Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Palo Alto Networks — Vulnerabilities & Security Advisories 281

Browse all 281 CVE security advisories affecting Palo Alto Networks. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Palo Alto Networks operates as a prominent cybersecurity vendor, primarily providing next-generation firewalls, cloud security solutions, and endpoint protection platforms to enterprise clients. The company’s software ecosystem, particularly its PAN-OS operating system, has historically been associated with a significant volume of Common Vulnerabilities and Exposures, currently totaling 280 recorded instances. These vulnerabilities frequently involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from input validation errors or improper access controls within management interfaces. While the firm maintains a robust security posture through regular patching cycles and proactive threat intelligence integration, the high CVE count reflects the complexity of its extensive feature set and the broad attack surface inherent in critical infrastructure components. Major incidents have been limited, with most issues resolved via timely updates, though the sheer number of disclosed flaws underscores the challenges of securing large-scale, continuously updated network security appliances.

Top products by Palo Alto Networks: PAN-OS Cloud NGFW GlobalProtect App Cortex XDR Agent Cortex XSOAR Cortex XDR Broker VM Expedition Prisma Cloud Compute Global Protect Agent Prisma Browser Traps Checkov by Prisma Cloud Autonomous Digital Experience Manager Prisma Access Browser Palo Alto Networks PAN-OS Bridgecrew Checkov Palo Alto Networks Expedition Prisma Cloud Compute Edition User-ID Credential Agent Prisma SD-WAN Cortex XDR Microsoft 365 Defender Pack PAN-OS OpenConfig Plugin Cortex XSOAR Microsoft Teams Marketplace ActiveMQ Content Pack Cortex XSOAR CommonScripts VM-Series Plugin GlobalProtect GlobalProtect Agent for Linux and OSX GlobalProtect Agent for Windows MineMeld
CVE IDTitleCVSSSeverityPublished
CVE-2022-0025 Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability — Cortex XDR AgentCWE-427 6.7 Medium2022-05-11
CVE-2022-0024 PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit — PAN-OSCWE-138 7.2 High2022-05-11
CVE-2022-0023 PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy — PAN-OSCWE-755 5.9 Medium2022-04-13
CVE-2022-0022 PAN-OS: Use of a Weak Cryptographic Algorithm for Stored Password Hashes — PAN-OSCWE-916 4.1 Medium2022-03-09
CVE-2022-0021 GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon — GlobalProtect AppCWE-532 3.3 Low2022-02-10
CVE-2022-0020 Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface — Cortex XSOARCWE-79 6.8 Medium2022-02-10
CVE-2022-0019 GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux — GlobalProtect AppCWE-522 4.7 Medium2022-02-10
CVE-2022-0018 GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled — GlobalProtect AppCWE-201 6.1 Medium2022-02-10
CVE-2022-0017 GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation — GlobalProtect AppCWE-59 7.0 High2022-02-10
CVE-2022-0016 GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon — GlobalProtect AppCWE-703 7.4 High2022-02-10
CVE-2022-0011 PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering — PAN-OSCWE-436 6.5 Medium2022-02-10
CVE-2022-0015 Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability — Cortex XDR AgentCWE-427 7.8 High2022-01-12
CVE-2022-0014 Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session — Cortex XDR AgentCWE-426 6.7 Medium2022-01-12
CVE-2022-0013 Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File — Cortex XDR AgentCWE-538 5.0 Medium2022-01-12
CVE-2022-0012 Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability — Cortex XDR AgentCWE-59 6.1 Medium2022-01-12
CVE-2021-3064 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces — PAN-OSCWE-121 9.8 Critical2021-11-10
CVE-2021-3063 PAN-OS: Denial-of-Service (DoS) Vulnerability in GlobalProtect Portal and Gateway Interfaces — PAN-OSCWE-755 7.5 High2021-11-10
CVE-2021-3062 PAN-OS: Improper Access Control Vulnerability Exposing AWS Instance Metadata Endpoint to GlobalProtect Users — PAN-OSCWE-284 8.1 High2021-11-10
CVE-2021-3061 PAN-OS: OS Command Injection Vulnerability in the Command Line Interface (CLI) — PAN-OSCWE-78 6.4 Medium2021-11-10
CVE-2021-3060 PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP) — PAN-OSCWE-78 8.1 High2021-11-10
CVE-2021-3059 PAN-OS: OS Command Injection Vulnerability When Performing Dynamic Updates — PAN-OSCWE-78 8.1 High2021-11-10
CVE-2021-3058 PAN-OS: OS Command Injection Vulnerability in Web Interface XML API — PAN-OSCWE-78 8.8 High2021-11-10
CVE-2021-3056 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication — PAN-OSCWE-120 8.8 High2021-11-10
CVE-2021-3057 GlobalProtect App: Buffer Overflow Vulnerability When Connecting to Portal or Gateway — GlobalProtect AppCWE-121 8.1 High2021-10-13
CVE-2021-3055 PAN-OS: XML External Entity (XXE) Reference Vulnerability in the PAN-OS Web Interface — PAN-OSCWE-611 6.5 Medium2021-09-08
CVE-2021-3054 PAN-OS: Unsigned Code Execution During Plugin Installation Race Condition Vulnerability — PAN-OSCWE-367 7.2 High2021-09-08
CVE-2021-3053 PAN-OS: Exceptional Condition Denial-of-Service (DoS) — PAN-OSCWE-755 7.5 High2021-09-08
CVE-2021-3052 PAN-OS: Reflected Cross-Site Scripting (XSS) in Web Interface — PAN-OSCWE-79 8.0 High2021-09-08
CVE-2021-3051 Cortex XSOAR: Authentication Bypass in SAML Authentication — Cortex XSOARCWE-347 8.1 High2021-09-08
CVE-2021-3049 Cortex XSOAR: Improper Authorization of Incident Investigations Vulnerability — Cortex XSOARCWE-285 2.6 Low2021-09-08

This page lists every published CVE security advisory associated with Palo Alto Networks. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.