Paloaltonetworks

Prisma Access

31 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.7

CVE-2025-0128

Medienbericht
  • EPSS 0.11%
  • Veröffentlicht 11.04.2025 02:15:19
  • Zuletzt bearbeitet 11.04.2025 15:39:52

A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted pack...

8.3

CVE-2025-0126

Medienbericht
  • EPSS 0.36%
  • Veröffentlicht 11.04.2025 02:15:18
  • Zuletzt bearbeitet 11.04.2025 15:39:52

When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click ...

6.9

CVE-2025-0125

Medienbericht
  • EPSS 0.54%
  • Veröffentlicht 11.04.2025 02:15:18
  • Zuletzt bearbeitet 11.04.2025 15:39:52

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator....

6.8

CVE-2025-0116

  • EPSS 0.16%
  • Veröffentlicht 12.03.2025 18:34:38
  • Zuletzt bearbeitet 18.03.2025 00:15:12

A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this c...

6.9

CVE-2025-0109

  • EPSS 1.22%
  • Veröffentlicht 12.02.2025 21:15:16
  • Zuletzt bearbeitet 12.02.2025 21:15:16

An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includ...

9.8

CVE-2025-0107

  • EPSS 79.83%
  • Veröffentlicht 11.01.2025 03:15:22
  • Zuletzt bearbeitet 23.01.2026 21:50:52

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device conf...

5.3

CVE-2025-0106

  • EPSS 0.51%
  • Veröffentlicht 11.01.2025 03:15:22
  • Zuletzt bearbeitet 23.01.2026 21:52:57

A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem.

9.1

CVE-2025-0105

  • EPSS 4.37%
  • Veröffentlicht 11.01.2025 03:15:22
  • Zuletzt bearbeitet 23.01.2026 21:56:51

An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.

6.1

CVE-2025-0104

  • EPSS 0.77%
  • Veröffentlicht 11.01.2025 03:15:22
  • Zuletzt bearbeitet 23.01.2026 22:03:41

A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browser if that authenticated user clicks a malicious li...

8.8

CVE-2025-0103

  • EPSS 0.59%
  • Veröffentlicht 11.01.2025 03:15:22
  • Zuletzt bearbeitet 23.01.2026 22:03:57

An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables ...