Vulnerabilities > Paloaltonetworks > PAN OS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-27 | CVE-2024-3393 | Improper Check for Unusual or Exceptional Conditions vulnerability in Paloaltonetworks Pan-Os A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. | 7.5 |
| 2024-11-18 | CVE-2024-0012 | Missing Authentication for Critical Function vulnerability in Paloaltonetworks Pan-Os An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability. | 9.8 |
| 2024-11-18 | CVE-2024-9474 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability. | 7.2 |
| 2024-11-14 | CVE-2024-2550 | NULL Pointer Dereference vulnerability in Paloaltonetworks Pan-Os A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. | 7.5 |
| 2024-11-14 | CVE-2024-2551 | NULL Pointer Dereference vulnerability in Paloaltonetworks Pan-Os A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. | 7.5 |
| 2024-11-14 | CVE-2024-2552 | Path Traversal vulnerability in Paloaltonetworks Pan-Os A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall. | 6.0 |
| 2024-11-14 | CVE-2024-5917 | Server-Side Request Forgery (SSRF) vulnerability in Paloaltonetworks Pan-Os A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible. | 4.9 |
| 2024-11-14 | CVE-2024-5919 | XXE vulnerability in Paloaltonetworks Pan-Os A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. | 6.5 |
| 2024-11-14 | CVE-2024-5920 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. | 4.8 |
| 2024-10-09 | CVE-2024-9471 | Unspecified vulnerability in Paloaltonetworks Pan-Os A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. | 4.7 |