Get support
Security advisories
Report vulnerabilities
Subscribe
RSS feed
Palo Alto Networks Security Advisories
Clear
Options
version
severity
CRITICAL
HIGH
MEDIUM
LOW
NONE
product
ActiveMQ Content Pack
1
AutoFocus
6
Bridgecrew
7
Bridgecrew Checkov
2
Cloud NGFW
55
Cortex Data Lake
7
Cortex XDR
9
Cortex XDR Agent
41
Cortex XSIAM
1
Cortex XSOAR
24
Cortex XSOAR CommonScripts
1
Cortex XSOAR Kafka Integration
1
Cortex XSOAR PowerShell Image
1
Cortex Xpanse
7
Demisto
1
Enterprise Data Loss Prevention
7
Exact Data Matching CLI
7
Expanse
6
Expedition
10
Expedition Migration Tool
6
GlobalProtect App
45
GlobalProtect app on Android
1
GlobalProtect app on Linux
1
GlobalProtect app on Windows and macOS
1
GlobalProtect app on iOS
1
IoT Security
7
MineMeld
1
NetConnect
1
Okyo Garde
7
PAN-DB Private Cloud
1
PAN-OS
281
PAN-OS for Firewall and Wildfire
1
Palo Alto Networks App for Splunk
6
Panorama
1
Prisma Access
71
Prisma Access Browser
5
Prisma Cloud
12
Prisma Cloud Compute
16
Prisma SD-WAN
1
Prisma SD-WAN (CloudGenix)
9
Prisma SD-WAN ION
12
SaaS Security
7
Secdo
3
Terminal Server Agent
4
Traps
3
Traps ESM Console
2
Traps ESM Core
1
Twistlock Console
1
Update server
1
User-ID Agent
9
VM-Series Plugin
1
WildFire Appliance
4
WildFire Appliance (WF-500)
6
WildFire Cloud
9
Zingbox Inspector
11
Cloud NGFW
10
PAN-OS
10
Prisma Access
9
Clear
Found 18
Newest
Updated
Severe
Earliest published
Earliest updated
Least Severe
Sort ID ↑
Sort ID ↓
CVSS
Summary
Versions
Affected
Unaffected
Published
Updated
6.9
CVE-2024-8687 PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes
Cloud NGFW
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.2
GlobalProtect App 5.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
None
None
< 6.2.1
< 6.1.2
< 6.0.7
< 5.2.13
< 5.1.12
None
None
< 11.0.1
< 10.2.4
< 10.1.9
< 10.0.12
< 9.1.16
< 9.0.17
< 8.1.25
< 10.2.9 on PAN-OS
All
All
>= 6.2.1
>= 6.1.2
>= 6.0.7
>= 5.2.13
>= 5.1.12
All
All
>= 11.0.1
>= 10.2.4
>= 10.1.9
>= 10.0.12
>= 9.1.16
>= 9.0.17
>= 8.1.25
>= 10.2.9 on PAN-OS
2024-09-11
2024-09-11
8.2
N
CVE-2024-3384 PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
➔ View additional products
None
None
None
< 10.0.12
< 9.1.15-h1
< 9.0.17
< 8.1.24
None
All
All
All
>= 10.0.12
>= 9.1.15-h1
>= 9.0.17
>= 8.1.24
all
2024-04-10
2024-04-10
5.1
CVE-2024-3388 PAN-OS: User Impersonation in GlobalProtect SSL VPN
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
None
None
< 11.0.3
< 10.2.7-h3
< 10.1.11-h4
< 9.1.17
< 9.0.17-h4
< 8.1.26
< 10.2.4
All
All
>= 11.0.3
>= 10.2.7-h3
>= 10.1.11-h4
>= 9.1.17
>= 9.0.17-h4
>= 8.1.26
>= 10.2.4
2024-04-10
2024-04-10
6.3
CVE-2024-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
➔ View additional products
None
None
None
< 10.1.6 on Panorama
< 10.0.11 on Panorama
< 9.1.16 on Panorama
< 9.0.17 on Panorama
< 8.1.24-h1 on Panorama, < 8.1.25 on Panorama
None
All
All on Panorama
All on Panorama
>= 10.1.6 on Panorama
>= 10.0.11 on Panorama
>= 9.1.16 on Panorama
>= 9.0.17 on Panorama
>= 8.1.24-h1 on Panorama, >= 8.1.25 on Panorama
all
2024-02-14
2024-02-14
5.1
CVE-2024-0011 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
➔ View additional products
None
None
None
< 10.1.3
< 10.0.11
< 9.1.13
< 9.0.17
< 8.1.24
None
All
All
All
>= 10.1.3
>= 10.0.11
>= 9.1.13
>= 9.0.17
>= 8.1.24
all
2024-02-14
2024-02-24
7.5
CVE-2023-6790 PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
None
None
< 11.0.1
< 10.2.4
< 10.1.9
< 10.0.12
< 9.1.16
< 9.0.17
< 8.1.25
None
All
All
>= 11.0.1
>= 10.2.4
>= 10.1.9
>= 10.0.12
>= 9.1.16
>= 9.0.17
>= 8.1.25
All
2023-12-13
2023-12-13
6.1
CVE-2023-6791 PAN-OS: Plaintext Disclosure of External System Integration Credentials
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
None
None
< 11.0.1
< 10.2.4
< 10.1.9
< 10.0.12
< 9.1.16
< 9.0.17
< 8.1.24-h1
None
All
All
>= 11.0.1
>= 10.2.4
>= 10.1.9
>= 10.0.12
>= 9.1.16
>= 9.0.17
>= 8.1.24-h1
All
2023-12-13
2023-12-13
5.9
CVE-2023-6792 PAN-OS: OS Command Injection Vulnerability in the XML API
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
➔ View additional products
None
None
None
< 10.1.6
< 10.0.12
< 9.1.15
< 9.0.17
< 8.1.24
None
All
All
All
>= 10.1.6
>= 10.0.12
>= 9.1.15
>= 9.0.17
>= 8.1.24
all
2023-12-13
2023-12-13
5.9
CVE-2023-6794 PAN-OS: File Upload Vulnerability in the Web Interface
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
➔ View additional products
None
None
None
< 9.1.14
< 9.0.17-h1
< 8.1.26
None
All
All
All
>= 9.1.14
>= 9.0.17-h1
>= 8.1.26
all
2023-12-13
2023-12-13
5.9
CVE-2023-6795 PAN-OS: OS Command Injection Vulnerability in the Web Interface
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
➔ View additional products
None
None
None
< 10.1.3
< 10.0.9
< 9.1.12
< 9.0.17
< 8.1.24-h1
None
All
All
All
>= 10.1.3
>= 10.0.9
>= 9.1.12
>= 9.0.17
>= 8.1.24-h1
all
2023-12-13
2023-12-13
4.8
CVE-2023-6789 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
None
None
< 11.0.2
< 10.2.5
< 10.1.11
All
< 9.1.17
< 9.0.17-h4
< 8.1.26
None
All
All
>= 11.0.2
>= 10.2.5
>= 10.1.11
None
>= 9.1.17
>= 9.0.17-h4
>= 8.1.26
All
2023-12-13
2023-12-13
5.4
CVE-2023-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication
Cloud NGFW
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
None
None
< 10.2.2
< 10.1.6
< 10.0.11
< 9.1.16
< 9.0.17
< 8.1.24
None
All
All
>= 10.2.2
>= 10.1.6
>= 10.0.11
>= 9.1.16
>= 9.0.17
>= 8.1.24
All
2023-06-14
2023-06-29
6.5
CVE-2023-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface
Cloud NGFW
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
➔ View additional products
None
None
None
< 10.0.7 on Panorama
< 9.1.16 on Panorama
< 9.0.17 on Panorama
< 8.1.25 on Panorama
None
All
All
All
>= 10.0.7 on Panorama
>= 9.1.16 on Panorama
>= 9.0.17 on Panorama
>= 8.1.25 on Panorama
all
2023-05-10
2023-05-10
4.4
CVE-2023-0008 PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface
Cloud NGFW
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
None
< 11.0.1
< 10.2.4
< 10.1.10
< 10.0.12
< 9.1.16
< 9.0.17
< 8.1.25
None
All
>= 11.0.1
>= 10.2.4
>= 10.1.10
>= 10.0.12
>= 9.1.16
>= 9.0.17
>= 8.1.25
All
2023-05-10
2023-05-11
6.5
CVE-2023-0004 PAN-OS: Local File Deletion Vulnerability
Cloud NGFW
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
None
None
None
< 10.1.6
< 10.0.11
< 9.1.15
< 9.0.17
< 8.1.24
None
All
All
All
>= 10.1.6
>= 10.0.11
>= 9.1.15
>= 9.0.17
>= 8.1.24
All
2023-04-12
2023-04-19
4.1
CVE-2023-0005 PAN-OS: Exposure of Sensitive Information Vulnerability
Cloud NGFW
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
None
None
< 10.2.3
< 10.1.8
< 10.0.12
< 9.1.15
< 9.0.17
< 8.1.24
None
All
All
>= 10.2.3
>= 10.1.8
>= 10.0.12
>= 9.1.15
>= 9.0.17
>= 8.1.24
All
2023-04-12
2023-04-12
8.6
N
CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering
Cloud NGFW
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 3.1
Prisma Access 3.0
➔ View additional products
None
< 10.2.2-h2
< 10.1.6-h6
< 10.0.11-h1
< 9.1.14-h4
< 9.0.16-h3
< 8.1.23-h1
None
None
None
All
>= 10.2.2-h2
>= 10.1.6-h6
>= 10.0.11-h1
>= 9.1.14-h4
>= 9.0.16-h3
>= 8.1.23-h1
All
All
all
2022-08-10
2022-08-19
3
CVE-2020-2035 PAN-OS: URL filtering policy is not enforced on TLS handshakes for decrypted HTTPS sessions
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
10.1.* without CTD inspection enabled
10.0.*
9.1.*
9.0.*
8.1.*
10.1.* with CTD inspection enabled
None
None
None
None
2020-08-12
2021-07-20
Download
N
= Exploitable over the network with low complexity, unauthenticated attack.
© 2024 Palo Alto Networks, Inc. All rights reserved.