Page 2 of 49 results (0.001 seconds)

CVSS: 5.1EPSS: 0%CPEs: 3EXPL: 0

A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface. Una vulnerabilidad de inyección ciega de entidades externas XML (XXE) en el software PAN-OS de Palo Alto Networks permite a un atacante autenticado extraer archivos arbitrarios de los firewalls a un servidor controlado por el atacante. Este ataque requiere acceso de red a la interfaz de administración del firewall. • https://security.paloaltonetworks.com/CVE-2024-5919 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0

A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode. Una vulnerabilidad de desreferencia de puntero nulo en el software PAN-OS de Palo Alto Networks permite a un atacante no autenticado detener un servicio central del sistema en el firewall mediante el envío de un paquete manipulado a través del plano de datos que provoca una condición de denegación de servicio (DoS). Los intentos repetidos de activar esta condición hacen que el firewall entre en modo de mantenimiento. • https://security.paloaltonetworks.com/CVE-2024-2551 • CWE-476: NULL Pointer Dereference •

CVSS: 5.2EPSS: 0%CPEs: 5EXPL: 1

A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect. Palo Alto Networks GlobalProtect versions 5.1.x, 5.2.x, 6.0.x, 6.1.x, 6.3.x and versions less than 6.2.5 suffer from a local privilege escalation vulnerability. • https://security.paloaltonetworks.com/CVE-2024-9473 https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-via-msi-installer-in-palo-alto-networks-globalprotect • CWE-250: Execution with Unnecessary Privileges •

CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 0

A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should be limited to read-only operations. • https://security.paloaltonetworks.com/CVE-2024-9471 • CWE-269: Improper Privilege Management •

CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity. • https://security.paloaltonetworks.com/CVE-2024-9469 • CWE-754: Improper Check for Unusual or Exceptional Conditions •