Paloaltonetworks ≫ Pan-os

A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the fire...

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by...

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are...

A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. ...

An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to inter...

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to th...

A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to ...

Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewa...

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator....

A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser w...