Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paloaltonetworks globalprotect vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-3046
An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated malicious user to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway when they are configured to use SAML authentication. This iss...
Paloaltonetworks Pan-os
4.3
CVSSv2
CVE-2018-10141
GlobalProtect Portal Login page in Palo Alto Networks PAN-OS prior to 8.1.4 allows an unauthenticated malicious user to inject arbitrary JavaScript or HTML.
Paloaltonetworks Pan-os
4.3
CVSSv2
CVE-2021-3063
An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based malicious user to send specifically crafted traffic to a GlobalProtect interface that causes the ser...
Paloaltonetworks Pan-os
6
CVSSv2
CVE-2021-3062
An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of this vulnerability enable...
Paloaltonetworks Pan-os
2.1
CVSSv2
CVE-2018-9334
The PAN-OS management web interface page in PAN-OS 6.1.20 and previous versions, PAN-OS 7.1.16 and previous versions, PAN-OS 8.0.8 and previous versions, and PAN-OS 8.1.0 may allow an malicious user to access the GlobalProtect password hashes of local users via manipulation of th...
Paloaltonetworks Pan-os
Paloaltonetworks Pan-os 8.1.0
1 Github repository
6.8
CVSSv2
CVE-2019-1579
Remote Code Execution in PAN-OS 7.1.18 and previous versions, PAN-OS 8.0.11-h1 and previous versions, and PAN-OS 8.1.2 and previous versions with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote malicious user to execute arbitrar...
Paloaltonetworks Pan-os
1 Github repository
1 Article
9.3
CVSSv2
CVE-2021-3060
An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The at...
Paloaltonetworks Prisma Access 2.1
Paloaltonetworks Pan-os
2 Github repositories
6.4
CVSSv2
CVE-2020-2050
An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an malicious user to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any use...
Paloaltonetworks Pan-os
5.8
CVSSv2
CVE-2020-1997
An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an malicious user to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access ...
Paloaltonetworks Pan-os
4.3
CVSSv2
CVE-2017-7409
Palo Alto Networks PAN-OS prior to 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674.
Paloaltonetworks Pan-os
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »