CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2551 – PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet
https://notcve.org/view.php?id=CVE-2024-2551
A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode. Una vulnerabilidad de desreferencia de puntero nulo en el software PAN-OS de Palo Alto Networks permite a un atacante no autenticado detener un servicio central del sistema en el firewall mediante el envío de un paquete manipulado a través del plano de datos que provoca una condición de denegación de servicio (DoS). Los intentos repetidos de activar esta condición hacen que el firewall entre en modo de mantenimiento. • https://security.paloaltonetworks.com/CVE-2024-2551 • CWE-476: NULL Pointer Dereference •
CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-9471 – PAN-OS: Privilege Escalation (PE) Vulnerability in XML API
https://notcve.org/view.php?id=CVE-2024-9471
A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should be limited to read-only operations. • https://security.paloaltonetworks.com/CVE-2024-9471 • CWE-269: Improper Privilege Management •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5916 – PAN-OS: Cleartext Exposure of External System Secrets
https://notcve.org/view.php?id=CVE-2024-5916
An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems. • https://security.paloaltonetworks.com/CVE-2024-5916 • CWE-313: Cleartext Storage in a File or on Disk •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-5913 – PAN-OS: Improper Input Validation Vulnerability in PAN-OS
https://notcve.org/view.php?id=CVE-2024-5913
An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges. Una vulnerabilidad de validación de entrada incorrecta en el software PAN-OS de Palo Alto Networks permite a un atacante manipular el sistema de archivos físico para elevar los privilegios. • https://security.paloaltonetworks.com/CVE-2024-5913 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 96%CPEs: 70EXPL: 35CVE-2024-3400 – Palo Alto Networks PAN-OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-3400
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. Una vulnerabilidad de inyección de comandos en la función GlobalProtect del software PAN-OS de Palo Alto Networks para versiones específicas de PAN-OS y configuraciones de funciones distintas puede permitir que un atacante no autenticado ejecute código arbitrario con privilegios de root en el firewall. Cloud NGFW, dispositivos Panorama y Prisma Access no se ven afectados por esta vulnerabilidad. Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall. • https://github.com/W01fh4cker/CVE-2024-3400-RCE https://github.com/h4x0r-dz/CVE-2024-3400 https://www.exploit-db.com/exploits/51996 https://github.com/ak1t4/CVE-2024-3400 https://github.com/marconesler/CVE-2024-3400 https://github.com/swaybs/CVE-2024-3400 https://github.com/Kr0ff/cve-2024-3400 https://github.com/0x0d3ad/CVE-2024-3400 https://github.com/W01fh4cker/CVE-2024-3400-RCE-Scan https://github.com/Yuvvi01/CVE-2024-3400 https://github.com/momika233&#x • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •