Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 1 - 17 of 17
Filters:
Palo Alto Networks | PAN-OS

CVE-2025-0111

Palo Alto Networks PAN-OS File Read Vulnerability: Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.

Related CWE: CWE-73

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-20
  • Due Date: 2025-03-13
Additional Notes
https://security.paloaltonetworks.com/CVE-2025-0111 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0111
Palo Alto Networks | PAN-OS

CVE-2025-0108

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability: Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in its management web interface. This vulnerability allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-18
  • Due Date: 2025-03-11
Additional Notes
https://security.paloaltonetworks.com/CVE-2025-0108 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0108
Palo Alto Networks | PAN-OS

CVE-2024-3393

Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability: Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malicious DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

Related CWE: CWE-754

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-12-30
  • Due Date: 2025-01-20
Additional Notes
https://security.paloaltonetworks.com/CVE-2024-3393 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3393
Palo Alto Networks | PAN-OS

CVE-2024-0012

Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability: Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.
  • Date Added: 2024-11-18
  • Due Date: 2024-12-09
Additional Notes
https://security.paloaltonetworks.com/CVE-2024-0012 ; https://nvd.nist.gov/vuln/detail/CVE-2024-0012
Palo Alto Networks | PAN-OS

CVE-2024-9474

Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability: Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.
  • Date Added: 2024-11-18
  • Due Date: 2024-12-09
Additional Notes
https://security.paloaltonetworks.com/CVE-2024-9474 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9474
Palo Alto Networks | Expedition

CVE-2024-9465

Palo Alto Networks Expedition SQL Injection Vulnerability: Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-11-14
  • Due Date: 2024-12-05
Additional Notes
https://security.paloaltonetworks.com/PAN-SA-2024-0010 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9465
Palo Alto Networks | Expedition

CVE-2024-9463

Palo Alto Networks Expedition OS Command Injection Vulnerability: Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-11-14
  • Due Date: 2024-12-05
Additional Notes
https://security.paloaltonetworks.com/PAN-SA-2024-0010 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9463
Palo Alto Networks | Expedition

CVE-2024-5910

Palo Alto Networks Expedition Missing Authentication Vulnerability: Palo Alto Networks Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-11-07
  • Due Date: 2024-11-28
Additional Notes
https://security.paloaltonetworks.com/CVE-2024-5910 ; https://nvd.nist.gov/vuln/detail/CVE-2024-5910
Palo Alto Networks | PAN-OS

CVE-2024-3400

Palo Alto Networks PAN-OS Command Injection Vulnerability: Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.

Related CWEs: CWE-20| CWE-77

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.
  • Date Added: 2024-04-12
  • Due Date: 2024-04-19
Additional Notes
https://security.paloaltonetworks.com/CVE-2024-3400 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3400
RARLAB | WinRAR

CVE-2023-38831

RARLAB WinRAR Code Execution Vulnerability: RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive.

Related CWE: CWE-351

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-08-24
  • Due Date: 2023-09-14
Additional Notes
http://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa; https://nvd.nist.gov/vuln/detail/CVE-2023-38831
Palo Alto Networks | PAN-OS

CVE-2022-0028

Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability: A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.

Related CWE: CWE-940

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-22
  • Due Date: 2022-09-12
Additional Notes
https://security.paloaltonetworks.com/CVE-2022-0028; https://nvd.nist.gov/vuln/detail/CVE-2022-0028
RARLAB | UnRAR

CVE-2022-30333

RARLAB UnRAR Directory Traversal Vulnerability: RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation.

Related CWEs: CWE-22| CWE-59

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-09
  • Due Date: 2022-08-30
Additional Notes
Vulnerability updated with version 6.12. Accessing link will download update information: https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz; https://nvd.nist.gov/vuln/detail/CVE-2022-30333
Palo Alto Networks | PAN-OS

CVE-2020-2021

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability: Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.

Related CWE: CWE-347

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-2021
RARLAB | WinRAR

CVE-2018-20250

WinRAR Absolute Path Traversal Vulnerability: WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution

Related CWE: CWE-36

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-15
  • Due Date: 2022-08-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-20250
Palo Alto Networks | PAN-OS

CVE-2019-1579

Palo Alto Networks PAN-OS Remote Code Execution Vulnerability: Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.

Related CWE: CWE-134

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-01-10
  • Due Date: 2022-07-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1579
Symantec | Symantec Messaging Gateway

CVE-2017-6327

Symantec Messaging Gateway Remote Code Execution Vulnerability: Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform privilege escalating actions.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-6327

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now