Get support
Security advisories
Report vulnerabilities
Subscribe
RSS feed
Palo Alto Networks Security Advisories
Clear
Options
version
severity
CRITICAL
HIGH
MEDIUM
LOW
NONE
product
Demisto
1
Expedition
6
GlobalProtect
2
GlobalProtect Agent
10
GlobalProtect App
1
MineMeld
1
NetConnect
1
PAN-OS
155
Secdo
3
Terminal Services Agent
3
Traps
2
Traps ESM Console
2
Traps ESM Core
1
Twistlock Console
1
Update server
1
User-ID agent
1
VM-Series Plugin
1
WildFire Appliance
3
WildFire Cloud
2
Zingbox Inspector
11
Clear
1 - 25 of 205
Newest
Updated
Severe
Earliest published
Earliest updated
Least Severe
Sort ID ↑
Sort ID ↓
CVSS
Summary
Versions
Affected
Unaffected
Published
Updated
9
CVE-2020-2018 PAN-OS: Panorama authentication bypass vulnerability
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 7.1.26
< 8.1.12
< 9.0.6
8.0.*
>= 7.1.26
>= 8.1.12
>= 9.0.6
2020-05-13
2020-05-14
8.8
CVE-2020-2017 PAN-OS: DOM-Based cross site scripting vulnerability in management web interface
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 7.1.26
< 8.1.13
< 9.0.6
8.0.*
>= 7.1.26
>= 8.1.13
>= 9.0.6
>= 9.1.0
>= 9.2.0
2020-05-13
2020-05-13
8.8
CVE-2020-2015 PAN-OS: Buffer overflow in the management server
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
PAN-OS 9.1
< 9.0.7
< 7.1.26
< 8.1.13
< 9.1.1
8.0.*
8.0.*
>= 9.0.7
>= 7.1.26
>= 8.1.13
>= 9.1.1
>= 9.2.0
2020-05-13
2020-05-13
8.8
CVE-2020-2014 PAN-OS: OS injection vulnerability in PAN-OS management server
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 8.1.14
< 9.0.7
8.0.*
7.1.*
>= 8.1.14
>= 9.0.7
>= 9.1.0
2020-05-13
2020-05-13
8.3
CVE-2020-2013 PAN-OS: Panorama context switch session cookie disclosure
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
PAN-OS 9.1
< 9.0.6
< 7.1.26
< 8.1.13
< 9.1.1
8.0.*
>= 9.0.6
>= 7.1.26
>= 8.1.13
>= 9.1.1
2020-05-13
2020-05-13
8.1
CVE-2020-2002 PAN-OS: Spoofed Kerberos key distribution center authentication bypass
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 8.1.13
< 9.0.6
< 7.1.26
8.0.*
>= 8.1.13
>= 9.0.6
>= 7.1.26
2020-05-13
2020-05-13
8.1
CVE-2020-2001 PAN-OS: Panorama External control of file vulnerability leads to privilege escalation
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 8.1.12
< 9.0.6
8.0.*
7.1.*
>= 8.1.12
>= 9.0.6
2020-05-13
2020-05-13
7.8
PAN-SA-2020-0005 PAN-OS: OpenSSH software upgraded to resolve multiple vulnerabilities
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 7.1.26
< 8.1.13
< 9.0.1
8.0.*
>= 7.1.26
>= 8.1.13
>= 9.0.1
2020-05-13
2020-05-13
7.5
N
PAN-SA-2020-0006 PAN-OS: Nginx software upgraded to resolve multiple vulnerabilities
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 8.1.14
< 9.0.7
7.1.*
8.0.*
>= 8.1.14
>= 9.0.7
2020-05-13
2020-05-13
7.5
N
CVE-2020-2011 PAN-OS: Panorama registration denial of service
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 8.1.14
< 9.0.7
7.1.*
8.0.*
8.0.*
>= 8.1.14
>= 9.0.7
>= 9.1.0
2020-05-13
2020-05-20
7.5
N
CVE-2020-2012 PAN-OS: Panorama: XML external entity reference ('XXE') vulnerability leads the to information leak
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 8.1.13
< 9.0.7
8.0.*
7.1.*
>= 8.1.13
>= 9.0.7
>= 9.1.0
>= 9.2.0
2020-05-13
2020-05-13
7.2
CVE-2020-2008 PAN-OS: OS command injection or arbitrary file deletion vulnerability
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
< 8.1.14
8.0.*
7.1.*
>= 9.0.0
>= 8.1.14
2020-05-13
2020-05-13
7.2
CVE-2020-2007 PAN-OS: OS command injection in management server
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 9.0.7
< 8.1.14
7.1.*
8.0.*
>= 9.0.7
>= 8.1.14
2020-05-13
2020-05-13
7.2
CVE-2020-2009 PAN-OS: Panorama SD WAN arbitrary file creation
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 8.1.14
< 9.0.7
7.1.*
8.0.*
>= 8.1.14
>= 9.0.7
2020-05-13
2020-05-13
7.2
CVE-2020-2010 PAN-OS: Authenticated user command injection vulnerability
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 9.0.7
< 8.1.14
8.0.*
7.1.*
>= 9.0.7
>= 8.1.14
>= 9.1.0
>= 9.2.0
2020-05-13
2020-05-13
7.2
CVE-2020-2006 PAN-OS: Buffer overflow in management server payload parser
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
< 8.1.14
7.1.*
8.0.*
>= 8.1.14
2020-05-13
2020-05-13
7.1
CVE-2020-2005 PAN-OS: GlobalProtect Clientless VPN session hijacking
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 7.1.26
< 8.1.13
< 9.0.7
8.0.*
>= 7.1.26
>= 8.1.13
>= 9.0.7
2020-05-13
2020-05-13
7
CVE-2020-2016 PAN-OS: Temporary file race condition vulnerability in PAN-OS leads to local privilege escalation
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
< 7.1.26
< 8.1.13
< 9.0.6
8.0.*
>= 7.1.26
>= 8.1.13
>= 9.0.6
>= 9.1.0
>= 9.2.0
2020-05-13
2020-05-13
6.8
CVE-2020-2004 GlobalProtect App: Passwords may be logged in clear text while collecting troubleshooting logs
GlobalProtect App 5.0
GlobalProtect App 5.1
< 5.0.9 on Windows and MacOS
< 5.1.2 on Windows and MacOS
>= 5.0.9
>= 5.1.2
2020-05-13
2020-05-13
6.5
CVE-2020-2003 PAN-OS: Authenticated administrator can delete arbitrary system file
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
PAN-OS 9.1
< 8.1.14
< 9.0.7
< 9.1.1
7.1.*
8.0.*
>= 8.1.14
>= 9.0.7
>= 9.1.1
2020-05-13
2020-05-13
5.4
CVE-2020-1998 PAN-OS: Improper SAML SSO authorization of shared local users
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 8.1.13
< 7.1.26
< 9.0.6
< 9.1.1
8.0.*
>= 8.1.13
>= 7.1.26
>= 9.0.6
>= 9.1.1
2020-05-13
2020-05-13
5.3
N
CVE-2017-7529 PAN-OS: Nginx integer overflow may lead to information leak
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 7.1.26
< 8.1.13
< 9.0.6
8.0.*
>= 7.1.26
>= 8.1.13
>= 9.0.6
>= 9.1.0
>= 9.2.0
2020-05-13
2020-05-13
5.3
N
CVE-2020-1997 PAN-OS: GlobalProtect registration open redirect
PAN-OS 7.1
PAN-OS 8.0
< 7.1.26
< 8.0.14
>= 7.1.26
>= 8.0.14
>= 8.1.0
>= 9.0.0
>= 9.1.0
2020-05-13
2020-05-14
5.3
N
CVE-2020-1996 PAN-OS: Panorama management server log injection
PAN-OS 7.1
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0
< 8.1.14
< 9.0.9
7.1.*
8.0.*
>= 8.1.14
>= 9.0.9
2020-05-13
2020-05-15
4.9
CVE-2020-1995 PAN-OS: Management server rasmgr denial of service
PAN-OS 9.1
< 9.1.2
>= 9.1.2
>= 9.1.0
2020-05-13
2020-05-13
1 - 25 of 205
N
= Exploitable over the network with low complexity, unauthenticated attack.
© 2020 Palo Alto Networks, Inc. All rights reserved.