CVSS Summary Versions Affected Unaffected Published Updated 4.3 CVE-2021-3031
PAN-OS: Information exposure in Ethernet data frame construction (Etherleak) PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
None
< 9.1.5 on PA-220, PA-800, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series
< 9.0.12 on PA-220, PA-800, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series
< 8.1.18 on PA-200, PA-220, PA-500, PA-5000 Series, PA-800, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series
8.0.* on PA-200, PA-220, PA-500, PA-5000 Series, PA-800, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series
7.1.* on PA-200, PA-220, PA-500, PA-5000 Series, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series
10.0.*
>= 9.1.5
>= 9.0.12
>= 8.1.18
None
None
2021-01-13 2021-01-19 5.3
N CVE-2020-1999
PAN-OS: Threat signatures are evaded by specifically crafted packets PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
None
< 9.1.5
< 9.0.11
< 8.1.17
8.0.*
7.1.*
10.0.*
>= 9.1.5
>= 9.0.11
>= 8.1.17
None
None
2020-11-11 2020-11-11 9.8
N CVE-2020-2040
PAN-OS: Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
None
< 9.1.3
< 9.0.9
< 8.1.15
8.0.*
>= 10.0.0
>= 9.1.3
>= 9.0.9
>= 8.1.15
None
2020-09-09 2020-09-09 7.5
N CVE-2020-2041
PAN-OS: Management web interface denial-of-service (DoS) PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
None
None
None
< 8.1.16
8.0.*
10.0.*
9.1.*
9.0.*
>= 8.1.16
None
2020-09-09 2020-09-09 3.3 CVE-2020-2044
PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
< 9.1.3
< 9.0.10
< 8.1.16
8.0.*
>= 9.1.3
>= 9.0.10
>= 8.1.16
None
2020-09-09 2020-09-09 8.1 CVE-2020-2034
PAN-OS: OS command injection vulnerability in GlobalProtect portal PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.1.3
< 9.0.9
< 8.1.15
8.0.*
7.1.*
>= 9.1.3
>= 9.0.9
>= 8.1.15
None
None
2020-07-08 2020-07-10 7.2 CVE-2020-2030
PAN-OS: OS command injection vulnerability in the management interface PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
None
None
< 8.1.15
8.0.*
7.1.*
>= 9.1.0
>= 9.0.0
>= 8.1.15
None
None
2020-07-08 2020-07-08 4.8 CVE-2020-1982
PAN-OS: TLS 1.0 usage for certain communications with Palo Alto Networks cloud delivered services PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.1.3
< 9.0.9
< 8.1.14
8.0.*
None
>= 9.1.3
>= 9.0.9
>= 8.1.14
None
7.1.*
2020-07-08 2023-05-10 10
N CVE-2020-2021
PAN-OS: Authentication Bypass in SAML Authentication PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.1.3
< 9.0.9
< 8.1.15
8.0.*
None
>= 9.1.3
>= 9.0.9
>= 8.1.15
None
7.1.*
2020-06-29 2020-06-29 7.2 CVE-2020-2027
PAN-OS: Buffer overflow in authd authentication response PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
None
< 9.0.7
< 8.1.13
8.0.*
7.1.*
>= 9.1.0
>= 9.0.7
>= 8.1.13
None
None
2020-06-10 2020-06-10 7.2 CVE-2020-2028
PAN-OS: OS command injection vulnerability in FIPS-CC mode certificate verification PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
None
< 9.0.7
< 8.1.13
8.0.*
7.1.*
>= 9.1.0
>= 9.0.7
>= 8.1.13
None
None
2020-06-10 2020-06-10 7.2 CVE-2020-2029
PAN-OS: OS command injection vulnerability in management interface certificate generator PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
None
None
< 8.1.13
8.0.*
< 7.1.26
>= 9.1.0
>= 9.0.0
>= 8.1.13
None
>= 7.1.26
2020-06-10 2020-06-10 9 CVE-2020-2018
PAN-OS: Panorama authentication bypass vulnerability PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.0.6
< 8.1.12
8.0.*
< 7.1.26
>= 9.0.6
>= 8.1.12
None
>= 7.1.26
2020-05-13 2020-05-13 8.8 CVE-2020-2015
PAN-OS: Buffer overflow in the management server PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.1.1
< 9.0.7
< 8.1.13
8.0.*
< 7.1.26
>= 9.1.1
>= 9.0.7
>= 8.1.13
None
>= 7.1.26
2020-05-13 2020-05-13 8.8 CVE-2020-2017
PAN-OS: DOM-Based cross site scripting vulnerability in management web interface PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
None
< 9.0.6
< 8.1.13
8.0.*
< 7.1.26
>= 9.1.0
>= 9.0.6
>= 8.1.13
None
>= 7.1.26
2020-05-13 2020-05-13 8.8 CVE-2020-2014
PAN-OS: OS injection vulnerability in PAN-OS management server PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
None
< 9.0.7
< 8.1.14
8.0.*
7.1.*
>= 9.1.0
>= 9.0.7
>= 8.1.14
None
None
2020-05-13 2020-05-13 8.3 CVE-2020-2013
PAN-OS: Panorama context switch session cookie disclosure PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.1.1
< 9.0.6
< 8.1.13
8.0.*
< 7.1.26
>= 9.1.1
>= 9.0.6
>= 8.1.13
None
>= 7.1.26
2020-05-13 2020-05-13 8.1 CVE-2020-2001
PAN-OS: Panorama External control of file vulnerability leads to privilege escalation PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.0.6
< 8.1.12
8.0.*
7.1.*
>= 9.0.6
>= 8.1.12
None
None
2020-05-13 2020-09-11 8.1 CVE-2020-2002
PAN-OS: Spoofed Kerberos key distribution center authentication bypass PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.0.6
< 8.1.13
8.0.*
< 7.1.26
>= 9.0.6
>= 8.1.13
None
>= 7.1.26
2020-05-13 2020-05-13 7.8 PAN-SA-2020-0005
PAN-OS: OpenSSH software upgraded to resolve multiple vulnerabilities PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.0.1
< 8.1.13
8.0.*
< 7.1.26
>= 9.0.1
>= 8.1.13
None
>= 7.1.26
2020-05-13 2020-05-13 7.5
N CVE-2020-2011
PAN-OS: Panorama registration denial of service PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
None
< 9.0.7
< 8.1.14
8.0.*
7.1.*
>= 9.1.0
>= 9.0.7
>= 8.1.14
None
None
2020-05-13 2020-05-20 7.5
N PAN-SA-2020-0006
PAN-OS: Nginx software upgraded to resolve multiple vulnerabilities PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.0.7
< 8.1.14
8.0.*
7.1.*
>= 9.0.7
>= 8.1.14
None
None
2020-05-13 2020-05-13 7.5
N CVE-2020-2012
PAN-OS: Panorama: XML external entity reference ('XXE') vulnerability leads the to information leak PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
None
< 9.0.7
< 8.1.13
8.0.*
7.1.*
>= 9.1.0
>= 9.0.7
>= 8.1.13
None
None
2020-05-13 2020-05-13 7.2 CVE-2020-2008
PAN-OS: OS command injection or arbitrary file deletion vulnerability PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
None
None
< 8.1.14
8.0.*
7.1.*
>= 9.1.0
>= 9.0.0
>= 8.1.14
None
None
2020-05-13 2020-05-13 7.2 CVE-2020-2009
PAN-OS: Panorama SD WAN arbitrary file creation PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.0.7
< 8.1.14
8.0.*
7.1.*
>= 9.0.7
>= 8.1.14
None
None
2020-05-13 2020-05-13
=
Exploitable over the network with low complexity, unauthenticated attack.