Vulnerabilities > Paloaltonetworks
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-08 | CVE-2020-1978 | Insufficiently Protected Credentials vulnerability in Paloaltonetworks Pan-Os and Vm-Series TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials. | 4.4 |
| 2020-03-11 | CVE-2020-1981 | Exposure of Resource to Wrong Sphere vulnerability in Paloaltonetworks Pan-Os A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. | 7.8 |
| 2020-03-11 | CVE-2020-1980 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. | 7.8 |
| 2020-03-11 | CVE-2020-1979 | Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. | 7.8 |
| 2020-02-12 | CVE-2020-1977 | Cross-Site Request Forgery (CSRF) vulnerability in Paloaltonetworks Expedition Migration Tool Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. | 8.8 |
| 2020-02-12 | CVE-2020-1976 | Improper Input Validation vulnerability in Paloaltonetworks Globalprotect A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. | 5.5 |
| 2020-02-12 | CVE-2020-1975 | XXE vulnerability in Paloaltonetworks Pan-Os Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. | 8.8 |
| 2019-12-20 | CVE-2019-17440 | Unspecified vulnerability in Paloaltonetworks Pan-Os Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. | 9.8 |
| 2019-12-05 | CVE-2019-17437 | Improper Authentication vulnerability in Paloaltonetworks Pan-Os An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. | 7.8 |
| 2019-10-16 | CVE-2019-17436 | Unspecified vulnerability in Paloaltonetworks Globalprotect A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system. | 7.1 |