Vulnerabilities > Paloaltonetworks

DATE CVE VULNERABILITY TITLE RISK
2021-11-10 CVE-2021-3058 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges.
network
low complexity
paloaltonetworks CWE-78
critical
9.0
2021-11-10 CVE-2021-3059 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates.
network
high complexity
paloaltonetworks CWE-78
7.6
2021-11-10 CVE-2021-3060 OS Command Injection vulnerability in Paloaltonetworks Pan-Os and Prisma Access
An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges.
network
paloaltonetworks CWE-78
critical
9.3
2021-11-10 CVE-2021-3061 OS Command Injection vulnerability in Paloaltonetworks Pan-Os and Prisma Access
An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges.
network
low complexity
paloaltonetworks CWE-78
critical
9.0
2021-11-10 CVE-2021-3062 Unspecified vulnerability in Paloaltonetworks Pan-Os
An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS.
6.0
2021-11-10 CVE-2021-3063 Improper Handling of Exceptional Conditions vulnerability in Paloaltonetworks Pan-Os
An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send specifically crafted traffic to a GlobalProtect interface that causes the service to stop responding.
4.3
2021-11-10 CVE-2021-3064 Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges.
network
low complexity
paloaltonetworks CWE-787
critical
10.0
2021-10-13 CVE-2021-3057 Out-of-bounds Write vulnerability in Paloaltonetworks Globalprotect
A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges.
network
paloaltonetworks CWE-787
critical
9.3
2021-09-08 CVE-2021-3049 Unspecified vulnerability in Paloaltonetworks Cortex Xsoar 5.5.0/6.1.0
An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of.
network
low complexity
paloaltonetworks
4.0
2021-09-08 CVE-2021-3051 Improper Verification of Cryptographic Signature vulnerability in Paloaltonetworks Cortex Xsoar
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server.
6.8