Vulnerabilities > Paloaltonetworks

DATE CVE VULNERABILITY TITLE RISK
2023-12-13 CVE-2023-6789 Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface.
network
low complexity
paloaltonetworks CWE-79
4.8
2023-12-13 CVE-2023-6790 Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os
A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface.
network
low complexity
paloaltonetworks CWE-79
6.1
2023-12-13 CVE-2023-6791 Insufficiently Protected Credentials vulnerability in Paloaltonetworks Pan-Os
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.
network
low complexity
paloaltonetworks CWE-522
4.9
2023-12-13 CVE-2023-6792 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
network
low complexity
paloaltonetworks CWE-78
6.3
2023-12-13 CVE-2023-6793 Improper Privilege Management vulnerability in Paloaltonetworks Pan-Os
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.
network
low complexity
paloaltonetworks CWE-269
2.7
2023-12-13 CVE-2023-6794 Unrestricted Upload of File with Dangerous Type vulnerability in Paloaltonetworks Pan-Os
An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
network
low complexity
paloaltonetworks CWE-434
4.7
2023-12-13 CVE-2023-6795 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
network
low complexity
paloaltonetworks CWE-78
4.7
2023-11-08 CVE-2023-3282 Incorrect Permission Assignment for Critical Resource vulnerability in Paloaltonetworks Cortex Xsoar
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine.
local
low complexity
paloaltonetworks CWE-732
6.7
2023-09-13 CVE-2023-3280 Improper Handling of Exceptional Conditions vulnerability in Paloaltonetworks Cortex XDR Agent
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.
local
low complexity
paloaltonetworks CWE-755
5.5
2023-07-12 CVE-2023-38046 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Paloaltonetworks Pan-Os 11.0.0
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.
network
low complexity
paloaltonetworks CWE-610
4.9