CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-3385 – PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled
https://notcve.org/view.php?id=CVE-2024-3385
10 Apr 2024 — A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: - PA-5400 Series firewalls - PA-7000 Series firewalls A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. R... • https://security.paloaltonetworks.com/CVE-2024-3385 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3384 – PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets
https://notcve.org/view.php?id=CVE-2024-3384
10 Apr 2024 — A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. • https://security.paloaltonetworks.com/CVE-2024-3384 • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3383 – PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE)
https://notcve.org/view.php?id=CVE-2024-3383
10 Apr 2024 — A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules. • https://security.paloaltonetworks.com/CVE-2024-3383 • CWE-282: Improper Ownership Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3382 – PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets
https://notcve.org/view.php?id=CVE-2024-3382
10 Apr 2024 — A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled. • https://security.paloaltonetworks.com/CVE-2024-3382 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 2CVE-2024-2433 – PAN-OS: Improper Privilege Management Vulnerability in Panorama Software Leads to Availability Loss
https://notcve.org/view.php?id=CVE-2024-2433
13 Mar 2024 — An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. This issue affects only the web interface of the management plane; the dataplane is unaffected. Una vulnerabilidad de autorización inadecuada en el software Pa... • https://github.com/nitipoom-jar/CVE-2024-24337 • CWE-269: Improper Privilege Management •
CVSS: 6.4EPSS: 1%CPEs: 5EXPL: 0CVE-2024-0011 – PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication
https://notcve.org/view.php?id=CVE-2024-0011
14 Feb 2024 — A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en la función Portal cautivo del software PAN-OS de Palo Alto Networks permite la ejecución de JavaScript malicioso (en el... • https://security.paloaltonetworks.com/CVE-2024-0011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 1%CPEs: 2EXPL: 0CVE-2024-0010 – PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal
https://notcve.org/view.php?id=CVE-2024-0010
14 Feb 2024 — A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en la función del portal GlobalProtect del software PAN-OS de Palo Alto Networks permite la ejecución de JavaScript malicioso (en el contexto del ... • https://security.paloaltonetworks.com/CVE-2024-0010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0009 – PAN-OS: Improper IP Address Verification in GlobalProtect Gateway
https://notcve.org/view.php?id=CVE-2024-0009
14 Feb 2024 — An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address. Una vulnerabilidad de verificación incorrecta en la función de puerta de enlace GlobalProtect del software PAN-OS de Palo Alto Networks permite a un usuario malintencionado con credenciales robadas establecer una conexión VPN desde una dirección IP no autorizada. • https://security.paloaltonetworks.com/CVE-2024-0009 • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-0008 – PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface
https://notcve.org/view.php?id=CVE-2024-0008
14 Feb 2024 — Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. Las sesiones web en la interfaz de administración del software PAN-OS de Palo Alto Networks no caducan en determinadas situaciones, lo que las hace susceptibles a accesos no autorizados. • https://security.paloaltonetworks.com/CVE-2024-0008 • CWE-613: Insufficient Session Expiration •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-0007 – PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface
https://notcve.org/view.php?id=CVE-2024-0007
14 Feb 2024 — A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator. Una vulnerabilidad de Cross-Site Scripting (XSS) en el software PAN-OS de Palo Alto Networks permite a un administrador de lectura y escritura autenticado malicioso almacenar un payload de JavaScript utilizando la interfaz ... • https://security.paloaltonetworks.com/CVE-2024-0007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •