| | Versions | Affected | Unaffected | | |
|---|
| 10
N | CVE-2024-3400
PAN-OS: OS Command Injection Vulnerability in GlobalProtect | | none < 11.1.0-h3, < 11.1.1-h1, < 11.1.2-h3 < 11.0.2-h4, < 11.0.3-h10, < 11.0.4-h1 < 10.2.2-h5, < 10.2.3-h13, < 10.2.4-h16, < 10.2.5-h6, < 10.2.6-h3, < 10.2.7-h8, < 10.2.8-h3, < 10.2.9-h1 none none none | All >= 11.1.0-h3, >= 11.1.1-h1, >= 11.1.2-h3 >= 11.0.2-h4, >= 11.0.3-h10, >= 11.0.4-h1 (See additional hotfixes in Solution section) >= 10.2.2-h5, >= 10.2.3-h13, >= 10.2.4-h16, >= 10.2.5-h6, >= 10.2.6-h3, >= 10.2.7-h8, >= 10.2.8-h3, >= 10.2.9-h1 (See additional hotfixes in Solution section) All All all | 2024-04-12 | 2024-04-17 |
| 8.3
N | CVE-2024-3383
PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE) | | none none < 11.0.3 < 10.2.5 < 10.1.11 none none | All All >= 11.0.3 >= 10.2.5 >= 10.1.11 All all | 2024-04-10 | 2024-04-10 |
| 8.2
N | CVE-2024-3385
PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 Prisma Access | none none < 11.0.3 < 10.2.8 < 10.1.12 < 9.1.17 < 9.0.17-h4 none | All All >= 11.0.3 >= 10.2.8 >= 10.1.12 >= 9.1.17 >= 9.0.17-h4 All | 2024-04-10 | 2024-04-10 |
| 8.2 | CVE-2024-3382
PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets | | none < 11.1.2 < 11.0.4 < 10.2.7-h3 none none none | All >= 11.1.2 >= 11.0.4 >= 10.2.7-h3 All All all | 2024-04-10 | 2024-04-10 |
| 8.2
N | CVE-2024-3384
PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets | | none none none < 10.0.12 < 9.1.15-h1 < 9.0.17 < 8.1.24 none | All All All >= 10.0.12 >= 9.1.15-h1 >= 9.0.17 >= 8.1.24 all | 2024-04-10 | 2024-04-10 |
| 6.9
N | CVE-2024-3386
PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 Prisma Access | none none < 11.0.1-h2, < 11.0.2 < 10.2.4-h2, < 10.2.5 < 10.1.9-h3, < 10.1.10 < 10.0.13 < 9.1.17 < 9.0.17-h2 none | All All >= 11.0.1-h2, >= 11.0.2 >= 10.2.4-h2, >= 10.2.5 >= 10.1.9-h3, >= 10.1.10 >= 10.0.13 >= 9.1.17 >= 9.0.17-h2 All | 2024-04-10 | 2024-04-10 |
| 6 | CVE-2024-3387
PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure | | none none < 11.0.4 on Panorama < 10.2.7-h3 on Panorama, < 10.2.8 on Panorama < 10.1.12 on Panorama none none | All All >= 11.0.4 on Panorama >= 10.2.7-h3 on Panorama, >= 10.2.8 on Panorama >= 10.1.12 on Panorama All all | 2024-04-10 | 2024-04-10 |
| 5.1 | CVE-2024-3388
PAN-OS: User Impersonation in GlobalProtect SSL VPN | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access | none none < 11.0.3 < 10.2.7-h3 < 10.1.11-h4 < 9.1.17 < 9.0.17-h4 < 8.1.26 < 10.2.4 | All All >= 11.0.3 >= 10.2.7-h3 >= 10.1.11-h4 >= 9.1.17 >= 9.0.17-h4 >= 8.1.26 >= 10.2.4 | 2024-04-10 | 2024-04-10 |
| i | PAN-SA-2024-0004
Informational Bulletin: OSS CVEs fixed in PAN-OS | | Versions prior to those listed above | | 2024-04-10 | |
| i | PAN-SA-2024-0003
Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION | | | | 2024-04-05 | |
| i | CVE-2024-3094
Informational: Impact of Malicious Code in XZ Tools and Libraries (CVE-2024-3094) | | | | 2024-04-01 | 2024-04-01 |
| 5.7 | CVE-2024-2431
GlobalProtect App: Local User Can Disable GlobalProtect | GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.2 GlobalProtect App 5.1 | none < 6.1.1 < 6.0.4 < 5.2.13 < 5.1.12 | All >= 6.1.1 >= 6.0.4 >= 5.2.13 >= 5.1.12 | 2024-03-13 | 2024-03-13 |
| 5.2 | CVE-2024-2432
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.1 | < 6.2.1 on Windows < 6.1.2 on Windows < 6.0.8 on Windows < 5.1.12 on Windows | >= 6.2.1 on Windows >= 6.1.2 on Windows >= 6.0.8 on Windows >= 5.1.12 on Windows | 2024-03-13 | 2024-03-18 |
| 5.1 | CVE-2024-2433
PAN-OS: Improper Privilege Management Vulnerability in Panorama Software Leads to Availability Loss | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 Prisma Access | none none < 11.0.3 on Panorama < 10.2.8 on Panorama < 10.1.12 on Panorama < 9.1.17 on Panorama < 9.0.17-h4 on Panorama none | All All >= 11.0.3 on Panorama >= 10.2.8 on Panorama >= 10.1.12 on Panorama >= 9.1.17 on Panorama >= 9.0.17-h4 on Panorama All | 2024-03-13 | 2024-03-13 |
| i | PAN-SA-2024-0002
Impact of Leaky Vessels Vulnerabilities (CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653) | | | | 2024-02-22 | 2024-02-22 |
| 6.3 | CVE-2024-0007
PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface | | none none none < 10.1.6 on Panorama < 10.0.11 on Panorama < 9.1.16 on Panorama < 9.0.17 on Panorama < 8.1.24-h1 on Panorama, < 8.1.25 on Panorama none | All All on Panorama All on Panorama >= 10.1.6 on Panorama >= 10.0.11 on Panorama >= 9.1.16 on Panorama >= 9.0.17 on Panorama >= 8.1.24-h1 on Panorama, >= 8.1.25 on Panorama all | 2024-02-14 | 2024-02-14 |
| 5.4 | CVE-2024-0008
PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 Prisma Access | none none < 11.0.2 < 10.2.5 < 10.1.10-h1, < 10.1.11 < 10.0.12-h1, < 10.0.13 < 9.1.17 < 9.0.17-h2 none | All All >= 11.0.2 >= 10.2.5 >= 10.1.10-h1, >= 10.1.11 >= 10.0.12-h1, >= 10.0.13 >= 9.1.17 >= 9.0.17-h2 All | 2024-02-14 | 2024-02-14 |
| 5.3 | CVE-2024-0009
PAN-OS: Improper IP Address Verification in GlobalProtect Gateway | | none none < 11.0.1 < 10.2.4 none none | All All >= 11.0.1 >= 10.2.4 All all | 2024-02-14 | 2024-02-14 |
| 5.1 | CVE-2024-0010
PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal | | none none none < 10.1.11-h1, < 10.1.12 < 9.1.17 < 9.0.17-h4 none | All All All >= 10.1.11-h1, >= 10.1.12 >= 9.1.17 >= 9.0.17-h4 all | 2024-02-14 | 2024-02-14 |
| 5.1 | CVE-2024-0011
PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication | | none none none < 10.1.3 < 10.0.11 < 9.1.13 < 9.0.17 < 8.1.24 none | All All All >= 10.1.3 >= 10.0.11 >= 9.1.13 >= 9.0.17 >= 8.1.24 all | 2024-02-14 | 2024-02-24 |
| i | PAN-SA-2024-0001
Informational Bulletin: Impact of OSS CVEs in PAN-OS | | | | 2024-02-14 | |
| 6 | CVE-2023-48795
Impact of Terrapin SSH Attack | PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 Prisma SD-WAN ION 6.2 Prisma SD-WAN ION 6.1 Prisma SD-WAN ION 5.6 | < 11.1.3 < 11.0.7 < 10.2.11 All All All < 6.2.4 < 6.1.8 < 5.6.19 | >= 11.1.3 (ETA: end of April) >= 11.0.7 (ETA: end of July) >= 10.2.11 (ETA: end of June) TBD TBD None >= 6.2.4 (ETA: end of June) >= 6.1.8 >= 5.6.19 (ETA: end of July) | 2024-01-09 | 2024-03-29 |
| 7.5 | CVE-2023-6790
PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access | none none < 11.0.1 < 10.2.4 < 10.1.9 < 10.0.12 < 9.1.16 < 9.0.17 < 8.1.25 none | All All >= 11.0.1 >= 10.2.4 >= 10.1.9 >= 10.0.12 >= 9.1.16 >= 9.0.17 >= 8.1.25 All | 2023-12-13 | 2023-12-13 |
| 6.1 | CVE-2023-6791
PAN-OS: Plaintext Disclosure of External System Integration Credentials | Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access | none none < 11.0.1 < 10.2.4 < 10.1.9 < 10.0.12 < 9.1.16 < 9.0.17 < 8.1.24-h1 none | All All >= 11.0.1 >= 10.2.4 >= 10.1.9 >= 10.0.12 >= 9.1.16 >= 9.0.17 >= 8.1.24-h1 All | 2023-12-13 | 2023-12-13 |
| 5.9 | CVE-2023-6792
PAN-OS: OS Command Injection Vulnerability in the XML API | | none none none < 10.1.6 < 10.0.12 < 9.1.15 < 9.0.17 < 8.1.24 none | All All All >= 10.1.6 >= 10.0.12 >= 9.1.15 >= 9.0.17 >= 8.1.24 all | 2023-12-13 | 2023-12-13 |
=
Exploitable over the network with low complexity, unauthenticated attack.