Paloaltonetworks

Prisma Access

27 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.9

CVE-2025-0109

  • EPSS 0.39%
  • Published 12.02.2025 21:15:16
  • Last modified 12.02.2025 21:15:16

An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includ...

6.9

CVE-2025-0105

  • EPSS 0.91%
  • Published 11.01.2025 03:15:22
  • Last modified 11.01.2025 03:15:22

An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.

7.7

CVE-2025-0107

  • EPSS 24.21%
  • Published 11.01.2025 03:15:22
  • Last modified 15.01.2025 23:15:10

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device conf...

6.9

CVE-2025-0106

  • EPSS 0.32%
  • Published 11.01.2025 03:15:22
  • Last modified 11.01.2025 03:15:22

A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem.

7

CVE-2025-0104

  • EPSS 0.34%
  • Published 11.01.2025 03:15:22
  • Last modified 11.01.2025 03:15:22

A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browser if that authenticated user clicks a malicious li...

9.2

CVE-2025-0103

  • EPSS 0.18%
  • Published 11.01.2025 03:15:22
  • Last modified 11.01.2025 03:15:22

An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables ...

7.5

CVE-2024-3393

Warning
  • EPSS 64.73%
  • Published 27.12.2024 10:15:17
  • Last modified 14.01.2025 16:02:30

A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to t...

4.3

CVE-2024-5918

  • EPSS 0.06%
  • Published 14.11.2024 10:15:08
  • Last modified 01.10.2025 18:41:27

An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legit...

8.2

CVE-2024-9468

  • EPSS 0.39%
  • Published 09.10.2024 17:15:20
  • Last modified 10.10.2024 12:51:56

A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger ...

7.1

CVE-2024-8687

  • EPSS 0.06%
  • Published 11.09.2024 17:15:14
  • Last modified 03.10.2024 00:26:56

An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the passwo...