| | Versions | Affected | Unaffected | | |
|---|
| 7.5 N | CVE-2023-38802 PAN-OS: Denial-of-Service (DoS) Vulnerability in BGP Software | Cloud NGFW PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 Prisma Access Prisma SD-WAN ION 6.2 Prisma SD-WAN ION 6.1 Prisma SD-WAN ION 5.6 | none < 11.0.3 < 10.2.6 < 10.1.11 <= 9.1.16 Customers whose most recent software upgrade was before 09/30 < 6.2.3 < 6.1.5 none | All >= 11.0.3 (ETA: Week of 10/16) >= 10.2.6 >= 10.1.11 >= 9.1.16-HF (ETA: Week of 10/02) Customers who have received a software upgrade or are using new software on or after 09/30 >= 6.2.3 (ETA: Week of 11/27) >= 6.1.5 (ETA: Week of 10/02) All | 2023-09-13 | 2023-09-28 |
| 5.5 | CVE-2023-3280 Cortex XDR Agent: Local Windows User Can Disable the Agent | Cortex XDR Agent 8.1 Cortex XDR Agent 8.0 Cortex XDR Agent 7.9-CE Cortex XDR Agent 7.9 Cortex XDR Agent 7.5-CE Cortex XDR Agent 5.0 | none < 8.0.2 on Windows < 7.9.101-CE on Windows < 7.9.3 on Windows All on Windows All on Windows | All >= 8.0.2 with CU-1000 or a later content update on Windows >= 7.9.101-CE with CU-1000 or a later content update on Windows >= 7.9.3 with CU-1000 or a later content update on Windows none none | 2023-09-13 | 2023-09-22 |
| i | PAN-SA-2023-0004 Informational Bulletin: Impact of TunnelCrack Vulnerabilities (CVE-2023-36671, CVE-2023-36672, CVE-2023-35838, and CVE-2023-36673) | PAN-OS with GlobalProtect app on Android and ChromeOS PAN-OS with GlobalProtect app on iOS PAN-OS with GlobalProtect app on Windows, macOS, and Linux Prisma Access with GlobalProtect app on Android and ChromeOS Prisma Access with GlobalProtect app on iOS Prisma Access with GlobalProtect app on Windows, macOS, and Linux | LocalNet: None, ServerIP: Gateways with address set as an FQDN LocalNet: Third-party apps with the "Local Network" permission enabled and Apple apps, ServerIP: Gateways with address set as an FQDN LocalNet: Configurations allowing local network access, ServerIP: Gateways with address set as an FQDN None LocalNet: Third-party apps with the "Local Network" permission enabled and Apple apps, ServerIP: None LocalNet: Configurations allowing local network access, ServerIP: None | LocalNet: All, ServerIP: Gateways with address set as an IP LocalNet: Third-party apps with the "Local Network" permission disabled, ServerIP: Gateways with address set as an IP LocalNet: "No direct access to local network" enabled, ServerIP: Gateways with address set as an IP All LocalNet: Third-party apps with the "Local Network" permission disabled, ServerIP: All LocalNet: "No direct access to local network" enabled, ServerIP: All | 2023-08-17 | 2023-09-26 |
| 5.5 | CVE-2023-38046 PAN-OS: Read System Files and Resources During Configuration Commit | | none < 11.0.1 < 10.2.4 none none none | All >= 11.0.1 >= 10.2.4 All All all | 2023-07-12 | 2023-07-12 |
| i | PAN-SA-2023-0003 Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708) | | | | 2023-06-16 | 2023-06-20 |
| 7.8 | CVE-2023-0009 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.2 | none < 6.1.1 on Windows < 6.0.5 on Windows < 5.2.13 on Windows | All >= 6.1.1 >= 6.0.5 >= 5.2.13 | 2023-06-14 | 2023-07-31 |
| 5.4 | CVE-2023-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication | Cloud NGFW PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access | none none < 10.2.2 < 10.1.6 < 10.0.11 < 9.1.16 < 9.0.17 < 8.1.24 none | All All >= 10.2.2 >= 10.1.6 >= 10.0.11 >= 9.1.16 >= 9.0.17 >= 8.1.24 All | 2023-06-14 | 2023-06-29 |
| 6.5 | CVE-2023-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface | | none none none < 10.0.7 on Panorama < 9.1.16 on Panorama < 9.0.17 on Panorama < 8.1.25 on Panorama none | All All All >= 10.0.7 on Panorama >= 9.1.16 on Panorama >= 9.0.17 on Panorama >= 8.1.25 on Panorama all | 2023-05-10 | 2023-05-10 |
| 4.4 | CVE-2023-0008 PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface | Cloud NGFW PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access | none < 11.0.1 < 10.2.4 < 10.1.10 < 10.0.12 < 9.1.16 < 9.0.17 < 8.1.25 none | All >= 11.0.1 >= 10.2.4 >= 10.1.10 >= 10.0.12 >= 9.1.16 >= 9.0.17 >= 8.1.25 All | 2023-05-10 | 2023-05-11 |
| 6.5 | CVE-2023-0004 PAN-OS: Local File Deletion Vulnerability | Cloud NGFW PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access | none none none < 10.1.6 < 10.0.11 < 9.1.15 < 9.0.17 < 8.1.24 none | All All All >= 10.1.6 >= 10.0.11 >= 9.1.15 >= 9.0.17 >= 8.1.24 All | 2023-04-12 | 2023-04-19 |
| 6.3 | CVE-2023-0006 GlobalProtect App: Local File Deletion Vulnerability | GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.2 | < 6.1.1 on Windows < 6.0.4 on Windows < 5.2.13 on Windows | >= 6.1.1 on Windows >= 6.0.4 on Windows >= 5.2.13 on Windows | 2023-04-12 | 2023-04-12 |
| 4.1 | CVE-2023-0005 PAN-OS: Exposure of Sensitive Information Vulnerability | Cloud NGFW PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access | none none < 10.2.3 < 10.1.8 < 10.0.12 < 9.1.15 < 9.0.17 < 8.1.24 none | All All >= 10.2.3 >= 10.1.8 >= 10.0.12 >= 9.1.15 >= 9.0.17 >= 8.1.24 All | 2023-04-12 | 2023-04-12 |
| i | PAN-SA-2023-0002 Informational Bulletin: Impact of Rorschach Ransomware | Cortex XDR Agent 5.0 Cortex XDR Agent 7.5 CE Cortex XDR Agent 7.8 Cortex XDR Agent 7.9 CE Cortex XDR Agent 8.0 | All agents on Windows All agents on Windows < Agents with content update earlier than CU-240 on Windows < Agents with content update earlier than CU-240 on Windows < Agents with content update earlier than CU-240 on Windows | none none >= Agents with CU-240 or a later content update on Windows >= Agents with CU-240 or a later content update on Windows >= Agents with CU-240 or a later content update on Windows | 2023-04-04 | 2023-04-12 |
| 6.5 | CVE-2023-0003 Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server | Cortex XSOAR 8.1 Cortex XSOAR 6.10 Cortex XSOAR 6.9 Cortex XSOAR 6.8 Cortex XSOAR 6.6 | none < 6.10.0.185964 < 6.9.B185415 < 6.8.B185719 < 6.6.B186115 | all >= 6.10.0.185964 >= 6.9.B185415 >= 6.8.B185719 >= 6.6.B186115 | 2023-02-08 | 2023-02-08 |
| 6 | CVE-2023-0001 Cortex XDR Agent: Cleartext Exposure of Agent Admin Password | Cortex XDR Agent 7.9 Cortex XDR Agent 7.8 Cortex XDR Agent 7.5 Cortex XDR Agent 5.0 | none none < 7.5.101-CE on Windows none | all all >= 7.5.101-CE on Windows all | 2023-02-08 | 2023-02-08 |
| 5.5 | CVE-2023-0002 Cortex XDR Agent: Product Disruption by Local Windows User | Cortex XDR Agent 7.9 Cortex XDR Agent 7.8 Cortex XDR Agent 7.5 Cortex XDR Agent 5.0 | none none < 7.5.101-CE on Windows < 5.0.12.22203 on Windows | all all >= 7.5.101-CE on Windows >= 5.0.12.22203 on Windows | 2023-02-08 | 2023-02-08 |
| i | PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023 | | | | 2023-02-08 | 2023-02-08 |
| i | CVE-2023-22809 Impact of Sudo Vulnerability CVE-2023-22809 | | | | 2023-02-08 | 2023-02-08 |
| i | PAN-SA-2022-0007 Impact of OpenSSL 3.0 Vulnerability CVE-2022-3996 | | | | 2022-12-23 | 2022-12-23 |
| 6.7 | CVE-2022-0031 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine | Cortex XSOAR 6.9 Cortex XSOAR 6.8 Cortex XSOAR 6.6 Cortex XSOAR 6.5 | < 6.9.0.130766 on Linux, <= 6.9.0.3387847 on Linux all all all | >= 6.9.0.130766 on Linux none none none | 2022-11-09 | 2022-11-19 |
| i | CVE-2022-42889 Impact of Apache Text Commons Vulnerability CVE-2022-42889 | | | | 2022-11-09 | 2022-11-09 |
| i | PAN-SA-2022-0006 Impact of OpenSSL 3.0 Vulnerabilities CVE-2022-3786 and CVE-2022-3602 | | | | 2022-10-31 | 2022-11-09 |
| 8.1 | CVE-2022-0030 PAN-OS: Authentication Bypass in Web Interface | | | | 2022-10-12 | 2022-10-12 |
| 5.5 | CVE-2022-0029 Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File | Cortex XDR Agent 7.5 CE Cortex XDR Agent 7.8 Cortex XDR Agent 7.7 Cortex XDR Agent 5.0 | < 7.5.101-CE on Windows none < 7.7.3 on Windows < 5.0.12-hotfix update on Windows | >= 7.5.101-CE all >= 7.7.3 >= 5.0.12-hotfix update | 2022-09-14 | 2022-09-14 |
| i | PAN-SA-2022-0005 Informational: Cortex XDR Agent: Product Disruption by Local Windows Administrator | | All agents with a content update earlier than CU-860 on Windows | All agents with CU-860 or a later content update | 2022-09-14 | 2023-03-08 |
= Exploitable over the network with low complexity, unauthenticated attack.