< 5.1.12
none
none
< 11.0.1
< 10.2.4
< 10.1.9
< 10.0.12
< 9.1.16
< 9.0.17
< 8.1.25
< 10.2.9 on PAN-OS
All
All
>= 6.2.1
>= 6.1.2
>= 6.0.7
>= 5.2.13
>= 5.1.12
All
All
>= 11.0.1
>= 10.2.4
>= 10.1.9
>= 10.0.12
>= 9.1.16
>= 9.0.17
>= 8.1.25
>= 10.2.9 on PAN-OS
2024-09-11
2024-09-11
6.7
CVE-2024-8688 PAN-OS: Arbitrary File Read Vulnerability in the Command Line Interface (CLI)
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
➔ View additional products
none
none
none
< 10.1.1
< 10.0.10
< 9.1.15
none
All
All
All
>= 10.1.1
>= 10.0.10
>= 9.1.15
all
2024-09-11
2024-09-11
6
CVE-2024-8689 ActiveMQ Content Pack: Cleartext Exposure of Credentials
ActiveMQ Content Pack 1.1
< 1.1.15
>= 1.1.15
2024-09-11
2024-09-11
5.6
CVE-2024-8690 Cortex XDR Agent: Local Windows Administrator Can Disable the Agent
Cortex XDR Agent 8.5
Cortex XDR Agent 8.4
Cortex XDR Agent 8.3-CE
Cortex XDR Agent 8.3
Cortex XDR Agent 8.2
Cortex XDR Agent 7.9.102-CE
None
None
None
None
None
All
All
All
All
All
All
None
2024-09-11
2024-09-11
5.3
CVE-2024-8691 PAN-OS: User Impersonation in GlobalProtect Portal
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.1
PAN-OS 9.1
➔ View additional products
none
none
none
< 10.1.11
< 9.1.17
none
All
All
All
>= 10.1.11
>= 9.1.17
all
2024-09-11
2024-09-11
i
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-OS
none
All
2024-09-04
i
CVE-2024-5535 Informational Bulletin: Impact of OpenSSL Vulnerabilities CVE-2024-5535 and CVE-2024-6119
➔ View multiple products
none
all
2024-08-22
2024-09-04
8.6
PAN-SA-2024-0007 Prisma Access Browser: Monthly Vulnerability Updates
Prisma Access Browser
< 126.183.2844.1
>= 127.100.2858.4
2024-08-14
2024-08-14
7
CVE-2024-5914 Cortex XSOAR: Command Injection in CommonScripts Pack
Cortex XSOAR CommonScripts
< 1.12.33
>= 1.12.33
2024-08-14
2024-08-14
6
CVE-2024-5916 PAN-OS: Cleartext Exposure of External System Secrets
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 9.1
Prisma Access
Before 8/15 on Azure, Before 8/23 on AWS
none
< 11.0.4
< 10.2.8
none
none
none
On or after 8/15 on Azure, On or after 8/23 on AWS
All
>= 11.0.4
>= 10.2.8
All
All
All
2024-08-14
2024-08-14
5.2
CVE-2024-5915 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.1
< 6.3.1 on Windows
< 6.2.4 on Windows
< 6.1.5 on Windows
< 6.0.10-c826 on Windows
< 5.1.x on Windows
>= 6.3.1 on Windows
>= 6.2.4 on Windows
>= 6.1.5 on Windows
>= 6.0.10-c826 on Windows
>= 5.1.x (ETA: December 2024) on Windows
2024-08-14
2024-11-06
9.3
N
CVE-2024-5910 Expedition: Missing Authentication Leads to Admin Account Takeover
Expedition 1.2
< 1.2.92
>= 1.2.92
2024-07-10
2024-07-10
7
CVE-2024-5911 PAN-OS: File Upload Vulnerability in the Panorama Web Interface
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
PAN-OS 10.1
➔ View additional products
none
none
none
< 10.2.4 on Panorama
< 10.1.9 on Panorama
none
All
All
All
>= 10.2.4 on Panorama
>= 10.1.9 on Panorama
all
2024-07-10
2024-07-10
1 - 25 of 404
25 per page
50 per page
100 per page
Download
N
= Exploitable over the network with low complexity, unauthenticated attack.
© 2024 Palo Alto Networks, Inc. All rights reserved.