Vulnerability-Lookup - Search a vulnerability

Patch: All

	Palo Alto Networks	PAN-OS	Patch: 12.1.0 Version: 11.2.0 < 11.2.5 Version: 11.1.0 < 11.1.7 Version: 10.2.0 < 10.2.14 Patch: 10.1.0 cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h5:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h4:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h3:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h2:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h1:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:-:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:h1:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:-:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:h1:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:-:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h13:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h12:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h11:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h10:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h9:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h8:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h7:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h6:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h5:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h4:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h3:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h2:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h17:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h16:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h15:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h14:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h13:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h12:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h11:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h10:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h9:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h5:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h4:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h3:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h2:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h1:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:-:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h11:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h10:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h9:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h8:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h7:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h6:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h5:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h4:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h3:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h2:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h1:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:-:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h20:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h19:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h18:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h17:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h16:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h15:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h14:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h13:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h12:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h11:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h10:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h9:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h8:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h7:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h6:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h20:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h19:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h18:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h17:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h16:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h15:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h14:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h13:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h12:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h11:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h10:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:::::::*
	Palo Alto Networks	Prisma Access	Version: 10.2.0 < 10.2.10-h14

Show details on NVD website

https://security.paloaltonetworks.com/CVEN-2025-4615

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4619",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-14T18:08:04.676466Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-14T18:08:10.682Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h5:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:-:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h13:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h12:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h9:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h8:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h7:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h6:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h5:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h17:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h16:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h15:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h14:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h13:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h12:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h9:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h5:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h9:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h8:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h7:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h6:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h5:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h20:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h19:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h18:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h17:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h16:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h15:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h14:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h13:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h12:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h9:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h8:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h7:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h6:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h20:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h19:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h18:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h17:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h16:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h15:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h14:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h13:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h12:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "12.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.2.5",
                  "status": "unaffected"
                },
                {
                  "at": "11.2.4-h4",
                  "status": "unaffected"
                },
                {
                  "at": "11.2.3-h6",
                  "status": "unaffected"
                },
                {
                  "at": "11.2.2-h2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.2.5",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.1.7",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.6-h1",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.4-h13",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.4-h4",
                  "status": "affected"
                },
                {
                  "at": "11.1.3-h2",
                  "status": "affected"
                },
                {
                  "at": "11.1.2-h18",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.2-h9",
                  "status": "affected"
                }
              ],
              "lessThan": "11.1.7",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.2.14",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.13-h3",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.12-h6",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.11-h12",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.10-h14",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.10-h2",
                  "status": "affected"
                },
                {
                  "at": "10.2.9-h21",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.9-h6",
                  "status": "affected"
                },
                {
                  "at": "10.2.8-h21",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.8-h10",
                  "status": "affected"
                },
                {
                  "at": "10.2.7-h24",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.7-h11",
                  "status": "affected"
                },
                {
                  "at": "10.2.4-h25",
                  "status": "affected"
                }
              ],
              "lessThan": "10.2.14",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "10.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "PAN-OS"
          ],
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "11.2.4-h4",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.10-h14",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.4-h25",
                  "status": "affected"
                }
              ],
              "lessThan": "10.2.10-h14",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is only applicable to firewalls where URL\u0026nbsp;proxy or any decrypt-policy is configured.\u003cbr\u003e\u003cbr\u003eWhen any decrypt policy is configured, this issue may be encountered regardless of whether traffic matches explicit decrypt, explicit no-decrypt, or none of the decryption policies."
            }
          ],
          "value": "This issue is only applicable to firewalls where URL\u00a0proxy or any decrypt-policy is configured.\n\nWhen any decrypt policy is configured, this issue may be encountered regardless of whether traffic matches explicit decrypt, explicit no-decrypt, or none of the decryption policies."
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.2.5",
                  "versionStartIncluding": "11.2.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.2.4-h4",
                  "versionStartIncluding": "11.2.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.2.3-h6",
                  "versionStartIncluding": "11.2.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.2.2-h2",
                  "versionStartIncluding": "11.2.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.1.7",
                  "versionStartIncluding": "11.1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.1.6-h1",
                  "versionStartIncluding": "11.1.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.1.4-h13",
                  "versionStartIncluding": "11.1.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.1.4-h4",
                  "versionStartIncluding": "11.1.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.1.3-h2",
                  "versionStartIncluding": "11.1.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.1.2-h18",
                  "versionStartIncluding": "11.1.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.1.2-h9",
                  "versionStartIncluding": "11.1.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.14",
                  "versionStartIncluding": "10.2.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.13-h3",
                  "versionStartIncluding": "10.2.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.12-h6",
                  "versionStartIncluding": "10.2.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.11-h12",
                  "versionStartIncluding": "10.2.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.10-h14",
                  "versionStartIncluding": "10.2.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.10-h2",
                  "versionStartIncluding": "10.2.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.9-h21",
                  "versionStartIncluding": "10.2.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.9-h6",
                  "versionStartIncluding": "10.2.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.8-h21",
                  "versionStartIncluding": "10.2.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.8-h10",
                  "versionStartIncluding": "10.2.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.7-h24",
                  "versionStartIncluding": "10.2.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.7-h11",
                  "versionStartIncluding": "10.2.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:PAN-OS:*:*",
                  "versionEndExcluding": "11.2.4-h4",
                  "versionStartIncluding": "11.2.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:PAN-OS:*:*",
                  "versionEndExcluding": "10.2.10-h14",
                  "versionStartIncluding": "10.2.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "datePublic": "2025-11-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.\u003cbr\u003e\u003cbr\u003eThis issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma\u00ae Access software. This issue does not affect Cloud NGFW.\u003cbr\u003e\u003cbr\u003e\u200b\u200bWe have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows.  Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process."
            }
          ],
          "value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.\n\nThis issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma\u00ae Access software. This issue does not affect Cloud NGFW.\n\n\u200b\u200bWe have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows.  Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-129",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-129: Pointer Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "UNREPORTED",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-14T13:48:54.807Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2025-4619"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.4\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.4-h4 or 11.2.5 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.3\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.3-h6 or 11.2.5 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.2\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.2-h2 or 11.2.5 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.6\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.6-h1 or 11.1.7 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.4\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.4-h13 or 11.1.7 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.3\u003c/td\u003e\n                                \u003ctd\u003eRemain on a version older than 11.1.3-h2 or upgrade to 11.1.4-h13 or 11.1.7 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.2\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.2-h18 or 11.1.7 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.13\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.13-h3 or 10.2.14 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.12\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.12-h6 or 10.2.14 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.11\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.11-h12 or 10.2.14 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.10\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.10-h14 or 10.2.14 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.9\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.9-h21 or 10.2.14 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.8\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.8-h21 or 10.2.14 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.7\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.7-h24 or 10.2.14 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.4\u003c/td\u003e\n                                \u003ctd\u003eRemain on a version older than 10.2.4-h25\u003cbr\u003e\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;Prisma Access\u0026nbsp; on PAN-OS\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h4\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                    \u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\n                                    \u003ctd\u003e10.2.0 through 10.2.10\u003c/td\u003e\n                                    \u003ctd\u003eUpgrade to 10.2.10-h14 or 11.2.4-h4 or later.\u003c/td\u003e\n                                \u003c/tr\u003e\u003ctr\u003e\n                                    \u003ctd\u003e\u003c/td\u003e\n                                    \u003ctd\u003e10.2.0 through 10.2.4\u003c/td\u003e\n                                    \u003ctd\u003eRemain on a version older than 10.2.4-h25.\u003c/td\u003e\n                                \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
            }
          ],
          "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW\nNo action needed.PAN-OS 12.1\nNo action needed.\n                                PAN-OS 11.2\n\n                                11.2.0 through 11.2.4\n                                Upgrade to 11.2.4-h4 or 11.2.5 or later.\n                            \n                                \n                                11.2.0 through 11.2.3\n                                Upgrade to 11.2.3-h6 or 11.2.5 or later.\n                            \n                                \n                                11.2.0 through 11.2.2\n                                Upgrade to 11.2.2-h2 or 11.2.5 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.0 through 11.1.6\n                                Upgrade to 11.1.6-h1 or 11.1.7 or later.\n                            \n                                \n                                11.1.0 through 11.1.4\n                                Upgrade to 11.1.4-h13 or 11.1.7 or later.\n                            \n                                \n                                11.1.0 through 11.1.3\n                                Remain on a version older than 11.1.3-h2 or upgrade to 11.1.4-h13 or 11.1.7 or later.\n                            \n                                \n                                11.1.0 through 11.1.2\n                                Upgrade to 11.1.2-h18 or 11.1.7 or later.\n                            \n                                PAN-OS 10.2\n\n                                10.2.0 through 10.2.13\n                                Upgrade to 10.2.13-h3 or 10.2.14 or later.\n                            \n                                \n                                10.2.0 through 10.2.12\n                                Upgrade to 10.2.12-h6 or 10.2.14 or later.\n                            \n                                \n                                10.2.0 through 10.2.11\n                                Upgrade to 10.2.11-h12 or 10.2.14 or later.\n                            \n                                \n                                10.2.0 through 10.2.10\n                                Upgrade to 10.2.10-h14 or 10.2.14 or later.\n                            \n                                \n                                10.2.0 through 10.2.9\n                                Upgrade to 10.2.9-h21 or 10.2.14 or later.\n                            \n                                \n                                10.2.0 through 10.2.8\n                                Upgrade to 10.2.8-h21 or 10.2.14 or later.\n                            \n                                \n                                10.2.0 through 10.2.7\n                                Upgrade to 10.2.7-h24 or 10.2.14 or later.\n                            \n                                \n                                10.2.0 through 10.2.4\n                                Remain on a version older than 10.2.4-h25\n\n                            PAN-OS 10.1\nNo action needed.All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.\u00a0Prisma Access\u00a0 on PAN-OS11.2.0 through 11.2.4Upgrade to 11.2.4-h4\u00a0or later\n                                    \n\n                                    10.2.0 through 10.2.10\n                                    Upgrade to 10.2.10-h14 or 11.2.4-h4 or later.\n                                \n                                    \n                                    10.2.0 through 10.2.4\n                                    Remain on a version older than 10.2.4-h25."
        }
      ],
      "source": {
        "defect": [
          "PAN-247099"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-11-12T17:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Packets",
      "workarounds": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No known workarounds exist for this issue."
            }
          ],
          "value": "No known workarounds exist for this issue."
        }
      ],
      "x_affectedList": [
        "PAN-OS 11.2.4-h3",
        "PAN-OS 11.2.4-h2",
        "PAN-OS 11.2.4-h1",
        "PAN-OS 11.2.4",
        "PAN-OS 11.2.3-h5",
        "PAN-OS 11.2.3-h4",
        "PAN-OS 11.2.3-h3",
        "PAN-OS 11.2.3-h2",
        "PAN-OS 11.2.3-h1",
        "PAN-OS 11.2.3",
        "PAN-OS 11.2.2-h1",
        "PAN-OS 11.2.2",
        "PAN-OS 11.2.1-h1",
        "PAN-OS 11.2.1",
        "PAN-OS 11.2.0-h1",
        "PAN-OS 11.2.0",
        "PAN-OS 11.1.6",
        "PAN-OS 11.1.5-h1",
        "PAN-OS 11.1.5",
        "PAN-OS 11.1.4-h12",
        "PAN-OS 11.1.4-h11",
        "PAN-OS 11.1.4-h10",
        "PAN-OS 11.1.4-h9",
        "PAN-OS 11.1.4-h8",
        "PAN-OS 11.1.4-h7",
        "PAN-OS 11.1.4-h6",
        "PAN-OS 11.1.4-h5",
        "PAN-OS 11.1.3-h13",
        "PAN-OS 11.1.3-h12",
        "PAN-OS 11.1.3-h11",
        "PAN-OS 11.1.3-h10",
        "PAN-OS 11.1.3-h9",
        "PAN-OS 11.1.3-h8",
        "PAN-OS 11.1.3-h7",
        "PAN-OS 11.1.3-h6",
        "PAN-OS 11.1.3-h5",
        "PAN-OS 11.1.3-h4",
        "PAN-OS 11.1.3-h3",
        "PAN-OS 11.1.3-h2",
        "PAN-OS 11.1.2-h17",
        "PAN-OS 11.1.2-h16",
        "PAN-OS 11.1.2-h15",
        "PAN-OS 11.1.2-h14",
        "PAN-OS 11.1.2-h13",
        "PAN-OS 11.1.2-h12",
        "PAN-OS 11.1.2-h11",
        "PAN-OS 11.1.2-h10",
        "PAN-OS 11.1.2-h9",
        "PAN-OS 11.1.1-h2",
        "PAN-OS 11.1.1-h1",
        "PAN-OS 11.1.1",
        "PAN-OS 11.1.0-h4",
        "PAN-OS 11.1.0-h3",
        "PAN-OS 11.1.0-h2",
        "PAN-OS 11.1.0-h1",
        "PAN-OS 11.1.0",
        "PAN-OS 10.2.13-h2",
        "PAN-OS 10.2.13-h1",
        "PAN-OS 10.2.13",
        "PAN-OS 10.2.12-h5",
        "PAN-OS 10.2.12-h4",
        "PAN-OS 10.2.12-h3",
        "PAN-OS 10.2.12-h2",
        "PAN-OS 10.2.12-h1",
        "PAN-OS 10.2.12",
        "PAN-OS 10.2.11-h11",
        "PAN-OS 10.2.11-h10",
        "PAN-OS 10.2.11-h9",
        "PAN-OS 10.2.11-h8",
        "PAN-OS 10.2.11-h7",
        "PAN-OS 10.2.11-h6",
        "PAN-OS 10.2.11-h5",
        "PAN-OS 10.2.11-h4",
        "PAN-OS 10.2.11-h3",
        "PAN-OS 10.2.11-h2",
        "PAN-OS 10.2.11-h1",
        "PAN-OS 10.2.11",
        "PAN-OS 10.2.10-h13",
        "PAN-OS 10.2.10-h12",
        "PAN-OS 10.2.10-h11",
        "PAN-OS 10.2.10-h10",
        "PAN-OS 10.2.10-h9",
        "PAN-OS 10.2.10-h8",
        "PAN-OS 10.2.10-h7",
        "PAN-OS 10.2.10-h6",
        "PAN-OS 10.2.10-h5",
        "PAN-OS 10.2.10-h4",
        "PAN-OS 10.2.10-h3",
        "PAN-OS 10.2.10-h2",
        "PAN-OS 10.2.9-h20",
        "PAN-OS 10.2.9-h19",
        "PAN-OS 10.2.9-h18",
        "PAN-OS 10.2.9-h17",
        "PAN-OS 10.2.9-h16",
        "PAN-OS 10.2.9-h15",
        "PAN-OS 10.2.9-h14",
        "PAN-OS 10.2.9-h13",
        "PAN-OS 10.2.9-h12",
        "PAN-OS 10.2.9-h11",
        "PAN-OS 10.2.9-h10",
        "PAN-OS 10.2.9-h9",
        "PAN-OS 10.2.9-h8",
        "PAN-OS 10.2.9-h7",
        "PAN-OS 10.2.9-h6",
        "PAN-OS 10.2.8-h20",
        "PAN-OS 10.2.8-h19",
        "PAN-OS 10.2.8-h18",
        "PAN-OS 10.2.8-h17",
        "PAN-OS 10.2.8-h16",
        "PAN-OS 10.2.8-h15",
        "PAN-OS 10.2.8-h14",
        "PAN-OS 10.2.8-h13",
        "PAN-OS 10.2.8-h12",
        "PAN-OS 10.2.8-h11",
        "PAN-OS 10.2.8-h10",
        "PAN-OS 10.2.7-h23",
        "PAN-OS 10.2.7-h22",
        "PAN-OS 10.2.7-h21",
        "PAN-OS 10.2.7-h20",
        "PAN-OS 10.2.7-h19",
        "PAN-OS 10.2.7-h18",
        "PAN-OS 10.2.7-h17",
        "PAN-OS 10.2.7-h16",
        "PAN-OS 10.2.7-h15",
        "PAN-OS 10.2.7-h14",
        "PAN-OS 10.2.7-h13",
        "PAN-OS 10.2.7-h12",
        "PAN-OS 10.2.7-h11",
        "PAN-OS 10.2.6-h6",
        "PAN-OS 10.2.6-h5",
        "PAN-OS 10.2.6-h4",
        "PAN-OS 10.2.6-h3",
        "PAN-OS 10.2.6-h2",
        "PAN-OS 10.2.6-h1",
        "PAN-OS 10.2.6",
        "PAN-OS 10.2.5-h9",
        "PAN-OS 10.2.5-h8",
        "PAN-OS 10.2.5-h7",
        "PAN-OS 10.2.5-h6",
        "PAN-OS 10.2.5-h5",
        "PAN-OS 10.2.5-h4",
        "PAN-OS 10.2.5-h3",
        "PAN-OS 10.2.5-h2",
        "PAN-OS 10.2.5-h1",
        "PAN-OS 10.2.5",
        "PAN-OS 10.2.4-h32",
        "PAN-OS 10.2.4-h31",
        "PAN-OS 10.2.4-h30",
        "PAN-OS 10.2.4-h29",
        "PAN-OS 10.2.4-h28",
        "PAN-OS 10.2.4-h27",
        "PAN-OS 10.2.4-h26",
        "PAN-OS 10.2.4-h25",
        "PAN-OS 10.2.3-h14",
        "PAN-OS 10.2.3-h13",
        "PAN-OS 10.2.3-h12",
        "PAN-OS 10.2.3-h11",
        "PAN-OS 10.2.3-h10",
        "PAN-OS 10.2.3-h9",
        "PAN-OS 10.2.3-h8",
        "PAN-OS 10.2.3-h7",
        "PAN-OS 10.2.3-h6",
        "PAN-OS 10.2.3-h5",
        "PAN-OS 10.2.3-h4",
        "PAN-OS 10.2.3-h3",
        "PAN-OS 10.2.3-h2",
        "PAN-OS 10.2.3-h1",
        "PAN-OS 10.2.3",
        "PAN-OS 10.2.2-h6",
        "PAN-OS 10.2.2-h5",
        "PAN-OS 10.2.2-h4",
        "PAN-OS 10.2.2-h3",
        "PAN-OS 10.2.2-h2",
        "PAN-OS 10.2.2-h1",
        "PAN-OS 10.2.2",
        "PAN-OS 10.2.1-h3",
        "PAN-OS 10.2.1-h2",
        "PAN-OS 10.2.1-h1",
        "PAN-OS 10.2.1",
        "PAN-OS 10.2.0-h4",
        "PAN-OS 10.2.0-h3",
        "PAN-OS 10.2.0-h2",
        "PAN-OS 10.2.0-h1",
        "PAN-OS 10.2.0"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2025-4619",
    "datePublished": "2025-11-13T20:24:19.208Z",
    "dateReserved": "2025-05-12T22:05:16.932Z",
    "dateUpdated": "2025-11-14T18:08:10.682Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-4615 (GCVE-0-2025-4615)

Vulnerability from nvd

Published

2025-10-09 18:28

Modified

2025-10-09 19:08

Severity ?

5.2 (Medium) - CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber
7.0 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber

CWE

CWE-83 - Improper Neutralization of Script in Attributes in a Web Page

Summary

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Patch: All

	Palo Alto Networks	PAN-OS	Patch: 12.1.0 Version: 11.2.0 < 11.2.8 Version: 11.1.0 < 11.1.11 Version: 10.2.0 < 10.2.17
	Palo Alto Networks	Prisma Access	Patch: All

Show details on NVD website

https://security.paloaltonetworks.com/CVE-2025-4614

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4615",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-09T19:08:44.653984Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-09T19:08:50.531Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "12.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.2.8",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.2.8",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.1.11",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.1.11",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.2.17",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.17",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Visa Inc."
        }
      ],
      "datePublic": "2025-10-08T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS\u00ae software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands.\u003c/p\u003e\u003cp\u003eThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.\u003c/p\u003e\u003cp\u003eCloud NGFW and Prisma\u00ae Access are not affected by this vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS\u00ae software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands.\n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.\n\nCloud NGFW and Prisma\u00ae Access are not affected by this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-165",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-165 File Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "PHYSICAL",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "You can greatly reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface. This will ensure that attacks can succeed only if they obtain privileged access through those specified IP addresses. We recommend remediating this vulnerability in your next scheduled maintenance cycle."
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet. Our recommendation is to remediate as soon as possible."
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-83",
              "description": "CWE-83 Improper Neutralization of Script in Attributes in a Web Page",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-09T18:28:04.905Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVEN-2025-4615"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u0026nbsp;\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.7\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.10\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.11 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.16\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.17 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
            }
          ],
          "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW\u00a0\nNo action needed.PAN-OS 12.1\nNo action needed.\n                                PAN-OS 11.2\n\n                                11.2.0 through 11.2.7\n                                Upgrade to 11.2.8 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.0 through 11.1.10\n                                Upgrade to 11.1.11 or later.\n                            \n                                PAN-OS 10.2\n\n                                10.2.0 through 10.2.16\n                                Upgrade to 10.2.17 or later.\n                            Prisma Access\nNo action needed."
        }
      ],
      "source": {
        "defect": [
          "PAN-292159",
          "PAN-271221"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-08T16:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "PAN-OS: Improper Neutralization of Input in the Management Web Interface",
      "workarounds": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No known workarounds exist for this issue."
            }
          ],
          "value": "No known workarounds exist for this issue."
        }
      ],
      "x_affectedList": [
        "PAN-OS 11.2.7-h3",
        "PAN-OS 11.2.7-h2",
        "PAN-OS 11.2.7-h1",
        "PAN-OS 11.2.7",
        "PAN-OS 11.2.6",
        "PAN-OS 11.2.5",
        "PAN-OS 11.2.4-h12",
        "PAN-OS 11.2.4-h11",
        "PAN-OS 11.2.4-h10",
        "PAN-OS 11.2.4-h9",
        "PAN-OS 11.2.4-h8",
        "PAN-OS 11.2.4-h7",
        "PAN-OS 11.2.4-h6",
        "PAN-OS 11.2.4-h5",
        "PAN-OS 11.2.4-h4",
        "PAN-OS 11.2.4-h3",
        "PAN-OS 11.2.4-h2",
        "PAN-OS 11.2.4-h1",
        "PAN-OS 11.2.4",
        "PAN-OS 11.2.3-h5",
        "PAN-OS 11.2.3-h4",
        "PAN-OS 11.2.3-h3",
        "PAN-OS 11.2.3-h2",
        "PAN-OS 11.2.3-h1",
        "PAN-OS 11.2.3",
        "PAN-OS 11.2.2-h2",
        "PAN-OS 11.2.2-h1",
        "PAN-OS 11.2.1-h1",
        "PAN-OS 11.2.1",
        "PAN-OS 11.2.0-h1",
        "PAN-OS 11.2.0",
        "PAN-OS 11.1.10-h5",
        "PAN-OS 11.1.10-h4",
        "PAN-OS 11.1.10-h1",
        "PAN-OS 11.1.10",
        "PAN-OS 11.1.9",
        "PAN-OS 11.1.8",
        "PAN-OS 11.1.6-h20",
        "PAN-OS 11.1.6-h19",
        "PAN-OS 11.1.6-h18",
        "PAN-OS 11.1.6-h17",
        "PAN-OS 11.1.6-h14",
        "PAN-OS 11.1.6-h10",
        "PAN-OS 11.1.6-h7",
        "PAN-OS 11.1.6-h6",
        "PAN-OS 11.1.6-h4",
        "PAN-OS 11.1.6-h3",
        "PAN-OS 11.1.6-h2",
        "PAN-OS 11.1.6-h1",
        "PAN-OS 11.1.6",
        "PAN-OS 11.1.5-h1",
        "PAN-OS 11.1.5",
        "PAN-OS 11.1.4-h18",
        "PAN-OS 11.1.4-h17",
        "PAN-OS 11.1.4-h15",
        "PAN-OS 11.1.4-h13",
        "PAN-OS 11.1.4-h12",
        "PAN-OS 11.1.4-h11",
        "PAN-OS 11.1.4-h10",
        "PAN-OS 11.1.4-h9",
        "PAN-OS 11.1.4-h8",
        "PAN-OS 11.1.4-h7",
        "PAN-OS 11.1.4-h6",
        "PAN-OS 11.1.4-h5",
        "PAN-OS 11.1.4-h4",
        "PAN-OS 11.1.4-h3",
        "PAN-OS 11.1.4-h2",
        "PAN-OS 11.1.4-h1",
        "PAN-OS 11.1.4",
        "PAN-OS 11.1.3-h13",
        "PAN-OS 11.1.3-h12",
        "PAN-OS 11.1.3-h11",
        "PAN-OS 11.1.3-h10",
        "PAN-OS 11.1.3-h9",
        "PAN-OS 11.1.3-h8",
        "PAN-OS 11.1.3-h7",
        "PAN-OS 11.1.3-h6",
        "PAN-OS 11.1.3-h5",
        "PAN-OS 11.1.3-h4",
        "PAN-OS 11.1.3-h3",
        "PAN-OS 11.1.3-h2",
        "PAN-OS 11.1.3-h1",
        "PAN-OS 11.1.3",
        "PAN-OS 11.1.2-h18",
        "PAN-OS 11.1.2-h17",
        "PAN-OS 11.1.2-h16",
        "PAN-OS 11.1.2-h15",
        "PAN-OS 11.1.2-h14",
        "PAN-OS 11.1.2-h13",
        "PAN-OS 11.1.2-h12",
        "PAN-OS 11.1.2-h11",
        "PAN-OS 11.1.2-h10",
        "PAN-OS 11.1.2-h9",
        "PAN-OS 11.1.2-h8",
        "PAN-OS 11.1.2-h7",
        "PAN-OS 11.1.2-h6",
        "PAN-OS 11.1.2-h5",
        "PAN-OS 11.1.2-h4",
        "PAN-OS 11.1.2-h3",
        "PAN-OS 11.1.2-h2",
        "PAN-OS 11.1.2-h1",
        "PAN-OS 11.1.2",
        "PAN-OS 11.1.1-h2",
        "PAN-OS 11.1.1-h1",
        "PAN-OS 11.1.1",
        "PAN-OS 11.1.0-h4",
        "PAN-OS 11.1.0-h3",
        "PAN-OS 11.1.0-h2",
        "PAN-OS 11.1.0-h1",
        "PAN-OS 11.1.0",
        "PAN-OS 10.2.16-h4",
        "PAN-OS 10.2.16-h1",
        "PAN-OS 10.2.16",
        "PAN-OS 10.2.15",
        "PAN-OS 10.2.14-h1",
        "PAN-OS 10.2.14",
        "PAN-OS 10.2.13-h16",
        "PAN-OS 10.2.13-h15",
        "PAN-OS 10.2.13-h10",
        "PAN-OS 10.2.13-h7",
        "PAN-OS 10.2.13-h5",
        "PAN-OS 10.2.13-h4",
        "PAN-OS 10.2.13-h3",
        "PAN-OS 10.2.13-h2",
        "PAN-OS 10.2.13-h1",
        "PAN-OS 10.2.13",
        "PAN-OS 10.2.12-h6",
        "PAN-OS 10.2.12-h5",
        "PAN-OS 10.2.12-h4",
        "PAN-OS 10.2.12-h3",
        "PAN-OS 10.2.12-h2",
        "PAN-OS 10.2.12-h1",
        "PAN-OS 10.2.12",
        "PAN-OS 10.2.11-h13",
        "PAN-OS 10.2.11-h12",
        "PAN-OS 10.2.11-h11",
        "PAN-OS 10.2.11-h10",
        "PAN-OS 10.2.11-h9",
        "PAN-OS 10.2.11-h8",
        "PAN-OS 10.2.11-h7",
        "PAN-OS 10.2.11-h6",
        "PAN-OS 10.2.11-h5",
        "PAN-OS 10.2.11-h4",
        "PAN-OS 10.2.11-h3",
        "PAN-OS 10.2.11-h2",
        "PAN-OS 10.2.11-h1",
        "PAN-OS 10.2.11",
        "PAN-OS 10.2.10-h27",
        "PAN-OS 10.2.10-h26",
        "PAN-OS 10.2.10-h23",
        "PAN-OS 10.2.10-h21",
        "PAN-OS 10.2.10-h18",
        "PAN-OS 10.2.10-h17",
        "PAN-OS 10.2.10-h14",
        "PAN-OS 10.2.10-h13",
        "PAN-OS 10.2.10-h12",
        "PAN-OS 10.2.10-h11",
        "PAN-OS 10.2.10-h10",
        "PAN-OS 10.2.10-h9",
        "PAN-OS 10.2.10-h8",
        "PAN-OS 10.2.10-h7",
        "PAN-OS 10.2.10-h6",
        "PAN-OS 10.2.10-h5",
        "PAN-OS 10.2.10-h4",
        "PAN-OS 10.2.10-h3",
        "PAN-OS 10.2.10-h2",
        "PAN-OS 10.2.10-h1",
        "PAN-OS 10.2.10",
        "PAN-OS 10.2.9-h21",
        "PAN-OS 10.2.9-h20",
        "PAN-OS 10.2.9-h19",
        "PAN-OS 10.2.9-h18",
        "PAN-OS 10.2.9-h17",
        "PAN-OS 10.2.9-h16",
        "PAN-OS 10.2.9-h15",
        "PAN-OS 10.2.9-h14",
        "PAN-OS 10.2.9-h13",
        "PAN-OS 10.2.9-h12",
        "PAN-OS 10.2.9-h11",
        "PAN-OS 10.2.9-h10",
        "PAN-OS 10.2.9-h9",
        "PAN-OS 10.2.9-h8",
        "PAN-OS 10.2.9-h7",
        "PAN-OS 10.2.9-h6",
        "PAN-OS 10.2.9-h5",
        "PAN-OS 10.2.9-h4",
        "PAN-OS 10.2.9-h3",
        "PAN-OS 10.2.9-h2",
        "PAN-OS 10.2.9-h1",
        "PAN-OS 10.2.9",
        "PAN-OS 10.2.8-h21",
        "PAN-OS 10.2.8-h20",
        "PAN-OS 10.2.8-h19",
        "PAN-OS 10.2.8-h18",
        "PAN-OS 10.2.8-h17",
        "PAN-OS 10.2.8-h16",
        "PAN-OS 10.2.8-h15",
        "PAN-OS 10.2.8-h14",
        "PAN-OS 10.2.8-h13",
        "PAN-OS 10.2.8-h12",
        "PAN-OS 10.2.8-h11",
        "PAN-OS 10.2.8-h10",
        "PAN-OS 10.2.8-h9",
        "PAN-OS 10.2.8-h8",
        "PAN-OS 10.2.8-h7",
        "PAN-OS 10.2.8-h6",
        "PAN-OS 10.2.8-h5",
        "PAN-OS 10.2.8-h4",
        "PAN-OS 10.2.8-h3",
        "PAN-OS 10.2.8-h2",
        "PAN-OS 10.2.8-h1",
        "PAN-OS 10.2.8",
        "PAN-OS 10.2.7-h24",
        "PAN-OS 10.2.7-h23",
        "PAN-OS 10.2.7-h22",
        "PAN-OS 10.2.7-h21",
        "PAN-OS 10.2.7-h20",
        "PAN-OS 10.2.7-h19",
        "PAN-OS 10.2.7-h18",
        "PAN-OS 10.2.7-h17",
        "PAN-OS 10.2.7-h16",
        "PAN-OS 10.2.7-h15",
        "PAN-OS 10.2.7-h14",
        "PAN-OS 10.2.7-h13",
        "PAN-OS 10.2.7-h12",
        "PAN-OS 10.2.7-h11",
        "PAN-OS 10.2.7-h10",
        "PAN-OS 10.2.7-h9",
        "PAN-OS 10.2.7-h8",
        "PAN-OS 10.2.7-h7",
        "PAN-OS 10.2.7-h6",
        "PAN-OS 10.2.7-h5",
        "PAN-OS 10.2.7-h4",
        "PAN-OS 10.2.7-h3",
        "PAN-OS 10.2.7-h2",
        "PAN-OS 10.2.7-h1",
        "PAN-OS 10.2.7",
        "PAN-OS 10.2.6-h6",
        "PAN-OS 10.2.6-h5",
        "PAN-OS 10.2.6-h4",
        "PAN-OS 10.2.6-h3",
        "PAN-OS 10.2.6-h2",
        "PAN-OS 10.2.6-h1",
        "PAN-OS 10.2.6",
        "PAN-OS 10.2.5-h9",
        "PAN-OS 10.2.5-h8",
        "PAN-OS 10.2.5-h7",
        "PAN-OS 10.2.5-h6",
        "PAN-OS 10.2.5-h5",
        "PAN-OS 10.2.5-h4",
        "PAN-OS 10.2.5-h3",
        "PAN-OS 10.2.5-h2",
        "PAN-OS 10.2.5-h1",
        "PAN-OS 10.2.5",
        "PAN-OS 10.2.4-h32",
        "PAN-OS 10.2.4-h31",
        "PAN-OS 10.2.4-h30",
        "PAN-OS 10.2.4-h29",
        "PAN-OS 10.2.4-h28",
        "PAN-OS 10.2.4-h27",
        "PAN-OS 10.2.4-h26",
        "PAN-OS 10.2.4-h25",
        "PAN-OS 10.2.4-h24",
        "PAN-OS 10.2.4-h23",
        "PAN-OS 10.2.4-h22",
        "PAN-OS 10.2.4-h21",
        "PAN-OS 10.2.4-h20",
        "PAN-OS 10.2.4-h19",
        "PAN-OS 10.2.4-h18",
        "PAN-OS 10.2.4-h17",
        "PAN-OS 10.2.4-h16",
        "PAN-OS 10.2.4-h15",
        "PAN-OS 10.2.4-h14",
        "PAN-OS 10.2.4-h13",
        "PAN-OS 10.2.4-h12",
        "PAN-OS 10.2.4-h11",
        "PAN-OS 10.2.4-h10",
        "PAN-OS 10.2.4-h9",
        "PAN-OS 10.2.4-h8",
        "PAN-OS 10.2.4-h7",
        "PAN-OS 10.2.4-h6",
        "PAN-OS 10.2.4-h5",
        "PAN-OS 10.2.4-h4",
        "PAN-OS 10.2.4-h3",
        "PAN-OS 10.2.4-h2",
        "PAN-OS 10.2.4-h1",
        "PAN-OS 10.2.4",
        "PAN-OS 10.2.3-h14",
        "PAN-OS 10.2.3-h13",
        "PAN-OS 10.2.3-h12",
        "PAN-OS 10.2.3-h11",
        "PAN-OS 10.2.3-h10",
        "PAN-OS 10.2.3-h9",
        "PAN-OS 10.2.3-h8",
        "PAN-OS 10.2.3-h7",
        "PAN-OS 10.2.3-h6",
        "PAN-OS 10.2.3-h5",
        "PAN-OS 10.2.3-h4",
        "PAN-OS 10.2.3-h3",
        "PAN-OS 10.2.3-h2",
        "PAN-OS 10.2.3-h1",
        "PAN-OS 10.2.3",
        "PAN-OS 10.2.2-h6",
        "PAN-OS 10.2.2-h5",
        "PAN-OS 10.2.2-h4",
        "PAN-OS 10.2.2-h3",
        "PAN-OS 10.2.2-h2",
        "PAN-OS 10.2.2-h1",
        "PAN-OS 10.2.2",
        "PAN-OS 10.2.1-h3",
        "PAN-OS 10.2.1-h2",
        "PAN-OS 10.2.1-h1",
        "PAN-OS 10.2.1",
        "PAN-OS 10.2.0-h4",
        "PAN-OS 10.2.0-h3",
        "PAN-OS 10.2.0-h2",
        "PAN-OS 10.2.0-h1",
        "PAN-OS 10.2.0"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2025-4615",
    "datePublished": "2025-10-09T18:28:04.905Z",
    "dateReserved": "2025-05-12T22:05:13.606Z",
    "dateUpdated": "2025-10-09T19:08:50.531Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-4614 (GCVE-0-2025-4614)

Vulnerability from nvd

Published

2025-10-09 18:13

Modified

2025-10-09 19:15

Severity ?

4.8 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber

CWE

CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere

Summary

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Patch: All

	Palo Alto Networks	PAN-OS	Patch: 12.1.0 Version: 11.2.0 < 11.2.8 Version: 11.1.0 < 11.1.12 Version: 10.2.0 < 10.2.17 cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:::::::*
	Palo Alto Networks	Prisma Access	Patch: All

Show details on NVD website

https://security.paloaltonetworks.com/CVE-2025-4231

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4614",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-09T19:14:59.026991Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-09T19:15:06.182Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "12.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.2.8",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.2.8",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.1.12",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.1.12",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.2.17",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.17",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The debug option must be enabled on the following URL: https://\u0026lt;ip\u0026gt;/php/utils/debug.php\u003cb\u003e\u003cbr\u003e\u003c/b\u003e"
            }
          ],
          "value": "The debug option must be enabled on the following URL: https://\u003cip\u003e/php/utils/debug.php"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Visa Inc."
        }
      ],
      "datePublic": "2025-10-08T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn information disclosure vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. \u0026nbsp;\u003c/p\u003e\u003cp\u003eThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.\u003c/p\u003e\u003cp\u003eCloud NGFW and Prisma\u00ae Access are not affected by this vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "An information disclosure vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. \u00a0\n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.\n\nCloud NGFW and Prisma\u00ae Access are not affected by this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-151",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-151 Identity Spoofing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-497",
              "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-09T18:13:22.016Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2025-4614"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.7\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.11\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.12 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.16\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.17 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
            }
          ],
          "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW\nNo action needed.PAN-OS 12.1\nNo action needed.\n                                PAN-OS 11.2\n\n                                11.2.0 through 11.2.7\n                                Upgrade to 11.2.8 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.0 through 11.1.11\n                                Upgrade to 11.1.12 or later.\n                            \n                                PAN-OS 10.2\n\n                                10.2.0 through 10.2.16\n                                Upgrade to 10.2.17 or later.\n                            All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access\nNo action needed."
        }
      ],
      "source": {
        "defect": [
          "PAN-271216",
          "PAN-286164"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-08T16:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "PAN-OS: Session Token Disclosure Vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_affectedList": [
        "PAN-OS 11.2.7-h3",
        "PAN-OS 11.2.7-h2",
        "PAN-OS 11.2.7-h1",
        "PAN-OS 11.2.7",
        "PAN-OS 11.2.6",
        "PAN-OS 11.2.5",
        "PAN-OS 11.2.4-h12",
        "PAN-OS 11.2.4-h11",
        "PAN-OS 11.2.4-h10",
        "PAN-OS 11.2.4-h9",
        "PAN-OS 11.2.4-h8",
        "PAN-OS 11.2.4-h7",
        "PAN-OS 11.2.4-h6",
        "PAN-OS 11.2.4-h5",
        "PAN-OS 11.2.4-h4",
        "PAN-OS 11.2.4-h3",
        "PAN-OS 11.2.4-h2",
        "PAN-OS 11.2.4-h1",
        "PAN-OS 11.2.4",
        "PAN-OS 11.2.3-h5",
        "PAN-OS 11.2.3-h4",
        "PAN-OS 11.2.3-h3",
        "PAN-OS 11.2.3-h2",
        "PAN-OS 11.2.3-h1",
        "PAN-OS 11.2.3",
        "PAN-OS 11.2.2-h2",
        "PAN-OS 11.2.2-h1",
        "PAN-OS 11.2.1-h1",
        "PAN-OS 11.2.1",
        "PAN-OS 11.2.0-h1",
        "PAN-OS 11.2.0",
        "PAN-OS 11.1.11",
        "PAN-OS 11.1.10-h5",
        "PAN-OS 11.1.10-h4",
        "PAN-OS 11.1.10-h1",
        "PAN-OS 11.1.10",
        "PAN-OS 11.1.9",
        "PAN-OS 11.1.8",
        "PAN-OS 11.1.6-h20",
        "PAN-OS 11.1.6-h19",
        "PAN-OS 11.1.6-h18",
        "PAN-OS 11.1.6-h17",
        "PAN-OS 11.1.6-h14",
        "PAN-OS 11.1.6-h10",
        "PAN-OS 11.1.6-h7",
        "PAN-OS 11.1.6-h6",
        "PAN-OS 11.1.6-h4",
        "PAN-OS 11.1.6-h3",
        "PAN-OS 11.1.6-h2",
        "PAN-OS 11.1.6-h1",
        "PAN-OS 11.1.6",
        "PAN-OS 11.1.5-h1",
        "PAN-OS 11.1.5",
        "PAN-OS 11.1.4-h18",
        "PAN-OS 11.1.4-h17",
        "PAN-OS 11.1.4-h15",
        "PAN-OS 11.1.4-h13",
        "PAN-OS 11.1.4-h12",
        "PAN-OS 11.1.4-h11",
        "PAN-OS 11.1.4-h10",
        "PAN-OS 11.1.4-h9",
        "PAN-OS 11.1.4-h8",
        "PAN-OS 11.1.4-h7",
        "PAN-OS 11.1.4-h6",
        "PAN-OS 11.1.4-h5",
        "PAN-OS 11.1.4-h4",
        "PAN-OS 11.1.4-h3",
        "PAN-OS 11.1.4-h2",
        "PAN-OS 11.1.4-h1",
        "PAN-OS 11.1.4",
        "PAN-OS 11.1.3-h13",
        "PAN-OS 11.1.3-h12",
        "PAN-OS 11.1.3-h11",
        "PAN-OS 11.1.3-h10",
        "PAN-OS 11.1.3-h9",
        "PAN-OS 11.1.3-h8",
        "PAN-OS 11.1.3-h7",
        "PAN-OS 11.1.3-h6",
        "PAN-OS 11.1.3-h5",
        "PAN-OS 11.1.3-h4",
        "PAN-OS 11.1.3-h3",
        "PAN-OS 11.1.3-h2",
        "PAN-OS 11.1.3-h1",
        "PAN-OS 11.1.3",
        "PAN-OS 11.1.2-h18",
        "PAN-OS 11.1.2-h17",
        "PAN-OS 11.1.2-h16",
        "PAN-OS 11.1.2-h15",
        "PAN-OS 11.1.2-h14",
        "PAN-OS 11.1.2-h13",
        "PAN-OS 11.1.2-h12",
        "PAN-OS 11.1.2-h11",
        "PAN-OS 11.1.2-h10",
        "PAN-OS 11.1.2-h9",
        "PAN-OS 11.1.2-h8",
        "PAN-OS 11.1.2-h7",
        "PAN-OS 11.1.2-h6",
        "PAN-OS 11.1.2-h5",
        "PAN-OS 11.1.2-h4",
        "PAN-OS 11.1.2-h3",
        "PAN-OS 11.1.2-h2",
        "PAN-OS 11.1.2-h1",
        "PAN-OS 11.1.2",
        "PAN-OS 11.1.1-h2",
        "PAN-OS 11.1.1-h1",
        "PAN-OS 11.1.1",
        "PAN-OS 11.1.0-h4",
        "PAN-OS 11.1.0-h3",
        "PAN-OS 11.1.0-h2",
        "PAN-OS 11.1.0-h1",
        "PAN-OS 11.1.0",
        "PAN-OS 10.2.16-h4",
        "PAN-OS 10.2.16-h1",
        "PAN-OS 10.2.16",
        "PAN-OS 10.2.15",
        "PAN-OS 10.2.14-h1",
        "PAN-OS 10.2.14",
        "PAN-OS 10.2.13-h16",
        "PAN-OS 10.2.13-h15",
        "PAN-OS 10.2.13-h10",
        "PAN-OS 10.2.13-h7",
        "PAN-OS 10.2.13-h5",
        "PAN-OS 10.2.13-h4",
        "PAN-OS 10.2.13-h3",
        "PAN-OS 10.2.13-h2",
        "PAN-OS 10.2.13-h1",
        "PAN-OS 10.2.13",
        "PAN-OS 10.2.12-h6",
        "PAN-OS 10.2.12-h5",
        "PAN-OS 10.2.12-h4",
        "PAN-OS 10.2.12-h3",
        "PAN-OS 10.2.12-h2",
        "PAN-OS 10.2.12-h1",
        "PAN-OS 10.2.12",
        "PAN-OS 10.2.11-h13",
        "PAN-OS 10.2.11-h12",
        "PAN-OS 10.2.11-h11",
        "PAN-OS 10.2.11-h10",
        "PAN-OS 10.2.11-h9",
        "PAN-OS 10.2.11-h8",
        "PAN-OS 10.2.11-h7",
        "PAN-OS 10.2.11-h6",
        "PAN-OS 10.2.11-h5",
        "PAN-OS 10.2.11-h4",
        "PAN-OS 10.2.11-h3",
        "PAN-OS 10.2.11-h2",
        "PAN-OS 10.2.11-h1",
        "PAN-OS 10.2.11",
        "PAN-OS 10.2.10-h27",
        "PAN-OS 10.2.10-h26",
        "PAN-OS 10.2.10-h23",
        "PAN-OS 10.2.10-h21",
        "PAN-OS 10.2.10-h18",
        "PAN-OS 10.2.10-h17",
        "PAN-OS 10.2.10-h14",
        "PAN-OS 10.2.10-h13",
        "PAN-OS 10.2.10-h12",
        "PAN-OS 10.2.10-h11",
        "PAN-OS 10.2.10-h10",
        "PAN-OS 10.2.10-h9",
        "PAN-OS 10.2.10-h8",
        "PAN-OS 10.2.10-h7",
        "PAN-OS 10.2.10-h6",
        "PAN-OS 10.2.10-h5",
        "PAN-OS 10.2.10-h4",
        "PAN-OS 10.2.10-h3",
        "PAN-OS 10.2.10-h2",
        "PAN-OS 10.2.10-h1",
        "PAN-OS 10.2.10",
        "PAN-OS 10.2.9-h21",
        "PAN-OS 10.2.9-h20",
        "PAN-OS 10.2.9-h19",
        "PAN-OS 10.2.9-h18",
        "PAN-OS 10.2.9-h17",
        "PAN-OS 10.2.9-h16",
        "PAN-OS 10.2.9-h15",
        "PAN-OS 10.2.9-h14",
        "PAN-OS 10.2.9-h13",
        "PAN-OS 10.2.9-h12",
        "PAN-OS 10.2.9-h11",
        "PAN-OS 10.2.9-h10",
        "PAN-OS 10.2.9-h9",
        "PAN-OS 10.2.9-h8",
        "PAN-OS 10.2.9-h7",
        "PAN-OS 10.2.9-h6",
        "PAN-OS 10.2.9-h5",
        "PAN-OS 10.2.9-h4",
        "PAN-OS 10.2.9-h3",
        "PAN-OS 10.2.9-h2",
        "PAN-OS 10.2.9-h1",
        "PAN-OS 10.2.9",
        "PAN-OS 10.2.8-h21",
        "PAN-OS 10.2.8-h20",
        "PAN-OS 10.2.8-h19",
        "PAN-OS 10.2.8-h18",
        "PAN-OS 10.2.8-h17",
        "PAN-OS 10.2.8-h16",
        "PAN-OS 10.2.8-h15",
        "PAN-OS 10.2.8-h14",
        "PAN-OS 10.2.8-h13",
        "PAN-OS 10.2.8-h12",
        "PAN-OS 10.2.8-h11",
        "PAN-OS 10.2.8-h10",
        "PAN-OS 10.2.8-h9",
        "PAN-OS 10.2.8-h8",
        "PAN-OS 10.2.8-h7",
        "PAN-OS 10.2.8-h6",
        "PAN-OS 10.2.8-h5",
        "PAN-OS 10.2.8-h4",
        "PAN-OS 10.2.8-h3",
        "PAN-OS 10.2.8-h2",
        "PAN-OS 10.2.8-h1",
        "PAN-OS 10.2.8",
        "PAN-OS 10.2.7-h24",
        "PAN-OS 10.2.7-h23",
        "PAN-OS 10.2.7-h22",
        "PAN-OS 10.2.7-h21",
        "PAN-OS 10.2.7-h20",
        "PAN-OS 10.2.7-h19",
        "PAN-OS 10.2.7-h18",
        "PAN-OS 10.2.7-h17",
        "PAN-OS 10.2.7-h16",
        "PAN-OS 10.2.7-h15",
        "PAN-OS 10.2.7-h14",
        "PAN-OS 10.2.7-h13",
        "PAN-OS 10.2.7-h12",
        "PAN-OS 10.2.7-h11",
        "PAN-OS 10.2.7-h10",
        "PAN-OS 10.2.7-h9",
        "PAN-OS 10.2.7-h8",
        "PAN-OS 10.2.7-h7",
        "PAN-OS 10.2.7-h6",
        "PAN-OS 10.2.7-h5",
        "PAN-OS 10.2.7-h4",
        "PAN-OS 10.2.7-h3",
        "PAN-OS 10.2.7-h2",
        "PAN-OS 10.2.7-h1",
        "PAN-OS 10.2.7",
        "PAN-OS 10.2.6-h6",
        "PAN-OS 10.2.6-h5",
        "PAN-OS 10.2.6-h4",
        "PAN-OS 10.2.6-h3",
        "PAN-OS 10.2.6-h2",
        "PAN-OS 10.2.6-h1",
        "PAN-OS 10.2.6",
        "PAN-OS 10.2.5-h9",
        "PAN-OS 10.2.5-h8",
        "PAN-OS 10.2.5-h7",
        "PAN-OS 10.2.5-h6",
        "PAN-OS 10.2.5-h5",
        "PAN-OS 10.2.5-h4",
        "PAN-OS 10.2.5-h3",
        "PAN-OS 10.2.5-h2",
        "PAN-OS 10.2.5-h1",
        "PAN-OS 10.2.5",
        "PAN-OS 10.2.4-h32",
        "PAN-OS 10.2.4-h31",
        "PAN-OS 10.2.4-h30",
        "PAN-OS 10.2.4-h29",
        "PAN-OS 10.2.4-h28",
        "PAN-OS 10.2.4-h27",
        "PAN-OS 10.2.4-h26",
        "PAN-OS 10.2.4-h25",
        "PAN-OS 10.2.4-h24",
        "PAN-OS 10.2.4-h23",
        "PAN-OS 10.2.4-h22",
        "PAN-OS 10.2.4-h21",
        "PAN-OS 10.2.4-h20",
        "PAN-OS 10.2.4-h19",
        "PAN-OS 10.2.4-h18",
        "PAN-OS 10.2.4-h17",
        "PAN-OS 10.2.4-h16",
        "PAN-OS 10.2.4-h15",
        "PAN-OS 10.2.4-h14",
        "PAN-OS 10.2.4-h13",
        "PAN-OS 10.2.4-h12",
        "PAN-OS 10.2.4-h11",
        "PAN-OS 10.2.4-h10",
        "PAN-OS 10.2.4-h9",
        "PAN-OS 10.2.4-h8",
        "PAN-OS 10.2.4-h7",
        "PAN-OS 10.2.4-h6",
        "PAN-OS 10.2.4-h5",
        "PAN-OS 10.2.4-h4",
        "PAN-OS 10.2.4-h3",
        "PAN-OS 10.2.4-h2",
        "PAN-OS 10.2.4-h1",
        "PAN-OS 10.2.4",
        "PAN-OS 10.2.3-h14",
        "PAN-OS 10.2.3-h13",
        "PAN-OS 10.2.3-h12",
        "PAN-OS 10.2.3-h11",
        "PAN-OS 10.2.3-h10",
        "PAN-OS 10.2.3-h9",
        "PAN-OS 10.2.3-h8",
        "PAN-OS 10.2.3-h7",
        "PAN-OS 10.2.3-h6",
        "PAN-OS 10.2.3-h5",
        "PAN-OS 10.2.3-h4",
        "PAN-OS 10.2.3-h3",
        "PAN-OS 10.2.3-h2",
        "PAN-OS 10.2.3-h1",
        "PAN-OS 10.2.3",
        "PAN-OS 10.2.2-h6",
        "PAN-OS 10.2.2-h5",
        "PAN-OS 10.2.2-h4",
        "PAN-OS 10.2.2-h3",
        "PAN-OS 10.2.2-h2",
        "PAN-OS 10.2.2-h1",
        "PAN-OS 10.2.2",
        "PAN-OS 10.2.1-h3",
        "PAN-OS 10.2.1-h2",
        "PAN-OS 10.2.1-h1",
        "PAN-OS 10.2.1",
        "PAN-OS 10.2.0-h4",
        "PAN-OS 10.2.0-h3",
        "PAN-OS 10.2.0-h2",
        "PAN-OS 10.2.0-h1",
        "PAN-OS 10.2.0"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2025-4614",
    "datePublished": "2025-10-09T18:13:22.016Z",
    "dateReserved": "2025-05-12T22:05:10.775Z",
    "dateUpdated": "2025-10-09T19:15:06.182Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-4231 (GCVE-0-2025-4231)

Vulnerability from nvd

Published

2025-06-12 23:27

Modified

2025-06-13 13:32

Severity ?

8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber
7.1 (High) - CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Summary

A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Patch: All < 6.3.3

	Palo Alto Networks	PAN-OS	Patch: 11.2.0 Patch: 11.1.0 Version: 11.0.0 < 11.0.3 Version: 10.2.0 < 10.2.8 Version: 10.1.0 < cpe:2.3:o:palo_alto_networks:pan-os:11.0.2:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.0.1:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.0.0:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.1.13:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.1.12:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.1.11:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.1.10:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.1.9:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.1.8:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.1.7:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.1.6:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.1.5:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.1.4:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.1.3:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.1.2:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.1.1:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.1.0:::::::*
	Palo Alto Networks	Prisma Access	Patch: All

Show details on NVD website

https://security.paloaltonetworks.com/CVE-2025-0114

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4231",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-13T03:55:19.943513Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-13T13:32:58.253Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.3.3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.3.3",
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:palo_alto_networks:pan-os:11.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.1.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.1.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.1.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.1.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.1.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.1.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.1.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "11.2.0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "11.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.0.3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.0.3",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.2.8",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.8",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "10.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe risk is greatest if you allow access to the management web interface from the internet or from any untrusted network either:\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003eDirectly; or\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eThrough a dataplane interface that includes a management interface profile.\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eYou greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management web interface.\u003c/p\u003e\u003cp\u003eUse the following steps to identify your recently detected devices in our internet scans.\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003eTo find any assets that require remediation, visit the Assets section of the Customer Support Portal:\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/\"\u003ehttps://support.paloaltonetworks.com\u003c/a\u003e\u0026nbsp;and then select Products \u2192 Assets \u2192 All Assets \u2192 Remediation Required).\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eReview the list of your assets that we discovered in our scans to have an internet-facing management interface. We tagged these assets with \u2018PAN-SA-2024-0015\u2019 and a last seen timestamp (in UTC). If you do not see any such assets listed, then our scan did not find any devices associated with your account in the past three days that have an internet-facing management interface.\u003cbr\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cdiv\u003e\u003cp\u003eGlobalProtect\u2122 portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you are exposing the firewall to attacks through the management web interface (typically accessible on port 4443).\u003c/p\u003e\u003c/div\u003e\u003cb\u003e\u003cp\u003e\u003c/p\u003e\u003c/b\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "The risk is greatest if you allow access to the management web interface from the internet or from any untrusted network either:\n\n  *  Directly; or\n\n\n  *  Through a dataplane interface that includes a management interface profile.\n\n\nYou greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management web interface.\n\nUse the following steps to identify your recently detected devices in our internet scans.\n\n  *  To find any assets that require remediation, visit the Assets section of the Customer Support Portal: https://support.paloaltonetworks.com https://support.paloaltonetworks.com/ \u00a0and then select Products \u2192 Assets \u2192 All Assets \u2192 Remediation Required).\n\n\n  *  Review the list of your assets that we discovered in our scans to have an internet-facing management interface. We tagged these assets with \u2018PAN-SA-2024-0015\u2019 and a last seen timestamp (in UTC). If you do not see any such assets listed, then our scan did not find any devices associated with your account in the past three days that have an internet-facing management interface.\n\n\n\nGlobalProtect\u2122 portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you are exposing the firewall to attacks through the management web interface (typically accessible on port 4443)."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "spcnvdr"
        }
      ],
      "datePublic": "2025-06-11T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A command injection vulnerability in Palo Alto Networks PAN-OS\u00ae enables an authenticated administrative user to perform actions as the root user.\u003cbr\u003e\u003cbr\u003eThe attacker must have network access to the management web interface and successfully authenticate to exploit this issue.\u003cbr\u003e\u003cbr\u003eCloud NGFW and Prisma Access are not impacted by this vulnerability."
            }
          ],
          "value": "A command injection vulnerability in Palo Alto Networks PAN-OS\u00ae enables an authenticated administrative user to perform actions as the root user.\n\nThe attacker must have network access to the management web interface and successfully authenticate to exploit this issue.\n\nCloud NGFW and Prisma Access are not impacted by this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "You can greatly reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface. This will ensure that attacks can succeed only if they obtain privileged access through those specified IP addresses."
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-12T23:27:31.432Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2025-4231"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.0*\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.0.0 through 11.0.2\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.0.3 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.7\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.1\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.8 or 11.0.3 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\u003cp\u003e*PAN-OS 11.0 has reached EoL. We listed it here for completeness because a patch for PAN-OS 11.0 was released before it reached EoL. If you are still using any vulnerable EoL versions, we strongly recommend that you upgrade to a supported fixed PAN-OS version.\u003c/p\u003e"
            }
          ],
          "value": "Version\nMinor Version\nSuggested Solution\nPAN-OS 11.2\nNo action needed.PAN-OS 11.1\nNo action needed.\n                                PAN-OS 11.0*\n\n                                11.0.0 through 11.0.2\n                                Upgrade to 11.0.3 or later.\n                            \n                                PAN-OS 10.2\n\n                                10.2.0 through 10.2.7\n                                Upgrade to 10.2.8 or later.\n                            PAN-OS 10.1Upgrade to 10.2.8 or 11.0.3 or later.All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.\n*PAN-OS 11.0 has reached EoL. We listed it here for completeness because a patch for PAN-OS 11.0 was released before it reached EoL. If you are still using any vulnerable EoL versions, we strongly recommend that you upgrade to a supported fixed PAN-OS version."
        }
      ],
      "source": {
        "defect": [
          "PAN-215223"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-06-11T16:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cb\u003eRecommended mitigation\u003c/b\u003e\u2014The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ecritical deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003c/p\u003e\u003cp\u003eReview more information about how to secure management access to your Palo Alto Networks firewalls in these documents:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003ePalo Alto Networks LIVEcommunity article: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ehttps://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003ePalo Alto Networks official and detailed technical documentation: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ehttps://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "Recommended mitigation\u2014The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our  https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n\n\n\n\n  *  Palo Alto Networks official and detailed technical documentation:  https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices"
        }
      ],
      "x_affectedList": [
        "PAN-OS 11.0.2-h5",
        "PAN-OS 11.0.2-h4",
        "PAN-OS 11.0.2-h3",
        "PAN-OS 11.0.2-h2",
        "PAN-OS 11.0.2-h1",
        "PAN-OS 11.0.2",
        "PAN-OS 11.0.1-h5",
        "PAN-OS 11.0.1-h4",
        "PAN-OS 11.0.1-h3",
        "PAN-OS 11.0.1-h2",
        "PAN-OS 11.0.1-h1",
        "PAN-OS 11.0.1",
        "PAN-OS 11.0.0-h4",
        "PAN-OS 11.0.0-h3",
        "PAN-OS 11.0.0-h2",
        "PAN-OS 11.0.0-h1",
        "PAN-OS 11.0.0",
        "PAN-OS 10.2.7-h24",
        "PAN-OS 10.2.7-h23",
        "PAN-OS 10.2.7-h22",
        "PAN-OS 10.2.7-h21",
        "PAN-OS 10.2.7-h20",
        "PAN-OS 10.2.7-h19",
        "PAN-OS 10.2.7-h18",
        "PAN-OS 10.2.7-h17",
        "PAN-OS 10.2.7-h16",
        "PAN-OS 10.2.7-h15",
        "PAN-OS 10.2.7-h14",
        "PAN-OS 10.2.7-h13",
        "PAN-OS 10.2.7-h12",
        "PAN-OS 10.2.7-h11",
        "PAN-OS 10.2.7-h10",
        "PAN-OS 10.2.7-h9",
        "PAN-OS 10.2.7-h8",
        "PAN-OS 10.2.7-h7",
        "PAN-OS 10.2.7-h6",
        "PAN-OS 10.2.7-h5",
        "PAN-OS 10.2.7-h4",
        "PAN-OS 10.2.7-h3",
        "PAN-OS 10.2.7-h2",
        "PAN-OS 10.2.7-h1",
        "PAN-OS 10.2.7",
        "PAN-OS 10.2.6-h6",
        "PAN-OS 10.2.6-h5",
        "PAN-OS 10.2.6-h4",
        "PAN-OS 10.2.6-h3",
        "PAN-OS 10.2.6-h2",
        "PAN-OS 10.2.6-h1",
        "PAN-OS 10.2.6",
        "PAN-OS 10.2.5-h9",
        "PAN-OS 10.2.5-h8",
        "PAN-OS 10.2.5-h7",
        "PAN-OS 10.2.5-h6",
        "PAN-OS 10.2.5-h5",
        "PAN-OS 10.2.5-h4",
        "PAN-OS 10.2.5-h3",
        "PAN-OS 10.2.5-h2",
        "PAN-OS 10.2.5-h1",
        "PAN-OS 10.2.5",
        "PAN-OS 10.2.4-h32",
        "PAN-OS 10.2.4-h31",
        "PAN-OS 10.2.4-h30",
        "PAN-OS 10.2.4-h29",
        "PAN-OS 10.2.4-h28",
        "PAN-OS 10.2.4-h27",
        "PAN-OS 10.2.4-h26",
        "PAN-OS 10.2.4-h25",
        "PAN-OS 10.2.4-h24",
        "PAN-OS 10.2.4-h23",
        "PAN-OS 10.2.4-h22",
        "PAN-OS 10.2.4-h21",
        "PAN-OS 10.2.4-h20",
        "PAN-OS 10.2.4-h19",
        "PAN-OS 10.2.4-h18",
        "PAN-OS 10.2.4-h17",
        "PAN-OS 10.2.4-h16",
        "PAN-OS 10.2.4-h15",
        "PAN-OS 10.2.4-h14",
        "PAN-OS 10.2.4-h13",
        "PAN-OS 10.2.4-h12",
        "PAN-OS 10.2.4-h11",
        "PAN-OS 10.2.4-h10",
        "PAN-OS 10.2.4-h9",
        "PAN-OS 10.2.4-h8",
        "PAN-OS 10.2.4-h7",
        "PAN-OS 10.2.4-h6",
        "PAN-OS 10.2.4-h5",
        "PAN-OS 10.2.4-h4",
        "PAN-OS 10.2.4-h3",
        "PAN-OS 10.2.4-h2",
        "PAN-OS 10.2.4-h1",
        "PAN-OS 10.2.4",
        "PAN-OS 10.2.3-h14",
        "PAN-OS 10.2.3-h13",
        "PAN-OS 10.2.3-h12",
        "PAN-OS 10.2.3-h11",
        "PAN-OS 10.2.3-h10",
        "PAN-OS 10.2.3-h9",
        "PAN-OS 10.2.3-h8",
        "PAN-OS 10.2.3-h7",
        "PAN-OS 10.2.3-h6",
        "PAN-OS 10.2.3-h5",
        "PAN-OS 10.2.3-h4",
        "PAN-OS 10.2.3-h3",
        "PAN-OS 10.2.3-h2",
        "PAN-OS 10.2.3-h1",
        "PAN-OS 10.2.3",
        "PAN-OS 10.2.2-h6",
        "PAN-OS 10.2.2-h5",
        "PAN-OS 10.2.2-h4",
        "PAN-OS 10.2.2-h3",
        "PAN-OS 10.2.2-h2",
        "PAN-OS 10.2.2-h1",
        "PAN-OS 10.2.2",
        "PAN-OS 10.2.1-h3",
        "PAN-OS 10.2.1-h2",
        "PAN-OS 10.2.1-h1",
        "PAN-OS 10.2.1",
        "PAN-OS 10.2.0-h4",
        "PAN-OS 10.2.0-h3",
        "PAN-OS 10.2.0-h2",
        "PAN-OS 10.2.0-h1",
        "PAN-OS 10.2.0",
        "PAN-OS 10.1.14-h14",
        "PAN-OS 10.1.14-h13",
        "PAN-OS 10.1.14-h11",
        "PAN-OS 10.1.14-h10",
        "PAN-OS 10.1.14-h9",
        "PAN-OS 10.1.14-h8",
        "PAN-OS 10.1.14-h7",
        "PAN-OS 10.1.14-h6",
        "PAN-OS 10.1.14-h5",
        "PAN-OS 10.1.14-h4",
        "PAN-OS 10.1.14-h3",
        "PAN-OS 10.1.14-h2",
        "PAN-OS 10.1.14-h1",
        "PAN-OS 10.1.14",
        "PAN-OS 10.1.13-h5",
        "PAN-OS 10.1.13-h4",
        "PAN-OS 10.1.13-h3",
        "PAN-OS 10.1.13-h2",
        "PAN-OS 10.1.13-h1",
        "PAN-OS 10.1.13",
        "PAN-OS 10.1.12-h3",
        "PAN-OS 10.1.12-h2",
        "PAN-OS 10.1.12-h1",
        "PAN-OS 10.1.12",
        "PAN-OS 10.1.11-h10",
        "PAN-OS 10.1.11-h9",
        "PAN-OS 10.1.11-h8",
        "PAN-OS 10.1.11-h7",
        "PAN-OS 10.1.11-h6",
        "PAN-OS 10.1.11-h5",
        "PAN-OS 10.1.11-h4",
        "PAN-OS 10.1.11-h3",
        "PAN-OS 10.1.11-h2",
        "PAN-OS 10.1.11-h1",
        "PAN-OS 10.1.11",
        "PAN-OS 10.1.10-h9",
        "PAN-OS 10.1.10-h8",
        "PAN-OS 10.1.10-h7",
        "PAN-OS 10.1.10-h6",
        "PAN-OS 10.1.10-h5",
        "PAN-OS 10.1.10-h4",
        "PAN-OS 10.1.10-h3",
        "PAN-OS 10.1.10-h2",
        "PAN-OS 10.1.10-h1",
        "PAN-OS 10.1.10",
        "PAN-OS 10.1.9-h14",
        "PAN-OS 10.1.9-h13",
        "PAN-OS 10.1.9-h12",
        "PAN-OS 10.1.9-h11",
        "PAN-OS 10.1.9-h10",
        "PAN-OS 10.1.9-h9",
        "PAN-OS 10.1.9-h8",
        "PAN-OS 10.1.9-h7",
        "PAN-OS 10.1.9-h6",
        "PAN-OS 10.1.9-h5",
        "PAN-OS 10.1.9-h4",
        "PAN-OS 10.1.9-h3",
        "PAN-OS 10.1.9-h2",
        "PAN-OS 10.1.9-h1",
        "PAN-OS 10.1.9",
        "PAN-OS 10.1.8-h8",
        "PAN-OS 10.1.8-h7",
        "PAN-OS 10.1.8-h6",
        "PAN-OS 10.1.8-h5",
        "PAN-OS 10.1.8-h4",
        "PAN-OS 10.1.8-h3",
        "PAN-OS 10.1.8-h2",
        "PAN-OS 10.1.8-h1",
        "PAN-OS 10.1.8",
        "PAN-OS 10.1.7-h1",
        "PAN-OS 10.1.7",
        "PAN-OS 10.1.6-h9",
        "PAN-OS 10.1.6-h8",
        "PAN-OS 10.1.6-h7",
        "PAN-OS 10.1.6-h6",
        "PAN-OS 10.1.6-h5",
        "PAN-OS 10.1.6-h4",
        "PAN-OS 10.1.6-h3",
        "PAN-OS 10.1.6-h2",
        "PAN-OS 10.1.6-h1",
        "PAN-OS 10.1.6",
        "PAN-OS 10.1.5-h4",
        "PAN-OS 10.1.5-h3",
        "PAN-OS 10.1.5-h2",
        "PAN-OS 10.1.5-h1",
        "PAN-OS 10.1.5",
        "PAN-OS 10.1.4-h6",
        "PAN-OS 10.1.4-h5",
        "PAN-OS 10.1.4-h4",
        "PAN-OS 10.1.4-h3",
        "PAN-OS 10.1.4-h2",
        "PAN-OS 10.1.4-h1",
        "PAN-OS 10.1.4",
        "PAN-OS 10.1.3-h4",
        "PAN-OS 10.1.3-h3",
        "PAN-OS 10.1.3-h2",
        "PAN-OS 10.1.3-h1",
        "PAN-OS 10.1.3",
        "PAN-OS 10.1.2",
        "PAN-OS 10.1.1",
        "PAN-OS 10.1.0"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2025-4231",
    "datePublished": "2025-06-12T23:27:31.432Z",
    "dateReserved": "2025-05-02T19:10:44.240Z",
    "dateUpdated": "2025-06-13T13:32:58.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0114 (GCVE-0-2025-0114)

Vulnerability from nvd

Published

2025-03-12 18:20

Modified

2025-03-12 18:34

Severity ?

8.2 (High) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:C/U:Amber

CWE

CWE-400 - Uncontrolled Resource Consumption

Summary

A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect portal and the GlobalProtect gateway. This issue does not apply to Cloud NGFWs or Prisma Access software.

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

PAN-OS

Patch: 11.2.0
Patch: 11.1.0
Version: 11.0.0   < 11.0.2
Version: 10.2.0   < 10.2.5
Version: 10.1.0   < 10.1.14-h11
    cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h10:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h9:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*

	Palo Alto Networks	Cloud NGFW	Patch: All
	Palo Alto Networks	Prisma Access	Patch: All

Show details on NVD website

https://security.paloaltonetworks.com/CVE-2025-0111

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0114",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-12T18:34:02.023259Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-12T18:34:48.122Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "11.2.0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "11.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.0.2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.0.2",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.2.5",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.5",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.1.14-h11",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.1.14-h11",
              "status": "affected",
              "version": "10.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is applicable only to PAN-OS firewall configurations with an enabled GlobalProtect portal or gateway. You can verify whether you have a GlobalProtect portal or gateway configured on your firewall by checking entries in the firewall web interface (\u003cb\u003eNetwork\u003c/b\u003e \u0026gt; \u003cb\u003eGlobalProtect\u003c/b\u003e \u0026gt; \u003cb\u003ePortals\u003c/b\u003e and \u003cb\u003eNetwork\u003c/b\u003e \u0026gt; \u003cb\u003eGlobalProtect\u003c/b\u003e \u0026gt; \u003cb\u003eGateways\u003c/b\u003e)."
            }
          ],
          "value": "This issue is applicable only to PAN-OS firewall configurations with an enabled GlobalProtect portal or gateway. You can verify whether you have a GlobalProtect portal or gateway configured on your firewall by checking entries in the firewall web interface (Network \u003e GlobalProtect \u003e Portals and Network \u003e GlobalProtect \u003e Gateways)."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "an external reporter"
        }
      ],
      "datePublic": "2025-03-12T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect portal and the GlobalProtect gateway.\u003cbr\u003e\u003cbr\u003eThis issue does not apply to Cloud NGFWs or Prisma Access software."
            }
          ],
          "value": "A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect portal and the GlobalProtect gateway.\n\nThis issue does not apply to Cloud NGFWs or Prisma Access software."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-125",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-125 Flooding"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:C/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-12T18:20:05.608Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2025-0114"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.0\u003c/td\u003e\u003ctd\u003e11.0.0 through 11.0.1\u003c/td\u003e\u003ctd\u003eUpgrade to 11.0.2 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.4\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.5 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.1.0 through 10.1.14\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 10.1.14-h11 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll other older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
            }
          ],
          "value": "Version\nMinor Version\nSuggested Solution\nPAN-OS 11.011.0.0 through 11.0.1Upgrade to 11.0.2 or laterPAN-OS 10.210.2.0 through 10.2.4\nUpgrade to 10.2.5 or laterPAN-OS 10.1\n10.1.0 through 10.1.14\nUpgrade to 10.1.14-h11 or later\nAll other older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version."
        }
      ],
      "source": {
        "defect": [
          "PAN-209208"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-03-12T16:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "PAN-OS: Denial of Service (DoS) in GlobalProtect",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No workaround or mitigation is available."
            }
          ],
          "value": "No workaround or mitigation is available."
        }
      ],
      "x_affectedList": [
        "PAN-OS 11.0.1-h5",
        "PAN-OS 11.0.1-h4",
        "PAN-OS 11.0.1-h3",
        "PAN-OS 11.0.1-h2",
        "PAN-OS 11.0.1-h1",
        "PAN-OS 11.0.1",
        "PAN-OS 11.0.0-h4",
        "PAN-OS 11.0.0-h3",
        "PAN-OS 11.0.0-h2",
        "PAN-OS 11.0.0-h1",
        "PAN-OS 11.0.0",
        "PAN-OS 10.2.4-h32",
        "PAN-OS 10.2.4-h31",
        "PAN-OS 10.2.4-h30",
        "PAN-OS 10.2.4-h29",
        "PAN-OS 10.2.4-h28",
        "PAN-OS 10.2.4-h27",
        "PAN-OS 10.2.4-h26",
        "PAN-OS 10.2.4-h25",
        "PAN-OS 10.2.4-h24",
        "PAN-OS 10.2.4-h23",
        "PAN-OS 10.2.4-h22",
        "PAN-OS 10.2.4-h21",
        "PAN-OS 10.2.4-h20",
        "PAN-OS 10.2.4-h19",
        "PAN-OS 10.2.4-h18",
        "PAN-OS 10.2.4-h17",
        "PAN-OS 10.2.4-h16",
        "PAN-OS 10.2.4-h15",
        "PAN-OS 10.2.4-h14",
        "PAN-OS 10.2.4-h13",
        "PAN-OS 10.2.4-h12",
        "PAN-OS 10.2.4-h11",
        "PAN-OS 10.2.4-h10",
        "PAN-OS 10.2.4-h9",
        "PAN-OS 10.2.4-h8",
        "PAN-OS 10.2.4-h7",
        "PAN-OS 10.2.4-h6",
        "PAN-OS 10.2.4-h5",
        "PAN-OS 10.2.4-h4",
        "PAN-OS 10.2.4-h3",
        "PAN-OS 10.2.4-h2",
        "PAN-OS 10.2.4-h1",
        "PAN-OS 10.2.4",
        "PAN-OS 10.2.3-h14",
        "PAN-OS 10.2.3-h13",
        "PAN-OS 10.2.3-h12",
        "PAN-OS 10.2.3-h11",
        "PAN-OS 10.2.3-h10",
        "PAN-OS 10.2.3-h9",
        "PAN-OS 10.2.3-h8",
        "PAN-OS 10.2.3-h7",
        "PAN-OS 10.2.3-h6",
        "PAN-OS 10.2.3-h5",
        "PAN-OS 10.2.3-h4",
        "PAN-OS 10.2.3-h3",
        "PAN-OS 10.2.3-h2",
        "PAN-OS 10.2.3-h1",
        "PAN-OS 10.2.3",
        "PAN-OS 10.2.2-h6",
        "PAN-OS 10.2.2-h5",
        "PAN-OS 10.2.2-h4",
        "PAN-OS 10.2.2-h3",
        "PAN-OS 10.2.2-h2",
        "PAN-OS 10.2.2-h1",
        "PAN-OS 10.2.2",
        "PAN-OS 10.2.1-h3",
        "PAN-OS 10.2.1-h2",
        "PAN-OS 10.2.1-h1",
        "PAN-OS 10.2.1",
        "PAN-OS 10.2.0-h4",
        "PAN-OS 10.2.0-h3",
        "PAN-OS 10.2.0-h2",
        "PAN-OS 10.2.0-h1",
        "PAN-OS 10.2.0",
        "PAN-OS 10.1.14-h10",
        "PAN-OS 10.1.14-h9",
        "PAN-OS 10.1.14-h8",
        "PAN-OS 10.1.14-h7",
        "PAN-OS 10.1.14-h6",
        "PAN-OS 10.1.14-h5",
        "PAN-OS 10.1.14-h4",
        "PAN-OS 10.1.14-h3",
        "PAN-OS 10.1.14-h2",
        "PAN-OS 10.1.14-h1",
        "PAN-OS 10.1.14",
        "PAN-OS 10.1.13-h5",
        "PAN-OS 10.1.13-h4",
        "PAN-OS 10.1.13-h3",
        "PAN-OS 10.1.13-h2",
        "PAN-OS 10.1.13-h1",
        "PAN-OS 10.1.13",
        "PAN-OS 10.1.12-h3",
        "PAN-OS 10.1.12-h2",
        "PAN-OS 10.1.12-h1",
        "PAN-OS 10.1.12",
        "PAN-OS 10.1.11-h10",
        "PAN-OS 10.1.11-h9",
        "PAN-OS 10.1.11-h8",
        "PAN-OS 10.1.11-h7",
        "PAN-OS 10.1.11-h6",
        "PAN-OS 10.1.11-h5",
        "PAN-OS 10.1.11-h4",
        "PAN-OS 10.1.11-h3",
        "PAN-OS 10.1.11-h2",
        "PAN-OS 10.1.11-h1",
        "PAN-OS 10.1.11",
        "PAN-OS 10.1.10-h9",
        "PAN-OS 10.1.10-h8",
        "PAN-OS 10.1.10-h7",
        "PAN-OS 10.1.10-h6",
        "PAN-OS 10.1.10-h5",
        "PAN-OS 10.1.10-h4",
        "PAN-OS 10.1.10-h3",
        "PAN-OS 10.1.10-h2",
        "PAN-OS 10.1.10-h1",
        "PAN-OS 10.1.10",
        "PAN-OS 10.1.9-h14",
        "PAN-OS 10.1.9-h13",
        "PAN-OS 10.1.9-h12",
        "PAN-OS 10.1.9-h11",
        "PAN-OS 10.1.9-h10",
        "PAN-OS 10.1.9-h9",
        "PAN-OS 10.1.9-h8",
        "PAN-OS 10.1.9-h7",
        "PAN-OS 10.1.9-h6",
        "PAN-OS 10.1.9-h5",
        "PAN-OS 10.1.9-h4",
        "PAN-OS 10.1.9-h3",
        "PAN-OS 10.1.9-h2",
        "PAN-OS 10.1.9-h1",
        "PAN-OS 10.1.9",
        "PAN-OS 10.1.8-h8",
        "PAN-OS 10.1.8-h7",
        "PAN-OS 10.1.8-h6",
        "PAN-OS 10.1.8-h5",
        "PAN-OS 10.1.8-h4",
        "PAN-OS 10.1.8-h3",
        "PAN-OS 10.1.8-h2",
        "PAN-OS 10.1.8-h1",
        "PAN-OS 10.1.8",
        "PAN-OS 10.1.7-h1",
        "PAN-OS 10.1.7",
        "PAN-OS 10.1.6-h9",
        "PAN-OS 10.1.6-h8",
        "PAN-OS 10.1.6-h7",
        "PAN-OS 10.1.6-h6",
        "PAN-OS 10.1.6-h5",
        "PAN-OS 10.1.6-h4",
        "PAN-OS 10.1.6-h3",
        "PAN-OS 10.1.6-h2",
        "PAN-OS 10.1.6-h1",
        "PAN-OS 10.1.6",
        "PAN-OS 10.1.5-h4",
        "PAN-OS 10.1.5-h3",
        "PAN-OS 10.1.5-h2",
        "PAN-OS 10.1.5-h1",
        "PAN-OS 10.1.5",
        "PAN-OS 10.1.4-h6",
        "PAN-OS 10.1.4-h5",
        "PAN-OS 10.1.4-h4",
        "PAN-OS 10.1.4-h3",
        "PAN-OS 10.1.4-h2",
        "PAN-OS 10.1.4-h1",
        "PAN-OS 10.1.4",
        "PAN-OS 10.1.3-h4",
        "PAN-OS 10.1.3-h3",
        "PAN-OS 10.1.3-h2",
        "PAN-OS 10.1.3-h1",
        "PAN-OS 10.1.3",
        "PAN-OS 10.1.2",
        "PAN-OS 10.1.1",
        "PAN-OS 10.1.0"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2025-0114",
    "datePublished": "2025-03-12T18:20:05.608Z",
    "dateReserved": "2024-12-20T23:23:15.900Z",
    "dateUpdated": "2025-03-12T18:34:48.122Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0111 (GCVE-0-2025-0111)

Vulnerability from nvd

Published

2025-02-12 20:58

Modified

2025-10-21 22:55

Severity ?

7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Red
5.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber

CWE

CWE-73 - External Control of File Name or Path

Summary

An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Patch: All

	Palo Alto Networks	PAN-OS	Version: 10.1.0 < 10.1.14-h9 Version: 10.2.0 < 10.2.7-h24 Version: 11.1.0 < 11.1.6-h1 Version: 11.2.0 < 11.2.4-h4 cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h20:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h19:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h20:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:::::::*
	Palo Alto Networks	Prisma Access	Patch: All

Show details on NVD website

https://security.paloaltonetworks.com/CVE-2025-0108

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0111",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-21T04:56:11.692315Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-02-20",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0111"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:28.906Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0111"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-02-20T00:00:00+00:00",
            "value": "CVE-2025-0111 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h17:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h20:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h19:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h20:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "10.1.14-h9",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.1.14-h9",
              "status": "affected",
              "version": "10.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.2.7-h24",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.8-h21",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.9-h21",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.12-h6",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.13-h3",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.10-h14",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.11-h12",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.7-h24",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.1.6-h1",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.2-h18",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.1.6-h1",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.2.4-h4",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.2.4-h4",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\u003c/p\u003e\u003col\u003e\u003cli\u003eDirectly; or\u003c/li\u003e\u003cli\u003eThrough a dataplane interface that includes a management interface profile.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eYou greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.\u003c/p\u003e\u003cp\u003eUse the following steps to identify your recently detected devices in our internet scans.\u003c/p\u003e\u003col\u003e\u003cli\u003eTo find any assets that require remediation action, visit the Assets section of the Customer Support Portal at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/\"\u003ehttps://support.paloaltonetworks.com\u003c/a\u003e\u0026nbsp;(Products \u2192 Assets \u2192 All Assets \u2192 Remediation Required).\u003c/li\u003e\u003cli\u003eReview the list of your devices that we discovered in our scans to have an internet-facing management interface and that we tagged with \u2018PAN-SA-2024-0015\u2019 and a last seen timestamp (in UTC). If you do not see any such devices listed, then our scan did not find any devices on your account to have an internet-facing management interface within the past three days.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eGlobalProtect portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you expose the device to attacks through the management web interface (typically accessible on port 4443).\u003c/p\u003e"
            }
          ],
          "value": "The risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\n\n  *  Directly; or\n  *  Through a dataplane interface that includes a management interface profile.\nYou greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.\n\nUse the following steps to identify your recently detected devices in our internet scans.\n\n  *  To find any assets that require remediation action, visit the Assets section of the Customer Support Portal at  https://support.paloaltonetworks.com https://support.paloaltonetworks.com/ \u00a0(Products \u2192 Assets \u2192 All Assets \u2192 Remediation Required).\n  *  Review the list of your devices that we discovered in our scans to have an internet-facing management interface and that we tagged with \u2018PAN-SA-2024-0015\u2019 and a last seen timestamp (in UTC). If you do not see any such devices listed, then our scan did not find any devices on your account to have an internet-facing management interface within the past three days.\nGlobalProtect portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you expose the device to attacks through the management web interface (typically accessible on port 4443)."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "\u00c9milio Gonzalez"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Maxime Gaudreault"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "our Deep Product Security Research Team"
        }
      ],
      "datePublic": "2025-02-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the \u201cnobody\u201d user.\u003c/p\u003e\u003cp\u003eYou can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practices deployment guidelines\u003c/a\u003e.\u003c/p\u003e\u003cb\u003e\u003cp\u003e\u003c/p\u003e\u003c/b\u003e\u003cp\u003eThis issue does not affect Cloud NGFW or Prisma Access software.\u003c/p\u003e\u003cb\u003e\u003c/b\u003e"
            }
          ],
          "value": "An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the \u201cnobody\u201d user.\n\nYou can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended  best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\n\n\nThis issue does not affect Cloud NGFW or Prisma Access software."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePalo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces.\u003c/p\u003e"
            }
          ],
          "value": "Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-165",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-165 File Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "You can greatly reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface. This will ensure that attacks can succeed only if they obtain privileged access through those specified IP addresses."
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-73",
              "description": "CWE-73: External Control of File Name or Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-19T23:50:51.121Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2025-0111"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.1.0 through 10.1.14\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 10.1.14-h9 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.13\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.13-h3 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.7\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.7-h24 or 10.2.13-h3 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.8\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.8-h21 or 10.2.13-h3 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.9\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.9-h21 or 10.2.13-h3 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.10\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h14 or 10.2.13-h3 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.11\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.11-h12 or 10.2.13-h3 or later \u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.12\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.12-h6 or 10.2.13-h3 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.0 (EoL)\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.6\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.6-h1 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e11.1.2\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.2-h18 or 11.1.6-h1 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h4 or later\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003eNote: PAN-OS 11.0 reached end of life (EoL) on November 17, 2024. No additional fixes are planned for this release.\u003c/p\u003e"
            }
          ],
          "value": "Version\nMinor Version\nSuggested Solution\nPAN-OS 10.1\n10.1.0 through 10.1.14\nUpgrade to 10.1.14-h9 or later\nPAN-OS 10.2\n10.2.0 through 10.2.13\nUpgrade to 10.2.13-h3 or later\n\u00a010.2.7Upgrade to 10.2.7-h24 or 10.2.13-h3 or later\u00a010.2.8Upgrade to 10.2.8-h21 or 10.2.13-h3 or later\u00a010.2.9Upgrade to 10.2.9-h21 or 10.2.13-h3 or later\u00a010.2.10Upgrade to 10.2.10-h14 or 10.2.13-h3 or later\u00a010.2.11Upgrade to 10.2.11-h12 or 10.2.13-h3 or later \u00a010.2.12Upgrade to 10.2.12-h6 or 10.2.13-h3 or later\nPAN-OS 11.0 (EoL)\u00a0Upgrade to a supported fixed versionPAN-OS 11.1\n11.1.0 through 11.1.6\nUpgrade to 11.1.6-h1 or later\n\u00a011.1.2Upgrade to 11.1.2-h18 or 11.1.6-h1 or later\nPAN-OS 11.2\n11.2.0 through 11.2.4\nUpgrade to 11.2.4-h4 or laterNote: PAN-OS 11.0 reached end of life (EoL) on November 17, 2024. No additional fixes are planned for this release."
        }
      ],
      "source": {
        "defect": [
          "PAN-273994"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-19T23:15:00.000Z",
          "value": "Updated fix availability for PAN-OS 10.2 and 11.1"
        },
        {
          "lang": "en",
          "time": "2025-02-18T23:00:00.000Z",
          "value": "Updated exploit status and solution table"
        },
        {
          "lang": "en",
          "time": "2025-02-18T19:30:00.000Z",
          "value": "Updated fix availability for PAN-OS 10.2"
        },
        {
          "lang": "en",
          "time": "2025-02-12T23:45:00.000Z",
          "value": "Added Threat Prevention Threat ID to Workarounds and Mitigations"
        },
        {
          "lang": "en",
          "time": "2025-02-12T17:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003eRecommended mitigation\u003c/b\u003e\u2014The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practices deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003c/p\u003e\u003cp\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003c/p\u003e\u003cul\u003e\u003cli\u003ePalo Alto Networks LIVEcommunity article:\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ehttps://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\u003c/a\u003e\u003c/li\u003e\u003cli\u003ePalo Alto Networks official and detailed technical documentation:\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ehttps://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003eAdditionally, customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510000 and 510001 (introduced in Applications and Threats content version 8943).\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003e\u003c/a\u003e"
            }
          ],
          "value": "Recommended mitigation\u2014The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our  https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n  *  Palo Alto Networks official and detailed technical documentation: https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices \n\n\nAdditionally, customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510000 and 510001 (introduced in Applications and Threats content version 8943).\n  https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices"
        }
      ],
      "x_affectedList": [
        "PAN-OS 11.2.4-h3",
        "PAN-OS 11.2.4-h2",
        "PAN-OS 11.2.4-h1",
        "PAN-OS 11.2.4",
        "PAN-OS 11.2.3-h5",
        "PAN-OS 11.2.3-h4",
        "PAN-OS 11.2.3-h3",
        "PAN-OS 11.2.3-h2",
        "PAN-OS 11.2.3-h1",
        "PAN-OS 11.2.3",
        "PAN-OS 11.2.2-h2",
        "PAN-OS 11.2.2-h1",
        "PAN-OS 11.2.1-h1",
        "PAN-OS 11.2.1",
        "PAN-OS 11.2.0-h1",
        "PAN-OS 11.2.0",
        "PAN-OS 11.1.6",
        "PAN-OS 11.1.5-h1",
        "PAN-OS 11.1.5",
        "PAN-OS 11.1.4-h9",
        "PAN-OS 11.1.4-h8",
        "PAN-OS 11.1.4-h7",
        "PAN-OS 11.1.4-h6",
        "PAN-OS 11.1.4-h5",
        "PAN-OS 11.1.4-h4",
        "PAN-OS 11.1.4-h3",
        "PAN-OS 11.1.4-h2",
        "PAN-OS 11.1.4-h1",
        "PAN-OS 11.1.4",
        "PAN-OS 11.1.3-h13",
        "PAN-OS 11.1.3-h12",
        "PAN-OS 11.1.3-h11",
        "PAN-OS 11.1.3-h10",
        "PAN-OS 11.1.3-h9",
        "PAN-OS 11.1.3-h8",
        "PAN-OS 11.1.3-h7",
        "PAN-OS 11.1.3-h6",
        "PAN-OS 11.1.3-h5",
        "PAN-OS 11.1.3-h4",
        "PAN-OS 11.1.3-h3",
        "PAN-OS 11.1.3-h2",
        "PAN-OS 11.1.3-h1",
        "PAN-OS 11.1.3",
        "PAN-OS 11.1.2-h17",
        "PAN-OS 11.1.2-h16",
        "PAN-OS 11.1.2-h15",
        "PAN-OS 11.1.2-h14",
        "PAN-OS 11.1.2-h13",
        "PAN-OS 11.1.2-h12",
        "PAN-OS 11.1.2-h11",
        "PAN-OS 11.1.2-h10",
        "PAN-OS 11.1.2-h9",
        "PAN-OS 11.1.2-h8",
        "PAN-OS 11.1.2-h7",
        "PAN-OS 11.1.2-h6",
        "PAN-OS 11.1.2-h5",
        "PAN-OS 11.1.2-h4",
        "PAN-OS 11.1.2-h3",
        "PAN-OS 11.1.2-h2",
        "PAN-OS 11.1.2-h1",
        "PAN-OS 11.1.2",
        "PAN-OS 11.1.1-h2",
        "PAN-OS 11.1.1-h1",
        "PAN-OS 11.1.1",
        "PAN-OS 11.1.0-h4",
        "PAN-OS 11.1.0-h3",
        "PAN-OS 11.1.0-h2",
        "PAN-OS 11.1.0-h1",
        "PAN-OS 11.1.0",
        "PAN-OS 10.2.13-h2",
        "PAN-OS 10.2.13-h1",
        "PAN-OS 10.2.13",
        "PAN-OS 10.2.12-h5",
        "PAN-OS 10.2.12-h4",
        "PAN-OS 10.2.12-h3",
        "PAN-OS 10.2.12-h2",
        "PAN-OS 10.2.12-h1",
        "PAN-OS 10.2.12",
        "PAN-OS 10.2.11-h11",
        "PAN-OS 10.2.11-h10",
        "PAN-OS 10.2.11-h9",
        "PAN-OS 10.2.11-h8",
        "PAN-OS 10.2.11-h7",
        "PAN-OS 10.2.11-h6",
        "PAN-OS 10.2.11-h5",
        "PAN-OS 10.2.11-h4",
        "PAN-OS 10.2.11-h3",
        "PAN-OS 10.2.11-h2",
        "PAN-OS 10.2.11-h1",
        "PAN-OS 10.2.11",
        "PAN-OS 10.2.10-h13",
        "PAN-OS 10.2.10-h12",
        "PAN-OS 10.2.10-h11",
        "PAN-OS 10.2.10-h10",
        "PAN-OS 10.2.10-h9",
        "PAN-OS 10.2.10-h8",
        "PAN-OS 10.2.10-h7",
        "PAN-OS 10.2.10-h6",
        "PAN-OS 10.2.10-h5",
        "PAN-OS 10.2.10-h4",
        "PAN-OS 10.2.10-h3",
        "PAN-OS 10.2.10-h2",
        "PAN-OS 10.2.10-h1",
        "PAN-OS 10.2.10",
        "PAN-OS 10.2.9-h20",
        "PAN-OS 10.2.9-h19",
        "PAN-OS 10.2.9-h18",
        "PAN-OS 10.2.9-h17",
        "PAN-OS 10.2.9-h16",
        "PAN-OS 10.2.9-h15",
        "PAN-OS 10.2.9-h14",
        "PAN-OS 10.2.9-h13",
        "PAN-OS 10.2.9-h12",
        "PAN-OS 10.2.9-h11",
        "PAN-OS 10.2.9-h10",
        "PAN-OS 10.2.9-h9",
        "PAN-OS 10.2.9-h8",
        "PAN-OS 10.2.9-h7",
        "PAN-OS 10.2.9-h6",
        "PAN-OS 10.2.9-h5",
        "PAN-OS 10.2.9-h4",
        "PAN-OS 10.2.9-h3",
        "PAN-OS 10.2.9-h2",
        "PAN-OS 10.2.9-h1",
        "PAN-OS 10.2.9",
        "PAN-OS 10.2.8-h20",
        "PAN-OS 10.2.8-h19",
        "PAN-OS 10.2.8-h18",
        "PAN-OS 10.2.8-h17",
        "PAN-OS 10.2.8-h16",
        "PAN-OS 10.2.8-h15",
        "PAN-OS 10.2.8-h14",
        "PAN-OS 10.2.8-h13",
        "PAN-OS 10.2.8-h12",
        "PAN-OS 10.2.8-h11",
        "PAN-OS 10.2.8-h10",
        "PAN-OS 10.2.8-h9",
        "PAN-OS 10.2.8-h8",
        "PAN-OS 10.2.8-h7",
        "PAN-OS 10.2.8-h6",
        "PAN-OS 10.2.8-h5",
        "PAN-OS 10.2.8-h4",
        "PAN-OS 10.2.8-h3",
        "PAN-OS 10.2.8-h2",
        "PAN-OS 10.2.8-h1",
        "PAN-OS 10.2.8",
        "PAN-OS 10.2.7-h23",
        "PAN-OS 10.2.7-h22",
        "PAN-OS 10.2.7-h21",
        "PAN-OS 10.2.7-h20",
        "PAN-OS 10.2.7-h19",
        "PAN-OS 10.2.7-h18",
        "PAN-OS 10.2.7-h17",
        "PAN-OS 10.2.7-h16",
        "PAN-OS 10.2.7-h15",
        "PAN-OS 10.2.7-h14",
        "PAN-OS 10.2.7-h13",
        "PAN-OS 10.2.7-h12",
        "PAN-OS 10.2.7-h11",
        "PAN-OS 10.2.7-h10",
        "PAN-OS 10.2.7-h9",
        "PAN-OS 10.2.7-h8",
        "PAN-OS 10.2.7-h7",
        "PAN-OS 10.2.7-h6",
        "PAN-OS 10.2.7-h5",
        "PAN-OS 10.2.7-h4",
        "PAN-OS 10.2.7-h3",
        "PAN-OS 10.2.7-h2",
        "PAN-OS 10.2.7-h1",
        "PAN-OS 10.2.7",
        "PAN-OS 10.2.6-h6",
        "PAN-OS 10.2.6-h5",
        "PAN-OS 10.2.6-h4",
        "PAN-OS 10.2.6-h3",
        "PAN-OS 10.2.6-h2",
        "PAN-OS 10.2.6-h1",
        "PAN-OS 10.2.6",
        "PAN-OS 10.2.5-h9",
        "PAN-OS 10.2.5-h8",
        "PAN-OS 10.2.5-h7",
        "PAN-OS 10.2.5-h6",
        "PAN-OS 10.2.5-h5",
        "PAN-OS 10.2.5-h4",
        "PAN-OS 10.2.5-h3",
        "PAN-OS 10.2.5-h2",
        "PAN-OS 10.2.5-h1",
        "PAN-OS 10.2.5",
        "PAN-OS 10.2.4-h32",
        "PAN-OS 10.2.4-h31",
        "PAN-OS 10.2.4-h30",
        "PAN-OS 10.2.4-h29",
        "PAN-OS 10.2.4-h28",
        "PAN-OS 10.2.4-h27",
        "PAN-OS 10.2.4-h26",
        "PAN-OS 10.2.4-h25",
        "PAN-OS 10.2.4-h24",
        "PAN-OS 10.2.4-h23",
        "PAN-OS 10.2.4-h22",
        "PAN-OS 10.2.4-h21",
        "PAN-OS 10.2.4-h20",
        "PAN-OS 10.2.4-h19",
        "PAN-OS 10.2.4-h18",
        "PAN-OS 10.2.4-h17",
        "PAN-OS 10.2.4-h16",
        "PAN-OS 10.2.4-h15",
        "PAN-OS 10.2.4-h14",
        "PAN-OS 10.2.4-h13",
        "PAN-OS 10.2.4-h12",
        "PAN-OS 10.2.4-h11",
        "PAN-OS 10.2.4-h10",
        "PAN-OS 10.2.4-h9",
        "PAN-OS 10.2.4-h8",
        "PAN-OS 10.2.4-h7",
        "PAN-OS 10.2.4-h6",
        "PAN-OS 10.2.4-h5",
        "PAN-OS 10.2.4-h4",
        "PAN-OS 10.2.4-h3",
        "PAN-OS 10.2.4-h2",
        "PAN-OS 10.2.4-h1",
        "PAN-OS 10.2.4",
        "PAN-OS 10.2.3-h14",
        "PAN-OS 10.2.3-h13",
        "PAN-OS 10.2.3-h12",
        "PAN-OS 10.2.3-h11",
        "PAN-OS 10.2.3-h10",
        "PAN-OS 10.2.3-h9",
        "PAN-OS 10.2.3-h8",
        "PAN-OS 10.2.3-h7",
        "PAN-OS 10.2.3-h6",
        "PAN-OS 10.2.3-h5",
        "PAN-OS 10.2.3-h4",
        "PAN-OS 10.2.3-h3",
        "PAN-OS 10.2.3-h2",
        "PAN-OS 10.2.3-h1",
        "PAN-OS 10.2.3",
        "PAN-OS 10.2.2-h6",
        "PAN-OS 10.2.2-h5",
        "PAN-OS 10.2.2-h4",
        "PAN-OS 10.2.2-h3",
        "PAN-OS 10.2.2-h2",
        "PAN-OS 10.2.2-h1",
        "PAN-OS 10.2.2",
        "PAN-OS 10.2.1-h3",
        "PAN-OS 10.2.1-h2",
        "PAN-OS 10.2.1-h1",
        "PAN-OS 10.2.1",
        "PAN-OS 10.2.0-h4",
        "PAN-OS 10.2.0-h3",
        "PAN-OS 10.2.0-h2",
        "PAN-OS 10.2.0-h1",
        "PAN-OS 10.2.0",
        "PAN-OS 10.1.14-h8",
        "PAN-OS 10.1.14-h7",
        "PAN-OS 10.1.14-h6",
        "PAN-OS 10.1.14-h5",
        "PAN-OS 10.1.14-h4",
        "PAN-OS 10.1.14-h3",
        "PAN-OS 10.1.14-h2",
        "PAN-OS 10.1.14-h1",
        "PAN-OS 10.1.14",
        "PAN-OS 10.1.13-h5",
        "PAN-OS 10.1.13-h4",
        "PAN-OS 10.1.13-h3",
        "PAN-OS 10.1.13-h2",
        "PAN-OS 10.1.13-h1",
        "PAN-OS 10.1.13",
        "PAN-OS 10.1.12-h3",
        "PAN-OS 10.1.12-h2",
        "PAN-OS 10.1.12-h1",
        "PAN-OS 10.1.12",
        "PAN-OS 10.1.11-h10",
        "PAN-OS 10.1.11-h9",
        "PAN-OS 10.1.11-h8",
        "PAN-OS 10.1.11-h7",
        "PAN-OS 10.1.11-h6",
        "PAN-OS 10.1.11-h5",
        "PAN-OS 10.1.11-h4",
        "PAN-OS 10.1.11-h3",
        "PAN-OS 10.1.11-h2",
        "PAN-OS 10.1.11-h1",
        "PAN-OS 10.1.11",
        "PAN-OS 10.1.10-h9",
        "PAN-OS 10.1.10-h8",
        "PAN-OS 10.1.10-h7",
        "PAN-OS 10.1.10-h6",
        "PAN-OS 10.1.10-h5",
        "PAN-OS 10.1.10-h4",
        "PAN-OS 10.1.10-h3",
        "PAN-OS 10.1.10-h2",
        "PAN-OS 10.1.10-h1",
        "PAN-OS 10.1.10",
        "PAN-OS 10.1.9-h14",
        "PAN-OS 10.1.9-h13",
        "PAN-OS 10.1.9-h12",
        "PAN-OS 10.1.9-h11",
        "PAN-OS 10.1.9-h10",
        "PAN-OS 10.1.9-h9",
        "PAN-OS 10.1.9-h8",
        "PAN-OS 10.1.9-h7",
        "PAN-OS 10.1.9-h6",
        "PAN-OS 10.1.9-h5",
        "PAN-OS 10.1.9-h4",
        "PAN-OS 10.1.9-h3",
        "PAN-OS 10.1.9-h2",
        "PAN-OS 10.1.9-h1",
        "PAN-OS 10.1.9",
        "PAN-OS 10.1.8-h8",
        "PAN-OS 10.1.8-h7",
        "PAN-OS 10.1.8-h6",
        "PAN-OS 10.1.8-h5",
        "PAN-OS 10.1.8-h4",
        "PAN-OS 10.1.8-h3",
        "PAN-OS 10.1.8-h2",
        "PAN-OS 10.1.8-h1",
        "PAN-OS 10.1.8",
        "PAN-OS 10.1.7-h1",
        "PAN-OS 10.1.7",
        "PAN-OS 10.1.6-h9",
        "PAN-OS 10.1.6-h8",
        "PAN-OS 10.1.6-h7",
        "PAN-OS 10.1.6-h6",
        "PAN-OS 10.1.6-h5",
        "PAN-OS 10.1.6-h4",
        "PAN-OS 10.1.6-h3",
        "PAN-OS 10.1.6-h2",
        "PAN-OS 10.1.6-h1",
        "PAN-OS 10.1.6",
        "PAN-OS 10.1.5-h4",
        "PAN-OS 10.1.5-h3",
        "PAN-OS 10.1.5-h2",
        "PAN-OS 10.1.5-h1",
        "PAN-OS 10.1.5",
        "PAN-OS 10.1.4-h6",
        "PAN-OS 10.1.4-h5",
        "PAN-OS 10.1.4-h4",
        "PAN-OS 10.1.4-h3",
        "PAN-OS 10.1.4-h2",
        "PAN-OS 10.1.4-h1",
        "PAN-OS 10.1.4",
        "PAN-OS 10.1.3-h4",
        "PAN-OS 10.1.3-h3",
        "PAN-OS 10.1.3-h2",
        "PAN-OS 10.1.3-h1",
        "PAN-OS 10.1.3",
        "PAN-OS 10.1.2",
        "PAN-OS 10.1.1",
        "PAN-OS 10.1.0"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2025-0111",
    "datePublished": "2025-02-12T20:58:43.387Z",
    "dateReserved": "2024-12-20T23:23:13.239Z",
    "dateUpdated": "2025-10-21T22:55:28.906Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0108 (GCVE-0-2025-0108)

Vulnerability from nvd

Published

2025-02-12 20:55

Modified

2025-10-21 22:55

Severity ?

8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Red
5.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Green

CWE

CWE-306 - Missing Authentication for Critical Function

Summary

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Patch: All

	Palo Alto Networks	PAN-OS	Version: 10.1.0 < 10.1.14-h9 Version: 10.2.0 < 10.2.7-h24 Version: 11.1.0 < 11.1.6-h1 Version: 11.2.0 < 11.2.4-h4 cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h20:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h19:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h20:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:::::::*
	Palo Alto Networks	Prisma Access	Patch: All

Show details on NVD website

https://security.paloaltonetworks.com/CVE-2024-3393

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0108",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-19T04:55:10.266940Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-02-18",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0108"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:29.063Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0108"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-02-18T00:00:00+00:00",
            "value": "CVE-2025-0108 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-20T02:08:45.296Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://github.com/iSee857/CVE-2025-0108-PoC"
          },
          {
            "url": "https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/"
          },
          {
            "url": "https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/"
          },
          {
            "url": "https://www.darkreading.com/remote-workforce/patch-now-cisa-researchers-warn-palo-alto-flaw-exploited-wild"
          },
          {
            "url": "https://www.securityweek.com/palo-alto-networks-confirms-exploitation-of-firewall-vulnerability/"
          },
          {
            "url": "https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h17:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h20:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h19:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h20:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "10.1.14-h9",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.1.14-h9",
              "status": "affected",
              "version": "10.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.2.7-h24",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.8-h21",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.9-h21",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.12-h6",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.13-h3",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.10-h14",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.11-h12",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.7-h24",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.1.6-h1",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.2-h18",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.1.6-h1",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.2.4-h4",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.2.4-h4",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan\u003eThe risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cspan\u003eDirectly; or\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eThrough a dataplane interface that includes a management interface profile.\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan\u003eYou greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eUse the following steps to identify your recently detected devices in our internet scans.\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cspan\u003eTo find any assets that require remediation action, visit the Assets section of the Customer Support Portal at\u0026nbsp;\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/\"\u003e\u003cspan\u003ehttps://support.paloaltonetworks.com\u003c/span\u003e\u003c/a\u003e\u0026nbsp;(Products \u2192 Assets \u2192 All Assets \u2192 Remediation Required).\u003c/li\u003e\u003cli\u003e\u003cspan\u003eReview the list of your devices that we discovered in our scans to have an internet-facing management interface and that we tagged with \u2018PAN-SA-2024-0015\u2019 and a last seen timestamp (in UTC). If you do not see any such devices listed, then our scan did not find any devices on your account to have an internet-facing management interface within the past three days.\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan\u003eGlobalProtect portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you expose the device to attacks through the management web interface (typically accessible on port 4443).\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "The risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\n\n  *  Directly; or\n  *  Through a dataplane interface that includes a management interface profile.\nYou greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.\n\nUse the following steps to identify your recently detected devices in our internet scans.\n\n  *  To find any assets that require remediation action, visit the Assets section of the Customer Support Portal at\u00a0 https://support.paloaltonetworks.com https://support.paloaltonetworks.com/ \u00a0(Products \u2192 Assets \u2192 All Assets \u2192 Remediation Required).\n  *  Review the list of your devices that we discovered in our scans to have an internet-facing management interface and that we tagged with \u2018PAN-SA-2024-0015\u2019 and a last seen timestamp (in UTC). If you do not see any such devices listed, then our scan did not find any devices on your account to have an internet-facing management interface within the past three days.\nGlobalProtect portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you expose the device to attacks through the management web interface (typically accessible on port 4443)."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Adam Kues - Assetnote Security Research Team"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "our Deep Product Security Research Team"
        }
      ],
      "datePublic": "2025-02-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS.\u003cb\u003e\u003cbr\u003e\u003cbr\u003e\u003c/b\u003eYou can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practices deployment guidelines\u003c/a\u003e.\u003cb\u003e\u003cbr\u003e\u003cbr\u003e\u003c/b\u003eThis issue does not affect Cloud NGFW or Prisma Access software."
            }
          ],
          "value": "An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS.\n\nYou can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended  best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue does not affect Cloud NGFW or Prisma Access software."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePalo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces.\u003c/p\u003e"
            }
          ],
          "value": "Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "You can greatly reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface. This will ensure that attacks can succeed only if they obtain privileged access through those specified IP addresses."
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-19T23:48:08.215Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2025-0108"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.1.0 through 10.1.14\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 10.1.14-h9 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.13\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.13-h3 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.7\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.7-h24 or 10.2.13-h3 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.8\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.8-h21 or 10.2.13-h3 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.9\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.9-h21 or 10.2.13-h3 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.10\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h14 or 10.2.13-h3 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.11\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.11-h12 or 10.2.13-h3 or later\u0026nbsp;\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.12\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.12-h6 or 10.2.13-h3 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.0 (EoL)\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.6\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.6-h1 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e11.1.2\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.2-h18 or 11.1.6-h1 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h4 or later\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003eNote: PAN-OS 11.0 reached end of life (EoL) on November 17, 2024. No additional fixes are planned for this release.\u003c/p\u003e"
            }
          ],
          "value": "Version\nMinor Version\nSuggested Solution\nPAN-OS 10.1\n10.1.0 through 10.1.14\nUpgrade to 10.1.14-h9 or later\nPAN-OS 10.2\n10.2.0 through 10.2.13\nUpgrade to 10.2.13-h3 or later\n\u00a010.2.7Upgrade to 10.2.7-h24 or 10.2.13-h3 or later\u00a010.2.8Upgrade to 10.2.8-h21 or 10.2.13-h3 or later\u00a010.2.9Upgrade to 10.2.9-h21 or 10.2.13-h3 or later\u00a010.2.10Upgrade to 10.2.10-h14 or 10.2.13-h3 or later\u00a010.2.11Upgrade to 10.2.11-h12 or 10.2.13-h3 or later\u00a0\u00a010.2.12Upgrade to 10.2.12-h6 or 10.2.13-h3 or later\nPAN-OS 11.0 (EoL)\u00a0Upgrade to a supported fixed versionPAN-OS 11.1\n11.1.0 through 11.1.6\nUpgrade to 11.1.6-h1 or later\n\u00a011.1.2Upgrade to 11.1.2-h18 or 11.1.6-h1 or later\nPAN-OS 11.2\n11.2.0 through 11.2.4\nUpgrade to 11.2.4-h4 or laterNote: PAN-OS 11.0 reached end of life (EoL) on November 17, 2024. No additional fixes are planned for this release."
        }
      ],
      "source": {
        "defect": [
          "PAN-273971"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-19T23:15:00.000Z",
          "value": "Updated fix availability for PAN-OS 10.2 and 11.1"
        },
        {
          "lang": "en",
          "time": "2025-02-18T23:00:00.000Z",
          "value": "Updated the exploit status and solutions table"
        },
        {
          "lang": "en",
          "time": "2025-02-18T19:30:00.000Z",
          "value": "Updated fix availability for PAN-OS 10.2"
        },
        {
          "lang": "en",
          "time": "2025-02-18T07:06:00.000Z",
          "value": "Updated exploit status"
        },
        {
          "lang": "en",
          "time": "2025-02-12T23:45:00.000Z",
          "value": "Added Threat Prevention Threat ID to Workarounds and Mitigations"
        },
        {
          "lang": "en",
          "time": "2025-02-12T17:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "PAN-OS: Authentication Bypass in the Management Web Interface",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cb\u003eRecommended mitigation\u003c/b\u003e\u2014The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practices deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003c/p\u003e\u003cp\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003c/p\u003e\u003cul\u003e\u003cli\u003ePalo Alto Networks LIVEcommunity article:\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ehttps://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\u003c/a\u003e\u003c/li\u003e\u003cli\u003ePalo Alto Networks official and detailed technical documentation:\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ehttps://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003eAdditionally, customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510000 and 510001 (introduced in Applications and Threats content version 8943)."
            }
          ],
          "value": "Recommended mitigation\u2014The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our\u00a0 https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n  *  Palo Alto Networks official and detailed technical documentation: https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices \n\n\nAdditionally, customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510000 and 510001 (introduced in Applications and Threats content version 8943)."
        }
      ],
      "x_affectedList": [
        "PAN-OS 11.2.4-h3",
        "PAN-OS 11.2.4-h2",
        "PAN-OS 11.2.4-h1",
        "PAN-OS 11.2.4",
        "PAN-OS 11.2.3-h5",
        "PAN-OS 11.2.3-h4",
        "PAN-OS 11.2.3-h3",
        "PAN-OS 11.2.3-h2",
        "PAN-OS 11.2.3-h1",
        "PAN-OS 11.2.3",
        "PAN-OS 11.2.2-h2",
        "PAN-OS 11.2.2-h1",
        "PAN-OS 11.2.1-h1",
        "PAN-OS 11.2.1",
        "PAN-OS 11.2.0-h1",
        "PAN-OS 11.2.0",
        "PAN-OS 11.1.6",
        "PAN-OS 11.1.5-h1",
        "PAN-OS 11.1.5",
        "PAN-OS 11.1.4-h9",
        "PAN-OS 11.1.4-h8",
        "PAN-OS 11.1.4-h7",
        "PAN-OS 11.1.4-h6",
        "PAN-OS 11.1.4-h5",
        "PAN-OS 11.1.4-h4",
        "PAN-OS 11.1.4-h3",
        "PAN-OS 11.1.4-h2",
        "PAN-OS 11.1.4-h1",
        "PAN-OS 11.1.4",
        "PAN-OS 11.1.3-h13",
        "PAN-OS 11.1.3-h12",
        "PAN-OS 11.1.3-h11",
        "PAN-OS 11.1.3-h10",
        "PAN-OS 11.1.3-h9",
        "PAN-OS 11.1.3-h8",
        "PAN-OS 11.1.3-h7",
        "PAN-OS 11.1.3-h6",
        "PAN-OS 11.1.3-h5",
        "PAN-OS 11.1.3-h4",
        "PAN-OS 11.1.3-h3",
        "PAN-OS 11.1.3-h2",
        "PAN-OS 11.1.3-h1",
        "PAN-OS 11.1.3",
        "PAN-OS 11.1.2-h17",
        "PAN-OS 11.1.2-h16",
        "PAN-OS 11.1.2-h15",
        "PAN-OS 11.1.2-h14",
        "PAN-OS 11.1.2-h13",
        "PAN-OS 11.1.2-h12",
        "PAN-OS 11.1.2-h11",
        "PAN-OS 11.1.2-h10",
        "PAN-OS 11.1.2-h9",
        "PAN-OS 11.1.2-h8",
        "PAN-OS 11.1.2-h7",
        "PAN-OS 11.1.2-h6",
        "PAN-OS 11.1.2-h5",
        "PAN-OS 11.1.2-h4",
        "PAN-OS 11.1.2-h3",
        "PAN-OS 11.1.2-h2",
        "PAN-OS 11.1.2-h1",
        "PAN-OS 11.1.2",
        "PAN-OS 11.1.1-h2",
        "PAN-OS 11.1.1-h1",
        "PAN-OS 11.1.1",
        "PAN-OS 11.1.0-h4",
        "PAN-OS 11.1.0-h3",
        "PAN-OS 11.1.0-h2",
        "PAN-OS 11.1.0-h1",
        "PAN-OS 11.1.0",
        "PAN-OS 10.2.13-h2",
        "PAN-OS 10.2.13-h1",
        "PAN-OS 10.2.13",
        "PAN-OS 10.2.12-h5",
        "PAN-OS 10.2.12-h4",
        "PAN-OS 10.2.12-h3",
        "PAN-OS 10.2.12-h2",
        "PAN-OS 10.2.12-h1",
        "PAN-OS 10.2.12",
        "PAN-OS 10.2.11-h11",
        "PAN-OS 10.2.11-h10",
        "PAN-OS 10.2.11-h9",
        "PAN-OS 10.2.11-h8",
        "PAN-OS 10.2.11-h7",
        "PAN-OS 10.2.11-h6",
        "PAN-OS 10.2.11-h5",
        "PAN-OS 10.2.11-h4",
        "PAN-OS 10.2.11-h3",
        "PAN-OS 10.2.11-h2",
        "PAN-OS 10.2.11-h1",
        "PAN-OS 10.2.11",
        "PAN-OS 10.2.10-h13",
        "PAN-OS 10.2.10-h12",
        "PAN-OS 10.2.10-h11",
        "PAN-OS 10.2.10-h10",
        "PAN-OS 10.2.10-h9",
        "PAN-OS 10.2.10-h8",
        "PAN-OS 10.2.10-h7",
        "PAN-OS 10.2.10-h6",
        "PAN-OS 10.2.10-h5",
        "PAN-OS 10.2.10-h4",
        "PAN-OS 10.2.10-h3",
        "PAN-OS 10.2.10-h2",
        "PAN-OS 10.2.10-h1",
        "PAN-OS 10.2.10",
        "PAN-OS 10.2.9-h20",
        "PAN-OS 10.2.9-h19",
        "PAN-OS 10.2.9-h18",
        "PAN-OS 10.2.9-h17",
        "PAN-OS 10.2.9-h16",
        "PAN-OS 10.2.9-h15",
        "PAN-OS 10.2.9-h14",
        "PAN-OS 10.2.9-h13",
        "PAN-OS 10.2.9-h12",
        "PAN-OS 10.2.9-h11",
        "PAN-OS 10.2.9-h10",
        "PAN-OS 10.2.9-h9",
        "PAN-OS 10.2.9-h8",
        "PAN-OS 10.2.9-h7",
        "PAN-OS 10.2.9-h6",
        "PAN-OS 10.2.9-h5",
        "PAN-OS 10.2.9-h4",
        "PAN-OS 10.2.9-h3",
        "PAN-OS 10.2.9-h2",
        "PAN-OS 10.2.9-h1",
        "PAN-OS 10.2.9",
        "PAN-OS 10.2.8-h20",
        "PAN-OS 10.2.8-h19",
        "PAN-OS 10.2.8-h18",
        "PAN-OS 10.2.8-h17",
        "PAN-OS 10.2.8-h16",
        "PAN-OS 10.2.8-h15",
        "PAN-OS 10.2.8-h14",
        "PAN-OS 10.2.8-h13",
        "PAN-OS 10.2.8-h12",
        "PAN-OS 10.2.8-h11",
        "PAN-OS 10.2.8-h10",
        "PAN-OS 10.2.8-h9",
        "PAN-OS 10.2.8-h8",
        "PAN-OS 10.2.8-h7",
        "PAN-OS 10.2.8-h6",
        "PAN-OS 10.2.8-h5",
        "PAN-OS 10.2.8-h4",
        "PAN-OS 10.2.8-h3",
        "PAN-OS 10.2.8-h2",
        "PAN-OS 10.2.8-h1",
        "PAN-OS 10.2.8",
        "PAN-OS 10.2.7-h23",
        "PAN-OS 10.2.7-h22",
        "PAN-OS 10.2.7-h21",
        "PAN-OS 10.2.7-h20",
        "PAN-OS 10.2.7-h19",
        "PAN-OS 10.2.7-h18",
        "PAN-OS 10.2.7-h17",
        "PAN-OS 10.2.7-h16",
        "PAN-OS 10.2.7-h15",
        "PAN-OS 10.2.7-h14",
        "PAN-OS 10.2.7-h13",
        "PAN-OS 10.2.7-h12",
        "PAN-OS 10.2.7-h11",
        "PAN-OS 10.2.7-h10",
        "PAN-OS 10.2.7-h9",
        "PAN-OS 10.2.7-h8",
        "PAN-OS 10.2.7-h7",
        "PAN-OS 10.2.7-h6",
        "PAN-OS 10.2.7-h5",
        "PAN-OS 10.2.7-h4",
        "PAN-OS 10.2.7-h3",
        "PAN-OS 10.2.7-h2",
        "PAN-OS 10.2.7-h1",
        "PAN-OS 10.2.7",
        "PAN-OS 10.2.6-h6",
        "PAN-OS 10.2.6-h5",
        "PAN-OS 10.2.6-h4",
        "PAN-OS 10.2.6-h3",
        "PAN-OS 10.2.6-h2",
        "PAN-OS 10.2.6-h1",
        "PAN-OS 10.2.6",
        "PAN-OS 10.2.5-h9",
        "PAN-OS 10.2.5-h8",
        "PAN-OS 10.2.5-h7",
        "PAN-OS 10.2.5-h6",
        "PAN-OS 10.2.5-h5",
        "PAN-OS 10.2.5-h4",
        "PAN-OS 10.2.5-h3",
        "PAN-OS 10.2.5-h2",
        "PAN-OS 10.2.5-h1",
        "PAN-OS 10.2.5",
        "PAN-OS 10.2.4-h32",
        "PAN-OS 10.2.4-h31",
        "PAN-OS 10.2.4-h30",
        "PAN-OS 10.2.4-h29",
        "PAN-OS 10.2.4-h28",
        "PAN-OS 10.2.4-h27",
        "PAN-OS 10.2.4-h26",
        "PAN-OS 10.2.4-h25",
        "PAN-OS 10.2.4-h24",
        "PAN-OS 10.2.4-h23",
        "PAN-OS 10.2.4-h22",
        "PAN-OS 10.2.4-h21",
        "PAN-OS 10.2.4-h20",
        "PAN-OS 10.2.4-h19",
        "PAN-OS 10.2.4-h18",
        "PAN-OS 10.2.4-h17",
        "PAN-OS 10.2.4-h16",
        "PAN-OS 10.2.4-h15",
        "PAN-OS 10.2.4-h14",
        "PAN-OS 10.2.4-h13",
        "PAN-OS 10.2.4-h12",
        "PAN-OS 10.2.4-h11",
        "PAN-OS 10.2.4-h10",
        "PAN-OS 10.2.4-h9",
        "PAN-OS 10.2.4-h8",
        "PAN-OS 10.2.4-h7",
        "PAN-OS 10.2.4-h6",
        "PAN-OS 10.2.4-h5",
        "PAN-OS 10.2.4-h4",
        "PAN-OS 10.2.4-h3",
        "PAN-OS 10.2.4-h2",
        "PAN-OS 10.2.4-h1",
        "PAN-OS 10.2.4",
        "PAN-OS 10.2.3-h14",
        "PAN-OS 10.2.3-h13",
        "PAN-OS 10.2.3-h12",
        "PAN-OS 10.2.3-h11",
        "PAN-OS 10.2.3-h10",
        "PAN-OS 10.2.3-h9",
        "PAN-OS 10.2.3-h8",
        "PAN-OS 10.2.3-h7",
        "PAN-OS 10.2.3-h6",
        "PAN-OS 10.2.3-h5",
        "PAN-OS 10.2.3-h4",
        "PAN-OS 10.2.3-h3",
        "PAN-OS 10.2.3-h2",
        "PAN-OS 10.2.3-h1",
        "PAN-OS 10.2.3",
        "PAN-OS 10.2.2-h6",
        "PAN-OS 10.2.2-h5",
        "PAN-OS 10.2.2-h4",
        "PAN-OS 10.2.2-h3",
        "PAN-OS 10.2.2-h2",
        "PAN-OS 10.2.2-h1",
        "PAN-OS 10.2.2",
        "PAN-OS 10.2.1-h3",
        "PAN-OS 10.2.1-h2",
        "PAN-OS 10.2.1-h1",
        "PAN-OS 10.2.1",
        "PAN-OS 10.2.0-h4",
        "PAN-OS 10.2.0-h3",
        "PAN-OS 10.2.0-h2",
        "PAN-OS 10.2.0-h1",
        "PAN-OS 10.2.0",
        "PAN-OS 10.1.14-h8",
        "PAN-OS 10.1.14-h7",
        "PAN-OS 10.1.14-h6",
        "PAN-OS 10.1.14-h5",
        "PAN-OS 10.1.14-h4",
        "PAN-OS 10.1.14-h3",
        "PAN-OS 10.1.14-h2",
        "PAN-OS 10.1.14-h1",
        "PAN-OS 10.1.14",
        "PAN-OS 10.1.13-h5",
        "PAN-OS 10.1.13-h4",
        "PAN-OS 10.1.13-h3",
        "PAN-OS 10.1.13-h2",
        "PAN-OS 10.1.13-h1",
        "PAN-OS 10.1.13",
        "PAN-OS 10.1.12-h3",
        "PAN-OS 10.1.12-h2",
        "PAN-OS 10.1.12-h1",
        "PAN-OS 10.1.12",
        "PAN-OS 10.1.11-h10",
        "PAN-OS 10.1.11-h9",
        "PAN-OS 10.1.11-h8",
        "PAN-OS 10.1.11-h7",
        "PAN-OS 10.1.11-h6",
        "PAN-OS 10.1.11-h5",
        "PAN-OS 10.1.11-h4",
        "PAN-OS 10.1.11-h3",
        "PAN-OS 10.1.11-h2",
        "PAN-OS 10.1.11-h1",
        "PAN-OS 10.1.11",
        "PAN-OS 10.1.10-h9",
        "PAN-OS 10.1.10-h8",
        "PAN-OS 10.1.10-h7",
        "PAN-OS 10.1.10-h6",
        "PAN-OS 10.1.10-h5",
        "PAN-OS 10.1.10-h4",
        "PAN-OS 10.1.10-h3",
        "PAN-OS 10.1.10-h2",
        "PAN-OS 10.1.10-h1",
        "PAN-OS 10.1.10",
        "PAN-OS 10.1.9-h14",
        "PAN-OS 10.1.9-h13",
        "PAN-OS 10.1.9-h12",
        "PAN-OS 10.1.9-h11",
        "PAN-OS 10.1.9-h10",
        "PAN-OS 10.1.9-h9",
        "PAN-OS 10.1.9-h8",
        "PAN-OS 10.1.9-h7",
        "PAN-OS 10.1.9-h6",
        "PAN-OS 10.1.9-h5",
        "PAN-OS 10.1.9-h4",
        "PAN-OS 10.1.9-h3",
        "PAN-OS 10.1.9-h2",
        "PAN-OS 10.1.9-h1",
        "PAN-OS 10.1.9",
        "PAN-OS 10.1.8-h8",
        "PAN-OS 10.1.8-h7",
        "PAN-OS 10.1.8-h6",
        "PAN-OS 10.1.8-h5",
        "PAN-OS 10.1.8-h4",
        "PAN-OS 10.1.8-h3",
        "PAN-OS 10.1.8-h2",
        "PAN-OS 10.1.8-h1",
        "PAN-OS 10.1.8",
        "PAN-OS 10.1.7-h1",
        "PAN-OS 10.1.7",
        "PAN-OS 10.1.6-h9",
        "PAN-OS 10.1.6-h8",
        "PAN-OS 10.1.6-h7",
        "PAN-OS 10.1.6-h6",
        "PAN-OS 10.1.6-h5",
        "PAN-OS 10.1.6-h4",
        "PAN-OS 10.1.6-h3",
        "PAN-OS 10.1.6-h2",
        "PAN-OS 10.1.6-h1",
        "PAN-OS 10.1.6",
        "PAN-OS 10.1.5-h4",
        "PAN-OS 10.1.5-h3",
        "PAN-OS 10.1.5-h2",
        "PAN-OS 10.1.5-h1",
        "PAN-OS 10.1.5",
        "PAN-OS 10.1.4-h6",
        "PAN-OS 10.1.4-h5",
        "PAN-OS 10.1.4-h4",
        "PAN-OS 10.1.4-h3",
        "PAN-OS 10.1.4-h2",
        "PAN-OS 10.1.4-h1",
        "PAN-OS 10.1.4",
        "PAN-OS 10.1.3-h4",
        "PAN-OS 10.1.3-h3",
        "PAN-OS 10.1.3-h2",
        "PAN-OS 10.1.3-h1",
        "PAN-OS 10.1.3",
        "PAN-OS 10.1.2",
        "PAN-OS 10.1.1",
        "PAN-OS 10.1.0"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2025-0108",
    "datePublished": "2025-02-12T20:55:34.610Z",
    "dateReserved": "2024-12-20T23:23:10.451Z",
    "dateUpdated": "2025-10-21T22:55:29.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3393 (GCVE-0-2024-3393)

Vulnerability from nvd

Published

2024-12-27 09:44

Modified

2025-10-21 22:55

Severity ?

8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:N/R:U/V:C/RE:M/U:Amber
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:N/R:U/V:C/RE:M/U:Amber

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Summary

A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

	Palo Alto Networks	PAN-OS	Version: 11.2.0 < 11.2.3 Version: 11.1.0 < 11.1.2-h16 Version: 10.2.8 < 10.2.8-h19 Version: 10.1.14 < 10.1.14-h8 cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1:-::::::
	Palo Alto Networks	PAN-OS	Patch: 10.2.0 < 10.2.8 Version: 11.2.0 < 11.2.3

Show details on NVD website

https://security.paloaltonetworks.com/CVE-2024-9474

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3393",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-09T15:55:30.369332Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-12-30",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3393"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:33.618Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3393"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-12-30T00:00:00+00:00",
            "value": "CVE-2024-3393 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1:-:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "11.2.3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.2.3",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.1.2-h16",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.3-h13",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.4-h7",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.5",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.1.2-h16",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.2.8-h19",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.9-h19",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.10-h12",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.11-h10",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.12-h4",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.13-h2",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.14",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.8-h19",
              "status": "affected",
              "version": "10.2.8",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.1.14-h8",
                  "status": "unaffected"
                },
                {
                  "at": "10.1.15",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.1.14-h8",
              "status": "affected",
              "version": "10.1.14",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Prisma Access"
          ],
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "10.2.8",
                  "status": "affected"
                },
                {
                  "at": "10.2.9-h19",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.10-h12",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.8",
              "status": "unaffected",
              "version": "10.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.2.3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.2.3",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eBoth of the following must be true for PAN-OS software to be affected:\u003cbr\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003eEither a DNS Security License or an Advanced DNS Security License must be applied, AND\u003cbr\u003e\u003c/li\u003e\u003cli\u003eDNS Security logging must be enabled.\u003c/li\u003e\u003c/ol\u003e"
            }
          ],
          "value": "Both of the following must be true for PAN-OS software to be affected:\n\n\n  *  Either a DNS Security License or an Advanced DNS Security License must be applied, AND\n\n  *  DNS Security logging must be enabled."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Palo Alto Networks thanks the CERT-EE team for their extra effort in providing invaluable forensic and analytic assistance."
        }
      ],
      "datePublic": "2024-12-27T02:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode."
            }
          ],
          "value": "A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is aware of customers experiencing this denial of service (DoS) when their firewall blocks malicious DNS packets that trigger this issue."
            }
          ],
          "value": "Palo Alto Networks is aware of customers experiencing this denial of service (DoS) when their firewall blocks malicious DNS packets that trigger this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-540",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-540 Overread Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:N/R:U/V:C/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "An attacker sends a malicious packet through the firewall, which processes a malicious packet that triggers this issue."
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:N/R:U/V:C/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "Prisma Access, when only providing access to authenticated end users, processes a malicious packet that triggers this issue."
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-28T01:51:29.594Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2024-3393"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan\u003eThis issue is fixed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eNote: PAN-OS 11.0 reached the end of life (EOL) on November 17, 2024, so we do not intend to provide a fix for this release.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003ePrisma Access customers using DNS Security with affected PAN-OS versions should apply one of the workarounds provided below. We will perform upgrades in two phases for impacted customers on the weekends of January 3rd and January 10th. You can request an expedited Prisma Access upgrade to the latest PAN-OS version by opening a \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/Support/Index\"\u003e\u003cspan\u003esupport case\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e\u003cspan\u003eIn addition, to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u200b\u200bAdditional PAN-OS 11.1 fixes:\u003c/p\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e11.1.2-h16\u003c/li\u003e\u003cli\u003e11.1.3-h13\u003c/li\u003e\u003cli\u003e11.1.4-h7\u003c/li\u003e\u003cli\u003e11.1.5\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003eAdditional PAN-OS 10.2 fixes:\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e10.2.8-h19\u003c/li\u003e\u003cli\u003e10.2.9-h19\u003c/li\u003e\u003cli\u003e10.2.10-h12\u003c/li\u003e\u003cli\u003e10.2.11-h10\u003c/li\u003e\u003cli\u003e10.2.12-h4\u003c/li\u003e\u003cli\u003e10.2.13-h2\u003c/li\u003e\u003cli\u003e10.2.14\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003eAdditional PAN-OS 10.1 fixes:\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e10.1.14-h8\u003c/li\u003e\u003cli\u003e10.1.15\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003eAdditional PAN-OS fixes only applicable to Prisma Access:\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e10.2.9-h19\u003c/li\u003e\u003cli\u003e10.2.10-h12\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
            }
          ],
          "value": "This issue is fixed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions.\n\nNote: PAN-OS 11.0 reached the end of life (EOL) on November 17, 2024, so we do not intend to provide a fix for this release.\n\nPrisma Access customers using DNS Security with affected PAN-OS versions should apply one of the workarounds provided below. We will perform upgrades in two phases for impacted customers on the weekends of January 3rd and January 10th. You can request an expedited Prisma Access upgrade to the latest PAN-OS version by opening a  support case https://support.paloaltonetworks.com/Support/Index .\n\nIn addition, to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases.\n\n\u200b\u200bAdditional PAN-OS 11.1 fixes:\n\n  *  11.1.2-h16\n  *  11.1.3-h13\n  *  11.1.4-h7\n  *  11.1.5\n\n\n\n\nAdditional PAN-OS 10.2 fixes:\n\n  *  10.2.8-h19\n  *  10.2.9-h19\n  *  10.2.10-h12\n  *  10.2.11-h10\n  *  10.2.12-h4\n  *  10.2.13-h2\n  *  10.2.14\n\n\n\n\nAdditional PAN-OS 10.1 fixes:\n\n  *  10.1.14-h8\n  *  10.1.15\n\n\n\n\nAdditional PAN-OS fixes only applicable to Prisma Access:\n\n  *  10.2.9-h19\n  *  10.2.10-h12"
        }
      ],
      "source": {
        "defect": [
          "PAN-259351",
          "PAN-219034"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-12-27T02:30:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "If your firewall running the vulnerable PAN-OS versions stops responding or reboots unexpectedly and you cannot immediately apply a fix, apply a workaround below based on your deployment.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eUnmanaged NGFWs, NGFW managed by Panorama, or Prisma Access managed by Panorama\u003c/b\u003e\u003cb\u003e\u003cbr\u003e\u003c/b\u003e\u003col\u003e\u003cli\u003eFor each Anti-spyware profile, navigate to Objects \u2192 Security Profiles \u2192 Anti-spyware \u2192 (select a profile) \u2192 DNS Policies \u2192 DNS Security.\u003c/li\u003e\u003cli\u003eChange the Log Severity to \"none\" for all configured DNS Security categories.\u003cbr\u003e\u003c/li\u003e\u003cli\u003eCommit the changes.\u003cbr\u003e\u003c/li\u003e\u003c/ol\u003eRemember to revert the Log Severity settings once the fixes are applied.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eNGFW managed by Strata Cloud Manager (SCM)\u003c/b\u003e\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003e\u003cdiv\u003eYou can choose one of the following mitigation options:\u003c/div\u003e\u003cdiv\u003e\u003col\u003e\u003cli\u003eOption 1: Disable DNS Security logging directly on each NGFW by following the PAN-OS steps above.\u003c/li\u003e\u003cli\u003eOption 2: Disable DNS Security logging across all NGFWs in your tenant by opening a \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/Support/Index\"\u003esupport case\u003c/a\u003e.\u003c/li\u003e\u003c/ol\u003e\u003c/div\u003e\u003cb\u003e\u003cp\u003ePrisma Access managed by Strata Cloud Manager (SCM)\u003c/p\u003e\u003c/b\u003e\u003c/div\u003e\u003cp\u003eUntil we perform an upgrade of your Prisma Access tenant, you can disable DNS Security logging across all NGFWs in your tenant by opening a \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/Support/Index\"\u003esupport case\u003c/a\u003e. If you would like to expedite the upgrade, please make a note of that in the support case.\u003c/p\u003e\u003cb\u003e\u003c/b\u003e"
            }
          ],
          "value": "If your firewall running the vulnerable PAN-OS versions stops responding or reboots unexpectedly and you cannot immediately apply a fix, apply a workaround below based on your deployment.\n\nUnmanaged NGFWs, NGFW managed by Panorama, or Prisma Access managed by Panorama\n  *  For each Anti-spyware profile, navigate to Objects \u2192 Security Profiles \u2192 Anti-spyware \u2192 (select a profile) \u2192 DNS Policies \u2192 DNS Security.\n  *  Change the Log Severity to \"none\" for all configured DNS Security categories.\n\n  *  Commit the changes.\n\nRemember to revert the Log Severity settings once the fixes are applied.\n\nNGFW managed by Strata Cloud Manager (SCM)\n\nYou can choose one of the following mitigation options:\n\n  *  Option 1: Disable DNS Security logging directly on each NGFW by following the PAN-OS steps above.\n  *  Option 2: Disable DNS Security logging across all NGFWs in your tenant by opening a  support case https://support.paloaltonetworks.com/Support/Index .\n\n\nPrisma Access managed by Strata Cloud Manager (SCM)\n\n\n\nUntil we perform an upgrade of your Prisma Access tenant, you can disable DNS Security logging across all NGFWs in your tenant by opening a  support case https://support.paloaltonetworks.com/Support/Index . If you would like to expedite the upgrade, please make a note of that in the support case."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-3393",
    "datePublished": "2024-12-27T09:44:24.538Z",
    "dateReserved": "2024-04-05T17:40:24.596Z",
    "dateUpdated": "2025-10-21T22:55:33.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-9474 (GCVE-0-2024-9474)

Vulnerability from nvd

Published

2024-11-18 15:48

Modified

2025-10-21 22:55

Severity ?

6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red
5.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Summary

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

	Palo Alto Networks	PAN-OS	Version: 11.2.0 < 11.2.4-h1 Version: 11.1.0 < 11.1.5-h1 Version: 11.0.0 < 11.0.6-h1 Version: 10.2.0 < 10.2.12-h2 Version: 10.1.0 < 10.1.14-h6
	Palo Alto Networks	Prisma Access

Show details on NVD website

https://security.paloaltonetworks.com/CVE-2024-0012

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:paloaltonetworks:pan-os:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pan-os",
            "vendor": "paloaltonetworks",
            "versions": [
              {
                "lessThan": "11.2.4-h1",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.1.5-h1",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.0.6-h1",
                "status": "affected",
                "version": "11.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.2.12-h2",
                "status": "affected",
                "version": "10.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.1.14-h6",
                "status": "affected",
                "version": "10.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:paloaltonetworks:pan-os:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pan-os",
            "vendor": "paloaltonetworks",
            "versions": [
              {
                "lessThan": "11.2.4-h1",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.1.5-h1",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.0.6-h1",
                "status": "affected",
                "version": "11.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.2.12-h2",
                "status": "affected",
                "version": "10.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.1.14-h6",
                "status": "affected",
                "version": "10.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:paloaltonetworks:pan-os:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pan-os",
            "vendor": "paloaltonetworks",
            "versions": [
              {
                "lessThan": "11.2.4-h1",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.1.5-h1",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.0.6-h1",
                "status": "affected",
                "version": "11.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.2.12-h2",
                "status": "affected",
                "version": "10.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.1.14-h6",
                "status": "affected",
                "version": "10.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:paloaltonetworks:pan-os:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pan-os",
            "vendor": "paloaltonetworks",
            "versions": [
              {
                "lessThan": "11.2.4-h1",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.1.5-h1",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.0.6-h1",
                "status": "affected",
                "version": "11.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.2.12-h2",
                "status": "affected",
                "version": "10.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.1.14-h6",
                "status": "affected",
                "version": "10.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:paloaltonetworks:pan-os:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pan-os",
            "vendor": "paloaltonetworks",
            "versions": [
              {
                "lessThan": "11.2.4-h1",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.1.5-h1",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.0.6-h1",
                "status": "affected",
                "version": "11.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.2.12-h2",
                "status": "affected",
                "version": "10.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.1.14-h6",
                "status": "affected",
                "version": "10.1.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9474",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T04:55:45.920877Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-11-18",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9474"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:36.080Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "url": "https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/k4nfr3/CVE-2024-9474"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9474"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-11-18T00:00:00+00:00",
            "value": "CVE-2024-9474 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-24T14:45:36.690Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "11.2.4-h1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.2.4-h1",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.1.5-h1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.1.5-h1",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.0.6-h1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.0.6-h1",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.2.12-h2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.12-h2",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.1.14-h6",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.1.14-h6",
              "status": "affected",
              "version": "10.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe risk is greatest if you configure the management interface to enable access from the internet or any untrusted network either:\u003c/p\u003e\u003col\u003e\u003cli\u003eDirectly\u003cbr /\u003eor\u003c/li\u003e\u003cli\u003eThrough a dataplane interface that includes a management interface profile.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThe risk is greatly reduced if you make sure that only trusted internal IP addresses are allowed to access the management interface.\u003c/p\u003e\u003cp\u003eUse the following steps to identify your recently detected devices in our Internet scans:\u003c/p\u003e\u003col\u003e\u003cli\u003eTo find your known assets that require remediation action, visit the Assets section of Customer Support Portal at \u003ca target=\"_blank\" href=\"https://support.paloaltonetworks.com/\"\u003ehttps://support.paloaltonetworks.com\u003c/a\u003e\u00a0(Products \u2192 Assets \u2192 All Assets \u2192 Remediation Required).\u003c/li\u003e\u003cli\u003eThe list of your known devices with an internet-facing management interface discovered in our scans are tagged with PAN-SA-2024-0015 with a last seen timestamp in UTC. If no such devices are listed, it indicates our scan did not find any devices with internet-facing management interface for your account in the last three days.\u003c/li\u003e\u003c/ol\u003e"
            }
          ],
          "value": "The risk is greatest if you configure the management interface to enable access from the internet or any untrusted network either:\n\n  *  Directly\nor\n  *  Through a dataplane interface that includes a management interface profile.\nThe risk is greatly reduced if you make sure that only trusted internal IP addresses are allowed to access the management interface.\n\nUse the following steps to identify your recently detected devices in our Internet scans:\n\n  *  To find your known assets that require remediation action, visit the Assets section of Customer Support Portal at  https://support.paloaltonetworks.com https://support.paloaltonetworks.com/ \u00a0(Products \u2192 Assets \u2192 All Assets \u2192 Remediation Required).\n  *  The list of your known devices with an internet-facing management interface discovered in our scans are tagged with PAN-SA-2024-0015 with a last seen timestamp in UTC. If no such devices are listed, it indicates our scan did not find any devices with internet-facing management interface for your account in the last three days."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Palo Alto Networks thanks our Deep Product Security Research Team for discovering this issue internally from threat activity."
        }
      ],
      "datePublic": "2024-11-18T14:20:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.\u003c/p\u003e\u003cp\u003eCloud NGFW and Prisma Access are not impacted by this vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.\n\nCloud NGFW and Prisma Access are not impacted by this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan\u003ePalo Alto Networks observed threat activity that exploits this vulnerability against a limited number of management web interfaces that are exposed to internet traffic coming from outside the network.\u003c/span\u003e\u003cbr /\u003e"
            }
          ],
          "value": "Palo Alto Networks observed threat activity that exploits this vulnerability against a limited number of management web interfaces that are exposed to internet traffic coming from outside the network."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88 OS Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet. The worst impact is that a malicious administrator is able to tamper with the system integrity."
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "If you configure a specific list of IP addresses that only allow access to the management interface, you greatly reduce the risk of exploitation because attacks would require privileged access using only those IP addresses."
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-18T15:48:23.405Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2024-9474"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThis issue is fixed in PAN-OS 10.1.14-h6, PAN-OS 10.2.12-h2, PAN-OS 11.0.6-h1, PAN-OS 11.1.5-h1, PAN-OS 11.2.4-h1, and all later PAN-OS versions.\u003c/p\u003e\u003cp\u003eIn addition, in an attempt to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases.\u003c/p\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003eAdditional PAN-OS 11.2 fixes:\u003cul\u003e\u003cli\u003e\u200b\u200b11.2.0-h1\u003c/li\u003e\u003cli\u003e11.2.1-h1\u003c/li\u003e\u003cli\u003e11.2.2-h2\u003c/li\u003e\u003cli\u003e11.2.3-h3\u003c/li\u003e\u003cli\u003e11.2.4-h1\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eAdditional PAN-OS 11.1 fixes:\u003cul\u003e\u003cli\u003e11.1.0-h4\u003c/li\u003e\u003cli\u003e11.1.1-h2\u003c/li\u003e\u003cli\u003e11.1.2-h15\u003c/li\u003e\u003cli\u003e11.1.3-h11\u003c/li\u003e\u003cli\u003e11.1.4-h7\u003c/li\u003e\u003cli\u003e11.1.5-h1\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eAdditional PAN-OS 11.0 fixes:\u003cul\u003e\u003cli\u003e11.0.0-h4\u003c/li\u003e\u003cli\u003e11.0.1-h5\u003c/li\u003e\u003cli\u003e11.0.2-h5\u003c/li\u003e\u003cli\u003e11.0.3-h13\u003c/li\u003e\u003cli\u003e11.0.4-h6\u003c/li\u003e\u003cli\u003e11.0.5-h2\u003c/li\u003e\u003cli\u003e11.0.6-h1\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eAdditional PAN-OS 10.2 fixes:\u003cul\u003e\u003cli\u003e10.2.0-h4\u003c/li\u003e\u003cli\u003e10.2.1-h3\u003c/li\u003e\u003cli\u003e10.2.2-h6\u003c/li\u003e\u003cli\u003e10.2.3-h14\u003c/li\u003e\u003cli\u003e10.2.4-h32\u003c/li\u003e\u003cli\u003e10.2.5-h9\u003c/li\u003e\u003cli\u003e10.2.6-h6\u003c/li\u003e\u003cli\u003e10.2.7-h18\u003c/li\u003e\u003cli\u003e10.2.8-h15\u003c/li\u003e\u003cli\u003e10.2.9-h16\u003c/li\u003e\u003cli\u003e10.2.10-h9\u003c/li\u003e\u003cli\u003e10.2.11-h6\u003c/li\u003e\u003cli\u003e10.2.12-h2\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eAdditional PAN-OS 10.1 fixes:\u003cul\u003e\u003cli\u003e10.1.9-h14\u003c/li\u003e\u003cli\u003e10.1.10-h9\u003c/li\u003e\u003cli\u003e10.1.11-h10\u003c/li\u003e\u003cli\u003e10.1.12-h3\u003c/li\u003e\u003cli\u003e10.1.13-h5\u003c/li\u003e\u003cli\u003e10.1.14-h6\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
            }
          ],
          "value": "This issue is fixed in PAN-OS 10.1.14-h6, PAN-OS 10.2.12-h2, PAN-OS 11.0.6-h1, PAN-OS 11.1.5-h1, PAN-OS 11.2.4-h1, and all later PAN-OS versions.\n\nIn addition, in an attempt to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases.\n\n  *  Additional PAN-OS 11.2 fixes:  *  \u200b\u200b11.2.0-h1\n  *  11.2.1-h1\n  *  11.2.2-h2\n  *  11.2.3-h3\n  *  11.2.4-h1\n\n\n\n  *  Additional PAN-OS 11.1 fixes:  *  11.1.0-h4\n  *  11.1.1-h2\n  *  11.1.2-h15\n  *  11.1.3-h11\n  *  11.1.4-h7\n  *  11.1.5-h1\n\n\n\n  *  Additional PAN-OS 11.0 fixes:  *  11.0.0-h4\n  *  11.0.1-h5\n  *  11.0.2-h5\n  *  11.0.3-h13\n  *  11.0.4-h6\n  *  11.0.5-h2\n  *  11.0.6-h1\n\n\n\n  *  Additional PAN-OS 10.2 fixes:  *  10.2.0-h4\n  *  10.2.1-h3\n  *  10.2.2-h6\n  *  10.2.3-h14\n  *  10.2.4-h32\n  *  10.2.5-h9\n  *  10.2.6-h6\n  *  10.2.7-h18\n  *  10.2.8-h15\n  *  10.2.9-h16\n  *  10.2.10-h9\n  *  10.2.11-h6\n  *  10.2.12-h2\n\n\n\n  *  Additional PAN-OS 10.1 fixes:  *  10.1.9-h14\n  *  10.1.10-h9\n  *  10.1.11-h10\n  *  10.1.12-h3\n  *  10.1.13-h5\n  *  10.1.14-h6"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-18T14:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan\u003eRecommended mitigation\u2014The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you haven\u2019t already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines. Specifically, you should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the internet.\u003c/span\u003e\u003cbr /\u003e\u003cp\u003e\u003cspan\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003c/span\u003e\u003c/p\u003e\u003cspan\u003e\u003cul\u003e\u003cli\u003e\u003cspan\u003ePalo Alto Networks LIVEcommunity article:\u00a0\u003c/span\u003e\u003ca target=\"_blank\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003cspan\u003ehttps://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003ePalo Alto Networks official and more detailed technical documentation:\u00a0\u003ca target=\"_blank\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ehttps://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e"
            }
          ],
          "value": "Recommended mitigation\u2014The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you haven\u2019t already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines. Specifically, you should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the internet.\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n  *  Palo Alto Networks LIVEcommunity article:\u00a0 https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-9474",
    "datePublished": "2024-11-18T15:48:23.405Z",
    "dateReserved": "2024-10-03T11:35:20.568Z",
    "dateUpdated": "2025-10-21T22:55:36.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-0012 (GCVE-0-2024-0012)

Vulnerability from nvd

Published

2024-11-18 15:47

Modified

2025-10-21 22:55

Severity ?

9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red
5.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red

CWE

CWE-306 - Missing Authentication for Critical Function

Summary

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

	Palo Alto Networks	PAN-OS	Version: 11.2.0 < 11.2.4-h1 Version: 11.1.0 < 11.1.5-h1 Version: 11.0.0 < 11.0.6-h1 Version: 10.2.0 < 10.2.12-h2 cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.6:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2:-::::::
	Palo Alto Networks	Prisma Access

Show details on NVD website

https://security.paloaltonetworks.com/CVE-2025-4619

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0012",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T04:55:47.202753Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-11-18",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-0012"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:36.241Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "url": "https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-0012"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-11-18T00:00:00+00:00",
            "value": "CVE-2024-0012 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-24T14:44:56.514Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.6:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "11.2.4-h1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.2.4-h1",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.1.5-h1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.1.5-h1",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.0.6-h1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.0.6-h1",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.2.12-h2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.12-h2",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "10.1.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan\u003eThe risk is greatest if you configure the management interface to enable access from the internet or any untrusted network either:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cspan\u003eDirectly\u003cbr /\u003e\u003c/span\u003eor\u003c/li\u003e\u003cli\u003eThrough a dataplane interface that includes a management interface profile.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan\u003eThe risk is greatly reduced if you make sure that only trusted internal IP addresses are allowed to access the management interface.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eUse the following steps to identify your recently detected devices in our Internet scans:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cspan\u003eTo find your known assets that require remediation action, visit the Assets section of Customer Support Portal at\u00a0\u003c/span\u003e\u003ca target=\"_blank\" href=\"https://support.paloaltonetworks.com/\"\u003e\u003cspan\u003ehttps://support.paloaltonetworks.com\u003c/span\u003e\u003c/a\u003e\u00a0\u003cspan\u003e(Products \u2192 Assets \u2192 All Assets \u2192 Remediation Required).\u003c/span\u003e\u003c/li\u003e\u003cli\u003eThe list of your known devices with an internet-facing management interface discovered in our scans are tagged with PAN-SA-2024-0015 with a last seen timestamp in UTC. If no such devices are listed, it indicates our scan did not find any devices with internet-facing management interface for your account in the last three days.\u003c/li\u003e\u003c/ol\u003e"
            }
          ],
          "value": "The risk is greatest if you configure the management interface to enable access from the internet or any untrusted network either:\n\n  *  Directly\nor\n  *  Through a dataplane interface that includes a management interface profile.\nThe risk is greatly reduced if you make sure that only trusted internal IP addresses are allowed to access the management interface.\n\nUse the following steps to identify your recently detected devices in our Internet scans:\n\n  *  To find your known assets that require remediation action, visit the Assets section of Customer Support Portal at\u00a0 https://support.paloaltonetworks.com https://support.paloaltonetworks.com/ \u00a0(Products \u2192 Assets \u2192 All Assets \u2192 Remediation Required).\n  *  The list of your known devices with an internet-facing management interface discovered in our scans are tagged with PAN-SA-2024-0015 with a last seen timestamp in UTC. If no such devices are listed, it indicates our scan did not find any devices with internet-facing management interface for your account in the last three days."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Palo Alto Networks thanks our Deep Product Security Research Team for discovering this issue internally from threat activity."
        }
      ],
      "datePublic": "2024-11-18T14:20:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.paloaltonetworks.com/CVE-2024-9474\"\u003eCVE-2024-9474\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eThe risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eThis issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software.\u003c/p\u003e\u003cp\u003eCloud NGFW and Prisma Access are not impacted by this vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like  CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 .\n\nThe risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended\u00a0 best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software.\n\nCloud NGFW and Prisma Access are not impacted by this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan\u003ePalo Alto Networks observed threat activity that exploits this vulnerability against a limited number of management web interfaces that are exposed to internet traffic coming from outside the network.\u003c/span\u003e\u003cbr /\u003e"
            }
          ],
          "value": "Palo Alto Networks observed threat activity that exploits this vulnerability against a limited number of management web interfaces that are exposed to internet traffic coming from outside the network."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "If you configure restricted access to a jump box that is the only system allowed to access the management interface, you greatly reduce the risk of exploitation because attacks would require privileged access using only those IP addresses."
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-18T15:47:41.407Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2024-0012"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eWe strongly recommend that you secure access to your management interface following the instructions in the workarounds section below.\u003c/p\u003e\u003cp\u003e\u003cspan\u003eThis issue is fixed in PAN-OS 10.2.12-h2, PAN-OS 11.0.6-h1, PAN-OS 11.1.5-h1, PAN-OS 11.2.4-h1, and all later PAN-OS versions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eIn addition, in an attempt to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases.\u003c/span\u003e\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003eAdditional PAN-OS 11.2 fixes:\u003cul\u003e\u003cli\u003e\u200b\u200b11.2.0-h1\u003c/li\u003e\u003cli\u003e11.2.1-h1\u003c/li\u003e\u003cli\u003e11.2.2-h2\u003c/li\u003e\u003cli\u003e11.2.3-h3\u003c/li\u003e\u003cli\u003e11.2.4-h1\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eAdditional PAN-OS 11.1 fixes:\u003cul\u003e\u003cli\u003e11.1.0-h4\u003c/li\u003e\u003cli\u003e11.1.1-h2\u003c/li\u003e\u003cli\u003e11.1.2-h15\u003c/li\u003e\u003cli\u003e11.1.3-h11\u003c/li\u003e\u003cli\u003e11.1.4-h7\u003c/li\u003e\u003cli\u003e11.1.5-h1\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eAdditional PAN-OS 11.0 fixes:\u003cul\u003e\u003cli\u003e11.0.0-h4\u003c/li\u003e\u003cli\u003e11.0.1-h5\u003c/li\u003e\u003cli\u003e11.0.2-h5\u003c/li\u003e\u003cli\u003e11.0.3-h13\u003c/li\u003e\u003cli\u003e11.0.4-h6\u003c/li\u003e\u003cli\u003e11.0.5-h2\u003c/li\u003e\u003cli\u003e11.0.6-h1\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eAdditional PAN-OS 10.2 fixes:\u003cul\u003e\u003cli\u003e10.2.0-h4\u003c/li\u003e\u003cli\u003e10.2.1-h3\u003c/li\u003e\u003cli\u003e10.2.2-h6\u003c/li\u003e\u003cli\u003e10.2.3-h14\u003c/li\u003e\u003cli\u003e10.2.4-h32\u003c/li\u003e\u003cli\u003e10.2.5-h9\u003c/li\u003e\u003cli\u003e10.2.6-h6\u003c/li\u003e\u003cli\u003e10.2.7-h18\u003c/li\u003e\u003cli\u003e10.2.8-h15\u003c/li\u003e\u003cli\u003e10.2.9-h16\u003c/li\u003e\u003cli\u003e10.2.10-h9\u003c/li\u003e\u003cli\u003e10.2.11-h6\u003c/li\u003e\u003cli\u003e10.2.12-h2\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003c/div\u003e"
            }
          ],
          "value": "We strongly recommend that you secure access to your management interface following the instructions in the workarounds section below.\n\nThis issue is fixed in PAN-OS 10.2.12-h2, PAN-OS 11.0.6-h1, PAN-OS 11.1.5-h1, PAN-OS 11.2.4-h1, and all later PAN-OS versions.\n\nIn addition, in an attempt to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases.\n\n  *  Additional PAN-OS 11.2 fixes:  *  \u200b\u200b11.2.0-h1\n  *  11.2.1-h1\n  *  11.2.2-h2\n  *  11.2.3-h3\n  *  11.2.4-h1\n\n\n\n  *  Additional PAN-OS 11.1 fixes:  *  11.1.0-h4\n  *  11.1.1-h2\n  *  11.1.2-h15\n  *  11.1.3-h11\n  *  11.1.4-h7\n  *  11.1.5-h1\n\n\n\n  *  Additional PAN-OS 11.0 fixes:  *  11.0.0-h4\n  *  11.0.1-h5\n  *  11.0.2-h5\n  *  11.0.3-h13\n  *  11.0.4-h6\n  *  11.0.5-h2\n  *  11.0.6-h1\n\n\n\n  *  Additional PAN-OS 10.2 fixes:  *  10.2.0-h4\n  *  10.2.1-h3\n  *  10.2.2-h6\n  *  10.2.3-h14\n  *  10.2.4-h32\n  *  10.2.5-h9\n  *  10.2.6-h6\n  *  10.2.7-h18\n  *  10.2.8-h15\n  *  10.2.9-h16\n  *  10.2.10-h9\n  *  10.2.11-h6\n  *  10.2.12-h2"
        }
      ],
      "source": {
        "advisory": "PAN-SA-2024-0015",
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-18T14:20:00.000Z",
          "value": "CVE-2024-0012 assigned to this publication as the vulnerability is identified and fixed"
        },
        {
          "lang": "en",
          "time": "2024-11-15T22:00:00.000Z",
          "value": "Answered a FAQ about indicators of compromise"
        },
        {
          "lang": "en",
          "time": "2024-11-14T22:18:00.000Z",
          "value": "Raised the severity of PAN-SA-2024-0015 bulletin as we have observed threat activity"
        },
        {
          "lang": "en",
          "time": "2024-11-11T01:03:00.000Z",
          "value": "Added instructions to find your devices with an internet-facing management interface discovered in our scans"
        },
        {
          "lang": "en",
          "time": "2024-11-08T13:00:00.000Z",
          "value": "Initially published as PAN-SA-2024-0015"
        }
      ],
      "title": "PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan\u003eRecommended mitigation\u2014The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you haven\u2019t already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines. Specifically, you should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the internet.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eAdditionally, if you have a Threat Prevention subscription, you can block these attacks using Threat IDs 95746, 95747, 95752, 95753, 95759, and 95763 (available in Applications and Threats content version 8915-9075 and later). For these Threat IDs to protect against attacks for this vulnerability,\u003c/span\u003e\u003c/p\u003e\u003cspan\u003e\u003cul\u003e\u003cli\u003e\u003cspan\u003eEnsure that all the listed Threat IDs are set to block mode,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003e\u003cspan\u003eRoute incoming traffic for the MGT port through a DP port\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e, e.g., enabling management profile on a DP interface for management access,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c\"\u003e\u003cspan\u003eReplace the Certificate for Inbound Traffic Management\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2\"\u003e\u003cspan\u003eDecrypt inbound traffic to the management interface so the firewall can inspect it\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e, and\u003c/span\u003e\u003c/li\u003e\u003cli\u003eEnable threat prevention on the inbound traffic to management services.\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e\u003cspan\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003cbr /\u003e\u003cul\u003e\u003cli\u003e\u003cspan\u003ePalo Alto Networks LIVEcommunity article:\u00a0\u003c/span\u003e\u003ca target=\"_blank\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003cspan\u003ehttps://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003ePalo Alto Networks official and more detailed technical documentation:\u00a0\u003ca target=\"_blank\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003e\u003cspan\u003ehttps://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e"
            }
          ],
          "value": "Recommended mitigation\u2014The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you haven\u2019t already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines. Specifically, you should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the internet.\n\nAdditionally, if you have a Threat Prevention subscription, you can block these attacks using Threat IDs 95746, 95747, 95752, 95753, 95759, and 95763 (available in Applications and Threats content version 8915-9075 and later). For these Threat IDs to protect against attacks for this vulnerability,\n\n  *  Ensure that all the listed Threat IDs are set to block mode,\n  *   Route incoming traffic for the MGT port through a DP port https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba , e.g., enabling management profile on a DP interface for management access,\n  *   Replace the Certificate for Inbound Traffic Management https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c ,\n  *   Decrypt inbound traffic to the management interface so the firewall can inspect it https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2 , and\n  *  Enable threat prevention on the inbound traffic to management services.\n\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n  *  Palo Alto Networks LIVEcommunity article:\u00a0 https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n  *  Palo Alto Networks official and more detailed technical documentation:\u00a0 https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-0012",
    "datePublished": "2024-11-18T15:47:41.407Z",
    "dateReserved": "2023-11-09T18:56:17.699Z",
    "dateUpdated": "2025-10-21T22:55:36.241Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-4619 (GCVE-0-2025-4619)

Vulnerability from cvelistv5

Published

2025-11-13 20:24

Modified

2025-11-14 18:08

Severity ?

6.6 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Summary

A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. This issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma® Access software. This issue does not affect Cloud NGFW. We have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows. Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process.

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Patch: All

	Palo Alto Networks	PAN-OS	Patch: 12.1.0 Version: 11.2.0 < 11.2.5 Version: 11.1.0 < 11.1.7 Version: 10.2.0 < 10.2.14 Patch: 10.1.0 cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h5:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h4:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h3:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h2:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h1:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:-:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:h1:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:-:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:h1:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:-:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h13:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h12:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h11:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h10:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h9:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h8:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h7:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h6:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h5:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h4:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h3:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h2:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h17:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h16:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h15:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h14:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h13:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h12:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h11:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h10:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h9:::::: cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:::::::* cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h5:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h4:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h3:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h2:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h1:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:-:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h11:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h10:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h9:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h8:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h7:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h6:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h5:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h4:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h3:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h2:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h1:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:-:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h20:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h19:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h18:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h17:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h16:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h15:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h14:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h13:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h12:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h11:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h10:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h9:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h8:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h7:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h6:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h20:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h19:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h18:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h17:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h16:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h15:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h14:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h13:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h12:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h11:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h10:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:::::: cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:::::::* cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:::::::*
	Palo Alto Networks	Prisma Access	Version: 10.2.0 < 10.2.10-h14

Show details on NVD website

https://security.paloaltonetworks.com/CVE-2025-0111

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4619",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-14T18:08:04.676466Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-14T18:08:10.682Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h5:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:-:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h13:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h12:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h9:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h8:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h7:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h6:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h5:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h17:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h16:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h15:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h14:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h13:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h12:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h9:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h5:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h9:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h8:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h7:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h6:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h5:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h20:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h19:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h18:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h17:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h16:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h15:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h14:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h13:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h12:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h9:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h8:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h7:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h6:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h20:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h19:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h18:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h17:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h16:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h15:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h14:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h13:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h12:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "12.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.2.5",
                  "status": "unaffected"
                },
                {
                  "at": "11.2.4-h4",
                  "status": "unaffected"
                },
                {
                  "at": "11.2.3-h6",
                  "status": "unaffected"
                },
                {
                  "at": "11.2.2-h2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.2.5",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.1.7",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.6-h1",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.4-h13",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.4-h4",
                  "status": "affected"
                },
                {
                  "at": "11.1.3-h2",
                  "status": "affected"
                },
                {
                  "at": "11.1.2-h18",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.2-h9",
                  "status": "affected"
                }
              ],
              "lessThan": "11.1.7",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.2.14",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.13-h3",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.12-h6",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.11-h12",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.10-h14",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.10-h2",
                  "status": "affected"
                },
                {
                  "at": "10.2.9-h21",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.9-h6",
                  "status": "affected"
                },
                {
                  "at": "10.2.8-h21",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.8-h10",
                  "status": "affected"
                },
                {
                  "at": "10.2.7-h24",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.7-h11",
                  "status": "affected"
                },
                {
                  "at": "10.2.4-h25",
                  "status": "affected"
                }
              ],
              "lessThan": "10.2.14",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "10.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "PAN-OS"
          ],
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "11.2.4-h4",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.10-h14",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.4-h25",
                  "status": "affected"
                }
              ],
              "lessThan": "10.2.10-h14",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is only applicable to firewalls where URL\u0026nbsp;proxy or any decrypt-policy is configured.\u003cbr\u003e\u003cbr\u003eWhen any decrypt policy is configured, this issue may be encountered regardless of whether traffic matches explicit decrypt, explicit no-decrypt, or none of the decryption policies."
            }
          ],
          "value": "This issue is only applicable to firewalls where URL\u00a0proxy or any decrypt-policy is configured.\n\nWhen any decrypt policy is configured, this issue may be encountered regardless of whether traffic matches explicit decrypt, explicit no-decrypt, or none of the decryption policies."
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.2.5",
                  "versionStartIncluding": "11.2.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.2.4-h4",
                  "versionStartIncluding": "11.2.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.2.3-h6",
                  "versionStartIncluding": "11.2.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.2.2-h2",
                  "versionStartIncluding": "11.2.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.1.7",
                  "versionStartIncluding": "11.1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.1.6-h1",
                  "versionStartIncluding": "11.1.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.1.4-h13",
                  "versionStartIncluding": "11.1.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.1.4-h4",
                  "versionStartIncluding": "11.1.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.1.3-h2",
                  "versionStartIncluding": "11.1.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.1.2-h18",
                  "versionStartIncluding": "11.1.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.1.2-h9",
                  "versionStartIncluding": "11.1.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.14",
                  "versionStartIncluding": "10.2.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.13-h3",
                  "versionStartIncluding": "10.2.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.12-h6",
                  "versionStartIncluding": "10.2.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.11-h12",
                  "versionStartIncluding": "10.2.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.10-h14",
                  "versionStartIncluding": "10.2.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.10-h2",
                  "versionStartIncluding": "10.2.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.9-h21",
                  "versionStartIncluding": "10.2.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.9-h6",
                  "versionStartIncluding": "10.2.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.8-h21",
                  "versionStartIncluding": "10.2.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.8-h10",
                  "versionStartIncluding": "10.2.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.7-h24",
                  "versionStartIncluding": "10.2.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.7-h11",
                  "versionStartIncluding": "10.2.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:PAN-OS:*:*",
                  "versionEndExcluding": "11.2.4-h4",
                  "versionStartIncluding": "11.2.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:PAN-OS:*:*",
                  "versionEndExcluding": "10.2.10-h14",
                  "versionStartIncluding": "10.2.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "datePublic": "2025-11-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.\u003cbr\u003e\u003cbr\u003eThis issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma\u00ae Access software. This issue does not affect Cloud NGFW.\u003cbr\u003e\u003cbr\u003e\u200b\u200bWe have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows.  Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process."
            }
          ],
          "value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.\n\nThis issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma\u00ae Access software. This issue does not affect Cloud NGFW.\n\n\u200b\u200bWe have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows.  Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-129",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-129: Pointer Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "UNREPORTED",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-14T13:48:54.807Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2025-4619"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.4\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.4-h4 or 11.2.5 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.3\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.3-h6 or 11.2.5 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.2\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.2-h2 or 11.2.5 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.6\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.6-h1 or 11.1.7 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.4\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.4-h13 or 11.1.7 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.3\u003c/td\u003e\n                                \u003ctd\u003eRemain on a version older than 11.1.3-h2 or upgrade to 11.1.4-h13 or 11.1.7 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.2\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.2-h18 or 11.1.7 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.13\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.13-h3 or 10.2.14 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.12\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.12-h6 or 10.2.14 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.11\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.11-h12 or 10.2.14 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.10\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.10-h14 or 10.2.14 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.9\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.9-h21 or 10.2.14 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.8\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.8-h21 or 10.2.14 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.7\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.7-h24 or 10.2.14 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.4\u003c/td\u003e\n                                \u003ctd\u003eRemain on a version older than 10.2.4-h25\u003cbr\u003e\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;Prisma Access\u0026nbsp; on PAN-OS\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h4\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                    \u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\n                                    \u003ctd\u003e10.2.0 through 10.2.10\u003c/td\u003e\n                                    \u003ctd\u003eUpgrade to 10.2.10-h14 or 11.2.4-h4 or later.\u003c/td\u003e\n                                \u003c/tr\u003e\u003ctr\u003e\n                                    \u003ctd\u003e\u003c/td\u003e\n                                    \u003ctd\u003e10.2.0 through 10.2.4\u003c/td\u003e\n                                    \u003ctd\u003eRemain on a version older than 10.2.4-h25.\u003c/td\u003e\n                                \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
            }
          ],
          "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW\nNo action needed.PAN-OS 12.1\nNo action needed.\n                                PAN-OS 11.2\n\n                                11.2.0 through 11.2.4\n                                Upgrade to 11.2.4-h4 or 11.2.5 or later.\n                            \n                                \n                                11.2.0 through 11.2.3\n                                Upgrade to 11.2.3-h6 or 11.2.5 or later.\n                            \n                                \n                                11.2.0 through 11.2.2\n                                Upgrade to 11.2.2-h2 or 11.2.5 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.0 through 11.1.6\n                                Upgrade to 11.1.6-h1 or 11.1.7 or later.\n                            \n                                \n                                11.1.0 through 11.1.4\n                                Upgrade to 11.1.4-h13 or 11.1.7 or later.\n                            \n                                \n                                11.1.0 through 11.1.3\n                                Remain on a version older than 11.1.3-h2 or upgrade to 11.1.4-h13 or 11.1.7 or later.\n                            \n                                \n                                11.1.0 through 11.1.2\n                                Upgrade to 11.1.2-h18 or 11.1.7 or later.\n                            \n                                PAN-OS 10.2\n\n                                10.2.0 through 10.2.13\n                                Upgrade to 10.2.13-h3 or 10.2.14 or later.\n                            \n                                \n                                10.2.0 through 10.2.12\n                                Upgrade to 10.2.12-h6 or 10.2.14 or later.\n                            \n                                \n                                10.2.0 through 10.2.11\n                                Upgrade to 10.2.11-h12 or 10.2.14 or later.\n                            \n                                \n                                10.2.0 through 10.2.10\n                                Upgrade to 10.2.10-h14 or 10.2.14 or later.\n                            \n                                \n                                10.2.0 through 10.2.9\n                                Upgrade to 10.2.9-h21 or 10.2.14 or later.\n                            \n                                \n                                10.2.0 through 10.2.8\n                                Upgrade to 10.2.8-h21 or 10.2.14 or later.\n                            \n                                \n                                10.2.0 through 10.2.7\n                                Upgrade to 10.2.7-h24 or 10.2.14 or later.\n                            \n                                \n                                10.2.0 through 10.2.4\n                                Remain on a version older than 10.2.4-h25\n\n                            PAN-OS 10.1\nNo action needed.All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.\u00a0Prisma Access\u00a0 on PAN-OS11.2.0 through 11.2.4Upgrade to 11.2.4-h4\u00a0or later\n                                    \n\n                                    10.2.0 through 10.2.10\n                                    Upgrade to 10.2.10-h14 or 11.2.4-h4 or later.\n                                \n                                    \n                                    10.2.0 through 10.2.4\n                                    Remain on a version older than 10.2.4-h25."
        }
      ],
      "source": {
        "defect": [
          "PAN-247099"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-11-12T17:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Packets",
      "workarounds": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No known workarounds exist for this issue."
            }
          ],
          "value": "No known workarounds exist for this issue."
        }
      ],
      "x_affectedList": [
        "PAN-OS 11.2.4-h3",
        "PAN-OS 11.2.4-h2",
        "PAN-OS 11.2.4-h1",
        "PAN-OS 11.2.4",
        "PAN-OS 11.2.3-h5",
        "PAN-OS 11.2.3-h4",
        "PAN-OS 11.2.3-h3",
        "PAN-OS 11.2.3-h2",
        "PAN-OS 11.2.3-h1",
        "PAN-OS 11.2.3",
        "PAN-OS 11.2.2-h1",
        "PAN-OS 11.2.2",
        "PAN-OS 11.2.1-h1",
        "PAN-OS 11.2.1",
        "PAN-OS 11.2.0-h1",
        "PAN-OS 11.2.0",
        "PAN-OS 11.1.6",
        "PAN-OS 11.1.5-h1",
        "PAN-OS 11.1.5",
        "PAN-OS 11.1.4-h12",
        "PAN-OS 11.1.4-h11",
        "PAN-OS 11.1.4-h10",
        "PAN-OS 11.1.4-h9",
        "PAN-OS 11.1.4-h8",
        "PAN-OS 11.1.4-h7",
        "PAN-OS 11.1.4-h6",
        "PAN-OS 11.1.4-h5",
        "PAN-OS 11.1.3-h13",
        "PAN-OS 11.1.3-h12",
        "PAN-OS 11.1.3-h11",
        "PAN-OS 11.1.3-h10",
        "PAN-OS 11.1.3-h9",
        "PAN-OS 11.1.3-h8",
        "PAN-OS 11.1.3-h7",
        "PAN-OS 11.1.3-h6",
        "PAN-OS 11.1.3-h5",
        "PAN-OS 11.1.3-h4",
        "PAN-OS 11.1.3-h3",
        "PAN-OS 11.1.3-h2",
        "PAN-OS 11.1.2-h17",
        "PAN-OS 11.1.2-h16",
        "PAN-OS 11.1.2-h15",
        "PAN-OS 11.1.2-h14",
        "PAN-OS 11.1.2-h13",
        "PAN-OS 11.1.2-h12",
        "PAN-OS 11.1.2-h11",
        "PAN-OS 11.1.2-h10",
        "PAN-OS 11.1.2-h9",
        "PAN-OS 11.1.1-h2",
        "PAN-OS 11.1.1-h1",
        "PAN-OS 11.1.1",
        "PAN-OS 11.1.0-h4",
        "PAN-OS 11.1.0-h3",
        "PAN-OS 11.1.0-h2",
        "PAN-OS 11.1.0-h1",
        "PAN-OS 11.1.0",
        "PAN-OS 10.2.13-h2",
        "PAN-OS 10.2.13-h1",
        "PAN-OS 10.2.13",
        "PAN-OS 10.2.12-h5",
        "PAN-OS 10.2.12-h4",
        "PAN-OS 10.2.12-h3",
        "PAN-OS 10.2.12-h2",
        "PAN-OS 10.2.12-h1",
        "PAN-OS 10.2.12",
        "PAN-OS 10.2.11-h11",
        "PAN-OS 10.2.11-h10",
        "PAN-OS 10.2.11-h9",
        "PAN-OS 10.2.11-h8",
        "PAN-OS 10.2.11-h7",
        "PAN-OS 10.2.11-h6",
        "PAN-OS 10.2.11-h5",
        "PAN-OS 10.2.11-h4",
        "PAN-OS 10.2.11-h3",
        "PAN-OS 10.2.11-h2",
        "PAN-OS 10.2.11-h1",
        "PAN-OS 10.2.11",
        "PAN-OS 10.2.10-h13",
        "PAN-OS 10.2.10-h12",
        "PAN-OS 10.2.10-h11",
        "PAN-OS 10.2.10-h10",
        "PAN-OS 10.2.10-h9",
        "PAN-OS 10.2.10-h8",
        "PAN-OS 10.2.10-h7",
        "PAN-OS 10.2.10-h6",
        "PAN-OS 10.2.10-h5",
        "PAN-OS 10.2.10-h4",
        "PAN-OS 10.2.10-h3",
        "PAN-OS 10.2.10-h2",
        "PAN-OS 10.2.9-h20",
        "PAN-OS 10.2.9-h19",
        "PAN-OS 10.2.9-h18",
        "PAN-OS 10.2.9-h17",
        "PAN-OS 10.2.9-h16",
        "PAN-OS 10.2.9-h15",
        "PAN-OS 10.2.9-h14",
        "PAN-OS 10.2.9-h13",
        "PAN-OS 10.2.9-h12",
        "PAN-OS 10.2.9-h11",
        "PAN-OS 10.2.9-h10",
        "PAN-OS 10.2.9-h9",
        "PAN-OS 10.2.9-h8",
        "PAN-OS 10.2.9-h7",
        "PAN-OS 10.2.9-h6",
        "PAN-OS 10.2.8-h20",
        "PAN-OS 10.2.8-h19",
        "PAN-OS 10.2.8-h18",
        "PAN-OS 10.2.8-h17",
        "PAN-OS 10.2.8-h16",
        "PAN-OS 10.2.8-h15",
        "PAN-OS 10.2.8-h14",
        "PAN-OS 10.2.8-h13",
        "PAN-OS 10.2.8-h12",
        "PAN-OS 10.2.8-h11",
        "PAN-OS 10.2.8-h10",
        "PAN-OS 10.2.7-h23",
        "PAN-OS 10.2.7-h22",
        "PAN-OS 10.2.7-h21",
        "PAN-OS 10.2.7-h20",
        "PAN-OS 10.2.7-h19",
        "PAN-OS 10.2.7-h18",
        "PAN-OS 10.2.7-h17",
        "PAN-OS 10.2.7-h16",
        "PAN-OS 10.2.7-h15",
        "PAN-OS 10.2.7-h14",
        "PAN-OS 10.2.7-h13",
        "PAN-OS 10.2.7-h12",
        "PAN-OS 10.2.7-h11",
        "PAN-OS 10.2.6-h6",
        "PAN-OS 10.2.6-h5",
        "PAN-OS 10.2.6-h4",
        "PAN-OS 10.2.6-h3",
        "PAN-OS 10.2.6-h2",
        "PAN-OS 10.2.6-h1",
        "PAN-OS 10.2.6",
        "PAN-OS 10.2.5-h9",
        "PAN-OS 10.2.5-h8",
        "PAN-OS 10.2.5-h7",
        "PAN-OS 10.2.5-h6",
        "PAN-OS 10.2.5-h5",
        "PAN-OS 10.2.5-h4",
        "PAN-OS 10.2.5-h3",
        "PAN-OS 10.2.5-h2",
        "PAN-OS 10.2.5-h1",
        "PAN-OS 10.2.5",
        "PAN-OS 10.2.4-h32",
        "PAN-OS 10.2.4-h31",
        "PAN-OS 10.2.4-h30",
        "PAN-OS 10.2.4-h29",
        "PAN-OS 10.2.4-h28",
        "PAN-OS 10.2.4-h27",
        "PAN-OS 10.2.4-h26",
        "PAN-OS 10.2.4-h25",
        "PAN-OS 10.2.3-h14",
        "PAN-OS 10.2.3-h13",
        "PAN-OS 10.2.3-h12",
        "PAN-OS 10.2.3-h11",
        "PAN-OS 10.2.3-h10",
        "PAN-OS 10.2.3-h9",
        "PAN-OS 10.2.3-h8",
        "PAN-OS 10.2.3-h7",
        "PAN-OS 10.2.3-h6",
        "PAN-OS 10.2.3-h5",
        "PAN-OS 10.2.3-h4",
        "PAN-OS 10.2.3-h3",
        "PAN-OS 10.2.3-h2",
        "PAN-OS 10.2.3-h1",
        "PAN-OS 10.2.3",
        "PAN-OS 10.2.2-h6",
        "PAN-OS 10.2.2-h5",
        "PAN-OS 10.2.2-h4",
        "PAN-OS 10.2.2-h3",
        "PAN-OS 10.2.2-h2",
        "PAN-OS 10.2.2-h1",
        "PAN-OS 10.2.2",
        "PAN-OS 10.2.1-h3",
        "PAN-OS 10.2.1-h2",
        "PAN-OS 10.2.1-h1",
        "PAN-OS 10.2.1",
        "PAN-OS 10.2.0-h4",
        "PAN-OS 10.2.0-h3",
        "PAN-OS 10.2.0-h2",
        "PAN-OS 10.2.0-h1",
        "PAN-OS 10.2.0"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2025-4619",
    "datePublished": "2025-11-13T20:24:19.208Z",
    "dateReserved": "2025-05-12T22:05:16.932Z",
    "dateUpdated": "2025-11-14T18:08:10.682Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-0111 (GCVE-0-2025-0111)

Vulnerability from cvelistv5

Published

2025-02-12 20:58

Modified

2025-10-21 22:55

Severity ?

7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Red
5.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber

CWE

CWE-73 - External Control of File Name or Path

Summary

An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Patch: All

	Palo Alto Networks	PAN-OS	Version: 10.1.0 < 10.1.14-h9 Version: 10.2.0 < 10.2.7-h24 Version: 11.1.0 < 11.1.6-h1 Version: 11.2.0 < 11.2.4-h4 cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h20:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h19:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h20:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:::::::*
	Palo Alto Networks	Prisma Access	Patch: All

Show details on NVD website

https://security.paloaltonetworks.com/CVE-2025-0108

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0111",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-21T04:56:11.692315Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-02-20",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0111"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:28.906Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0111"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-02-20T00:00:00+00:00",
            "value": "CVE-2025-0111 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h17:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h20:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h19:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h20:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "10.1.14-h9",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.1.14-h9",
              "status": "affected",
              "version": "10.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.2.7-h24",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.8-h21",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.9-h21",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.12-h6",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.13-h3",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.10-h14",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.11-h12",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.7-h24",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.1.6-h1",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.2-h18",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.1.6-h1",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.2.4-h4",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.2.4-h4",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\u003c/p\u003e\u003col\u003e\u003cli\u003eDirectly; or\u003c/li\u003e\u003cli\u003eThrough a dataplane interface that includes a management interface profile.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eYou greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.\u003c/p\u003e\u003cp\u003eUse the following steps to identify your recently detected devices in our internet scans.\u003c/p\u003e\u003col\u003e\u003cli\u003eTo find any assets that require remediation action, visit the Assets section of the Customer Support Portal at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/\"\u003ehttps://support.paloaltonetworks.com\u003c/a\u003e\u0026nbsp;(Products \u2192 Assets \u2192 All Assets \u2192 Remediation Required).\u003c/li\u003e\u003cli\u003eReview the list of your devices that we discovered in our scans to have an internet-facing management interface and that we tagged with \u2018PAN-SA-2024-0015\u2019 and a last seen timestamp (in UTC). If you do not see any such devices listed, then our scan did not find any devices on your account to have an internet-facing management interface within the past three days.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eGlobalProtect portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you expose the device to attacks through the management web interface (typically accessible on port 4443).\u003c/p\u003e"
            }
          ],
          "value": "The risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\n\n  *  Directly; or\n  *  Through a dataplane interface that includes a management interface profile.\nYou greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.\n\nUse the following steps to identify your recently detected devices in our internet scans.\n\n  *  To find any assets that require remediation action, visit the Assets section of the Customer Support Portal at  https://support.paloaltonetworks.com https://support.paloaltonetworks.com/ \u00a0(Products \u2192 Assets \u2192 All Assets \u2192 Remediation Required).\n  *  Review the list of your devices that we discovered in our scans to have an internet-facing management interface and that we tagged with \u2018PAN-SA-2024-0015\u2019 and a last seen timestamp (in UTC). If you do not see any such devices listed, then our scan did not find any devices on your account to have an internet-facing management interface within the past three days.\nGlobalProtect portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you expose the device to attacks through the management web interface (typically accessible on port 4443)."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "\u00c9milio Gonzalez"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Maxime Gaudreault"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "our Deep Product Security Research Team"
        }
      ],
      "datePublic": "2025-02-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the \u201cnobody\u201d user.\u003c/p\u003e\u003cp\u003eYou can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practices deployment guidelines\u003c/a\u003e.\u003c/p\u003e\u003cb\u003e\u003cp\u003e\u003c/p\u003e\u003c/b\u003e\u003cp\u003eThis issue does not affect Cloud NGFW or Prisma Access software.\u003c/p\u003e\u003cb\u003e\u003c/b\u003e"
            }
          ],
          "value": "An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the \u201cnobody\u201d user.\n\nYou can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended  best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\n\n\nThis issue does not affect Cloud NGFW or Prisma Access software."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePalo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces.\u003c/p\u003e"
            }
          ],
          "value": "Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-165",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-165 File Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "You can greatly reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface. This will ensure that attacks can succeed only if they obtain privileged access through those specified IP addresses."
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-73",
              "description": "CWE-73: External Control of File Name or Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-19T23:50:51.121Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2025-0111"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.1.0 through 10.1.14\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 10.1.14-h9 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.13\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.13-h3 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.7\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.7-h24 or 10.2.13-h3 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.8\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.8-h21 or 10.2.13-h3 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.9\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.9-h21 or 10.2.13-h3 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.10\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h14 or 10.2.13-h3 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.11\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.11-h12 or 10.2.13-h3 or later \u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.12\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.12-h6 or 10.2.13-h3 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.0 (EoL)\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.6\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.6-h1 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e11.1.2\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.2-h18 or 11.1.6-h1 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h4 or later\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003eNote: PAN-OS 11.0 reached end of life (EoL) on November 17, 2024. No additional fixes are planned for this release.\u003c/p\u003e"
            }
          ],
          "value": "Version\nMinor Version\nSuggested Solution\nPAN-OS 10.1\n10.1.0 through 10.1.14\nUpgrade to 10.1.14-h9 or later\nPAN-OS 10.2\n10.2.0 through 10.2.13\nUpgrade to 10.2.13-h3 or later\n\u00a010.2.7Upgrade to 10.2.7-h24 or 10.2.13-h3 or later\u00a010.2.8Upgrade to 10.2.8-h21 or 10.2.13-h3 or later\u00a010.2.9Upgrade to 10.2.9-h21 or 10.2.13-h3 or later\u00a010.2.10Upgrade to 10.2.10-h14 or 10.2.13-h3 or later\u00a010.2.11Upgrade to 10.2.11-h12 or 10.2.13-h3 or later \u00a010.2.12Upgrade to 10.2.12-h6 or 10.2.13-h3 or later\nPAN-OS 11.0 (EoL)\u00a0Upgrade to a supported fixed versionPAN-OS 11.1\n11.1.0 through 11.1.6\nUpgrade to 11.1.6-h1 or later\n\u00a011.1.2Upgrade to 11.1.2-h18 or 11.1.6-h1 or later\nPAN-OS 11.2\n11.2.0 through 11.2.4\nUpgrade to 11.2.4-h4 or laterNote: PAN-OS 11.0 reached end of life (EoL) on November 17, 2024. No additional fixes are planned for this release."
        }
      ],
      "source": {
        "defect": [
          "PAN-273994"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-19T23:15:00.000Z",
          "value": "Updated fix availability for PAN-OS 10.2 and 11.1"
        },
        {
          "lang": "en",
          "time": "2025-02-18T23:00:00.000Z",
          "value": "Updated exploit status and solution table"
        },
        {
          "lang": "en",
          "time": "2025-02-18T19:30:00.000Z",
          "value": "Updated fix availability for PAN-OS 10.2"
        },
        {
          "lang": "en",
          "time": "2025-02-12T23:45:00.000Z",
          "value": "Added Threat Prevention Threat ID to Workarounds and Mitigations"
        },
        {
          "lang": "en",
          "time": "2025-02-12T17:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003eRecommended mitigation\u003c/b\u003e\u2014The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practices deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003c/p\u003e\u003cp\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003c/p\u003e\u003cul\u003e\u003cli\u003ePalo Alto Networks LIVEcommunity article:\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ehttps://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\u003c/a\u003e\u003c/li\u003e\u003cli\u003ePalo Alto Networks official and detailed technical documentation:\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ehttps://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003eAdditionally, customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510000 and 510001 (introduced in Applications and Threats content version 8943).\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003e\u003c/a\u003e"
            }
          ],
          "value": "Recommended mitigation\u2014The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our  https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n  *  Palo Alto Networks official and detailed technical documentation: https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices \n\n\nAdditionally, customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510000 and 510001 (introduced in Applications and Threats content version 8943).\n  https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices"
        }
      ],
      "x_affectedList": [
        "PAN-OS 11.2.4-h3",
        "PAN-OS 11.2.4-h2",
        "PAN-OS 11.2.4-h1",
        "PAN-OS 11.2.4",
        "PAN-OS 11.2.3-h5",
        "PAN-OS 11.2.3-h4",
        "PAN-OS 11.2.3-h3",
        "PAN-OS 11.2.3-h2",
        "PAN-OS 11.2.3-h1",
        "PAN-OS 11.2.3",
        "PAN-OS 11.2.2-h2",
        "PAN-OS 11.2.2-h1",
        "PAN-OS 11.2.1-h1",
        "PAN-OS 11.2.1",
        "PAN-OS 11.2.0-h1",
        "PAN-OS 11.2.0",
        "PAN-OS 11.1.6",
        "PAN-OS 11.1.5-h1",
        "PAN-OS 11.1.5",
        "PAN-OS 11.1.4-h9",
        "PAN-OS 11.1.4-h8",
        "PAN-OS 11.1.4-h7",
        "PAN-OS 11.1.4-h6",
        "PAN-OS 11.1.4-h5",
        "PAN-OS 11.1.4-h4",
        "PAN-OS 11.1.4-h3",
        "PAN-OS 11.1.4-h2",
        "PAN-OS 11.1.4-h1",
        "PAN-OS 11.1.4",
        "PAN-OS 11.1.3-h13",
        "PAN-OS 11.1.3-h12",
        "PAN-OS 11.1.3-h11",
        "PAN-OS 11.1.3-h10",
        "PAN-OS 11.1.3-h9",
        "PAN-OS 11.1.3-h8",
        "PAN-OS 11.1.3-h7",
        "PAN-OS 11.1.3-h6",
        "PAN-OS 11.1.3-h5",
        "PAN-OS 11.1.3-h4",
        "PAN-OS 11.1.3-h3",
        "PAN-OS 11.1.3-h2",
        "PAN-OS 11.1.3-h1",
        "PAN-OS 11.1.3",
        "PAN-OS 11.1.2-h17",
        "PAN-OS 11.1.2-h16",
        "PAN-OS 11.1.2-h15",
        "PAN-OS 11.1.2-h14",
        "PAN-OS 11.1.2-h13",
        "PAN-OS 11.1.2-h12",
        "PAN-OS 11.1.2-h11",
        "PAN-OS 11.1.2-h10",
        "PAN-OS 11.1.2-h9",
        "PAN-OS 11.1.2-h8",
        "PAN-OS 11.1.2-h7",
        "PAN-OS 11.1.2-h6",
        "PAN-OS 11.1.2-h5",
        "PAN-OS 11.1.2-h4",
        "PAN-OS 11.1.2-h3",
        "PAN-OS 11.1.2-h2",
        "PAN-OS 11.1.2-h1",
        "PAN-OS 11.1.2",
        "PAN-OS 11.1.1-h2",
        "PAN-OS 11.1.1-h1",
        "PAN-OS 11.1.1",
        "PAN-OS 11.1.0-h4",
        "PAN-OS 11.1.0-h3",
        "PAN-OS 11.1.0-h2",
        "PAN-OS 11.1.0-h1",
        "PAN-OS 11.1.0",
        "PAN-OS 10.2.13-h2",
        "PAN-OS 10.2.13-h1",
        "PAN-OS 10.2.13",
        "PAN-OS 10.2.12-h5",
        "PAN-OS 10.2.12-h4",
        "PAN-OS 10.2.12-h3",
        "PAN-OS 10.2.12-h2",
        "PAN-OS 10.2.12-h1",
        "PAN-OS 10.2.12",
        "PAN-OS 10.2.11-h11",
        "PAN-OS 10.2.11-h10",
        "PAN-OS 10.2.11-h9",
        "PAN-OS 10.2.11-h8",
        "PAN-OS 10.2.11-h7",
        "PAN-OS 10.2.11-h6",
        "PAN-OS 10.2.11-h5",
        "PAN-OS 10.2.11-h4",
        "PAN-OS 10.2.11-h3",
        "PAN-OS 10.2.11-h2",
        "PAN-OS 10.2.11-h1",
        "PAN-OS 10.2.11",
        "PAN-OS 10.2.10-h13",
        "PAN-OS 10.2.10-h12",
        "PAN-OS 10.2.10-h11",
        "PAN-OS 10.2.10-h10",
        "PAN-OS 10.2.10-h9",
        "PAN-OS 10.2.10-h8",
        "PAN-OS 10.2.10-h7",
        "PAN-OS 10.2.10-h6",
        "PAN-OS 10.2.10-h5",
        "PAN-OS 10.2.10-h4",
        "PAN-OS 10.2.10-h3",
        "PAN-OS 10.2.10-h2",
        "PAN-OS 10.2.10-h1",
        "PAN-OS 10.2.10",
        "PAN-OS 10.2.9-h20",
        "PAN-OS 10.2.9-h19",
        "PAN-OS 10.2.9-h18",
        "PAN-OS 10.2.9-h17",
        "PAN-OS 10.2.9-h16",
        "PAN-OS 10.2.9-h15",
        "PAN-OS 10.2.9-h14",
        "PAN-OS 10.2.9-h13",
        "PAN-OS 10.2.9-h12",
        "PAN-OS 10.2.9-h11",
        "PAN-OS 10.2.9-h10",
        "PAN-OS 10.2.9-h9",
        "PAN-OS 10.2.9-h8",
        "PAN-OS 10.2.9-h7",
        "PAN-OS 10.2.9-h6",
        "PAN-OS 10.2.9-h5",
        "PAN-OS 10.2.9-h4",
        "PAN-OS 10.2.9-h3",
        "PAN-OS 10.2.9-h2",
        "PAN-OS 10.2.9-h1",
        "PAN-OS 10.2.9",
        "PAN-OS 10.2.8-h20",
        "PAN-OS 10.2.8-h19",
        "PAN-OS 10.2.8-h18",
        "PAN-OS 10.2.8-h17",
        "PAN-OS 10.2.8-h16",
        "PAN-OS 10.2.8-h15",
        "PAN-OS 10.2.8-h14",
        "PAN-OS 10.2.8-h13",
        "PAN-OS 10.2.8-h12",
        "PAN-OS 10.2.8-h11",
        "PAN-OS 10.2.8-h10",
        "PAN-OS 10.2.8-h9",
        "PAN-OS 10.2.8-h8",
        "PAN-OS 10.2.8-h7",
        "PAN-OS 10.2.8-h6",
        "PAN-OS 10.2.8-h5",
        "PAN-OS 10.2.8-h4",
        "PAN-OS 10.2.8-h3",
        "PAN-OS 10.2.8-h2",
        "PAN-OS 10.2.8-h1",
        "PAN-OS 10.2.8",
        "PAN-OS 10.2.7-h23",
        "PAN-OS 10.2.7-h22",
        "PAN-OS 10.2.7-h21",
        "PAN-OS 10.2.7-h20",
        "PAN-OS 10.2.7-h19",
        "PAN-OS 10.2.7-h18",
        "PAN-OS 10.2.7-h17",
        "PAN-OS 10.2.7-h16",
        "PAN-OS 10.2.7-h15",
        "PAN-OS 10.2.7-h14",
        "PAN-OS 10.2.7-h13",
        "PAN-OS 10.2.7-h12",
        "PAN-OS 10.2.7-h11",
        "PAN-OS 10.2.7-h10",
        "PAN-OS 10.2.7-h9",
        "PAN-OS 10.2.7-h8",
        "PAN-OS 10.2.7-h7",
        "PAN-OS 10.2.7-h6",
        "PAN-OS 10.2.7-h5",
        "PAN-OS 10.2.7-h4",
        "PAN-OS 10.2.7-h3",
        "PAN-OS 10.2.7-h2",
        "PAN-OS 10.2.7-h1",
        "PAN-OS 10.2.7",
        "PAN-OS 10.2.6-h6",
        "PAN-OS 10.2.6-h5",
        "PAN-OS 10.2.6-h4",
        "PAN-OS 10.2.6-h3",
        "PAN-OS 10.2.6-h2",
        "PAN-OS 10.2.6-h1",
        "PAN-OS 10.2.6",
        "PAN-OS 10.2.5-h9",
        "PAN-OS 10.2.5-h8",
        "PAN-OS 10.2.5-h7",
        "PAN-OS 10.2.5-h6",
        "PAN-OS 10.2.5-h5",
        "PAN-OS 10.2.5-h4",
        "PAN-OS 10.2.5-h3",
        "PAN-OS 10.2.5-h2",
        "PAN-OS 10.2.5-h1",
        "PAN-OS 10.2.5",
        "PAN-OS 10.2.4-h32",
        "PAN-OS 10.2.4-h31",
        "PAN-OS 10.2.4-h30",
        "PAN-OS 10.2.4-h29",
        "PAN-OS 10.2.4-h28",
        "PAN-OS 10.2.4-h27",
        "PAN-OS 10.2.4-h26",
        "PAN-OS 10.2.4-h25",
        "PAN-OS 10.2.4-h24",
        "PAN-OS 10.2.4-h23",
        "PAN-OS 10.2.4-h22",
        "PAN-OS 10.2.4-h21",
        "PAN-OS 10.2.4-h20",
        "PAN-OS 10.2.4-h19",
        "PAN-OS 10.2.4-h18",
        "PAN-OS 10.2.4-h17",
        "PAN-OS 10.2.4-h16",
        "PAN-OS 10.2.4-h15",
        "PAN-OS 10.2.4-h14",
        "PAN-OS 10.2.4-h13",
        "PAN-OS 10.2.4-h12",
        "PAN-OS 10.2.4-h11",
        "PAN-OS 10.2.4-h10",
        "PAN-OS 10.2.4-h9",
        "PAN-OS 10.2.4-h8",
        "PAN-OS 10.2.4-h7",
        "PAN-OS 10.2.4-h6",
        "PAN-OS 10.2.4-h5",
        "PAN-OS 10.2.4-h4",
        "PAN-OS 10.2.4-h3",
        "PAN-OS 10.2.4-h2",
        "PAN-OS 10.2.4-h1",
        "PAN-OS 10.2.4",
        "PAN-OS 10.2.3-h14",
        "PAN-OS 10.2.3-h13",
        "PAN-OS 10.2.3-h12",
        "PAN-OS 10.2.3-h11",
        "PAN-OS 10.2.3-h10",
        "PAN-OS 10.2.3-h9",
        "PAN-OS 10.2.3-h8",
        "PAN-OS 10.2.3-h7",
        "PAN-OS 10.2.3-h6",
        "PAN-OS 10.2.3-h5",
        "PAN-OS 10.2.3-h4",
        "PAN-OS 10.2.3-h3",
        "PAN-OS 10.2.3-h2",
        "PAN-OS 10.2.3-h1",
        "PAN-OS 10.2.3",
        "PAN-OS 10.2.2-h6",
        "PAN-OS 10.2.2-h5",
        "PAN-OS 10.2.2-h4",
        "PAN-OS 10.2.2-h3",
        "PAN-OS 10.2.2-h2",
        "PAN-OS 10.2.2-h1",
        "PAN-OS 10.2.2",
        "PAN-OS 10.2.1-h3",
        "PAN-OS 10.2.1-h2",
        "PAN-OS 10.2.1-h1",
        "PAN-OS 10.2.1",
        "PAN-OS 10.2.0-h4",
        "PAN-OS 10.2.0-h3",
        "PAN-OS 10.2.0-h2",
        "PAN-OS 10.2.0-h1",
        "PAN-OS 10.2.0",
        "PAN-OS 10.1.14-h8",
        "PAN-OS 10.1.14-h7",
        "PAN-OS 10.1.14-h6",
        "PAN-OS 10.1.14-h5",
        "PAN-OS 10.1.14-h4",
        "PAN-OS 10.1.14-h3",
        "PAN-OS 10.1.14-h2",
        "PAN-OS 10.1.14-h1",
        "PAN-OS 10.1.14",
        "PAN-OS 10.1.13-h5",
        "PAN-OS 10.1.13-h4",
        "PAN-OS 10.1.13-h3",
        "PAN-OS 10.1.13-h2",
        "PAN-OS 10.1.13-h1",
        "PAN-OS 10.1.13",
        "PAN-OS 10.1.12-h3",
        "PAN-OS 10.1.12-h2",
        "PAN-OS 10.1.12-h1",
        "PAN-OS 10.1.12",
        "PAN-OS 10.1.11-h10",
        "PAN-OS 10.1.11-h9",
        "PAN-OS 10.1.11-h8",
        "PAN-OS 10.1.11-h7",
        "PAN-OS 10.1.11-h6",
        "PAN-OS 10.1.11-h5",
        "PAN-OS 10.1.11-h4",
        "PAN-OS 10.1.11-h3",
        "PAN-OS 10.1.11-h2",
        "PAN-OS 10.1.11-h1",
        "PAN-OS 10.1.11",
        "PAN-OS 10.1.10-h9",
        "PAN-OS 10.1.10-h8",
        "PAN-OS 10.1.10-h7",
        "PAN-OS 10.1.10-h6",
        "PAN-OS 10.1.10-h5",
        "PAN-OS 10.1.10-h4",
        "PAN-OS 10.1.10-h3",
        "PAN-OS 10.1.10-h2",
        "PAN-OS 10.1.10-h1",
        "PAN-OS 10.1.10",
        "PAN-OS 10.1.9-h14",
        "PAN-OS 10.1.9-h13",
        "PAN-OS 10.1.9-h12",
        "PAN-OS 10.1.9-h11",
        "PAN-OS 10.1.9-h10",
        "PAN-OS 10.1.9-h9",
        "PAN-OS 10.1.9-h8",
        "PAN-OS 10.1.9-h7",
        "PAN-OS 10.1.9-h6",
        "PAN-OS 10.1.9-h5",
        "PAN-OS 10.1.9-h4",
        "PAN-OS 10.1.9-h3",
        "PAN-OS 10.1.9-h2",
        "PAN-OS 10.1.9-h1",
        "PAN-OS 10.1.9",
        "PAN-OS 10.1.8-h8",
        "PAN-OS 10.1.8-h7",
        "PAN-OS 10.1.8-h6",
        "PAN-OS 10.1.8-h5",
        "PAN-OS 10.1.8-h4",
        "PAN-OS 10.1.8-h3",
        "PAN-OS 10.1.8-h2",
        "PAN-OS 10.1.8-h1",
        "PAN-OS 10.1.8",
        "PAN-OS 10.1.7-h1",
        "PAN-OS 10.1.7",
        "PAN-OS 10.1.6-h9",
        "PAN-OS 10.1.6-h8",
        "PAN-OS 10.1.6-h7",
        "PAN-OS 10.1.6-h6",
        "PAN-OS 10.1.6-h5",
        "PAN-OS 10.1.6-h4",
        "PAN-OS 10.1.6-h3",
        "PAN-OS 10.1.6-h2",
        "PAN-OS 10.1.6-h1",
        "PAN-OS 10.1.6",
        "PAN-OS 10.1.5-h4",
        "PAN-OS 10.1.5-h3",
        "PAN-OS 10.1.5-h2",
        "PAN-OS 10.1.5-h1",
        "PAN-OS 10.1.5",
        "PAN-OS 10.1.4-h6",
        "PAN-OS 10.1.4-h5",
        "PAN-OS 10.1.4-h4",
        "PAN-OS 10.1.4-h3",
        "PAN-OS 10.1.4-h2",
        "PAN-OS 10.1.4-h1",
        "PAN-OS 10.1.4",
        "PAN-OS 10.1.3-h4",
        "PAN-OS 10.1.3-h3",
        "PAN-OS 10.1.3-h2",
        "PAN-OS 10.1.3-h1",
        "PAN-OS 10.1.3",
        "PAN-OS 10.1.2",
        "PAN-OS 10.1.1",
        "PAN-OS 10.1.0"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2025-0111",
    "datePublished": "2025-02-12T20:58:43.387Z",
    "dateReserved": "2024-12-20T23:23:13.239Z",
    "dateUpdated": "2025-10-21T22:55:28.906Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0108 (GCVE-0-2025-0108)

Vulnerability from cvelistv5

Published

2025-02-12 20:55

Modified

2025-10-21 22:55

Severity ?

8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Red
5.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Green

CWE

CWE-306 - Missing Authentication for Critical Function

Summary

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Patch: All

	Palo Alto Networks	PAN-OS	Version: 10.1.0 < 10.1.14-h9 Version: 10.2.0 < 10.2.7-h24 Version: 11.1.0 < 11.1.6-h1 Version: 11.2.0 < 11.2.4-h4 cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h20:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h19:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h20:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:::::::*
	Palo Alto Networks	Prisma Access	Patch: All

Show details on NVD website

https://security.paloaltonetworks.com/CVE-2024-3393

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0108",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-19T04:55:10.266940Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-02-18",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0108"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:29.063Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0108"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-02-18T00:00:00+00:00",
            "value": "CVE-2025-0108 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-20T02:08:45.296Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://github.com/iSee857/CVE-2025-0108-PoC"
          },
          {
            "url": "https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/"
          },
          {
            "url": "https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/"
          },
          {
            "url": "https://www.darkreading.com/remote-workforce/patch-now-cisa-researchers-warn-palo-alto-flaw-exploited-wild"
          },
          {
            "url": "https://www.securityweek.com/palo-alto-networks-confirms-exploitation-of-firewall-vulnerability/"
          },
          {
            "url": "https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h17:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h20:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h19:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h20:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "10.1.14-h9",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.1.14-h9",
              "status": "affected",
              "version": "10.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.2.7-h24",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.8-h21",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.9-h21",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.12-h6",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.13-h3",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.10-h14",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.11-h12",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.7-h24",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.1.6-h1",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.2-h18",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.1.6-h1",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.2.4-h4",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.2.4-h4",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan\u003eThe risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cspan\u003eDirectly; or\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eThrough a dataplane interface that includes a management interface profile.\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan\u003eYou greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eUse the following steps to identify your recently detected devices in our internet scans.\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cspan\u003eTo find any assets that require remediation action, visit the Assets section of the Customer Support Portal at\u0026nbsp;\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/\"\u003e\u003cspan\u003ehttps://support.paloaltonetworks.com\u003c/span\u003e\u003c/a\u003e\u0026nbsp;(Products \u2192 Assets \u2192 All Assets \u2192 Remediation Required).\u003c/li\u003e\u003cli\u003e\u003cspan\u003eReview the list of your devices that we discovered in our scans to have an internet-facing management interface and that we tagged with \u2018PAN-SA-2024-0015\u2019 and a last seen timestamp (in UTC). If you do not see any such devices listed, then our scan did not find any devices on your account to have an internet-facing management interface within the past three days.\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan\u003eGlobalProtect portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you expose the device to attacks through the management web interface (typically accessible on port 4443).\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "The risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\n\n  *  Directly; or\n  *  Through a dataplane interface that includes a management interface profile.\nYou greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.\n\nUse the following steps to identify your recently detected devices in our internet scans.\n\n  *  To find any assets that require remediation action, visit the Assets section of the Customer Support Portal at\u00a0 https://support.paloaltonetworks.com https://support.paloaltonetworks.com/ \u00a0(Products \u2192 Assets \u2192 All Assets \u2192 Remediation Required).\n  *  Review the list of your devices that we discovered in our scans to have an internet-facing management interface and that we tagged with \u2018PAN-SA-2024-0015\u2019 and a last seen timestamp (in UTC). If you do not see any such devices listed, then our scan did not find any devices on your account to have an internet-facing management interface within the past three days.\nGlobalProtect portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you expose the device to attacks through the management web interface (typically accessible on port 4443)."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Adam Kues - Assetnote Security Research Team"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "our Deep Product Security Research Team"
        }
      ],
      "datePublic": "2025-02-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS.\u003cb\u003e\u003cbr\u003e\u003cbr\u003e\u003c/b\u003eYou can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practices deployment guidelines\u003c/a\u003e.\u003cb\u003e\u003cbr\u003e\u003cbr\u003e\u003c/b\u003eThis issue does not affect Cloud NGFW or Prisma Access software."
            }
          ],
          "value": "An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS.\n\nYou can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended  best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue does not affect Cloud NGFW or Prisma Access software."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePalo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces.\u003c/p\u003e"
            }
          ],
          "value": "Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "You can greatly reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface. This will ensure that attacks can succeed only if they obtain privileged access through those specified IP addresses."
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-19T23:48:08.215Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2025-0108"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.1.0 through 10.1.14\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 10.1.14-h9 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.13\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.13-h3 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.7\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.7-h24 or 10.2.13-h3 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.8\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.8-h21 or 10.2.13-h3 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.9\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.9-h21 or 10.2.13-h3 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.10\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h14 or 10.2.13-h3 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.11\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.11-h12 or 10.2.13-h3 or later\u0026nbsp;\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.12\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.12-h6 or 10.2.13-h3 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.0 (EoL)\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.6\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.6-h1 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e11.1.2\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.2-h18 or 11.1.6-h1 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h4 or later\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003eNote: PAN-OS 11.0 reached end of life (EoL) on November 17, 2024. No additional fixes are planned for this release.\u003c/p\u003e"
            }
          ],
          "value": "Version\nMinor Version\nSuggested Solution\nPAN-OS 10.1\n10.1.0 through 10.1.14\nUpgrade to 10.1.14-h9 or later\nPAN-OS 10.2\n10.2.0 through 10.2.13\nUpgrade to 10.2.13-h3 or later\n\u00a010.2.7Upgrade to 10.2.7-h24 or 10.2.13-h3 or later\u00a010.2.8Upgrade to 10.2.8-h21 or 10.2.13-h3 or later\u00a010.2.9Upgrade to 10.2.9-h21 or 10.2.13-h3 or later\u00a010.2.10Upgrade to 10.2.10-h14 or 10.2.13-h3 or later\u00a010.2.11Upgrade to 10.2.11-h12 or 10.2.13-h3 or later\u00a0\u00a010.2.12Upgrade to 10.2.12-h6 or 10.2.13-h3 or later\nPAN-OS 11.0 (EoL)\u00a0Upgrade to a supported fixed versionPAN-OS 11.1\n11.1.0 through 11.1.6\nUpgrade to 11.1.6-h1 or later\n\u00a011.1.2Upgrade to 11.1.2-h18 or 11.1.6-h1 or later\nPAN-OS 11.2\n11.2.0 through 11.2.4\nUpgrade to 11.2.4-h4 or laterNote: PAN-OS 11.0 reached end of life (EoL) on November 17, 2024. No additional fixes are planned for this release."
        }
      ],
      "source": {
        "defect": [
          "PAN-273971"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-19T23:15:00.000Z",
          "value": "Updated fix availability for PAN-OS 10.2 and 11.1"
        },
        {
          "lang": "en",
          "time": "2025-02-18T23:00:00.000Z",
          "value": "Updated the exploit status and solutions table"
        },
        {
          "lang": "en",
          "time": "2025-02-18T19:30:00.000Z",
          "value": "Updated fix availability for PAN-OS 10.2"
        },
        {
          "lang": "en",
          "time": "2025-02-18T07:06:00.000Z",
          "value": "Updated exploit status"
        },
        {
          "lang": "en",
          "time": "2025-02-12T23:45:00.000Z",
          "value": "Added Threat Prevention Threat ID to Workarounds and Mitigations"
        },
        {
          "lang": "en",
          "time": "2025-02-12T17:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "PAN-OS: Authentication Bypass in the Management Web Interface",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cb\u003eRecommended mitigation\u003c/b\u003e\u2014The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practices deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003c/p\u003e\u003cp\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003c/p\u003e\u003cul\u003e\u003cli\u003ePalo Alto Networks LIVEcommunity article:\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ehttps://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\u003c/a\u003e\u003c/li\u003e\u003cli\u003ePalo Alto Networks official and detailed technical documentation:\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ehttps://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003eAdditionally, customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510000 and 510001 (introduced in Applications and Threats content version 8943)."
            }
          ],
          "value": "Recommended mitigation\u2014The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our\u00a0 https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n  *  Palo Alto Networks official and detailed technical documentation: https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices \n\n\nAdditionally, customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510000 and 510001 (introduced in Applications and Threats content version 8943)."
        }
      ],
      "x_affectedList": [
        "PAN-OS 11.2.4-h3",
        "PAN-OS 11.2.4-h2",
        "PAN-OS 11.2.4-h1",
        "PAN-OS 11.2.4",
        "PAN-OS 11.2.3-h5",
        "PAN-OS 11.2.3-h4",
        "PAN-OS 11.2.3-h3",
        "PAN-OS 11.2.3-h2",
        "PAN-OS 11.2.3-h1",
        "PAN-OS 11.2.3",
        "PAN-OS 11.2.2-h2",
        "PAN-OS 11.2.2-h1",
        "PAN-OS 11.2.1-h1",
        "PAN-OS 11.2.1",
        "PAN-OS 11.2.0-h1",
        "PAN-OS 11.2.0",
        "PAN-OS 11.1.6",
        "PAN-OS 11.1.5-h1",
        "PAN-OS 11.1.5",
        "PAN-OS 11.1.4-h9",
        "PAN-OS 11.1.4-h8",
        "PAN-OS 11.1.4-h7",
        "PAN-OS 11.1.4-h6",
        "PAN-OS 11.1.4-h5",
        "PAN-OS 11.1.4-h4",
        "PAN-OS 11.1.4-h3",
        "PAN-OS 11.1.4-h2",
        "PAN-OS 11.1.4-h1",
        "PAN-OS 11.1.4",
        "PAN-OS 11.1.3-h13",
        "PAN-OS 11.1.3-h12",
        "PAN-OS 11.1.3-h11",
        "PAN-OS 11.1.3-h10",
        "PAN-OS 11.1.3-h9",
        "PAN-OS 11.1.3-h8",
        "PAN-OS 11.1.3-h7",
        "PAN-OS 11.1.3-h6",
        "PAN-OS 11.1.3-h5",
        "PAN-OS 11.1.3-h4",
        "PAN-OS 11.1.3-h3",
        "PAN-OS 11.1.3-h2",
        "PAN-OS 11.1.3-h1",
        "PAN-OS 11.1.3",
        "PAN-OS 11.1.2-h17",
        "PAN-OS 11.1.2-h16",
        "PAN-OS 11.1.2-h15",
        "PAN-OS 11.1.2-h14",
        "PAN-OS 11.1.2-h13",
        "PAN-OS 11.1.2-h12",
        "PAN-OS 11.1.2-h11",
        "PAN-OS 11.1.2-h10",
        "PAN-OS 11.1.2-h9",
        "PAN-OS 11.1.2-h8",
        "PAN-OS 11.1.2-h7",
        "PAN-OS 11.1.2-h6",
        "PAN-OS 11.1.2-h5",
        "PAN-OS 11.1.2-h4",
        "PAN-OS 11.1.2-h3",
        "PAN-OS 11.1.2-h2",
        "PAN-OS 11.1.2-h1",
        "PAN-OS 11.1.2",
        "PAN-OS 11.1.1-h2",
        "PAN-OS 11.1.1-h1",
        "PAN-OS 11.1.1",
        "PAN-OS 11.1.0-h4",
        "PAN-OS 11.1.0-h3",
        "PAN-OS 11.1.0-h2",
        "PAN-OS 11.1.0-h1",
        "PAN-OS 11.1.0",
        "PAN-OS 10.2.13-h2",
        "PAN-OS 10.2.13-h1",
        "PAN-OS 10.2.13",
        "PAN-OS 10.2.12-h5",
        "PAN-OS 10.2.12-h4",
        "PAN-OS 10.2.12-h3",
        "PAN-OS 10.2.12-h2",
        "PAN-OS 10.2.12-h1",
        "PAN-OS 10.2.12",
        "PAN-OS 10.2.11-h11",
        "PAN-OS 10.2.11-h10",
        "PAN-OS 10.2.11-h9",
        "PAN-OS 10.2.11-h8",
        "PAN-OS 10.2.11-h7",
        "PAN-OS 10.2.11-h6",
        "PAN-OS 10.2.11-h5",
        "PAN-OS 10.2.11-h4",
        "PAN-OS 10.2.11-h3",
        "PAN-OS 10.2.11-h2",
        "PAN-OS 10.2.11-h1",
        "PAN-OS 10.2.11",
        "PAN-OS 10.2.10-h13",
        "PAN-OS 10.2.10-h12",
        "PAN-OS 10.2.10-h11",
        "PAN-OS 10.2.10-h10",
        "PAN-OS 10.2.10-h9",
        "PAN-OS 10.2.10-h8",
        "PAN-OS 10.2.10-h7",
        "PAN-OS 10.2.10-h6",
        "PAN-OS 10.2.10-h5",
        "PAN-OS 10.2.10-h4",
        "PAN-OS 10.2.10-h3",
        "PAN-OS 10.2.10-h2",
        "PAN-OS 10.2.10-h1",
        "PAN-OS 10.2.10",
        "PAN-OS 10.2.9-h20",
        "PAN-OS 10.2.9-h19",
        "PAN-OS 10.2.9-h18",
        "PAN-OS 10.2.9-h17",
        "PAN-OS 10.2.9-h16",
        "PAN-OS 10.2.9-h15",
        "PAN-OS 10.2.9-h14",
        "PAN-OS 10.2.9-h13",
        "PAN-OS 10.2.9-h12",
        "PAN-OS 10.2.9-h11",
        "PAN-OS 10.2.9-h10",
        "PAN-OS 10.2.9-h9",
        "PAN-OS 10.2.9-h8",
        "PAN-OS 10.2.9-h7",
        "PAN-OS 10.2.9-h6",
        "PAN-OS 10.2.9-h5",
        "PAN-OS 10.2.9-h4",
        "PAN-OS 10.2.9-h3",
        "PAN-OS 10.2.9-h2",
        "PAN-OS 10.2.9-h1",
        "PAN-OS 10.2.9",
        "PAN-OS 10.2.8-h20",
        "PAN-OS 10.2.8-h19",
        "PAN-OS 10.2.8-h18",
        "PAN-OS 10.2.8-h17",
        "PAN-OS 10.2.8-h16",
        "PAN-OS 10.2.8-h15",
        "PAN-OS 10.2.8-h14",
        "PAN-OS 10.2.8-h13",
        "PAN-OS 10.2.8-h12",
        "PAN-OS 10.2.8-h11",
        "PAN-OS 10.2.8-h10",
        "PAN-OS 10.2.8-h9",
        "PAN-OS 10.2.8-h8",
        "PAN-OS 10.2.8-h7",
        "PAN-OS 10.2.8-h6",
        "PAN-OS 10.2.8-h5",
        "PAN-OS 10.2.8-h4",
        "PAN-OS 10.2.8-h3",
        "PAN-OS 10.2.8-h2",
        "PAN-OS 10.2.8-h1",
        "PAN-OS 10.2.8",
        "PAN-OS 10.2.7-h23",
        "PAN-OS 10.2.7-h22",
        "PAN-OS 10.2.7-h21",
        "PAN-OS 10.2.7-h20",
        "PAN-OS 10.2.7-h19",
        "PAN-OS 10.2.7-h18",
        "PAN-OS 10.2.7-h17",
        "PAN-OS 10.2.7-h16",
        "PAN-OS 10.2.7-h15",
        "PAN-OS 10.2.7-h14",
        "PAN-OS 10.2.7-h13",
        "PAN-OS 10.2.7-h12",
        "PAN-OS 10.2.7-h11",
        "PAN-OS 10.2.7-h10",
        "PAN-OS 10.2.7-h9",
        "PAN-OS 10.2.7-h8",
        "PAN-OS 10.2.7-h7",
        "PAN-OS 10.2.7-h6",
        "PAN-OS 10.2.7-h5",
        "PAN-OS 10.2.7-h4",
        "PAN-OS 10.2.7-h3",
        "PAN-OS 10.2.7-h2",
        "PAN-OS 10.2.7-h1",
        "PAN-OS 10.2.7",
        "PAN-OS 10.2.6-h6",
        "PAN-OS 10.2.6-h5",
        "PAN-OS 10.2.6-h4",
        "PAN-OS 10.2.6-h3",
        "PAN-OS 10.2.6-h2",
        "PAN-OS 10.2.6-h1",
        "PAN-OS 10.2.6",
        "PAN-OS 10.2.5-h9",
        "PAN-OS 10.2.5-h8",
        "PAN-OS 10.2.5-h7",
        "PAN-OS 10.2.5-h6",
        "PAN-OS 10.2.5-h5",
        "PAN-OS 10.2.5-h4",
        "PAN-OS 10.2.5-h3",
        "PAN-OS 10.2.5-h2",
        "PAN-OS 10.2.5-h1",
        "PAN-OS 10.2.5",
        "PAN-OS 10.2.4-h32",
        "PAN-OS 10.2.4-h31",
        "PAN-OS 10.2.4-h30",
        "PAN-OS 10.2.4-h29",
        "PAN-OS 10.2.4-h28",
        "PAN-OS 10.2.4-h27",
        "PAN-OS 10.2.4-h26",
        "PAN-OS 10.2.4-h25",
        "PAN-OS 10.2.4-h24",
        "PAN-OS 10.2.4-h23",
        "PAN-OS 10.2.4-h22",
        "PAN-OS 10.2.4-h21",
        "PAN-OS 10.2.4-h20",
        "PAN-OS 10.2.4-h19",
        "PAN-OS 10.2.4-h18",
        "PAN-OS 10.2.4-h17",
        "PAN-OS 10.2.4-h16",
        "PAN-OS 10.2.4-h15",
        "PAN-OS 10.2.4-h14",
        "PAN-OS 10.2.4-h13",
        "PAN-OS 10.2.4-h12",
        "PAN-OS 10.2.4-h11",
        "PAN-OS 10.2.4-h10",
        "PAN-OS 10.2.4-h9",
        "PAN-OS 10.2.4-h8",
        "PAN-OS 10.2.4-h7",
        "PAN-OS 10.2.4-h6",
        "PAN-OS 10.2.4-h5",
        "PAN-OS 10.2.4-h4",
        "PAN-OS 10.2.4-h3",
        "PAN-OS 10.2.4-h2",
        "PAN-OS 10.2.4-h1",
        "PAN-OS 10.2.4",
        "PAN-OS 10.2.3-h14",
        "PAN-OS 10.2.3-h13",
        "PAN-OS 10.2.3-h12",
        "PAN-OS 10.2.3-h11",
        "PAN-OS 10.2.3-h10",
        "PAN-OS 10.2.3-h9",
        "PAN-OS 10.2.3-h8",
        "PAN-OS 10.2.3-h7",
        "PAN-OS 10.2.3-h6",
        "PAN-OS 10.2.3-h5",
        "PAN-OS 10.2.3-h4",
        "PAN-OS 10.2.3-h3",
        "PAN-OS 10.2.3-h2",
        "PAN-OS 10.2.3-h1",
        "PAN-OS 10.2.3",
        "PAN-OS 10.2.2-h6",
        "PAN-OS 10.2.2-h5",
        "PAN-OS 10.2.2-h4",
        "PAN-OS 10.2.2-h3",
        "PAN-OS 10.2.2-h2",
        "PAN-OS 10.2.2-h1",
        "PAN-OS 10.2.2",
        "PAN-OS 10.2.1-h3",
        "PAN-OS 10.2.1-h2",
        "PAN-OS 10.2.1-h1",
        "PAN-OS 10.2.1",
        "PAN-OS 10.2.0-h4",
        "PAN-OS 10.2.0-h3",
        "PAN-OS 10.2.0-h2",
        "PAN-OS 10.2.0-h1",
        "PAN-OS 10.2.0",
        "PAN-OS 10.1.14-h8",
        "PAN-OS 10.1.14-h7",
        "PAN-OS 10.1.14-h6",
        "PAN-OS 10.1.14-h5",
        "PAN-OS 10.1.14-h4",
        "PAN-OS 10.1.14-h3",
        "PAN-OS 10.1.14-h2",
        "PAN-OS 10.1.14-h1",
        "PAN-OS 10.1.14",
        "PAN-OS 10.1.13-h5",
        "PAN-OS 10.1.13-h4",
        "PAN-OS 10.1.13-h3",
        "PAN-OS 10.1.13-h2",
        "PAN-OS 10.1.13-h1",
        "PAN-OS 10.1.13",
        "PAN-OS 10.1.12-h3",
        "PAN-OS 10.1.12-h2",
        "PAN-OS 10.1.12-h1",
        "PAN-OS 10.1.12",
        "PAN-OS 10.1.11-h10",
        "PAN-OS 10.1.11-h9",
        "PAN-OS 10.1.11-h8",
        "PAN-OS 10.1.11-h7",
        "PAN-OS 10.1.11-h6",
        "PAN-OS 10.1.11-h5",
        "PAN-OS 10.1.11-h4",
        "PAN-OS 10.1.11-h3",
        "PAN-OS 10.1.11-h2",
        "PAN-OS 10.1.11-h1",
        "PAN-OS 10.1.11",
        "PAN-OS 10.1.10-h9",
        "PAN-OS 10.1.10-h8",
        "PAN-OS 10.1.10-h7",
        "PAN-OS 10.1.10-h6",
        "PAN-OS 10.1.10-h5",
        "PAN-OS 10.1.10-h4",
        "PAN-OS 10.1.10-h3",
        "PAN-OS 10.1.10-h2",
        "PAN-OS 10.1.10-h1",
        "PAN-OS 10.1.10",
        "PAN-OS 10.1.9-h14",
        "PAN-OS 10.1.9-h13",
        "PAN-OS 10.1.9-h12",
        "PAN-OS 10.1.9-h11",
        "PAN-OS 10.1.9-h10",
        "PAN-OS 10.1.9-h9",
        "PAN-OS 10.1.9-h8",
        "PAN-OS 10.1.9-h7",
        "PAN-OS 10.1.9-h6",
        "PAN-OS 10.1.9-h5",
        "PAN-OS 10.1.9-h4",
        "PAN-OS 10.1.9-h3",
        "PAN-OS 10.1.9-h2",
        "PAN-OS 10.1.9-h1",
        "PAN-OS 10.1.9",
        "PAN-OS 10.1.8-h8",
        "PAN-OS 10.1.8-h7",
        "PAN-OS 10.1.8-h6",
        "PAN-OS 10.1.8-h5",
        "PAN-OS 10.1.8-h4",
        "PAN-OS 10.1.8-h3",
        "PAN-OS 10.1.8-h2",
        "PAN-OS 10.1.8-h1",
        "PAN-OS 10.1.8",
        "PAN-OS 10.1.7-h1",
        "PAN-OS 10.1.7",
        "PAN-OS 10.1.6-h9",
        "PAN-OS 10.1.6-h8",
        "PAN-OS 10.1.6-h7",
        "PAN-OS 10.1.6-h6",
        "PAN-OS 10.1.6-h5",
        "PAN-OS 10.1.6-h4",
        "PAN-OS 10.1.6-h3",
        "PAN-OS 10.1.6-h2",
        "PAN-OS 10.1.6-h1",
        "PAN-OS 10.1.6",
        "PAN-OS 10.1.5-h4",
        "PAN-OS 10.1.5-h3",
        "PAN-OS 10.1.5-h2",
        "PAN-OS 10.1.5-h1",
        "PAN-OS 10.1.5",
        "PAN-OS 10.1.4-h6",
        "PAN-OS 10.1.4-h5",
        "PAN-OS 10.1.4-h4",
        "PAN-OS 10.1.4-h3",
        "PAN-OS 10.1.4-h2",
        "PAN-OS 10.1.4-h1",
        "PAN-OS 10.1.4",
        "PAN-OS 10.1.3-h4",
        "PAN-OS 10.1.3-h3",
        "PAN-OS 10.1.3-h2",
        "PAN-OS 10.1.3-h1",
        "PAN-OS 10.1.3",
        "PAN-OS 10.1.2",
        "PAN-OS 10.1.1",
        "PAN-OS 10.1.0"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2025-0108",
    "datePublished": "2025-02-12T20:55:34.610Z",
    "dateReserved": "2024-12-20T23:23:10.451Z",
    "dateUpdated": "2025-10-21T22:55:29.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3393 (GCVE-0-2024-3393)

Vulnerability from cvelistv5

Published

2024-12-27 09:44

Modified

2025-10-21 22:55

Severity ?

8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:N/R:U/V:C/RE:M/U:Amber
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:N/R:U/V:C/RE:M/U:Amber

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Summary

A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

	Palo Alto Networks	PAN-OS	Version: 11.2.0 < 11.2.3 Version: 11.1.0 < 11.1.2-h16 Version: 10.2.8 < 10.2.8-h19 Version: 10.1.14 < 10.1.14-h8 cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1:-::::::
	Palo Alto Networks	PAN-OS	Patch: 10.2.0 < 10.2.8 Version: 11.2.0 < 11.2.3

Show details on NVD website

https://security.paloaltonetworks.com/CVE-2024-9474

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3393",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-09T15:55:30.369332Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-12-30",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3393"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:33.618Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3393"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-12-30T00:00:00+00:00",
            "value": "CVE-2024-3393 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.1:-:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "11.2.3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.2.3",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.1.2-h16",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.3-h13",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.4-h7",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.5",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.1.2-h16",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.2.8-h19",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.9-h19",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.10-h12",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.11-h10",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.12-h4",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.13-h2",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.14",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.8-h19",
              "status": "affected",
              "version": "10.2.8",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.1.14-h8",
                  "status": "unaffected"
                },
                {
                  "at": "10.1.15",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.1.14-h8",
              "status": "affected",
              "version": "10.1.14",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Prisma Access"
          ],
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "10.2.8",
                  "status": "affected"
                },
                {
                  "at": "10.2.9-h19",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.10-h12",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.8",
              "status": "unaffected",
              "version": "10.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.2.3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.2.3",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eBoth of the following must be true for PAN-OS software to be affected:\u003cbr\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003eEither a DNS Security License or an Advanced DNS Security License must be applied, AND\u003cbr\u003e\u003c/li\u003e\u003cli\u003eDNS Security logging must be enabled.\u003c/li\u003e\u003c/ol\u003e"
            }
          ],
          "value": "Both of the following must be true for PAN-OS software to be affected:\n\n\n  *  Either a DNS Security License or an Advanced DNS Security License must be applied, AND\n\n  *  DNS Security logging must be enabled."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Palo Alto Networks thanks the CERT-EE team for their extra effort in providing invaluable forensic and analytic assistance."
        }
      ],
      "datePublic": "2024-12-27T02:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode."
            }
          ],
          "value": "A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is aware of customers experiencing this denial of service (DoS) when their firewall blocks malicious DNS packets that trigger this issue."
            }
          ],
          "value": "Palo Alto Networks is aware of customers experiencing this denial of service (DoS) when their firewall blocks malicious DNS packets that trigger this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-540",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-540 Overread Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:N/R:U/V:C/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "An attacker sends a malicious packet through the firewall, which processes a malicious packet that triggers this issue."
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:N/R:U/V:C/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "Prisma Access, when only providing access to authenticated end users, processes a malicious packet that triggers this issue."
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-28T01:51:29.594Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2024-3393"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan\u003eThis issue is fixed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eNote: PAN-OS 11.0 reached the end of life (EOL) on November 17, 2024, so we do not intend to provide a fix for this release.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003ePrisma Access customers using DNS Security with affected PAN-OS versions should apply one of the workarounds provided below. We will perform upgrades in two phases for impacted customers on the weekends of January 3rd and January 10th. You can request an expedited Prisma Access upgrade to the latest PAN-OS version by opening a \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/Support/Index\"\u003e\u003cspan\u003esupport case\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e\u003cspan\u003eIn addition, to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u200b\u200bAdditional PAN-OS 11.1 fixes:\u003c/p\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e11.1.2-h16\u003c/li\u003e\u003cli\u003e11.1.3-h13\u003c/li\u003e\u003cli\u003e11.1.4-h7\u003c/li\u003e\u003cli\u003e11.1.5\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003eAdditional PAN-OS 10.2 fixes:\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e10.2.8-h19\u003c/li\u003e\u003cli\u003e10.2.9-h19\u003c/li\u003e\u003cli\u003e10.2.10-h12\u003c/li\u003e\u003cli\u003e10.2.11-h10\u003c/li\u003e\u003cli\u003e10.2.12-h4\u003c/li\u003e\u003cli\u003e10.2.13-h2\u003c/li\u003e\u003cli\u003e10.2.14\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003eAdditional PAN-OS 10.1 fixes:\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e10.1.14-h8\u003c/li\u003e\u003cli\u003e10.1.15\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003eAdditional PAN-OS fixes only applicable to Prisma Access:\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e10.2.9-h19\u003c/li\u003e\u003cli\u003e10.2.10-h12\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
            }
          ],
          "value": "This issue is fixed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions.\n\nNote: PAN-OS 11.0 reached the end of life (EOL) on November 17, 2024, so we do not intend to provide a fix for this release.\n\nPrisma Access customers using DNS Security with affected PAN-OS versions should apply one of the workarounds provided below. We will perform upgrades in two phases for impacted customers on the weekends of January 3rd and January 10th. You can request an expedited Prisma Access upgrade to the latest PAN-OS version by opening a  support case https://support.paloaltonetworks.com/Support/Index .\n\nIn addition, to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases.\n\n\u200b\u200bAdditional PAN-OS 11.1 fixes:\n\n  *  11.1.2-h16\n  *  11.1.3-h13\n  *  11.1.4-h7\n  *  11.1.5\n\n\n\n\nAdditional PAN-OS 10.2 fixes:\n\n  *  10.2.8-h19\n  *  10.2.9-h19\n  *  10.2.10-h12\n  *  10.2.11-h10\n  *  10.2.12-h4\n  *  10.2.13-h2\n  *  10.2.14\n\n\n\n\nAdditional PAN-OS 10.1 fixes:\n\n  *  10.1.14-h8\n  *  10.1.15\n\n\n\n\nAdditional PAN-OS fixes only applicable to Prisma Access:\n\n  *  10.2.9-h19\n  *  10.2.10-h12"
        }
      ],
      "source": {
        "defect": [
          "PAN-259351",
          "PAN-219034"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-12-27T02:30:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "If your firewall running the vulnerable PAN-OS versions stops responding or reboots unexpectedly and you cannot immediately apply a fix, apply a workaround below based on your deployment.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eUnmanaged NGFWs, NGFW managed by Panorama, or Prisma Access managed by Panorama\u003c/b\u003e\u003cb\u003e\u003cbr\u003e\u003c/b\u003e\u003col\u003e\u003cli\u003eFor each Anti-spyware profile, navigate to Objects \u2192 Security Profiles \u2192 Anti-spyware \u2192 (select a profile) \u2192 DNS Policies \u2192 DNS Security.\u003c/li\u003e\u003cli\u003eChange the Log Severity to \"none\" for all configured DNS Security categories.\u003cbr\u003e\u003c/li\u003e\u003cli\u003eCommit the changes.\u003cbr\u003e\u003c/li\u003e\u003c/ol\u003eRemember to revert the Log Severity settings once the fixes are applied.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eNGFW managed by Strata Cloud Manager (SCM)\u003c/b\u003e\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003e\u003cdiv\u003eYou can choose one of the following mitigation options:\u003c/div\u003e\u003cdiv\u003e\u003col\u003e\u003cli\u003eOption 1: Disable DNS Security logging directly on each NGFW by following the PAN-OS steps above.\u003c/li\u003e\u003cli\u003eOption 2: Disable DNS Security logging across all NGFWs in your tenant by opening a \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/Support/Index\"\u003esupport case\u003c/a\u003e.\u003c/li\u003e\u003c/ol\u003e\u003c/div\u003e\u003cb\u003e\u003cp\u003ePrisma Access managed by Strata Cloud Manager (SCM)\u003c/p\u003e\u003c/b\u003e\u003c/div\u003e\u003cp\u003eUntil we perform an upgrade of your Prisma Access tenant, you can disable DNS Security logging across all NGFWs in your tenant by opening a \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/Support/Index\"\u003esupport case\u003c/a\u003e. If you would like to expedite the upgrade, please make a note of that in the support case.\u003c/p\u003e\u003cb\u003e\u003c/b\u003e"
            }
          ],
          "value": "If your firewall running the vulnerable PAN-OS versions stops responding or reboots unexpectedly and you cannot immediately apply a fix, apply a workaround below based on your deployment.\n\nUnmanaged NGFWs, NGFW managed by Panorama, or Prisma Access managed by Panorama\n  *  For each Anti-spyware profile, navigate to Objects \u2192 Security Profiles \u2192 Anti-spyware \u2192 (select a profile) \u2192 DNS Policies \u2192 DNS Security.\n  *  Change the Log Severity to \"none\" for all configured DNS Security categories.\n\n  *  Commit the changes.\n\nRemember to revert the Log Severity settings once the fixes are applied.\n\nNGFW managed by Strata Cloud Manager (SCM)\n\nYou can choose one of the following mitigation options:\n\n  *  Option 1: Disable DNS Security logging directly on each NGFW by following the PAN-OS steps above.\n  *  Option 2: Disable DNS Security logging across all NGFWs in your tenant by opening a  support case https://support.paloaltonetworks.com/Support/Index .\n\n\nPrisma Access managed by Strata Cloud Manager (SCM)\n\n\n\nUntil we perform an upgrade of your Prisma Access tenant, you can disable DNS Security logging across all NGFWs in your tenant by opening a  support case https://support.paloaltonetworks.com/Support/Index . If you would like to expedite the upgrade, please make a note of that in the support case."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-3393",
    "datePublished": "2024-12-27T09:44:24.538Z",
    "dateReserved": "2024-04-05T17:40:24.596Z",
    "dateUpdated": "2025-10-21T22:55:33.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-9474 (GCVE-0-2024-9474)

Vulnerability from cvelistv5

Published

2024-11-18 15:48

Modified

2025-10-21 22:55

Severity ?

6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red
5.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Summary

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

	Palo Alto Networks	PAN-OS	Version: 11.2.0 < 11.2.4-h1 Version: 11.1.0 < 11.1.5-h1 Version: 11.0.0 < 11.0.6-h1 Version: 10.2.0 < 10.2.12-h2 Version: 10.1.0 < 10.1.14-h6
	Palo Alto Networks	Prisma Access

Show details on NVD website

https://security.paloaltonetworks.com/CVE-2024-0012

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:paloaltonetworks:pan-os:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pan-os",
            "vendor": "paloaltonetworks",
            "versions": [
              {
                "lessThan": "11.2.4-h1",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.1.5-h1",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.0.6-h1",
                "status": "affected",
                "version": "11.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.2.12-h2",
                "status": "affected",
                "version": "10.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.1.14-h6",
                "status": "affected",
                "version": "10.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:paloaltonetworks:pan-os:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pan-os",
            "vendor": "paloaltonetworks",
            "versions": [
              {
                "lessThan": "11.2.4-h1",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.1.5-h1",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.0.6-h1",
                "status": "affected",
                "version": "11.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.2.12-h2",
                "status": "affected",
                "version": "10.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.1.14-h6",
                "status": "affected",
                "version": "10.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:paloaltonetworks:pan-os:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pan-os",
            "vendor": "paloaltonetworks",
            "versions": [
              {
                "lessThan": "11.2.4-h1",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.1.5-h1",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.0.6-h1",
                "status": "affected",
                "version": "11.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.2.12-h2",
                "status": "affected",
                "version": "10.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.1.14-h6",
                "status": "affected",
                "version": "10.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:paloaltonetworks:pan-os:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pan-os",
            "vendor": "paloaltonetworks",
            "versions": [
              {
                "lessThan": "11.2.4-h1",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.1.5-h1",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.0.6-h1",
                "status": "affected",
                "version": "11.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.2.12-h2",
                "status": "affected",
                "version": "10.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.1.14-h6",
                "status": "affected",
                "version": "10.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:paloaltonetworks:pan-os:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pan-os",
            "vendor": "paloaltonetworks",
            "versions": [
              {
                "lessThan": "11.2.4-h1",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.1.5-h1",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.0.6-h1",
                "status": "affected",
                "version": "11.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.2.12-h2",
                "status": "affected",
                "version": "10.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.1.14-h6",
                "status": "affected",
                "version": "10.1.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9474",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T04:55:45.920877Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-11-18",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9474"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:36.080Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "url": "https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/k4nfr3/CVE-2024-9474"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9474"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-11-18T00:00:00+00:00",
            "value": "CVE-2024-9474 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-24T14:45:36.690Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "11.2.4-h1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.2.4-h1",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.1.5-h1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.1.5-h1",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.0.6-h1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.0.6-h1",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.2.12-h2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.12-h2",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.1.14-h6",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.1.14-h6",
              "status": "affected",
              "version": "10.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe risk is greatest if you configure the management interface to enable access from the internet or any untrusted network either:\u003c/p\u003e\u003col\u003e\u003cli\u003eDirectly\u003cbr /\u003eor\u003c/li\u003e\u003cli\u003eThrough a dataplane interface that includes a management interface profile.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThe risk is greatly reduced if you make sure that only trusted internal IP addresses are allowed to access the management interface.\u003c/p\u003e\u003cp\u003eUse the following steps to identify your recently detected devices in our Internet scans:\u003c/p\u003e\u003col\u003e\u003cli\u003eTo find your known assets that require remediation action, visit the Assets section of Customer Support Portal at \u003ca target=\"_blank\" href=\"https://support.paloaltonetworks.com/\"\u003ehttps://support.paloaltonetworks.com\u003c/a\u003e\u00a0(Products \u2192 Assets \u2192 All Assets \u2192 Remediation Required).\u003c/li\u003e\u003cli\u003eThe list of your known devices with an internet-facing management interface discovered in our scans are tagged with PAN-SA-2024-0015 with a last seen timestamp in UTC. If no such devices are listed, it indicates our scan did not find any devices with internet-facing management interface for your account in the last three days.\u003c/li\u003e\u003c/ol\u003e"
            }
          ],
          "value": "The risk is greatest if you configure the management interface to enable access from the internet or any untrusted network either:\n\n  *  Directly\nor\n  *  Through a dataplane interface that includes a management interface profile.\nThe risk is greatly reduced if you make sure that only trusted internal IP addresses are allowed to access the management interface.\n\nUse the following steps to identify your recently detected devices in our Internet scans:\n\n  *  To find your known assets that require remediation action, visit the Assets section of Customer Support Portal at  https://support.paloaltonetworks.com https://support.paloaltonetworks.com/ \u00a0(Products \u2192 Assets \u2192 All Assets \u2192 Remediation Required).\n  *  The list of your known devices with an internet-facing management interface discovered in our scans are tagged with PAN-SA-2024-0015 with a last seen timestamp in UTC. If no such devices are listed, it indicates our scan did not find any devices with internet-facing management interface for your account in the last three days."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Palo Alto Networks thanks our Deep Product Security Research Team for discovering this issue internally from threat activity."
        }
      ],
      "datePublic": "2024-11-18T14:20:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.\u003c/p\u003e\u003cp\u003eCloud NGFW and Prisma Access are not impacted by this vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.\n\nCloud NGFW and Prisma Access are not impacted by this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan\u003ePalo Alto Networks observed threat activity that exploits this vulnerability against a limited number of management web interfaces that are exposed to internet traffic coming from outside the network.\u003c/span\u003e\u003cbr /\u003e"
            }
          ],
          "value": "Palo Alto Networks observed threat activity that exploits this vulnerability against a limited number of management web interfaces that are exposed to internet traffic coming from outside the network."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88 OS Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet. The worst impact is that a malicious administrator is able to tamper with the system integrity."
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "If you configure a specific list of IP addresses that only allow access to the management interface, you greatly reduce the risk of exploitation because attacks would require privileged access using only those IP addresses."
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-18T15:48:23.405Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2024-9474"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThis issue is fixed in PAN-OS 10.1.14-h6, PAN-OS 10.2.12-h2, PAN-OS 11.0.6-h1, PAN-OS 11.1.5-h1, PAN-OS 11.2.4-h1, and all later PAN-OS versions.\u003c/p\u003e\u003cp\u003eIn addition, in an attempt to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases.\u003c/p\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003eAdditional PAN-OS 11.2 fixes:\u003cul\u003e\u003cli\u003e\u200b\u200b11.2.0-h1\u003c/li\u003e\u003cli\u003e11.2.1-h1\u003c/li\u003e\u003cli\u003e11.2.2-h2\u003c/li\u003e\u003cli\u003e11.2.3-h3\u003c/li\u003e\u003cli\u003e11.2.4-h1\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eAdditional PAN-OS 11.1 fixes:\u003cul\u003e\u003cli\u003e11.1.0-h4\u003c/li\u003e\u003cli\u003e11.1.1-h2\u003c/li\u003e\u003cli\u003e11.1.2-h15\u003c/li\u003e\u003cli\u003e11.1.3-h11\u003c/li\u003e\u003cli\u003e11.1.4-h7\u003c/li\u003e\u003cli\u003e11.1.5-h1\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eAdditional PAN-OS 11.0 fixes:\u003cul\u003e\u003cli\u003e11.0.0-h4\u003c/li\u003e\u003cli\u003e11.0.1-h5\u003c/li\u003e\u003cli\u003e11.0.2-h5\u003c/li\u003e\u003cli\u003e11.0.3-h13\u003c/li\u003e\u003cli\u003e11.0.4-h6\u003c/li\u003e\u003cli\u003e11.0.5-h2\u003c/li\u003e\u003cli\u003e11.0.6-h1\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eAdditional PAN-OS 10.2 fixes:\u003cul\u003e\u003cli\u003e10.2.0-h4\u003c/li\u003e\u003cli\u003e10.2.1-h3\u003c/li\u003e\u003cli\u003e10.2.2-h6\u003c/li\u003e\u003cli\u003e10.2.3-h14\u003c/li\u003e\u003cli\u003e10.2.4-h32\u003c/li\u003e\u003cli\u003e10.2.5-h9\u003c/li\u003e\u003cli\u003e10.2.6-h6\u003c/li\u003e\u003cli\u003e10.2.7-h18\u003c/li\u003e\u003cli\u003e10.2.8-h15\u003c/li\u003e\u003cli\u003e10.2.9-h16\u003c/li\u003e\u003cli\u003e10.2.10-h9\u003c/li\u003e\u003cli\u003e10.2.11-h6\u003c/li\u003e\u003cli\u003e10.2.12-h2\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eAdditional PAN-OS 10.1 fixes:\u003cul\u003e\u003cli\u003e10.1.9-h14\u003c/li\u003e\u003cli\u003e10.1.10-h9\u003c/li\u003e\u003cli\u003e10.1.11-h10\u003c/li\u003e\u003cli\u003e10.1.12-h3\u003c/li\u003e\u003cli\u003e10.1.13-h5\u003c/li\u003e\u003cli\u003e10.1.14-h6\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
            }
          ],
          "value": "This issue is fixed in PAN-OS 10.1.14-h6, PAN-OS 10.2.12-h2, PAN-OS 11.0.6-h1, PAN-OS 11.1.5-h1, PAN-OS 11.2.4-h1, and all later PAN-OS versions.\n\nIn addition, in an attempt to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases.\n\n  *  Additional PAN-OS 11.2 fixes:  *  \u200b\u200b11.2.0-h1\n  *  11.2.1-h1\n  *  11.2.2-h2\n  *  11.2.3-h3\n  *  11.2.4-h1\n\n\n\n  *  Additional PAN-OS 11.1 fixes:  *  11.1.0-h4\n  *  11.1.1-h2\n  *  11.1.2-h15\n  *  11.1.3-h11\n  *  11.1.4-h7\n  *  11.1.5-h1\n\n\n\n  *  Additional PAN-OS 11.0 fixes:  *  11.0.0-h4\n  *  11.0.1-h5\n  *  11.0.2-h5\n  *  11.0.3-h13\n  *  11.0.4-h6\n  *  11.0.5-h2\n  *  11.0.6-h1\n\n\n\n  *  Additional PAN-OS 10.2 fixes:  *  10.2.0-h4\n  *  10.2.1-h3\n  *  10.2.2-h6\n  *  10.2.3-h14\n  *  10.2.4-h32\n  *  10.2.5-h9\n  *  10.2.6-h6\n  *  10.2.7-h18\n  *  10.2.8-h15\n  *  10.2.9-h16\n  *  10.2.10-h9\n  *  10.2.11-h6\n  *  10.2.12-h2\n\n\n\n  *  Additional PAN-OS 10.1 fixes:  *  10.1.9-h14\n  *  10.1.10-h9\n  *  10.1.11-h10\n  *  10.1.12-h3\n  *  10.1.13-h5\n  *  10.1.14-h6"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-18T14:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan\u003eRecommended mitigation\u2014The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you haven\u2019t already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines. Specifically, you should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the internet.\u003c/span\u003e\u003cbr /\u003e\u003cp\u003e\u003cspan\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003c/span\u003e\u003c/p\u003e\u003cspan\u003e\u003cul\u003e\u003cli\u003e\u003cspan\u003ePalo Alto Networks LIVEcommunity article:\u00a0\u003c/span\u003e\u003ca target=\"_blank\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003cspan\u003ehttps://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003ePalo Alto Networks official and more detailed technical documentation:\u00a0\u003ca target=\"_blank\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ehttps://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e"
            }
          ],
          "value": "Recommended mitigation\u2014The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you haven\u2019t already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines. Specifically, you should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the internet.\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n  *  Palo Alto Networks LIVEcommunity article:\u00a0 https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-9474",
    "datePublished": "2024-11-18T15:48:23.405Z",
    "dateReserved": "2024-10-03T11:35:20.568Z",
    "dateUpdated": "2025-10-21T22:55:36.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-0012 (GCVE-0-2024-0012)

Vulnerability from cvelistv5

Published

2024-11-18 15:47

Modified

2025-10-21 22:55

Severity ?

9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red
5.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red

CWE

CWE-306 - Missing Authentication for Critical Function

Summary

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

	Palo Alto Networks	PAN-OS	Version: 11.2.0 < 11.2.4-h1 Version: 11.1.0 < 11.1.5-h1 Version: 11.0.0 < 11.0.6-h1 Version: 10.2.0 < 10.2.12-h2 cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.6:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2:-::::::
	Palo Alto Networks	Prisma Access

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0012",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T04:55:47.202753Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-11-18",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-0012"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:36.241Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "url": "https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-0012"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-11-18T00:00:00+00:00",
            "value": "CVE-2024-0012 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-24T14:44:56.514Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.6:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*",
            "cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "11.2.4-h1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.2.4-h1",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.1.5-h1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.1.5-h1",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.0.6-h1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.0.6-h1",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.2.12-h2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.12-h2",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "10.1.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan\u003eThe risk is greatest if you configure the management interface to enable access from the internet or any untrusted network either:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cspan\u003eDirectly\u003cbr /\u003e\u003c/span\u003eor\u003c/li\u003e\u003cli\u003eThrough a dataplane interface that includes a management interface profile.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan\u003eThe risk is greatly reduced if you make sure that only trusted internal IP addresses are allowed to access the management interface.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eUse the following steps to identify your recently detected devices in our Internet scans:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cspan\u003eTo find your known assets that require remediation action, visit the Assets section of Customer Support Portal at\u00a0\u003c/span\u003e\u003ca target=\"_blank\" href=\"https://support.paloaltonetworks.com/\"\u003e\u003cspan\u003ehttps://support.paloaltonetworks.com\u003c/span\u003e\u003c/a\u003e\u00a0\u003cspan\u003e(Products \u2192 Assets \u2192 All Assets \u2192 Remediation Required).\u003c/span\u003e\u003c/li\u003e\u003cli\u003eThe list of your known devices with an internet-facing management interface discovered in our scans are tagged with PAN-SA-2024-0015 with a last seen timestamp in UTC. If no such devices are listed, it indicates our scan did not find any devices with internet-facing management interface for your account in the last three days.\u003c/li\u003e\u003c/ol\u003e"
            }
          ],
          "value": "The risk is greatest if you configure the management interface to enable access from the internet or any untrusted network either:\n\n  *  Directly\nor\n  *  Through a dataplane interface that includes a management interface profile.\nThe risk is greatly reduced if you make sure that only trusted internal IP addresses are allowed to access the management interface.\n\nUse the following steps to identify your recently detected devices in our Internet scans:\n\n  *  To find your known assets that require remediation action, visit the Assets section of Customer Support Portal at\u00a0 https://support.paloaltonetworks.com https://support.paloaltonetworks.com/ \u00a0(Products \u2192 Assets \u2192 All Assets \u2192 Remediation Required).\n  *  The list of your known devices with an internet-facing management interface discovered in our scans are tagged with PAN-SA-2024-0015 with a last seen timestamp in UTC. If no such devices are listed, it indicates our scan did not find any devices with internet-facing management interface for your account in the last three days."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Palo Alto Networks thanks our Deep Product Security Research Team for discovering this issue internally from threat activity."
        }
      ],
      "datePublic": "2024-11-18T14:20:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.paloaltonetworks.com/CVE-2024-9474\"\u003eCVE-2024-9474\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eThe risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eThis issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software.\u003c/p\u003e\u003cp\u003eCloud NGFW and Prisma Access are not impacted by this vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like  CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 .\n\nThe risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended\u00a0 best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software.\n\nCloud NGFW and Prisma Access are not impacted by this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan\u003ePalo Alto Networks observed threat activity that exploits this vulnerability against a limited number of management web interfaces that are exposed to internet traffic coming from outside the network.\u003c/span\u003e\u003cbr /\u003e"
            }
          ],
          "value": "Palo Alto Networks observed threat activity that exploits this vulnerability against a limited number of management web interfaces that are exposed to internet traffic coming from outside the network."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "If you configure restricted access to a jump box that is the only system allowed to access the management interface, you greatly reduce the risk of exploitation because attacks would require privileged access using only those IP addresses."
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-18T15:47:41.407Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2024-0012"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eWe strongly recommend that you secure access to your management interface following the instructions in the workarounds section below.\u003c/p\u003e\u003cp\u003e\u003cspan\u003eThis issue is fixed in PAN-OS 10.2.12-h2, PAN-OS 11.0.6-h1, PAN-OS 11.1.5-h1, PAN-OS 11.2.4-h1, and all later PAN-OS versions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eIn addition, in an attempt to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases.\u003c/span\u003e\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003eAdditional PAN-OS 11.2 fixes:\u003cul\u003e\u003cli\u003e\u200b\u200b11.2.0-h1\u003c/li\u003e\u003cli\u003e11.2.1-h1\u003c/li\u003e\u003cli\u003e11.2.2-h2\u003c/li\u003e\u003cli\u003e11.2.3-h3\u003c/li\u003e\u003cli\u003e11.2.4-h1\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eAdditional PAN-OS 11.1 fixes:\u003cul\u003e\u003cli\u003e11.1.0-h4\u003c/li\u003e\u003cli\u003e11.1.1-h2\u003c/li\u003e\u003cli\u003e11.1.2-h15\u003c/li\u003e\u003cli\u003e11.1.3-h11\u003c/li\u003e\u003cli\u003e11.1.4-h7\u003c/li\u003e\u003cli\u003e11.1.5-h1\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eAdditional PAN-OS 11.0 fixes:\u003cul\u003e\u003cli\u003e11.0.0-h4\u003c/li\u003e\u003cli\u003e11.0.1-h5\u003c/li\u003e\u003cli\u003e11.0.2-h5\u003c/li\u003e\u003cli\u003e11.0.3-h13\u003c/li\u003e\u003cli\u003e11.0.4-h6\u003c/li\u003e\u003cli\u003e11.0.5-h2\u003c/li\u003e\u003cli\u003e11.0.6-h1\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eAdditional PAN-OS 10.2 fixes:\u003cul\u003e\u003cli\u003e10.2.0-h4\u003c/li\u003e\u003cli\u003e10.2.1-h3\u003c/li\u003e\u003cli\u003e10.2.2-h6\u003c/li\u003e\u003cli\u003e10.2.3-h14\u003c/li\u003e\u003cli\u003e10.2.4-h32\u003c/li\u003e\u003cli\u003e10.2.5-h9\u003c/li\u003e\u003cli\u003e10.2.6-h6\u003c/li\u003e\u003cli\u003e10.2.7-h18\u003c/li\u003e\u003cli\u003e10.2.8-h15\u003c/li\u003e\u003cli\u003e10.2.9-h16\u003c/li\u003e\u003cli\u003e10.2.10-h9\u003c/li\u003e\u003cli\u003e10.2.11-h6\u003c/li\u003e\u003cli\u003e10.2.12-h2\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003c/div\u003e"
            }
          ],
          "value": "We strongly recommend that you secure access to your management interface following the instructions in the workarounds section below.\n\nThis issue is fixed in PAN-OS 10.2.12-h2, PAN-OS 11.0.6-h1, PAN-OS 11.1.5-h1, PAN-OS 11.2.4-h1, and all later PAN-OS versions.\n\nIn addition, in an attempt to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases.\n\n  *  Additional PAN-OS 11.2 fixes:  *  \u200b\u200b11.2.0-h1\n  *  11.2.1-h1\n  *  11.2.2-h2\n  *  11.2.3-h3\n  *  11.2.4-h1\n\n\n\n  *  Additional PAN-OS 11.1 fixes:  *  11.1.0-h4\n  *  11.1.1-h2\n  *  11.1.2-h15\n  *  11.1.3-h11\n  *  11.1.4-h7\n  *  11.1.5-h1\n\n\n\n  *  Additional PAN-OS 11.0 fixes:  *  11.0.0-h4\n  *  11.0.1-h5\n  *  11.0.2-h5\n  *  11.0.3-h13\n  *  11.0.4-h6\n  *  11.0.5-h2\n  *  11.0.6-h1\n\n\n\n  *  Additional PAN-OS 10.2 fixes:  *  10.2.0-h4\n  *  10.2.1-h3\n  *  10.2.2-h6\n  *  10.2.3-h14\n  *  10.2.4-h32\n  *  10.2.5-h9\n  *  10.2.6-h6\n  *  10.2.7-h18\n  *  10.2.8-h15\n  *  10.2.9-h16\n  *  10.2.10-h9\n  *  10.2.11-h6\n  *  10.2.12-h2"
        }
      ],
      "source": {
        "advisory": "PAN-SA-2024-0015",
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-18T14:20:00.000Z",
          "value": "CVE-2024-0012 assigned to this publication as the vulnerability is identified and fixed"
        },
        {
          "lang": "en",
          "time": "2024-11-15T22:00:00.000Z",
          "value": "Answered a FAQ about indicators of compromise"
        },
        {
          "lang": "en",
          "time": "2024-11-14T22:18:00.000Z",
          "value": "Raised the severity of PAN-SA-2024-0015 bulletin as we have observed threat activity"
        },
        {
          "lang": "en",
          "time": "2024-11-11T01:03:00.000Z",
          "value": "Added instructions to find your devices with an internet-facing management interface discovered in our scans"
        },
        {
          "lang": "en",
          "time": "2024-11-08T13:00:00.000Z",
          "value": "Initially published as PAN-SA-2024-0015"
        }
      ],
      "title": "PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan\u003eRecommended mitigation\u2014The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you haven\u2019t already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines. Specifically, you should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the internet.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eAdditionally, if you have a Threat Prevention subscription, you can block these attacks using Threat IDs 95746, 95747, 95752, 95753, 95759, and 95763 (available in Applications and Threats content version 8915-9075 and later). For these Threat IDs to protect against attacks for this vulnerability,\u003c/span\u003e\u003c/p\u003e\u003cspan\u003e\u003cul\u003e\u003cli\u003e\u003cspan\u003eEnsure that all the listed Threat IDs are set to block mode,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003e\u003cspan\u003eRoute incoming traffic for the MGT port through a DP port\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e, e.g., enabling management profile on a DP interface for management access,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c\"\u003e\u003cspan\u003eReplace the Certificate for Inbound Traffic Management\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2\"\u003e\u003cspan\u003eDecrypt inbound traffic to the management interface so the firewall can inspect it\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e, and\u003c/span\u003e\u003c/li\u003e\u003cli\u003eEnable threat prevention on the inbound traffic to management services.\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e\u003cspan\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003cbr /\u003e\u003cul\u003e\u003cli\u003e\u003cspan\u003ePalo Alto Networks LIVEcommunity article:\u00a0\u003c/span\u003e\u003ca target=\"_blank\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003cspan\u003ehttps://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003ePalo Alto Networks official and more detailed technical documentation:\u00a0\u003ca target=\"_blank\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003e\u003cspan\u003ehttps://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e"
            }
          ],
          "value": "Recommended mitigation\u2014The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you haven\u2019t already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines. Specifically, you should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the internet.\n\nAdditionally, if you have a Threat Prevention subscription, you can block these attacks using Threat IDs 95746, 95747, 95752, 95753, 95759, and 95763 (available in Applications and Threats content version 8915-9075 and later). For these Threat IDs to protect against attacks for this vulnerability,\n\n  *  Ensure that all the listed Threat IDs are set to block mode,\n  *   Route incoming traffic for the MGT port through a DP port https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba , e.g., enabling management profile on a DP interface for management access,\n  *   Replace the Certificate for Inbound Traffic Management https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c ,\n  *   Decrypt inbound traffic to the management interface so the firewall can inspect it https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2 , and\n  *  Enable threat prevention on the inbound traffic to management services.\n\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n  *  Palo Alto Networks LIVEcommunity article:\u00a0 https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n  *  Palo Alto Networks official and more detailed technical documentation:\u00a0 https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-0012",
    "datePublished": "2024-11-18T15:47:41.407Z",
    "dateReserved": "2023-11-09T18:56:17.699Z",
    "dateUpdated": "2025-10-21T22:55:36.241Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2025-AVI-1004

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Elles permettent à un attaquant de provoquer un déni de service à distance et un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Palo Alto Networks	Prisma Access	Prisma Access versions postérieures ou égales à 10.2.4-h25 et antérieures à 10.2.10-h14
Palo Alto Networks	PAN-OS	PAN-OS versions 11.1.x sans le dernier correctif de sécurité
Palo Alto Networks	Prisma Access Browser	Prisma Browser versions antérieures à 142.15.2.60
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.x sans le dernier correctif de sécurité
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.x sans le dernier correctif de sécurité
Palo Alto Networks	Prisma Access	Prisma Access versions 11.x antérieures à 11.2.4-h4

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2025-4619	2025-11-12	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-SA-2025-0018	2025-11-12	vendor-advisory

Show details on source website

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Prisma Access versions post\u00e9rieures ou \u00e9gales \u00e0 10.2.4-h25 et ant\u00e9rieures \u00e0 10.2.10-h14",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.1.x sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Browser versions ant\u00e9rieures \u00e0 142.15.2.60",
      "product": {
        "name": "Prisma Access Browser",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.x sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.2.x sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access versions 11.x ant\u00e9rieures \u00e0 11.2.4-h4",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-12433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12433"
    },
    {
      "name": "CVE-2025-12444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12444"
    },
    {
      "name": "CVE-2025-12036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12036"
    },
    {
      "name": "CVE-2025-12438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12438"
    },
    {
      "name": "CVE-2025-12435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12435"
    },
    {
      "name": "CVE-2025-12431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12431"
    },
    {
      "name": "CVE-2025-4616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4616"
    },
    {
      "name": "CVE-2025-12445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12445"
    },
    {
      "name": "CVE-2025-12437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12437"
    },
    {
      "name": "CVE-2025-12434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12434"
    },
    {
      "name": "CVE-2025-12439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12439"
    },
    {
      "name": "CVE-2025-12432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12432"
    },
    {
      "name": "CVE-2025-12443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12443"
    },
    {
      "name": "CVE-2025-12429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12429"
    },
    {
      "name": "CVE-2025-4618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4618"
    },
    {
      "name": "CVE-2025-12436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12436"
    },
    {
      "name": "CVE-2025-12446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12446"
    },
    {
      "name": "CVE-2025-12441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12441"
    },
    {
      "name": "CVE-2025-4617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4617"
    },
    {
      "name": "CVE-2025-12440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12440"
    },
    {
      "name": "CVE-2025-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4619"
    },
    {
      "name": "CVE-2025-12430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12430"
    },
    {
      "name": "CVE-2025-12447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12447"
    },
    {
      "name": "CVE-2025-12428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12428"
    }
  ],
  "initial_release_date": "2025-11-13T00:00:00",
  "last_revision_date": "2025-11-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1004",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-4619",
      "url": "https://security.paloaltonetworks.com/CVE-2025-4619"
    },
    {
      "published_at": "2025-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0018",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2025-0018"
    }
  ]
}

CERTFR-2025-AVI-0856

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Palo Alto Networks	Prisma Access Browser	Prisma Access Browser versions postérieures ou égales à 139.18.2.139 et antérieures à 141.6.4.55
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.x antérieures à 11.2.8
Palo Alto Networks	PAN-OS	PAN-OS versions 11.1.x antérieures à 11.1.12
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.x antérieures à 10.2.17

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2025-4614	2025-10-08	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-SA-2025-0016	2025-10-08	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-4615	2025-10-08	vendor-advisory

Show details on source website

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Prisma Access Browser versions post\u00e9rieures ou \u00e9gales \u00e0 139.18.2.139 et ant\u00e9rieures \u00e0 141.6.4.55",
      "product": {
        "name": "Prisma Access Browser",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.8",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.1.x ant\u00e9rieures \u00e0 11.1.12",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 10.2.17",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-4614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4614"
    },
    {
      "name": "CVE-2025-10501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10501"
    },
    {
      "name": "CVE-2025-10201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10201"
    },
    {
      "name": "CVE-2025-9865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9865"
    },
    {
      "name": "CVE-2025-9867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9867"
    },
    {
      "name": "CVE-2025-10892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10892"
    },
    {
      "name": "CVE-2025-10200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10200"
    },
    {
      "name": "CVE-2025-10500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10500"
    },
    {
      "name": "CVE-2025-10891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10891"
    },
    {
      "name": "CVE-2025-10502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10502"
    },
    {
      "name": "CVE-2025-9866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9866"
    },
    {
      "name": "CVE-2025-9478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9478"
    },
    {
      "name": "CVE-2025-9864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9864"
    },
    {
      "name": "CVE-2025-10890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10890"
    },
    {
      "name": "CVE-2025-9132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9132"
    },
    {
      "name": "CVE-2025-10585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10585"
    },
    {
      "name": "CVE-2025-4615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4615"
    }
  ],
  "initial_release_date": "2025-10-09T00:00:00",
  "last_revision_date": "2025-10-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0856",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-4614",
      "url": "https://security.paloaltonetworks.com/CVE-2025-4614"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0016",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2025-0016"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-4615",
      "url": "https://security.paloaltonetworks.com/CVE-2025-4615"
    }
  ]
}

CERTFR-2025-AVI-0695

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Palo Alto Networks	Prisma Access Browser	Prisma Access Browser versions antérieures à 138.53.6.158
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions antérieures à 6.2.8-h3 (6.2.8-c263) pour Windows
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions antérieures à 6.3.3 pour Linux
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.x antérieures à 11.2.8 sur PA-7500
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.3.x antérieures à 6.3.3-h2 (6.3.3-c676) pour Windows
Palo Alto Networks	Checkov by Prisma Cloud	Checkov by Prisma Cloud versions 3.2.x antérieures à 3.2.449
Palo Alto Networks	PAN-OS	PAN-OS versions 11.1.x antérieures à 11.1.10 sur PA-7500
Palo Alto Networks	Cortex XDR Broker	Cortex XDR Broker VM versions 28.0.x antérieures à 28.0.52

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2025-2183	2025-08-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-2180	2025-08-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-2181	2025-08-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-2184	2025-08-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-2182	2025-08-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-SA-2025-0014	2025-08-13	vendor-advisory

Show details on source website

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 138.53.6.158",
      "product": {
        "name": "Prisma Access Browser",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions ant\u00e9rieures \u00e0 6.2.8-h3 (6.2.8-c263) pour Windows",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions ant\u00e9rieures \u00e0 6.3.3 pour Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.8 sur PA-7500",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.3.x ant\u00e9rieures \u00e0 6.3.3-h2 (6.3.3-c676) pour Windows",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Checkov by Prisma Cloud versions 3.2.x ant\u00e9rieures \u00e0 3.2.449",
      "product": {
        "name": "Checkov by Prisma Cloud",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.1.x ant\u00e9rieures \u00e0 11.1.10 sur PA-7500",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Broker VM versions 28.0.x ant\u00e9rieures \u00e0 28.0.52",
      "product": {
        "name": "Cortex XDR Broker",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-2182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2182"
    },
    {
      "name": "CVE-2025-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2183"
    },
    {
      "name": "CVE-2025-7656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7656"
    },
    {
      "name": "CVE-2025-7657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7657"
    },
    {
      "name": "CVE-2024-5921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5921"
    },
    {
      "name": "CVE-2025-2184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2184"
    },
    {
      "name": "CVE-2025-8292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8292"
    },
    {
      "name": "CVE-2025-6558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6558"
    },
    {
      "name": "CVE-2025-8010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8010"
    },
    {
      "name": "CVE-2025-2181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2181"
    },
    {
      "name": "CVE-2025-8011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8011"
    },
    {
      "name": "CVE-2025-2180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2180"
    }
  ],
  "initial_release_date": "2025-08-14T00:00:00",
  "last_revision_date": "2025-08-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0695",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-2183",
      "url": "https://security.paloaltonetworks.com/CVE-2025-2183"
    },
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-2180",
      "url": "https://security.paloaltonetworks.com/CVE-2025-2180"
    },
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-2181",
      "url": "https://security.paloaltonetworks.com/CVE-2025-2181"
    },
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-2184",
      "url": "https://security.paloaltonetworks.com/CVE-2025-2184"
    },
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-2182",
      "url": "https://security.paloaltonetworks.com/CVE-2025-2182"
    },
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0014",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2025-0014"
    }
  ]
}

CERTFR-2025-AVI-0505

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un contournement de la politique de sécurité.

Palo Alto Networks a connaissance d'une preuve de concept pour la vulnérabilité CVE-2025-4232.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions correctives 10.1.14-h16 et 11.2.7 pour la vulnérabilité CVE-2025-4229 affectant respectivement PAN-OS versions 10.1.x et 11.2.x sont prévues pour juillet 2025 et juin 2025. Les versions correctives 6.2.8-h2 et 6.3.3-h1 pour la vulnérabilité CVE-2025-4227 affectant respectivement GlobalProtect App versions 6.2.x et 6.3.x sont prévues pour juin 2025.

Impacted products

Vendor	Product	Description
Palo Alto Networks	PAN-OS	PAN-OS toutes versions à 10.1.x
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.2.x antérieures à 6.2.8-HF
Palo Alto Networks	Prisma Access Browser	Prisma Access Browser versions antérieures à 137.16.2.69
Palo Alto Networks	PAN-OS	PAN-OS versions 11.1.x antérieures à 11.1.10
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.2.x antérieures à 6.2.8-h2
Palo Alto Networks	GlobalProtect App	GlobalProtect App toutes version 6.0.x
Palo Alto Networks	Cortex XDR Broker	Cortex XDR Broker VM versions antérieures à 27.0.26
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.x antérieures à 10.2.17
Palo Alto Networks	PAN-OS	PAN-OS versions 11.0.x antérieures à 11.0.3
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.3.x antérieures à 6.3.3-h1
Palo Alto Networks	GlobalProtect App	GlobalProtect App toutes versions 6.1.x
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.x antérieures à 11.2.7

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2025-4231	2025-06-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-4227	2025-06-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-4228	2025-06-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-4230	2025-06-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-4232	2025-06-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-4229	2025-06-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-SA-2025-0011	2025-06-11	vendor-advisory

Show details on source website

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PAN-OS toutes versions \u00e0 10.1.x",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.2.x ant\u00e9rieures \u00e0 6.2.8-HF",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 137.16.2.69",
      "product": {
        "name": "Prisma Access Browser",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.1.x ant\u00e9rieures \u00e0 11.1.10",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.2.x ant\u00e9rieures \u00e0 6.2.8-h2",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App toutes version 6.0.x",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Broker VM versions ant\u00e9rieures \u00e0 27.0.26",
      "product": {
        "name": "Cortex XDR Broker",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 10.2.17",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.0.x ant\u00e9rieures \u00e0 11.0.3",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.3.x ant\u00e9rieures \u00e0 6.3.3-h1",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App toutes versions 6.1.x",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.7",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "Les versions correctives 10.1.14-h16 et 11.2.7 pour la vuln\u00e9rabilit\u00e9 CVE-2025-4229 affectant respectivement PAN-OS versions 10.1.x et 11.2.x sont pr\u00e9vues pour juillet 2025 et juin 2025.\nLes versions correctives 6.2.8-h2 et 6.3.3-h1 pour la vuln\u00e9rabilit\u00e9 CVE-2025-4227 affectant respectivement GlobalProtect App versions 6.2.x et 6.3.x sont pr\u00e9vues pour juin 2025.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-5280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5280"
    },
    {
      "name": "CVE-2025-5281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5281"
    },
    {
      "name": "CVE-2025-4229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4229"
    },
    {
      "name": "CVE-2025-5065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5065"
    },
    {
      "name": "CVE-2025-4233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4233"
    },
    {
      "name": "CVE-2025-4664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4664"
    },
    {
      "name": "CVE-2025-5066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5066"
    },
    {
      "name": "CVE-2025-4230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4230"
    },
    {
      "name": "CVE-2025-5064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5064"
    },
    {
      "name": "CVE-2025-4231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4231"
    },
    {
      "name": "CVE-2025-4228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4228"
    },
    {
      "name": "CVE-2025-5419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5419"
    },
    {
      "name": "CVE-2025-4227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4227"
    },
    {
      "name": "CVE-2025-4232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4232"
    },
    {
      "name": "CVE-2025-5068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5068"
    },
    {
      "name": "CVE-2025-5067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5067"
    },
    {
      "name": "CVE-2025-5283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5283"
    },
    {
      "name": "CVE-2025-5063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5063"
    }
  ],
  "initial_release_date": "2025-06-12T00:00:00",
  "last_revision_date": "2025-06-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0505",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-06-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un contournement de la politique de s\u00e9curit\u00e9.\n\nPalo Alto Networks a connaissance d\u0027une preuve de concept pour la vuln\u00e9rabilit\u00e9 CVE-2025-4232.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-4231",
      "url": "https://security.paloaltonetworks.com/CVE-2025-4231"
    },
    {
      "published_at": "2025-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-4227",
      "url": "https://security.paloaltonetworks.com/CVE-2025-4227"
    },
    {
      "published_at": "2025-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-4228",
      "url": "https://security.paloaltonetworks.com/CVE-2025-4228"
    },
    {
      "published_at": "2025-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-4230",
      "url": "https://security.paloaltonetworks.com/CVE-2025-4230"
    },
    {
      "published_at": "2025-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-4232",
      "url": "https://security.paloaltonetworks.com/CVE-2025-4232"
    },
    {
      "published_at": "2025-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-4229",
      "url": "https://security.paloaltonetworks.com/CVE-2025-4229"
    },
    {
      "published_at": "2025-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0011",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2025-0011"
    }
  ]
}

CERTFR-2025-AVI-0410

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions correctives pour la vulnérabilité CVE-2025-0133 sont prévus pour juin (PAN-OS 11.2.8), juillet (PAN-OS 11.1.11) et août 2025 (PAN-OS 10.2.17)

Impacted products

Vendor	Product	Description
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions antérieures à 6.0.0 sans les derniers correctifs de sécurité
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.x antérieures à 11.2.5
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions antérieures à 6.1.0 sans les derniers correctifs de sécurité
Palo Alto Networks	N/A	MetaDefender Endpoint Security versions antérieures à 4.3.4451 sur Windows
Palo Alto Networks	PAN-OS	PAN-OS versions antérieures à 10.1.14-h14
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.x antérieures à 10.2.13
Palo Alto Networks	Prisma Cloud Compute	Prisma Cloud Compute Edition versions antérieures à 34.00.141
Palo Alto Networks	Prisma Access	Prisma Access Browser versions antérieures à 136.11.9.93
Palo Alto Networks	PAN-OS	PAN-OS versions 11.0.x antérieures à 11.0.7
Palo Alto Networks	Cortex XDR Broker	Cortex XDR Broker VM versions antérieures à 26.0.119
Palo Alto Networks	PAN-OS	PAN-OS versions 11.1.x antérieures à 11.1.8
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.2.x antérieures à 6.2.8 sur macOS
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.3.x antérieures à 6.3.3 sur macOS

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2025-0138	2025-05-14	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0133	2025-05-14	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0134	2025-05-14	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0131	2025-05-14	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0135	2025-06-06	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0137	2025-05-14	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0132	2025-05-14	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-SA-2025-0009	2025-05-14	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0136	2025-05-14	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0130	2025-05-14	vendor-advisory

Show details on source website

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "GlobalProtect App versions ant\u00e9rieures \u00e0 6.0.0 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.5",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions ant\u00e9rieures \u00e0 6.1.0 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "MetaDefender Endpoint Security versions ant\u00e9rieures \u00e0 4.3.4451 sur Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions ant\u00e9rieures \u00e0 10.1.14-h14",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 10.2.13",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Cloud Compute Edition versions   ant\u00e9rieures \u00e0 34.00.141",
      "product": {
        "name": "Prisma Cloud Compute",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 136.11.9.93",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.0.x ant\u00e9rieures \u00e0 11.0.7",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Broker VM versions ant\u00e9rieures \u00e0 26.0.119",
      "product": {
        "name": "Cortex XDR Broker",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.1.x ant\u00e9rieures \u00e0 11.1.8",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.2.x ant\u00e9rieures \u00e0 6.2.8 sur macOS",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.3.x ant\u00e9rieures \u00e0 6.3.3 sur macOS",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "Les versions correctives pour la vuln\u00e9rabilit\u00e9 CVE-2025-0133 sont pr\u00e9vus pour juin (PAN-OS 11.2.8),  juillet (PAN-OS 11.1.11) et ao\u00fbt 2025 (PAN-OS 10.2.17)",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-0135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0135"
    },
    {
      "name": "CVE-2025-3066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3066"
    },
    {
      "name": "CVE-2025-0134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0134"
    },
    {
      "name": "CVE-2025-3072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3072"
    },
    {
      "name": "CVE-2025-0138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0138"
    },
    {
      "name": "CVE-2025-0131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0131"
    },
    {
      "name": "CVE-2025-3068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3068"
    },
    {
      "name": "CVE-2025-3619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3619"
    },
    {
      "name": "CVE-2025-0137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0137"
    },
    {
      "name": "CVE-2025-4096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4096"
    },
    {
      "name": "CVE-2025-4052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4052"
    },
    {
      "name": "CVE-2025-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3620"
    },
    {
      "name": "CVE-2025-0130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0130"
    },
    {
      "name": "CVE-2025-3067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3067"
    },
    {
      "name": "CVE-2025-0133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0133"
    },
    {
      "name": "CVE-2025-0132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0132"
    },
    {
      "name": "CVE-2025-4372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4372"
    },
    {
      "name": "CVE-2025-3074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3074"
    },
    {
      "name": "CVE-2025-4050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4050"
    },
    {
      "name": "CVE-2025-0136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0136"
    },
    {
      "name": "CVE-2025-4051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4051"
    },
    {
      "name": "CVE-2025-3071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3071"
    },
    {
      "name": "CVE-2025-3069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3069"
    },
    {
      "name": "CVE-2025-3073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3073"
    },
    {
      "name": "CVE-2025-3070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3070"
    }
  ],
  "initial_release_date": "2025-05-15T00:00:00",
  "last_revision_date": "2025-05-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0410",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-05-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-05-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0138",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0138"
    },
    {
      "published_at": "2025-05-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0133",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0133"
    },
    {
      "published_at": "2025-05-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0134",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0134"
    },
    {
      "published_at": "2025-05-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0131",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0131"
    },
    {
      "published_at": "2025-06-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0135",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0135"
    },
    {
      "published_at": "2025-05-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0137",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0137"
    },
    {
      "published_at": "2025-05-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0132",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0132"
    },
    {
      "published_at": "2025-05-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0009",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2025-0009"
    },
    {
      "published_at": "2025-05-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0136",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0136"
    },
    {
      "published_at": "2025-05-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0130",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0130"
    }
  ]
}

CERTFR-2025-AVI-0301

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Palo Alto Networks	Prisma SD-WAN	Prisma SD-WAN versions 6.2.x et 6.3.x antérieures à 6.3.4
Palo Alto Networks	Prisma SD-WAN	Prisma SD-WAN versions 6.5.x antérieures à 6.5.1
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 8.3-CE.x antérieures à 8.3.101-CE HF pour Windows
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.x antérieures à 11.2.6
Palo Alto Networks	Prisma Access	Prisma Access versions 10.2.4.x antérieures à 10.2.4-h36
Palo Alto Networks	Cloud NGFW	Cloud NGFW sans les derniers correctifs de sécurité
Palo Alto Networks	Prisma Access	Prisma Access versions 11.2.x antérieures à 11.2.4-h5
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.x antérieures à 6.2.8 pour Windows
Palo Alto Networks	Cortex XDR Broker	Cortex XDR Broker VM versions antérieures à 26.100.3
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.3.x antérieures à 6.3.3 pour Windows
Palo Alto Networks	Prisma SD-WAN	Prisma SD-WAN versions 6.4.x antérieures à 6.4.2
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 8.6.x antérieures à 8.6.1 pour Windows
Palo Alto Networks	Prisma Access Browser	Prisma Access Browser versions antérieures à 132.83.3017.1
Palo Alto Networks	Prisma SD-WAN	Prisma SD-WAN versions 6.1.x antérieures à 6.1.10
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 8.5.x antérieures à 8.5.2 pour Windows
Palo Alto Networks	Prisma Access	Prisma Access versions 10.2.10.x antérieures à 10.2.10-h16
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 7.9-CE.x antérieures à 7.9.103-CE HF pour Windows
Palo Alto Networks	PAN-OS	PAN-OS versions 10.1.x antérieures à 10.1.14-h13
Palo Alto Networks	PAN-OS	PAN-OS versions 11.1.x antérieures à 11.1.8
Palo Alto Networks	PAN-OS	PAN-OS versions 11.0.x antérieures à 11.0.6
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.x antérieures à 10.2.15

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2025-0122	2025-04-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0120	2025-04-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0128	2025-04-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-SA-2025-0008	2025-04-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0125	2025-04-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0127	2025-04-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0123	2025-04-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0119	2025-04-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0124	2025-04-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0126	2025-04-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0121	2025-04-09	vendor-advisory

Show details on source website

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Prisma SD-WAN versions 6.2.x et 6.3.x ant\u00e9rieures \u00e0 6.3.4",
      "product": {
        "name": "Prisma SD-WAN",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma SD-WAN versions 6.5.x ant\u00e9rieures \u00e0 6.5.1",
      "product": {
        "name": "Prisma SD-WAN",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 8.3-CE.x ant\u00e9rieures \u00e0 8.3.101-CE HF pour Windows",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.6",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access versions 10.2.4.x ant\u00e9rieures \u00e0 10.2.4-h36",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud NGFW sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Cloud NGFW",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access versions 11.2.x ant\u00e9rieures \u00e0 11.2.4-h5",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.x ant\u00e9rieures \u00e0 6.2.8 pour Windows",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Broker VM versions ant\u00e9rieures \u00e0 26.100.3",
      "product": {
        "name": "Cortex XDR Broker",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.3.x ant\u00e9rieures \u00e0 6.3.3 pour Windows",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma SD-WAN versions 6.4.x ant\u00e9rieures \u00e0 6.4.2",
      "product": {
        "name": "Prisma SD-WAN",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 8.6.x ant\u00e9rieures \u00e0 8.6.1 pour Windows",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 132.83.3017.1",
      "product": {
        "name": "Prisma Access Browser",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma SD-WAN versions 6.1.x ant\u00e9rieures \u00e0 6.1.10",
      "product": {
        "name": "Prisma SD-WAN",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 8.5.x ant\u00e9rieures \u00e0 8.5.2 pour Windows",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access versions 10.2.10.x ant\u00e9rieures \u00e0 10.2.10-h16",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 7.9-CE.x ant\u00e9rieures \u00e0 7.9.103-CE HF pour Windows",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.14-h13",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.1.x ant\u00e9rieures \u00e0 11.1.8",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.0.x ant\u00e9rieures \u00e0 11.0.6",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 10.2.15",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-0124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0124"
    },
    {
      "name": "CVE-2025-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2783"
    },
    {
      "name": "CVE-2025-2136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2136"
    },
    {
      "name": "CVE-2025-0120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0120"
    },
    {
      "name": "CVE-2025-0128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0128"
    },
    {
      "name": "CVE-2025-1920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1920"
    },
    {
      "name": "CVE-2025-0126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0126"
    },
    {
      "name": "CVE-2025-0129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0129"
    },
    {
      "name": "CVE-2025-2135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2135"
    },
    {
      "name": "CVE-2025-2137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2137"
    },
    {
      "name": "CVE-2025-0121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0121"
    },
    {
      "name": "CVE-2025-0127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0127"
    },
    {
      "name": "CVE-2025-0123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0123"
    },
    {
      "name": "CVE-2025-0125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0125"
    },
    {
      "name": "CVE-2025-0122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0122"
    },
    {
      "name": "CVE-2025-0119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0119"
    },
    {
      "name": "CVE-2025-2476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2476"
    }
  ],
  "initial_release_date": "2025-04-10T00:00:00",
  "last_revision_date": "2025-04-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0301",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0122",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0122"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0120",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0120"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0128",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0128"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0008",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2025-0008"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0125",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0125"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0127",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0127"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0123",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0123"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0119",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0119"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0124",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0124"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0126",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0126"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0121",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0121"
    }
  ]
}

CERTFR-2025-AVI-0204

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.x antérieures à 11.2.5
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions antérieures à 6.2.6 pour Windows
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.x antérieures à 10.2.13-h5
Palo Alto Networks	Prisma Access Browser	Prisma Access Browser versions antérieures à 133.16.4.99
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.3.x antérieures à 6.3.3 pour Windows
Palo Alto Networks	PAN-OS	PAN-OS versions 10.1.0 antérieures à 10.1.14-h11
Palo Alto Networks	PAN-OS	PAN-OS versions 11.1.x antérieures à 11.1.8
Palo Alto Networks	PAN-OS	PAN-OS versions 11.0.x antérieures à 11.0.6

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2025-0115	2025-03-12	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0117	2025-03-12	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-SA-2025-0007	2025-03-12	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0118	2025-03-12	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0114	2025-03-12	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0116	2025-03-12	vendor-advisory

Show details on source website

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.5",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions ant\u00e9rieures \u00e0 6.2.6 pour Windows",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 10.2.13-h5",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 133.16.4.99",
      "product": {
        "name": "Prisma Access Browser",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.3.x ant\u00e9rieures \u00e0 6.3.3 pour Windows",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.1.0 ant\u00e9rieures \u00e0 10.1.14-h11",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.1.x ant\u00e9rieures \u00e0 11.1.8",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.0.x ant\u00e9rieures \u00e0 11.0.6",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-0996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0996"
    },
    {
      "name": "CVE-2025-1919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1919"
    },
    {
      "name": "CVE-2025-1426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1426"
    },
    {
      "name": "CVE-2025-0116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0116"
    },
    {
      "name": "CVE-2025-0999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0999"
    },
    {
      "name": "CVE-2025-1921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1921"
    },
    {
      "name": "CVE-2025-1916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1916"
    },
    {
      "name": "CVE-2025-1006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1006"
    },
    {
      "name": "CVE-2025-0117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0117"
    },
    {
      "name": "CVE-2025-0118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0118"
    },
    {
      "name": "CVE-2025-0997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0997"
    },
    {
      "name": "CVE-2025-0995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0995"
    },
    {
      "name": "CVE-2025-1917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1917"
    },
    {
      "name": "CVE-2025-1918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1918"
    },
    {
      "name": "CVE-2025-0115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0115"
    },
    {
      "name": "CVE-2025-1915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1915"
    },
    {
      "name": "CVE-2025-1914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1914"
    },
    {
      "name": "CVE-2025-1922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1922"
    },
    {
      "name": "CVE-2025-0998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0998"
    },
    {
      "name": "CVE-2025-1923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1923"
    },
    {
      "name": "CVE-2025-0114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0114"
    }
  ],
  "initial_release_date": "2025-03-13T00:00:00",
  "last_revision_date": "2025-03-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0204",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-03-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-03-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0115",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0115"
    },
    {
      "published_at": "2025-03-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0117",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0117"
    },
    {
      "published_at": "2025-03-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0007",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2025-0007"
    },
    {
      "published_at": "2025-03-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0118",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0118"
    },
    {
      "published_at": "2025-03-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0114",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0114"
    },
    {
      "published_at": "2025-03-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0116",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0116"
    }
  ]
}

CERTFR-2025-AVI-0128

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur indique que les versions 8.4.x et antérieures de Cortex XDR Agent ne sont plus maintenues. La mise à jour vers la version 8.5.1 au minimum est nécessaire. De plus la mise à jour de Cortex XDR Broker VM en version 25.105.6 ne protège pas de l'exploitation de la vulnérabilité CVE-2025-0113 qui est corrigée par la version 26.0.116.

Impacted products

Vendor	Product	Description
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 8.5.x antérieures à 8.5.1 pour Windows
Palo Alto Networks	Prisma Access Browser	Prisma Access Browser versions antérieures à 133.8.10.54
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.0 antérieures à 11.2.4-h4
Palo Alto Networks	PAN-OS	PAN-OS versions 11.1.0 antérieures à 11.1.6-h1
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.0 antérieures à 10.2.13-h3
Palo Alto Networks	Cortex XDR Broker	Cortex XDR Broker VM versions antérieures à 26.0.116
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 8.3-CE antérieures à 8.3.101-CE pour Windows
Palo Alto Networks	PAN-OS	PAN-OS OpenConfig Plugin versions antérieures à 2.1.2
Palo Alto Networks	PAN-OS	PAN-OS versions 10.1.0 antérieures à 10.1.14-h9
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 8.4.x et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2024-1135	2025-02-12	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0109	2025-02-12	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0110	2025-02-12	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0108	2025-02-12	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0113	2025-02-12	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-SA-2025-0004	2025-02-12	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0112	2025-02-12	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0111	2025-02-12	vendor-advisory

Show details on source website

Bulletin de sécurité Palo Alto Networks PAN-259351 et PAN-219034

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cortex XDR Agent versions 8.5.x ant\u00e9rieures \u00e0 8.5.1 pour Windows",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 133.8.10.54",
      "product": {
        "name": "Prisma Access Browser",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.2.0 ant\u00e9rieures \u00e0 11.2.4-h4",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.1.0 ant\u00e9rieures \u00e0 11.1.6-h1",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.0 ant\u00e9rieures \u00e0 10.2.13-h3",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Broker VM versions ant\u00e9rieures \u00e0 26.0.116",
      "product": {
        "name": "Cortex XDR Broker",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 8.3-CE ant\u00e9rieures \u00e0 8.3.101-CE  pour Windows",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS OpenConfig Plugin versions   ant\u00e9rieures \u00e0 2.1.2",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.1.0 ant\u00e9rieures \u00e0 10.1.14-h9",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 8.4.x et ant\u00e9rieures",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": " L\u0027\u00e9diteur indique que les versions 8.4.x et ant\u00e9rieures de Cortex XDR Agent ne sont plus maintenues. La mise \u00e0 jour vers la version 8.5.1 au minimum est n\u00e9cessaire. De plus la mise \u00e0 jour de Cortex XDR Broker VM en version 25.105.6 ne prot\u00e8ge pas de l\u0027exploitation de la vuln\u00e9rabilit\u00e9 CVE-2025-0113 qui est corrig\u00e9e par la version 26.0.116.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-0448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0448"
    },
    {
      "name": "CVE-2025-0111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0111"
    },
    {
      "name": "CVE-2025-0440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0440"
    },
    {
      "name": "CVE-2025-0445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0445"
    },
    {
      "name": "CVE-2025-0434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0434"
    },
    {
      "name": "CVE-2025-0439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0439"
    },
    {
      "name": "CVE-2025-0612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0612"
    },
    {
      "name": "CVE-2025-0291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0291"
    },
    {
      "name": "CVE-2025-0451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0451"
    },
    {
      "name": "CVE-2025-0611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0611"
    },
    {
      "name": "CVE-2025-0443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0443"
    },
    {
      "name": "CVE-2025-0109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0109"
    },
    {
      "name": "CVE-2024-1135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
    },
    {
      "name": "CVE-2025-0446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0446"
    },
    {
      "name": "CVE-2025-0435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0435"
    },
    {
      "name": "CVE-2025-0442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0442"
    },
    {
      "name": "CVE-2025-0441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0441"
    },
    {
      "name": "CVE-2025-0444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0444"
    },
    {
      "name": "CVE-2025-0108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0108"
    },
    {
      "name": "CVE-2025-0762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0762"
    },
    {
      "name": "CVE-2025-0112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0112"
    },
    {
      "name": "CVE-2025-0438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0438"
    },
    {
      "name": "CVE-2025-0437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0437"
    },
    {
      "name": "CVE-2025-0436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0436"
    },
    {
      "name": "CVE-2025-0447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0447"
    },
    {
      "name": "CVE-2025-0110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0110"
    },
    {
      "name": "CVE-2025-0113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0113"
    }
  ],
  "initial_release_date": "2025-02-13T00:00:00",
  "last_revision_date": "2025-02-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0128",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-02-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-1135",
      "url": "https://security.paloaltonetworks.com/CVE-2024-1135"
    },
    {
      "published_at": "2025-02-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0109",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0109"
    },
    {
      "published_at": "2025-02-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0110",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0110"
    },
    {
      "published_at": "2025-02-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0108",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0108"
    },
    {
      "published_at": "2025-02-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0113",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0113"
    },
    {
      "published_at": "2025-02-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0004",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2025-0004"
    },
    {
      "published_at": "2025-02-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0112",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0112"
    },
    {
      "published_at": "2025-02-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0111",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0111"
    }
  ]
}

CERTFR-2024-AVI-1107

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans les produits Palo Alto Networks. Elle permet à un attaquant de provoquer un déni de service à distance. Palo Alto Networks indique que la vulnérabilité CVE-2024-3393 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Palo Alto Networks	PAN-OS	PAN-OS versions 11.1.x antérieures à 11.1.5
Palo Alto Networks	Prisma Access	Prisma Access versions 11.2.x antérieures à 11.2.3
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.x antérieures à 11.2.3
Palo Alto Networks	PAN-OS	PAN-OS versions 10.1.x antérieures à 10.1.15
Palo Alto Networks	Prisma Access	Prisma Access versions 10.2.x antérieures à 10.2.10-h12
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.x antérieures à 10.2.14

References

Title

Publication Time

Tags

2024-12-27

vendor-advisory

Show details on source website

Bulletin de sécurité Palo Alto Networks CVE-2024-9474

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PAN-OS versions 11.1.x ant\u00e9rieures \u00e0 11.1.5",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access versions 11.2.x ant\u00e9rieures \u00e0 11.2.3",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.3",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.15",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access versions 10.2.x ant\u00e9rieures \u00e0 10.2.10-h12",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 10.2.14",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-3393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3393"
    }
  ],
  "initial_release_date": "2024-12-27T00:00:00",
  "last_revision_date": "2024-12-27T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-1107",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-12-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Palo Alto Networks. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\nPalo Alto Networks indique que la vuln\u00e9rabilit\u00e9 CVE-2024-3393 est activement exploit\u00e9e.",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2024-12-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-259351 et PAN-219034",
      "url": "https://security.paloaltonetworks.com/CVE-2024-3393"
    }
  ]
}

CERTFR-2024-AVI-1001

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans les produits Palo Alto Networks. Elle permet à un attaquant de provoquer une élévation de privilèges.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Palo Alto Networks	PAN-OS	PAN-OS versions 11.1.0 antérieures à 11.1.5-h1
Palo Alto Networks	PAN-OS	PAN-OS versions 11.0.0 antérieures à 11.0.6-h1
Palo Alto Networks	PAN-OS	PAN-OS versions 10.1.0 antérieures à 10.1.14-h6
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.0 antérieures à 10.2.12-h2
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.0 antérieures à 11.2.4-h1

References

Title

Publication Time

Tags

2024-11-18

vendor-advisory

Show details on source website

Bulletin de sécurité Palo Alto Networks PAN-SA-2024-0015

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PAN-OS versions 11.1.0 ant\u00e9rieures \u00e0 11.1.5-h1",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.0.0 ant\u00e9rieures \u00e0 11.0.6-h1",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.1.0 ant\u00e9rieures \u00e0 10.1.14-h6",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.0 ant\u00e9rieures \u00e0 10.2.12-h2",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.2.0 ant\u00e9rieures \u00e0 11.2.4-h1",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-9474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9474"
    }
  ],
  "initial_release_date": "2024-11-19T00:00:00",
  "last_revision_date": "2024-11-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-1001",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-11-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Palo Alto Networks. Elle permet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2024-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-9474",
      "url": "https://security.paloaltonetworks.com/CVE-2024-9474"
    }
  ]
}

CERTFR-2024-AVI-0990

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Palo Alto Networks PAN-OS. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Palo Alto Networks	PAN-OS	PAN-OS versions 11.1.0 antérieures à 11.1.5-h1
Palo Alto Networks	PAN-OS	PAN-OS versions 11.0.0 antérieures à 11.0.6-h1
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.0 antérieures à 10.2.12-h2
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.0 antérieures à 11.2.4-h1

References

Title

Publication Time

Tags

2024-11-14

vendor-advisory

Show details on source website

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PAN-OS versions 11.1.0 ant\u00e9rieures \u00e0 11.1.5-h1",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.0.0 ant\u00e9rieures \u00e0 11.0.6-h1",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.0 ant\u00e9rieures \u00e0 10.2.12-h2",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.2.0 ant\u00e9rieures \u00e0 11.2.4-h1",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-0012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0012"
    }
  ],
  "initial_release_date": "2024-11-15T00:00:00",
  "last_revision_date": "2024-11-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0990",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-11-15T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027identifiant CVE et de correctifs",
      "revision_date": "2024-11-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Palo Alto Networks PAN-OS. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2024-11-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0015",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2024-0015"
    }
  ]
}

CERTFR-2024-AVI-0986

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.x antérieures à 10.2.12
Palo Alto Networks	PAN-OS	PAN-OS versions 11.1.x antérieures à 11.1.5
Palo Alto Networks	Prisma Access Browser	Prisma Access Browser versions antérieures à 130.117.2920.13
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.x antérieures à 11.2.4
Palo Alto Networks	PAN-OS	PAN-OS versions 10.1.x antérieures à 10.1.14
Palo Alto Networks	PAN-OS	PAN-OS versions 11.0.x antérieures à 11.0.6

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks PAN-244950 et PAN-221352	2024-11-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-223185	2024-11-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-262287 et PAN-226361	2024-11-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-261332	2024-11-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-115469	2024-11-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-222484	2024-11-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-216947	2024-11-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-SA-2024-0016	2024-11-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-205062	2024-11-13	vendor-advisory

Show details on source website

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 10.2.12",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.1.x ant\u00e9rieures \u00e0 11.1.5",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 130.117.2920.13",
      "product": {
        "name": "Prisma Access Browser",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.4",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.14",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.0.x ant\u00e9rieures \u00e0 11.0.6",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-2552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2552"
    },
    {
      "name": "CVE-2024-9962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9962"
    },
    {
      "name": "CVE-2024-9959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9959"
    },
    {
      "name": "CVE-2024-9965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9965"
    },
    {
      "name": "CVE-2024-9966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9966"
    },
    {
      "name": "CVE-2024-9963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9963"
    },
    {
      "name": "CVE-2024-9955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9955"
    },
    {
      "name": "CVE-2024-9472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9472"
    },
    {
      "name": "CVE-2024-10827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10827"
    },
    {
      "name": "CVE-2024-9956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9956"
    },
    {
      "name": "CVE-2024-9958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9958"
    },
    {
      "name": "CVE-2024-10229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10229"
    },
    {
      "name": "CVE-2024-10488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10488"
    },
    {
      "name": "CVE-2024-10230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10230"
    },
    {
      "name": "CVE-2024-10487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10487"
    },
    {
      "name": "CVE-2024-9957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9957"
    },
    {
      "name": "CVE-2024-5920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5920"
    },
    {
      "name": "CVE-2024-2551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2551"
    },
    {
      "name": "CVE-2024-10826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10826"
    },
    {
      "name": "CVE-2024-9960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9960"
    },
    {
      "name": "CVE-2024-5918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5918"
    },
    {
      "name": "CVE-2024-2550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2550"
    },
    {
      "name": "CVE-2024-9954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9954"
    },
    {
      "name": "CVE-2024-5917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5917"
    },
    {
      "name": "CVE-2024-10231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10231"
    },
    {
      "name": "CVE-2024-9964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9964"
    },
    {
      "name": "CVE-2024-9961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9961"
    },
    {
      "name": "CVE-2024-5919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5919"
    }
  ],
  "initial_release_date": "2024-11-14T00:00:00",
  "last_revision_date": "2024-11-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0986",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-11-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2024-11-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-244950 et PAN-221352",
      "url": "https://security.paloaltonetworks.com/CVE-2024-2550"
    },
    {
      "published_at": "2024-11-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-223185",
      "url": "https://security.paloaltonetworks.com/CVE-2024-2551"
    },
    {
      "published_at": "2024-11-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-262287 et PAN-226361",
      "url": "https://security.paloaltonetworks.com/CVE-2024-9472"
    },
    {
      "published_at": "2024-11-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-261332",
      "url": "https://security.paloaltonetworks.com/CVE-2024-2552"
    },
    {
      "published_at": "2024-11-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-115469",
      "url": "https://security.paloaltonetworks.com/CVE-2024-5917"
    },
    {
      "published_at": "2024-11-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-222484",
      "url": "https://security.paloaltonetworks.com/CVE-2024-5920"
    },
    {
      "published_at": "2024-11-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-216947",
      "url": "https://security.paloaltonetworks.com/CVE-2024-5918"
    },
    {
      "published_at": "2024-11-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0016",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2024-0016"
    },
    {
      "published_at": "2024-11-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-205062",
      "url": "https://security.paloaltonetworks.com/CVE-2024-5919"
    }
  ]
}

CERTFR-2024-AVI-0859

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Palo Alto Networks	Cortex XSOAR	Cortex XSOAR versions antérieures à 6.12.0 (Build 1271551)
Palo Alto Networks	PAN-OS	PAN-OS versions 11.0 antérieures à 11.0.6
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.9-x antérieures à 10.2.9-h11
Palo Alto Networks	Expedition	Expedition versions antérieures à 1.2.96
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions antérieures à 6.2.5 sur Windows
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.10-x antérieures à 10.2.10-h4
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions antérieures à 7.9.102-CE sur Windows
Palo Alto Networks	PAN-OS	PAN-OS versions 11.0.4-x antérieures à 11.0.4-h5
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 8.4.x antérieures à 8.4.1 sur Windows
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2 antérieures à 10.2.11
Palo Alto Networks	PAN-OS	PAN-OS versions 11.1 antérieures à 11.1.3
Palo Alto Networks	Prisma Access	Prisma Access Browser versions antérieures à 129.101.2913.3
Palo Alto Networks	PAN-OS	PAN-OS versions 10.1 antérieures à 10.1.11
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 8.3.x antérieures à 8.3.1 sur Windows

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks PAN-SA-2024-0010	2024-10-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-SA-2024-0011	2024-10-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks CPATR-23347	2024-10-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks GPC-19493 et GPC-21211	2024-10-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-244840	2024-10-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-217511 et PAN-152631	2024-10-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks CRTX-105114	2024-10-09	vendor-advisory

Show details on source website

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cortex XSOAR versions ant\u00e9rieures \u00e0 6.12.0 (Build 1271551)",
      "product": {
        "name": "Cortex XSOAR",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.0 ant\u00e9rieures \u00e0 11.0.6",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.9-x ant\u00e9rieures \u00e0 10.2.9-h11",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Expedition versions ant\u00e9rieures \u00e0 1.2.96",
      "product": {
        "name": "Expedition",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions ant\u00e9rieures \u00e0 6.2.5 sur Windows",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.10-x ant\u00e9rieures \u00e0 10.2.10-h4",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions ant\u00e9rieures \u00e0 7.9.102-CE sur Windows",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.0.4-x ant\u00e9rieures \u00e0 11.0.4-h5",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 8.4.x ant\u00e9rieures \u00e0 8.4.1 sur Windows",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2 ant\u00e9rieures \u00e0 10.2.11",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.1 ant\u00e9rieures \u00e0 11.1.3",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 129.101.2913.3",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.1 ant\u00e9rieures \u00e0 10.1.11",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 8.3.x ant\u00e9rieures \u00e0 8.3.1 sur Windows",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-9468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9468"
    },
    {
      "name": "CVE-2024-8909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8909"
    },
    {
      "name": "CVE-2024-9603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9603"
    },
    {
      "name": "CVE-2024-8905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8905"
    },
    {
      "name": "CVE-2024-7025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7025"
    },
    {
      "name": "CVE-2024-8906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8906"
    },
    {
      "name": "CVE-2024-9123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9123"
    },
    {
      "name": "CVE-2024-8907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8907"
    },
    {
      "name": "CVE-2024-9469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9469"
    },
    {
      "name": "CVE-2024-9471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9471"
    },
    {
      "name": "CVE-2024-9370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9370"
    },
    {
      "name": "CVE-2024-9470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9470"
    },
    {
      "name": "CVE-2024-9463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9463"
    },
    {
      "name": "CVE-2024-9602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9602"
    },
    {
      "name": "CVE-2024-9467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9467"
    },
    {
      "name": "CVE-2024-9122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9122"
    },
    {
      "name": "CVE-2024-9464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9464"
    },
    {
      "name": "CVE-2024-9121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9121"
    },
    {
      "name": "CVE-2024-8904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8904"
    },
    {
      "name": "CVE-2024-9369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9369"
    },
    {
      "name": "CVE-2024-9120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9120"
    },
    {
      "name": "CVE-2024-9465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9465"
    },
    {
      "name": "CVE-2024-9466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9466"
    },
    {
      "name": "CVE-2024-9473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9473"
    },
    {
      "name": "CVE-2024-8908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8908"
    }
  ],
  "initial_release_date": "2024-10-10T00:00:00",
  "last_revision_date": "2024-10-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0859",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0010",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0011",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2024-0011"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CPATR-23347",
      "url": "https://security.paloaltonetworks.com/CVE-2024-9469"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks GPC-19493 et GPC-21211",
      "url": "https://security.paloaltonetworks.com/CVE-2024-9473"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-244840",
      "url": "https://security.paloaltonetworks.com/CVE-2024-9468"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-217511 et PAN-152631",
      "url": "https://security.paloaltonetworks.com/CVE-2024-9471"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CRTX-105114",
      "url": "https://security.paloaltonetworks.com/CVE-2024-9470"
    }
  ]
}

CERTFR-2024-ALE-015

Vulnerability from certfr_alerte

Le 8 novembre 2024, Palo Alto Networks a publié un avis de sécurité relatif à une vulnérabilité critique dans certains pare-feux Palo Alto Networks. Elle permet à un attaquant non authentifié d'exécuter du code arbitraire à distance sur l'interface d'administration des équipements.

L'éditeur indique dans une mise à jour du 14 novembre 2024 avoir connaissance de l'exploitation de cette vulnérabilité sur des pare-feux exposant leur interface d'administration sur Internet.

[Mise à jour du 19 novembre 2024]

Le 18 novembre 2024, l'éditeur a publié un avis de sécurité concernant la vulnérabilité CVE-2024-9474. Celle-ci permet d'élever ses privilèges et peut être utilisée à la suite de la vulnérabilité publiée le 8 novembre 2024, ayant désormais l'identifiant CVE-2024-0012, afin d'obtenir les droits les plus élevés sur l'équipement.

Une preuve de concept permettant l'exploitation de ces deux vulnérabilités est disponible publiquement.

Solutions

[Mise à jour du 18 novembre 2024]
Des correctifs sont disponibles pour cette vulnérabilité.

Les pare-feux les plus à risque sont ceux exposant leur interface d'administration sur Internet. Palo Alto Networks a indiqué avoir effectué un scan pour identifier ces interfaces et informé les propriétaires d'équipements concernés au travers de leur espace client (voir la section Required Configuration for Exposure de l'avis de sécurité). De plus, l'éditeur propose un guide de sécurisation des interfaces d'administration [1].

Si une interface d'administration est exposée ou a été exposée sur Internet, le CERT-FR recommande de : 1. isoler les équipements du réseau et réaliser un gel de données (instantané pour les machines virtuelles, isolement de l’équipement s’il s’agit d’un équipement physique) à des fins d’investigations approfondies ; 2. reconstruire la solution avec une version à jour et en suivant les recommandations de sécurité de l'éditeur pour le déploiement de l'interface d'administration.

Si l'interface d'administration n'est pas exposée sur internet, l'équipement reste néanmoins vulnérable à une exploitation pour un attaquant ayant accès à l'interface, par exemple depuis un réseau d'administration. Le CERT-FR recommande donc de surveiller les connexions ou tentatives de connexion à l'équipement.

En cas de suspicion de compromission, il est recommandé de consulter les bons réflexes en cas d'intrusion sur votre système d'information [2], ainsi que les fiches réflexe sur la compromission système [3] [4].

L'éditeur précise que les équipements Prisma Access et Cloud NGFW ne sont pas concernés par ces vulnérabilités.

Impacted products

Vendor	Product	Description
Palo Alto Networks	PAN-OS	PAN-OS versions 11.1.0 antérieures à 11.1.5-h1
Palo Alto Networks	PAN-OS	PAN-OS versions 11.0.0 antérieures à 11.0.6-h1
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.0 antérieures à 10.2.12-h2
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.0 antérieures à 11.2.4-h1

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks	2024-11-14	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2024-9474 du 18 novembre 2024	-	other
Billet de blogue Unit42 du 18 novembre 2024	-	other
[2] Les bons réflexes en cas d’intrusion sur un système d’information	-	other
[4] Fiche réflexe Compromission système - Endiguement	-	other
[3] Fiche réflexe Compromission système - Qualification	-	other
Bulletin de sécurité Palo Alto Networks CVE-2024-0012 du 18 novembre 2024	-	other
Avis CERTFR-2024-AVI-1001 du 19 novembre 2024	-	other
[1] Guide de sécurisation des interfaces d'administration des équipements Palo Alto Networks	-	other
Avis CERTFR-2024-AVI-0990 du 15 novembre 2024	-	other

Show details on source website