Palo Alto Networks Security Advisories

1 - 25 of 216
VersionsAffectedUnaffected
8.1CVE-2020-2034 PAN-OS: OS command injection vulnerability in GlobalProtect portal
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.1.3
< 9.0.9
< 8.1.15
8.0.*
7.1.*
>= 9.1.3
>= 9.0.9
>= 8.1.15
2020-07-082020-07-10
7.2CVE-2020-2030 PAN-OS: OS command injection vulnerability in the management interface
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 8.1.15
8.0.*
7.1.*
>= 9.0.0
>= 8.1.15
>= 9.1.0
2020-07-082020-07-08
4.9CVE-2020-2031 PAN-OS: Integer underflow in the management interface
PAN-OS 9.1
< 9.1.3
>= 9.1.3
9.0.*
8.1.*
2020-07-082020-07-08
4.8CVE-2020-1982 PAN-OS: TLS 1.0 usage for certain communications with Palo Alto Networks cloud delivered services
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
< 9.1.3
< 9.0.9
< 8.1.15
8.0.*
>= 9.1.3
>= 9.0.9
>= 8.1.15
7.1.*
2020-07-082020-07-08
0PAN-SA-2020-0007 Informational: Third-party or open source vulnerabilities that do not impact Palo Alto Networks Products
PAN-OS
all
2020-07-082020-07-08
10 NCVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
PAN-OS 9.1
8.0.*
< 8.1.15
< 9.0.9
< 9.1.3
7.1.*
>= 8.1.15
>= 9.0.9
>= 9.1.3
2020-06-292020-06-29
7.2CVE-2020-2028 PAN-OS: OS command injection vulnerability in FIPS-CC mode certificate verification
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 8.1.13
< 9.0.7
7.1.*
8.0.*
>= 8.1.13
>= 9.0.7
>= 9.1.0
2020-06-102020-06-10
7.2CVE-2020-2029 PAN-OS: OS command injection vulnerability in management interface certificate generator
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
< 7.1.26
< 8.1.13
8.0.*
>= 9.0.0
>= 7.1.26
>= 8.1.13
>= 9.1.0
2020-06-102020-06-10
7.2CVE-2020-2027 PAN-OS: Buffer overflow in authd authentication response
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 8.1.13
< 9.0.7
7.1.*
8.0.*
>= 8.1.13
>= 9.0.7
>= 9.1.0
2020-06-102020-06-10
7CVE-2020-2032 GlobalProtect App: File race condition vulnerability leads to local privilege escalation during upgrade
GlobalProtect App 5.0
GlobalProtect App 5.1
< 5.1.4 on Windows
< 5.0.10 on Windows
>= 5.1.4 on Windows
>= 5.0.10 on Windows
2020-06-102020-06-10
5.3CVE-2020-2033 GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie
GlobalProtect App 5.0
GlobalProtect App 5.1
< 5.1.4
< 5.0.10
>= 5.1.4
>= 5.0.10
2020-06-102020-06-10
9CVE-2020-2018 PAN-OS: Panorama authentication bypass vulnerability
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 7.1.26
< 8.1.12
< 9.0.6
8.0.*
>= 7.1.26
>= 8.1.12
>= 9.0.6
2020-05-132020-05-14
8.8CVE-2020-2017 PAN-OS: DOM-Based cross site scripting vulnerability in management web interface
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 7.1.26
< 8.1.13
< 9.0.6
8.0.*
>= 7.1.26
>= 8.1.13
>= 9.0.6
>= 9.1.0
2020-05-132020-06-10
8.8CVE-2020-2015 PAN-OS: Buffer overflow in the management server
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
PAN-OS 9.1
< 9.0.7
< 7.1.26
< 8.1.13
< 9.1.1
8.0.*
>= 9.0.7
>= 7.1.26
>= 8.1.13
>= 9.1.1
2020-05-132020-06-10
8.8CVE-2020-2014 PAN-OS: OS injection vulnerability in PAN-OS management server
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 8.1.14
< 9.0.7
8.0.*
7.1.*
>= 8.1.14
>= 9.0.7
>= 9.1.0
2020-05-132020-05-13
8.3CVE-2020-2013 PAN-OS: Panorama context switch session cookie disclosure
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
PAN-OS 9.1
< 9.0.6
< 7.1.26
< 8.1.13
< 9.1.1
8.0.*
>= 9.0.6
>= 7.1.26
>= 8.1.13
>= 9.1.1
2020-05-132020-05-13
8.1CVE-2020-2001 PAN-OS: Panorama External control of file vulnerability leads to privilege escalation
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 8.1.12
< 9.0.6
8.0.*
7.1.*
>= 8.1.12
>= 9.0.6
2020-05-132020-05-13
8.1CVE-2020-2002 PAN-OS: Spoofed Kerberos key distribution center authentication bypass
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 8.1.13
< 9.0.6
< 7.1.26
8.0.*
>= 8.1.13
>= 9.0.6
>= 7.1.26
2020-05-132020-05-13
7.8PAN-SA-2020-0005 PAN-OS: OpenSSH software upgraded to resolve multiple vulnerabilities
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 7.1.26
< 8.1.13
< 9.0.1
8.0.*
>= 7.1.26
>= 8.1.13
>= 9.0.1
2020-05-132020-05-13
7.5 NPAN-SA-2020-0006 PAN-OS: Nginx software upgraded to resolve multiple vulnerabilities
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 8.1.14
< 9.0.7
7.1.*
8.0.*
>= 8.1.14
>= 9.0.7
2020-05-132020-05-13
7.5 NCVE-2020-2011 PAN-OS: Panorama registration denial of service
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 8.1.14
< 9.0.7
7.1.*
8.0.*
8.0.*
>= 8.1.14
>= 9.0.7
>= 9.1.0
2020-05-132020-05-20
7.5 NCVE-2020-2012 PAN-OS: Panorama: XML external entity reference ('XXE') vulnerability leads the to information leak
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 8.1.13
< 9.0.7
8.0.*
7.1.*
>= 8.1.13
>= 9.0.7
>= 9.1.0
2020-05-132020-06-10
7.2CVE-2020-2008 PAN-OS: OS command injection or arbitrary file deletion vulnerability
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
< 8.1.14
8.0.*
7.1.*
>= 9.0.0
>= 8.1.14
2020-05-132020-05-13
7.2CVE-2020-2007 PAN-OS: OS command injection in management server
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 9.0.7
< 8.1.14
7.1.*
8.0.*
>= 9.0.7
>= 8.1.14
2020-05-132020-05-13
7.2CVE-2020-2009 PAN-OS: Panorama SD WAN arbitrary file creation
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 8.1.14
< 9.0.7
7.1.*
8.0.*
>= 8.1.14
>= 9.0.7
2020-05-132020-05-13
1 - 25 of 216 Download
N = Exploitable over the network with low complexity, unauthenticated attack.
© 2020 Palo Alto Networks, Inc. All rights reserved.