Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

PAN-OS — Vulnerabilities & Security Advisories 122

All 122 CVE vulnerabilities found in PAN-OS, with AI-generated Chinese analysis, references, and POCs.

This page documents security weaknesses associated with the PAN-OS operating system developed by Palo Alto Networks. It serves as a centralized resource for understanding the specific vulnerabilities that affect this network security platform, focusing on common vulnerability classifications and their impact on system integrity. The content aggregates information regarding critical and non-critical flaws, ranging from remote code execution and privilege escalation risks to information disclosure issues. The data covers security incidents reported over the past several years, providing a comprehensive historical view of the threat landscape surrounding PAN-OS. Readers can utilize this page to track vendor advisories and monitor how Palo Alto Networks has addressed security concerns over time. It allows users to understand the nature of specific weakness classes and how they manifest within the PAN-OS environment. Additionally, individuals can look up a product's vulnerability history to assess the cumulative risk profile and patching timeline for various software versions. This information is essential for security analysts, system administrators, and compliance officers who need to maintain the security posture of networks relying on this firewall software. By reviewing these aggregated data points, stakeholders can better prioritize remediation efforts and understand the broader context of known exploits. The page does not provide immediate fixes but rather offers a factual record of disclosed issues to support informed decision-making and risk assessment processes.

Vendor: Palo Alto Networks

CVE IDTitleCVSSSeverityPublished
CVE-2025-0116 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted LLDP Frame CWE-754 6.5 -2025-03-12
CVE-2025-0115 PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI CWE-41 4.9 -2025-03-12
CVE-2025-0114 PAN-OS: Denial of Service (DoS) in GlobalProtect CWE-400 7.5 -2025-03-12
CVE-2024-9471 PAN-OS: Privilege Escalation (PE) Vulnerability in XML API CWE-269 7.2AIHighAI2024-10-09
CVE-2024-8691 PAN-OS: User Impersonation in GlobalProtect Portal CWE-863 6.5AIMediumAI2024-09-11
CVE-2024-8688 PAN-OS: Arbitrary File Read Vulnerability in the Command Line Interface (CLI) CWE-155 4.9AIMediumAI2024-09-11
CVE-2024-8687 PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes CWE-497 9.8AICriticalAI2024-09-11
CVE-2024-8686 PAN-OS: Command Injection Vulnerability CWE-78 7.2AIHighAI2024-09-11
CVE-2024-5916 PAN-OS: Cleartext Exposure of External System Secrets CWE-313 4.4AIMediumAI2024-08-14
CVE-2024-5913 PAN-OS: Improper Input Validation Vulnerability in PAN-OS CWE-20 6.1 Medium2024-07-10
CVE-2024-5911 PAN-OS: File Upload Vulnerability in the Panorama Web Interface CWE-434 6.5AIMediumAI2024-07-10
CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect CWE-77 10.0 Critical2024-04-12
CVE-2024-3388 PAN-OS: User Impersonation in GlobalProtect SSL VPN CWE-269 4.1 Medium2024-04-10
CVE-2024-3387 PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure CWE-326 5.3 Medium2024-04-10
CVE-2024-3386 PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended CWE-436 5.3 Medium2024-04-10
CVE-2024-3385 PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled CWE-20 7.5 High2024-04-10
CVE-2024-3384 PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets CWE-1286 7.5 High2024-04-10
CVE-2024-3383 PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE) CWE-282 7.4 High2024-04-10
CVE-2024-3382 PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets CWE-770 7.5 High2024-04-10
CVE-2024-2433 PAN-OS: Improper Privilege Management Vulnerability in Panorama Software Leads to Availability Loss CWE-269 4.3 Medium2024-03-13
CVE-2024-0011 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication CWE-79 4.3 Medium2024-02-14
CVE-2024-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal CWE-79 4.3 Medium2024-02-14
CVE-2024-0009 PAN-OS: Improper IP Address Verification in GlobalProtect Gateway CWE-940 6.3 Medium2024-02-14
CVE-2024-0008 PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface CWE-613 6.6 Medium2024-02-14
CVE-2024-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface CWE-79 6.8 Medium2024-02-14
CVE-2023-6793 PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator CWE-269 2.7 Low2023-12-13
CVE-2023-6791 PAN-OS: Plaintext Disclosure of External System Integration Credentials CWE-701 4.9 Medium2023-12-13
CVE-2023-6789 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface CWE-79 4.3 Medium2023-12-13
CVE-2023-6795 PAN-OS: OS Command Injection Vulnerability in the Web Interface CWE-78 5.5 Medium2023-12-13
CVE-2023-6794 PAN-OS: File Upload Vulnerability in the Web Interface CWE-434 5.5 Medium2023-12-13

All 122 known CVE vulnerabilities affecting PAN-OS with full Chinese analysis, references, and POCs where available.