CVE-2026-0285 (GCVE-0-2026-0285)
Vulnerability from cvelistv5 – Published: 2026-07-09 18:58 – Updated: 2026-07-09 19:25
VLAI
EPSS
VEX
Title
PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface
Summary
A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services.
The security risk posed by this issue is minimized when the management interface is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0285 | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
(custom)
|
|
| Palo Alto Networks | PAN-OS |
Affected:
12.1.0 , < 12.1.8
(custom)
Affected: 11.2.0 , < 11.2.13 (custom) Affected: 11.1.0 , < 11.1.16 (custom) Affected: 10.2.0 , < 10.2.18-h8 (custom) cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:* |
|
| Palo Alto Networks | Prisma Access |
Unaffected:
All
(custom)
|
Date Public
2026-07-08 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0285",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T19:25:38.612302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T19:25:44.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "12.1.8",
"status": "unaffected"
},
{
"at": "12.1.7-h2",
"status": "unaffected"
},
{
"at": "12.1.4-h8",
"status": "unaffected"
}
],
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.13",
"status": "unaffected"
},
{
"at": "11.2.10-h11",
"status": "unaffected"
},
{
"at": "11.2.7-h18",
"status": "unaffected"
},
{
"at": "11.2.4-h20",
"status": "unaffected"
}
],
"lessThan": "11.2.13",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.16",
"status": "unaffected"
},
{
"at": "11.1.13-h9",
"status": "unaffected"
},
{
"at": "11.1.10-h30",
"status": "unaffected"
},
{
"at": "11.1.7-h8",
"status": "unaffected"
},
{
"at": "11.1.6-h35",
"status": "unaffected"
},
{
"at": "11.1.4-h35",
"status": "unaffected"
}
],
"lessThan": "11.1.16",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.18-h8",
"status": "unaffected"
},
{
"at": "10.2.16-h9",
"status": "unaffected"
},
{
"at": "10.2.13-h23",
"status": "unaffected"
},
{
"at": "10.2.10-h39",
"status": "unaffected"
},
{
"at": "10.2.7-h36",
"status": "unaffected"
}
],
"lessThan": "10.2.18-h8",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003eDirectly; or\u003c/li\u003e\u003cli\u003eThrough a dataplane interface that includes a management interface profile.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eYou reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "The risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\n\n\n\n\n\n * Directly; or\n * Through a dataplane interface that includes a management interface profile.\n\n\n\n\n\n\nYou reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.4-h8",
"versionStartIncluding": "12.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.7-h2",
"versionStartIncluding": "12.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.8",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.4-h20",
"versionStartIncluding": "11.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.7-h18",
"versionStartIncluding": "11.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.10-h11",
"versionStartIncluding": "11.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.13",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.4-h35",
"versionStartIncluding": "11.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.6-h35",
"versionStartIncluding": "11.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.7-h8",
"versionStartIncluding": "11.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.10-h30",
"versionStartIncluding": "11.1.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.13-h9",
"versionStartIncluding": "11.1.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.16",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.7-h36",
"versionStartIncluding": "10.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.10-h39",
"versionStartIncluding": "10.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.13-h23",
"versionStartIncluding": "10.2.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.16-h9",
"versionStartIncluding": "10.2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.18-h8",
"versionStartIncluding": "10.2.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "our internal security research teams"
}
],
"datePublic": "2026-07-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan\u003eA server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eThe security risk posed by this issue is minimized when the management interface is restricted to only trusted internal IP addresses according to our recommended\u0026nbsp;\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003cspan\u003ebest practice deployment guidelines\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e.\u0026nbsp;\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003ePanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services.\n\n\n\nThe security risk posed by this issue is minimized when the management interface is restricted to only trusted internal IP addresses according to our recommended\u00a0 best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\u00a0\n\nPanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server-Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
}
]
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "You can reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T18:58:14.563Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0285"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e12.1.5 through 12.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e12.1.2 through 12.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.8 through 11.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.10-h11 or 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.5 through 11.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.0 through 11.2.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.11 through 11.1.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.8 through 11.1.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.7 through 11.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.5 through 11.1.6\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.0 through 11.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.17 through 10.2.18\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.14 through 10.2.16\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.11 through 10.2.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.8 through 10.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u0026nbsp;\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW\nNo action needed.\n PAN-OS 12.1\n\n 12.1.5 through 12.1.7-h*\n Upgrade to 12.1.7-h2 or 12.1.8 or later.\n \n \n 12.1.2 through 12.1.4-h*\n Upgrade to 12.1.4-h8 or 12.1.8 or later.\n \n PAN-OS 11.2\n\n 11.2.11 through 11.2.12\n Upgrade to 11.2.13 or later.\n \n \n 11.2.8 through 11.2.10-h*\n Upgrade to 11.2.10-h11 or 11.2.13 or later.\n \n \n 11.2.5 through 11.2.7-h*\n Upgrade to 11.2.7-h18 or 11.2.13 or later.\n \n \n 11.2.0 through 11.2.4-h*\n Upgrade to 11.2.4-h20 or 11.2.13 or later.\n \n PAN-OS 11.1\n\n 11.1.14 through 11.1.15\n Upgrade to 11.1.16 or later.\n \n \n 11.1.11 through 11.1.13-h*\n Upgrade to 11.1.13-h9 or 11.1.16 or later.\n \n \n 11.1.8 through 11.1.10-h*\n Upgrade to 11.1.10-h30 or 11.1.16 or later.\n \n \n 11.1.7 through 11.1.7-h*\n Upgrade to 11.1.7-h8 or 11.1.16 or later.\n \n \n 11.1.5 through 11.1.6-h*\n Upgrade to 11.1.6-h35 or 11.1.16 or later.\n \n \n 11.1.0 through 11.1.4-h*\n Upgrade to 11.1.4-h35 or 11.1.16 or later.\n \n PAN-OS 10.2\n\n 10.2.17 through 10.2.18-h*\n Upgrade to 10.2.18-h8 or later.\n \n \n 10.2.14 through 10.2.16-h*\n Upgrade to 10.2.16-h9 or later.\n \n \n 10.2.11 through 10.2.13-h*\n Upgrade to 10.2.13-h23 or later.\n \n \n 10.2.8 through 10.2.10-h*\n Upgrade to 10.2.10-h39 or later.\n \n \n 10.2.0 through 10.2.7-h*\n Upgrade to 10.2.7-h36 or later.\n All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access\u00a0\nNo action needed."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-07-08T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003c/p\u003e\u003cp\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003c/p\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003cul\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ePalo Alto Networks LIVEcommunity article\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ePalo Alto Networks official and detailed technical documentation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510030 (from Applications and Threats content version 9122-10145 and later). For these Threat IDs to protect against attacks for this vulnerability:\u003c/p\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003e\u003c/a\u003e\u003cul\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003e\u003c/a\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003eRoute incoming traffic for the MGT port through a DP port\u003c/a\u003e\u0026nbsp;e.g., enabling management profile on a DP interface for management access\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c\"\u003eReplace the Certificate for Inbound Traffic Management\u003c/a\u003e.\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2\"\u003eDecrypt inbound traffic to the management interface\u003c/a\u003e\u0026nbsp;so the firewall can inspect it.\u003c/li\u003e\u003cli\u003eEnable threat prevention on the inbound traffic to management services.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003ePlease note that this Threat ID requires SSL Decryption.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\n\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 * https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 Palo Alto Networks LIVEcommunity article https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n * Palo Alto Networks official and detailed technical documentation https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices \n\n\n\n\nCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510030 (from Applications and Threats content version 9122-10145 and later). For these Threat IDs to protect against attacks for this vulnerability:\n\n https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba * https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba Route incoming traffic for the MGT port through a DP port https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba \u00a0e.g., enabling management profile on a DP interface for management access\n * Replace the Certificate for Inbound Traffic Management https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c .\n * Decrypt inbound traffic to the management interface https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2 \u00a0so the firewall can inspect it.\n * Enable threat prevention on the inbound traffic to management services.\n\n\n\n\nPlease note that this Threat ID requires SSL Decryption."
}
],
"x_affectedList": [
"PAN-OS 12.1.7",
"PAN-OS 12.1.6",
"PAN-OS 12.1.5",
"PAN-OS 12.1.4-h6",
"PAN-OS 12.1.4-h5",
"PAN-OS 12.1.4-h3",
"PAN-OS 12.1.4-h2",
"PAN-OS 12.1.4",
"PAN-OS 12.1.3-h3",
"PAN-OS 12.1.3-h1",
"PAN-OS 12.1.3",
"PAN-OS 12.1.2",
"PAN-OS 11.2.12",
"PAN-OS 11.2.11",
"PAN-OS 11.2.10-h8",
"PAN-OS 11.2.10-h7",
"PAN-OS 11.2.10-h6",
"PAN-OS 11.2.10-h5",
"PAN-OS 11.2.10-h4",
"PAN-OS 11.2.10-h3",
"PAN-OS 11.2.10-h2",
"PAN-OS 11.2.10-h1",
"PAN-OS 11.2.10",
"PAN-OS 11.2.9",
"PAN-OS 11.2.8",
"PAN-OS 11.2.7-h15",
"PAN-OS 11.2.7-h14",
"PAN-OS 11.2.7-h13",
"PAN-OS 11.2.7-h12",
"PAN-OS 11.2.7-h11",
"PAN-OS 11.2.7-h10",
"PAN-OS 11.2.7-h8",
"PAN-OS 11.2.7-h7",
"PAN-OS 11.2.7-h4",
"PAN-OS 11.2.7-h3",
"PAN-OS 11.2.7-h2",
"PAN-OS 11.2.7-h1",
"PAN-OS 11.2.7",
"PAN-OS 11.2.6",
"PAN-OS 11.2.5",
"PAN-OS 11.2.4-h17",
"PAN-OS 11.2.4-h15",
"PAN-OS 11.2.4-h14",
"PAN-OS 11.2.4-h12",
"PAN-OS 11.2.4-h11",
"PAN-OS 11.2.4-h10",
"PAN-OS 11.2.4-h9",
"PAN-OS 11.2.4-h8",
"PAN-OS 11.2.4-h7",
"PAN-OS 11.2.4-h6",
"PAN-OS 11.2.4-h5",
"PAN-OS 11.2.4-h4",
"PAN-OS 11.2.4-h3",
"PAN-OS 11.2.4-h2",
"PAN-OS 11.2.4-h1",
"PAN-OS 11.2.4",
"PAN-OS 11.2.3-h5",
"PAN-OS 11.2.3-h4",
"PAN-OS 11.2.3-h3",
"PAN-OS 11.2.3-h2",
"PAN-OS 11.2.3-h1",
"PAN-OS 11.2.3",
"PAN-OS 11.2.2-h2",
"PAN-OS 11.2.2-h1",
"PAN-OS 11.2.1-h1",
"PAN-OS 11.2.1",
"PAN-OS 11.2.0-h1",
"PAN-OS 11.2.0",
"PAN-OS 11.1.15",
"PAN-OS 11.1.14",
"PAN-OS 11.1.13-h6",
"PAN-OS 11.1.13-h5",
"PAN-OS 11.1.13-h3",
"PAN-OS 11.1.13-h2",
"PAN-OS 11.1.13-h1",
"PAN-OS 11.1.13",
"PAN-OS 11.1.12",
"PAN-OS 11.1.11",
"PAN-OS 11.1.10-h26",
"PAN-OS 11.1.10-h25",
"PAN-OS 11.1.10-h21",
"PAN-OS 11.1.10-h12",
"PAN-OS 11.1.10-h10",
"PAN-OS 11.1.10-h9",
"PAN-OS 11.1.10-h7",
"PAN-OS 11.1.10-h5",
"PAN-OS 11.1.10-h4",
"PAN-OS 11.1.10-h1",
"PAN-OS 11.1.10",
"PAN-OS 11.1.9",
"PAN-OS 11.1.8",
"PAN-OS 11.1.6-h32",
"PAN-OS 11.1.6-h29",
"PAN-OS 11.1.6-h25",
"PAN-OS 11.1.6-h23",
"PAN-OS 11.1.6-h22",
"PAN-OS 11.1.6-h21",
"PAN-OS 11.1.6-h20",
"PAN-OS 11.1.6-h19",
"PAN-OS 11.1.6-h18",
"PAN-OS 11.1.6-h17",
"PAN-OS 11.1.6-h14",
"PAN-OS 11.1.6-h10",
"PAN-OS 11.1.6-h7",
"PAN-OS 11.1.6-h6",
"PAN-OS 11.1.6-h4",
"PAN-OS 11.1.6-h3",
"PAN-OS 11.1.6-h2",
"PAN-OS 11.1.6-h1",
"PAN-OS 11.1.6",
"PAN-OS 11.1.5-h1",
"PAN-OS 11.1.5",
"PAN-OS 11.1.4-h33",
"PAN-OS 11.1.4-h32",
"PAN-OS 11.1.4-h27",
"PAN-OS 11.1.4-h25",
"PAN-OS 11.1.4-h18",
"PAN-OS 11.1.4-h17",
"PAN-OS 11.1.4-h15",
"PAN-OS 11.1.4-h13",
"PAN-OS 11.1.4-h12",
"PAN-OS 11.1.4-h11",
"PAN-OS 11.1.4-h10",
"PAN-OS 11.1.4-h9",
"PAN-OS 11.1.4-h8",
"PAN-OS 11.1.4-h7",
"PAN-OS 11.1.4-h6",
"PAN-OS 11.1.4-h5",
"PAN-OS 11.1.4-h4",
"PAN-OS 11.1.4-h3",
"PAN-OS 11.1.4-h2",
"PAN-OS 11.1.4-h1",
"PAN-OS 11.1.4",
"PAN-OS 11.1.3-h13",
"PAN-OS 11.1.3-h12",
"PAN-OS 11.1.3-h11",
"PAN-OS 11.1.3-h10",
"PAN-OS 11.1.3-h9",
"PAN-OS 11.1.3-h8",
"PAN-OS 11.1.3-h7",
"PAN-OS 11.1.3-h6",
"PAN-OS 11.1.3-h5",
"PAN-OS 11.1.3-h4",
"PAN-OS 11.1.3-h3",
"PAN-OS 11.1.3-h2",
"PAN-OS 11.1.3-h1",
"PAN-OS 11.1.3",
"PAN-OS 11.1.2-h18",
"PAN-OS 11.1.2-h17",
"PAN-OS 11.1.2-h16",
"PAN-OS 11.1.2-h15",
"PAN-OS 11.1.2-h14",
"PAN-OS 11.1.2-h13",
"PAN-OS 11.1.2-h12",
"PAN-OS 11.1.2-h11",
"PAN-OS 11.1.2-h10",
"PAN-OS 11.1.2-h9",
"PAN-OS 11.1.2-h8",
"PAN-OS 11.1.2-h7",
"PAN-OS 11.1.2-h6",
"PAN-OS 11.1.2-h5",
"PAN-OS 11.1.2-h4",
"PAN-OS 11.1.2-h3",
"PAN-OS 11.1.2-h2",
"PAN-OS 11.1.2-h1",
"PAN-OS 11.1.2",
"PAN-OS 11.1.1-h2",
"PAN-OS 11.1.1-h1",
"PAN-OS 11.1.1",
"PAN-OS 11.1.0-h4",
"PAN-OS 11.1.0-h3",
"PAN-OS 11.1.0-h2",
"PAN-OS 11.1.0-h1",
"PAN-OS 11.1.0",
"PAN-OS 10.2.18-h6",
"PAN-OS 10.2.18-h5",
"PAN-OS 10.2.18-h1",
"PAN-OS 10.2.18",
"PAN-OS 10.2.17",
"PAN-OS 10.2.16-h7",
"PAN-OS 10.2.16-h6",
"PAN-OS 10.2.16-h4",
"PAN-OS 10.2.16-h1",
"PAN-OS 10.2.16",
"PAN-OS 10.2.15",
"PAN-OS 10.2.14-h1",
"PAN-OS 10.2.14",
"PAN-OS 10.2.13-h21",
"PAN-OS 10.2.13-h18",
"PAN-OS 10.2.13-h16",
"PAN-OS 10.2.13-h15",
"PAN-OS 10.2.13-h10",
"PAN-OS 10.2.13-h7",
"PAN-OS 10.2.13-h5",
"PAN-OS 10.2.13-h4",
"PAN-OS 10.2.13-h3",
"PAN-OS 10.2.13-h2",
"PAN-OS 10.2.13-h1",
"PAN-OS 10.2.13",
"PAN-OS 10.2.12-h6",
"PAN-OS 10.2.12-h5",
"PAN-OS 10.2.12-h4",
"PAN-OS 10.2.12-h3",
"PAN-OS 10.2.12-h2",
"PAN-OS 10.2.12-h1",
"PAN-OS 10.2.12",
"PAN-OS 10.2.11-h13",
"PAN-OS 10.2.11-h12",
"PAN-OS 10.2.11-h11",
"PAN-OS 10.2.11-h10",
"PAN-OS 10.2.11-h9",
"PAN-OS 10.2.11-h8",
"PAN-OS 10.2.11-h7",
"PAN-OS 10.2.11-h6",
"PAN-OS 10.2.11-h5",
"PAN-OS 10.2.11-h4",
"PAN-OS 10.2.11-h3",
"PAN-OS 10.2.11-h2",
"PAN-OS 10.2.11-h1",
"PAN-OS 10.2.11",
"PAN-OS 10.2.10-h36",
"PAN-OS 10.2.10-h31",
"PAN-OS 10.2.10-h30",
"PAN-OS 10.2.10-h27",
"PAN-OS 10.2.10-h26",
"PAN-OS 10.2.10-h23",
"PAN-OS 10.2.10-h21",
"PAN-OS 10.2.10-h18",
"PAN-OS 10.2.10-h17",
"PAN-OS 10.2.10-h14",
"PAN-OS 10.2.10-h13",
"PAN-OS 10.2.10-h12",
"PAN-OS 10.2.10-h11",
"PAN-OS 10.2.10-h10",
"PAN-OS 10.2.10-h9",
"PAN-OS 10.2.10-h8",
"PAN-OS 10.2.10-h7",
"PAN-OS 10.2.10-h6",
"PAN-OS 10.2.10-h5",
"PAN-OS 10.2.10-h4",
"PAN-OS 10.2.10-h3",
"PAN-OS 10.2.10-h2",
"PAN-OS 10.2.10-h1",
"PAN-OS 10.2.10",
"PAN-OS 10.2.9-h21",
"PAN-OS 10.2.9-h20",
"PAN-OS 10.2.9-h19",
"PAN-OS 10.2.9-h18",
"PAN-OS 10.2.9-h17",
"PAN-OS 10.2.9-h16",
"PAN-OS 10.2.9-h15",
"PAN-OS 10.2.9-h14",
"PAN-OS 10.2.9-h13",
"PAN-OS 10.2.9-h12",
"PAN-OS 10.2.9-h11",
"PAN-OS 10.2.9-h10",
"PAN-OS 10.2.9-h9",
"PAN-OS 10.2.9-h8",
"PAN-OS 10.2.9-h7",
"PAN-OS 10.2.9-h6",
"PAN-OS 10.2.9-h5",
"PAN-OS 10.2.9-h4",
"PAN-OS 10.2.9-h3",
"PAN-OS 10.2.9-h2",
"PAN-OS 10.2.9-h1",
"PAN-OS 10.2.9",
"PAN-OS 10.2.8-h21",
"PAN-OS 10.2.8-h20",
"PAN-OS 10.2.8-h19",
"PAN-OS 10.2.8-h18",
"PAN-OS 10.2.8-h17",
"PAN-OS 10.2.8-h16",
"PAN-OS 10.2.8-h15",
"PAN-OS 10.2.8-h14",
"PAN-OS 10.2.8-h13",
"PAN-OS 10.2.8-h12",
"PAN-OS 10.2.8-h11",
"PAN-OS 10.2.8-h10",
"PAN-OS 10.2.8-h9",
"PAN-OS 10.2.8-h8",
"PAN-OS 10.2.8-h7",
"PAN-OS 10.2.8-h6",
"PAN-OS 10.2.8-h5",
"PAN-OS 10.2.8-h4",
"PAN-OS 10.2.8-h3",
"PAN-OS 10.2.8-h2",
"PAN-OS 10.2.8-h1",
"PAN-OS 10.2.8",
"PAN-OS 10.2.7-h34",
"PAN-OS 10.2.7-h32",
"PAN-OS 10.2.7-h24",
"PAN-OS 10.2.7-h23",
"PAN-OS 10.2.7-h22",
"PAN-OS 10.2.7-h21",
"PAN-OS 10.2.7-h20",
"PAN-OS 10.2.7-h19",
"PAN-OS 10.2.7-h18",
"PAN-OS 10.2.7-h17",
"PAN-OS 10.2.7-h16",
"PAN-OS 10.2.7-h15",
"PAN-OS 10.2.7-h14",
"PAN-OS 10.2.7-h13",
"PAN-OS 10.2.7-h12",
"PAN-OS 10.2.7-h11",
"PAN-OS 10.2.7-h10",
"PAN-OS 10.2.7-h9",
"PAN-OS 10.2.7-h8",
"PAN-OS 10.2.7-h7",
"PAN-OS 10.2.7-h6",
"PAN-OS 10.2.7-h5",
"PAN-OS 10.2.7-h4",
"PAN-OS 10.2.7-h3",
"PAN-OS 10.2.7-h2",
"PAN-OS 10.2.7-h1",
"PAN-OS 10.2.7",
"PAN-OS 10.2.6-h6",
"PAN-OS 10.2.6-h5",
"PAN-OS 10.2.6-h4",
"PAN-OS 10.2.6-h3",
"PAN-OS 10.2.6-h2",
"PAN-OS 10.2.6-h1",
"PAN-OS 10.2.6",
"PAN-OS 10.2.5-h9",
"PAN-OS 10.2.5-h8",
"PAN-OS 10.2.5-h7",
"PAN-OS 10.2.5-h6",
"PAN-OS 10.2.5-h5",
"PAN-OS 10.2.5-h4",
"PAN-OS 10.2.5-h3",
"PAN-OS 10.2.5-h2",
"PAN-OS 10.2.5-h1",
"PAN-OS 10.2.5",
"PAN-OS 10.2.4-h32",
"PAN-OS 10.2.4-h31",
"PAN-OS 10.2.4-h30",
"PAN-OS 10.2.4-h29",
"PAN-OS 10.2.4-h28",
"PAN-OS 10.2.4-h27",
"PAN-OS 10.2.4-h26",
"PAN-OS 10.2.4-h25",
"PAN-OS 10.2.4-h24",
"PAN-OS 10.2.4-h23",
"PAN-OS 10.2.4-h22",
"PAN-OS 10.2.4-h21",
"PAN-OS 10.2.4-h20",
"PAN-OS 10.2.4-h19",
"PAN-OS 10.2.4-h18",
"PAN-OS 10.2.4-h17",
"PAN-OS 10.2.4-h16",
"PAN-OS 10.2.4-h15",
"PAN-OS 10.2.4-h14",
"PAN-OS 10.2.4-h13",
"PAN-OS 10.2.4-h12",
"PAN-OS 10.2.4-h11",
"PAN-OS 10.2.4-h10",
"PAN-OS 10.2.4-h9",
"PAN-OS 10.2.4-h8",
"PAN-OS 10.2.4-h7",
"PAN-OS 10.2.4-h6",
"PAN-OS 10.2.4-h5",
"PAN-OS 10.2.4-h4",
"PAN-OS 10.2.4-h3",
"PAN-OS 10.2.4-h2",
"PAN-OS 10.2.4-h1",
"PAN-OS 10.2.4",
"PAN-OS 10.2.3-h14",
"PAN-OS 10.2.3-h13",
"PAN-OS 10.2.3-h12",
"PAN-OS 10.2.3-h11",
"PAN-OS 10.2.3-h10",
"PAN-OS 10.2.3-h9",
"PAN-OS 10.2.3-h8",
"PAN-OS 10.2.3-h7",
"PAN-OS 10.2.3-h6",
"PAN-OS 10.2.3-h5",
"PAN-OS 10.2.3-h4",
"PAN-OS 10.2.3-h3",
"PAN-OS 10.2.3-h2",
"PAN-OS 10.2.3-h1",
"PAN-OS 10.2.3",
"PAN-OS 10.2.2-h6",
"PAN-OS 10.2.2-h5",
"PAN-OS 10.2.2-h4",
"PAN-OS 10.2.2-h3",
"PAN-OS 10.2.2-h2",
"PAN-OS 10.2.2-h1",
"PAN-OS 10.2.2",
"PAN-OS 10.2.1-h3",
"PAN-OS 10.2.1-h2",
"PAN-OS 10.2.1-h1",
"PAN-OS 10.2.1",
"PAN-OS 10.2.0-h4",
"PAN-OS 10.2.0-h3",
"PAN-OS 10.2.0-h2",
"PAN-OS 10.2.0-h1",
"PAN-OS 10.2.0"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0285",
"datePublished": "2026-07-09T18:58:14.563Z",
"dateReserved": "2025-11-03T20:44:43.620Z",
"dateUpdated": "2026-07-09T19:25:44.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-0285\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2026-07-09T19:17:01.633\",\"lastModified\":\"2026-07-09T20:16:27.290\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services.\\n\\n\\n\\nThe security risk posed by this issue is minimized when the management interface is restricted to only trusted internal IP addresses according to our recommended\u00a0 best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\u00a0\\n\\nPanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability.\"}],\"affected\":[{\"source\":\"psirt@paloaltonetworks.com\",\"affectedData\":[{\"vendor\":\"Palo Alto Networks\",\"product\":\"Cloud NGFW\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"All\",\"versionType\":\"custom\",\"status\":\"unaffected\"}]},{\"vendor\":\"Palo Alto Networks\",\"product\":\"PAN-OS\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*\",\"cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"12.1.0\",\"lessThan\":\"12.1.8\",\"versionType\":\"custom\",\"status\":\"affected\",\"changes\":[{\"at\":\"12.1.8\",\"status\":\"unaffected\"},{\"at\":\"12.1.7-h2\",\"status\":\"unaffected\"},{\"at\":\"12.1.4-h8\",\"status\":\"unaffected\"}]},{\"version\":\"11.2.0\",\"lessThan\":\"11.2.13\",\"versionType\":\"custom\",\"status\":\"affected\",\"changes\":[{\"at\":\"11.2.13\",\"status\":\"unaffected\"},{\"at\":\"11.2.10-h11\",\"status\":\"unaffected\"},{\"at\":\"11.2.7-h18\",\"status\":\"unaffected\"},{\"at\":\"11.2.4-h20\",\"status\":\"unaffected\"}]},{\"version\":\"11.1.0\",\"lessThan\":\"11.1.16\",\"versionType\":\"custom\",\"status\":\"affected\",\"changes\":[{\"at\":\"11.1.16\",\"status\":\"unaffected\"},{\"at\":\"11.1.13-h9\",\"status\":\"unaffected\"},{\"at\":\"11.1.10-h30\",\"status\":\"unaffected\"},{\"at\":\"11.1.7-h8\",\"status\":\"unaffected\"},{\"at\":\"11.1.6-h35\",\"status\":\"unaffected\"},{\"at\":\"11.1.4-h35\",\"status\":\"unaffected\"}]},{\"version\":\"10.2.0\",\"lessThan\":\"10.2.18-h8\",\"versionType\":\"custom\",\"status\":\"affected\",\"changes\":[{\"at\":\"10.2.18-h8\",\"status\":\"unaffected\"},{\"at\":\"10.2.16-h9\",\"status\":\"unaffected\"},{\"at\":\"10.2.13-h23\",\"status\":\"unaffected\"},{\"at\":\"10.2.10-h39\",\"status\":\"unaffected\"},{\"at\":\"10.2.7-h36\",\"status\":\"unaffected\"}]}]},{\"vendor\":\"Palo Alto Networks\",\"product\":\"Prisma Access\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"All\",\"versionType\":\"custom\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"UNREPORTED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NO\",\"Recovery\":\"USER\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"AMBER\"}}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-09T19:25:38.612302Z\",\"id\":\"CVE-2026-0285\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/CVE-2026-0285\",\"source\":\"psirt@paloaltonetworks.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-0285\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-09T19:25:38.612302Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-09T19:25:41.683Z\"}}], \"cna\": {\"title\": \"PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface\", \"source\": {\"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"our internal security research teams\"}], \"impacts\": [{\"capecId\": \"CAPEC-664\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-664 Server-Side Request Forgery\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 4.7, \"Automatable\": \"NO\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"DIFFUSE\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber\", \"exploitMaturity\": \"UNREPORTED\", \"providerUrgency\": \"AMBER\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"The risk is highest when you allow access to the management interface from external IP addresses on the internet.\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 4.4, \"Automatable\": \"NO\", \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"DIFFUSE\", \"vectorString\": \"CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber\", \"exploitMaturity\": \"UNREPORTED\", \"providerUrgency\": \"AMBER\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"You can reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface.\"}]}], \"affected\": [{\"vendor\": \"Palo Alto Networks\", \"product\": \"Cloud NGFW\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"All\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*\"], \"vendor\": \"Palo Alto Networks\", \"product\": \"PAN-OS\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"12.1.8\", \"status\": \"unaffected\"}, {\"at\": \"12.1.7-h2\", \"status\": \"unaffected\"}, {\"at\": \"12.1.4-h8\", \"status\": \"unaffected\"}], \"version\": \"12.1.0\", \"lessThan\": \"12.1.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"11.2.13\", \"status\": \"unaffected\"}, {\"at\": \"11.2.10-h11\", \"status\": \"unaffected\"}, {\"at\": \"11.2.7-h18\", \"status\": \"unaffected\"}, {\"at\": \"11.2.4-h20\", \"status\": \"unaffected\"}], \"version\": \"11.2.0\", \"lessThan\": \"11.2.13\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"11.1.16\", \"status\": \"unaffected\"}, {\"at\": \"11.1.13-h9\", \"status\": \"unaffected\"}, {\"at\": \"11.1.10-h30\", \"status\": \"unaffected\"}, {\"at\": \"11.1.7-h8\", \"status\": \"unaffected\"}, {\"at\": \"11.1.6-h35\", \"status\": \"unaffected\"}, {\"at\": \"11.1.4-h35\", \"status\": \"unaffected\"}], \"version\": \"11.1.0\", \"lessThan\": \"11.1.16\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"10.2.18-h8\", \"status\": \"unaffected\"}, {\"at\": \"10.2.16-h9\", \"status\": \"unaffected\"}, {\"at\": \"10.2.13-h23\", \"status\": \"unaffected\"}, {\"at\": \"10.2.10-h39\", \"status\": \"unaffected\"}, {\"at\": \"10.2.7-h36\", \"status\": \"unaffected\"}], \"version\": \"10.2.0\", \"lessThan\": \"10.2.18-h8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Palo Alto Networks\", \"product\": \"Prisma Access\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"All\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Palo Alto Networks is not aware of any malicious exploitation of this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Palo Alto Networks is not aware of any malicious exploitation of this issue.\", \"base64\": false}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-07-08T16:00:00.000Z\", \"value\": \"Initial publication\"}], \"solutions\": [{\"lang\": \"eng\", \"value\": \"Version\\nMinor Version\\nSuggested Solution\\nCloud NGFW\\nNo action needed.\\n PAN-OS 12.1\\n\\n 12.1.5 through 12.1.7-h*\\n Upgrade to 12.1.7-h2 or 12.1.8 or later.\\n \\n \\n 12.1.2 through 12.1.4-h*\\n Upgrade to 12.1.4-h8 or 12.1.8 or later.\\n \\n PAN-OS 11.2\\n\\n 11.2.11 through 11.2.12\\n Upgrade to 11.2.13 or later.\\n \\n \\n 11.2.8 through 11.2.10-h*\\n Upgrade to 11.2.10-h11 or 11.2.13 or later.\\n \\n \\n 11.2.5 through 11.2.7-h*\\n Upgrade to 11.2.7-h18 or 11.2.13 or later.\\n \\n \\n 11.2.0 through 11.2.4-h*\\n Upgrade to 11.2.4-h20 or 11.2.13 or later.\\n \\n PAN-OS 11.1\\n\\n 11.1.14 through 11.1.15\\n Upgrade to 11.1.16 or later.\\n \\n \\n 11.1.11 through 11.1.13-h*\\n Upgrade to 11.1.13-h9 or 11.1.16 or later.\\n \\n \\n 11.1.8 through 11.1.10-h*\\n Upgrade to 11.1.10-h30 or 11.1.16 or later.\\n \\n \\n 11.1.7 through 11.1.7-h*\\n Upgrade to 11.1.7-h8 or 11.1.16 or later.\\n \\n \\n 11.1.5 through 11.1.6-h*\\n Upgrade to 11.1.6-h35 or 11.1.16 or later.\\n \\n \\n 11.1.0 through 11.1.4-h*\\n Upgrade to 11.1.4-h35 or 11.1.16 or later.\\n \\n PAN-OS 10.2\\n\\n 10.2.17 through 10.2.18-h*\\n Upgrade to 10.2.18-h8 or later.\\n \\n \\n 10.2.14 through 10.2.16-h*\\n Upgrade to 10.2.16-h9 or later.\\n \\n \\n 10.2.11 through 10.2.13-h*\\n Upgrade to 10.2.13-h23 or later.\\n \\n \\n 10.2.8 through 10.2.10-h*\\n Upgrade to 10.2.10-h39 or later.\\n \\n \\n 10.2.0 through 10.2.7-h*\\n Upgrade to 10.2.7-h36 or later.\\n All older\\nunsupported\\nPAN-OS versions\\u00a0Upgrade to a supported fixed version.Prisma Access\\u00a0\\nNo action needed.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003ctable class=\\\"tbl\\\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\\n \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\\n \u003ctd\u003e12.1.5 through 12.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\\n \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\\n \u003c/tr\u003e\u003ctr\u003e\\n \u003ctd\u003e\u003c/td\u003e\\n \u003ctd\u003e12.1.2 through 12.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\\n \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\\n \u003c/tr\u003e\u003ctr\u003e\\n \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\\n \u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\\n \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\\n \u003c/tr\u003e\u003ctr\u003e\\n \u003ctd\u003e\u003c/td\u003e\\n \u003ctd\u003e11.2.8 through 11.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\\n \u003ctd\u003eUpgrade to 11.2.10-h11 or 11.2.13 or later.\u003c/td\u003e\\n \u003c/tr\u003e\u003ctr\u003e\\n \u003ctd\u003e\u003c/td\u003e\\n \u003ctd\u003e11.2.5 through 11.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\\n \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\\n \u003c/tr\u003e\u003ctr\u003e\\n \u003ctd\u003e\u003c/td\u003e\\n \u003ctd\u003e11.2.0 through 11.2.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\\n \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\\n \u003c/tr\u003e\u003ctr\u003e\\n \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\\n \u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\\n \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\\n \u003c/tr\u003e\u003ctr\u003e\\n \u003ctd\u003e\u003c/td\u003e\\n \u003ctd\u003e11.1.11 through 11.1.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\\n \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\\n \u003c/tr\u003e\u003ctr\u003e\\n \u003ctd\u003e\u003c/td\u003e\\n \u003ctd\u003e11.1.8 through 11.1.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\\n \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\\n \u003c/tr\u003e\u003ctr\u003e\\n \u003ctd\u003e\u003c/td\u003e\\n \u003ctd\u003e11.1.7 through 11.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\\n \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\\n \u003c/tr\u003e\u003ctr\u003e\\n \u003ctd\u003e\u003c/td\u003e\\n \u003ctd\u003e11.1.5 through 11.1.6\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\\n \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\\n \u003c/tr\u003e\u003ctr\u003e\\n \u003ctd\u003e\u003c/td\u003e\\n \u003ctd\u003e11.1.0 through 11.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\\n \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\\n \u003c/tr\u003e\u003ctr\u003e\\n \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\\n \u003ctd\u003e10.2.17 through 10.2.18\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\\n \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\\n \u003c/tr\u003e\u003ctr\u003e\\n \u003ctd\u003e\u003c/td\u003e\\n \u003ctd\u003e10.2.14 through 10.2.16\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\\n \u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\\n \u003c/tr\u003e\u003ctr\u003e\\n \u003ctd\u003e\u003c/td\u003e\\n \u003ctd\u003e10.2.11 through 10.2.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\\n \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\\n \u003c/tr\u003e\u003ctr\u003e\\n \u003ctd\u003e\u003c/td\u003e\\n \u003ctd\u003e10.2.8 through 10.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\\n \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\\n \u003c/tr\u003e\u003ctr\u003e\\n \u003ctd\u003e\u003c/td\u003e\\n \u003ctd\u003e10.2.0 through 10.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\\n \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\\n \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u0026nbsp;\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\", \"base64\": false}]}], \"datePublic\": \"2026-07-08T16:00:00.000Z\", \"references\": [{\"url\": \"https://security.paloaltonetworks.com/CVE-2026-0285\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"eng\", \"value\": \"The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . Specifically, you should restrict management interface access to only trusted internal IP addresses.\\n\\n\\n\\nReview information about how to secure management access to your Palo Alto Networks firewalls:\\n\\n https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 * https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 Palo Alto Networks LIVEcommunity article https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \\n * Palo Alto Networks official and detailed technical documentation https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices \\n\\n\\n\\n\\nCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510030 (from Applications and Threats content version 9122-10145 and later). For these Threat IDs to protect against attacks for this vulnerability:\\n\\n https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba * https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba Route incoming traffic for the MGT port through a DP port https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba \\u00a0e.g., enabling management profile on a DP interface for management access\\n * Replace the Certificate for Inbound Traffic Management https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c .\\n * Decrypt inbound traffic to the management interface https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2 \\u00a0so the firewall can inspect it.\\n * Enable threat prevention on the inbound traffic to management services.\\n\\n\\n\\n\\nPlease note that this Threat ID requires SSL Decryption.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\\\"\u003ebest practice deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003c/p\u003e\u003cp\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003c/p\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\\\"\u003e\u003c/a\u003e\u003cul\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\\\"\u003e\u003c/a\u003e\u003cli\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\\\"\u003e\u003c/a\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\\\"\u003ePalo Alto Networks LIVEcommunity article\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\\\"\u003ePalo Alto Networks official and detailed technical documentation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510030 (from Applications and Threats content version 9122-10145 and later). For these Threat IDs to protect against attacks for this vulnerability:\u003c/p\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\\\"\u003e\u003c/a\u003e\u003cul\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\\\"\u003e\u003c/a\u003e\u003cli\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\\\"\u003e\u003c/a\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\\\"\u003eRoute incoming traffic for the MGT port through a DP port\u003c/a\u003e\u0026nbsp;e.g., enabling management profile on a DP interface for management access\u003c/li\u003e\u003cli\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c\\\"\u003eReplace the Certificate for Inbound Traffic Management\u003c/a\u003e.\u003c/li\u003e\u003cli\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2\\\"\u003eDecrypt inbound traffic to the management interface\u003c/a\u003e\u0026nbsp;so the firewall can inspect it.\u003c/li\u003e\u003cli\u003eEnable threat prevention on the inbound traffic to management services.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003ePlease note that this Threat ID requires SSL Decryption.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services.\\n\\n\\n\\nThe security risk posed by this issue is minimized when the management interface is restricted to only trusted internal IP addresses according to our recommended\\u00a0 best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\\u00a0\\n\\nPanorama, Cloud NGFW, and Prisma\\u00ae Access are not impacted by this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003cspan\u003eA server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eThe security risk posed by this issue is minimized when the management interface is restricted to only trusted internal IP addresses according to our recommended\u0026nbsp;\u003c/span\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\\\"\u003e\u003cspan\u003ebest practice deployment guidelines\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e.\u0026nbsp;\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003ePanorama, Cloud NGFW, and Prisma\\u00ae Access are not impacted by this vulnerability.\u003c/span\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918 Server-Side Request Forgery (SSRF)\"}]}], \"configurations\": [{\"lang\": \"eng\", \"value\": \"The risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\\n\\n\\n\\n\\n\\n * Directly; or\\n * Through a dataplane interface that includes a management interface profile.\\n\\n\\n\\n\\n\\n\\nYou reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003eDirectly; or\u003c/li\u003e\u003cli\u003eThrough a dataplane interface that includes a management interface profile.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eYou reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"x_affectedList\": [\"PAN-OS 12.1.7\", \"PAN-OS 12.1.6\", \"PAN-OS 12.1.5\", \"PAN-OS 12.1.4-h6\", \"PAN-OS 12.1.4-h5\", \"PAN-OS 12.1.4-h3\", \"PAN-OS 12.1.4-h2\", \"PAN-OS 12.1.4\", \"PAN-OS 12.1.3-h3\", \"PAN-OS 12.1.3-h1\", \"PAN-OS 12.1.3\", \"PAN-OS 12.1.2\", \"PAN-OS 11.2.12\", \"PAN-OS 11.2.11\", \"PAN-OS 11.2.10-h8\", \"PAN-OS 11.2.10-h7\", \"PAN-OS 11.2.10-h6\", \"PAN-OS 11.2.10-h5\", \"PAN-OS 11.2.10-h4\", \"PAN-OS 11.2.10-h3\", \"PAN-OS 11.2.10-h2\", \"PAN-OS 11.2.10-h1\", \"PAN-OS 11.2.10\", \"PAN-OS 11.2.9\", \"PAN-OS 11.2.8\", \"PAN-OS 11.2.7-h15\", \"PAN-OS 11.2.7-h14\", \"PAN-OS 11.2.7-h13\", \"PAN-OS 11.2.7-h12\", \"PAN-OS 11.2.7-h11\", \"PAN-OS 11.2.7-h10\", \"PAN-OS 11.2.7-h8\", \"PAN-OS 11.2.7-h7\", \"PAN-OS 11.2.7-h4\", \"PAN-OS 11.2.7-h3\", \"PAN-OS 11.2.7-h2\", \"PAN-OS 11.2.7-h1\", \"PAN-OS 11.2.7\", \"PAN-OS 11.2.6\", \"PAN-OS 11.2.5\", \"PAN-OS 11.2.4-h17\", \"PAN-OS 11.2.4-h15\", \"PAN-OS 11.2.4-h14\", \"PAN-OS 11.2.4-h12\", \"PAN-OS 11.2.4-h11\", \"PAN-OS 11.2.4-h10\", \"PAN-OS 11.2.4-h9\", \"PAN-OS 11.2.4-h8\", \"PAN-OS 11.2.4-h7\", \"PAN-OS 11.2.4-h6\", \"PAN-OS 11.2.4-h5\", \"PAN-OS 11.2.4-h4\", \"PAN-OS 11.2.4-h3\", \"PAN-OS 11.2.4-h2\", \"PAN-OS 11.2.4-h1\", \"PAN-OS 11.2.4\", \"PAN-OS 11.2.3-h5\", \"PAN-OS 11.2.3-h4\", \"PAN-OS 11.2.3-h3\", \"PAN-OS 11.2.3-h2\", \"PAN-OS 11.2.3-h1\", \"PAN-OS 11.2.3\", \"PAN-OS 11.2.2-h2\", \"PAN-OS 11.2.2-h1\", \"PAN-OS 11.2.1-h1\", \"PAN-OS 11.2.1\", \"PAN-OS 11.2.0-h1\", \"PAN-OS 11.2.0\", \"PAN-OS 11.1.15\", \"PAN-OS 11.1.14\", \"PAN-OS 11.1.13-h6\", \"PAN-OS 11.1.13-h5\", \"PAN-OS 11.1.13-h3\", \"PAN-OS 11.1.13-h2\", \"PAN-OS 11.1.13-h1\", \"PAN-OS 11.1.13\", \"PAN-OS 11.1.12\", \"PAN-OS 11.1.11\", \"PAN-OS 11.1.10-h26\", \"PAN-OS 11.1.10-h25\", \"PAN-OS 11.1.10-h21\", \"PAN-OS 11.1.10-h12\", \"PAN-OS 11.1.10-h10\", \"PAN-OS 11.1.10-h9\", \"PAN-OS 11.1.10-h7\", \"PAN-OS 11.1.10-h5\", \"PAN-OS 11.1.10-h4\", \"PAN-OS 11.1.10-h1\", \"PAN-OS 11.1.10\", \"PAN-OS 11.1.9\", \"PAN-OS 11.1.8\", \"PAN-OS 11.1.6-h32\", \"PAN-OS 11.1.6-h29\", \"PAN-OS 11.1.6-h25\", \"PAN-OS 11.1.6-h23\", \"PAN-OS 11.1.6-h22\", \"PAN-OS 11.1.6-h21\", \"PAN-OS 11.1.6-h20\", \"PAN-OS 11.1.6-h19\", \"PAN-OS 11.1.6-h18\", \"PAN-OS 11.1.6-h17\", \"PAN-OS 11.1.6-h14\", \"PAN-OS 11.1.6-h10\", \"PAN-OS 11.1.6-h7\", \"PAN-OS 11.1.6-h6\", \"PAN-OS 11.1.6-h4\", \"PAN-OS 11.1.6-h3\", \"PAN-OS 11.1.6-h2\", \"PAN-OS 11.1.6-h1\", \"PAN-OS 11.1.6\", \"PAN-OS 11.1.5-h1\", \"PAN-OS 11.1.5\", \"PAN-OS 11.1.4-h33\", \"PAN-OS 11.1.4-h32\", \"PAN-OS 11.1.4-h27\", \"PAN-OS 11.1.4-h25\", \"PAN-OS 11.1.4-h18\", \"PAN-OS 11.1.4-h17\", \"PAN-OS 11.1.4-h15\", \"PAN-OS 11.1.4-h13\", \"PAN-OS 11.1.4-h12\", \"PAN-OS 11.1.4-h11\", \"PAN-OS 11.1.4-h10\", \"PAN-OS 11.1.4-h9\", \"PAN-OS 11.1.4-h8\", \"PAN-OS 11.1.4-h7\", \"PAN-OS 11.1.4-h6\", \"PAN-OS 11.1.4-h5\", \"PAN-OS 11.1.4-h4\", \"PAN-OS 11.1.4-h3\", \"PAN-OS 11.1.4-h2\", \"PAN-OS 11.1.4-h1\", \"PAN-OS 11.1.4\", \"PAN-OS 11.1.3-h13\", \"PAN-OS 11.1.3-h12\", \"PAN-OS 11.1.3-h11\", \"PAN-OS 11.1.3-h10\", \"PAN-OS 11.1.3-h9\", \"PAN-OS 11.1.3-h8\", \"PAN-OS 11.1.3-h7\", \"PAN-OS 11.1.3-h6\", \"PAN-OS 11.1.3-h5\", \"PAN-OS 11.1.3-h4\", \"PAN-OS 11.1.3-h3\", \"PAN-OS 11.1.3-h2\", \"PAN-OS 11.1.3-h1\", \"PAN-OS 11.1.3\", \"PAN-OS 11.1.2-h18\", \"PAN-OS 11.1.2-h17\", \"PAN-OS 11.1.2-h16\", \"PAN-OS 11.1.2-h15\", \"PAN-OS 11.1.2-h14\", \"PAN-OS 11.1.2-h13\", \"PAN-OS 11.1.2-h12\", \"PAN-OS 11.1.2-h11\", \"PAN-OS 11.1.2-h10\", \"PAN-OS 11.1.2-h9\", \"PAN-OS 11.1.2-h8\", \"PAN-OS 11.1.2-h7\", \"PAN-OS 11.1.2-h6\", \"PAN-OS 11.1.2-h5\", \"PAN-OS 11.1.2-h4\", \"PAN-OS 11.1.2-h3\", \"PAN-OS 11.1.2-h2\", \"PAN-OS 11.1.2-h1\", \"PAN-OS 11.1.2\", \"PAN-OS 11.1.1-h2\", \"PAN-OS 11.1.1-h1\", \"PAN-OS 11.1.1\", \"PAN-OS 11.1.0-h4\", \"PAN-OS 11.1.0-h3\", \"PAN-OS 11.1.0-h2\", \"PAN-OS 11.1.0-h1\", \"PAN-OS 11.1.0\", \"PAN-OS 10.2.18-h6\", \"PAN-OS 10.2.18-h5\", \"PAN-OS 10.2.18-h1\", \"PAN-OS 10.2.18\", \"PAN-OS 10.2.17\", \"PAN-OS 10.2.16-h7\", \"PAN-OS 10.2.16-h6\", \"PAN-OS 10.2.16-h4\", \"PAN-OS 10.2.16-h1\", \"PAN-OS 10.2.16\", \"PAN-OS 10.2.15\", \"PAN-OS 10.2.14-h1\", \"PAN-OS 10.2.14\", \"PAN-OS 10.2.13-h21\", \"PAN-OS 10.2.13-h18\", \"PAN-OS 10.2.13-h16\", \"PAN-OS 10.2.13-h15\", \"PAN-OS 10.2.13-h10\", \"PAN-OS 10.2.13-h7\", \"PAN-OS 10.2.13-h5\", \"PAN-OS 10.2.13-h4\", \"PAN-OS 10.2.13-h3\", \"PAN-OS 10.2.13-h2\", \"PAN-OS 10.2.13-h1\", \"PAN-OS 10.2.13\", \"PAN-OS 10.2.12-h6\", \"PAN-OS 10.2.12-h5\", \"PAN-OS 10.2.12-h4\", \"PAN-OS 10.2.12-h3\", \"PAN-OS 10.2.12-h2\", \"PAN-OS 10.2.12-h1\", \"PAN-OS 10.2.12\", \"PAN-OS 10.2.11-h13\", \"PAN-OS 10.2.11-h12\", \"PAN-OS 10.2.11-h11\", \"PAN-OS 10.2.11-h10\", \"PAN-OS 10.2.11-h9\", \"PAN-OS 10.2.11-h8\", \"PAN-OS 10.2.11-h7\", \"PAN-OS 10.2.11-h6\", \"PAN-OS 10.2.11-h5\", \"PAN-OS 10.2.11-h4\", \"PAN-OS 10.2.11-h3\", \"PAN-OS 10.2.11-h2\", \"PAN-OS 10.2.11-h1\", \"PAN-OS 10.2.11\", \"PAN-OS 10.2.10-h36\", \"PAN-OS 10.2.10-h31\", \"PAN-OS 10.2.10-h30\", \"PAN-OS 10.2.10-h27\", \"PAN-OS 10.2.10-h26\", \"PAN-OS 10.2.10-h23\", \"PAN-OS 10.2.10-h21\", \"PAN-OS 10.2.10-h18\", \"PAN-OS 10.2.10-h17\", \"PAN-OS 10.2.10-h14\", \"PAN-OS 10.2.10-h13\", \"PAN-OS 10.2.10-h12\", \"PAN-OS 10.2.10-h11\", \"PAN-OS 10.2.10-h10\", \"PAN-OS 10.2.10-h9\", \"PAN-OS 10.2.10-h8\", \"PAN-OS 10.2.10-h7\", \"PAN-OS 10.2.10-h6\", \"PAN-OS 10.2.10-h5\", \"PAN-OS 10.2.10-h4\", \"PAN-OS 10.2.10-h3\", \"PAN-OS 10.2.10-h2\", \"PAN-OS 10.2.10-h1\", \"PAN-OS 10.2.10\", \"PAN-OS 10.2.9-h21\", \"PAN-OS 10.2.9-h20\", \"PAN-OS 10.2.9-h19\", \"PAN-OS 10.2.9-h18\", \"PAN-OS 10.2.9-h17\", \"PAN-OS 10.2.9-h16\", \"PAN-OS 10.2.9-h15\", \"PAN-OS 10.2.9-h14\", \"PAN-OS 10.2.9-h13\", \"PAN-OS 10.2.9-h12\", \"PAN-OS 10.2.9-h11\", \"PAN-OS 10.2.9-h10\", \"PAN-OS 10.2.9-h9\", \"PAN-OS 10.2.9-h8\", \"PAN-OS 10.2.9-h7\", \"PAN-OS 10.2.9-h6\", \"PAN-OS 10.2.9-h5\", \"PAN-OS 10.2.9-h4\", \"PAN-OS 10.2.9-h3\", \"PAN-OS 10.2.9-h2\", \"PAN-OS 10.2.9-h1\", \"PAN-OS 10.2.9\", \"PAN-OS 10.2.8-h21\", \"PAN-OS 10.2.8-h20\", \"PAN-OS 10.2.8-h19\", \"PAN-OS 10.2.8-h18\", \"PAN-OS 10.2.8-h17\", \"PAN-OS 10.2.8-h16\", \"PAN-OS 10.2.8-h15\", \"PAN-OS 10.2.8-h14\", \"PAN-OS 10.2.8-h13\", \"PAN-OS 10.2.8-h12\", \"PAN-OS 10.2.8-h11\", \"PAN-OS 10.2.8-h10\", \"PAN-OS 10.2.8-h9\", \"PAN-OS 10.2.8-h8\", \"PAN-OS 10.2.8-h7\", \"PAN-OS 10.2.8-h6\", \"PAN-OS 10.2.8-h5\", \"PAN-OS 10.2.8-h4\", \"PAN-OS 10.2.8-h3\", \"PAN-OS 10.2.8-h2\", \"PAN-OS 10.2.8-h1\", \"PAN-OS 10.2.8\", \"PAN-OS 10.2.7-h34\", \"PAN-OS 10.2.7-h32\", \"PAN-OS 10.2.7-h24\", \"PAN-OS 10.2.7-h23\", \"PAN-OS 10.2.7-h22\", \"PAN-OS 10.2.7-h21\", \"PAN-OS 10.2.7-h20\", \"PAN-OS 10.2.7-h19\", \"PAN-OS 10.2.7-h18\", \"PAN-OS 10.2.7-h17\", \"PAN-OS 10.2.7-h16\", \"PAN-OS 10.2.7-h15\", \"PAN-OS 10.2.7-h14\", \"PAN-OS 10.2.7-h13\", \"PAN-OS 10.2.7-h12\", \"PAN-OS 10.2.7-h11\", \"PAN-OS 10.2.7-h10\", \"PAN-OS 10.2.7-h9\", \"PAN-OS 10.2.7-h8\", \"PAN-OS 10.2.7-h7\", \"PAN-OS 10.2.7-h6\", \"PAN-OS 10.2.7-h5\", \"PAN-OS 10.2.7-h4\", \"PAN-OS 10.2.7-h3\", \"PAN-OS 10.2.7-h2\", \"PAN-OS 10.2.7-h1\", \"PAN-OS 10.2.7\", \"PAN-OS 10.2.6-h6\", \"PAN-OS 10.2.6-h5\", \"PAN-OS 10.2.6-h4\", \"PAN-OS 10.2.6-h3\", \"PAN-OS 10.2.6-h2\", \"PAN-OS 10.2.6-h1\", \"PAN-OS 10.2.6\", \"PAN-OS 10.2.5-h9\", \"PAN-OS 10.2.5-h8\", \"PAN-OS 10.2.5-h7\", \"PAN-OS 10.2.5-h6\", \"PAN-OS 10.2.5-h5\", \"PAN-OS 10.2.5-h4\", \"PAN-OS 10.2.5-h3\", \"PAN-OS 10.2.5-h2\", \"PAN-OS 10.2.5-h1\", \"PAN-OS 10.2.5\", \"PAN-OS 10.2.4-h32\", \"PAN-OS 10.2.4-h31\", \"PAN-OS 10.2.4-h30\", \"PAN-OS 10.2.4-h29\", \"PAN-OS 10.2.4-h28\", \"PAN-OS 10.2.4-h27\", \"PAN-OS 10.2.4-h26\", \"PAN-OS 10.2.4-h25\", \"PAN-OS 10.2.4-h24\", \"PAN-OS 10.2.4-h23\", \"PAN-OS 10.2.4-h22\", \"PAN-OS 10.2.4-h21\", \"PAN-OS 10.2.4-h20\", \"PAN-OS 10.2.4-h19\", \"PAN-OS 10.2.4-h18\", \"PAN-OS 10.2.4-h17\", \"PAN-OS 10.2.4-h16\", \"PAN-OS 10.2.4-h15\", \"PAN-OS 10.2.4-h14\", \"PAN-OS 10.2.4-h13\", \"PAN-OS 10.2.4-h12\", \"PAN-OS 10.2.4-h11\", \"PAN-OS 10.2.4-h10\", \"PAN-OS 10.2.4-h9\", \"PAN-OS 10.2.4-h8\", \"PAN-OS 10.2.4-h7\", \"PAN-OS 10.2.4-h6\", \"PAN-OS 10.2.4-h5\", \"PAN-OS 10.2.4-h4\", \"PAN-OS 10.2.4-h3\", \"PAN-OS 10.2.4-h2\", \"PAN-OS 10.2.4-h1\", \"PAN-OS 10.2.4\", \"PAN-OS 10.2.3-h14\", \"PAN-OS 10.2.3-h13\", \"PAN-OS 10.2.3-h12\", \"PAN-OS 10.2.3-h11\", \"PAN-OS 10.2.3-h10\", \"PAN-OS 10.2.3-h9\", \"PAN-OS 10.2.3-h8\", \"PAN-OS 10.2.3-h7\", \"PAN-OS 10.2.3-h6\", \"PAN-OS 10.2.3-h5\", \"PAN-OS 10.2.3-h4\", \"PAN-OS 10.2.3-h3\", \"PAN-OS 10.2.3-h2\", \"PAN-OS 10.2.3-h1\", \"PAN-OS 10.2.3\", \"PAN-OS 10.2.2-h6\", \"PAN-OS 10.2.2-h5\", \"PAN-OS 10.2.2-h4\", \"PAN-OS 10.2.2-h3\", \"PAN-OS 10.2.2-h2\", \"PAN-OS 10.2.2-h1\", \"PAN-OS 10.2.2\", \"PAN-OS 10.2.1-h3\", \"PAN-OS 10.2.1-h2\", \"PAN-OS 10.2.1-h1\", \"PAN-OS 10.2.1\", \"PAN-OS 10.2.0-h4\", \"PAN-OS 10.2.0-h3\", \"PAN-OS 10.2.0-h2\", \"PAN-OS 10.2.0-h1\", \"PAN-OS 10.2.0\"], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"12.1.4-h8\", \"versionStartIncluding\": \"12.1.4\"}, {\"criteria\": \"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"12.1.7-h2\", \"versionStartIncluding\": \"12.1.7\"}, {\"criteria\": \"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"12.1.8\", \"versionStartIncluding\": \"12.1.0\"}, {\"criteria\": \"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.2.4-h20\", \"versionStartIncluding\": \"11.2.4\"}, {\"criteria\": \"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.2.7-h18\", \"versionStartIncluding\": \"11.2.7\"}, {\"criteria\": \"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.2.10-h11\", \"versionStartIncluding\": \"11.2.10\"}, {\"criteria\": \"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.2.13\", \"versionStartIncluding\": \"11.2.0\"}, {\"criteria\": \"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.1.4-h35\", \"versionStartIncluding\": \"11.1.4\"}, {\"criteria\": \"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.1.6-h35\", \"versionStartIncluding\": \"11.1.6\"}, {\"criteria\": \"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.1.7-h8\", \"versionStartIncluding\": \"11.1.7\"}, {\"criteria\": \"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.1.10-h30\", \"versionStartIncluding\": \"11.1.10\"}, {\"criteria\": \"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.1.13-h9\", \"versionStartIncluding\": \"11.1.13\"}, {\"criteria\": \"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.1.16\", \"versionStartIncluding\": \"11.1.0\"}, {\"criteria\": \"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.2.7-h36\", \"versionStartIncluding\": \"10.2.7\"}, {\"criteria\": \"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.2.10-h39\", \"versionStartIncluding\": \"10.2.10\"}, {\"criteria\": \"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.2.13-h23\", \"versionStartIncluding\": \"10.2.13\"}, {\"criteria\": \"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.2.16-h9\", \"versionStartIncluding\": \"10.2.16\"}, {\"criteria\": \"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.2.18-h8\", \"versionStartIncluding\": \"10.2.18\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"providerMetadata\": {\"orgId\": \"d6c1279f-00f6-4ef7-9217-f89ffe703ec0\", \"shortName\": \"palo_alto\", \"dateUpdated\": \"2026-07-09T18:58:14.563Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-0285\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-09T19:25:44.255Z\", \"dateReserved\": \"2025-11-03T20:44:43.620Z\", \"assignerOrgId\": \"d6c1279f-00f6-4ef7-9217-f89ffe703ec0\", \"datePublished\": \"2026-07-09T18:58:14.563Z\", \"assignerShortName\": \"palo_alto\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…