CVSS: 7.1EPSS: 5%CPEs: 4EXPL: 0CVE-2025-0111 – Palo Alto Networks PAN-OS File Read Vulnerability
https://notcve.org/view.php?id=CVE-2025-0111
12 Feb 2025 — An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-am... • https://security.paloaltonetworks.com/CVE-2025-0111 • CWE-73: External Control of File Name or Path •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-0109 – PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface
https://notcve.org/view.php?id=CVE-2025-0109
12 Feb 2025 — An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deplo... • https://security.paloaltonetworks.com/CVE-2024-0109 • CWE-73: External Control of File Name or Path •
CVSS: 9.4EPSS: 93%CPEs: 4EXPL: 6CVE-2025-0108 – Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-0108
12 Feb 2025 — An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface ... • https://github.com/iSee857/CVE-2025-0108-PoC • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.3EPSS: 94%CPEs: 5EXPL: 11CVE-2024-9474 – Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-9474
18 Nov 2024 — A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability. Una vulnerabilidad de escalada de privilegios en el software PAN-OS de Palo Alto Networks permite que un administrador de PAN-OS con acceso a la interfaz web de administración realice acciones en el firewall con privilegios de superusuar... • https://packetstorm.news/files/id/183312 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 94%CPEs: 4EXPL: 13CVE-2024-0012 – Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-0012
18 Nov 2024 — An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting acce... • https://packetstorm.news/files/id/183312 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-9472 – PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic
https://notcve.org/view.php?id=CVE-2024-9472
14 Nov 2024 — A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode. Palo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected. T... • https://security.paloaltonetworks.com/CVE-2024-9472 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 94%CPEs: 70EXPL: 47CVE-2024-3400 – Palo Alto Networks PAN-OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-3400
12 Apr 2024 — A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. Una vulnerabilidad de inyección de comandos en la función GlobalProtect del software PAN-OS de Palo Alto Networks... • https://packetstorm.news/files/id/178220 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6793 – PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator
https://notcve.org/view.php?id=CVE-2023-6793
13 Dec 2023 — An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage. Vulnerabilidad de administración de privilegios inadecuada en el software PAN-OS de Palo Alto Networks permite a un administrador de solo lectura autenticado revocar claves API XML activas desde el firewall e interrumpir el uso de la API XML. • https://security.paloaltonetworks.com/CVE-2023-6793 • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-6791 – PAN-OS: Plaintext Disclosure of External System Integration Credentials
https://notcve.org/view.php?id=CVE-2023-6791
13 Dec 2023 — A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface. Vulnerabilidad de divulgación de credenciales en el software PAN-OS de Palo Alto Networks permite a un administrador autenticado de solo lectura obtener las credenciales en texto plano de integraciones de sistemas externos almacenados, como LD... • https://security.paloaltonetworks.com/CVE-2023-6791 • CWE-522: Insufficiently Protected Credentials CWE CATEGORY •
CVSS: 4.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6789 – PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
https://notcve.org/view.php?id=CVE-2023-6789
13 Dec 2023 — A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator. Vulnerabilidad de cross-site scripting (XSS) en el software PAN-OS de Palo Alto Networks permite a un administrador de lectu... • https://security.paloaltonetworks.com/CVE-2023-6789 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •