| | Versions | Affected | Unaffected | | |
---|
5.7 | CVE-2024-2431 GlobalProtect App: Local User Can Disable GlobalProtect | GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.2 GlobalProtect App 5.1 | none < 6.1.1 < 6.0.4 < 5.2.13 < 5.1.12 | All >= 6.1.1 >= 6.0.4 >= 5.2.13 >= 5.1.12 | 2024-03-13 | 2024-03-13 |
5.2 | CVE-2024-2432 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.1 | < 6.2.1 on Windows < 6.1.2 on Windows < 6.0.8 on Windows < 5.1.12 on Windows | >= 6.2.1 on Windows >= 6.1.2 on Windows >= 6.0.8 on Windows >= 5.1.12 on Windows | 2024-03-13 | 2024-03-18 |
5.1 | CVE-2024-2433 PAN-OS: Improper Privilege Management Vulnerability in Panorama Software Leads to Availability Loss | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 Prisma Access | none none < 11.0.3 on Panorama < 10.2.8 on Panorama < 10.1.12 on Panorama < 9.1.17 on Panorama < 9.0.17-h4 on Panorama none | All All >= 11.0.3 on Panorama >= 10.2.8 on Panorama >= 10.1.12 on Panorama >= 9.1.17 on Panorama >= 9.0.17-h4 on Panorama All | 2024-03-13 | 2024-03-13 |
i | PAN-SA-2024-0002 Impact of Leaky Vessels Vulnerabilities (CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653) | | | | 2024-02-22 | 2024-02-22 |
6.3 | CVE-2024-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface | | none none none < 10.1.6 on Panorama < 10.0.11 on Panorama < 9.1.16 on Panorama < 9.0.17 on Panorama < 8.1.24-h1 on Panorama, < 8.1.25 on Panorama none | All All on Panorama All on Panorama >= 10.1.6 on Panorama >= 10.0.11 on Panorama >= 9.1.16 on Panorama >= 9.0.17 on Panorama >= 8.1.24-h1 on Panorama, >= 8.1.25 on Panorama all | 2024-02-14 | 2024-02-14 |
5.4 | CVE-2024-0008 PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 Prisma Access | none none < 11.0.2 < 10.2.5 < 10.1.10-h1, < 10.1.11 < 10.0.12-h1, < 10.0.13 < 9.1.17 < 9.0.17-h2, < 9.0.18 none | All All >= 11.0.2 >= 10.2.5 >= 10.1.10-h1, >= 10.1.11 >= 10.0.12-h1, >= 10.0.13 >= 9.1.17 >= 9.0.17-h2, >= 9.0.18 All | 2024-02-14 | 2024-02-14 |
5.3 | CVE-2024-0009 PAN-OS: Improper IP Address Verification in GlobalProtect Gateway | | none none < 11.0.1 < 10.2.4 none none | All All >= 11.0.1 >= 10.2.4 All all | 2024-02-14 | 2024-02-14 |
5.1 | CVE-2024-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal | | none none none < 10.1.11-h1, < 10.1.12 < 9.1.17 < 9.0.17-h4 none | All All All >= 10.1.11-h1, >= 10.1.12 >= 9.1.17 >= 9.0.17-h4 all | 2024-02-14 | 2024-02-14 |
5.1 | CVE-2024-0011 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication | | none none none < 10.1.3 < 10.0.11 < 9.1.13 < 9.0.17 < 8.1.24 none | All All All >= 10.1.3 >= 10.0.11 >= 9.1.13 >= 9.0.17 >= 8.1.24 all | 2024-02-14 | 2024-02-24 |
i | PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS | | | | 2024-02-14 | |
i | CVE-2023-48795 Impact of Terrapin SSH Attack | | Devices using affected ciphers | Devices not using affected ciphers | 2024-01-09 | 2024-01-17 |
7.5 | CVE-2023-6790 PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access | none none < 11.0.1 < 10.2.4 < 10.1.9 < 10.0.12 < 9.1.16 < 9.0.17 < 8.1.25 none | All All >= 11.0.1 >= 10.2.4 >= 10.1.9 >= 10.0.12 >= 9.1.16 >= 9.0.17 >= 8.1.25 All | 2023-12-13 | 2023-12-13 |
6.1 | CVE-2023-6791 PAN-OS: Plaintext Disclosure of External System Integration Credentials | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access | none none < 11.0.1 < 10.2.4 < 10.1.9 < 10.0.12 < 9.1.16 < 9.0.17 < 8.1.24-h1 none | All All >= 11.0.1 >= 10.2.4 >= 10.1.9 >= 10.0.12 >= 9.1.16 >= 9.0.17 >= 8.1.24-h1 All | 2023-12-13 | 2023-12-13 |
5.9 | CVE-2023-6792 PAN-OS: OS Command Injection Vulnerability in the XML API | | none none none < 10.1.6 < 10.0.12 < 9.1.15 < 9.0.17 < 8.1.24 none | All All All >= 10.1.6 >= 10.0.12 >= 9.1.15 >= 9.0.17 >= 8.1.24 all | 2023-12-13 | 2023-12-13 |
5.9 | CVE-2023-6795 PAN-OS: OS Command Injection Vulnerability in the Web Interface | | none none none < 10.1.3 < 10.0.9 < 9.1.12 < 9.0.17 < 8.1.24-h1 none | All All All >= 10.1.3 >= 10.0.9 >= 9.1.12 >= 9.0.17 >= 8.1.24-h1 all | 2023-12-13 | 2023-12-13 |
5.9 | CVE-2023-6794 PAN-OS: File Upload Vulnerability in the Web Interface | | none none none < 9.1.14 < 9.0.17-h1 < 8.1.26 none | All All All >= 9.1.14 >= 9.0.17-h1 >= 8.1.26 all | 2023-12-13 | 2023-12-13 |
5.1 | CVE-2023-6793 PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access | none none < 11.0.2 < 10.2.5 < 10.1.11 All < 9.1.17 < 9.0.17-h4 none none | All All >= 11.0.2 >= 10.2.5 >= 10.1.11 None >= 9.1.17 >= 9.0.17-h4 All All | 2023-12-13 | 2023-12-13 |
4.8 | CVE-2023-6789 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access | none none < 11.0.2 < 10.2.5 < 10.1.11 All < 9.1.17 < 9.0.17-h4 < 8.1.26 none | All All >= 11.0.2 >= 10.2.5 >= 10.1.11 None >= 9.1.17 >= 9.0.17-h4 >= 8.1.26 All | 2023-12-13 | 2023-12-13 |
4.9 | CVE-2023-3282 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine | Cortex XSOAR 8 Cortex XSOAR 6.12 Cortex XSOAR 6.11 Cortex XSOAR 6.10 | none none none < 6.10.0.250144 on Linux | All All All >= 6.10.0.250144 on Linux | 2023-11-08 | 2023-11-08 |
i | CVE-2023-38545 Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546) | | | | 2023-10-12 | 2023-10-31 |
4.3 | CVE-2023-3281 Cortex XSOAR: Cleartext Exposure of Client Certificate Key in Kafka v3 Integration | Cortex XSOAR Kafka Integration v3 | | | 2023-10-11 | 2023-10-11 |
i | CVE-2023-44487 Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945) | | | | 2023-10-11 | 2023-10-25 |
0 | CVE-2023-4863 Impact of libwebp Vulnerability CVE-2023-4863 | | | | 2023-10-02 | 2023-10-02 |
8.2 N | CVE-2023-38802 PAN-OS: Denial-of-Service (DoS) Vulnerability in BGP Software | Cloud NGFW PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access Prisma SD-WAN ION 6.2 Prisma SD-WAN ION 6.1 Prisma SD-WAN ION 5.6 | none < 11.0.3 < 10.2.6 < 10.1.11 < 9.1.16-h3 < 9.0.17-h4 < 8.1.26 Customers whose most recent software upgrade was before 09/30 < 6.2.3 < 6.1.5 none | All >= 11.0.3 >= 10.2.6 >= 10.1.11 >= 9.1.16-h3 >= 9.0.17-h4 >= 8.1.26 Customers who have received a software upgrade or are using new software on or after 09/30 >= 6.2.3 >= 6.1.5 All | 2023-09-13 | 2024-01-18 |
5.5 | CVE-2023-3280 Cortex XDR Agent: Local Windows User Can Disable the Agent | Cortex XDR Agent 8.1 Cortex XDR Agent 8.0 Cortex XDR Agent 7.9-CE Cortex XDR Agent 7.9 Cortex XDR Agent 7.5-CE Cortex XDR Agent 5.0 | none < 8.0.2 on Windows < 7.9.101-CE on Windows < 7.9.3 on Windows All on Windows All on Windows | All >= 8.0.2 with CU-1000 or a later content update on Windows >= 7.9.101-CE with CU-1000 or a later content update on Windows >= 7.9.3 with CU-1000 or a later content update on Windows none none | 2023-09-13 | 2023-09-22 |
= Exploitable over the network with low complexity, unauthenticated attack.