Palo Alto Networks Security Advisories

1 - 25 of 421
VersionsAffectedUnaffected
6.1PAN-SA-2025-0002 Chromium: Monthly Vulnerability Updates
Prisma Access Browser
< 131.140.2943.21
>= 131.205.2943.22
2025-01-082025-01-08
7.8PAN-SA-2025-0001 Expedition: Multiple Vulnerabilities in Expedition Migration Tool Lead to Exposure of Firewall Credentials
Cloud NGFW
Expedition 1
Panorama
PAN-OS
Prisma Access
None
< 1.2.101
None
None
None
All
>= 1.2.101
All
All
All
2025-01-082025-01-08
8.7CVE-2024-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet
Cloud NGFW
PAN-OS
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
Prisma Access
None
None on Panorama
< 11.2.3*
< 11.1.5*
>= 10.2.8*, < 10.2.14*
>= 10.1.14*, < 10.1.15*
None
None
>= 10.2.8* on PAN-OS, < 11.2.3* on PAN-OS
All
All on Panorama
>= 11.2.3*
>= 11.1.5*
< 10.2.8*, >= 10.2.14*
< 10.1.14*, >= 10.1.15*
All
All
< 10.2.8* on PAN-OS, >= 11.2.3* on PAN-OS
2024-12-272024-12-30
6.1PAN-SA-2024-0017 Chromium: Monthly Vulnerability Updates
Prisma Access Browser
< 131.86.2955.0
>= 131.109.2968.0
2024-12-112024-12-11
5.6CVE-2024-5921 GlobalProtect App: Insufficient Certificate Validation Leads to Privilege Escalation
GlobalProtect App
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.1
All on Windows UWP
< 6.3.2* on Windows, < 6.3.2* on macOS
< 6.2.6* on Windows, < 6.2.6-HF* on macOS, < 6.2.1-HF2* on Linux
All on Windows, All on macOS, All on Linux, All on Android, < 6.1.7* on iOS
None in FIPS-CC mode
None in FIPS-CC mode
None on Windows UWP
>= 6.3.2* on Windows, >= 6.3.2* on macOS
>= 6.2.6* on Windows, >= 6.2.6-HF* on macOS (ETA: middle of Jan), >= 6.2.1-HF2* on Linux (ETA: end of Jan)
None on Windows, None on macOS, None on Linux, None on Android, >= 6.1.7* on iOS (ETA: end of Jan)
All in FIPS-CC mode
All in FIPS-CC mode
2024-11-262024-12-24
9.3CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.4-h1
< 11.1.5-h1
< 11.0.6-h1
< 10.2.12-h2
None
None
All
>= 11.2.4-h1
>= 11.1.5-h1
>= 11.0.6-h1
>= 10.2.12-h2
All
All
2024-11-182024-11-23
6.9CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.4-h1
< 11.1.5-h1
< 11.0.6-h1
< 10.2.12-h2
< 10.1.14-h6
None
All
>= 11.2.4-h1
>= 11.1.5-h1
>= 11.0.6-h1
>= 10.2.12-h2
>= 10.1.14-h6
All
2024-11-182024-11-21
8.6PAN-SA-2024-0016 Chromium: Monthly Vulnerability Updates
Prisma Access Browser
< 130.59.2920.7
>= 130.117.2920.13
2024-11-132024-11-13
1CVE-2024-5920 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in PAN-OS Enables Impersonation of a Legitimate Administrator
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
None
< 11.1.4
< 11.0.6
< 10.2.11
< 10.1.14
None
All
All
>= 11.1.4
>= 11.0.6
>= 10.2.11
>= 10.1.14
All
2024-11-132024-11-13
1.3CVE-2024-5918 PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
None
None
< 11.0.3
< 10.2.4-h5
< 10.1.11
None
All
All
All
>= 11.0.3
>= 10.2.4-h5
>= 10.1.11
All
2024-11-132024-11-13
1.2CVE-2024-5919 PAN-OS: Authenticated XML External Entities (XXE) Injection Vulnerability
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
None
None
< 11.0.2
< 10.2.5
< 10.1.10
None
All
All
All
>= 11.0.2
>= 10.2.5
>= 10.1.10
All
2024-11-132024-11-13
6.6CVE-2024-2550 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway Using a Specially Crafted Packet
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
None
< 11.1.4-h9, < 11.1.5
< 11.0.6
< 10.2.7-h21, < 10.2.8-h18, < 10.2.9-h18, < 10.2.10-h10, < 10.2.11
None
None
All
All
>= 11.1.4-h9, >= 11.1.5
>= 11.0.6
>= 10.2.7-h21, >= 10.2.8-h18, >= 10.2.9-h18, >= 10.2.10-h10, >= 10.2.11
All
All
2024-11-132025-01-06
4.3CVE-2024-2552 PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI)
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.4
< 11.1.4-h9, < 11.1.5
< 11.0.6
< 10.2.7-h21, < 10.2.8-h18, < 10.2.9-h18, < 10.2.10-h10, < 10.2.11-h9, < 10.2.12
None
None
All
>= 11.2.4
>= 11.1.4-h9, >= 11.1.5
>= 11.0.6
>= 10.2.7-h21, >= 10.2.8-h18, >= 10.2.9-h18, >= 10.2.10-h10, >= 10.2.11-h9, >= 10.2.12
All
All
2024-11-132025-01-06
6.6CVE-2024-2551 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
None
None
< 11.0.5
< 10.2.4-h6, < 10.2.5
< 10.1.14
None
All
All
All
>= 11.0.5
>= 10.2.4-h6, >= 10.2.5
>= 10.1.14
All
2024-11-132024-11-13
6.6CVE-2024-9472 PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.2-h3, < 11.2.3
< 11.1.2-h14, < 11.1.3-h10
None
< 10.2.7-h16, < 10.2.8-h13, < 10.2.9-14, < 10.2.10-h7, < 10.2.11-h4
None
None
All
>= 11.2.2-h3, >= 11.2.3
>= 11.1.2-h14, >= 11.1.3-h10
All
>= 10.2.7-h16, >= 10.2.8-h13, >= 10.2.9-14, >= 10.2.10-h7, >= 10.2.11-h4
All
All
2024-11-132024-11-13
1.7CVE-2024-5917 PAN-OS: Server-Side Request Forgery in WildFire
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
None
None
None
None
< 10.2.2
< 10.1.7
All
All
All
All
>= 10.2.2
>= 10.1.7
2024-11-132024-11-13
iPAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
Cortex XDR Agent
None
All
2024-11-072024-11-07
iPAN-SA-2024-0013 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-OS
None, None
All, All
2024-11-012024-11-01
iPAN-SA-2024-0012 Informational Bulletin: OSS CVEs fixed in PAN-OS
PAN-OS
2024-10-292024-10-29
5.1CVE-2024-9471 PAN-OS: Privilege Escalation (PE) Vulnerability in XML API
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 9.1
PAN-OS 9.0
Prisma Access
None
None
< 11.0.3
< 10.2.8
< 10.1.11
All
All
None
All
All
>= 11.0.3
>= 10.2.8
>= 10.1.11
None
None
All
2024-10-092024-10-09
8.2CVE-2024-9468 PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
None
< 11.1.3
< 11.0.4-h5, < 11.0.6
< 10.2.9-h11, < 10.2.10-h4, < 10.2.11
None
None
All
All
>= 11.1.3
>= 11.0.4-h5, >= 11.0.6
>= 10.2.9-h11, >= 10.2.10-h4, >= 10.2.11
All
All
2024-10-092024-10-14
5.3CVE-2024-9470 Cortex XSOAR: Information Disclosure Vulnerability
Cortex XSOAR 8.0
Cortex XSOAR 6.13
Cortex XSOAR 6.12
None
None
< 6.12.0 (Build 1271551)
All
All
>= 6.12.0 (Build 1271551)
2024-10-092024-10-09
5.7CVE-2024-9469 Cortex XDR Agent: Local Windows User Can Disable the Agent
Cortex XDR Agent 8.6
Cortex XDR Agent 8.5
Cortex XDR Agent 8.4
Cortex XDR Agent 8.3-CE
Cortex XDR Agent 8.3
Cortex XDR Agent 7.9-CE
None
None
< 8.4.1 on Windows
None
< 8.3.1 on Windows
< 7.9.102-CE on Windows
All
All
>= 8.4.1 on Windows
All
>= 8.3.1 on Windows
>= 7.9.102-CE on Windows
2024-10-092024-10-09
8.6PAN-SA-2024-0011 Chromium: Monthly Vulnerability Updates
Prisma Access Browser
< 129.59.2896.5
>= 129.101.2913.3
2024-10-092024-10-09
5.2CVE-2024-9473 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.1
< 6.3.1-c383 on Windows
< 6.2.5 on Windows
< 6.1.4-c720 on Windows, = 6.1.5 on Windows
< 6.0.10-c823 on Windows
All on Windows
>= 6.3.1-c383 on Windows
>= 6.2.5 on Windows
>= 6.1.4-c720 on Windows
>= 6.0.10-c823 on Windows
None on Windows
2024-10-092024-10-24
1 - 25 of 421 Download
© 2025 Palo Alto Networks, Inc. All rights reserved.