Palo Alto Networks Security Advisories

1 - 25 of 151
VersionsAffectedUnaffected
8.1CVE-2022-0030 PAN-OS: Authentication Bypass in Web Interface
Cloud NGFW
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 8.1
➔ View additional products
none
none
none
< 8.1.24
none
All
All
All
>= 8.1.24
all
2022-10-122022-10-12
8.6 NCVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering
Cloud NGFW
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 3.1
Prisma Access 3.0
➔ View additional products
none
< 10.2.2-h2
< 10.1.6-h6
< 10.0.11-h1
< 9.1.14-h4
< 9.0.16-h3
< 8.1.23-h1
none
none
none
All
>= 10.2.2-h2
>= 10.1.6-h6
>= 10.0.11-h1
>= 9.1.14-h4
>= 9.0.16-h3
>= 8.1.23-h1
All
All
all
2022-08-102022-08-19
8.1CVE-2021-3060 PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP)
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 2.2
Prisma Access 2.1
< 10.1.3
< 10.0.8
< 9.1.11-h2
< 9.0.14-h3
< 8.1.20-h1
none
Preferred, Innovation
>= 10.1.3
>= 10.0.8
>= 9.1.11-h2
>= 9.0.14-h3
>= 8.1.20-h1
all
none
2021-11-102022-08-06
7.5 NCVE-2022-0778 Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778
Cortex XDR Agent 7.7
Cortex XDR Agent 7.6
Cortex XDR Agent 7.5-CE
Cortex XDR Agent 7.5
Cortex XDR Agent 7.4
Cortex XDR Agent 6.1
Cortex XSOAR
GlobalProtect App 6.0
GlobalProtect App 5.3
GlobalProtect App 5.2
GlobalProtect App 5.1
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 3.1
Prisma Access 3.0
Prisma Access 2.2
Prisma Access 2.1
Prisma Cloud
< 7.7.0.60725 on Windows, < 7.7.0.2356 on macOS, < 7.7.0.59559 on Linux
< 7.6.2.60545 on Windows, < 7.6.2.2311 on macOS, < 7.6.2.59612 on Linux
< 7.5.100.60642 on Windows, < 7.5.100.2276 on macOS, < 7.5.100.59687 on Linux
< 7.5.3.60113 on Windows, < 7.5.3.2265 on macOS, < 7.5.3.59465 on Linux
7.4.*
< 6.1.9.61370 on Windows, < 6.1.7.1690 on macOS, < 6.1.7.60245 on Linux
none
< 6.0.1 on Windows and macOS, < 6.0.2 on Android and iOS
< 5.3.4
< 5.2.12
< 5.1.11
< 10.2.1
< 10.1.5-h1
< 10.0.10
< 9.1.13-h3
< 9.0.16-h2
< 8.1.23
Preferred, Innovation
Preferred, Innovation
Preferred
Preferred, Innovation
none
>= 7.7.0.60725 on Windows, >= 7.7.0.2356 on macOS, >= 7.7.0.59559 on Linux
>= 7.6.2.60545 on Windows, >= 7.6.2.2311 on macOS, >= 7.6.2.59612 on Linux
>= 7.5.100.60642 on Windows, >= 7.5.100.2276 on macOS, >= 7.5.100.59687 on Linux
>= 7.5.3.60113 on Windows, >= 7.5.3.2265 on macOS, >= 7.5.3.59465 on Linux
none
>= 6.1.9.61370 on Windows, >= 6.1.7.1690 on macOS, >= 6.1.7.60245 on Linux
all
>= 6.0.1 on Windows and macOS, >= 6.0.2 on Android and iOS
>= 5.3.4
>= 5.2.12
>= 5.1.11
>= 10.2.1
>= 10.1.5-h1
>= 10.0.10
>= 9.1.13-h3
>= 9.0.16-h2
>= 8.1.23
none
none
none
none
all
2022-03-312022-06-24
7.2CVE-2022-0024 PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.1.5
< 10.0.10
< 9.1.13
< 9.0.16
< 8.1.23
>= 10.2.0
>= 10.1.5
>= 10.0.10
>= 9.1.13
>= 9.0.16
>= 8.1.23
2022-05-112022-05-11
7.4CVE-2022-0016 GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon With SAML Authentication
GlobalProtect App 5.3
GlobalProtect App 5.2
GlobalProtect App 5.1
none
< 5.2.9 on Windows and MacOS
none
5.3.*
>= 5.2.9 on Windows and MacOS
>= 5.1.*
2022-02-092022-03-09
7CVE-2022-0017 GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation
GlobalProtect App 5.3
GlobalProtect App 5.2
GlobalProtect App 5.1
none
< 5.2.5 on Windows
< 5.1.10 on Windows
5.3.*
>= 5.2.5 on Windows
>= 5.1.10 on Windows
2022-02-092022-02-09
9.8 NCVE-2021-44228 Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832
Bridgecrew
Cortex Data Lake
Cortex XDR Agent
Exact Data Matching CLI
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
➔ View additional products
none
none
none
< 2.1
< 10.0.8-h8 on Panorama
< 9.1.12-h3 on Panorama
< 9.0.15 on Panorama
none
all
all
all
>= 2.1
>= 10.0.8-h8 on Panorama
>= 9.1.12-h3 on Panorama
>= 9.0.15 on Panorama
all
2021-12-102022-01-22
7.8CVE-2021-3041 Cortex XDR Agent: Improper control of user-controlled file leads to local privilege escalation
Cortex XDR Agent 7.2
Cortex XDR Agent 6.1
Cortex XDR Agent 5.0
< 7.2.3 or without content update 171 or later on Windows
< 6.1.8 on Windows
< 5.0.11 on Windows
>= 7.2.3 with content update 171 or later on Windows
>= 6.1.8 on Windows
>= 5.0.11 on Windows
2021-06-092022-01-14
7.8CVE-2022-0015 Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
Cortex XDR Agent 7.6
Cortex XDR Agent 7.5
Cortex XDR Agent 7.4
Cortex XDR Agent 6.1
Cortex XDR Agent 5.0
➔ View additional products
none
none
none
< 6.1.9
< 5.0.12
none
7.6.*
7.5.*
7.4.*
>= 6.1.9
>= 5.0.12
all
2022-01-122022-01-12
7.5 NCVE-2021-3063 PAN-OS: Denial-of-Service (DoS) Vulnerability in GlobalProtect Portal and Gateway Interfaces
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 2.2
Prisma Access 2.1
< 10.1.3
< 10.0.8-h4
< 9.1.11-h3
< 9.0.14-h4
< 8.1.21
none
none
>= 10.1.3
>= 10.0.8-h4
>= 9.1.11-h3
>= 9.0.14-h4
>= 8.1.21
all
all
2021-11-102021-12-09
8.1CVE-2021-3057 GlobalProtect App: Buffer Overflow Vulnerability When Connecting to Portal or Gateway
GlobalProtect App 5.3
GlobalProtect App 5.2
GlobalProtect App 5.1
GlobalProtect App 5.0
< 5.3.1 on Linux
< 5.2.8 on Windows, Universal Windows Platform, Linux, MacOS
< 5.1.9 on Windows, Universal Windows Platform, Linux, MacOS
5.0.* on Windows, Universal Windows Platform, Linux, MacOS
>= 5.3.1 on Linux
>= 5.2.8 on Windows, Universal Windows Platform, MacOS
>= 5.1.9 on Windows, Universal Windows Platform, Linux, MacOS
none
2021-10-132021-11-23
8.1CVE-2021-3062 PAN-OS: Improper Access Control Vulnerability Exposing AWS Instance Metadata Endpoint to GlobalProtect Users
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 2.2
Prisma Access 2.1
none
< 10.0.8 on VM-Series
< 9.1.11 on VM-Series
< 9.0.14 on VM-Series
< 8.1.20 on VM-Series
none
none
10.1.* on VM-Series
>= 10.0.8 on VM-Series
>= 9.1.11 on VM-Series
>= 9.0.14 on VM-Series
>= 8.1.20 on VM-Series
all
all
2021-11-102021-11-17
8.1CVE-2021-3059 PAN-OS: OS Command Injection Vulnerability When Performing Dynamic Updates
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 2.2
Prisma Access 2.1
< 10.1.3
< 10.0.8
< 9.1.11-h2
< 9.0.14-h3
< 8.1.20-h1
none
none
>= 10.1.3
>= 10.0.8
>= 9.1.11-h2
>= 9.0.14-h3
>= 8.1.20-h1
all
all
2021-11-102021-11-17
9.8 NCVE-2021-3064 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 8.1
➔ View additional products
none
none
none
< 8.1.17
none
10.1.*
10.0.*
9.1.*
>= 8.1.17
all
2021-11-102021-11-10
8.8CVE-2021-3058 PAN-OS: OS Command Injection Vulnerability in Web Interface XML API
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 2.2
Prisma Access 2.1
< 10.1.3
< 10.0.8
< 9.1.11-h2
< 9.0.14-h3
< 8.1.20-h1
none
none
>= 10.1.3
>= 10.0.8
>= 9.1.11-h2
>= 9.0.14-h3
>= 8.1.20-h1
all
all
2021-11-102021-11-10
8.8CVE-2021-3056 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 2.2
Prisma Access 2.1
none
< 10.0.1
< 9.1.9
< 9.0.14
< 8.1.20
none
Preferred
10.1.*
>= 10.0.1
>= 9.1.9
>= 9.0.14
>= 8.1.20
all
Innovation
2021-11-102021-11-10
8CVE-2021-3052 PAN-OS: Reflected Cross-Site Scripting (XSS) in Web Interface
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.0.2
< 9.1.10
< 9.0.14
< 8.1.20
10.1.*
>= 10.0.2
>= 9.1.10
>= 9.0.14
>= 8.1.20
2021-09-082021-09-12
7.5 NCVE-2021-3053 PAN-OS: Exceptional Condition Denial-of-Service (DoS)
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.0.5
< 9.1.9
< 9.0.14
< 8.1.20
10.1.*
>= 10.0.5
>= 9.1.9
>= 9.0.14
>= 8.1.20
2021-09-082021-09-13
7.2CVE-2021-3054 PAN-OS: Unsigned Code Execution During Plugin Installation Race Condition Vulnerability
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.1.2
< 10.0.7
< 9.1.11
< 9.0.14
< 8.1.20
>= 10.1.2
>= 10.0.7
>= 9.1.11
>= 9.0.14
>= 8.1.20
2021-09-082021-09-12
8.1CVE-2021-3051 Cortex XSOAR: Authentication Bypass in SAML Authentication
Cortex XSOAR 6.2.0
Cortex XSOAR 6.1.0
Cortex XSOAR 5.5.0
< 1578666
< 1578663
< 1578677
>= 1578666
>= 1578663
>= 1578677
2021-09-082021-09-13
8.1CVE-2020-10188 PAN-OS: Impact of Telnet Remote-Code-Execution (RCE) Vulnerability (CVE-2020-10188)
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.0.6
< 9.1.9
< 9.0.14
< 8.1.20
10.1.*
>= 10.0.6
>= 9.1.9
>= 9.0.14
>= 8.1.20
2021-09-082021-09-08
8.8CVE-2021-3050 PAN-OS: OS Command Injection Vulnerability in Web Interface
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
>= 10.1.0
>= 10.0.0
>= 9.1.4
>= 9.0.10
none
>= 10.1.2
>= 10.0.8
>= 9.1.11
>= 9.0.15
8.1.*
2021-08-112021-08-11
7.8CVE-2021-3042 Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation
Cortex XDR Agent 7.3
Cortex XDR Agent 7.2
Cortex XDR Agent 6.1
Cortex XDR Agent 5.0
7.3.* without content update 181 or later on Windows
7.2.* without content update 181 or later on Windows
6.1.* without content update 181 or later on Windows
none
7.3.* with content update 181 or later on Windows
7.2.* with content update 181 or later on Windows
6.1.* with content update 181 or later on Windows
all
2021-07-142021-07-14
7.5CVE-2021-3043 Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console
Prisma Cloud Compute 21.04
Prisma Cloud Compute 20.12
< 21.04.439
< 20.12.552
>= 21.04.439
>= 20.12.552
2021-07-142021-07-14
1 - 25 of 151 Download
N = Exploitable over the network with low complexity, unauthenticated attack.
© 2023 Palo Alto Networks, Inc. All rights reserved.