Vulnerabilities > Paloaltonetworks
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-09 | CVE-2024-9463 | OS Command Injection vulnerability in Paloaltonetworks Expedition An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. | 7.5 |
| 2024-10-09 | CVE-2024-9464 | OS Command Injection vulnerability in Paloaltonetworks Expedition An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. | 6.5 |
| 2024-10-09 | CVE-2024-9465 | SQL Injection vulnerability in Paloaltonetworks Expedition An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. | 9.1 |
| 2024-10-09 | CVE-2024-9466 | Cleartext Storage of Sensitive Information vulnerability in Paloaltonetworks Expedition A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. | 6.5 |
| 2024-10-09 | CVE-2024-9467 | Cross-site Scripting vulnerability in Paloaltonetworks Expedition A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft. | 6.1 |
| 2024-10-09 | CVE-2024-9469 | Improper Check for Unusual or Exceptional Conditions vulnerability in Paloaltonetworks Cortex XDR Agent A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. | 5.5 |
| 2024-10-09 | CVE-2024-9471 | Unspecified vulnerability in Paloaltonetworks Pan-Os A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. | 4.7 |
| 2024-10-09 | CVE-2024-9473 | Unspecified vulnerability in Paloaltonetworks Globalprotect A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect. | 7.8 |
| 2024-09-11 | CVE-2024-8686 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall. | 7.2 |
| 2024-09-11 | CVE-2024-8687 | Unspecified vulnerability in Paloaltonetworks Pan-Os An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. | 7.1 |