Palo Alto Networks Security Advisories

1 - 25 of 353
VersionsAffectedUnaffected
iPAN-SA-2024-0002 Impact of Leaky Vessels Vulnerabilities (CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653)
none
all
2024-02-222024-02-22
6.3CVE-2024-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
➔ View additional products
none
none
none
< 10.1.6 on Panorama
< 10.0.11 on Panorama
< 9.1.16 on Panorama
< 9.0.17 on Panorama
< 8.1.24-h1 on Panorama, < 8.1.25 on Panorama
none
All
All on Panorama
All on Panorama
>= 10.1.6 on Panorama
>= 10.0.11 on Panorama
>= 9.1.16 on Panorama
>= 9.0.17 on Panorama
>= 8.1.24-h1 on Panorama, >= 8.1.25 on Panorama
all
2024-02-142024-02-14
5.4CVE-2024-0008 PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
Prisma Access
none
none
< 11.0.2
< 10.2.5
< 10.1.10-h1, < 10.1.11
< 10.0.12-h1, < 10.0.13
< 9.1.17
< 9.0.17-h2, < 9.0.18
none
All
All
>= 11.0.2
>= 10.2.5
>= 10.1.10-h1, >= 10.1.11
>= 10.0.12-h1, >= 10.0.13
>= 9.1.17
>= 9.0.17-h2, >= 9.0.18
All
2024-02-142024-02-14
5.3CVE-2024-0009 PAN-OS: Improper IP Address Verification in GlobalProtect Gateway
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
➔ View additional products
none
none
< 11.0.1
< 10.2.4
none
none
All
All
>= 11.0.1
>= 10.2.4
All
all
2024-02-142024-02-14
5.1CVE-2024-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.1
PAN-OS 9.1
PAN-OS 9.0
➔ View additional products
none
none
none
< 10.1.11-h1, < 10.1.12
< 9.1.17
< 9.0.17-h4
none
All
All
All
>= 10.1.11-h1, >= 10.1.12
>= 9.1.17
>= 9.0.17-h4
all
2024-02-142024-02-14
5.1CVE-2024-0011 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
➔ View additional products
none
none
none
< 10.1.3
< 10.0.11
< 9.1.13
< 9.0.17
< 8.1.24
none
All
All
All
>= 10.1.3
>= 10.0.11
>= 9.1.13
>= 9.0.17
>= 8.1.24
all
2024-02-142024-02-24
iPAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-OS
none
All
2024-02-14
iCVE-2023-48795 Impact of Terrapin SSH Attack
PAN-OS
Devices using affected ciphers
Devices not using affected ciphers
2024-01-092024-01-17
7.5CVE-2023-6790 PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
none
none
< 11.0.1
< 10.2.4
< 10.1.9
< 10.0.12
< 9.1.16
< 9.0.17
< 8.1.25
none
All
All
>= 11.0.1
>= 10.2.4
>= 10.1.9
>= 10.0.12
>= 9.1.16
>= 9.0.17
>= 8.1.25
All
2023-12-132023-12-13
6.1CVE-2023-6791 PAN-OS: Plaintext Disclosure of External System Integration Credentials
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
none
none
< 11.0.1
< 10.2.4
< 10.1.9
< 10.0.12
< 9.1.16
< 9.0.17
< 8.1.24-h1
none
All
All
>= 11.0.1
>= 10.2.4
>= 10.1.9
>= 10.0.12
>= 9.1.16
>= 9.0.17
>= 8.1.24-h1
All
2023-12-132023-12-13
5.9CVE-2023-6792 PAN-OS: OS Command Injection Vulnerability in the XML API
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
➔ View additional products
none
none
none
< 10.1.6
< 10.0.12
< 9.1.15
< 9.0.17
< 8.1.24
none
All
All
All
>= 10.1.6
>= 10.0.12
>= 9.1.15
>= 9.0.17
>= 8.1.24
all
2023-12-132023-12-13
5.9CVE-2023-6795 PAN-OS: OS Command Injection Vulnerability in the Web Interface
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
➔ View additional products
none
none
none
< 10.1.3
< 10.0.9
< 9.1.12
< 9.0.17
< 8.1.24-h1
none
All
All
All
>= 10.1.3
>= 10.0.9
>= 9.1.12
>= 9.0.17
>= 8.1.24-h1
all
2023-12-132023-12-13
5.9CVE-2023-6794 PAN-OS: File Upload Vulnerability in the Web Interface
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
➔ View additional products
none
none
none
< 9.1.14
< 9.0.17-h1
< 8.1.26
none
All
All
All
>= 9.1.14
>= 9.0.17-h1
>= 8.1.26
all
2023-12-132023-12-13
5.1CVE-2023-6793 PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
none
none
< 11.0.2
< 10.2.5
< 10.1.11
All
< 9.1.17
< 9.0.17-h4
none
none
All
All
>= 11.0.2
>= 10.2.5
>= 10.1.11
None
>= 9.1.17
>= 9.0.17-h4
All
All
2023-12-132023-12-13
4.8CVE-2023-6789 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
none
none
< 11.0.2
< 10.2.5
< 10.1.11
All
< 9.1.17
< 9.0.17-h4
< 8.1.26
none
All
All
>= 11.0.2
>= 10.2.5
>= 10.1.11
None
>= 9.1.17
>= 9.0.17-h4
>= 8.1.26
All
2023-12-132023-12-13
4.9CVE-2023-3282 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine
Cortex XSOAR 8
Cortex XSOAR 6.12
Cortex XSOAR 6.11
Cortex XSOAR 6.10
none
none
none
< 6.10.0.250144 on Linux
All
All
All
>= 6.10.0.250144 on Linux
2023-11-082023-11-08
iCVE-2023-38545 Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546)
none
all
2023-10-122023-10-31
4.3CVE-2023-3281 Cortex XSOAR: Cleartext Exposure of Client Certificate Key in Kafka v3 Integration
Cortex XSOAR Kafka Integration v3
< 2.0.16
>= 2.0.16
2023-10-112023-10-11
iCVE-2023-44487 Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945)
none
all
2023-10-112023-10-25
0CVE-2023-4863 Impact of libwebp Vulnerability CVE-2023-4863
PAN-OS
none
All
2023-10-022023-10-02
8.2 NCVE-2023-38802 PAN-OS: Denial-of-Service (DoS) Vulnerability in BGP Software
Cloud NGFW
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
Prisma SD-WAN ION 6.2
Prisma SD-WAN ION 6.1
Prisma SD-WAN ION 5.6
none
< 11.0.3
< 10.2.6
< 10.1.11
< 9.1.16-h3
< 9.0.17-h4
< 8.1.26
Customers whose most recent software upgrade was before 09/30
< 6.2.3
< 6.1.5
none
All
>= 11.0.3
>= 10.2.6
>= 10.1.11
>= 9.1.16-h3
>= 9.0.17-h4
>= 8.1.26
Customers who have received a software upgrade or are using new software on or after 09/30
>= 6.2.3
>= 6.1.5
All
2023-09-132024-01-18
5.5CVE-2023-3280 Cortex XDR Agent: Local Windows User Can Disable the Agent
Cortex XDR Agent 8.1
Cortex XDR Agent 8.0
Cortex XDR Agent 7.9-CE
Cortex XDR Agent 7.9
Cortex XDR Agent 7.5-CE
Cortex XDR Agent 5.0
none
< 8.0.2 on Windows
< 7.9.101-CE on Windows
< 7.9.3 on Windows
All on Windows
All on Windows
All
>= 8.0.2 with CU-1000 or a later content update on Windows
>= 7.9.101-CE with CU-1000 or a later content update on Windows
>= 7.9.3 with CU-1000 or a later content update on Windows
none
none
2023-09-132023-09-22
iPAN-SA-2023-0004 Informational Bulletin: Impact of TunnelCrack Vulnerabilities (CVE-2023-36671, CVE-2023-36672, CVE-2023-35838, and CVE-2023-36673)
PAN-OS with GlobalProtect app on Android and ChromeOS
PAN-OS with GlobalProtect app on iOS
PAN-OS with GlobalProtect app on Windows, macOS, and Linux
Prisma Access with GlobalProtect app on Android and ChromeOS
Prisma Access with GlobalProtect app on iOS
Prisma Access with GlobalProtect app on Windows, macOS, and Linux
LocalNet: None, ServerIP: Gateways with address set as an FQDN
LocalNet: Third-party apps with the "Local Network" permission enabled and Apple apps, ServerIP: Gateways with address set as an FQDN
LocalNet: Configurations allowing local network access, ServerIP: Gateways with address set as an FQDN
None
LocalNet: Third-party apps with the "Local Network" permission enabled and Apple apps, ServerIP: None
LocalNet: Configurations allowing local network access, ServerIP: None
LocalNet: All, ServerIP: Gateways with address set as an IP
LocalNet: Third-party apps with the "Local Network" permission disabled, ServerIP: Gateways with address set as an IP
LocalNet: "No direct access to local network" enabled, ServerIP: Gateways with address set as an IP
All
LocalNet: Third-party apps with the "Local Network" permission disabled, ServerIP: All
LocalNet: "No direct access to local network" enabled, ServerIP: All
2023-08-172023-09-26
5.5CVE-2023-38046 PAN-OS: Read System Files and Resources During Configuration Commit
Cloud NGFW
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
➔ View additional products
none
< 11.0.1
< 10.2.4
none
none
none
All
>= 11.0.1
>= 10.2.4
All
All
all
2023-07-122023-07-12
iPAN-SA-2023-0003 Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708)
none
all
2023-06-162023-06-20
1 - 25 of 353 Download
N = Exploitable over the network with low complexity, unauthenticated attack.
© 2024 Palo Alto Networks, Inc. All rights reserved.