Palo Alto Networks Security Advisories

1 - 25 of 338
VersionsAffectedUnaffected
4.9CVE-2023-3282 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine
Cortex XSOAR 8
Cortex XSOAR 6.12
Cortex XSOAR 6.11
Cortex XSOAR 6.10
none
none
none
< 6.10.0.250144 on Linux
All
All
All
>= 6.10.0.250144 on Linux
2023-11-082023-11-08
iCVE-2023-38545 Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546)
none
all
2023-10-122023-10-31
4.3CVE-2023-3281 Cortex XSOAR: Cleartext Exposure of Client Certificate Key in Kafka v3 Integration
Cortex XSOAR Kafka Integration v3
< 2.0.16
>= 2.0.16
2023-10-112023-10-11
iCVE-2023-44487 Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945)
none
all
2023-10-112023-10-25
0CVE-2023-4863 Impact of libwebp Vulnerability CVE-2023-4863
PAN-OS
none
All
2023-10-022023-10-02
8.2 NCVE-2023-38802 PAN-OS: Denial-of-Service (DoS) Vulnerability in BGP Software
Cloud NGFW
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 9.1
Prisma Access
Prisma SD-WAN ION 6.2
Prisma SD-WAN ION 6.1
Prisma SD-WAN ION 5.6
none
< 11.0.3
< 10.2.6
< 10.1.11
< 9.1.16-h3
Customers whose most recent software upgrade was before 09/30
< 6.2.3
< 6.1.5
none
All
>= 11.0.3
>= 10.2.6
>= 10.1.11
>= 9.1.16-h3
Customers who have received a software upgrade or are using new software on or after 09/30
>= 6.2.3 (ETA: Week of 11/27)
>= 6.1.5
All
2023-09-132023-11-08
5.5CVE-2023-3280 Cortex XDR Agent: Local Windows User Can Disable the Agent
Cortex XDR Agent 8.1
Cortex XDR Agent 8.0
Cortex XDR Agent 7.9-CE
Cortex XDR Agent 7.9
Cortex XDR Agent 7.5-CE
Cortex XDR Agent 5.0
none
< 8.0.2 on Windows
< 7.9.101-CE on Windows
< 7.9.3 on Windows
All on Windows
All on Windows
All
>= 8.0.2 with CU-1000 or a later content update on Windows
>= 7.9.101-CE with CU-1000 or a later content update on Windows
>= 7.9.3 with CU-1000 or a later content update on Windows
none
none
2023-09-132023-09-22
iPAN-SA-2023-0004 Informational Bulletin: Impact of TunnelCrack Vulnerabilities (CVE-2023-36671, CVE-2023-36672, CVE-2023-35838, and CVE-2023-36673)
PAN-OS with GlobalProtect app on Android and ChromeOS
PAN-OS with GlobalProtect app on iOS
PAN-OS with GlobalProtect app on Windows, macOS, and Linux
Prisma Access with GlobalProtect app on Android and ChromeOS
Prisma Access with GlobalProtect app on iOS
Prisma Access with GlobalProtect app on Windows, macOS, and Linux
LocalNet: None, ServerIP: Gateways with address set as an FQDN
LocalNet: Third-party apps with the "Local Network" permission enabled and Apple apps, ServerIP: Gateways with address set as an FQDN
LocalNet: Configurations allowing local network access, ServerIP: Gateways with address set as an FQDN
None
LocalNet: Third-party apps with the "Local Network" permission enabled and Apple apps, ServerIP: None
LocalNet: Configurations allowing local network access, ServerIP: None
LocalNet: All, ServerIP: Gateways with address set as an IP
LocalNet: Third-party apps with the "Local Network" permission disabled, ServerIP: Gateways with address set as an IP
LocalNet: "No direct access to local network" enabled, ServerIP: Gateways with address set as an IP
All
LocalNet: Third-party apps with the "Local Network" permission disabled, ServerIP: All
LocalNet: "No direct access to local network" enabled, ServerIP: All
2023-08-172023-09-26
5.5CVE-2023-38046 PAN-OS: Read System Files and Resources During Configuration Commit
Cloud NGFW
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
➔ View additional products
none
< 11.0.1
< 10.2.4
none
none
none
All
>= 11.0.1
>= 10.2.4
All
All
all
2023-07-122023-07-12
iPAN-SA-2023-0003 Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708)
none
all
2023-06-162023-06-20
7.8CVE-2023-0009 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.2
none
< 6.1.1 on Windows
< 6.0.5 on Windows
< 5.2.13 on Windows
All
>= 6.1.1
>= 6.0.5
>= 5.2.13
2023-06-142023-07-31
5.4CVE-2023-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication
Cloud NGFW
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
none
none
< 10.2.2
< 10.1.6
< 10.0.11
< 9.1.16
< 9.0.17
< 8.1.24
none
All
All
>= 10.2.2
>= 10.1.6
>= 10.0.11
>= 9.1.16
>= 9.0.17
>= 8.1.24
All
2023-06-142023-06-29
6.5CVE-2023-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface
Cloud NGFW
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
➔ View additional products
none
none
none
< 10.0.7 on Panorama
< 9.1.16 on Panorama
< 9.0.17 on Panorama
< 8.1.25 on Panorama
none
All
All
All
>= 10.0.7 on Panorama
>= 9.1.16 on Panorama
>= 9.0.17 on Panorama
>= 8.1.25 on Panorama
all
2023-05-102023-05-10
4.4CVE-2023-0008 PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface
Cloud NGFW
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
none
< 11.0.1
< 10.2.4
< 10.1.10
< 10.0.12
< 9.1.16
< 9.0.17
< 8.1.25
none
All
>= 11.0.1
>= 10.2.4
>= 10.1.10
>= 10.0.12
>= 9.1.16
>= 9.0.17
>= 8.1.25
All
2023-05-102023-05-11
6.5CVE-2023-0004 PAN-OS: Local File Deletion Vulnerability
Cloud NGFW
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
none
none
none
< 10.1.6
< 10.0.11
< 9.1.15
< 9.0.17
< 8.1.24
none
All
All
All
>= 10.1.6
>= 10.0.11
>= 9.1.15
>= 9.0.17
>= 8.1.24
All
2023-04-122023-04-19
6.3CVE-2023-0006 GlobalProtect App: Local File Deletion Vulnerability
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.2
< 6.1.1 on Windows
< 6.0.4 on Windows
< 5.2.13 on Windows
>= 6.1.1 on Windows
>= 6.0.4 on Windows
>= 5.2.13 on Windows
2023-04-122023-04-12
4.1CVE-2023-0005 PAN-OS: Exposure of Sensitive Information Vulnerability
Cloud NGFW
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
none
none
< 10.2.3
< 10.1.8
< 10.0.12
< 9.1.15
< 9.0.17
< 8.1.24
none
All
All
>= 10.2.3
>= 10.1.8
>= 10.0.12
>= 9.1.15
>= 9.0.17
>= 8.1.24
All
2023-04-122023-04-12
iPAN-SA-2023-0002 Informational Bulletin: Impact of Rorschach Ransomware
Cortex XDR Agent 5.0
Cortex XDR Agent 7.5 CE
Cortex XDR Agent 7.8
Cortex XDR Agent 7.9 CE
Cortex XDR Agent 8.0
All agents on Windows
All agents on Windows
< Agents with content update earlier than CU-240 on Windows
< Agents with content update earlier than CU-240 on Windows
< Agents with content update earlier than CU-240 on Windows
none
none
>= Agents with CU-240 or a later content update on Windows
>= Agents with CU-240 or a later content update on Windows
>= Agents with CU-240 or a later content update on Windows
2023-04-042023-04-12
6.5CVE-2023-0003 Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server
Cortex XSOAR 8.1
Cortex XSOAR 6.10
Cortex XSOAR 6.9
Cortex XSOAR 6.8
Cortex XSOAR 6.6
none
< 6.10.0.185964
< 6.9.B185415
< 6.8.B185719
< 6.6.B186115
all
>= 6.10.0.185964
>= 6.9.B185415
>= 6.8.B185719
>= 6.6.B186115
2023-02-082023-02-08
6CVE-2023-0001 Cortex XDR Agent: Cleartext Exposure of Agent Admin Password
Cortex XDR Agent 7.9
Cortex XDR Agent 7.8
Cortex XDR Agent 7.5
Cortex XDR Agent 5.0
none
none
< 7.5.101-CE on Windows
none
all
all
>= 7.5.101-CE on Windows
all
2023-02-082023-02-08
5.5CVE-2023-0002 Cortex XDR Agent: Product Disruption by Local Windows User
Cortex XDR Agent 7.9
Cortex XDR Agent 7.8
Cortex XDR Agent 7.5
Cortex XDR Agent 5.0
none
none
< 7.5.101-CE on Windows
< 5.0.12.22203 on Windows
all
all
>= 7.5.101-CE on Windows
>= 5.0.12.22203 on Windows
2023-02-082023-02-08
iPAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023
none
all
2023-02-082023-02-08
iCVE-2023-22809 Impact of Sudo Vulnerability CVE-2023-22809
none
all
2023-02-082023-02-08
iPAN-SA-2022-0007 Impact of OpenSSL 3.0 Vulnerability CVE-2022-3996
none
all
2022-12-232022-12-23
6.7CVE-2022-0031 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine
Cortex XSOAR 6.9
Cortex XSOAR 6.8
Cortex XSOAR 6.6
Cortex XSOAR 6.5
< 6.9.0.130766 on Linux, <= 6.9.0.3387847 on Linux
all
all
all
>= 6.9.0.130766 on Linux
none
none
none
2022-11-092022-11-19
1 - 25 of 338 Download
N = Exploitable over the network with low complexity, unauthenticated attack.
© 2023 Palo Alto Networks, Inc. All rights reserved.