Vulnerabilidades en Palo Alto Networks

316 resultados

Análisis Vexday

Das 316 CVEs catalogadas para Palo Alto Networks, 13 estão confirmadas em exploração ativa no catálogo KEV da CISA, representando uma taxa 9,1 vezes acima da média geral do catálogo — sinal de que vulnerabilidades nesse vendor atraem exploração real com frequência desproporcional. A CVE mais crítica em atividade é a CVE-2024-3400, que atingiu EPSS máximo de 1,0, indicando probabilidade extremamente elevada de exploração observada ou iminente. O tipo de falha mais recorrente é CWE-78 (injeção de comandos no sistema operacional), uma classe de vulnerabilidade com alto potencial de impacto em appliances de segurança de perímetro. Com 17 CVEs críticas, 15 com PoC pública e 39 surgidas nos últimos 90 dias, equipes responsáveis por ambientes que utilizam produtos Palo Alto Networks devem priorizar ciclos curtos de patching e monitorar ativamente os indicadores de exploração.

CVE-2021-3038MEDIUMGlobalProtect App: Windows VPN kernel driver denial of service (DoS)EPSS 0.2%CVE-2022-0026MEDIUMCortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) VulnerabilityEPSS 0.2%CVE-2026-0266LOWPAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web InterfaceEPSS 0.2%CVE-2024-5915MEDIUMGlobalProtect App: Local Privilege Escalation (PE) VulnerabilityEPSS 0.2%CVE-2020-2032HIGHGlobalProtect App: File race condition vulnerability leads to local privilege escalation during upgradeEPSS 0.2%CVE-2024-9469MEDIUMCortex XDR Agent: Local Windows User Can Disable the AgentEPSS 0.2%CVE-2026-0240MEDIUMTrust Protection Foundation: Sensitive Information Disclosure VulnerabilityEPSS 0.2%CVE-2022-0029MEDIUMCortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support FileEPSS 0.2%CVE-2026-0250MEDIUMGlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or GatewayEPSS 0.2%CVE-2021-3032MEDIUMPAN-OS: Configuration secrets for log forwarding may be logged in system logsEPSS 0.2%CVE-2023-0001MEDIUMCortex XDR Agent: Cleartext Exposure of Agent Admin PasswordEPSS 0.2%CVE-2022-0016HIGHGlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before LogonEPSS 0.2%CVE-2026-0269MEDIUMPAN-OS: Denial of Service (DoS) in Tunnel Traffic ProcessingEPSS 0.2%CVE-2025-0112MEDIUMCortex XDR Agent: Local Windows User Can Disable the AgentEPSS 0.2%CVE-2024-8690MEDIUMCortex XDR Agent: Local Windows Administrator Can Disable the AgentEPSS 0.2%CVE-2026-0228LOWPAN-OS: Improper Validation of Terminal Server Agent CertificateEPSS 0.2%CVE-2023-0009HIGHGlobalProtect App: Local Privilege Escalation (PE) VulnerabilityEPSS 0.2%CVE-2025-4228MEDIUMCortex XDR Broker VM: Privilege Escalation (PE) VulnerabilityEPSS 0.2%CVE-2024-0009MEDIUMPAN-OS: Improper IP Address Verification in GlobalProtect GatewayEPSS 0.2%CVE-2025-4235HIGHUser-ID Credential Agent: Cleartext Exposure of Service Account passwordEPSS 0.2%

← anteriorpágina 13 / 16siguiente →