CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-3385 – PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled
https://notcve.org/view.php?id=CVE-2024-3385
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: - PA-5400 Series firewalls - PA-7000 Series firewalls • https://security.paloaltonetworks.com/CVE-2024-3385 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3384 – PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets
https://notcve.org/view.php?id=CVE-2024-3384
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. • https://security.paloaltonetworks.com/CVE-2024-3384 • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 2CVE-2024-2433 – PAN-OS: Improper Privilege Management Vulnerability in Panorama Software Leads to Availability Loss
https://notcve.org/view.php?id=CVE-2024-2433
An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. This issue affects only the web interface of the management plane; the dataplane is unaffected. Una vulnerabilidad de autorización inadecuada en el software Panorama de Palo Alto Networks permite que un administrador autenticado de solo lectura cargue archivos utilizando la interfaz web y llene completamente una de las particiones del disco con esos archivos cargados, lo que impide iniciar sesión en la interfaz web o descargarlos. PAN-OS, WildFire e imágenes de contenido. Este problema afecta únicamente a la interfaz web del plano de gestión; el plano de datos no se ve afectado. • https://github.com/nitipoom-jar/CVE-2024-24337 https://github.com/nitipoom-jar/CVE-2024-24336 https://security.paloaltonetworks.com/CVE-2024-2433 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-0011 – PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication
https://notcve.org/view.php?id=CVE-2024-0011
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en la función Portal cautivo del software PAN-OS de Palo Alto Networks permite la ejecución de JavaScript malicioso (en el contexto del navegador de un usuario autenticado del Portal cautivo) si un usuario hace clic en un enlace malicioso, lo que permite Ataques de phishing que podrían conducir al robo de credenciales. • https://security.paloaltonetworks.com/CVE-2024-0011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0010 – PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal
https://notcve.org/view.php?id=CVE-2024-0010
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en la función del portal GlobalProtect del software PAN-OS de Palo Alto Networks permite la ejecución de JavaScript malicioso (en el contexto del navegador de un usuario) si un usuario hace clic en un enlace malicioso, lo que permite ataques de phishing que podría provocar el robo de credenciales. • https://security.paloaltonetworks.com/CVE-2024-0010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •