Vulnerabilities > Paloaltonetworks > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-13 | CVE-2020-2012 | XXE vulnerability in Paloaltonetworks Pan-Os Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. | 7.5 |
| 2020-05-13 | CVE-2020-2011 | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. | 7.5 |
| 2020-05-13 | CVE-2020-2010 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. | 7.2 |
| 2020-05-13 | CVE-2020-2009 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Paloaltonetworks Pan-Os An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. | 7.2 |
| 2020-05-13 | CVE-2020-2008 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. | 7.2 |
| 2020-05-13 | CVE-2020-2007 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges. | 7.2 |
| 2020-05-13 | CVE-2020-2006 | Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. | 8.8 |
| 2020-05-13 | CVE-2020-2002 | Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Pan-Os An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. | 8.1 |
| 2020-05-13 | CVE-2020-1998 | Incorrect Authorization vulnerability in Paloaltonetworks Pan-Os An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. | 8.8 |
| 2020-04-08 | CVE-2020-1991 | Improper Privilege Management vulnerability in Paloaltonetworks Traps An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. | 7.1 |