Vulnerabilities > Paloaltonetworks

DATE CVE VULNERABILITY TITLE RISK
2021-01-13 CVE-2021-3032 Information Exposure Through LOG Files vulnerability in Paloaltonetworks Pan-Os
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log.
local
low complexity
paloaltonetworks CWE-532
2.1
2021-01-13 CVE-2021-3031 Information Exposure vulnerability in Paloaltonetworks Pan-Os
Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created.
low complexity
paloaltonetworks CWE-200
3.3
2020-12-09 CVE-2020-2049 Uncontrolled Search Path Element vulnerability in Paloaltonetworks Cortex XDR Agent 7.1/7.1.2/7.2
A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges.
local
low complexity
paloaltonetworks CWE-427
7.2
2020-12-09 CVE-2020-2020 Improper Handling of Exceptional Conditions vulnerability in Paloaltonetworks Cortex XDR Agent
An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting.
local
low complexity
paloaltonetworks CWE-755
2.1
2020-11-12 CVE-2020-2050 Improper Authentication vulnerability in Paloaltonetworks Pan-Os
An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate.
network
low complexity
paloaltonetworks CWE-287
6.4
2020-11-12 CVE-2020-2048 Information Exposure Through LOG Files vulnerability in Paloaltonetworks Pan-Os
An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software.
local
low complexity
paloaltonetworks CWE-532
2.1
2020-11-12 CVE-2020-2022 Improper Privilege Management vulnerability in Paloaltonetworks Pan-Os
An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device.
network
high complexity
paloaltonetworks CWE-269
5.1
2020-11-12 CVE-2020-2000 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges.
network
low complexity
paloaltonetworks CWE-78
critical
9.0
2020-11-12 CVE-2020-1999 Improper Check for Unusual OR Exceptional Conditions vulnerability in Paloaltonetworks Pan-Os
A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets.
network
low complexity
paloaltonetworks CWE-754
5.0
2020-09-09 CVE-2020-2044 Information Exposure Through LOG Files vulnerability in Paloaltonetworks Pan-Os
An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software.
network
low complexity
paloaltonetworks CWE-532
4.0