Palo Alto Networks Security Advisories

Found 6

CVSS	Summary	Versions	Affected	Unaffected	Published	Updated
8.2	CVE-2024-9468 PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet	Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access	None None < 11.1.3 < 11.0.4-h5, < 11.0.6 < 10.2.9-h11, < 10.2.10-h4, < 10.2.11 None None	All All >= 11.1.3 >= 11.0.4-h5, >= 11.0.6 >= 10.2.9-h11, >= 10.2.10-h4, >= 10.2.11 All All	2024-10-09	2024-10-14
5.4	CVE-2024-5913 PAN-OS: Improper Input Validation Vulnerability in PAN-OS	Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access	None < 11.2.1 < 11.1.4 < 11.0.5 < 10.2.10 < 10.1.14-h2 None	All >= 11.2.1 >= 11.1.4 >= 11.0.5 >= 10.2.10 >= 10.1.14-h2 All	2024-07-10	2024-07-10
5.3	CVE-2024-3596 PAN-OS: CHAP and PAP When Used with RADIUS Authentication Lead to Privilege Escalation	Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 Prisma Access	None None < 11.1.3 < 11.0.4-h5, < 11.0.6 < 10.2.10 < 10.1.14 < 9.1.19 All	All All >= 11.1.3 >= 11.0.4-h5, 11.0.6 (ETA: 9/26) >= 10.2.10 >= 10.1.14 >= 9.1.19 None (Fix ETA: September 15)	2024-07-10	2024-07-26
10 N	CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect	Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 ➔ View additional products	None < 11.1.0-h3, < 11.1.1-h1, < 11.1.2-h3 < 11.0.0-h3, < 11.0.1-h4, < 11.0.2-h4, < 11.0.3-h10, < 11.0.4-h1 < 10.2.0-h3, < 10.2.1-h2, < 10.2.2-h5, < 10.2.3-h13, < 10.2.4-h16, < 10.2.5-h6, < 10.2.6-h3, < 10.2.7-h8, < 10.2.8-h3, < 10.2.9-h1 None None None	All >= 11.1.0-h3, >= 11.1.1-h1, >= 11.1.2-h3 >= 11.0.0-h3, >= 11.0.1-h4, >= 11.0.2-h4, >= 11.0.3-h10, >= 11.0.4-h1 >= 10.2.0-h3, >= 10.2.1-h2, >= 10.2.2-h5, >= 10.2.3-h13, >= 10.2.4-h16, >= 10.2.5-h6, >= 10.2.6-h3, >= 10.2.7-h8, >= 10.2.8-h3, >= 10.2.9-h1 All All all	2024-04-12	2024-05-03
8.2	CVE-2024-3382 PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets	Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 ➔ View additional products	None < 11.1.2 < 11.0.4 < 10.2.7-h3 None None None	All >= 11.1.2 >= 11.0.4 >= 10.2.7-h3 All All all	2024-04-10	2024-04-10
6	CVE-2023-48795 Impact of Terrapin SSH Attack	PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 Prisma SD-WAN ION 6.3 Prisma SD-WAN ION 6.2 Prisma SD-WAN ION 6.1 Prisma SD-WAN ION 5.6	< 11.1.3 < 11.0.6 < 10.2.11 < 10.1.15 All All < 6.3.2 All < 6.1.8 < 5.6.19	>= 11.1.3 >= 11.0.6 >= 10.2.11 >= 10.1.15 (ETA: December) None None >= 6.3.2 None >= 6.1.8 >= 5.6.19	2024-01-09	2024-10-14

Download

N = Exploitable over the network with low complexity, unauthenticated attack.