Palo Alto Networks Security Advisories / PAN-SA-2024-0004

PAN-SA-2024-0004 Informational Bulletin: OSS CVEs fixed in PAN-OS


Informational

Description

The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. While it was not determined that these CVEs have any significant impact on PAN-OS, they have been fixed out of an abundance of caution.

CVESummary
CVE-2017-8923This CVE is fixed in PAN-OS 10.2.8, 11.0.3, and all later PAN-OS versions.
CVE-2017-9120This CVE is fixed in PAN-OS 10.2.8, 11.0.3, and all later PAN-OS versions.
CVE-2019-10082This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions.
CVE-2019-17626This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions.
CVE-2019-19450This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions.
CVE-2020-5311This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions.
CVE-2020-5312This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions.
CVE-2020-11984This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions.
CVE-2020-14145This CVE is fixed in PAN-OS 10.2.3, and all later PAN-OS versions.
CVE-2020-25658This CVE is fixed in PAN-OS 11.1.3, and all later PAN-OS versions.
CVE-2020-36242This CVE is fixed in PAN-OS 11.2.0, and all later PAN-OS versions.
CVE-2021-21708This CVE is fixed in PAN-OS 10.2.8, 11.0.3, 11.1.0, and all later PAN-OS versions.
CVE-2021-26691This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions.
CVE-2021-39275This CVE is fixed in PAN-OS 10.2.8, 11.0.2, and all later PAN-OS versions.
CVE-2021-40438This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions.
CVE-2021-43527This CVE is fixed in PAN-OS 10.2.8, 11.0.4, and all later PAN-OS versions.
CVE-2022-1271This CVE is fixed in PAN-OS 11.0.4, 11.1.3, and all later PAN-OS versions.
CVE-2022-3515This CVE is fixed in PAN-OS 10.2.5, 11.0.3, and all later PAN-OS versions.
CVE-2022-22720This CVE is fixed in PAN-OS 10.2.8, 11.0.2, and all later PAN-OS versions.
CVE-2022-23943This CVE is fixed in PAN-OS 10.2.8, 11.0.2, and all later PAN-OS versions.
CVE-2022-31676This CVE is fixed in PAN-OS 10.1.9, 10.2.4, 11.0.1, and all later PAN-OS versions.
CVE-2022-31813This CVE is fixed in PAN-OS 10.2.8, 11.0.2, and all later PAN-OS versions.
CVE-2022-37454This CVE is fixed in PAN-OS 10.2.8, 11.0.3, and all later PAN-OS versions.
CVE-2022-47629This CVE is fixed in PAN-OS 10.2.5, 11.0.2, and all later PAN-OS versions.
CVE-2023-0286This CVE is fixed in PAN-OS 10.2.5, 11.0.2, and all later PAN-OS versions.
CVE-2022-22721This CVE is fixed in PAN-OS 10.2.8, 11.0.2, and all later PAN-OS versions.

Product Status

VersionsAffectedUnaffected
PAN-OS Versions prior to those listed aboveVersions listed above

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of these issues in PAN-OS software.

Solution

No software updates are required at this time.

© 2024 Palo Alto Networks, Inc. All rights reserved.