{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Cortex XDR Agent versions 8.5.x ant\u00e9rieures \u00e0 8.5.1 pour Windows","product":{"name":"Cortex XDR Agent","vendor":{"name":"Palo Alto Networks","scada":false}}},{"description":"Prisma Access Browser versions ant\u00e9rieures \u00e0 133.8.10.54","product":{"name":"Prisma Access Browser","vendor":{"name":"Palo Alto Networks","scada":false}}},{"description":"PAN-OS versions 11.2.0 ant\u00e9rieures \u00e0 11.2.4-h4","product":{"name":"PAN-OS","vendor":{"name":"Palo Alto Networks","scada":false}}},{"description":"PAN-OS versions 11.1.0 ant\u00e9rieures \u00e0 11.1.6-h1","product":{"name":"PAN-OS","vendor":{"name":"Palo Alto Networks","scada":false}}},{"description":"PAN-OS versions 10.2.0 ant\u00e9rieures \u00e0 10.2.13-h3","product":{"name":"PAN-OS","vendor":{"name":"Palo Alto Networks","scada":false}}},{"description":"Cortex XDR Broker VM versions ant\u00e9rieures \u00e0 26.0.116","product":{"name":"Cortex XDR Broker","vendor":{"name":"Palo Alto Networks","scada":false}}},{"description":"Cortex XDR Agent versions 8.3-CE ant\u00e9rieures \u00e0 8.3.101-CE  pour Windows","product":{"name":"Cortex XDR Agent","vendor":{"name":"Palo Alto Networks","scada":false}}},{"description":"PAN-OS OpenConfig Plugin versions   ant\u00e9rieures \u00e0 2.1.2","product":{"name":"PAN-OS","vendor":{"name":"Palo Alto Networks","scada":false}}},{"description":"PAN-OS versions 10.1.0 ant\u00e9rieures \u00e0 10.1.14-h9","product":{"name":"PAN-OS","vendor":{"name":"Palo Alto Networks","scada":false}}},{"description":"Cortex XDR Agent versions 8.4.x et ant\u00e9rieures","product":{"name":"Cortex XDR Agent","vendor":{"name":"Palo Alto Networks","scada":false}}}],"affected_systems_content":" L'\u00e9diteur indique que les versions 8.4.x et ant\u00e9rieures de Cortex XDR Agent ne sont plus maintenues. La mise \u00e0 jour vers la version 8.5.1 au minimum est n\u00e9cessaire. De plus la mise \u00e0 jour de Cortex XDR Broker VM en version 25.105.6 ne prot\u00e8ge pas de l'exploitation de la vuln\u00e9rabilit\u00e9 CVE-2025-0113 qui est corrig\u00e9e par la version 26.0.116.","content":"## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des correctifs (cf. section Documentation).","cves":[{"name":"CVE-2025-0448","url":"https://www.cve.org/CVERecord?id=CVE-2025-0448"},{"name":"CVE-2025-0111","url":"https://www.cve.org/CVERecord?id=CVE-2025-0111"},{"name":"CVE-2025-0440","url":"https://www.cve.org/CVERecord?id=CVE-2025-0440"},{"name":"CVE-2025-0445","url":"https://www.cve.org/CVERecord?id=CVE-2025-0445"},{"name":"CVE-2025-0434","url":"https://www.cve.org/CVERecord?id=CVE-2025-0434"},{"name":"CVE-2025-0439","url":"https://www.cve.org/CVERecord?id=CVE-2025-0439"},{"name":"CVE-2025-0612","url":"https://www.cve.org/CVERecord?id=CVE-2025-0612"},{"name":"CVE-2025-0291","url":"https://www.cve.org/CVERecord?id=CVE-2025-0291"},{"name":"CVE-2025-0451","url":"https://www.cve.org/CVERecord?id=CVE-2025-0451"},{"name":"CVE-2025-0611","url":"https://www.cve.org/CVERecord?id=CVE-2025-0611"},{"name":"CVE-2025-0443","url":"https://www.cve.org/CVERecord?id=CVE-2025-0443"},{"name":"CVE-2025-0109","url":"https://www.cve.org/CVERecord?id=CVE-2025-0109"},{"name":"CVE-2024-1135","url":"https://www.cve.org/CVERecord?id=CVE-2024-1135"},{"name":"CVE-2025-0446","url":"https://www.cve.org/CVERecord?id=CVE-2025-0446"},{"name":"CVE-2025-0435","url":"https://www.cve.org/CVERecord?id=CVE-2025-0435"},{"name":"CVE-2025-0442","url":"https://www.cve.org/CVERecord?id=CVE-2025-0442"},{"name":"CVE-2025-0441","url":"https://www.cve.org/CVERecord?id=CVE-2025-0441"},{"name":"CVE-2025-0444","url":"https://www.cve.org/CVERecord?id=CVE-2025-0444"},{"name":"CVE-2025-0108","url":"https://www.cve.org/CVERecord?id=CVE-2025-0108"},{"name":"CVE-2025-0762","url":"https://www.cve.org/CVERecord?id=CVE-2025-0762"},{"name":"CVE-2025-0112","url":"https://www.cve.org/CVERecord?id=CVE-2025-0112"},{"name":"CVE-2025-0438","url":"https://www.cve.org/CVERecord?id=CVE-2025-0438"},{"name":"CVE-2025-0437","url":"https://www.cve.org/CVERecord?id=CVE-2025-0437"},{"name":"CVE-2025-0436","url":"https://www.cve.org/CVERecord?id=CVE-2025-0436"},{"name":"CVE-2025-0447","url":"https://www.cve.org/CVERecord?id=CVE-2025-0447"},{"name":"CVE-2025-0110","url":"https://www.cve.org/CVERecord?id=CVE-2025-0110"},{"name":"CVE-2025-0113","url":"https://www.cve.org/CVERecord?id=CVE-2025-0113"}],"links":[],"reference":"CERTFR-2025-AVI-0128","revisions":[{"description":"Version initiale","revision_date":"2025-02-13T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es.","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks","vendor_advisories":[{"published_at":"2025-02-12","title":"Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-1135","url":"https://security.paloaltonetworks.com/CVE-2024-1135"},{"published_at":"2025-02-12","title":"Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0109","url":"https://security.paloaltonetworks.com/CVE-2025-0109"},{"published_at":"2025-02-12","title":"Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0110","url":"https://security.paloaltonetworks.com/CVE-2025-0110"},{"published_at":"2025-02-12","title":"Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0108","url":"https://security.paloaltonetworks.com/CVE-2025-0108"},{"published_at":"2025-02-12","title":"Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0113","url":"https://security.paloaltonetworks.com/CVE-2025-0113"},{"published_at":"2025-02-12","title":"Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0004"},{"published_at":"2025-02-12","title":"Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0112","url":"https://security.paloaltonetworks.com/CVE-2025-0112"},{"published_at":"2025-02-12","title":"Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0111","url":"https://security.paloaltonetworks.com/CVE-2025-0111"}]}