Vulnerabilities > Paloaltonetworks > PAN OS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2025-0111 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Paloaltonetworks Pan-Os An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software. | 6.5 |
| 2024-11-14 | CVE-2024-2552 | Path Traversal vulnerability in Paloaltonetworks Pan-Os A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall. | 6.0 |
| 2024-11-14 | CVE-2024-5917 | Server-Side Request Forgery (SSRF) vulnerability in Paloaltonetworks Pan-Os A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible. | 4.9 |
| 2024-11-14 | CVE-2024-5919 | XXE vulnerability in Paloaltonetworks Pan-Os A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. | 6.5 |
| 2024-11-14 | CVE-2024-5920 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. | 4.8 |
| 2024-10-09 | CVE-2024-9471 | Unspecified vulnerability in Paloaltonetworks Pan-Os A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. | 4.7 |
| 2024-09-11 | CVE-2024-8688 | Unspecified vulnerability in Paloaltonetworks Pan-Os An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall. | 4.4 |
| 2024-08-14 | CVE-2024-5916 | Cleartext Storage of Sensitive Information vulnerability in Paloaltonetworks Pan-Os An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. | 4.4 |
| 2024-07-10 | CVE-2024-5913 | Unspecified vulnerability in Paloaltonetworks Pan-Os An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges. low complexity paloaltonetworks | 6.8 |
| 2024-04-10 | CVE-2024-3386 | Interpretation Conflict vulnerability in Paloaltonetworks Pan-Os An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. | 5.3 |