How to lookup multiple PAN security advisories or CVEs and get PAN-OS version affected and patched, solutions and work arounds
16324
Created On 02/05/21 19:50 PM - Last Modified 05/31/23 21:41 PM
Question
If you have a security vulnerability report for your PAN-OS that is long and you need to find PAN-OS versions affected vs patched or a list of CVEs, you might ask how can you lookup the information without going through item by item.
Environment
https://security.paloaltonetworks.com/
Answer
Below is an example of a security report you might get on PAN-OS 8.1.+
Palo Alto Networks PAN-OS:OS command injection or arbitrary file deletion vulnerability(PAN-102688)
Palo Alto Networks PAN-OS:Spoofed Kerberos key distribution center authentication bypass vulnerability(PAN-118957)
Palo Alto Networks PAN-OS:OS command injection vulnerability(PAN-125804)
Palo Alto Networks PAN-OS:Authenticated user command injection vulnerability(PAN-126362)
Palo Alto Networks PAN-OS:OS command injection vulnerability in management interface certificate generator(PAN-124621)
Palo Alto Networks PAN-OS:OS injection vulnerability(PAN-127118)
Palo Alto Networks PAN-OS:OpenSSH Software Vulnerabilities(PAN-SA-2020-0005,PAN-111061)
Palo Alto Networks PAN-OS:Buffer Overflow Vulnerability(PAN-100855)
Palo Alto Networks PAN-OS GlobalProtect Clientless VPN session hijacking
Palo Alto Networks PAN-OS XML external entity reference ('XXE') vulnerability(PAN-119810)
Palo Alto Networks PAN-OS Buffer overflow in the management server(PAN-100734)
Palo Alto Networks PAN-OS Management Web Interface Denial-Of-Service Vulnerability (PAN-148806)
Palo Alto Networks PAN-OS:OS command injection vulnerability in the management interface(PAN-100226 and PAN-102677)
Palo Alto Networks PAN-OS: TLS 1.0 cryptographically weak protocol(PAN-141122 and PAN-141579)
Palo Alto Networks PAN-OS:Improper SAML SSO authorization of shared local users vulnerability(PAN-108992)
Palo Alto Networks PAN-OS:Predictable temporary file vulnerability(PAN-123391)
Palo Alto Networks PAN-OS:GlobalProtect Portal PHP session fixation vulnerability(PAN-124039)
etc......
You can use a text editor that allows you to edit multiple files at once like Sublime, Notepad++, Atom, or whatever your preference and pull the PAN-IDS from each line and then enter the info into the search field in
https://security.paloaltonetworks.com/
below is the actual query:
https://security.paloaltonetworks.com/?q=PAN-141122+PAN-SA-2020-0005+PAN-151978+PAN-128761+PAN-116720+PAN-102682+PAN-102688+PAN-118957+PAN-125804+PAN-126362+PAN-124621+PAN-127118+PAN-111061+PAN-100855+PAN-119810+PAN-100734+PAN-148806+PAN-102677+PAN-141579+PAN-108992+PAN-123391+PAN-124039+PAN-128248+PAN-100415+PAN-121058+PAN-111636+PAN-121319&sort=-date
You can also do the same for a list of CVE's that affects our PAN-OS.
As well as modify the query to add your own manually.
Then at the very bottom there is a download button which will output the format into a visually clear table csv format which is a lot better than the output you get from the webview.
The CSV download file will have solutions, work arounds, descriptions, and other useful information not seen from the webview
etc..