PAN-SA-2022-0007 Impact of OpenSSL 3.0 Vulnerability CVE-2022-3996
Informational
Description
The OpenSSL Project has published a vulnerability CVE-2022-3996 that affects OpenSSL versions 3.0.0 through 3.0.7 on December 13, 2022. Exploitation of this vulnerability can result in a denial of service to an impacted application on Windows systems.
The Palo Alto Networks Product Security Assurance team has evaluated and confirmed that all products and services are not impacted by this vulnerability.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| AutoFocus | None | all |
| Bridgecrew | None | all |
| Cloud NGFW | None | all |
| Cortex Data Lake | None | all |
| Cortex XDR | None | all |
| Cortex XDR Agent | None | all |
| Cortex Xpanse | None | all |
| Cortex XSOAR | None | all |
| Enterprise Data Loss Prevention | None | all |
| Exact Data Matching CLI | None | all |
| Expanse | None | all |
| Expedition Migration Tool | None | all |
| GlobalProtect App | None | all |
| IoT Security | None | all |
| Okyo Garde | None | all |
| Palo Alto Networks App for Splunk | None | all |
| PAN-OS | None | all |
| Prisma Access | None | all |
| Prisma Cloud | None | all |
| Prisma Cloud Compute | None | all |
| Prisma SD-WAN (CloudGenix) | None | all |
| Prisma SD-WAN ION | None | all |
| SaaS Security | None | all |
| User-ID Agent | None | all |
| WildFire Appliance (WF-500) | None | all |
| WildFire Cloud | None | all |
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue on any of our products.
Weakness Type
Solution
No software updates are required at this time.
NOTE: Cortex XDR Broker VM versions earlier than Cortex XDR Broker VM 17.4.1 contain an affected version of the OpenSSL 3.0 library but are not impacted. There are no scenarios in Cortex XDR Broker VM software that enable successful exploitation of these vulnerabilities. The OpenSSL 3.0 library has been removed from Cortex XDR Broker VM 17.4.1 and later versions for security assurance.
Workarounds and Mitigations
There are no known workarounds for this issue.