Vulnerabilities > Paloaltonetworks > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-09 | CVE-2024-9464 | OS Command Injection vulnerability in Paloaltonetworks Expedition An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. | 6.5 |
| 2024-10-09 | CVE-2024-9466 | Cleartext Storage of Sensitive Information vulnerability in Paloaltonetworks Expedition A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. | 6.5 |
| 2024-10-09 | CVE-2024-9467 | Cross-site Scripting vulnerability in Paloaltonetworks Expedition A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft. | 6.1 |
| 2024-10-09 | CVE-2024-9469 | Improper Check for Unusual or Exceptional Conditions vulnerability in Paloaltonetworks Cortex XDR Agent A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. | 5.5 |
| 2024-10-09 | CVE-2024-9471 | Unspecified vulnerability in Paloaltonetworks Pan-Os A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. | 4.7 |
| 2024-09-11 | CVE-2024-8688 | Unspecified vulnerability in Paloaltonetworks Pan-Os An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall. | 4.4 |
| 2024-09-11 | CVE-2024-8690 | Unspecified vulnerability in Paloaltonetworks Cortex XDR Agent 7.9.102 A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. | 4.4 |
| 2024-08-14 | CVE-2024-5916 | Cleartext Storage of Sensitive Information vulnerability in Paloaltonetworks Pan-Os An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. | 4.4 |
| 2024-06-12 | CVE-2024-5905 | Unspecified vulnerability in Paloaltonetworks Cortex XDR Agent 7.9.0/7.9.101 A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. | 4.4 |
| 2024-06-12 | CVE-2024-5906 | Cross-site Scripting vulnerability in Paloaltonetworks Prisma Cloud A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. | 4.8 |