Refine your search
13 vulnerabilities found for Cortex XDR Agent by Palo Alto Networks
CERTFR-2025-AVI-0782
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Microsoft 365 Defender Pack versions 4.6.x antérieures à 4.6.5 pour Windows | ||
| Palo Alto Networks | Prisma Access Browser | Prisma Access Browser versions antérieures à 139.12.4.128 | ||
| Palo Alto Networks | N/A | User-ID Credential Agent versions postérieures ou égales à 11.0.2-133 et antérieures à 11.0.3 pour Windows |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XDR Microsoft 365 Defender Pack versions 4.6.x ant\u00e9rieures \u00e0 4.6.5 pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 139.12.4.128",
"product": {
"name": "Prisma Access Browser",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "User-ID Credential Agent versions post\u00e9rieures ou \u00e9gales \u00e0 11.0.2-133 et ant\u00e9rieures \u00e0 11.0.3 pour Windows",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8581"
},
{
"name": "CVE-2025-4235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4235"
},
{
"name": "CVE-2025-4234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4234"
},
{
"name": "CVE-2025-8577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8577"
},
{
"name": "CVE-2025-8582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8582"
},
{
"name": "CVE-2025-8578",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8578"
},
{
"name": "CVE-2025-8580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8580"
},
{
"name": "CVE-2025-8579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8579"
},
{
"name": "CVE-2025-8583",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8583"
},
{
"name": "CVE-2025-8576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8576"
}
],
"initial_release_date": "2025-09-11T00:00:00",
"last_revision_date": "2025-09-11T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0782",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2025-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-4235",
"url": "https://security.paloaltonetworks.com/CVE-2025-4235"
},
{
"published_at": "2025-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-4234",
"url": "https://security.paloaltonetworks.com/CVE-2025-4234"
},
{
"published_at": "2025-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0015",
"url": "https://security.paloaltonetworks.com/PAN-SA-2025-0015"
}
]
}
CERTFR-2025-AVI-0301
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma SD-WAN | Prisma SD-WAN versions 6.2.x et 6.3.x antérieures à 6.3.4 | ||
| Palo Alto Networks | Prisma SD-WAN | Prisma SD-WAN versions 6.5.x antérieures à 6.5.1 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.3-CE.x antérieures à 8.3.101-CE HF pour Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.2.x antérieures à 11.2.6 | ||
| Palo Alto Networks | Prisma Access | Prisma Access versions 10.2.4.x antérieures à 10.2.4-h36 | ||
| Palo Alto Networks | Cloud NGFW | Cloud NGFW sans les derniers correctifs de sécurité | ||
| Palo Alto Networks | Prisma Access | Prisma Access versions 11.2.x antérieures à 11.2.4-h5 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.x antérieures à 6.2.8 pour Windows | ||
| Palo Alto Networks | Cortex XDR Broker | Cortex XDR Broker VM versions antérieures à 26.100.3 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.3.x antérieures à 6.3.3 pour Windows | ||
| Palo Alto Networks | Prisma SD-WAN | Prisma SD-WAN versions 6.4.x antérieures à 6.4.2 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.6.x antérieures à 8.6.1 pour Windows | ||
| Palo Alto Networks | Prisma Access Browser | Prisma Access Browser versions antérieures à 132.83.3017.1 | ||
| Palo Alto Networks | Prisma SD-WAN | Prisma SD-WAN versions 6.1.x antérieures à 6.1.10 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.5.x antérieures à 8.5.2 pour Windows | ||
| Palo Alto Networks | Prisma Access | Prisma Access versions 10.2.10.x antérieures à 10.2.10-h16 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.9-CE.x antérieures à 7.9.103-CE HF pour Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.1.x antérieures à 10.1.14-h13 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.1.x antérieures à 11.1.8 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.0.x antérieures à 11.0.6 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.x antérieures à 10.2.15 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Prisma SD-WAN versions 6.2.x et 6.3.x ant\u00e9rieures \u00e0 6.3.4",
"product": {
"name": "Prisma SD-WAN",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma SD-WAN versions 6.5.x ant\u00e9rieures \u00e0 6.5.1",
"product": {
"name": "Prisma SD-WAN",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.3-CE.x ant\u00e9rieures \u00e0 8.3.101-CE HF pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.6",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access versions 10.2.4.x ant\u00e9rieures \u00e0 10.2.4-h36",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cloud NGFW sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Cloud NGFW",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access versions 11.2.x ant\u00e9rieures \u00e0 11.2.4-h5",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.x ant\u00e9rieures \u00e0 6.2.8 pour Windows",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Broker VM versions ant\u00e9rieures \u00e0 26.100.3",
"product": {
"name": "Cortex XDR Broker",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.3.x ant\u00e9rieures \u00e0 6.3.3 pour Windows",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma SD-WAN versions 6.4.x ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "Prisma SD-WAN",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.6.x ant\u00e9rieures \u00e0 8.6.1 pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 132.83.3017.1",
"product": {
"name": "Prisma Access Browser",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma SD-WAN versions 6.1.x ant\u00e9rieures \u00e0 6.1.10",
"product": {
"name": "Prisma SD-WAN",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.5.x ant\u00e9rieures \u00e0 8.5.2 pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access versions 10.2.10.x ant\u00e9rieures \u00e0 10.2.10-h16",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 7.9-CE.x ant\u00e9rieures \u00e0 7.9.103-CE HF pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.14-h13",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.1.x ant\u00e9rieures \u00e0 11.1.8",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.0.x ant\u00e9rieures \u00e0 11.0.6",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 10.2.15",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0124"
},
{
"name": "CVE-2025-2783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2783"
},
{
"name": "CVE-2025-2136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2136"
},
{
"name": "CVE-2025-0120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0120"
},
{
"name": "CVE-2025-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0128"
},
{
"name": "CVE-2025-1920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1920"
},
{
"name": "CVE-2025-0126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0126"
},
{
"name": "CVE-2025-0129",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0129"
},
{
"name": "CVE-2025-2135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2135"
},
{
"name": "CVE-2025-2137",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2137"
},
{
"name": "CVE-2025-0121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0121"
},
{
"name": "CVE-2025-0127",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0127"
},
{
"name": "CVE-2025-0123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0123"
},
{
"name": "CVE-2025-0125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0125"
},
{
"name": "CVE-2025-0122",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0122"
},
{
"name": "CVE-2025-0119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0119"
},
{
"name": "CVE-2025-2476",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2476"
}
],
"initial_release_date": "2025-04-10T00:00:00",
"last_revision_date": "2025-04-10T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0301",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0122",
"url": "https://security.paloaltonetworks.com/CVE-2025-0122"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0120",
"url": "https://security.paloaltonetworks.com/CVE-2025-0120"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0128",
"url": "https://security.paloaltonetworks.com/CVE-2025-0128"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0008",
"url": "https://security.paloaltonetworks.com/PAN-SA-2025-0008"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0125",
"url": "https://security.paloaltonetworks.com/CVE-2025-0125"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0127",
"url": "https://security.paloaltonetworks.com/CVE-2025-0127"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0123",
"url": "https://security.paloaltonetworks.com/CVE-2025-0123"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0119",
"url": "https://security.paloaltonetworks.com/CVE-2025-0119"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0124",
"url": "https://security.paloaltonetworks.com/CVE-2025-0124"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0126",
"url": "https://security.paloaltonetworks.com/CVE-2025-0126"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0121",
"url": "https://security.paloaltonetworks.com/CVE-2025-0121"
}
]
}
CERTFR-2025-AVI-0128
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur indique que les versions 8.4.x et antérieures de Cortex XDR Agent ne sont plus maintenues. La mise à jour vers la version 8.5.1 au minimum est nécessaire. De plus la mise à jour de Cortex XDR Broker VM en version 25.105.6 ne protège pas de l'exploitation de la vulnérabilité CVE-2025-0113 qui est corrigée par la version 26.0.116.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.5.x antérieures à 8.5.1 pour Windows | ||
| Palo Alto Networks | Prisma Access Browser | Prisma Access Browser versions antérieures à 133.8.10.54 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.2.0 antérieures à 11.2.4-h4 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.1.0 antérieures à 11.1.6-h1 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.0 antérieures à 10.2.13-h3 | ||
| Palo Alto Networks | Cortex XDR Broker | Cortex XDR Broker VM versions antérieures à 26.0.116 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.3-CE antérieures à 8.3.101-CE pour Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS OpenConfig Plugin versions antérieures à 2.1.2 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.1.0 antérieures à 10.1.14-h9 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.4.x et antérieures |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XDR Agent versions 8.5.x ant\u00e9rieures \u00e0 8.5.1 pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 133.8.10.54",
"product": {
"name": "Prisma Access Browser",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.2.0 ant\u00e9rieures \u00e0 11.2.4-h4",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.1.0 ant\u00e9rieures \u00e0 11.1.6-h1",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.0 ant\u00e9rieures \u00e0 10.2.13-h3",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Broker VM versions ant\u00e9rieures \u00e0 26.0.116",
"product": {
"name": "Cortex XDR Broker",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.3-CE ant\u00e9rieures \u00e0 8.3.101-CE pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS OpenConfig Plugin versions ant\u00e9rieures \u00e0 2.1.2",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1.0 ant\u00e9rieures \u00e0 10.1.14-h9",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.4.x et ant\u00e9rieures",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": " L\u0027\u00e9diteur indique que les versions 8.4.x et ant\u00e9rieures de Cortex XDR Agent ne sont plus maintenues. La mise \u00e0 jour vers la version 8.5.1 au minimum est n\u00e9cessaire. De plus la mise \u00e0 jour de Cortex XDR Broker VM en version 25.105.6 ne prot\u00e8ge pas de l\u0027exploitation de la vuln\u00e9rabilit\u00e9 CVE-2025-0113 qui est corrig\u00e9e par la version 26.0.116.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0448"
},
{
"name": "CVE-2025-0111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0111"
},
{
"name": "CVE-2025-0440",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0440"
},
{
"name": "CVE-2025-0445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0445"
},
{
"name": "CVE-2025-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0434"
},
{
"name": "CVE-2025-0439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0439"
},
{
"name": "CVE-2025-0612",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0612"
},
{
"name": "CVE-2025-0291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0291"
},
{
"name": "CVE-2025-0451",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0451"
},
{
"name": "CVE-2025-0611",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0611"
},
{
"name": "CVE-2025-0443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0443"
},
{
"name": "CVE-2025-0109",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0109"
},
{
"name": "CVE-2024-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
},
{
"name": "CVE-2025-0446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0446"
},
{
"name": "CVE-2025-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0435"
},
{
"name": "CVE-2025-0442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0442"
},
{
"name": "CVE-2025-0441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0441"
},
{
"name": "CVE-2025-0444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0444"
},
{
"name": "CVE-2025-0108",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0108"
},
{
"name": "CVE-2025-0762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0762"
},
{
"name": "CVE-2025-0112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0112"
},
{
"name": "CVE-2025-0438",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0438"
},
{
"name": "CVE-2025-0437",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0437"
},
{
"name": "CVE-2025-0436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0436"
},
{
"name": "CVE-2025-0447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0447"
},
{
"name": "CVE-2025-0110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0110"
},
{
"name": "CVE-2025-0113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0113"
}
],
"initial_release_date": "2025-02-13T00:00:00",
"last_revision_date": "2025-02-13T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0128",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-1135",
"url": "https://security.paloaltonetworks.com/CVE-2024-1135"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0109",
"url": "https://security.paloaltonetworks.com/CVE-2025-0109"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0110",
"url": "https://security.paloaltonetworks.com/CVE-2025-0110"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0108",
"url": "https://security.paloaltonetworks.com/CVE-2025-0108"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0113",
"url": "https://security.paloaltonetworks.com/CVE-2025-0113"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0004",
"url": "https://security.paloaltonetworks.com/PAN-SA-2025-0004"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0112",
"url": "https://security.paloaltonetworks.com/CVE-2025-0112"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0111",
"url": "https://security.paloaltonetworks.com/CVE-2025-0111"
}
]
}
CERTFR-2024-AVI-0859
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions antérieures à 6.12.0 (Build 1271551) | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.0 antérieures à 11.0.6 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.9-x antérieures à 10.2.9-h11 | ||
| Palo Alto Networks | Expedition | Expedition versions antérieures à 1.2.96 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions antérieures à 6.2.5 sur Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.10-x antérieures à 10.2.10-h4 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions antérieures à 7.9.102-CE sur Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.0.4-x antérieures à 11.0.4-h5 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.4.x antérieures à 8.4.1 sur Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2 antérieures à 10.2.11 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.1 antérieures à 11.1.3 | ||
| Palo Alto Networks | Prisma Access | Prisma Access Browser versions antérieures à 129.101.2913.3 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.1 antérieures à 10.1.11 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.3.x antérieures à 8.3.1 sur Windows |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XSOAR versions ant\u00e9rieures \u00e0 6.12.0 (Build 1271551)",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.0 ant\u00e9rieures \u00e0 11.0.6",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.9-x ant\u00e9rieures \u00e0 10.2.9-h11",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Expedition versions ant\u00e9rieures \u00e0 1.2.96",
"product": {
"name": "Expedition",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions ant\u00e9rieures \u00e0 6.2.5 sur Windows",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.10-x ant\u00e9rieures \u00e0 10.2.10-h4",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions ant\u00e9rieures \u00e0 7.9.102-CE sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.0.4-x ant\u00e9rieures \u00e0 11.0.4-h5",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.4.x ant\u00e9rieures \u00e0 8.4.1 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2 ant\u00e9rieures \u00e0 10.2.11",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.1 ant\u00e9rieures \u00e0 11.1.3",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 129.101.2913.3",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1 ant\u00e9rieures \u00e0 10.1.11",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.3.x ant\u00e9rieures \u00e0 8.3.1 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-9468",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9468"
},
{
"name": "CVE-2024-8909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8909"
},
{
"name": "CVE-2024-9603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9603"
},
{
"name": "CVE-2024-8905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8905"
},
{
"name": "CVE-2024-7025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7025"
},
{
"name": "CVE-2024-8906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8906"
},
{
"name": "CVE-2024-9123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9123"
},
{
"name": "CVE-2024-8907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8907"
},
{
"name": "CVE-2024-9469",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9469"
},
{
"name": "CVE-2024-9471",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9471"
},
{
"name": "CVE-2024-9370",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9370"
},
{
"name": "CVE-2024-9470",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9470"
},
{
"name": "CVE-2024-9463",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9463"
},
{
"name": "CVE-2024-9602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9602"
},
{
"name": "CVE-2024-9467",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9467"
},
{
"name": "CVE-2024-9122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9122"
},
{
"name": "CVE-2024-9464",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9464"
},
{
"name": "CVE-2024-9121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9121"
},
{
"name": "CVE-2024-8904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8904"
},
{
"name": "CVE-2024-9369",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9369"
},
{
"name": "CVE-2024-9120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9120"
},
{
"name": "CVE-2024-9465",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9465"
},
{
"name": "CVE-2024-9466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9466"
},
{
"name": "CVE-2024-9473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9473"
},
{
"name": "CVE-2024-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8908"
}
],
"initial_release_date": "2024-10-10T00:00:00",
"last_revision_date": "2024-10-10T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0859",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0010",
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0011",
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0011"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CPATR-23347",
"url": "https://security.paloaltonetworks.com/CVE-2024-9469"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks GPC-19493 et GPC-21211",
"url": "https://security.paloaltonetworks.com/CVE-2024-9473"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-244840",
"url": "https://security.paloaltonetworks.com/CVE-2024-9468"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-217511 et PAN-152631",
"url": "https://security.paloaltonetworks.com/CVE-2024-9471"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CRTX-105114",
"url": "https://security.paloaltonetworks.com/CVE-2024-9470"
}
]
}
CERTFR-2024-AVI-0770
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.0.x antérieures à 10.0.12 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 5.1.x antérieures à 5.1.12 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.0.x antérieures à 11.0.1 | ||
| Palo Alto Networks | Prisma Access | Prisma Access versions antérieures à 10.2.9 sur PAN-OS | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 9.0.x antérieures à 9.0.17 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.2.x antérieures à 11.2.3 | ||
| Palo Alto Networks | ActiveMQ Content Pack | ActiveMQ Content Pack versions 1.1.x antérieures à 1.1.15 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.1.x antérieures à 10.1.11 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.2.x antérieures à 6.2.1 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent toutes versions antérieures à 8.2 | ||
| Palo Alto Networks | Prisma Access Browser | Prisma Access Browser versions 128.x.x.x postérieures à 128.91.2869.7 et antérieures à 128.138.2888.2 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.x antérieures à 10.2.4 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.0.x antérieures à 6.0.7 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 8.1.x antérieures à 8.1.25 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 5.2.x antérieures à 5.2.13 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 9.1.x antérieures à 9.1.17 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.1.x antérieures à 6.1.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PAN-OS versions 10.0.x ant\u00e9rieures \u00e0 10.0.12",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 5.1.x ant\u00e9rieures \u00e0 5.1.12",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access versions ant\u00e9rieures \u00e0 10.2.9 sur PAN-OS",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 9.0.x ant\u00e9rieures \u00e0 9.0.17",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.3",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "ActiveMQ Content Pack versions 1.1.x ant\u00e9rieures \u00e0 1.1.15",
"product": {
"name": "ActiveMQ Content Pack",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.11",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.2.x ant\u00e9rieures \u00e0 6.2.1",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent toutes versions ant\u00e9rieures \u00e0 8.2",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access Browser versions 128.x.x.x post\u00e9rieures \u00e0 128.91.2869.7 et ant\u00e9rieures \u00e0 128.138.2888.2",
"product": {
"name": "Prisma Access Browser",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 10.2.4",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.0.x ant\u00e9rieures \u00e0 6.0.7",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 8.1.x ant\u00e9rieures \u00e0 8.1.25",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 5.2.x ant\u00e9rieures \u00e0 5.2.13",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 9.1.x ant\u00e9rieures \u00e0 9.1.17",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.1.x ant\u00e9rieures \u00e0 6.1.2",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-8193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8193"
},
{
"name": "CVE-2024-7976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7976"
},
{
"name": "CVE-2024-7973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7973"
},
{
"name": "CVE-2024-7969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7969"
},
{
"name": "CVE-2024-8691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8691"
},
{
"name": "CVE-2024-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8035"
},
{
"name": "CVE-2024-7980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7980"
},
{
"name": "CVE-2024-7975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7975"
},
{
"name": "CVE-2024-7964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7964"
},
{
"name": "CVE-2024-8636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8636"
},
{
"name": "CVE-2024-7968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7968"
},
{
"name": "CVE-2024-8686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8686"
},
{
"name": "CVE-2024-8638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8638"
},
{
"name": "CVE-2024-8639",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8639"
},
{
"name": "CVE-2024-7977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7977"
},
{
"name": "CVE-2024-8362",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8362"
},
{
"name": "CVE-2024-8687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8687"
},
{
"name": "CVE-2024-7966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7966"
},
{
"name": "CVE-2024-7979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7979"
},
{
"name": "CVE-2024-7974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7974"
},
{
"name": "CVE-2024-8637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8637"
},
{
"name": "CVE-2024-7972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7972"
},
{
"name": "CVE-2024-7967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7967"
},
{
"name": "CVE-2024-8689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8689"
},
{
"name": "CVE-2024-8198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8198"
},
{
"name": "CVE-2024-8688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8688"
},
{
"name": "CVE-2024-8034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8034"
},
{
"name": "CVE-2024-7970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7970"
},
{
"name": "CVE-2024-8690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8690"
},
{
"name": "CVE-2024-7981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7981"
},
{
"name": "CVE-2024-8033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8033"
},
{
"name": "CVE-2024-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8194"
},
{
"name": "CVE-2024-7978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7978"
},
{
"name": "CVE-2024-7971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7971"
},
{
"name": "CVE-2024-7965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7965"
}
],
"initial_release_date": "2024-09-12T00:00:00",
"last_revision_date": "2024-09-12T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0770",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-219031 et PAN-192893",
"url": "https://security.paloaltonetworks.com/CVE-2024-8691"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-204689 et GPC-16848",
"url": "https://security.paloaltonetworks.com/CVE-2024-8687"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-151792 et PAN-82874",
"url": "https://security.paloaltonetworks.com/CVE-2024-8688"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CPATR-20644",
"url": "https://security.paloaltonetworks.com/CVE-2024-8690"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CRTX-105751",
"url": "https://security.paloaltonetworks.com/CVE-2024-8689"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0009",
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0009"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-263321",
"url": "https://security.paloaltonetworks.com/CVE-2024-8686"
}
]
}
CERTFR-2024-AVI-0567
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur indique que le correctif pour la vulnérabilité CVE-2024-3596 pour Prisma Access devrait être disponible le 30 Juillet 2024.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 11.1 antérieures à 11.1.4 | ||
| Palo Alto Networks | Expedition | Expedition versions 1.2 antérieures à 1.2.92 | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 10.1 antérieures à 10.1.9 sur Panorama | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 10.2 antérieures à 10.2.4 sur Panorama | ||
| Palo Alto Networks | Expedition | Script d'installation initSetup_v2.0 pour Expedition versions antérieures à la date 20240605 | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 10.2 antérieures à 10.2.10 | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 9.1 antérieures à 9.1.19 | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 11.0 antérieures à 11.0.5 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.2 antérieures à 8.2.2 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.9-CE antérieures à 7.9.102-CE | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 11.2 antérieures à 11.2.1 | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 10.1 antérieures à 10.1.14-h2 | ||
| Palo Alto Networks | Prisma Access | Prisma Access toutes versions |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PAN-OS versions 11.1 ant\u00e9rieures \u00e0 11.1.4",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Expedition versions 1.2 ant\u00e9rieures \u00e0 1.2.92",
"product": {
"name": "Expedition",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1 ant\u00e9rieures \u00e0 10.1.9 sur Panorama",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2 ant\u00e9rieures \u00e0 10.2.4 sur Panorama",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Script d\u0027installation initSetup_v2.0 pour Expedition versions ant\u00e9rieures \u00e0 la date 20240605",
"product": {
"name": "Expedition",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2 ant\u00e9rieures \u00e0 10.2.10",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 9.1 ant\u00e9rieures \u00e0 9.1.19",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.0 ant\u00e9rieures \u00e0 11.0.5",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.2 ant\u00e9rieures \u00e0 8.2.2",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 7.9-CE ant\u00e9rieures \u00e0 7.9.102-CE",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.2 ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1 ant\u00e9rieures \u00e0 10.1.14-h2",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access toutes versions",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur indique que le correctif pour la vuln\u00e9rabilit\u00e9 CVE-2024-3596 pour Prisma Access devrait \u00eatre disponible le 30 Juillet 2024.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-5911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5911"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2024-5913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5913"
},
{
"name": "CVE-2024-5910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5910"
},
{
"name": "CVE-2024-5912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5912"
}
],
"initial_release_date": "2024-07-11T00:00:00",
"last_revision_date": "2024-07-11T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0567",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5910",
"url": "https://security.paloaltonetworks.com/CVE-2024-5910"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-247511",
"url": "https://security.paloaltonetworks.com/CVE-2024-3596"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0006",
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0006"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CPATR-22565",
"url": "https://security.paloaltonetworks.com/CVE-2024-5912"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5913",
"url": "https://security.paloaltonetworks.com/CVE-2024-5913"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-182835",
"url": "https://security.paloaltonetworks.com/CVE-2024-5911"
}
]
}
CERTFR-2024-AVI-0491
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.2.x antérieures à 6.2.3 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 5.1.x antérieures à 5.1.12 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.9.x.-CE antérieures à 7.9.102-CE sur Windows | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.1.x à 8.2.x antérieures à 8.2.1 sur Windows | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.1.x antérieures à 6.1.3 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.0.x antérieures à 6.0.8 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.3.x antérieures à 8.3.1 sur Windows | ||
| Palo Alto Networks | Prisma Cloud Compute | Prisma Cloud Compute versions 32.x antérieures à 32.05 (O’Neal - Update 5) |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GlobalProtect App versions 6.2.x ant\u00e9rieures \u00e0 6.2.3",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 5.1.x ant\u00e9rieures \u00e0 5.1.12",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 7.9.x.-CE ant\u00e9rieures \u00e0 7.9.102-CE sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.1.x \u00e0 8.2.x ant\u00e9rieures \u00e0 8.2.1 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.1.x ant\u00e9rieures \u00e0 6.1.3",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.0.x ant\u00e9rieures \u00e0 6.0.8",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.3.x ant\u00e9rieures \u00e0 8.3.1 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Cloud Compute versions 32.x ant\u00e9rieures \u00e0 32.05 (O\u2019Neal - Update 5)",
"product": {
"name": "Prisma Cloud Compute",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-5908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5908"
},
{
"name": "CVE-2024-5907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5907"
},
{
"name": "CVE-2024-5905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5905"
},
{
"name": "CVE-2024-5906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5906"
},
{
"name": "CVE-2024-5909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5909"
}
],
"initial_release_date": "2024-06-13T00:00:00",
"last_revision_date": "2024-06-13T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0491",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5906",
"url": "https://security.paloaltonetworks.com/CVE-2024-5906"
},
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5908",
"url": "https://security.paloaltonetworks.com/CVE-2024-5908"
},
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5907",
"url": "https://security.paloaltonetworks.com/CVE-2024-5907"
},
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5905",
"url": "https://security.paloaltonetworks.com/CVE-2024-5905"
},
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5909",
"url": "https://security.paloaltonetworks.com/CVE-2024-5909"
}
]
}
CERTFR-2023-AVI-0746
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent pour Windows 7.5-CE.x toutes versions | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent pour Windows versions 7.9-CE.x antérieures à 7.9.101-CE | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.x antérieures à 11.0.3 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent pour Windows versions 7.9.x antérieures à 7.9.3 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.1.x antérieures à 10.1.11 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 9.1.x antérieures à 9.1.16-HF | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent pour Windows versions 8.0.x antérieures à 8.0.2 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent pour Windows 5.0.x toutes versions | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.0.x antérieures à 11.0.3 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XDR Agent pour Windows 7.5-CE.x toutes versions",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent pour Windows versions 7.9-CE.x ant\u00e9rieures \u00e0 7.9.101-CE",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 11.0.3",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent pour Windows versions 7.9.x ant\u00e9rieures \u00e0 7.9.3",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.11",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 9.1.x ant\u00e9rieures \u00e0 9.1.16-HF",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent pour Windows versions 8.0.x ant\u00e9rieures \u00e0 8.0.2",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent pour Windows 5.0.x toutes versions",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.0.x ant\u00e9rieures \u00e0 11.0.3",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-38802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38802"
},
{
"name": "CVE-2023-3280",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3280"
}
],
"initial_release_date": "2023-09-14T00:00:00",
"last_revision_date": "2023-09-14T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks\u00a0CVE-2023-38802 du 13 septembre 2023",
"url": "https://security.paloaltonetworks.com/CVE-2023-38802"
}
],
"reference": "CERTFR-2023-AVI-0746",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Palo Alto Networks\u003c/span\u003e. Certaines d\u0027entre\nelles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2023-3280 du 13 septembre 2023",
"url": "https://security.paloaltonetworks.com/CVE-2023-3280"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2023-38802 du 13 septembre 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0105
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans PaloAlto. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR agent versions 5.0.12.x antérieures à 5.0.12.22203 sur Windows | ||
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions 6.6 antérieures au build numéro B186115 | ||
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions 6.8 antérieures au build numéro B185719 | ||
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions 6.10 antérieures au build numéro 185964 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR agent versions 7.5.x-CE antérieures à 7.5.101-CE sur Windows | ||
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions 6.9 antérieures au build numéro B185415 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XDR agent versions 5.0.12.x ant\u00e9rieures \u00e0 5.0.12.22203 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XSOAR versions 6.6 ant\u00e9rieures au build num\u00e9ro B186115",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XSOAR versions 6.8 ant\u00e9rieures au build num\u00e9ro B185719",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XSOAR versions 6.10 ant\u00e9rieures au build num\u00e9ro 185964",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR agent versions 7.5.x-CE ant\u00e9rieures \u00e0 7.5.101-CE sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XSOAR versions 6.9 ant\u00e9rieures au build num\u00e9ro B185415",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0003"
},
{
"name": "CVE-2023-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0001"
},
{
"name": "CVE-2023-0002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0002"
}
],
"initial_release_date": "2023-02-09T00:00:00",
"last_revision_date": "2023-02-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 PaloAlto du 08 f\u00e9vrier 2023",
"url": "https://security.paloaltonetworks.com/CVE-2023-0003"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 PaloAlto du 08 f\u00e9vrier 2023",
"url": "https://security.paloaltonetworks.com/CVE-2023-0001"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 PaloAlto du 08 f\u00e9vrier 2023",
"url": "https://security.paloaltonetworks.com/CVE-2023-0002"
}
],
"reference": "CERTFR-2023-AVI-0105",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ePaloAlto\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits PaloAlto",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PaloAlto CVE-2023-0003 du 08 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PaloAlto CVE-2023-0001 du 08 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PaloAlto CVE-2023-0002 du 08 f\u00e9vrier 2023",
"url": null
}
]
}
CERTFR-2022-AVI-824
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans PaloAlto Cortex XDR Agent. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.7.x antérieures à 7.7.3 sur Windows | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 5.0.x antérieures à 5.0.12-hotfix sur Windows | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.5.x CE antérieures à 7.5.101-CE sur Windows |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XDR Agent versions 7.7.x ant\u00e9rieures \u00e0 7.7.3 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 5.0.x ant\u00e9rieures \u00e0 5.0.12-hotfix sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 7.5.x CE ant\u00e9rieures \u00e0 7.5.101-CE sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0029",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0029"
}
],
"initial_release_date": "2022-09-15T00:00:00",
"last_revision_date": "2022-09-15T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-824",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans PaloAlto Cortex XDR Agent. Elle\npermet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans PaloAlto Cortex XDR Agent",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PaloAlto CVE-2022-0029 du 14 septembre 2022",
"url": "https://security.paloaltonetworks.com/CVE-2022-0029"
}
]
}
CERTFR-2022-AVI-032
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Palo Alto Cortex XDR. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent 5.0.x versions antérieures à 5.0.12 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent 7.2.x versions antérieures à 7.2.4 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent 6.1.x versions antérieures à 6.1.9 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent 7.3.x versions antérieures à 7.3.2 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XDR Agent 5.0.x versions ant\u00e9rieures \u00e0 5.0.12",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent 7.2.x versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent 6.1.x versions ant\u00e9rieures \u00e0 6.1.9",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent 7.3.x versions ant\u00e9rieures \u00e0 7.3.2",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0013",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0013"
},
{
"name": "CVE-2022-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0015"
},
{
"name": "CVE-2022-0014",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0014"
},
{
"name": "CVE-2022-0012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0012"
}
],
"initial_release_date": "2022-01-13T00:00:00",
"last_revision_date": "2022-01-13T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-032",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Palo Alto Cortex\nXDR. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nd\u00e9ni de service, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Palo Alto Cortex XDR",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2022-0012 du 12 janvier 2022",
"url": "https://security.paloaltonetworks.com/CVE-2022-0012"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2022-0015 du 12 janvier 2022",
"url": "https://security.paloaltonetworks.com/CVE-2022-0015"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2022-0014 du 12 janvier 2022",
"url": "https://security.paloaltonetworks.com/CVE-2022-0014"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2022-0013 du 12 janvier 2022",
"url": "https://security.paloaltonetworks.com/CVE-2022-0013"
}
]
}
CERTFR-2021-AVI-532
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Elles permettent à un attaquant de provoquer une élévation de privilèges et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma Cloud Compute | Prisma Cloud Compute versions 20.12 antérieures à 20.12.552 | ||
| Palo Alto Networks | Prisma Cloud Compute | Prisma Cloud Compute versions 21.04 antérieures à 21.04.439 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.3 sans le correctif 181 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.2 sans le correctif 181 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 6.1 sans le correctif 181 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Prisma Cloud Compute versions 20.12 ant\u00e9rieures \u00e0 20.12.552",
"product": {
"name": "Prisma Cloud Compute",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Cloud Compute versions 21.04 ant\u00e9rieures \u00e0 21.04.439",
"product": {
"name": "Prisma Cloud Compute",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 7.3 sans le correctif 181",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 7.2 sans le correctif 181",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 6.1 sans le correctif 181",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3042",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3042"
},
{
"name": "CVE-2021-3043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3043"
}
],
"initial_release_date": "2021-07-16T00:00:00",
"last_revision_date": "2021-07-16T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto\u00a0Networks CVE-2021-3042 du 14 juillet 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3042"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto\u00a0Networks CVE-2021-3043 du 14 juillet 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3043"
}
],
"reference": "CERTFR-2021-AVI-532",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo\nAlto Networks. Elles permettent \u00e0 un attaquant de provoquer une\n\u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte \u00e0 distance\n(XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3043 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3042 du 14 juillet 2021",
"url": null
}
]
}
CERTFR-2021-AVI-454
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.2.x antérieures à 7.2.3 ou sans un correctif de sécurité antérieur à 171 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 6.1.x antérieures à 6.1.8 | ||
| Palo Alto Networks | Prisma Cloud Compute | Prisma Cloud Compute versions antérieures à 21.04.412 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 5.0.x antérieures à 5.0.11 | ||
| Palo Alto Networks | N/A | Bridgecrew Checkov versions 2.x antérieures à 2.0.139 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XDR Agent versions 7.2.x ant\u00e9rieures \u00e0 7.2.3 ou sans un correctif de s\u00e9curit\u00e9 ant\u00e9rieur \u00e0 171",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 6.1.x ant\u00e9rieures \u00e0 6.1.8",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Cloud Compute versions ant\u00e9rieures \u00e0 21.04.412",
"product": {
"name": "Prisma Cloud Compute",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 5.0.x ant\u00e9rieures \u00e0 5.0.11",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Bridgecrew Checkov versions 2.x ant\u00e9rieures \u00e0 2.0.139",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3041",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3041"
},
{
"name": "CVE-2021-3040",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3040"
},
{
"name": "CVE-2021-3039",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3039"
}
],
"initial_release_date": "2021-06-10T00:00:00",
"last_revision_date": "2021-06-10T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-454",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-06-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo\nAlto Networks. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3040 du 09 juin 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3040"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3041 du 09 juin 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3041"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3039 du 09 juin 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3039"
}
]
}