cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-5917,https://securityvulnerability.io/vulnerability/CVE-2024-5917,Unauthenticated Server-Side Request Forgery Attack on PAN-OS Software Allows Proxy Access to Internal Network Resources,"A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible.",Palo Alto Networks,"Cloud Ngfw,Pan-os",2.1,LOW,0.0004900000058114529,false,,false,false,true,2025-01-15T23:15:14.000Z,,false,false,,2024-11-14T09:39:40.266Z,0
CVE-2025-0107,https://securityvulnerability.io/vulnerability/CVE-2025-0107,OS Command Injection Vulnerability in Palo Alto Networks Expedition,"An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to execute arbitrary OS commands with the privileges of the www-data user. This can lead to serious security breaches, including unauthorized access to usernames, cleartext passwords, configuration files for devices, and API keys used for managing firewalls running PAN-OS software.",Palo Alto Networks,"Cloud Ngfw,Expedition,Panorama,Pan-os,Prisma Access",7.7,HIGH,0.0004299999854993075,false,,true,false,true,2025-01-11T07:15:05.000Z,false,false,false,,2025-01-11T03:15:00.000Z,0
CVE-2025-0106,https://securityvulnerability.io/vulnerability/CVE-2025-0106,Wildcard Expansion Vulnerability in Palo Alto Networks Expedition,"A wildcard expansion vulnerability exists in Palo Alto Networks Expedition, which allows unauthenticated attackers to enumerate files on the host filesystem. This weakness could potentially lead to exposing sensitive information and escalate further attacks on the system. It is vital for users of Expedition to review security advisories and implement recommended patches to mitigate this risk.",Palo Alto Networks,"Cloud Ngfw,Expedition,Panorama,Pan-os,Prisma Access",6.9,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-01-11T07:15:05.000Z,false,false,false,,2025-01-11T03:15:00.000Z,0
CVE-2025-0105,https://securityvulnerability.io/vulnerability/CVE-2025-0105,Arbitrary File Deletion Vulnerability in Palo Alto Networks Expedition,"An arbitrary file deletion vulnerability in Palo Alto Networks Expedition permits an unauthenticated attacker to delete files that are accessible to the www-data user on the host filesystem. This flaw could potentially be exploited to compromise the integrity of the system, allowing unauthorized manipulation of files critical to the operation of the affected application.",Palo Alto Networks,"Cloud Ngfw,Expedition,Panorama,Pan-os,Prisma Access",6.9,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-01-11T07:15:04.000Z,false,false,false,,2025-01-11T03:15:00.000Z,0
CVE-2025-0104,https://securityvulnerability.io/vulnerability/CVE-2025-0104,Reflected Cross-Site Scripting Vulnerability in Palo Alto Networks Expedition,"A reflected cross-site scripting vulnerability exists in Palo Alto Networks Expedition that permits attackers to execute malicious JavaScript code. This can occur when an authenticated user clicks on a specially crafted link, resulting in potential phishing attacks and the theft of their browser session. This vulnerability highlights the importance of user caution and proactive security measures to mitigate the risks associated with online threats.",Palo Alto Networks,"Cloud Ngfw,Expedition,Panorama,Pan-os,Prisma Access",7,HIGH,0.0004299999854993075,false,,false,false,true,2025-01-11T07:15:04.000Z,false,false,false,,2025-01-11T03:15:00.000Z,0
CVE-2025-0103,https://securityvulnerability.io/vulnerability/CVE-2025-0103,SQL Injection Vulnerability in Palo Alto Networks Expedition,"An SQL injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to access sensitive database information. This includes revealing password hashes, usernames, device configurations, and API keys. Moreover, the flaw can be exploited to create and read arbitrary files on the Expedition system, further compromising its integrity and security. It is crucial for users of Expedition to apply security patches and follow best practices to mitigate this risk.",Palo Alto Networks,"Cloud Ngfw,Expedition,Panorama,Pan-os,Prisma Access",9.2,CRITICAL,0.0004299999854993075,false,,false,false,true,2025-01-11T07:15:04.000Z,false,false,false,,2025-01-11T03:15:00.000Z,71
CVE-2024-3393,https://securityvulnerability.io/vulnerability/CVE-2024-3393,Denial of Service Vulnerability in Palo Alto Networks PAN-OS Software,"A vulnerability exists within the DNS Security functionality of Palo Alto Networks PAN-OS software, which could be exploited by an unauthenticated attacker. By sending a carefully crafted malicious packet through the data plane of the firewall, the attacker can cause the firewall to reboot. If this malicious condition is triggered repeatedly, the affected firewall may ultimately enter maintenance mode, interrupting service availability. This poses a significant risk to customers relying on seamless and continuous network operations.",Palo Alto Networks,"Cloud Ngfw,Pan-os",7.1,HIGH,0.007829999551177025,true,2024-12-30T00:00:00.000Z,false,false,true,2024-12-27T09:44:24.538Z,true,true,true,2024-12-31T14:52:02.414Z,2024-12-27T09:44:24.538Z,5822
CVE-2024-5921,https://securityvulnerability.io/vulnerability/CVE-2024-5921,Insufficient Certification Validation in Palo Alto Networks GlobalProtect Application,"Two critical vulnerabilities were discovered in the Palo Alto Networks GlobalProtect VPN app and the SonicWall SMA100 NetExtender VPN client for Windows. The vulnerability in the GlobalProtect app allows attackers to install malicious code with elevated privileges, while the vulnerability in the SonicWall client enables remote code execution with system privileges. Both vulnerabilities require the victim to connect to a malicious VPN server, which can be achieved through social engineering. The impact of these vulnerabilities is severe, and researchers have developed tools to demonstrate the attack methods. Mitigations and patches have been released for these vulnerabilities, but it is important for organizations to promptly address the issue to prevent potential exploitation.",Palo Alto Networks,"Globalprotect App,Globalprotect UWP App,Globalprotect iOS App",,,0.00044999999227002263,false,,true,false,true,2024-11-27T03:50:13.000Z,true,false,false,,2024-11-27T03:50:13.596Z,0
CVE-2024-0012,https://securityvulnerability.io/vulnerability/CVE-2024-0012,Authentication Bypass Vulnerability Affects Palo Alto Networks PAN-OS Software,"An authentication bypass vulnerability exists in Palo Alto Networks PAN-OS software, allowing an attacker with network access to the management web interface to obtain administrator privileges without proper credentials. Exploiters can manipulate configuration settings and may take advantage of additional privilege escalation vulnerabilities. While the risk of unauthorized access can be mitigated by implementing access controls that restrict management web interface access to trusted internal IPs, adherence to recommended security practices is crucial to safeguarding the infrastructure. Notably, Cloud NGFW and Prisma Access are not affected by this vulnerability, which specifically impacts PAN-OS versions 10.2, 11.0, 11.1, and 11.2.",Palo Alto Networks,"Cloud Ngfw,Pan-os,Prisma Access",9.8,CRITICAL,0.969980001449585,true,2024-11-18T00:00:00.000Z,true,true,true,2024-11-18T00:00:00.000Z,true,true,true,2024-11-20T18:52:02.071Z,2024-11-18T15:47:41.407Z,24021
CVE-2024-9474,https://securityvulnerability.io/vulnerability/CVE-2024-9474,Palo Alto Networks PAN-OS Privilege Escalation Vulnerability Affects Firewall,"A privilege escalation vulnerability exists in Palo Alto Networks PAN-OS software, allowing an administrator with access to the management web interface to execute actions on the firewall with heightened root privileges. This could potentially lead to unauthorized control and management of the firewall, exposing the organization to a range of security threats. It is important to note that cloud-based NGFW and Prisma Access solutions remain unaffected by this vulnerability.",Palo Alto Networks,"Cloud Ngfw,Pan-os,Prisma Access",7.2,HIGH,0.9747999906539917,true,2024-11-18T00:00:00.000Z,true,false,true,2024-11-18T00:00:00.000Z,true,true,false,,2024-11-18T15:48:23.405Z,3897
CVE-2024-5910,https://securityvulnerability.io/vulnerability/CVE-2024-5910,Expedition Admin Account Takeover Risk Due to Missing Authentication,"A critical vulnerability exists in Palo Alto Networks Expedition, where insufficient authentication mechanisms can be exploited, allowing unauthorized users to gain admin access. This flaw poses a serious risk, as attackers with network access can take control of Expedition admin accounts, potentially leading to exposure of sensitive configuration data, including secrets and credentials. Such a breach not only compromises the integrity of configuration management but also threatens the overall security posture of the affected systems.",Palo Alto Networks,Expedition,9.8,CRITICAL,0.9628900289535522,true,2024-11-07T00:00:00.000Z,true,false,true,2024-11-07T00:00:00.000Z,true,true,true,2024-11-11T02:52:02.156Z,2024-07-10T18:39:26.006Z,5555
CVE-2024-9471,https://securityvulnerability.io/vulnerability/CVE-2024-9471,PAN-OS: Privilege Escalation (PE) Vulnerability in XML API,"A privilege escalation vulnerability exists within the XML API of Palo Alto Networks PAN-OS software. This security flaw allows an authenticated administrator with limited access to exploit a compromised XML API key, potentially executing actions that would typically be restricted. For instance, an administrator who is designated as a 'Virtual system administrator (read-only)' may misuse another admin's XML API key, granting them unauthorized write capabilities on the virtual system's configuration. This situation underscores the importance of safeguarding API keys and enforcing stringent access controls to maintain network security.",Palo Alto Networks,"Pan-os,Cloud Ngfw,Prisma Access",4.7,MEDIUM,0.0004400000034365803,false,,false,false,true,2024-10-18T14:15:07.000Z,,false,false,,2024-10-09T17:15:00.000Z,0
CVE-2024-9467,https://securityvulnerability.io/vulnerability/CVE-2024-9467,Expedition: Reflected Cross-Site Scripting Vulnerability Leads to Expedition Session Disclosure,"A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.",Palo Alto Networks,Expedition,6.1,MEDIUM,0.0004600000102072954,false,,false,false,true,2024-10-18T12:15:06.000Z,,false,false,,2024-10-09T17:15:00.000Z,0
CVE-2024-9468,https://securityvulnerability.io/vulnerability/CVE-2024-9468,PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet,"A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.",Palo Alto Networks,"Pan-os,Cloud Ngfw,Prisma Access",,,0.0004299999854993075,false,,false,false,true,2024-10-18T12:15:06.000Z,,false,false,,2024-10-09T17:15:00.000Z,0
CVE-2024-9469,https://securityvulnerability.io/vulnerability/CVE-2024-9469,Cortex XDR Agent: Local Windows User Can Disable the Agent,A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.,Palo Alto Networks,Cortex Xdr Agent,5.5,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-10-10T18:15:16.000Z,,false,false,,2024-10-09T17:15:00.000Z,0
CVE-2024-9470,https://securityvulnerability.io/vulnerability/CVE-2024-9470,Cortex XSOAR: Information Disclosure Vulnerability,A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data.,Palo Alto Networks,Cortex Xsoar,,,0.0004299999854993075,false,,false,false,true,2024-10-10T18:15:16.000Z,,false,false,,2024-10-09T17:15:00.000Z,0
CVE-2024-9463,https://securityvulnerability.io/vulnerability/CVE-2024-9463,Palo Alto Networks Expedition OS Command Injection Vulnerability,"The Palo Alto Networks Expedition tool has multiple critical vulnerabilities (CVE-2024-9463 to CVE-2024-9467) including OS command injection, SQL injection, cleartext storage of sensitive information, and cross-site scripting. These vulnerabilities can result in unauthorized access, credential theft, and administrative takeover. The vulnerabilities affect all versions of Expedition below 1.2.96, and urgent patching is recommended. The potential impact of exploitation includes disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls, with the risk of sensitive data theft. There are no known exploits by ransomware groups at this time, but proactive measures such as upgrading to the latest version of Expedition, limiting network access, rotating credentials, and monitoring access logs are advised to minimize the risk of exploitation.",Palo Alto Networks,Expedition,7.5,HIGH,0.9618600010871887,true,2024-11-14T00:00:00.000Z,true,false,true,2024-10-10T10:07:05.000Z,,false,false,,2024-10-09T17:15:00.000Z,0
CVE-2024-9465,https://securityvulnerability.io/vulnerability/CVE-2024-9465,UnAuthenticated SQL Injection Vulnerability in Palo Alto Networks Expedition,"An SQL injection flaw in Palo Alto Networks Expedition presents a serious risk by allowing unauthenticated attackers to access and extract sensitive data from the Expedition database. This includes potential exposure of password hashes, usernames, device configurations, and API keys, all of which can be leveraged to enhance the attacker's capability. Additionally, the vulnerability enables unauthorized file creation and reading within the Expedition environment, raising significant concerns for data integrity and confidentiality.",Palo Alto Networks,Expedition,9.1,CRITICAL,0.9432200193405151,true,2024-11-14T00:00:00.000Z,true,false,true,2024-10-10T01:22:05.000Z,true,false,false,,2024-10-09T17:15:00.000Z,0
CVE-2024-9464,https://securityvulnerability.io/vulnerability/CVE-2024-9464,OS Command Injection Vulnerability in Palo Alto Networks Expedition,"An OS command injection vulnerability exists in Palo Alto Networks Expedition, permitting an authenticated attacker to execute arbitrary operating system commands with root privileges. This can lead to the exposure of critical information such as usernames, cleartext passwords, device configurations, and API keys associated with PAN-OS firewalls. The vulnerability poses a significant risk to the security of systems utilizing Expedition, emphasizing the importance of applying necessary security measures and updates.",Palo Alto Networks,Expedition,6.5,MEDIUM,0.0005099999834783375,false,,true,false,true,2024-10-09T19:59:00.000Z,true,true,false,,2024-10-09T17:15:00.000Z,7244
CVE-2024-9466,https://securityvulnerability.io/vulnerability/CVE-2024-9466,Sensitive Information Vulnerability in Palo Alto Networks Expedition,"The vulnerability CVE-2024-9466 in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. The flaws were found in Palo Alto Networks' Expedition solution, which can be exploited to access sensitive data, such as user credentials, that can help take over firewall admin accounts. The vulnerabilities include command injection, reflected cross-site scripting, cleartext storage of sensitive information, missing authentication, and SQL injection vulnerabilities. A proof-of-concept exploit has been made available, but there is no evidence that the security flaws have been exploited in attacks. Palo Alto Networks has provided security updates in Expedition 1.2.96 to address these vulnerabilities and recommend that affected credentials be rotated after the upgrade.",Palo Alto Networks,Expedition,6.5,MEDIUM,0.0004900000058114529,false,,true,false,true,2024-10-09T16:15:00.000Z,true,false,false,,2024-10-09T17:15:00.000Z,0
CVE-2024-9473,https://securityvulnerability.io/vulnerability/CVE-2024-9473,Privilege Escalation Vulnerability in Palo Alto Networks GlobalProtect for Windows,"The GlobalProtect application developed by Palo Alto Networks is susceptible to a privilege escalation vulnerability affecting Windows environments. This flaw allows a locally authenticated user without administrative rights to escalate their privileges to that of NT AUTHORITY/SYSTEM through the exploit of the application's repair functionality via its .msi installer. Such a vulnerability poses risks as it could enable unauthorized control over system settings, data, and operational capabilities. Organizations using the GlobalProtect app on Windows should ensure proper updates and configurations are applied to mitigate potential exploitation.",Palo Alto Networks,Globalprotect App,7.8,HIGH,0.0004299999854993075,false,,false,false,true,2024-10-09T16:15:00.000Z,true,false,false,,2024-10-09T17:15:00.000Z,0
CVE-2024-5915,https://securityvulnerability.io/vulnerability/CVE-2024-5915,Palo Alto Networks GlobalProtect App Privilege Escalation Vulnerability Allows Local User Elevated Access,"The vulnerability identified in the Palo Alto Networks GlobalProtect application allows a local user on Windows devices to elevate their privileges. This flaw could potentially enable unauthorized actions by executing programs with elevated privileges, which may compromise the security of the affected system. Immediate remediation is recommended for users to ensure their systems remain protected against exploitation of this vulnerability.",Palo Alto Networks,Globalprotect App,7.8,HIGH,0.0004299999854993075,false,,true,false,true,2024-08-17T04:15:02.000Z,,false,false,,2024-08-14T17:15:00.000Z,0
CVE-2024-2433,https://securityvulnerability.io/vulnerability/CVE-2024-2433,Improper Authorization Vulnerability in Palo Alto Networks Panorama Software,"An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. 


This issue affects only the web interface of the management plane; the dataplane is unaffected.
",Palo Alto Networks,"Pan-os,Cloud Ngfw,Prisma Access",4.3,MEDIUM,0.0004299999854993075,false,,true,false,true,2024-08-12T19:15:07.000Z,,false,false,,2024-03-13T17:51:45.578Z,0
CVE-2024-3383,https://securityvulnerability.io/vulnerability/CVE-2024-3383,Palo Alto Networks PAN-OS Vulnerability: Modification of User-ID Groups,A flaw in the handling of data from Cloud Identity Engine (CIE) agents in Palo Alto Networks' PAN-OS software can result in the unauthorized modification of User-ID groups. This vulnerability poses a significant risk as it may result in users either being wrongly denied access to essential network resources or granted access contrary to existing Security Policy rules. The implications of this vulnerability warrant immediate attention from organizations utilizing affected versions of PAN-OS to ensure that user access remains appropriately regulated.,Palo Alto Networks,"Pan-os,Cloud Ngfw,Prisma Access",9.1,CRITICAL,0.0004799999878741801,false,,false,false,true,2024-08-09T21:15:08.000Z,,false,false,,2024-04-10T17:06:15.823Z,0
CVE-2024-5908,https://securityvulnerability.io/vulnerability/CVE-2024-5908,Encrypted User Credentials Exposed in Application Logs,"A security concern has been identified within the Palo Alto Networks GlobalProtect application. This issue allows for the exposure of encrypted user credentials within application logs that, while generally accessible only to local users, can compromise sensitive information when logs are shared for troubleshooting. Such logs can potentially be viewed by unintended recipients, posing risks to user privacy and data security. It is crucial for organizations using the GlobalProtect application to implement recommended measures to mitigate exposure and protect sensitive user credentials.",Palo Alto Networks,Globalprotect App,7.5,HIGH,0.0008699999889358878,false,,false,false,true,2024-08-09T20:15:09.000Z,,false,false,,2024-06-12T17:15:00.000Z,0