PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
![](/INFO.png)
Informational
Description
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the affected OSS package, PAN-OS does not offer any scenarios required for an attacker to successfully exploit these vulnerabilities and is not impacted.
CVE | Summary |
---|---|
CVE-2017-8923 | This issue is only practical to exploit only when the memory limit is raised from its default to a value larger than 2 GiB. PAN-OS limits it to 128MB. |
CVE-2017-9120 | This only impacts PHP scripts calling mysqli_real_escape_string(). PAN-OS does not make use of this function. |
CVE-2017-18342 | Prerequisites for exploitating the vulnerable function do not exist on PAN-OS. |
CVE-2019-1551 | PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL versions. |
CVE-2019-16865 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
CVE-2019-16905 | PAN-OS is not affected as our OpenSSH build does not support XMSS. |
CVE-2019-19911 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
CVE-2020-0466 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2020-1967 | PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL function. |
CVE-2020-5310 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
CVE-2020-5313 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
CVE-2020-7760 | CodeMirror bundled in PAN-OS does not have vulnerable code parts |
CVE-2020-10379 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
CVE-2020-11538 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
CVE-2020-12321 | This only impacts some Intel Wireless Bluetooth devices, which are not part of any products. |
CVE-2020-12362 | This only impacts Intel(R) Graphics Drivers for Windows. Does not affect PAN-OS. |
CVE-2020-13757 | The vulnerable API isn't used in PAN-OS. |
CVE-2020-15778 | File uploads to PAN-OS can only be initiated from within the PAN-OS firewall CLI. This CVE requires initiating the file upload from an external system, so PAN-OS is not affected. |
CVE-2020-25211 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2020-25717 | Though PAN-OS software contains Samba packages, there isn't a Samba file and print server that runs in PAN-OS software. This CVE can not be exploited on PAN-OS. |
CVE-2020-29661 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2020-35653 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
CVE-2020-35654 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
CVE-2020-36385 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2021-0512 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2021-0920 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2021-3347 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2021-3450 | PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL versions. |
CVE-2021-3773 | PAN-OS is not affected as the vulnerable functionality is not used in PAN-OS. |
CVE-2021-3501 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2021-3609 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2021-4028 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2021-4083 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2021-4154 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2021-4155 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2021-20325 | The affected components are not present or not used in PAN-OS. |
CVE-2021-21706 | This is a Windows-specific vulnerability, and does not impact PAN-OS. |
CVE-2021-21708 | This only affects PHP scripts that use FILTER_VALIDATE_FLOAT. PAN-OS does not make use of this function. |
CVE-2021-22543 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2021-22555 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2021-23840 | PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL versions. |
CVE-2021-23841 | PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL function. |
CVE-2021-25217 | Prerequities for this CVE do not exist on PAN-OS. |
CVE-2021-25289 | PAN-OS is not affected by this CVE as the underlying operating system used by PAN-OS is not affected. |
CVE-2021-25290 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
CVE-2021-25291 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
CVE-2021-25293 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
CVE-2021-26708 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2021-27364 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2021-27365 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2021-27921 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
CVE-2021-27922 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
CVE-2021-27923 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
CVE-2021-28676 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
CVE-2021-28677 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
CVE-2021-32399 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2021-33034 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2021-33909 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2021-33910 | The vulnerable systemd software is not included in PAN-OS. |
CVE-2021-36159 | PAN-OS is not affected as external FTP is disabled, and PAN-OS does not use vulnerable component libfetch/apk-tools. |
CVE-2021-36368 | PAN-OS is not affected as the underlying operating system used by PAN-OS is not affected |
CVE-2021-37576 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2021-43267 | The affected functionality does not exist in the kernel version used by PAN-OS. |
CVE-2021-44790 | PAN-OS does not use the vulnerable mod_lua or proxy forwarding. |
CVE-2022-0185 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2022-0330 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2022-0492 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2022-0516 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2022-0847 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2022-1158 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2022-1292 | PAN-OS is not affected as the "c_rehash" script affected by this CVE is not shipped with PAN-OS. |
CVE-2022-1586 | PAN-OS is not affected as the vulnerable functionality is not used in PAN-OS. |
CVE-2022-1729 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2022-1941 | PAN-OS is not affected by this CVE as the underlying operating system components used by PAN-OS are not affected. |
CVE-2022-2068 | PAN-OS is not affected as the "c_rehash" script affected by this CVE is not shipped with PAN-OS. |
CVE-2022-2526 | The vulnerable systemd software is not included in PAN-OS. |
CVE-2022-2588 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2022-2639 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2022-2964 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2022-4139 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2022-4378 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2022-22721 | Exploit requires request body to be 350 MB. The request size in PAN-OS is 1MB. Therefore, this CVE does not impact PAN-OS. |
CVE-2022-22817 | PAN-OS does not make use of the ImageMath module. Therefore, its eval() method is never called. |
CVE-2022-22942 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2022-24303 | PAN-OS is not affected by this CVE as the underlying operating system components used by PAN-OS are not affected. |
CVE-2022-25636 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2022-27664 | PAN-OS is not affected as it does not use the vulnerable functionality |
CVE-2022-27666 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2022-28331 | PAN-OS is not affected as the underlying OS components used in PAN-OS are not affected. |
CVE-2022-28615 | No code distributed with the httpd server can exploit this flaw and the vulnerable function is not used in PAN-OS. |
CVE-2022-29217 | The vulnerable package is not used in PAN-OS. |
CVE-2022-29804 | The CVE is specific to the Go distribution on Windows. Does not apply to PAN-OS. |
CVE-2022-30634 | The CVE is specific to the Go distribution on Windows. Does not apply to PAN-OS. |
CVE-2022-31625 | PAN-OS does not use the affected PostgreSQL extension. |
CVE-2022-31626 | PAN-OS does not make use of the vulnerable PHP PDO MySQL driver and hence not impacted. |
CVE-2022-31628 | PAN-OS does not make use of the vulnerable phar functionality. |
CVE-2022-31676 | There are no scenarios that enable successful exploitation of this vulnerability on PAN-OS. |
CVE-2022-32250 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2022-36760 | PAN-OS is not affected as PAN-OS does not use the vulnerable mod_proxy_ajp. |
CVE-2022-37454 | This issue is only practical to exploit only when the memory limit is raised from its default to a value larger than 4 GiB. PAN-OS has safer and restricted limits that do not enable exploting this vulnerability. |
CVE-2022-38023 | Though PAN-OS software contains Samba packages, there isn't a Samba file and print server that runs in PAN-OS software. This CVE can not be exploited on PAN-OS. |
CVE-2022-40897 | PAN-OS does not allow customers to install custom packages. |
CVE-2022-41222 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2022-41716 | The CVE is specific to the Go distribution on Windows. Does not apply to PAN-OS. |
CVE-2022-42898 | The vulnerable function/feature krb5_pac_parse() is not called from PAN-OS. |
CVE-2022-45198 | The GIF images that are processed come with PAN-OS and cannot be submitted through any form of user input, so this is not exploitable. |
CVE-2022-45199 | The TIFF images that are processed come with PAN-OS and cannot be submitted through any form of user input, so this is not exploitable. |
CVE-2023-0386 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-0461 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-1281 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-1829 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-2235 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-29400 | PAN-OS is not affected as it does not use the vulnerable functionality |
CVE-2023-3090 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-3390 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-3609 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-3611 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-3776 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-3812 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-3961 | PAN-OS is not affected as the vulnerable functionality is not used in PAN-OS. |
CVE-2023-33733 | PAN-OS is not affected as the underlying operating system components used by PAN-OS are not affected |
CVE-2023-4004 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-4206 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-4207 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-4208 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-4622 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-4623 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-4921 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-5178 | The affected kernel component is not used by PAN-OS. |
CVE-2023-5633 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-6546 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-6817 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-20900 | There are no scenarios that enable successful exploitation of this vulnerability on PAN-OS. |
CVE-2023-23931 | The vulnerable functions/features are not used in PAN-OS. Prerequities for this CVE do not exist on PAN-OS. |
CVE-2023-25690 | PAN-OS does not use the vulnerable component mod_proxy or mod_rewrite. |
CVE-2023-25775 | PAN-OS does not use the vulnerable drivers. |
CVE-2023-31436 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-32233 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-34058 | There are no scenarios that enable successful exploitation of this vulnerability on PAN-OS. |
CVE-2023-34059 | There are no scenarios that enable successful exploitation of this vulnerability on PAN-OS. |
CVE-2023-35001 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-35788 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-37920 | The vulnerable component is not used in PAN-OS. |
CVE-2023-38408 | This issue affects ssh-agent, which is not used or enabled in PAN-OS. |
CVE-2023-40217 | The vulnerable Python features are not used in PAN-OS. |
CVE-2023-42753 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-44271 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
CVE-2023-45283 | The CVE is specific to the Go distribution on Windows. Does not apply to PAN-OS. |
CVE-2023-45284 | The CVE is specific to the Go distribution on Windows. Does not apply to PAN-OS. |
CVE-2023-45871 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2023-46324 | The affected component is not used in PAN-OS. |
CVE-2023-50447 | PAN-OS does not make use of the ImageMath module. Therefore, its eval() method is never called. |
CVE-2023-51384 | This issue affects ssh-agent, which is not used or enabled in PAN-OS. |
CVE-2023-51385 | The ssh configuration file on PAN-OS does not contain the vulnerable configuration settings. Therefore, PAN-OS is not affected. |
CVE-2023-51781 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
CVE-2024-4577 | This is a Windows-specific vulnerability, and does not impact PAN-OS. |
Product Status
Versions | Affected | Unaffected |
---|---|---|
PAN-OS | None | All |
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of these issues in any of our products.
Solution
No software updates are required at this time.