5.1
CVE-2024-9471 - PAN-OS: Privilege Escalation (PE) Vulnerability in XML API
A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator withβ¦
5.3
CVE-2024-9470 - Cortex XSOAR: Information Disclosure Vulnerability
A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data.
5.7
CVE-2024-9469 - Cortex XDR Agent: Local Windows User Can Disable the Agent
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
8.2
CVE-2024-9468 - PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet
A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maiβ¦
7
CVE-2024-9467 - Expedition: Reflected Cross-Site Scripting Vulnerability Leads to Expedition Session Disclosure
A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.
8.2
CVE-2024-9466 - Expedition: Cleartext Storage of Information Leads to Firewall Admin Credential Disclosure
A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.
9.2
CVE-2024-9465 - Expedition: SQL Injection Leads to Firewall Admin Credential Disclosure
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition β¦
9.3
CVE-2024-9464 - Expedition: Authenticated OS Command Injection Vulnerability Leads to Firewall Admin Credential Disβ¦
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
9.9
CVE-2024-9463 - Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosβ¦
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
7.4
CVE-2024-43610 - Copilot Studio Information Disclosure Vulnerability
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector