CVSS: 9.3EPSS: 43%CPEs: 7EXPL: 2CVE-2021-3060 – PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP)
https://notcve.org/view.php?id=CVE-2021-3060
10 Nov 2021 — An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions ear... • https://github.com/anmolksachan/CVE-2021-3060 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2021-3059 – PAN-OS: OS Command Injection Vulnerability When Performing Dynamic Updates
https://notcve.org/view.php?id=CVE-2021-3059
10 Nov 2021 — An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1... • https://security.paloaltonetworks.com/CVE-2021-3059 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 5EXPL: 0CVE-2021-3058 – PAN-OS: OS Command Injection Vulnerability in Web Interface XML API
https://notcve.org/view.php?id=CVE-2021-3058
10 Nov 2021 — An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. This issue does ... • https://security.paloaltonetworks.com/CVE-2021-3058 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3056 – PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication
https://notcve.org/view.php?id=CVE-2021-3056
10 Nov 2021 — A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. Prisma Access customers with Prisma Access 2.1 Preferred firewalls are impacted by this issue.... • https://security.paloaltonetworks.com/CVE-2021-3056 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3055 – PAN-OS: XML External Entity (XXE) Reference Vulnerability in the PAN-OS Web Interface
https://notcve.org/view.php?id=CVE-2021-3055
08 Sep 2021 — An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-O... • https://security.paloaltonetworks.com/CVE-2021-3055 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3054 – PAN-OS: Unsigned Code Execution During Plugin Installation Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2021-3054
08 Sep 2021 — A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7; PAN-OS 10.1 versions earlier than PAN-OS 10.1.2. This iss... • https://security.paloaltonetworks.com/CVE-2021-3054 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3053 – PAN-OS: Exceptional Condition Denial-of-Service (DoS)
https://notcve.org/view.php?id=CVE-2021-3053
08 Sep 2021 — An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than ... • https://security.paloaltonetworks.com/CVE-2021-3053 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3052 – PAN-OS: Reflected Cross-Site Scripting (XSS) in Web Interface
https://notcve.org/view.php?id=CVE-2021-3052
08 Sep 2021 — A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.20; PAN-OS 9.0 versions earlier than 9.0.14; PAN-OS 9.1 versions earlier than 9.1.10; PAN-OS 10.0 versions earli... • https://security.paloaltonetworks.com/CVE-2021-3052 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 2%CPEs: 4EXPL: 0CVE-2021-3050 – PAN-OS: OS Command Injection Vulnerability in Web Interface
https://notcve.org/view.php?id=CVE-2021-3050
11 Aug 2021 — An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 9.0 version 9.0.10 through PAN-OS 9.0.14; PAN-OS 9.1 version 9.1.4 through PAN-OS 9.1.10; PAN-OS 10.0 version 10.0.7 and earlier PAN-OS 10.0 versions; PAN-OS 10.1 version 10.1.0 through PAN-OS 10.1.1. Prisma Access firewalls and firewalls running PAN-OS 8.1 versions are not impacted by this issue. Una v... • https://security.paloaltonetworks.com/CVE-2021-3050 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3048 – PAN-OS: Invalid URLs in an External Dynamic List (EDL) can Lead to Firewall Outage
https://notcve.org/view.php?id=CVE-2021-3048
11 Aug 2021 — Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. This condition causes subsequent commits on the firewall to fail and prevents administrators from performing commits and configuration changes even though the firewall remains otherwise functional. If the firewall then restarts, it results in a denial-of-service (DoS) condition and the firewall stops processing traffic. This issue impacts: PAN-OS 9.0 versions earlier than PAN-... • https://security.paloaltonetworks.com/CVE-2020-3048 • CWE-20: Improper Input Validation •