Page 4 of 49 results (0.003 seconds)

CVSS: 9.9EPSS: 96%CPEs: 1EXPL: 0

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. • https://security.paloaltonetworks.com/PAN-SA-2024-0010 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker. • https://security.paloaltonetworks.com/CVE-2024-8691 • CWE-863: Incorrect Authorization •

CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0

A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles. • https://security.paloaltonetworks.com/CVE-2024-8689 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0

An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall. • https://security.paloaltonetworks.com/CVE-2024-8688 • CWE-155: Improper Neutralization of Wildcards or Matching Symbols •

CVSS: 6.9EPSS: 0%CPEs: 12EXPL: 0

An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so. • https://security.paloaltonetworks.com/CVE-2024-8687 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •