Vulnerabilities
Vulnerable Software
Paloaltonetworks:  Security Vulnerabilities
An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
CVSS Score
5.5
EPSS Score
0.011
Published
2023-12-13
A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface.
CVSS Score
8.8
EPSS Score
0.007
Published
2023-12-13
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.
CVSS Score
4.9
EPSS Score
0.006
Published
2023-12-13
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
CVSS Score
5.5
EPSS Score
0.011
Published
2023-12-13
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.
CVSS Score
2.7
EPSS Score
0.006
Published
2023-12-13
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.
CVSS Score
4.3
EPSS Score
0.004
Published
2023-12-13
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine.
CVSS Score
6.4
EPSS Score
0.002
Published
2023-11-08
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.
CVSS Score
5.5
EPSS Score
0.003
Published
2023-09-13
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.
CVSS Score
5.5
EPSS Score
0.004
Published
2023-07-12
A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-06-14


Contact Us

Shodan ® - All rights reserved