| | Versions | Affected | Unaffected | | |
|---|
| i | CVE-2024-3094
Informational: Impact of Malicious Code in XZ Tools and Libraries (CVE-2024-3094) | | | | 2024-04-01 | 2024-04-01 |
| 5.7 | CVE-2024-2431
GlobalProtect App: Local User Can Disable GlobalProtect | GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.2 GlobalProtect App 5.1 | none < 6.1.1 < 6.0.4 < 5.2.13 < 5.1.12 | All >= 6.1.1 >= 6.0.4 >= 5.2.13 >= 5.1.12 | 2024-03-13 | 2024-03-13 |
| 5.2 | CVE-2024-2432
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.1 | < 6.2.1 on Windows < 6.1.2 on Windows < 6.0.8 on Windows < 5.1.12 on Windows | >= 6.2.1 on Windows >= 6.1.2 on Windows >= 6.0.8 on Windows >= 5.1.12 on Windows | 2024-03-13 | 2024-03-18 |
| i | CVE-2023-44487
Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945) | | | | 2023-10-11 | 2023-10-25 |
| i | PAN-SA-2023-0003
Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708) | | | | 2023-06-16 | 2023-06-20 |
| 7.8 | CVE-2023-0009
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.2 GlobalProtect App 5.1 | none < 6.1.1 on Windows < 6.0.5 on Windows < 5.2.13 on Windows < 5.1.12 on Windows | All >= 6.1.1 >= 6.0.5 >= 5.2.13 >= 5.1.12 | 2023-06-14 | 2024-04-10 |
| 6.3 | CVE-2023-0006
GlobalProtect App: Local File Deletion Vulnerability | GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.2 GlobalProtect App 5.1 | < 6.1.1 on Windows < 6.0.4 on Windows < 5.2.13 on Windows < 5.1.12 on Windows | >= 6.1.1 on Windows >= 6.0.4 on Windows >= 5.2.13 on Windows >= 5.1.12 on Windows | 2023-04-12 | 2024-04-10 |
| i | PAN-SA-2023-0001
Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023 | | | | 2023-02-08 | 2023-02-08 |
| i | PAN-SA-2022-0007
Impact of OpenSSL 3.0 Vulnerability CVE-2022-3996 | | | | 2022-12-23 | 2022-12-23 |
| i | CVE-2022-42889
Impact of Apache Text Commons Vulnerability CVE-2022-42889 | | | | 2022-11-09 | 2022-11-09 |
| i | PAN-SA-2022-0006
Impact of OpenSSL 3.0 Vulnerabilities CVE-2022-3786 and CVE-2022-3602 | | | | 2022-10-31 | 2022-11-09 |
| 7.5
N | CVE-2022-0778
Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778 | Cortex XDR Agent 7.7 Cortex XDR Agent 7.6 Cortex XDR Agent 7.5-CE Cortex XDR Agent 7.5 Cortex XDR Agent 7.4 Cortex XDR Agent 6.1 Cortex XSOAR GlobalProtect App 6.0 GlobalProtect App 5.3 GlobalProtect App 5.2 GlobalProtect App 5.1 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access 3.1 Prisma Access 3.0 Prisma Access 2.2 Prisma Access 2.1 Prisma Cloud | < 7.7.0.60725 on Windows, < 7.7.0.2356 on macOS, < 7.7.0.59559 on Linux < 7.6.2.60545 on Windows, < 7.6.2.2311 on macOS, < 7.6.2.59612 on Linux < 7.5.100.60642 on Windows, < 7.5.100.2276 on macOS, < 7.5.100.59687 on Linux < 7.5.3.60113 on Windows, < 7.5.3.2265 on macOS, < 7.5.3.59465 on Linux 7.4.* < 6.1.9.61370 on Windows, < 6.1.7.1690 on macOS, < 6.1.7.60245 on Linux none < 6.0.1 on Windows and macOS, < 6.0.2 on Android and iOS < 5.3.4 < 5.2.12 < 5.1.11 < 10.2.1 < 10.1.5-h1 < 10.0.10 < 9.1.13-h3 < 9.0.16-h2 < 8.1.23 Preferred, Innovation Preferred, Innovation Preferred Preferred, Innovation none | >= 7.7.0.60725 on Windows, >= 7.7.0.2356 on macOS, >= 7.7.0.59559 on Linux >= 7.6.2.60545 on Windows, >= 7.6.2.2311 on macOS, >= 7.6.2.59612 on Linux >= 7.5.100.60642 on Windows, >= 7.5.100.2276 on macOS, >= 7.5.100.59687 on Linux >= 7.5.3.60113 on Windows, >= 7.5.3.2265 on macOS, >= 7.5.3.59465 on Linux none >= 6.1.9.61370 on Windows, >= 6.1.7.1690 on macOS, >= 6.1.7.60245 on Linux all >= 6.0.1 on Windows and macOS, >= 6.0.2 on Android and iOS >= 5.3.4 >= 5.2.12 >= 5.1.11 >= 10.2.1 >= 10.1.5-h1 >= 10.0.10 >= 9.1.13-h3 >= 9.0.16-h2 >= 8.1.23 none none none none all | 2022-03-31 | 2022-06-24 |
| 0 | CVE-2022-22963
Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965 | | | | 2022-03-31 | 2022-04-25 |
| 7.4 | CVE-2022-0016
GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon With SAML Authentication | GlobalProtect App 5.3 GlobalProtect App 5.2 GlobalProtect App 5.1 | none < 5.2.9 on Windows and MacOS none | 5.3.* >= 5.2.9 on Windows and MacOS >= 5.1.* | 2022-02-09 | 2022-03-09 |
| 7 | CVE-2022-0017
GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation | GlobalProtect App 5.3 GlobalProtect App 5.2 GlobalProtect App 5.1 | none < 5.2.5 on Windows < 5.1.10 on Windows | 5.3.* >= 5.2.5 on Windows >= 5.1.10 on Windows | 2022-02-09 | 2022-02-09 |
| 6.1 | CVE-2022-0018
GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled | GlobalProtect App 5.3 GlobalProtect App 5.2 GlobalProtect App 5.1 | none < 5.2.9 on Windows and MacOS < 5.1.10 on Windows and MacOS | 5.3.* >= 5.2.9 on Windows and MacOS >= 5.1.10 on Windows and MacOS | 2022-02-09 | 2022-02-09 |
| 4.7 | CVE-2022-0019
GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux | GlobalProtect App 5.3 GlobalProtect App 5.2 GlobalProtect App 5.1 | < 5.3.2 on Linux <= 5.2.7 on Linux < 5.1.10 on Linux | >= 5.3.2 on Linux none >= 5.1.10 on Linux | 2022-02-09 | 2022-02-09 |
| 3.3 | CVE-2022-0021
GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon | GlobalProtect App 5.3 GlobalProtect App 5.2 GlobalProtect App 5.1 | none < 5.2.9 on Windows none | 5.3.* >= 5.2.9 on Windows 5.1.* | 2022-02-09 | 2022-02-09 |
| 9.8
N | CVE-2021-44228
Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 | | none none none < 2.1 < 10.0.8-h8 on Panorama < 9.1.12-h3 on Panorama < 9.0.15 on Panorama none | all all all >= 2.1 >= 10.0.8-h8 on Panorama >= 9.1.12-h3 on Panorama >= 9.0.15 on Panorama all | 2021-12-10 | 2022-01-22 |
| 8.1 | CVE-2021-3057
GlobalProtect App: Buffer Overflow Vulnerability When Connecting to Portal or Gateway | GlobalProtect App 5.3 GlobalProtect App 5.2 GlobalProtect App 5.1 GlobalProtect App 5.0 | < 5.3.1 on Linux < 5.2.8 on Windows, Universal Windows Platform, Linux, MacOS < 5.1.9 on Windows, Universal Windows Platform, Linux, MacOS 5.0.* on Windows, Universal Windows Platform, Linux, MacOS | >= 5.3.1 on Linux >= 5.2.8 on Windows, Universal Windows Platform, MacOS >= 5.1.9 on Windows, Universal Windows Platform, Linux, MacOS none | 2021-10-13 | 2021-11-23 |
| 5.5 | CVE-2021-3038
GlobalProtect App: Windows VPN kernel driver denial of service (DoS) | GlobalProtect App 5.2 GlobalProtect App 5.1 | < 5.2.4 on Windows < 5.1.8 on Windows | >= 5.2.4 on Windows >= 5.1.8 on Windows | 2021-04-14 | 2021-04-14 |
| 0 | PAN-SA-2020-0011
Informational: Impact of OpenSSL vulnerability CVE-2020-1971 | Cortex XSOAR GlobalProtect App PAN-OS | | | 2020-12-09 | 2020-12-09 |
| 0 | PAN-SA-2020-0009
Informational: Mitigating threats for GlobalProtect clients connecting from untrusted networks | | | | 2020-08-06 | 2020-08-06 |
| 7 | CVE-2020-2032
GlobalProtect App: File race condition vulnerability leads to local privilege escalation during upgrade | GlobalProtect App 5.1 GlobalProtect App 5.0 | < 5.1.4 on Windows < 5.0.10 on Windows | >= 5.1.4 on Windows >= 5.0.10 on Windows | 2020-06-10 | 2020-06-10 |
| 5.3 | CVE-2020-2033
GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie | GlobalProtect App 5.1 GlobalProtect App 5.0 | | | 2020-06-10 | 2020-06-10 |
=
Exploitable over the network with low complexity, unauthenticated attack.