Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Palo Alto Networks — Vulnerabilities & Security Advisories 307

Browse all 307 CVE security advisories affecting Palo Alto Networks. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Palo Alto Networks operates as a prominent cybersecurity vendor, primarily providing next-generation firewalls, cloud security solutions, and endpoint protection platforms to enterprise clients. The company’s software ecosystem, particularly its PAN-OS operating system, has historically been associated with a significant volume of Common Vulnerabilities and Exposures, currently totaling 280 recorded instances. These vulnerabilities frequently involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from input validation errors or improper access controls within management interfaces. While the firm maintains a robust security posture through regular patching cycles and proactive threat intelligence integration, the high CVE count reflects the complexity of its extensive feature set and the broad attack surface inherent in critical infrastructure components. Major incidents have been limited, with most issues resolved via timely updates, though the sheer number of disclosed flaws underscores the challenges of securing large-scale, continuously updated network security appliances.

Top products by Palo Alto Networks: PAN-OS Cloud NGFW GlobalProtect App Cortex XDR Agent Cortex XSOAR Cortex XDR Broker VM Expedition Prisma Browser Prisma Access Agent Prisma Cloud Compute Trust Protection Foundation Global Protect Agent Prisma Access Browser Autonomous Digital Experience Manager Checkov by Prisma Cloud Bridgecrew Checkov Traps Prisma SD-WAN ION Palo Alto Networks PAN-OS Palo Alto Networks Expedition Cortex XDR Microsoft 365 Defender Pack Cortex XSOAR Microsoft Teams Marketplace Chronosphere Chronocollector User-ID Credential Agent Broker VM Prisma Cloud Compute Edition WildFire WF-500 and WF-500-B Prisma SD-WAN PAN-OS OpenConfig Plugin ActiveMQ Content Pack
CVE IDTitleCVSSSeverityPublished
CVE-2023-6793 PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator — PAN-OSCWE-269 2.7 Low2023-12-13
CVE-2023-6791 PAN-OS: Plaintext Disclosure of External System Integration Credentials — PAN-OSCWE-701 4.9 Medium2023-12-13
CVE-2023-6789 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface — PAN-OSCWE-79 4.3 Medium2023-12-13
CVE-2023-6795 PAN-OS: OS Command Injection Vulnerability in the Web Interface — PAN-OSCWE-78 5.5 Medium2023-12-13
CVE-2023-6794 PAN-OS: File Upload Vulnerability in the Web Interface — PAN-OSCWE-434 5.5 Medium2023-12-13
CVE-2023-6792 PAN-OS: OS Command Injection Vulnerability in the XML API — PAN-OSCWE-88 5.5 Medium2023-12-13
CVE-2023-6790 PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface — PAN-OSCWE-79 8.8 High2023-12-13
CVE-2023-3282 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine — Cortex XSOARCWE-732 6.4 Medium2023-11-08
CVE-2023-3280 Cortex XDR Agent: Local Windows User Can Disable the Agent — Cortex XDR AgentCWE-755 5.5 Medium2023-09-13
CVE-2023-38046 PAN-OS: Read System Files and Resources During Configuration Commit — PAN-OSCWE-610 5.5 Medium2023-07-12
CVE-2023-0009 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability — GlobalProtect AppCWE-807 7.8 High2023-06-14
CVE-2023-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication — PAN-OSCWE-79 5.4 Medium2023-06-14
CVE-2023-0008 PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface — PAN-OSCWE-73 4.4 Medium2023-05-10
CVE-2023-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface — PAN-OSCWE-80 6.5 Medium2023-05-10
CVE-2023-0006 GlobalProtect App: Local File Deletion Vulnerability — GlobalProtect appCWE-367 6.3 Medium2023-04-12
CVE-2023-0005 PAN-OS: Exposure of Sensitive Information Vulnerability — PAN-OSCWE-497 4.1 Medium2023-04-12
CVE-2023-0004 PAN-OS: Local File Deletion Vulnerability — PAN-OSCWE-703 6.5 Medium2023-04-12
CVE-2023-0003 Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server — Cortex XSOARCWE-73 6.5 Medium2023-02-08
CVE-2023-0002 Cortex XDR Agent: Product Disruption by Local Windows User — Cortex XDR agentCWE-693 5.5 Medium2023-02-08
CVE-2023-0001 Cortex XDR Agent: Cleartext Exposure of Agent Admin Password — Cortex XDR agentCWE-319 6.0 Medium2023-02-08
CVE-2022-0031 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine — Cortex XSOARCWE-345 6.7 Medium2022-11-09
CVE-2022-0030 PAN-OS: Authentication Bypass in Web Interface — PAN-OSCWE-290 8.1 High2022-10-12
CVE-2022-0029 Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File — Cortex XDR AgentCWE-59 5.5 Medium2022-09-14
CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering — Cloud NGFWCWE-406 8.6 High2022-08-10
CVE-2022-0027 Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports — Cortex XSOARCWE-285 4.3 Medium2022-05-11
CVE-2022-0026 Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability — Cortex XDR AgentCWE-282 6.7 Medium2022-05-11
CVE-2022-0025 Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability — Cortex XDR AgentCWE-427 6.7 Medium2022-05-11
CVE-2022-0024 PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit — PAN-OSCWE-138 7.2 High2022-05-11
CVE-2022-0023 PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy — PAN-OSCWE-755 5.9 Medium2022-04-13
CVE-2022-0022 PAN-OS: Use of a Weak Cryptographic Algorithm for Stored Password Hashes — PAN-OSCWE-916 4.1 Medium2022-03-09

This page lists every published CVE security advisory associated with Palo Alto Networks. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.