Vulnerabilidades en Palo Alto Networks

316 resultados
Análisis Vexday

Das 316 CVEs catalogadas para Palo Alto Networks, 13 estão confirmadas em exploração ativa no catálogo KEV da CISA, representando uma taxa 9,1 vezes acima da média geral do catálogo — sinal de que vulnerabilidades nesse vendor atraem exploração real com frequência desproporcional. A CVE mais crítica em atividade é a CVE-2024-3400, que atingiu EPSS máximo de 1,0, indicando probabilidade extremamente elevada de exploração observada ou iminente. O tipo de falha mais recorrente é CWE-78 (injeção de comandos no sistema operacional), uma classe de vulnerabilidade com alto potencial de impacto em appliances de segurança de perímetro. Com 17 CVEs críticas, 15 com PoC pública e 39 surgidas nos últimos 90 dias, equipes responsáveis por ambientes que utilizam produtos Palo Alto Networks devem priorizar ciclos curtos de patching e monitorar ativamente os indicadores de exploração.

CVE-2025-0113MEDIUMCortex XDR Broker VM: Unauthorized Access to Broker VM Docker ContainersEPSS 0.2%CVE-2021-3041HIGHCortex XDR Agent: Improper control of user-controlled file leads to local privilege escalationEPSS 0.2%CVE-2021-3042HIGHCortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege EscalationEPSS 0.2%CVE-2026-0242MEDIUMTrust Protection Foundation: SQL Injection VulnerabilityEPSS 0.2%CVE-2021-3036MEDIUMPAN-OS: Administrator secrets are logged in web server logs when using the PAN-OS XML API incorrectlyEPSS 0.2%CVE-2024-5906MEDIUMPrisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web InterfaceEPSS 0.2%CVE-2026-0272MEDIUMPAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI)EPSS 0.2%CVE-2022-0012MEDIUMCortex XDR Agent: Local Arbitrary File Deletion VulnerabilityEPSS 0.2%CVE-2020-1994MEDIUMPAN-OS: Predictable temporary file vulnerabilityEPSS 0.2%CVE-2026-0234HIGHCortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integrationEPSS 0.2%CVE-2024-8688MEDIUMPAN-OS: Arbitrary File Read Vulnerability in the Command Line Interface (CLI)EPSS 0.2%CVE-2022-0025MEDIUMCortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) VulnerabilityEPSS 0.2%CVE-2024-5913MEDIUMPAN-OS: Improper Input Validation Vulnerability in PAN-OSEPSS 0.2%CVE-2022-0015HIGHCortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) VulnerabilityEPSS 0.2%CVE-2025-0122MEDIUMPrisma SD-WAN: Denial of Service (DoS) Vulnerability Through Burst of Crafted PacketsEPSS 0.2%CVE-2024-8689MEDIUMActiveMQ Content Pack: Cleartext Exposure of CredentialsEPSS 0.2%CVE-2025-0116MEDIUMPAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted LLDP FrameEPSS 0.2%CVE-2022-0021LOWGlobalProtect App: Information Exposure Vulnerability When Using Connect Before LogonEPSS 0.2%CVE-2022-0013MEDIUMCortex XDR Agent: File Information Exposure Vulnerability When Generating Support FileEPSS 0.2%CVE-2025-4614MEDIUMPAN-OS: Session Token Disclosure VulnerabilityEPSS 0.2%