CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17440 – PAN-OS on PA-7000 Series: Improper restriction of communication to Log Forwarding Card (LFC) allows root access
https://notcve.org/view.php?id=CVE-2019-17440
20 Dec 2019 — Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured. This issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC). This issue does not affect any other... • https://security.paloaltonetworks.com/CVE-2019-17440 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-17437 – PAN-OS: Custom-role users may escalate privileges
https://notcve.org/view.php?id=CVE-2019-17437
05 Dec 2019 — An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue. Una comprobación de autenticación inapropiada en PAN-OS de Palo Alto Networks puede permitir a un usuario ... • https://securityadvisories.paloaltonetworks.com/Home/Detail/159 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1582
https://notcve.org/view.php?id=CVE-2019-1582
23 Aug 2019 — Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. La corrupción de la memoria en PAN-OS 8.1.9 y anteriores, y PAN-OS 9.0.3 y anteriores permitirá a un usuario administrativo causar daños arbitrarios en la memoria al volver a escribir la sesión interactiva actual del cliente. • https://security.paloaltonetworks.com/CVE-2019-1582 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2019-1581 – PAN-OS: Remote code execution vulnerability in the PAN-OS SSH device management interface
https://notcve.org/view.php?id=CVE-2019-1581
23 Aug 2019 — A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25; 8.0 versions prior to 8.0.19-h1, 8.0.20; 8.1 versions prior to 8.1.9-h4, 8.1.10; 9.0 versions prior to 9.0.3-h3, 9.0.4. Una vulnerabilidad de ejecución remota de código en la interfaz de administración de dispositivos SSH de PAN-OS ... • https://security.paloaltonetworks.com/CVE-2019-1581 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2019-1580
https://notcve.org/view.php?id=CVE-2019-1580
23 Aug 2019 — Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory. La corrupción de la memoria en PAN-OS 7.1.24 y anteriores, PAN-OS 8.0.19 y anteriores, PAN-OS 8.1.9 y anteriores, y PAN-OS 9.0.3 y anteriores permitirá que un usuario remoto no autenticado elabore un mensaje para proteger Shell Daemon (SSHD) y corromper la memo... • https://security.paloaltonetworks.com/CVE-2019-1580 • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 92%CPEs: 3EXPL: 3CVE-2019-1579 – Palo Alto Networks PAN-OS Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-1579
19 Jul 2019 — Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code. La ejecución de código remota en PAN-OS versión 7.1.18 y anteriores, PAN-OS versión 8.0.11-h1 y anteriores, y PAN-OS versión 8.1.2 y anteriores con GlobalProtect Portal o GlobalProtect Gateway Interface habilitados pueden permitir que un atacante remoto no aut... • https://github.com/securifera/CVE-2019-1579 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-1575
https://notcve.org/view.php?id=CVE-2019-1575
16 Jul 2019 — Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them. Una divulgación de información en PAN-OS versiones 7.1.23 y anteriores, PAN-OS versiones 8.0.18 y anteriores, PAN-OS versiones 8.1.8-h4 y anteriores, y PAN-OS versione... • http://www.securityfocus.com/bid/109176 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 0CVE-2019-1576
https://notcve.org/view.php?id=CVE-2019-1576
16 Jul 2019 — Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions. La inyección de comandos en PAN-0S 9.0.2 y versiones anteriores puede permitir que un atacante autenticado obtenga acceso a un shell remoto en PAN-OS, y posiblemente se ejecute con los permisos de usuario escalados. • https://security.paloaltonetworks.com/CVE-2019-1576 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1572
https://notcve.org/view.php?id=CVE-2019-1572
26 Mar 2019 — PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files. **RECHAZADA** NO USAR ESTE NÚMERO DE CANDIDATO. ConsultIDs: CVE-2019-1571. Motivo: Este candidato es una réplica de reserva de CVE-2019-1571. Notas: Todos los usuarios de CVE deben hacer referencia a CVE-2019-1571 en lugar de este candidato. • http://www.securityfocus.com/bid/107720 •
CVSS: 5.9EPSS: 4%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •