Palo Alto Networks Security Advisories

Found 7

CVSS	Summary	Versions	Affected	Unaffected	Published	Updated
5.4	CVE-2024-5913 PAN-OS: Improper Input Validation Vulnerability in PAN-OS	Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access	None < 11.2.1 < 11.1.4 < 11.0.5 < 10.2.10 < 10.1.14-h2 None	All >= 11.2.1 >= 11.1.4 >= 11.0.5 >= 10.2.10 >= 10.1.14-h2 All	2024-07-10	2024-07-10
5.3	CVE-2024-3596 PAN-OS: CHAP and PAP When Used with RADIUS Authentication Lead to Privilege Escalation	Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 Prisma Access	None None < 11.1.3 < 11.0.4-h5, < 11.0.6 < 10.2.10 < 10.1.14 < 9.1.19 All	All All >= 11.1.3 >= 11.0.4-h5, 11.0.6 (ETA: 9/26) >= 10.2.10 >= 10.1.14 >= 9.1.19 None (Fix ETA: September 15)	2024-07-10	2024-07-26
8.2 N	CVE-2024-3385 PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled	Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 Prisma Access	None None < 11.0.3 < 10.2.8 < 10.1.12 < 9.1.17 < 9.0.17-h4 None	All All >= 11.0.3 >= 10.2.8 >= 10.1.12 >= 9.1.17 >= 9.0.17-h4 All	2024-04-10	2024-04-10
6	CVE-2024-3387 PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure	Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 ➔ View additional products	None None < 11.0.4 on Panorama < 10.2.7-h3 on Panorama, < 10.2.8 on Panorama < 10.1.12 on Panorama None None	All All >= 11.0.4 on Panorama >= 10.2.7-h3 on Panorama, >= 10.2.8 on Panorama >= 10.1.12 on Panorama All all	2024-04-10	2024-04-10
5.1	CVE-2024-3388 PAN-OS: User Impersonation in GlobalProtect SSL VPN	Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access	None None < 11.0.3 < 10.2.7-h3 < 10.1.11-h4 < 9.1.17 < 9.0.17-h4 < 8.1.26 < 10.2.4	All All >= 11.0.3 >= 10.2.7-h3 >= 10.1.11-h4 >= 9.1.17 >= 9.0.17-h4 >= 8.1.26 >= 10.2.4	2024-04-10	2024-04-10
5.1	CVE-2024-2433 PAN-OS: Improper Privilege Management Vulnerability in Panorama Software Leads to Availability Loss	Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 Prisma Access	None None < 11.0.3 on Panorama < 10.2.8 on Panorama < 10.1.12 on Panorama < 9.1.17 on Panorama < 9.0.17-h4 on Panorama None	All All >= 11.0.3 on Panorama >= 10.2.8 on Panorama >= 10.1.12 on Panorama >= 9.1.17 on Panorama >= 9.0.17-h4 on Panorama All	2024-03-13	2024-03-13
5.1	CVE-2024-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal	Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 ➔ View additional products	None None None < 10.1.11-h1, < 10.1.12 < 9.1.17 < 9.0.17-h4 None	All All All >= 10.1.11-h1, >= 10.1.12 >= 9.1.17 >= 9.0.17-h4 all	2024-02-14	2024-02-14

Download

N = Exploitable over the network with low complexity, unauthenticated attack.