| i | PAN-SA-2025-0012
Informational Bulletin: OSS CVEs Fixed in PAN-OS | | | | 2025-07-09 | 2025-07-09 |
| 2 | CVE-2025-0133
PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | All < 11.2.4-h9, < 11.2.7 < 11.1.6-h14, < 11.1.10-h1 < 10.2.16-h1 All All | None (See Mitigations and Workarounds) >= 11.2.4-h9, >= 11.2.7 >= 11.1.6-h14, >= 11.1.10-h1 >= 10.2.16-h1 None None (See Mitigations and Workarounds) | 2025-05-14 | 2025-07-09 |
| i | PAN-SA-2025-0005
GlobalProtect Clientless VPN: Clientless VPN Misconfiguration Allows Cross-Site Attacks | Cloud NGFW PAN-OS Prisma Access | | | 2025-02-12 | 2025-02-12 |
| i | PAN-SA-2025-0006
Informational Bulletin: Impact of OSS CVEs in PAN-OS | | | | 2025-02-12 | 2025-02-12 |
| i | PAN-SA-2025-0003
Informational: PAN-OS BIOS and Bootloader Security Bulletin | Cloud NGFW PAN-OS Prisma Access | None All on PA-3200, PA-5200, PA-7000 None | All None on PA-3200, PA-5200, PA-7000. No other platforms are affected All | 2025-01-23 | 2025-06-24 |
| i | PAN-SA-2024-0014
Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent | | | | 2024-11-07 | 2024-11-07 |
| i | PAN-SA-2024-0008
Informational Bulletin: Impact of OSS CVEs in PAN-OS | | | | 2024-09-04 | 2024-09-04 |
| i | PAN-SA-2024-0005
Informational Bulletin: Proof of Concept (PoC) Bypasses Protection Modules in Cortex XDR Agent | Cortex XDR Agent 8.4 Cortex XDR Agent 8.3 Cortex XDR Agent 8.2 Cortex XDR Agent 8.1 Cortex XDR Agent 8.0 Cortex XDR Agent 7.9 Cortex XDR Agent 5.0 | < Agents with content update earlier than CU-1320 on Windows < Agents with content update earlier than CU-1320 on Windows < Agents with content update earlier than CU-1320 on Windows < Agents with content update earlier than CU-1320 on Windows < Agents with content update earlier than CU-1320 on Windows < Agents with content update earlier than CU-1320 on Windows All agents on Windows | >= Agents with CU-1320 or a later content update on Windows >= Agents with CU-1320 or a later content update on Windows >= Agents with CU-1320 or a later content update on Windows >= Agents with CU-1320 or a later content update on Windows >= Agents with CU-1320 or a later content update on Windows >= Agents with CU-1320 or a later content update on Windows None | 2024-04-24 | 2024-04-24 |
| i | PAN-SA-2024-0004
Informational Bulletin: OSS CVEs fixed in PAN-OS | | | | 2024-04-10 | 2024-04-10 |
| i | PAN-SA-2024-0003
Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION | | | | 2024-04-05 | 2024-04-05 |
| i | PAN-SA-2024-0001
Informational Bulletin: Impact of OSS CVEs in PAN-OS | | | | 2024-02-14 | 2024-02-14 |
| 4.1 | CVE-2023-0005
PAN-OS: Exposure of Sensitive Information Vulnerability | Cloud NGFW PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access | None None < 10.2.3 < 10.1.8 < 10.0.12 < 9.1.15 < 9.0.17 < 8.1.24 None | All All >= 10.2.3 >= 10.1.8 >= 10.0.12 >= 9.1.15 >= 9.0.17 >= 8.1.24 All | 2023-04-12 | 2023-04-12 |
| i | PAN-SA-2022-0005
Informational: Cortex XDR Agent: Product Disruption by Local Windows Administrator | | All agents with a content update earlier than CU-860 on Windows | All agents with CU-860 or a later content update | 2022-09-14 | 2023-03-08 |
| 4.1 | CVE-2022-0022
PAN-OS: Use of a Weak Cryptographic Algorithm for Stored Password Hashes | | None None < 10.0.7 < 9.1.11 < 9.0.17 < 8.1.21 None None | 10.2.* 10.1.* >= 10.0.7 >= 9.1.11 >= 9.0.17 >= 8.1.21 Preferred, Innovation all | 2022-03-09 | 2022-03-09 |
| 8.8 | CVE-2021-3056
PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication | PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access 2.2 Prisma Access 2.1 | None < 10.0.1 < 9.1.9 < 9.0.14 < 8.1.20 None Preferred | All >= 10.0.1 >= 9.1.9 >= 9.0.14 >= 8.1.20 All Innovation | 2021-11-10 | 2021-11-10 |
| 3.7 | CVE-2020-1968
PAN-OS: Impact of the Raccoon Attack Vulnerability CVE-2020-1968 | PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access 2.2 Prisma Access 2.1 Prisma Access 2.0 | None None 9.1.* 9.0.* 8.1.* None Preferred Preferred | 10.1.* 10.0.* None None None Preferred Innovation Innovation | 2021-10-13 | 2021-11-01 |
| 8.1 | CVE-2020-10188
PAN-OS: Impact of Telnet Remote-Code-Execution (RCE) Vulnerability (CVE-2020-10188) | PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 | None < 10.0.6 < 9.1.9 < 9.0.14 < 8.1.20 | 10.1.* >= 10.0.6 >= 9.1.9 >= 9.0.14 >= 8.1.20 | 2021-09-08 | 2021-09-08 |
| 8 | CVE-2021-3052
PAN-OS: Reflected Cross-Site Scripting (XSS) in Web Interface | PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 | None < 10.0.2 < 9.1.10 < 9.0.14 < 8.1.20 | 10.1.* >= 10.0.2 >= 9.1.10 >= 9.0.14 >= 8.1.20 | 2021-09-08 | 2021-09-12 |
| 5.9 | CVE-2021-3048
PAN-OS: Invalid URLs in an External Dynamic List (EDL) can Lead to Firewall Outage | PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 | None < 10.0.5 < 9.1.9 < 9.0.14 None | 10.1.* >= 10.0.5 >= 9.1.9 >= 9.0.14 8.1.* | 2021-08-11 | 2021-08-11 |
| i | PAN-SA-2021-0003
Informational: Impact of the NAME:WRECK DNS vulnerabilities | PAN-OS Prisma SD-WAN (CloudGenix) | | | 2021-05-10 | 2021-05-12 |
| i | CVE-2020-27619
Informational: Impact of Python Test Suite Vulnerability CVE-2020-27619 | | | | 2021-02-10 | 2021-02-10 |
| 9.1 | CVE-2021-3033
Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console | Prisma Cloud Compute 20.12 Prisma Cloud Compute 20.09 Prisma Cloud Compute 20.04 Prisma Cloud Compute 19.11 | <= 20.12.535 <= 20.09.365 <= 20.04.177 <= 19.11.* | >= 20.12.541 >= 20.09.374 >= 20.04.183 None | 2021-02-10 | 2021-02-26 |
| i | PAN-SA-2021-0002
Informational: PAN-OS: NAT slipstreaming v1.0 and v2.0 attacks | | | | 2021-02-10 | 2021-03-10 |
| i | PAN-SA-2021-0001
Informational: Cortex XSOAR: Impact of Golang XML parsing vulnerabilities | Cortex XSOAR 6.0 Cortex XSOAR 5.5 | | | 2021-01-13 | 2021-01-13 |
| i | PAN-SA-2020-0011
Informational: Impact of OpenSSL vulnerability CVE-2020-1971 | Cortex XSOAR GlobalProtect App PAN-OS | | | 2020-12-09 | 2020-12-09 |