CVE-2023-38545 Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546)
The Palo Alto Networks Product Security Assurance team has evaluated the curl and libcurl vulnerabilities (CVE-2023-38545, CVE-2023-38546) that were disclosed on October 11, 2023 as they relate to our products.
At this time, there are no demonstrated scenarios that enable successful exploitation of these vulnerabilities in our products.
|Cortex XDR Agent||None||all|
|Prisma SD-WAN ION||None||all|
Palo Alto Networks is not aware of any malicious exploitation of these issues in any of our products.
No software updates are required at this time.
Workarounds and Mitigations
Customers with a Threat Prevention subscription can block attacks for CVE-2023-38545 by enabling Threat ID 94436 (Applications and Threats content update 8764).