Vulnerabilities > Paloaltonetworks > PAN OS > 7.1.6

DATE CVE VULNERABILITY TITLE RISK
2020-05-13 CVE-2020-2014 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges.
network
low complexity
paloaltonetworks CWE-78
critical
9.0
2020-05-13 CVE-2020-2013 Cleartext Transmission of Sensitive Information vulnerability in Paloaltonetworks Pan-Os
A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie.
6.8
2020-05-13 CVE-2020-2012 XXE vulnerability in Paloaltonetworks Pan-Os
Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system.
network
low complexity
paloaltonetworks CWE-611
5.0
2020-05-13 CVE-2020-2011 Improper Input Validation vulnerability in Paloaltonetworks Pan-Os
An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash.
network
low complexity
paloaltonetworks CWE-20
7.8
2020-05-13 CVE-2020-2010 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges.
network
low complexity
paloaltonetworks CWE-78
critical
9.0
2020-05-13 CVE-2020-2009 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Paloaltonetworks Pan-Os
An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama.
network
low complexity
paloaltonetworks CWE-610
critical
9.0
2020-05-13 CVE-2020-2008 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition.
network
low complexity
paloaltonetworks CWE-78
critical
9.0
2020-05-13 CVE-2020-2007 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges.
network
low complexity
paloaltonetworks CWE-78
critical
9.0
2020-05-13 CVE-2020-2006 Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os
A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges.
network
low complexity
paloaltonetworks CWE-787
critical
9.0
2020-05-13 CVE-2020-2005 Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os
A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session.
4.3