Palo Alto Networks Security Advisories

Found 11

CVSS	Summary	Versions	Affected	Unaffected	Published	Updated
i	PAN-SA-2024-0005 Informational Bulletin: Proof of Concept (PoC) Bypasses Protection Modules in Cortex XDR Agent	Cortex XDR Agent 8.4 Cortex XDR Agent 8.3 Cortex XDR Agent 8.2 Cortex XDR Agent 8.1 Cortex XDR Agent 8.0 Cortex XDR Agent 7.9 Cortex XDR Agent 5.0	< Agents with content update earlier than CU-1320 on Windows < Agents with content update earlier than CU-1320 on Windows < Agents with content update earlier than CU-1320 on Windows < Agents with content update earlier than CU-1320 on Windows < Agents with content update earlier than CU-1320 on Windows < Agents with content update earlier than CU-1320 on Windows All agents on Windows	>= Agents with CU-1320 or a later content update on Windows >= Agents with CU-1320 or a later content update on Windows >= Agents with CU-1320 or a later content update on Windows >= Agents with CU-1320 or a later content update on Windows >= Agents with CU-1320 or a later content update on Windows >= Agents with CU-1320 or a later content update on Windows None	2024-04-24	2024-04-24
10	CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect	Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 ➔ View additional products	None < 11.1.0-h3, < 11.1.1-h1, < 11.1.2-h3 < 11.0.0-h3, < 11.0.1-h4, < 11.0.2-h4, < 11.0.3-h10, < 11.0.4-h1 < 10.2.0-h3, < 10.2.1-h2, < 10.2.2-h5, < 10.2.3-h13, < 10.2.4-h16, < 10.2.5-h6, < 10.2.6-h3, < 10.2.7-h8, < 10.2.8-h3, < 10.2.9-h1 None None None	All >= 11.1.0-h3, >= 11.1.1-h1, >= 11.1.2-h3 >= 11.0.0-h3, >= 11.0.1-h4, >= 11.0.2-h4, >= 11.0.3-h10, >= 11.0.4-h1 >= 10.2.0-h3, >= 10.2.1-h2, >= 10.2.2-h5, >= 10.2.3-h13, >= 10.2.4-h16, >= 10.2.5-h6, >= 10.2.6-h3, >= 10.2.7-h8, >= 10.2.8-h3, >= 10.2.9-h1 All All all	2024-04-12	2024-05-03
8.2	CVE-2024-3382 PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets	Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 ➔ View additional products	None < 11.1.2 < 11.0.4 < 10.2.7-h3 None None None	All >= 11.1.2 >= 11.0.4 >= 10.2.7-h3 All All all	2024-04-10	2024-04-10
6	CVE-2024-3387 PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure	Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 ➔ View additional products	None None < 11.0.4 on Panorama < 10.2.7-h3 on Panorama, < 10.2.8 on Panorama < 10.1.12 on Panorama None None	All All >= 11.0.4 on Panorama >= 10.2.7-h3 on Panorama, >= 10.2.8 on Panorama >= 10.1.12 on Panorama All all	2024-04-10	2024-04-10
8.3	CVE-2024-3383 PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE)	Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 ➔ View additional products	None None < 11.0.3 < 10.2.5 < 10.1.11 None None	All All >= 11.0.3 >= 10.2.5 >= 10.1.11 All all	2024-04-10	2024-04-10
5.1	CVE-2024-3388 PAN-OS: User Impersonation in GlobalProtect SSL VPN	Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access	None None < 11.0.3 < 10.2.7-h3 < 10.1.11-h4 < 9.1.17 < 9.0.17-h4 < 8.1.26 < 10.2.4	All All >= 11.0.3 >= 10.2.7-h3 >= 10.1.11-h4 >= 9.1.17 >= 9.0.17-h4 >= 8.1.26 >= 10.2.4	2024-04-10	2024-04-10
8.2	CVE-2024-3385 PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled	Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 Prisma Access	None None < 11.0.3 < 10.2.8 < 10.1.12 < 9.1.17 < 9.0.17-h4 None	All All >= 11.0.3 >= 10.2.8 >= 10.1.12 >= 9.1.17 >= 9.0.17-h4 All	2024-04-10	2024-04-10
8.2	CVE-2024-3384 PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets	Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 ➔ View additional products	None None None < 10.0.12 < 9.1.15-h1 < 9.0.17 < 8.1.24 None	All All All >= 10.0.12 >= 9.1.15-h1 >= 9.0.17 >= 8.1.24 all	2024-04-10	2024-04-10
6.9	CVE-2024-3386 PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended	Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 Prisma Access	None None < 11.0.1-h2, < 11.0.2 < 10.2.4-h2, < 10.2.5 < 10.1.9-h3, < 10.1.10 < 10.0.13 < 9.1.17 < 9.0.17-h2 None	All All >= 11.0.1-h2, >= 11.0.2 >= 10.2.4-h2, >= 10.2.5 >= 10.1.9-h3, >= 10.1.10 >= 10.0.13 >= 9.1.17 >= 9.0.17-h2 All	2024-04-10	2024-04-10
i	PAN-SA-2024-0003 Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION	Prisma SD-WAN ION	None	All	2024-04-05	2024-04-05
i	CVE-2024-3094 Informational: Impact of Malicious Code in XZ Tools and Libraries (CVE-2024-3094)	➔ View multiple products	None	all	2024-04-01	2024-04-01

Download