CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-0008 – PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface
https://notcve.org/view.php?id=CVE-2024-0008
14 Feb 2024 — Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. Las sesiones web en la interfaz de administración del software PAN-OS de Palo Alto Networks no caducan en determinadas situaciones, lo que las hace susceptibles a accesos no autorizados. • https://security.paloaltonetworks.com/CVE-2024-0008 • CWE-613: Insufficient Session Expiration •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6793 – PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator
https://notcve.org/view.php?id=CVE-2023-6793
13 Dec 2023 — An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage. Vulnerabilidad de administración de privilegios inadecuada en el software PAN-OS de Palo Alto Networks permite a un administrador de solo lectura autenticado revocar claves API XML activas desde el firewall e interrumpir el uso de la API XML. • https://security.paloaltonetworks.com/CVE-2023-6793 • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-6791 – PAN-OS: Plaintext Disclosure of External System Integration Credentials
https://notcve.org/view.php?id=CVE-2023-6791
13 Dec 2023 — A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface. Vulnerabilidad de divulgación de credenciales en el software PAN-OS de Palo Alto Networks permite a un administrador autenticado de solo lectura obtener las credenciales en texto plano de integraciones de sistemas externos almacenados, como LD... • https://security.paloaltonetworks.com/CVE-2023-6791 • CWE-522: Insufficiently Protected Credentials CWE CATEGORY •
CVSS: 4.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6789 – PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
https://notcve.org/view.php?id=CVE-2023-6789
13 Dec 2023 — A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator. Vulnerabilidad de cross-site scripting (XSS) en el software PAN-OS de Palo Alto Networks permite a un administrador de lectu... • https://security.paloaltonetworks.com/CVE-2023-6789 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-6790 – PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface
https://notcve.org/view.php?id=CVE-2023-6790
13 Dec 2023 — A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface. Vulnerabilidad de cross-site scripting (XSS) basada en DOM en el software PAN-OS de Palo Alto Networks permite a un atacante remoto ejecutar una payload de JavaScript en el contexto del navegador de un administrador cuando ve un enlace específica... • https://security.paloaltonetworks.com/CVE-2023-6790 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38046 – PAN-OS: Read System Files and Resources During Configuration Commit
https://notcve.org/view.php?id=CVE-2023-38046
12 Jul 2023 — A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system. • https://security.paloaltonetworks.com/CVE-2023-38046 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0010 – PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication
https://notcve.org/view.php?id=CVE-2023-0010
14 Jun 2023 — A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link. • https://security.paloaltonetworks.com/CVE-2023-0010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0008 – PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface
https://notcve.org/view.php?id=CVE-2023-0008
10 May 2023 — A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition. • https://security.paloaltonetworks.com/CVE-2023-0008 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0005 – PAN-OS: Exposure of Sensitive Information Vulnerability
https://notcve.org/view.php?id=CVE-2023-0005
12 Apr 2023 — A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys. • https://security.paloaltonetworks.com/CVE-2023-0005 • CWE-312: Cleartext Storage of Sensitive Information CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 8.6EPSS: 5%CPEs: 6EXPL: 0CVE-2022-0028 – Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-0028
10 Aug 2022 — A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target. To be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a source zone that has an... • https://security.paloaltonetworks.com/CVE-2022-0028 • CWE-406: Insufficient Control of Network Message Volume (Network Amplification) •