cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-3400,https://securityvulnerability.io/vulnerability/CVE-2024-3400,Palo Alto Networks PAN-OS Command Injection Vulnerability,"A vulnerability exists in the GlobalProtect feature of Palo Alto Networks PAN-OS software, allowing for arbitrary file creation. This issue can be exploited by an unauthenticated attacker to execute code with root privileges on the affected firewall systems. Specific configurations and versions are impacted, highlighting the need for careful management of firewall settings to mitigate risks. Cloud NGFW, Panorama appliances, and Prisma Access are not affected, reinforcing the importance of understanding the configurations and versions at risk.",Palo Alto Networks,"Pan-os,Cloud Ngfw,Prisma Access",10,CRITICAL,0.9639999866485596,true,2024-04-12T00:00:00.000Z,true,true,true,2024-03-26T22:12:23.000Z,true,true,true,2024-04-12T17:52:02.675Z,2024-04-12T07:20:00.707Z,173446
CVE-2024-5910,https://securityvulnerability.io/vulnerability/CVE-2024-5910,Expedition Admin Account Takeover Risk Due to Missing Authentication,"A critical vulnerability exists in Palo Alto Networks Expedition, where insufficient authentication mechanisms can be exploited, allowing unauthorized users to gain admin access. This flaw poses a serious risk, as attackers with network access can take control of Expedition admin accounts, potentially leading to exposure of sensitive configuration data, including secrets and credentials. Such a breach not only compromises the integrity of configuration management but also threatens the overall security posture of the affected systems.",Palo Alto Networks,Expedition,9.8,CRITICAL,0.9628900289535522,true,2024-11-07T00:00:00.000Z,true,false,true,2024-11-07T00:00:00.000Z,true,true,true,2024-11-11T02:52:02.156Z,2024-07-10T18:39:26.006Z,5555
CVE-2024-0012,https://securityvulnerability.io/vulnerability/CVE-2024-0012,Authentication Bypass Vulnerability Affects Palo Alto Networks PAN-OS Software,"An authentication bypass vulnerability exists in Palo Alto Networks PAN-OS software, allowing an attacker with network access to the management web interface to obtain administrator privileges without proper credentials. Exploiters can manipulate configuration settings and may take advantage of additional privilege escalation vulnerabilities. While the risk of unauthorized access can be mitigated by implementing access controls that restrict management web interface access to trusted internal IPs, adherence to recommended security practices is crucial to safeguarding the infrastructure. Notably, Cloud NGFW and Prisma Access are not affected by this vulnerability, which specifically impacts PAN-OS versions 10.2, 11.0, 11.1, and 11.2.",Palo Alto Networks,"Cloud Ngfw,Pan-os,Prisma Access",9.8,CRITICAL,0.969980001449585,true,2024-11-18T00:00:00.000Z,true,true,true,2024-11-18T00:00:00.000Z,true,true,true,2024-11-20T18:52:02.071Z,2024-11-18T15:47:41.407Z,24021
CVE-2024-3393,https://securityvulnerability.io/vulnerability/CVE-2024-3393,Denial of Service Vulnerability in Palo Alto Networks PAN-OS Software,"A vulnerability exists within the DNS Security functionality of Palo Alto Networks PAN-OS software, which could be exploited by an unauthenticated attacker. By sending a carefully crafted malicious packet through the data plane of the firewall, the attacker can cause the firewall to reboot. If this malicious condition is triggered repeatedly, the affected firewall may ultimately enter maintenance mode, interrupting service availability. This poses a significant risk to customers relying on seamless and continuous network operations.",Palo Alto Networks,"Cloud Ngfw,Pan-os",7.1,HIGH,0.007829999551177025,true,2024-12-30T00:00:00.000Z,false,false,true,2024-12-27T09:44:24.538Z,true,true,true,2024-12-31T14:52:02.414Z,2024-12-27T09:44:24.538Z,5822
CVE-2024-9474,https://securityvulnerability.io/vulnerability/CVE-2024-9474,Palo Alto Networks PAN-OS Privilege Escalation Vulnerability Affects Firewall,"A privilege escalation vulnerability exists in Palo Alto Networks PAN-OS software, allowing an administrator with access to the management web interface to execute actions on the firewall with heightened root privileges. This could potentially lead to unauthorized control and management of the firewall, exposing the organization to a range of security threats. It is important to note that cloud-based NGFW and Prisma Access solutions remain unaffected by this vulnerability.",Palo Alto Networks,"Cloud Ngfw,Pan-os,Prisma Access",7.2,HIGH,0.9747999906539917,true,2024-11-18T00:00:00.000Z,true,false,true,2024-11-18T00:00:00.000Z,true,true,false,,2024-11-18T15:48:23.405Z,3897
CVE-2024-9464,https://securityvulnerability.io/vulnerability/CVE-2024-9464,OS Command Injection Vulnerability in Palo Alto Networks Expedition,"An OS command injection vulnerability exists in Palo Alto Networks Expedition, permitting an authenticated attacker to execute arbitrary operating system commands with root privileges. This can lead to the exposure of critical information such as usernames, cleartext passwords, device configurations, and API keys associated with PAN-OS firewalls. The vulnerability poses a significant risk to the security of systems utilizing Expedition, emphasizing the importance of applying necessary security measures and updates.",Palo Alto Networks,Expedition,6.5,MEDIUM,0.0005099999834783375,false,,true,false,true,2024-10-09T19:59:00.000Z,true,true,false,,2024-10-09T17:15:00.000Z,7244