An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. This issue affects only the web interface of the management plane; the dataplane is unaffected.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.
Max CVSS
4.5
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-02-14
Updated
2024-02-15
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-02-14
Updated
2024-02-15
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.
Max CVSS
6.3
EPSS Score
0.04%
Published
2024-02-14
Updated
2024-02-15
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.
Max CVSS
6.6
EPSS Score
0.04%
Published
2024-02-14
Updated
2024-02-15
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator.
Max CVSS
6.8
EPSS Score
0.04%
Published
2024-02-14
Updated
2024-02-15
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.
Max CVSS
5.5
EPSS Score
0.07%
Published
2023-07-12
Updated
2023-07-20
An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-12-13
Updated
2023-12-18
An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-12-13
Updated
2023-12-18
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.
Max CVSS
2.7
EPSS Score
0.04%
Published
2023-12-13
Updated
2023-12-18
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
Max CVSS
6.3
EPSS Score
0.05%
Published
2023-12-13
Updated
2023-12-18
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.
Max CVSS
4.9
EPSS Score
0.05%
Published
2023-12-13
Updated
2023-12-18
A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-12-13
Updated
2023-12-18
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.
Max CVSS
4.8
EPSS Score
0.05%
Published
2023-12-13
Updated
2023-12-18
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine.
Max CVSS
6.7
EPSS Score
0.04%
Published
2023-11-08
Updated
2023-11-16
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-09-13
Updated
2023-09-19
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-06-14
Updated
2023-06-22
A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-06-14
Updated
2023-07-31
A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.
Max CVSS
4.4
EPSS Score
0.07%
Published
2023-05-10
Updated
2023-05-17
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-05-10
Updated
2023-05-17
A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition.
Max CVSS
6.3
EPSS Score
0.04%
Published
2023-04-12
Updated
2023-04-21
A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys.
Max CVSS
4.9
EPSS Score
0.05%
Published
2023-04-12
Updated
2023-04-21
A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. These files can include logs and system components that impact the integrity and availability of PAN-OS software.
Max CVSS
6.5
EPSS Score
0.07%
Published
2023-04-12
Updated
2023-11-03
243 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!