| | Versions | Affected | Unaffected | | |
---|
8.6 | CVE-2024-8686
PAN-OS: Command Injection Vulnerability | | | | 2024-09-11 | 2024-09-11 |
8.6 | PAN-SA-2024-0009
Prisma Access Browser: Monthly Vulnerability Updates | | | | 2024-09-11 | 2024-09-11 |
6.9 | CVE-2024-8687
PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes | Cloud NGFW GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.2 GlobalProtect App 5.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access | none none < 6.2.1 < 6.1.2 < 6.0.7 < 5.2.13 < 5.1.12 none none < 11.0.1 < 10.2.4 < 10.1.9 < 10.0.12 < 9.1.16 < 9.0.17 < 8.1.25 < 10.2.9 on PAN-OS | All All >= 6.2.1 >= 6.1.2 >= 6.0.7 >= 5.2.13 >= 5.1.12 All All >= 11.0.1 >= 10.2.4 >= 10.1.9 >= 10.0.12 >= 9.1.16 >= 9.0.17 >= 8.1.25 >= 10.2.9 on PAN-OS | 2024-09-11 | 2024-09-11 |
6.7 | CVE-2024-8688
PAN-OS: Arbitrary File Read Vulnerability in the Command Line Interface (CLI) | | none none none < 10.1.1 < 10.0.10 < 9.1.15 none | All All All >= 10.1.1 >= 10.0.10 >= 9.1.15 all | 2024-09-11 | 2024-09-11 |
6 | CVE-2024-8689
ActiveMQ Content Pack: Cleartext Exposure of Credentials | ActiveMQ Content Pack 1.1 | | | 2024-09-11 | 2024-09-11 |
5.6 | CVE-2024-8690
Cortex XDR Agent: Local Windows Administrator Can Disable the Agent | Cortex XDR Agent 8.5 Cortex XDR Agent 8.4 Cortex XDR Agent 8.3-CE Cortex XDR Agent 8.3 Cortex XDR Agent 8.2 Cortex XDR Agent 7.9.102-CE | | | 2024-09-11 | 2024-09-11 |
5.3 | CVE-2024-8691
PAN-OS: User Impersonation in GlobalProtect Portal | | none none none < 10.1.11 < 9.1.17 none | All All All >= 10.1.11 >= 9.1.17 all | 2024-09-11 | 2024-09-11 |
i | PAN-SA-2024-0008
Informational Bulletin: Impact of OSS CVEs in PAN-OS | | | | 2024-09-04 | |
i | CVE-2024-5535
Informational Bulletin: Impact of OpenSSL Vulnerabilities CVE-2024-5535 and CVE-2024-6119 | | | | 2024-08-22 | 2024-09-04 |
8.6 | PAN-SA-2024-0007
Prisma Access Browser: Monthly Vulnerability Updates | | | | 2024-08-14 | 2024-08-14 |
7 | CVE-2024-5914
Cortex XSOAR: Command Injection in CommonScripts Pack | Cortex XSOAR CommonScripts | | | 2024-08-14 | 2024-08-14 |
6 | CVE-2024-5916
PAN-OS: Cleartext Exposure of External System Secrets | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 Prisma Access | Before 8/15 on Azure, Before 8/23 on AWS none < 11.0.4 < 10.2.8 none none none | On or after 8/15 on Azure, On or after 8/23 on AWS All >= 11.0.4 >= 10.2.8 All All All | 2024-08-14 | 2024-08-14 |
5.2 | CVE-2024-5915
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.1 | < 6.3.1 on Windows < 6.2.4 on Windows < 6.1.5 on Windows < 6.0.x on Windows < 5.1.x on Windows | >= 6.3.1 (ETA: end of August) on Windows >= 6.2.4 on Windows >= 6.1.5 on Windows >= 6.0.x (ETA: November 2024) on Windows >= 5.1.x (ETA: December 2024) on Windows | 2024-08-14 | 2024-08-15 |
9.3
N | CVE-2024-5910
Expedition: Missing Authentication Leads to Admin Account Takeover | | | | 2024-07-10 | 2024-07-10 |
7 | CVE-2024-5911
PAN-OS: File Upload Vulnerability in the Panorama Web Interface | | none none none < 10.2.4 on Panorama < 10.1.9 on Panorama none | All All All >= 10.2.4 on Panorama >= 10.1.9 on Panorama all | 2024-07-10 | 2024-07-10 |
6.8 | CVE-2024-5912
Cortex XDR Agent: Improper File Signature Verification Checks | Cortex XDR Agent 8.5 Cortex XDR Agent 8.4 Cortex XDR Agent 8.3-CE Cortex XDR Agent 8.3 Cortex XDR Agent 8.2 Cortex XDR Agent 7.9-CE | None None None None < 8.2.2 < 7.9.102-CE | All All All All >= 8.2.2 >= 7.9.102-CE | 2024-07-10 | 2024-07-10 |
5.4 | CVE-2024-5913
PAN-OS: Improper Input Validation Vulnerability in PAN-OS | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.1 < 11.1.4 < 11.0.5 < 10.2.10 < 10.1.14-h2 None | All >= 11.2.1 >= 11.1.4 >= 11.0.5 >= 10.2.10 >= 10.1.14-h2 All | 2024-07-10 | 2024-07-10 |
5.3 | CVE-2024-3596
PAN-OS: CHAP and PAP When Used with RADIUS Authentication Lead to Privilege Escalation | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 Prisma Access | None None < 11.1.3 < 11.0.4-h5, < 11.0.6 < 10.2.10 < 10.1.14 < 9.1.19 All | All All >= 11.1.3 >= 11.0.4-h5, 11.0.6 (ETA: 9/26) >= 10.2.10 >= 10.1.14 >= 9.1.19 None (Fix ETA: September 15) | 2024-07-10 | 2024-07-26 |
i | PAN-SA-2024-0006
Informational Bulletin: Expedition Installation Script Resets Root Password | Expedition initSetup_v2.0 | | | 2024-07-10 | 2024-07-10 |
i | CVE-2024-6387
Informational Bulletin: Impact of OpenSSH regreSSHion Vulnerability | Cloud NGFW PAN-OS Prisma Access | | | 2024-07-01 | 2024-07-03 |
6.8 | CVE-2024-5909
Cortex XDR Agent: Local Windows User Can Disable the Agent | Cortex XDR Agent 8.4 Cortex XDR Agent 8.3 Cortex XDR Agent 8.2 Cortex XDR Agent 8.1 Cortex XDR Agent 7.9-CE | None None < 8.2.1 on Windows < 8.1.2 on Windows < 7.9.102-CE on Windows | All All >= 8.2.1 on Windows >= 8.1.2 on Windows >= 7.9.102-CE on Windows | 2024-06-12 | 2024-06-12 |
5.5 | CVE-2024-5908
GlobalProtect App: Encrypted Credential Exposure via Log Files | GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.1 | < 6.2.3 on Windows and macOS, None on Linux < 6.1.3 on Windows and macOS, None on Android and iOS, < 6.1.3 on Linux < 6.0.8 on Windows and macOS, All on Linux < 5.1.12 on Windows and macOS, All on Linux | >= 6.2.3 on Windows and macOS, All on Linux >= 6.1.3 on Windows and macOS, All on Android and iOS, >= 6.1.3 on Linux >= 6.0.8 on Windows and macOS, None on Linux >= 5.1.12 on Windows and macOS, None on Linux | 2024-06-12 | 2024-08-14 |
5.2 | CVE-2024-5907
Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability | Cortex XDR Agent 8.4 Cortex XDR Agent 8.3 Cortex XDR Agent 8.2 Cortex XDR Agent 8.1 Cortex XDR Agent 7.9-CE | None < 8.3.1 on Windows < 8.2.3 on Windows All < 7.9.102-CE on Windows | All >= 8.3.1 on Windows >= 8.2.3 on Windows None >= 7.9.102-CE on Windows | 2024-06-12 | 2024-06-12 |
4.8 | CVE-2024-5906
Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface | | < 32.05 (O’Neal - Update 5) | >= 32.05 (O’Neal - Update 5) | 2024-06-12 | 2024-06-12 |
2 | CVE-2024-5905
Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent | Cortex XDR Agent 8.4 Cortex XDR Agent 8.3 Cortex XDR Agent 8.2 Cortex XDR Agent 8.1 Cortex XDR Agent 7.9-CE | None None < 8.2.1 on Windows < 8.1.2 on Windows < 7.9.102-CE on Windows | All All >= 8.2.1 on Windows >= 8.1.2 on Windows >= 7.9.102-CE on Windows | 2024-06-12 | 2024-06-12 |
=
Exploitable over the network with low complexity, unauthenticated attack.