Palo Alto Networks Security Advisories / CVE-2023-4863

CVE-2023-4863 Impact of libwebp Vulnerability CVE-2023-4863

047910
Severity 0 · NONE
Attack Vector Not applicable
Scope Not applicable
Attack Complexity Not applicable
Confidentiality Impact NONE
Privileges Required Not applicable
Integrity Impact NONE
User Interaction Not applicable
Availability Impact NONE
NVD JSON
Published 2023-10-02
Updated 2023-10-02
Reference PAN-233452

Description

The Palo Alto Networks Product Security Assurance team has evaluated the recently disclosed critical libwebp vulnerability (CVE-2023-4863) as it relates to our products. While PAN-OS 10.2 and later versions include this library, PAN-OS software does not offer any scenarios required for the successful exploitation of this vulnerability and is not impacted.

No other Palo Alto Networks products are known to contain the vulnerable library and be impacted by this issue at this time.

Product Status

VersionsAffectedUnaffected
PAN-OS NoneAll

Severity: NONE

CVSSv3.1 Base Score: 0 (CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue in any of our products. Active exploitation of CVE-2023-4863 in browsers has been observed.

Weakness Type

CWE-787 Out-of-bounds Write

Solution

No software updates are required at this time.

Workarounds and Mitigations

Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 94394 (Applications and Threats content update 8757).

Timeline

Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2024 Palo Alto Networks, Inc. All rights reserved.