Palo Alto Networks Security Advisories

1 - 25 of 326
VersionsAffectedUnaffected
6.5CVE-2023-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface
Cloud NGFW
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
➔ View additional products
none
none
none
< 10.0.7 on Panorama
< 9.1.16 on Panorama
< 9.0.17 on Panorama
< 8.1.25 on Panorama
none
All
All
All
>= 10.0.7 on Panorama
>= 9.1.16 on Panorama
>= 9.0.17 on Panorama
>= 8.1.25 on Panorama
all
2023-05-102023-05-10
4.4CVE-2023-0008 PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface
Cloud NGFW
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
none
< 11.0.1
< 10.2.4
< 10.1.10
< 10.0.12
< 9.1.16
< 9.0.17
< 8.1.25
none
All
>= 11.0.1
>= 10.2.4
>= 10.1.10
>= 10.0.12
>= 9.1.16
>= 9.0.17
>= 8.1.25
All
2023-05-102023-05-11
6.5CVE-2023-0004 PAN-OS: Local File Deletion Vulnerability
Cloud NGFW
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
none
none
none
< 10.1.6
< 10.0.11
< 9.1.15
< 9.0.17
< 8.1.24
none
All
All
All
>= 10.1.6
>= 10.0.11
>= 9.1.15
>= 9.0.17
>= 8.1.24
All
2023-04-122023-04-19
6.3CVE-2023-0006 GlobalProtect App: Local File Deletion Vulnerability
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.2
< 6.1.1 on Windows
< 6.0.4 on Windows
< 5.2.13 on Windows
>= 6.1.1 on Windows
>= 6.0.4 on Windows
>= 5.2.13 on Windows
2023-04-122023-04-12
4.1CVE-2023-0005 PAN-OS: Exposure of Sensitive Information Vulnerability
Cloud NGFW
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
none
none
< 10.2.3
< 10.1.8
< 10.0.12
< 9.1.15
< 9.0.17
< 8.1.24
none
All
All
>= 10.2.3
>= 10.1.8
>= 10.0.12
>= 9.1.15
>= 9.0.17
>= 8.1.24
All
2023-04-122023-04-12
iPAN-SA-2023-0002 Informational Bulletin: Impact of Rorschach Ransomware
Cortex XDR Agent 5.0
Cortex XDR Agent 7.5 CE
Cortex XDR Agent 7.8
Cortex XDR Agent 7.9 CE
Cortex XDR Agent 8.0
All agents on Windows
All agents on Windows
< Agents with content update earlier than CU-240 on Windows
< Agents with content update earlier than CU-240 on Windows
< Agents with content update earlier than CU-240 on Windows
none
none
>= Agents with CU-240 or a later content update on Windows
>= Agents with CU-240 or a later content update on Windows
>= Agents with CU-240 or a later content update on Windows
2023-04-042023-04-12
6.5CVE-2023-0003 Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server
Cortex XSOAR 8.1
Cortex XSOAR 6.10
Cortex XSOAR 6.9
Cortex XSOAR 6.8
Cortex XSOAR 6.6
none
< 6.10.0.185964
< 6.9.B185415
< 6.8.B185719
< 6.6.B186115
all
>= 6.10.0.185964
>= 6.9.B185415
>= 6.8.B185719
>= 6.6.B186115
2023-02-082023-02-08
6CVE-2023-0001 Cortex XDR Agent: Cleartext Exposure of Agent Admin Password
Cortex XDR Agent 7.9
Cortex XDR Agent 7.8
Cortex XDR Agent 7.5
Cortex XDR Agent 5.0
none
none
< 7.5.101-CE on Windows
none
all
all
>= 7.5.101-CE on Windows
all
2023-02-082023-02-08
5.5CVE-2023-0002 Cortex XDR Agent: Product Disruption by Local Windows User
Cortex XDR Agent 7.9
Cortex XDR Agent 7.8
Cortex XDR Agent 7.5
Cortex XDR Agent 5.0
none
none
< 7.5.101-CE on Windows
< 5.0.12.22203 on Windows
all
all
>= 7.5.101-CE on Windows
>= 5.0.12.22203 on Windows
2023-02-082023-02-08
iPAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023
none
all
2023-02-082023-02-08
iCVE-2023-22809 Impact of Sudo Vulnerability CVE-2023-22809
none
all
2023-02-082023-02-08
iPAN-SA-2022-0007 Impact of OpenSSL 3.0 Vulnerability CVE-2022-3996
none
all
2022-12-232022-12-23
6.7CVE-2022-0031 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine
Cortex XSOAR 6.9
Cortex XSOAR 6.8
Cortex XSOAR 6.6
Cortex XSOAR 6.5
< 6.9.0.130766 on Linux, <= 6.9.0.3387847 on Linux
all
all
all
>= 6.9.0.130766 on Linux
none
none
none
2022-11-092022-11-19
iCVE-2022-42889 Impact of Apache Text Commons Vulnerability CVE-2022-42889
none
all
2022-11-092022-11-09
iPAN-SA-2022-0006 Impact of OpenSSL 3.0 Vulnerabilities CVE-2022-3786 and CVE-2022-3602
none
all
2022-10-312022-11-09
8.1CVE-2022-0030 PAN-OS: Authentication Bypass in Web Interface
Cloud NGFW
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 8.1
➔ View additional products
none
none
none
< 8.1.24
none
All
All
All
>= 8.1.24
all
2022-10-122022-10-12
5.5CVE-2022-0029 Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File
Cortex XDR Agent 7.5 CE
Cortex XDR Agent 7.8
Cortex XDR Agent 7.7
Cortex XDR Agent 5.0
< 7.5.101-CE on Windows
none
< 7.7.3 on Windows
< 5.0.12-hotfix update on Windows
>= 7.5.101-CE
all
>= 7.7.3
>= 5.0.12-hotfix update
2022-09-142022-09-14
iPAN-SA-2022-0005 Informational: Cortex XDR Agent: Product Disruption by Local Windows Administrator
Cortex XDR Agent
All agents with a content update earlier than CU-860 on Windows
All agents with CU-860 or a later content update
2022-09-142023-03-08
0CVE-2022-28199 Informational: PAN-OS: Impact of the NVIDIA Dataplane Development Kit (DPDK) Vulnerability CVE-2022-28199
none
all
2022-09-142022-09-14
iPAN-SA-2022-0004 Informational: Cortex XDR Agent: Allow List is Visible to Low Privileged Users
Cortex XDR Agent
All agents with a content update earlier than CU-630 on Windows
All agents with CU-630 or a later content update
2022-09-142022-09-14
8.6 NCVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering
Cloud NGFW
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 3.1
Prisma Access 3.0
➔ View additional products
none
< 10.2.2-h2
< 10.1.6-h6
< 10.0.11-h1
< 9.1.14-h4
< 9.0.16-h3
< 8.1.23-h1
none
none
none
All
>= 10.2.2-h2
>= 10.1.6-h6
>= 10.0.11-h1
>= 9.1.14-h4
>= 9.0.16-h3
>= 8.1.23-h1
All
All
all
2022-08-102022-08-19
iPAN-SA-2022-0003 Informational: Cortex XDR Agent: Proof of Concept (PoC) Reduces Effectiveness of Anti-Ransomware Protection Module
Cortex XDR Agent
All agents with a content update earlier than CU-610
All agents with CU-610 or a later content update
2022-08-102022-08-10
7.2CVE-2022-0024 PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.1.5
< 10.0.10
< 9.1.13
< 9.0.16
< 8.1.23
>= 10.2.0
>= 10.1.5
>= 10.0.10
>= 9.1.13
>= 9.0.16
>= 8.1.23
2022-05-112022-05-11
6.7CVE-2022-0026 Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability
Cortex XDR Agent 7.5 CE
Cortex XDR Agent 7.7
Cortex XDR Agent 7.6
Cortex XDR Agent 7.5
Cortex XDR Agent 7.4
Cortex XDR Agent 6.1
7.5.* without CU-330 on Windows
7.7.* without CU-330 on Windows
7.6.* without CU-330 on Windows
7.5.* without CU-330 on Windows
7.4.* without CU-330 on Windows
6.1.* without CU-330 on Windows
7.5.* with CU-330 on Windows
7.7.* with CU-330 on Windows
7.6.* with CU-330 on Windows
7.5.* with CU-330 on Windows
7.4.* with CU-330 on Windows
6.1.* with CU-330 on Windows
2022-05-112022-05-11
6.7CVE-2022-0025 Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
Cortex XDR Agent 7.5 CE
Cortex XDR Agent 7.7
Cortex XDR Agent 7.6
Cortex XDR Agent 7.5
➔ View additional products
none
< 7.7.1.62043 without CU-500 on Windows
none
none
none
all
7.7.* with CU-500, >= 7.7.1.62043 on Windows
all
all
all
2022-05-112022-05-11
1 - 25 of 326 Download
N = Exploitable over the network with low complexity, unauthenticated attack.
© 2023 Palo Alto Networks, Inc. All rights reserved.