Vulnerabilities > Paloaltonetworks > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-14 | CVE-2023-0009 | Unspecified vulnerability in Paloaltonetworks Globalprotect A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges. | 7.8 |
| 2023-02-08 | CVE-2023-0002 | Unspecified vulnerability in Paloaltonetworks Cortex XDR Agent A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. | 7.8 |
| 2022-10-12 | CVE-2022-0030 | Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Pan-Os An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions. | 8.1 |
| 2022-08-10 | CVE-2022-0028 | Unspecified vulnerability in Paloaltonetworks Pan-Os A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. | 8.6 |
| 2022-05-11 | CVE-2022-0024 | Unspecified vulnerability in Paloaltonetworks Pan-Os A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls. | 7.2 |
| 2022-02-10 | CVE-2022-0016 | Improper Handling of Exceptional Conditions vulnerability in Paloaltonetworks Globalprotect An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. | 7.8 |
| 2022-02-10 | CVE-2022-0017 | Link Following vulnerability in Paloaltonetworks Globalprotect An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. | 7.8 |
| 2022-01-12 | CVE-2022-0012 | Link Following vulnerability in Paloaltonetworks Cortex XDR Agent An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. | 7.1 |
| 2022-01-12 | CVE-2022-0014 | Untrusted Search Path vulnerability in Paloaltonetworks Cortex XDR Agent An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. | 7.3 |
| 2022-01-12 | CVE-2022-0015 | Uncontrolled Search Path Element vulnerability in Paloaltonetworks Cortex XDR Agent A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. | 7.8 |