Filtered by vendor Paloaltonetworks Subscriptions
Total 276 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-9463 1 Paloaltonetworks 1 Expedition 2024-11-15 7.5 High
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
CVE-2024-8691 1 Paloaltonetworks 1 Pan-os 2024-11-01 7.1 High
A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker.
CVE-2024-9464 1 Paloaltonetworks 1 Expedition 2024-10-18 6.5 Medium
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
CVE-2024-9471 1 Paloaltonetworks 1 Pan-os 2024-10-18 4.7 Medium
A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should be limited to read-only operations.
CVE-2024-9470 1 Paloaltonetworks 1 Cortex Xsoar 2024-10-18 N/A
A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data.
CVE-2024-9469 2 Microsoft, Paloaltonetworks 2 Windows, Cortex Xdr Agent 2024-10-18 5.5 Medium
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
CVE-2024-9468 1 Paloaltonetworks 1 Pan-os 2024-10-18 N/A
A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.
CVE-2024-9467 1 Paloaltonetworks 1 Expedition 2024-10-18 6.1 Medium
A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.
CVE-2024-9466 1 Paloaltonetworks 1 Expedition 2024-10-18 6.5 Medium
A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.
CVE-2024-8690 2 Microsoft, Paloaltonetworks 2 Windows, Cortex Xdr Agent 2024-10-15 4.4 Medium
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
CVE-2024-8686 1 Paloaltonetworks 3 Cloud Ngfw, Pan-os, Prisma Access 2024-10-03 7.2 High
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall.
CVE-2024-8687 1 Paloaltonetworks 3 Globalprotect, Pan-os, Prisma Access 2024-10-03 7.1 High
An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so.
CVE-2024-8688 1 Paloaltonetworks 1 Pan-os 2024-10-03 4.4 Medium
An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall.
CVE-2024-5916 1 Paloaltonetworks 1 Pan-os 2024-08-20 4.4 Medium
An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems.
CVE-2024-5915 1 Paloaltonetworks 1 Globalprotect 2024-08-20 7.8 High
A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges.
CVE-2024-5914 1 Paloaltonetworks 1 Cortex Xsoar Commonscripts 2024-08-20 9.8 Critical
A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container.