CVSS: 9.0EPSS: 2%CPEs: 4EXPL: 0CVE-2021-3050 – PAN-OS: OS Command Injection Vulnerability in Web Interface
https://notcve.org/view.php?id=CVE-2021-3050
11 Aug 2021 — An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 9.0 version 9.0.10 through PAN-OS 9.0.14; PAN-OS 9.1 version 9.1.4 through PAN-OS 9.1.10; PAN-OS 10.0 version 10.0.7 and earlier PAN-OS 10.0 versions; PAN-OS 10.1 version 10.1.0 through PAN-OS 10.1.1. Prisma Access firewalls and firewalls running PAN-OS 8.1 versions are not impacted by this issue. Una v... • https://security.paloaltonetworks.com/CVE-2021-3050 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3048 – PAN-OS: Invalid URLs in an External Dynamic List (EDL) can Lead to Firewall Outage
https://notcve.org/view.php?id=CVE-2021-3048
11 Aug 2021 — Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. This condition causes subsequent commits on the firewall to fail and prevents administrators from performing commits and configuration changes even though the firewall remains otherwise functional. If the firewall then restarts, it results in a denial-of-service (DoS) condition and the firewall stops processing traffic. This issue impacts: PAN-OS 9.0 versions earlier than PAN-... • https://security.paloaltonetworks.com/CVE-2020-3048 • CWE-20: Improper Input Validation •
CVSS: 4.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3047 – PAN-OS: Weak Cryptography Used in Web Interface Authentication
https://notcve.org/view.php?id=CVE-2021-3047
11 Aug 2021 — A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to impersonate another authenticated web interface administrator's session. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier t... • https://security.paloaltonetworks.com/CVE-2021-3047 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3046 – PAN-OS: Improper SAML Authentication Vulnerability in GlobalProtect Portal
https://notcve.org/view.php?id=CVE-2021-3046
11 Aug 2021 — An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway when they are configured to use SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. PAN-OS 10.1 versions are not impac... • https://security.paloaltonetworks.com/CVE-2021-3046 • CWE-287: Improper Authentication •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3036 – PAN-OS: Administrator secrets are logged in web server logs when using the PAN-OS XML API incorrectly
https://notcve.org/view.php?id=CVE-2021-3036
20 Apr 2021 — An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to use the PAN-OS XML API and exists only when a client includes a duplicate API parameter in API requests. Logged information includes the cleartext username, password, and API key of the administrator making the PAN... • https://security.paloaltonetworks.com/CVE-2021-3036 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3032 – PAN-OS: Configuration secrets for log forwarding may be logged in system logs
https://notcve.org/view.php?id=CVE-2021-3032
13 Jan 2021 — An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of the configuration including the username and password in an encrypted form and private keys used in any certificate profiles set for log forwarding server profiles. This issue impacts: PAN-OS 8.1 versions earlier t... • https://security.paloaltonetworks.com/CVE-2021-3032 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2020-2050 – PAN-OS: Authentication bypass vulnerability in GlobalProtect SSL VPN client certificate verification
https://notcve.org/view.php?id=CVE-2020-2050
12 Nov 2020 — An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to restricted VPN network resources when the gateway or portal is configured to rely entirely on certificate-based authentication. Impacted features that use SSL VPN with client certificate verification are: GlobalProtec... • https://security.paloaltonetworks.com/CVE-2020-2050 • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 1%CPEs: 4EXPL: 0CVE-2020-2000 – PAN-OS: OS command injection and memory corruption vulnerability
https://notcve.org/view.php?id=CVE-2020-2000
12 Nov 2020 — An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. Una vulnerabilidad de corrupción de memoria e inyección... • https://security.paloaltonetworks.com/CVE-2020-2000 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2020-2042 – PAN-OS: Buffer overflow in the management web interface
https://notcve.org/view.php?id=CVE-2020-2042
09 Sep 2020 — A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. This issue impacts only PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. Una vulnerabilidad de desbordamiento de búfer en la interfaz web de administración de PAN-OS permite a los administradores autenticados interrumpir los procesos del sistema y potencialmente ejecutar código arbitrario con privilegios root. Este... • https://security.paloaltonetworks.com/CVE-2020-2042 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 5.3EPSS: 6%CPEs: 4EXPL: 0CVE-2020-2039 – PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload
https://notcve.org/view.php?id=CVE-2020-2039
09 Sep 2020 — An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. It is possible for an attacker to disrupt the availability of the management web interface by repeatedly uploading files until available disk space is exhausted. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-... • https://security.paloaltonetworks.com/CVE-2020-2039 • CWE-400: Uncontrolled Resource Consumption •