Page 8 of 72 results (0.008 seconds)

CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0

An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. This issue does not impact Prisma Access firewalls. Una vulnerabilidad de inyección de comandos del sistema operativo en la interfaz web de Palo Alto Networks PAN-OS permite a un administrador autenticado con permisos para usar la API XML la capacidad de ejecutar comandos arbitrarios del sistema operativo para escalar privilegios. Este problema afecta a: PAN-OS versiones 8.1 anteriores a PAN-OS 8.1.20-h1; PAN-OS versiones 9.0 anteriores a PAN-OS 9.0.14-h3; PAN-OS versiones 9.1 anteriores a PAN-OS 9.1.11-h2; PAN-OS versiones 10.0 anteriores a PAN-OS 10.0.8; PAN-OS versiones 10.1 anteriores a PAN-OS 10.1.3. • https://security.paloaltonetworks.com/CVE-2021-3058 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. Prisma Access customers with Prisma Access 2.1 Preferred firewalls are impacted by this issue. Una vulnerabilidad de corrupción de memoria en Palo Alto Networks PAN-OS GlobalProtect Clientless VPN permite a un atacante autenticado ejecutar código arbitrario con privilegios de usuario root durante la autenticación SAML. Este problema afecta a: PAN-OS versiones 8.1 anteriores a PAN-OS 8.1.20; PAN-OS versiones 9.0 anteriores a PAN-OS 9.0.14; PAN-OS versiones 9.1 anteriores a PAN-OS 9.1.9; PAN-OS versiones 10.0 anteriores a PAN-OS 10.0.1. • https://security.paloaltonetworks.com/CVE-2021-3056 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.6. This issue does not affect Prisma Access. Una vulnerabilidad de restricción inapropiada de tipo XML external entity (XXE) en la interfaz web de Palo Alto Networks PAN-OS permite a un administrador autenticado leer cualquier archivo arbitrario del sistema de archivos y enviar una petición específicamente diseñada al firewall que cause el bloqueo del servicio. • https://security.paloaltonetworks.com/CVE-2021-3055 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0

A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7; PAN-OS 10.1 versions earlier than PAN-OS 10.1.2. This issue does not affect Prisma Access. Una vulnerabilidad de condición de carrera de tiempo de comprobación a tiempo de uso (TOCTOU) en la interfaz web de Palo Alto Networks PAN-OS permite a un administrador autenticado con permiso para cargar plugins ejecutar código arbitrario con privilegios de usuario root. Este problema afecta a: PAN-OS versión 8.1 anteriores a PAN-OS 8.1.20; PAN-OS versión 9.0 anteriores a PAN-OS 9.0.14; PAN-OS versión 9.1 anteriores a PAN-OS 9.1.11; PAN-OS versión 10.0 anteriores a PAN-OS 10.0.7; PAN-OS versión 10.1 anteriores a PAN-OS 10.1.2. • https://security.paloaltonetworks.com/CVE-2021-3054 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. This issue does not affect Prisma Access. Se presenta una vulnerabilidad de administración inapropiada de condiciones excepcionales en el plano de datos de PAN-OS de Palo Alto Networks que permite a un atacante no autenticado basado en la red enviar tráfico específicamente diseñado mediante el firewall que causa un bloqueo del servicio. • https://security.paloaltonetworks.com/CVE-2021-3053 • CWE-755: Improper Handling of Exceptional Conditions •