CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0116 – PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted LLDP Frame
https://notcve.org/view.php?id=CVE-2025-0116
12 Mar 2025 — A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this condition causes the firewall to enter maintenance mode. This issue does not apply to Cloud NGFWs or Prisma Access software. • https://security.paloaltonetworks.com/CVE-2025-0116 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-0115 – PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI
https://notcve.org/view.php?id=CVE-2025-0115
12 Mar 2025 — A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. This issue does not affect Cloud NGFW or Prisma Access. A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. You can greatly reduce the risk of this is... • https://security.paloaltonetworks.com/CVE-2025-0115 • CWE-41: Improper Resolution of Path Equivalence •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0114 – PAN-OS: Denial of Service (DoS) in GlobalProtect
https://notcve.org/view.php?id=CVE-2025-0114
12 Mar 2025 — A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect portal and the GlobalProtect gateway. This issue does not apply to Cloud NGFWs or Prisma Access software. • https://security.paloaltonetworks.com/CVE-2025-0114 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0110 – PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin
https://notcve.org/view.php?id=CVE-2025-0110
12 Feb 2025 — A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface to bypass system restrictions and run arbitrary commands. The commands are run as the “__openconfig” user (which has the Device Administrator role) on the firewall. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses accordi... • https://security.paloaltonetworks.com/CVE-2025-0110 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.1EPSS: 5%CPEs: 4EXPL: 0CVE-2025-0111 – Palo Alto Networks PAN-OS File Read Vulnerability
https://notcve.org/view.php?id=CVE-2025-0111
12 Feb 2025 — An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-am... • https://security.paloaltonetworks.com/CVE-2025-0111 • CWE-73: External Control of File Name or Path •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-0109 – PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface
https://notcve.org/view.php?id=CVE-2025-0109
12 Feb 2025 — An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deplo... • https://security.paloaltonetworks.com/CVE-2024-0109 • CWE-73: External Control of File Name or Path •
CVSS: 9.4EPSS: 93%CPEs: 4EXPL: 6CVE-2025-0108 – Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-0108
12 Feb 2025 — An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface ... • https://github.com/iSee857/CVE-2025-0108-PoC • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.7EPSS: 77%CPEs: 2EXPL: 3CVE-2024-3393 – Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability
https://notcve.org/view.php?id=CVE-2024-3393
27 Dec 2024 — A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode. Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malicious DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remot... • https://packetstorm.news/files/id/188673 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.3EPSS: 94%CPEs: 5EXPL: 11CVE-2024-9474 – Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-9474
18 Nov 2024 — A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability. Una vulnerabilidad de escalada de privilegios en el software PAN-OS de Palo Alto Networks permite que un administrador de PAN-OS con acceso a la interfaz web de administración realice acciones en el firewall con privilegios de superusuar... • https://packetstorm.news/files/id/183312 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 94%CPEs: 4EXPL: 13CVE-2024-0012 – Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-0012
18 Nov 2024 — An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting acce... • https://packetstorm.news/files/id/183312 • CWE-306: Missing Authentication for Critical Function •