Vulnerabilities > Paloaltonetworks
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-08 | CVE-2020-1982 | Inadequate Encryption Strength vulnerability in Paloaltonetworks Pan-Os Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. | 4.8 |
| 2020-06-29 | CVE-2020-2021 | Improper Verification of Cryptographic Signature vulnerability in Paloaltonetworks Pan-Os When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. | 10.0 |
| 2020-06-10 | CVE-2020-2033 | Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Globalprotect When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. | 5.3 |
| 2020-06-10 | CVE-2020-2032 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Paloaltonetworks Globalprotect A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. | 7.0 |
| 2020-06-10 | CVE-2020-2029 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request to generate new certificates for use in the PAN-OS configuration. | 7.2 |
| 2020-06-10 | CVE-2020-2028 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode. | 7.2 |
| 2020-06-10 | CVE-2020-2027 | Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. | 7.2 |
| 2020-05-13 | CVE-2020-2018 | Improper Authentication vulnerability in Paloaltonetworks Pan-Os An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. | 9.0 |
| 2020-05-13 | CVE-2020-2017 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. | 6.1 |
| 2020-05-13 | CVE-2020-2016 | Race Condition vulnerability in Paloaltonetworks Pan-Os A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. | 7.0 |