CVSS Summary Versions Affected Unaffected Published Updated i PAN-SA-2024-0014
Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent 2024-11-07 8.6 PAN-SA-2024-0011
Chromium: Monthly Vulnerability Updates 2024-10-09 2024-10-09 i CVE-2024-47076
Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products Cloud NGFW
Cortex XDR
Cortex XDR Agent
Cortex XSIAM
Cortex XSOAR
GlobalProtect App
PAN-OS
Prisma Access
Prisma Access Browser
Prisma Cloud
Prisma Cloud Compute
Prisma SD-WAN
None
None
None
None
None
None
None
None
None
None
None
None
All
All
All
All
All
All
All
All
All
All
All
All
2024-09-26 2024-09-26 8.6 CVE-2024-8686
PAN-OS: Command Injection Vulnerability 2024-09-11 2024-09-11 8.6 PAN-SA-2024-0009
Prisma Access Browser: Monthly Vulnerability Updates 2024-09-11 2024-09-11 6.9 CVE-2024-8687
PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes Cloud NGFW
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.2
GlobalProtect App 5.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
None
None
< 6.2.1
< 6.1.2
< 6.0.7
< 5.2.13
< 5.1.12
None
None
< 11.0.1
< 10.2.4
< 10.1.9
< 10.0.12
< 9.1.16
< 9.0.17
< 8.1.25
< 10.2.9 on PAN-OS
All
All
>= 6.2.1
>= 6.1.2
>= 6.0.7
>= 5.2.13
>= 5.1.12
All
All
>= 11.0.1
>= 10.2.4
>= 10.1.9
>= 10.0.12
>= 9.1.16
>= 9.0.17
>= 8.1.25
>= 10.2.9 on PAN-OS
2024-09-11 2024-09-11 6.7 CVE-2024-8688
PAN-OS: Arbitrary File Read Vulnerability in the Command Line Interface (CLI) None
None
None
< 10.1.1
< 10.0.10
< 9.1.15
None
All
All
All
>= 10.1.1
>= 10.0.10
>= 9.1.15
all
2024-09-11 2024-09-11 6 CVE-2024-8689
ActiveMQ Content Pack: Cleartext Exposure of Credentials ActiveMQ Content Pack 1.1
2024-09-11 2024-09-11 5.6 CVE-2024-8690
Cortex XDR Agent: Local Windows Administrator Can Disable the Agent Cortex XDR Agent 8.5
Cortex XDR Agent 8.4
Cortex XDR Agent 8.3-CE
Cortex XDR Agent 8.3
Cortex XDR Agent 8.2
Cortex XDR Agent 7.9.102-CE
2024-09-11 2024-09-11 5.3 CVE-2024-8691
PAN-OS: User Impersonation in GlobalProtect Portal None
None
None
< 10.1.11
< 9.1.17
None
All
All
All
>= 10.1.11
>= 9.1.17
all
2024-09-11 2024-09-11 i PAN-SA-2024-0008
Informational Bulletin: Impact of OSS CVEs in PAN-OS 2024-09-04 i CVE-2024-5535
Informational Bulletin: Impact of OpenSSL Vulnerabilities CVE-2024-5535 and CVE-2024-6119 2024-08-22 2024-09-04 5.2 CVE-2024-5915
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.1
< 6.3.1 on Windows
< 6.2.4 on Windows
< 6.1.5 on Windows
< 6.0.10-c826 on Windows
< 5.1.x on Windows
>= 6.3.1 on Windows
>= 6.2.4 on Windows
>= 6.1.5 on Windows
>= 6.0.10-c826 on Windows
>= 5.1.x (ETA: December 2024) on Windows
2024-08-14 2024-11-06 i PAN-SA-2024-0004
Informational Bulletin: OSS CVEs fixed in PAN-OS Versions prior to those listed above
2024-04-10 i PAN-SA-2024-0001
Informational Bulletin: Impact of OSS CVEs in PAN-OS 2024-02-14 8.2
N CVE-2023-38802
PAN-OS: Denial-of-Service (DoS) Vulnerability in BGP Software Cloud NGFW
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
Prisma SD-WAN ION 6.2
Prisma SD-WAN ION 6.1
Prisma SD-WAN ION 5.6
None
< 11.0.3
< 10.2.6
< 10.1.11
< 9.1.16-h3
< 9.0.17-h4
< 8.1.26
Customers whose most recent software upgrade was before 09/30
< 6.2.3
< 6.1.5
None
All
>= 11.0.3
>= 10.2.6
>= 10.1.11
>= 9.1.16-h3
>= 9.0.17-h4
>= 8.1.26
Customers who have received a software upgrade or are using new software on or after 09/30
>= 6.2.3
>= 6.1.5
All
2023-09-13 2024-01-18 5.5 CVE-2023-3280
Cortex XDR Agent: Local Windows User Can Disable the Agent Cortex XDR Agent 8.1
Cortex XDR Agent 8.0
Cortex XDR Agent 7.9-CE
Cortex XDR Agent 7.9
Cortex XDR Agent 7.5-CE
Cortex XDR Agent 5.0
None
< 8.0.2 on Windows
< 7.9.101-CE on Windows
< 7.9.3 on Windows
All on Windows
All on Windows
All
>= 8.0.2 with CU-1000 or a later content update on Windows
>= 7.9.101-CE with CU-1000 or a later content update on Windows
>= 7.9.3 with CU-1000 or a later content update on Windows
None
None
2023-09-13 2023-09-22 i PAN-SA-2023-0004
Informational Bulletin: Impact of TunnelCrack Vulnerabilities (CVE-2023-36671, CVE-2023-36672, CVE-2023-35838, and CVE-2023-36673) PAN-OS with GlobalProtect app on Android and ChromeOS
PAN-OS with GlobalProtect app on iOS
PAN-OS with GlobalProtect app on Windows, macOS, and Linux
Prisma Access with GlobalProtect app on Android and ChromeOS
Prisma Access with GlobalProtect app on iOS
Prisma Access with GlobalProtect app on Windows, macOS, and Linux
LocalNet: None, ServerIP: Gateways with address set as an FQDN
LocalNet: Third-party apps with the "Local Network" permission enabled and Apple apps, ServerIP: Gateways with address set as an FQDN
LocalNet: Configurations allowing local network access, ServerIP: Gateways with address set as an FQDN
None
LocalNet: Third-party apps with the "Local Network" permission enabled and Apple apps, ServerIP: None
LocalNet: Configurations allowing local network access, ServerIP: None
LocalNet: All, ServerIP: Gateways with address set as an IP
LocalNet: Third-party apps with the "Local Network" permission disabled, ServerIP: Gateways with address set as an IP
LocalNet: "No direct access to local network" enabled, ServerIP: Gateways with address set as an IP
All
LocalNet: Third-party apps with the "Local Network" permission disabled, ServerIP: All
LocalNet: "No direct access to local network" enabled, ServerIP: All
2023-08-17 2023-09-26 5.5 CVE-2022-0029
Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File Cortex XDR Agent 7.5 CE
Cortex XDR Agent 7.8
Cortex XDR Agent 7.7
Cortex XDR Agent 5.0
< 7.5.101-CE on Windows
None
< 7.7.3 on Windows
< 5.0.12-hotfix update on Windows
>= 7.5.101-CE
All
>= 7.7.3
>= 5.0.12-hotfix update
2022-09-14 2022-09-14 i PAN-SA-2022-0005
Informational: Cortex XDR Agent: Product Disruption by Local Windows Administrator All agents with a content update earlier than CU-860 on Windows
All agents with CU-860 or a later content update
2022-09-14 2023-03-08 i PAN-SA-2022-0004
Informational: Cortex XDR Agent: Allow List is Visible to Low Privileged Users All agents with a content update earlier than CU-630 on Windows
All agents with CU-630 or a later content update
2022-09-14 2022-09-14 0 CVE-2022-28199
Informational: PAN-OS: Impact of the NVIDIA Dataplane Development Kit (DPDK) Vulnerability CVE-2022-28199 2022-09-14 2022-09-14 4.1 CVE-2022-0022
PAN-OS: Use of a Weak Cryptographic Algorithm for Stored Password Hashes None
None
< 10.0.7
< 9.1.11
< 9.0.17
< 8.1.21
None
None
10.2.*
10.1.*
>= 10.0.7
>= 9.1.11
>= 9.0.17
>= 8.1.21
Preferred, Innovation
all
2022-03-09 2022-03-09 8.8 CVE-2021-3056
PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 2.2
Prisma Access 2.1
None
< 10.0.1
< 9.1.9
< 9.0.14
< 8.1.20
None
Preferred
10.1.*
>= 10.0.1
>= 9.1.9
>= 9.0.14
>= 8.1.20
All
Innovation
2021-11-10 2021-11-10 3.7 CVE-2020-1968
PAN-OS: Impact of the Raccoon Attack Vulnerability CVE-2020-1968 PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 2.2
Prisma Access 2.1
Prisma Access 2.0
None
None
9.1.*
9.0.*
8.1.*
None
Preferred
Preferred
10.1.*
10.0.*
None
None
None
Preferred
Innovation
Innovation
2021-10-13 2021-11-01
=
Exploitable over the network with low complexity, unauthenticated attack.