Palo Alto Networks Security Advisories

Clear
version
severity
product
Clear
1 - 25 of 281
VersionsAffectedUnaffected
0CVE-2021-41617 Informational: Impact of the OpenSSH Vulnerability CVE-2021-41617 on PAN-OS
PAN-OS
none
all
2021-11-302021-11-30
9.8 NCVE-2021-3064 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces
Prisma Access 2.2
Prisma Access 2.1
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
none
none
none
none
none
< 8.1.17
all
all
10.1.*
10.0.*
9.1.*
9.0.*
>= 8.1.17
2021-11-102021-11-10
8.8CVE-2021-3056 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication
Prisma Access 2.2
Prisma Access 2.1
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
Preferred
none
< 10.0.1
< 9.1.9
< 9.0.14
< 8.1.20
all
Innovation
10.1.*
>= 10.0.1
>= 9.1.9
>= 9.0.14
>= 8.1.20
2021-11-102021-11-10
8.8CVE-2021-3058 PAN-OS: OS Command Injection Vulnerability in Web Interface XML API
Prisma Access 2.2
Prisma Access 2.1
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
none
< 10.1.3
< 10.0.8
< 9.1.11-h2
< 9.0.14-h3
< 8.1.20-h1
all
all
>= 10.1.3
>= 10.0.8
>= 9.1.11-h2
>= 9.0.14-h3
>= 8.1.20-h1
2021-11-102021-11-10
8.1CVE-2021-3059 PAN-OS: OS Command Injection Vulnerability When Performing Dynamic Updates
Prisma Access 2.2
Prisma Access 2.1
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
none
< 10.1.3
< 10.0.8
< 9.1.11-h2
< 9.0.14-h3
< 8.1.20-h1
all
all
>= 10.1.3
>= 10.0.8
>= 9.1.11-h2
>= 9.0.14-h3
>= 8.1.20-h1
2021-11-102021-11-17
8.1CVE-2021-3060 PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP)
Prisma Access 2.2
Prisma Access 2.1
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
Preferred, Innovation
< 10.1.3
< 10.0.8
< 9.1.11-h2
< 9.0.14-h3
< 8.1.20-h1
all
none
>= 10.1.3
>= 10.0.8
>= 9.1.11-h2
>= 9.0.14-h3
>= 8.1.20-h1
2021-11-102021-11-10
8.1CVE-2021-3062 PAN-OS: Improper Access Control Vulnerability Exposing AWS Instance Metadata Endpoint to GlobalProtect Users
Prisma Access 2.2
Prisma Access 2.1
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
none
none
< 10.0.8 on VM-Series
< 9.1.11 on VM-Series
< 9.0.14 on VM-Series
< 8.1.20 on VM-Series
all
all
10.1.* on VM-Series
>= 10.0.8 on VM-Series
>= 9.1.11 on VM-Series
>= 9.0.14 on VM-Series
>= 8.1.20 on VM-Series
2021-11-102021-11-17
7.5 NCVE-2021-3063 PAN-OS: Denial-of-Service (DoS) Vulnerability in GlobalProtect Portal and Gateway Interfaces
Prisma Access 2.2
Prisma Access 2.1
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
none
< 10.1.3
< 10.0.8-h4
< 9.1.11-h3
< 9.0.14-h4
< 8.1.21
all
all
>= 10.1.3
>= 10.0.8-h4
>= 9.1.11-h3
>= 9.0.14-h4
>= 8.1.21
2021-11-102021-11-14
6.4CVE-2021-3061 PAN-OS: OS Command Injection Vulnerability in the Command Line Interface (CLI)
Prisma Access 2.2
Prisma Access 2.1
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
none
< 10.1.3
< 10.0.8
< 9.1.11-h2
< 9.0.14-h3
< 8.1.20-h1
all
all
>= 10.1.3
>= 10.0.8
>= 9.1.11-h2
>= 9.0.14-h3
>= 8.1.20-h1
2021-11-102021-11-23
8.1CVE-2021-3057 GlobalProtect App: Buffer Overflow Vulnerability When Connecting to Portal or Gateway
GlobalProtect App 5.3
GlobalProtect App 5.2
GlobalProtect App 5.1
GlobalProtect App 5.0
< 5.3.1 on Linux
< 5.2.8 on Windows, Universal Windows Platform, Linux, MacOS
< 5.1.9 on Windows, Universal Windows Platform, Linux, MacOS
5.0.* on Windows, Universal Windows Platform, Linux, MacOS
>= 5.3.1 on Linux
>= 5.2.8 on Windows, Universal Windows Platform, MacOS
>= 5.1.9 on Windows, Universal Windows Platform, Linux, MacOS
none
2021-10-132021-11-23
3.7CVE-2020-1968 PAN-OS: Impact of the Raccoon Attack Vulnerability CVE-2020-1968
Prisma Access 2.2
Prisma Access 2.1
Prisma Access 2.0
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
Preferred
Preferred
none
none
9.1.*
9.0.*
8.1.*
Preferred
Innovation
Innovation
10.1.*
10.0.*
none
none
none
2021-10-132021-11-10
8.1CVE-2020-10188 PAN-OS: Impact of Telnet Remote-Code-Execution (RCE) Vulnerability (CVE-2020-10188)
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.0.6
< 9.1.9
< 9.0.14
< 8.1.20
10.1.*
>= 10.0.6
>= 9.1.9
>= 9.0.14
>= 8.1.20
2021-09-082021-09-08
8.1CVE-2021-3051 Cortex XSOAR: Authentication Bypass in SAML Authentication
Cortex XSOAR 6.2.0
Cortex XSOAR 6.1.0
Cortex XSOAR 5.5.0
< 1578666
< 1578663
< 1578677
>= 1578666
>= 1578663
>= 1578677
2021-09-082021-09-13
8CVE-2021-3052 PAN-OS: Reflected Cross-Site Scripting (XSS) in Web Interface
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.0.2
< 9.1.10
< 9.0.14
< 8.1.20
10.1.*
>= 10.0.2
>= 9.1.10
>= 9.0.14
>= 8.1.20
2021-09-082021-09-13
7.5 NCVE-2021-3053 PAN-OS: Exceptional Condition Denial-of-Service (DoS)
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.0.5
< 9.1.9
< 9.0.14
< 8.1.20
10.1.*
>= 10.0.5
>= 9.1.9
>= 9.0.14
>= 8.1.20
2021-09-082021-09-13
7.2CVE-2021-3054 PAN-OS: Unsigned Code Execution During Plugin Installation Race Condition Vulnerability
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.1.2
< 10.0.7
< 9.1.11
< 9.0.14
< 8.1.20
>= 10.1.2
>= 10.0.7
>= 9.1.11
>= 9.0.14
>= 8.1.20
2021-09-082021-09-13
6.5CVE-2021-3055 PAN-OS: XML External Entity (XXE) Reference Vulnerability in the PAN-OS Web Interface
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.0.6
< 9.1.10
< 9.0.14
< 8.1.20
10.1.*
>= 10.0.6
>= 9.1.10
>= 9.0.14
>= 8.1.20
2021-09-082021-09-13
2.6CVE-2021-3049 Cortex XSOAR: Improper Authorization of Incident Investigations Vulnerability
Cortex XSOAR 6.2.0
Cortex XSOAR 6.1.0
Cortex XSOAR 5.5.0
none
< 12099345
all
all
>= 12099345
none
2021-09-082021-09-08
8.8CVE-2021-3050 PAN-OS: OS Command Injection Vulnerability in Web Interface
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
>= 10.1.0
>= 10.0.0
>= 9.1.4
>= 9.0.10
none
>= 10.1.2
>= 10.0.8
>= 9.1.11
>= 9.0.15
8.1.*
2021-08-112021-08-11
6.8CVE-2021-3046 PAN-OS: Improper SAML Authentication Vulnerability in GlobalProtect Portal
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.0.5
< 9.1.9
< 9.0.14
< 8.1.19
10.1.*
>= 10.0.5
>= 9.1.9
>= 9.0.14
>= 8.1.19
2021-08-112021-08-11
5.9CVE-2021-3048 PAN-OS: Invalid URLs in an External Dynamic List (EDL) can Lead to Firewall Outage
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.0.5
< 9.1.9
< 9.0.14
none
10.1.*
>= 10.0.5
>= 9.1.9
>= 9.0.14
8.1.*
2021-08-112021-08-11
4.9CVE-2021-3045 PAN-OS: OS Command Argument Injection in Web Interface
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
none
< 9.1.10
< 9.0.14
< 8.1.19
10.1.*
10.0.*
>= 9.1.10
>= 9.0.14
>= 8.1.19
2021-08-112021-08-11
4.2CVE-2021-3047 PAN-OS: Weak Cryptography Used in Web Interface Authentication
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.0.4
< 9.1.10
< 9.0.14
< 8.1.19
10.1.*
>= 10.0.4
>= 9.1.10
>= 9.0.14
>= 8.1.19
2021-08-112021-08-11
0CVE-2021-26701 Informational: Impact of Microsoft PowerShell Vulnerability CVE-2021-26701 on Cortex XSOAR
Cortex XSOAR PowerShell Image 7.1
< 7.1.3.20270
>= 7.1.3.20270
2021-08-112021-08-11
7.8CVE-2021-3042 Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation
Cortex XDR Agent 7.3
Cortex XDR Agent 7.2
Cortex XDR Agent 6.1
Cortex XDR Agent 5.0
7.3.* without content update 181 or later on Windows
7.2.* without content update 181 or later on Windows
6.1.* without content update 181 or later on Windows
none
7.3.* with content update 181 or later on Windows
7.2.* with content update 181 or later on Windows
6.1.* with content update 181 or later on Windows
all
2021-07-142021-07-15
1 - 25 of 281 Download
N = Exploitable over the network with low complexity, unauthenticated attack.
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure Policy Report vulnerabilitiesManage subscriptions
© 2020 Palo Alto Networks, Inc. All rights reserved.