Vulnerabilities > Paloaltonetworks > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-12 | CVE-2024-5907 | Unspecified vulnerability in Paloaltonetworks Cortex XDR Agent A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. | 7.0 |
| 2024-06-12 | CVE-2024-5908 | Information Exposure Through Log Files vulnerability in Paloaltonetworks Globalprotect A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. | 7.5 |
| 2024-05-06 | CVE-2024-3661 | Missing Authentication for Critical Function vulnerability in multiple products DHCP can add routes to a client’s routing table via the classless static route option (121). | 7.6 |
| 2024-04-10 | CVE-2024-3382 | Memory Leak vulnerability in Paloaltonetworks Pan-Os A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. | 7.5 |
| 2024-04-10 | CVE-2024-3384 | Unspecified vulnerability in Paloaltonetworks Pan-Os A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. | 7.5 |
| 2024-04-10 | CVE-2024-3385 | NULL Pointer Dereference vulnerability in Paloaltonetworks Pan-Os A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. | 7.5 |
| 2024-02-14 | CVE-2024-0008 | Insufficient Session Expiration vulnerability in Paloaltonetworks Pan-Os Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. | 8.8 |
| 2023-06-14 | CVE-2023-0009 | Unspecified vulnerability in Paloaltonetworks Globalprotect A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges. | 7.8 |
| 2023-02-08 | CVE-2023-0002 | Unspecified vulnerability in Paloaltonetworks Cortex XDR Agent A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. | 7.8 |
| 2022-10-12 | CVE-2022-0030 | Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Pan-Os An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions. | 8.1 |