CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5916 – PAN-OS: Cleartext Exposure of External System Secrets
https://notcve.org/view.php?id=CVE-2024-5916
14 Aug 2024 — An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems. • https://security.paloaltonetworks.com/CVE-2024-5916 • CWE-313: Cleartext Storage in a File or on Disk •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-5913 – PAN-OS: Improper Input Validation Vulnerability in PAN-OS
https://notcve.org/view.php?id=CVE-2024-5913
10 Jul 2024 — An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges. Una vulnerabilidad de validación de entrada incorrecta en el software PAN-OS de Palo Alto Networks permite a un atacante manipular el sistema de archivos físico para elevar los privilegios. • https://security.paloaltonetworks.com/CVE-2024-5913 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5911 – PAN-OS: File Upload Vulnerability in the Panorama Web Interface
https://notcve.org/view.php?id=CVE-2024-5911
10 Jul 2024 — An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which requires manual intervention to bring the Panorama back online. Una vulnerabilidad de carga de archivos arbitraria en el software Panorama de Palo Alto Networks permite que un administrador de lectura y escritura auten... • https://security.paloaltonetworks.com/CVE-2024-5911 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2024-3388 – PAN-OS: User Impersonation in GlobalProtect SSL VPN
https://notcve.org/view.php?id=CVE-2024-3388
10 Apr 2024 — A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets. • https://github.com/Grantzile/PoC-CVE-2024-33883 • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3387 – PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2024-3387
10 Apr 2024 — A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls. • https://security.paloaltonetworks.com/CVE-2024-3387 • CWE-326: Inadequate Encryption Strength •
CVSS: 9.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-3386 – PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended
https://notcve.org/view.php?id=CVE-2024-3386
10 Apr 2024 — An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption. • https://security.paloaltonetworks.com/CVE-2024-3386 • CWE-436: Interpretation Conflict •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-3385 – PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled
https://notcve.org/view.php?id=CVE-2024-3385
10 Apr 2024 — A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: - PA-5400 Series firewalls - PA-7000 Series firewalls A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. R... • https://security.paloaltonetworks.com/CVE-2024-3385 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3384 – PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets
https://notcve.org/view.php?id=CVE-2024-3384
10 Apr 2024 — A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. • https://security.paloaltonetworks.com/CVE-2024-3384 • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3383 – PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE)
https://notcve.org/view.php?id=CVE-2024-3383
10 Apr 2024 — A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules. • https://security.paloaltonetworks.com/CVE-2024-3383 • CWE-282: Improper Ownership Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3382 – PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets
https://notcve.org/view.php?id=CVE-2024-3382
10 Apr 2024 — A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled. • https://security.paloaltonetworks.com/CVE-2024-3382 • CWE-770: Allocation of Resources Without Limits or Throttling •