| | Versions | Affected | Unaffected | | |
|---|
| 8.6 | PAN-SA-2024-0016
Chromium: Monthly Vulnerability Updates | | | | 2024-11-13 | 2024-11-13 |
| 6.6 | CVE-2024-2550
PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway Using a Specially Crafted Packet | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None None < 11.1.5 < 11.0.6 < 10.2.11 None None | All All >= 11.1.5 >= 11.0.6 >= 10.2.11 All All | 2024-11-13 | 2024-11-13 |
| 6.6 | CVE-2024-2551
PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None None None < 11.0.5 < 10.2.4-h6, < 10.2.5 < 10.1.14 None | All All All >= 11.0.5 >= 10.2.4-h6, >= 10.2.5 >= 10.1.14 All | 2024-11-13 | 2024-11-13 |
| 6.6 | CVE-2024-9472
PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.2-h3, < 11.2.3 < 11.1.2-h14, < 11.1.3-h10 None < 10.2.7-h16, < 10.2.8-h13, < 10.2.9-14, < 10.2.10-h7, < 10.2.11-h4 None None | All >= 11.2.2-h3, >= 11.2.3 >= 11.1.2-h14, >= 11.1.3-h10 All >= 10.2.7-h16, >= 10.2.8-h13, >= 10.2.9-14, >= 10.2.10-h7, >= 10.2.11-h4 All All | 2024-11-13 | 2024-11-13 |
| 8.6 | PAN-SA-2024-0011
Chromium: Monthly Vulnerability Updates | | | | 2024-10-09 | 2024-10-09 |
| 8.2 | CVE-2024-9468
PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None None < 11.1.3 < 11.0.4-h5, < 11.0.6 < 10.2.9-h11, < 10.2.10-h4, < 10.2.11 None None | All All >= 11.1.3 >= 11.0.4-h5, >= 11.0.6 >= 10.2.9-h11, >= 10.2.10-h4, >= 10.2.11 All All | 2024-10-09 | 2024-10-14 |
| 8.6 | CVE-2024-8686
PAN-OS: Command Injection Vulnerability | | | | 2024-09-11 | 2024-09-11 |
| 8.6 | PAN-SA-2024-0009
Prisma Access Browser: Monthly Vulnerability Updates | | | | 2024-09-11 | 2024-09-11 |
| 8.6 | PAN-SA-2024-0007
Prisma Access Browser: Monthly Vulnerability Updates | | | | 2024-08-14 | 2024-08-14 |
| 7 | CVE-2024-5914
Cortex XSOAR: Command Injection in CommonScripts Pack | Cortex XSOAR CommonScripts | | | 2024-08-14 | 2024-08-14 |
| 7 | CVE-2024-5911
PAN-OS: File Upload Vulnerability in the Panorama Web Interface | | None None None < 10.2.4 on Panorama < 10.1.9 on Panorama None | All All All >= 10.2.4 on Panorama >= 10.1.9 on Panorama all | 2024-07-10 | 2024-07-10 |
| 8.3
N | CVE-2024-3383
PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE) | | None None < 11.0.3 < 10.2.5 < 10.1.11 None None | All All >= 11.0.3 >= 10.2.5 >= 10.1.11 All all | 2024-04-10 | 2024-04-10 |
| 8.2 | CVE-2024-3382
PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets | | None < 11.1.2 < 11.0.4 < 10.2.7-h3 None None None | All >= 11.1.2 >= 11.0.4 >= 10.2.7-h3 All All all | 2024-04-10 | 2024-04-10 |
| 8.2
N | CVE-2024-3384
PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets | | None None None < 10.0.12 < 9.1.15-h1 < 9.0.17 < 8.1.24 None | All All All >= 10.0.12 >= 9.1.15-h1 >= 9.0.17 >= 8.1.24 all | 2024-04-10 | 2024-04-10 |
| 8.2
N | CVE-2024-3385
PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 Prisma Access | None None < 11.0.3 < 10.2.8 < 10.1.12 < 9.1.17 < 9.0.17-h4 None | All All >= 11.0.3 >= 10.2.8 >= 10.1.12 >= 9.1.17 >= 9.0.17-h4 All | 2024-04-10 | 2024-04-10 |
| 7.5 | CVE-2023-6790
PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access | None None < 11.0.1 < 10.2.4 < 10.1.9 < 10.0.12 < 9.1.16 < 9.0.17 < 8.1.25 None | All All >= 11.0.1 >= 10.2.4 >= 10.1.9 >= 10.0.12 >= 9.1.16 >= 9.0.17 >= 8.1.25 All | 2023-12-13 | 2023-12-13 |
| 8.2
N | CVE-2023-38802
PAN-OS: Denial-of-Service (DoS) Vulnerability in BGP Software | Cloud NGFW PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access Prisma SD-WAN ION 6.2 Prisma SD-WAN ION 6.1 Prisma SD-WAN ION 5.6 | None < 11.0.3 < 10.2.6 < 10.1.11 < 9.1.16-h3 < 9.0.17-h4 < 8.1.26 Customers whose most recent software upgrade was before 09/30 < 6.2.3 < 6.1.5 None | All >= 11.0.3 >= 10.2.6 >= 10.1.11 >= 9.1.16-h3 >= 9.0.17-h4 >= 8.1.26 Customers who have received a software upgrade or are using new software on or after 09/30 >= 6.2.3 >= 6.1.5 All | 2023-09-13 | 2024-01-18 |
| 7.8 | CVE-2023-0009
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.2 GlobalProtect App 5.1 | None < 6.1.1 on Windows < 6.0.5 on Windows < 5.2.13 on Windows < 5.1.12 on Windows | All >= 6.1.1 >= 6.0.5 >= 5.2.13 >= 5.1.12 | 2023-06-14 | 2024-04-10 |
| 8.1 | CVE-2022-0030
PAN-OS: Authentication Bypass in Web Interface | | | | 2022-10-12 | 2022-10-12 |
| 8.6
N | CVE-2022-0028
PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering | Cloud NGFW PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access 3.1 Prisma Access 3.0 ➔ View additional products | None < 10.2.2-h2 < 10.1.6-h6 < 10.0.11-h1 < 9.1.14-h4 < 9.0.16-h3 < 8.1.23-h1 None None None | All >= 10.2.2-h2 >= 10.1.6-h6 >= 10.0.11-h1 >= 9.1.14-h4 >= 9.0.16-h3 >= 8.1.23-h1 All All all | 2022-08-10 | 2022-08-19 |
| 7.2 | CVE-2022-0024
PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit | PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 | None < 10.1.5 < 10.0.10 < 9.1.13 < 9.0.16 < 8.1.23 | >= 10.2.0 >= 10.1.5 >= 10.0.10 >= 9.1.13 >= 9.0.16 >= 8.1.23 | 2022-05-11 | 2022-05-11 |
| 7.5
N | CVE-2022-0778
Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778 | Cortex XDR Agent 7.7 Cortex XDR Agent 7.6 Cortex XDR Agent 7.5-CE Cortex XDR Agent 7.5 Cortex XDR Agent 7.4 Cortex XDR Agent 6.1 Cortex XSOAR GlobalProtect App 6.0 GlobalProtect App 5.3 GlobalProtect App 5.2 GlobalProtect App 5.1 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access 3.1 Prisma Access 3.0 Prisma Access 2.2 Prisma Access 2.1 Prisma Cloud | < 7.7.0.60725 on Windows, < 7.7.0.2356 on macOS, < 7.7.0.59559 on Linux < 7.6.2.60545 on Windows, < 7.6.2.2311 on macOS, < 7.6.2.59612 on Linux < 7.5.100.60642 on Windows, < 7.5.100.2276 on macOS, < 7.5.100.59687 on Linux < 7.5.3.60113 on Windows, < 7.5.3.2265 on macOS, < 7.5.3.59465 on Linux 7.4.* < 6.1.9.61370 on Windows, < 6.1.7.1690 on macOS, < 6.1.7.60245 on Linux None < 6.0.1 on Windows and macOS, < 6.0.2 on Android and iOS < 5.3.4 < 5.2.12 < 5.1.11 < 10.2.1 < 10.1.5-h1 < 10.0.10 < 9.1.13-h3 < 9.0.16-h2 < 8.1.23 Preferred, Innovation Preferred, Innovation Preferred Preferred, Innovation None | >= 7.7.0.60725 on Windows, >= 7.7.0.2356 on macOS, >= 7.7.0.59559 on Linux >= 7.6.2.60545 on Windows, >= 7.6.2.2311 on macOS, >= 7.6.2.59612 on Linux >= 7.5.100.60642 on Windows, >= 7.5.100.2276 on macOS, >= 7.5.100.59687 on Linux >= 7.5.3.60113 on Windows, >= 7.5.3.2265 on macOS, >= 7.5.3.59465 on Linux None >= 6.1.9.61370 on Windows, >= 6.1.7.1690 on macOS, >= 6.1.7.60245 on Linux All >= 6.0.1 on Windows and macOS, >= 6.0.2 on Android and iOS >= 5.3.4 >= 5.2.12 >= 5.1.11 >= 10.2.1 >= 10.1.5-h1 >= 10.0.10 >= 9.1.13-h3 >= 9.0.16-h2 >= 8.1.23 None None None None All | 2022-03-31 | 2022-06-24 |
| 7.4 | CVE-2022-0016
GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon With SAML Authentication | GlobalProtect App 5.3 GlobalProtect App 5.2 GlobalProtect App 5.1 | None < 5.2.9 on Windows and MacOS None | 5.3.* >= 5.2.9 on Windows and MacOS >= 5.1.* | 2022-02-09 | 2022-03-09 |
| 7 | CVE-2022-0017
GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation | GlobalProtect App 5.3 GlobalProtect App 5.2 GlobalProtect App 5.1 | None < 5.2.5 on Windows < 5.1.10 on Windows | 5.3.* >= 5.2.5 on Windows >= 5.1.10 on Windows | 2022-02-09 | 2022-02-09 |
| 7.8 | CVE-2022-0015
Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability | | None None None < 6.1.9 < 5.0.12 None | 7.6.* 7.5.* 7.4.* >= 6.1.9 >= 5.0.12 all | 2022-01-12 | 2022-01-12 |
| 8.8 | CVE-2021-3058
PAN-OS: OS Command Injection Vulnerability in Web Interface XML API | PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access 2.2 Prisma Access 2.1 | < 10.1.3 < 10.0.8 < 9.1.11-h2 < 9.0.14-h3 < 8.1.20-h1 None None | >= 10.1.3 >= 10.0.8 >= 9.1.11-h2 >= 9.0.14-h3 >= 8.1.20-h1 All All | 2021-11-10 | 2021-11-10 |
| 8.8 | CVE-2021-3056
PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication | PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access 2.2 Prisma Access 2.1 | None < 10.0.1 < 9.1.9 < 9.0.14 < 8.1.20 None Preferred | 10.1.* >= 10.0.1 >= 9.1.9 >= 9.0.14 >= 8.1.20 All Innovation | 2021-11-10 | 2021-11-10 |
| 8.1 | CVE-2021-3059
PAN-OS: OS Command Injection Vulnerability When Performing Dynamic Updates | PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access 2.2 Prisma Access 2.1 | < 10.1.3 < 10.0.8 < 9.1.11-h2 < 9.0.14-h3 < 8.1.20-h1 None None | >= 10.1.3 >= 10.0.8 >= 9.1.11-h2 >= 9.0.14-h3 >= 8.1.20-h1 All All | 2021-11-10 | 2021-11-17 |
=
Exploitable over the network with low complexity, unauthenticated attack.