CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-2552 – PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI)
https://notcve.org/view.php?id=CVE-2024-2552
14 Nov 2024 — A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall. Una vulnerabilidad de inyección de comandos en el software PAN-OS de Palo Alto Networks permite a un administrador autenticado eludir las restricciones del sistema en el plano de administración y eliminar archivos en el firewall. • https://security.paloaltonetworks.com/CVE-2024-2552 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5918 – PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User
https://notcve.org/view.php?id=CVE-2024-5918
14 Nov 2024 — An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate." Una vulnerabilidad de validación de certificado incorrecta en el software PAN-OS de Palo Alto Networks permite que un usuario autorizado con un ce... • https://security.paloaltonetworks.com/CVE-2024-5918 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-5919 – PAN-OS: Authenticated XML External Entities (XXE) Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-5919
14 Nov 2024 — A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface. Una vulnerabilidad de inyección ciega de entidades externas XML (XXE) en el software PAN-OS de Palo Alto Networks permite a un atacante autenticado extraer archivos arbitrarios de los firewalls a un servidor controlado por ... • https://security.paloaltonetworks.com/CVE-2024-5919 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2551 – PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet
https://notcve.org/view.php?id=CVE-2024-2551
14 Nov 2024 — A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode. Una vulnerabilidad de desreferencia de puntero nulo en el software PAN-OS de Palo Alto Networks permite a un atacante no autenticado detener un servicio cent... • https://security.paloaltonetworks.com/CVE-2024-2551 • CWE-476: NULL Pointer Dereference •
CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-9471 – PAN-OS: Privilege Escalation (PE) Vulnerability in XML API
https://notcve.org/view.php?id=CVE-2024-9471
09 Oct 2024 — A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should be limited to... • https://security.paloaltonetworks.com/CVE-2024-9471 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-8687 – PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes
https://notcve.org/view.php?id=CVE-2024-8687
11 Sep 2024 — An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so. • https://security.paloaltonetworks.com/CVE-2024-8687 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5916 – PAN-OS: Cleartext Exposure of External System Secrets
https://notcve.org/view.php?id=CVE-2024-5916
14 Aug 2024 — An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems. • https://security.paloaltonetworks.com/CVE-2024-5916 • CWE-313: Cleartext Storage in a File or on Disk •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-5913 – PAN-OS: Improper Input Validation Vulnerability in PAN-OS
https://notcve.org/view.php?id=CVE-2024-5913
10 Jul 2024 — An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges. Una vulnerabilidad de validación de entrada incorrecta en el software PAN-OS de Palo Alto Networks permite a un atacante manipular el sistema de archivos físico para elevar los privilegios. • https://security.paloaltonetworks.com/CVE-2024-5913 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5911 – PAN-OS: File Upload Vulnerability in the Panorama Web Interface
https://notcve.org/view.php?id=CVE-2024-5911
10 Jul 2024 — An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which requires manual intervention to bring the Panorama back online. Una vulnerabilidad de carga de archivos arbitraria en el software Panorama de Palo Alto Networks permite que un administrador de lectura y escritura auten... • https://security.paloaltonetworks.com/CVE-2024-5911 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 94%CPEs: 70EXPL: 47CVE-2024-3400 – Palo Alto Networks PAN-OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-3400
12 Apr 2024 — A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. Una vulnerabilidad de inyección de comandos en la función GlobalProtect del software PAN-OS de Palo Alto Networks... • https://packetstorm.news/files/id/178220 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •