Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

PAN-OS — Vulnerabilities & Security Advisories 122

All 122 CVE vulnerabilities found in PAN-OS, with AI-generated Chinese analysis, references, and POCs.

This page is a vulnerability aggregation resource for the PAN-OS software developed by Palo Alto Networks, categorized under network device and firewall weaknesses. It collects and organizes security findings related to authentication bypasses, remote code execution, denial of service, and privilege escalation flaws affecting various versions of the PAN-OS operating system. The data covers a broad historical range, including recent critical advisories released within the last few years as well as older, long-patched issues from earlier releases, providing a comprehensive timeline of security evolution. Readers can use this resource to track vendor-specific advisories from Palo Alto Networks, allowing for a clear understanding of how quickly patches are deployed for different threat levels. It also facilitates the study of specific weakness classes, such as buffer overflows or injection attacks, by showing their prevalence and impact across the PAN-OS ecosystem. Furthermore, users can look up a specific product version’s vulnerability history to assess risk exposure over time and identify patterns in recurring security defects. This aggregated view supports security teams in prioritizing remediation efforts, conducting impact analyses, and maintaining a robust security posture by understanding the context of each flaw. The information is presented in a structured format to aid in manual review and automated monitoring integration, ensuring that administrators have access to accurate and up-to-date data without needing to cross-reference multiple disparate sources. All entries are sourced from official vendor notices and verified third-party reports to maintain high integrity.

Vendor: Palo Alto Networks

CVE IDTitleCVSSSeverityPublished
CVE-2025-0116 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted LLDP Frame CWE-754 6.5 -2025-03-12
CVE-2025-0115 PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI CWE-41 4.9 -2025-03-12
CVE-2025-0114 PAN-OS: Denial of Service (DoS) in GlobalProtect CWE-400 7.5 -2025-03-12
CVE-2024-9471 PAN-OS: Privilege Escalation (PE) Vulnerability in XML API CWE-269 7.2AIHighAI2024-10-09
CVE-2024-8691 PAN-OS: User Impersonation in GlobalProtect Portal CWE-863 6.5AIMediumAI2024-09-11
CVE-2024-8688 PAN-OS: Arbitrary File Read Vulnerability in the Command Line Interface (CLI) CWE-155 4.9AIMediumAI2024-09-11
CVE-2024-8687 PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes CWE-497 9.8AICriticalAI2024-09-11
CVE-2024-8686 PAN-OS: Command Injection Vulnerability CWE-78 7.2AIHighAI2024-09-11
CVE-2024-5916 PAN-OS: Cleartext Exposure of External System Secrets CWE-313 4.4AIMediumAI2024-08-14
CVE-2024-5913 PAN-OS: Improper Input Validation Vulnerability in PAN-OS CWE-20 6.1 Medium2024-07-10
CVE-2024-5911 PAN-OS: File Upload Vulnerability in the Panorama Web Interface CWE-434 6.5AIMediumAI2024-07-10
CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect CWE-77 10.0 Critical2024-04-12
CVE-2024-3388 PAN-OS: User Impersonation in GlobalProtect SSL VPN CWE-269 4.1 Medium2024-04-10
CVE-2024-3387 PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure CWE-326 5.3 Medium2024-04-10
CVE-2024-3386 PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended CWE-436 5.3 Medium2024-04-10
CVE-2024-3385 PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled CWE-20 7.5 High2024-04-10
CVE-2024-3384 PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets CWE-1286 7.5 High2024-04-10
CVE-2024-3383 PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE) CWE-282 7.4 High2024-04-10
CVE-2024-3382 PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets CWE-770 7.5 High2024-04-10
CVE-2024-2433 PAN-OS: Improper Privilege Management Vulnerability in Panorama Software Leads to Availability Loss CWE-269 4.3 Medium2024-03-13
CVE-2024-0011 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication CWE-79 4.3 Medium2024-02-14
CVE-2024-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal CWE-79 4.3 Medium2024-02-14
CVE-2024-0009 PAN-OS: Improper IP Address Verification in GlobalProtect Gateway CWE-940 6.3 Medium2024-02-14
CVE-2024-0008 PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface CWE-613 6.6 Medium2024-02-14
CVE-2024-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface CWE-79 6.8 Medium2024-02-14
CVE-2023-6793 PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator CWE-269 2.7 Low2023-12-13
CVE-2023-6791 PAN-OS: Plaintext Disclosure of External System Integration Credentials CWE-701 4.9 Medium2023-12-13
CVE-2023-6789 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface CWE-79 4.3 Medium2023-12-13
CVE-2023-6795 PAN-OS: OS Command Injection Vulnerability in the Web Interface CWE-78 5.5 Medium2023-12-13
CVE-2023-6794 PAN-OS: File Upload Vulnerability in the Web Interface CWE-434 5.5 Medium2023-12-13

All 122 known CVE vulnerabilities affecting PAN-OS with full Chinese analysis, references, and POCs where available.