CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-9471 – PAN-OS: Privilege Escalation (PE) Vulnerability in XML API
https://notcve.org/view.php?id=CVE-2024-9471
09 Oct 2024 — A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should be limited to... • https://security.paloaltonetworks.com/CVE-2024-9471 • CWE-269: Improper Privilege Management •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9469 – Cortex XDR Agent: Local Windows User Can Disable the Agent
https://notcve.org/view.php?id=CVE-2024-9469
09 Oct 2024 — A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity. • https://security.paloaltonetworks.com/CVE-2024-9469 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9468 – PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet
https://notcve.org/view.php?id=CVE-2024-9468
09 Oct 2024 — A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode. • https://security.paloaltonetworks.com/CVE-2024-9468 • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9467 – Expedition: Reflected Cross-Site Scripting Vulnerability Leads to Expedition Session Disclosure
https://notcve.org/view.php?id=CVE-2024-9467
09 Oct 2024 — A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft. • https://security.paloaltonetworks.com/PAN-SA-2024-0010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 5%CPEs: 1EXPL: 2CVE-2024-9466 – Expedition: Cleartext Storage of Information Leads to Firewall Admin Credential Disclosure
https://notcve.org/view.php?id=CVE-2024-9466
09 Oct 2024 — A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. • https://github.com/holypryx/CVE-2024-9466 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.4EPSS: 94%CPEs: 1EXPL: 5CVE-2024-9465 – Palo Alto Networks Expedition SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-9465
09 Oct 2024 — An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system. Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configuration... • https://github.com/horizon3ai/CVE-2024-9465 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 82%CPEs: 1EXPL: 2CVE-2024-9464 – Expedition: Authenticated OS Command Injection Vulnerability Leads to Firewall Admin Credential Disclosure
https://notcve.org/view.php?id=CVE-2024-9464
09 Oct 2024 — An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. • https://github.com/horizon3ai/CVE-2024-9464 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 94%CPEs: 1EXPL: 0CVE-2024-9463 – Palo Alto Networks Expedition OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-9463
09 Oct 2024 — An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, dev... • https://security.paloaltonetworks.com/PAN-SA-2024-0010 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8691 – PAN-OS: User Impersonation in GlobalProtect Portal
https://notcve.org/view.php?id=CVE-2024-8691
11 Sep 2024 — A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker. • https://security.paloaltonetworks.com/CVE-2024-8691 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8689 – ActiveMQ Content Pack: Cleartext Exposure of Credentials
https://notcve.org/view.php?id=CVE-2024-8689
11 Sep 2024 — A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles. • https://security.paloaltonetworks.com/CVE-2024-8689 • CWE-312: Cleartext Storage of Sensitive Information •