CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0116 – PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted LLDP Frame
https://notcve.org/view.php?id=CVE-2025-0116
12 Mar 2025 — A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this condition causes the firewall to enter maintenance mode. This issue does not apply to Cloud NGFWs or Prisma Access software. • https://security.paloaltonetworks.com/CVE-2025-0116 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-0115 – PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI
https://notcve.org/view.php?id=CVE-2025-0115
12 Mar 2025 — A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. This issue does not affect Cloud NGFW or Prisma Access. A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. You can greatly reduce the risk of this is... • https://security.paloaltonetworks.com/CVE-2025-0115 • CWE-41: Improper Resolution of Path Equivalence •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0114 – PAN-OS: Denial of Service (DoS) in GlobalProtect
https://notcve.org/view.php?id=CVE-2025-0114
12 Mar 2025 — A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect portal and the GlobalProtect gateway. This issue does not apply to Cloud NGFWs or Prisma Access software. • https://security.paloaltonetworks.com/CVE-2025-0114 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-2550 – PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway Using a Specially Crafted Packet
https://notcve.org/view.php?id=CVE-2024-2550
14 Nov 2024 — A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode. Una vulnerabilidad de desreferencia de puntero nulo en la puerta de enlace GlobalProtect del software PAN-OS de Palo Alto Networks permit... • https://security.paloaltonetworks.com/CVE-2024-2550 • CWE-476: NULL Pointer Dereference •
CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-5920 – PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in PAN-OS Enables Impersonation of a Legitimate Administrator
https://notcve.org/view.php?id=CVE-2024-5920
14 Nov 2024 — A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator's browser. Una vulnerabilidad de cross-site scripting (XSS) en el software PAN-OS de Palo Alto Networks permite que un ad... • https://security.paloaltonetworks.com/CVE-2024-5920 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-2552 – PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI)
https://notcve.org/view.php?id=CVE-2024-2552
14 Nov 2024 — A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall. Una vulnerabilidad de inyección de comandos en el software PAN-OS de Palo Alto Networks permite a un administrador autenticado eludir las restricciones del sistema en el plano de administración y eliminar archivos en el firewall. • https://security.paloaltonetworks.com/CVE-2024-2552 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5918 – PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User
https://notcve.org/view.php?id=CVE-2024-5918
14 Nov 2024 — An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate." Una vulnerabilidad de validación de certificado incorrecta en el software PAN-OS de Palo Alto Networks permite que un usuario autorizado con un ce... • https://security.paloaltonetworks.com/CVE-2024-5918 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-5919 – PAN-OS: Authenticated XML External Entities (XXE) Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-5919
14 Nov 2024 — A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface. Una vulnerabilidad de inyección ciega de entidades externas XML (XXE) en el software PAN-OS de Palo Alto Networks permite a un atacante autenticado extraer archivos arbitrarios de los firewalls a un servidor controlado por ... • https://security.paloaltonetworks.com/CVE-2024-5919 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2551 – PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet
https://notcve.org/view.php?id=CVE-2024-2551
14 Nov 2024 — A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode. Una vulnerabilidad de desreferencia de puntero nulo en el software PAN-OS de Palo Alto Networks permite a un atacante no autenticado detener un servicio cent... • https://security.paloaltonetworks.com/CVE-2024-2551 • CWE-476: NULL Pointer Dereference •
CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-9471 – PAN-OS: Privilege Escalation (PE) Vulnerability in XML API
https://notcve.org/view.php?id=CVE-2024-9471
09 Oct 2024 — A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should be limited to... • https://security.paloaltonetworks.com/CVE-2024-9471 • CWE-269: Improper Privilege Management •