Vulnerabilities > Paloaltonetworks > PAN OS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-13 | CVE-2020-2011 | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. | 7.5 |
| 2020-05-13 | CVE-2020-2010 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. | 7.2 |
| 2020-05-13 | CVE-2020-2009 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Paloaltonetworks Pan-Os An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. | 7.2 |
| 2020-05-13 | CVE-2020-2008 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. | 7.2 |
| 2020-05-13 | CVE-2020-2007 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges. | 7.2 |
| 2020-05-13 | CVE-2020-2006 | Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. | 8.8 |
| 2020-05-13 | CVE-2020-2005 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. | 6.1 |
| 2020-05-13 | CVE-2020-2003 | Unspecified vulnerability in Paloaltonetworks Pan-Os An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. | 6.5 |
| 2020-05-13 | CVE-2020-2002 | Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Pan-Os An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. | 8.1 |
| 2020-05-13 | CVE-2020-2001 | Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges. | 9.8 |