CVSS Summary Versions Affected Unaffected Published Updated i PAN-SA-2024-0005
Informational Bulletin: Proof of Concept (PoC) Bypasses Protection Modules in Cortex XDR Agent Cortex XDR Agent 8.4
Cortex XDR Agent 8.3
Cortex XDR Agent 8.2
Cortex XDR Agent 8.1
Cortex XDR Agent 8.0
Cortex XDR Agent 7.9
Cortex XDR Agent 5.0
< Agents with content update earlier than CU-1320 on Windows
< Agents with content update earlier than CU-1320 on Windows
< Agents with content update earlier than CU-1320 on Windows
< Agents with content update earlier than CU-1320 on Windows
< Agents with content update earlier than CU-1320 on Windows
< Agents with content update earlier than CU-1320 on Windows
All agents on Windows
>= Agents with CU-1320 or a later content update on Windows
>= Agents with CU-1320 or a later content update on Windows
>= Agents with CU-1320 or a later content update on Windows
>= Agents with CU-1320 or a later content update on Windows
>= Agents with CU-1320 or a later content update on Windows
>= Agents with CU-1320 or a later content update on Windows
None
2024-04-24 2024-04-24 10 CVE-2024-3400
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect None
< 11.1.0-h3, < 11.1.1-h1, < 11.1.2-h3
< 11.0.0-h3, < 11.0.1-h4, < 11.0.2-h4, < 11.0.3-h10, < 11.0.4-h1
< 10.2.0-h3, < 10.2.1-h2, < 10.2.2-h5, < 10.2.3-h13, < 10.2.4-h16, < 10.2.5-h6, < 10.2.6-h3, < 10.2.7-h8, < 10.2.8-h3, < 10.2.9-h1
None
None
None
All
>= 11.1.0-h3, >= 11.1.1-h1, >= 11.1.2-h3
>= 11.0.0-h3, >= 11.0.1-h4, >= 11.0.2-h4, >= 11.0.3-h10, >= 11.0.4-h1
>= 10.2.0-h3, >= 10.2.1-h2, >= 10.2.2-h5, >= 10.2.3-h13, >= 10.2.4-h16, >= 10.2.5-h6, >= 10.2.6-h3, >= 10.2.7-h8, >= 10.2.8-h3, >= 10.2.9-h1
All
All
all
2024-04-12 2024-05-03 8.2 CVE-2024-3382
PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets None
< 11.1.2
< 11.0.4
< 10.2.7-h3
None
None
None
All
>= 11.1.2
>= 11.0.4
>= 10.2.7-h3
All
All
all
2024-04-10 2024-04-10 6 CVE-2024-3387
PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure None
None
< 11.0.4 on Panorama
< 10.2.7-h3 on Panorama, < 10.2.8 on Panorama
< 10.1.12 on Panorama
None
None
All
All
>= 11.0.4 on Panorama
>= 10.2.7-h3 on Panorama, >= 10.2.8 on Panorama
>= 10.1.12 on Panorama
All
all
2024-04-10 2024-04-10 8.3 CVE-2024-3383
PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE) None
None
< 11.0.3
< 10.2.5
< 10.1.11
None
None
All
All
>= 11.0.3
>= 10.2.5
>= 10.1.11
All
all
2024-04-10 2024-04-10 5.1 CVE-2024-3388
PAN-OS: User Impersonation in GlobalProtect SSL VPN Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
None
None
< 11.0.3
< 10.2.7-h3
< 10.1.11-h4
< 9.1.17
< 9.0.17-h4
< 8.1.26
< 10.2.4
All
All
>= 11.0.3
>= 10.2.7-h3
>= 10.1.11-h4
>= 9.1.17
>= 9.0.17-h4
>= 8.1.26
>= 10.2.4
2024-04-10 2024-04-10 8.2 CVE-2024-3385
PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 9.1
PAN-OS 9.0
Prisma Access
None
None
< 11.0.3
< 10.2.8
< 10.1.12
< 9.1.17
< 9.0.17-h4
None
All
All
>= 11.0.3
>= 10.2.8
>= 10.1.12
>= 9.1.17
>= 9.0.17-h4
All
2024-04-10 2024-04-10 8.2 CVE-2024-3384
PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets None
None
None
< 10.0.12
< 9.1.15-h1
< 9.0.17
< 8.1.24
None
All
All
All
>= 10.0.12
>= 9.1.15-h1
>= 9.0.17
>= 8.1.24
all
2024-04-10 2024-04-10 6.9 CVE-2024-3386
PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended Cloud NGFW
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
Prisma Access
None
None
< 11.0.1-h2, < 11.0.2
< 10.2.4-h2, < 10.2.5
< 10.1.9-h3, < 10.1.10
< 10.0.13
< 9.1.17
< 9.0.17-h2
None
All
All
>= 11.0.1-h2, >= 11.0.2
>= 10.2.4-h2, >= 10.2.5
>= 10.1.9-h3, >= 10.1.10
>= 10.0.13
>= 9.1.17
>= 9.0.17-h2
All
2024-04-10 2024-04-10 i PAN-SA-2024-0003
Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION 2024-04-05 2024-04-05 i CVE-2024-3094
Informational: Impact of Malicious Code in XZ Tools and Libraries (CVE-2024-3094) 2024-04-01 2024-04-01