| | Versions | Affected | Unaffected | | |
|---|
| i | CVE-2024-3094
Informational: Impact of Malicious Code in XZ Tools and Libraries (CVE-2024-3094) | | | | 2024-04-01 | 2024-04-01 |
| i | CVE-2023-38545
Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546) | | | | 2023-10-12 | 2023-10-31 |
| i | CVE-2023-44487
Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945) | | | | 2023-10-11 | 2023-10-25 |
| 5.5 | CVE-2023-3280
Cortex XDR Agent: Local Windows User Can Disable the Agent | Cortex XDR Agent 8.1 Cortex XDR Agent 8.0 Cortex XDR Agent 7.9-CE Cortex XDR Agent 7.9 Cortex XDR Agent 7.5-CE Cortex XDR Agent 5.0 | none < 8.0.2 on Windows < 7.9.101-CE on Windows < 7.9.3 on Windows All on Windows All on Windows | All >= 8.0.2 with CU-1000 or a later content update on Windows >= 7.9.101-CE with CU-1000 or a later content update on Windows >= 7.9.3 with CU-1000 or a later content update on Windows none none | 2023-09-13 | 2023-09-22 |
| i | PAN-SA-2023-0003
Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708) | | | | 2023-06-16 | 2023-06-20 |
| i | PAN-SA-2023-0002
Informational Bulletin: Impact of Rorschach Ransomware | Cortex XDR Agent 5.0 Cortex XDR Agent 7.5 CE Cortex XDR Agent 7.8 Cortex XDR Agent 7.9 CE Cortex XDR Agent 8.0 | All agents on Windows All agents on Windows < Agents with content update earlier than CU-240 on Windows < Agents with content update earlier than CU-240 on Windows < Agents with content update earlier than CU-240 on Windows | none none >= Agents with CU-240 or a later content update on Windows >= Agents with CU-240 or a later content update on Windows >= Agents with CU-240 or a later content update on Windows | 2023-04-04 | 2023-04-12 |
| 6 | CVE-2023-0001
Cortex XDR Agent: Cleartext Exposure of Agent Admin Password | Cortex XDR Agent 7.9 Cortex XDR Agent 7.8 Cortex XDR Agent 7.5 Cortex XDR Agent 5.0 | none none < 7.5.101-CE on Windows none | all all >= 7.5.101-CE on Windows all | 2023-02-08 | 2023-02-08 |
| 5.5 | CVE-2023-0002
Cortex XDR Agent: Product Disruption by Local Windows User | Cortex XDR Agent 7.9 Cortex XDR Agent 7.8 Cortex XDR Agent 7.5 Cortex XDR Agent 5.0 | none none < 7.5.101-CE on Windows < 5.0.12.22203 on Windows | all all >= 7.5.101-CE on Windows >= 5.0.12.22203 on Windows | 2023-02-08 | 2023-02-08 |
| i | PAN-SA-2023-0001
Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023 | | | | 2023-02-08 | 2023-02-08 |
| i | PAN-SA-2022-0007
Impact of OpenSSL 3.0 Vulnerability CVE-2022-3996 | | | | 2022-12-23 | 2022-12-23 |
| i | CVE-2022-42889
Impact of Apache Text Commons Vulnerability CVE-2022-42889 | | | | 2022-11-09 | 2022-11-09 |
| i | PAN-SA-2022-0006
Impact of OpenSSL 3.0 Vulnerabilities CVE-2022-3786 and CVE-2022-3602 | | | | 2022-10-31 | 2022-11-09 |
| 5.5 | CVE-2022-0029
Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File | Cortex XDR Agent 7.5 CE Cortex XDR Agent 7.8 Cortex XDR Agent 7.7 Cortex XDR Agent 5.0 | < 7.5.101-CE on Windows none < 7.7.3 on Windows < 5.0.12-hotfix update on Windows | >= 7.5.101-CE all >= 7.7.3 >= 5.0.12-hotfix update | 2022-09-14 | 2022-09-14 |
| i | PAN-SA-2022-0004
Informational: Cortex XDR Agent: Allow List is Visible to Low Privileged Users | | All agents with a content update earlier than CU-630 on Windows | All agents with CU-630 or a later content update | 2022-09-14 | 2022-09-14 |
| i | PAN-SA-2022-0005
Informational: Cortex XDR Agent: Product Disruption by Local Windows Administrator | | All agents with a content update earlier than CU-860 on Windows | All agents with CU-860 or a later content update | 2022-09-14 | 2023-03-08 |
| i | PAN-SA-2022-0003
Informational: Cortex XDR Agent: Proof of Concept (PoC) Reduces Effectiveness of Anti-Ransomware Protection Module | | All agents with a content update earlier than CU-610 | All agents with CU-610 or a later content update | 2022-08-10 | 2022-08-10 |
| 6.7 | CVE-2022-0026
Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability | Cortex XDR Agent 7.5 CE Cortex XDR Agent 7.7 Cortex XDR Agent 7.6 Cortex XDR Agent 7.5 Cortex XDR Agent 7.4 Cortex XDR Agent 6.1 | 7.5.* without CU-330 on Windows 7.7.* without CU-330 on Windows 7.6.* without CU-330 on Windows 7.5.* without CU-330 on Windows 7.4.* without CU-330 on Windows 6.1.* without CU-330 on Windows | 7.5.* with CU-330 on Windows 7.7.* with CU-330 on Windows 7.6.* with CU-330 on Windows 7.5.* with CU-330 on Windows 7.4.* with CU-330 on Windows 6.1.* with CU-330 on Windows | 2022-05-11 | 2022-05-11 |
| 6.7 | CVE-2022-0025
Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability | | none < 7.7.1.62043 without CU-500 on Windows none none none | all 7.7.* with CU-500, >= 7.7.1.62043 on Windows all all all | 2022-05-11 | 2022-05-11 |
| 3.3 | PAN-SA-2022-0001
Cortex XDR Agent: Supervisor Password Hash Disclosure Vulnerability When Generating Support Files | Cortex XDR Agent 7.5 CE Cortex XDR Agent 7.9 Cortex XDR Agent 7.8 Cortex XDR Agent 7.4 Cortex XDR Agent 5.0 | | | 2022-04-14 | 2023-02-08 |
| i | PAN-SA-2022-0002
Informational: Cortex XDR Agent: Product Disruption by Local Windows Administrator | | | | 2022-04-14 | 2022-05-13 |
| 7.5
N | CVE-2022-0778
Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778 | Cortex XDR Agent 7.7 Cortex XDR Agent 7.6 Cortex XDR Agent 7.5-CE Cortex XDR Agent 7.5 Cortex XDR Agent 7.4 Cortex XDR Agent 6.1 Cortex XSOAR GlobalProtect App 6.0 GlobalProtect App 5.3 GlobalProtect App 5.2 GlobalProtect App 5.1 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access 3.1 Prisma Access 3.0 Prisma Access 2.2 Prisma Access 2.1 Prisma Cloud | < 7.7.0.60725 on Windows, < 7.7.0.2356 on macOS, < 7.7.0.59559 on Linux < 7.6.2.60545 on Windows, < 7.6.2.2311 on macOS, < 7.6.2.59612 on Linux < 7.5.100.60642 on Windows, < 7.5.100.2276 on macOS, < 7.5.100.59687 on Linux < 7.5.3.60113 on Windows, < 7.5.3.2265 on macOS, < 7.5.3.59465 on Linux 7.4.* < 6.1.9.61370 on Windows, < 6.1.7.1690 on macOS, < 6.1.7.60245 on Linux none < 6.0.1 on Windows and macOS, < 6.0.2 on Android and iOS < 5.3.4 < 5.2.12 < 5.1.11 < 10.2.1 < 10.1.5-h1 < 10.0.10 < 9.1.13-h3 < 9.0.16-h2 < 8.1.23 Preferred, Innovation Preferred, Innovation Preferred Preferred, Innovation none | >= 7.7.0.60725 on Windows, >= 7.7.0.2356 on macOS, >= 7.7.0.59559 on Linux >= 7.6.2.60545 on Windows, >= 7.6.2.2311 on macOS, >= 7.6.2.59612 on Linux >= 7.5.100.60642 on Windows, >= 7.5.100.2276 on macOS, >= 7.5.100.59687 on Linux >= 7.5.3.60113 on Windows, >= 7.5.3.2265 on macOS, >= 7.5.3.59465 on Linux none >= 6.1.9.61370 on Windows, >= 6.1.7.1690 on macOS, >= 6.1.7.60245 on Linux all >= 6.0.1 on Windows and macOS, >= 6.0.2 on Android and iOS >= 5.3.4 >= 5.2.12 >= 5.1.11 >= 10.2.1 >= 10.1.5-h1 >= 10.0.10 >= 9.1.13-h3 >= 9.0.16-h2 >= 8.1.23 none none none none all | 2022-03-31 | 2022-06-24 |
| 0 | CVE-2022-22963
Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965 | | | | 2022-03-31 | 2022-04-25 |
| 7.8 | CVE-2022-0015
Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability | | none none none < 6.1.9 < 5.0.12 none | 7.6.* 7.5.* 7.4.* >= 6.1.9 >= 5.0.12 all | 2022-01-12 | 2022-01-12 |
| 6.7 | CVE-2022-0014
Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session | Cortex XDR Agent 7.6 Cortex XDR Agent 7.5 Cortex XDR Agent 7.4 Cortex XDR Agent 7.3 Cortex XDR Agent 7.2 Cortex XDR Agent 6.1 Cortex XDR Agent 5.0 | none none none < 7.3.2 on Windows < 7.2.4 on Windows < 6.1.9 on Windows < 5.0.12 on Windows | 7.6.* 7.5.* 7.4.* >= 7.3.2 on Windows >= 7.2.4 on Windows >= 6.1.9 on Windows >= 5.0.12 on Windows | 2022-01-12 | 2022-01-14 |
| 6.1 | CVE-2022-0012
Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability | Cortex XDR Agent 7.6 Cortex XDR Agent 7.5 Cortex XDR Agent 7.4 Cortex XDR Agent 7.3 Cortex XDR Agent 7.2 Cortex XDR Agent 6.1 Cortex XDR Agent 5.0 | none none none < 7.3.2 on Windows < 7.2.4 on Windows < 6.1.9 on Windows < 5.0.12 on Windows | 7.6.* 7.5.* 7.4.* >= 7.3.2 on Windows >= 7.2.4 on Windows >= 6.1.9 on Windows >= 5.0.12 on Windows | 2022-01-12 | 2022-01-12 |
=
Exploitable over the network with low complexity, unauthenticated attack.