Palo Alto Networks Security Advisories / PAN-SA-2024-0004

PAN-SA-2024-0004 Informational Bulletin: OSS CVEs fixed in PAN-OS


Informational

JSON
Published 2024-04-10
Updated
Reference

Description

The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. While it was not determined that these CVEs have any significant impact on PAN-OS, they have been fixed out of an abundance of caution.

CVESummary
CVE-2015-5739This CVE is fixed in PAN-OS 11.0.4, and all later PAN-OS versions.
CVE-2017-8923This CVE is fixed in PAN-OS 10.2.8, 11.0.3, and all later PAN-OS versions.
CVE-2017-9120This CVE is fixed in PAN-OS 10.2.8, 11.0.3, and all later PAN-OS versions.
CVE-2019-10081This CVE is fixed in PAN-OS 10.2.0, and all later PAN-OS versions.
CVE-2019-10082This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions.
CVE-2019-17626This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions.
CVE-2019-18874This CVE is fixed in PAN-OS 10.2.0, and all later PAN-OS versions.
CVE-2019-19450This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions.
CVE-2019-20916This CVE is fixed in PAN-OS 10.2.0, and all later PAN-OS versions.
CVE-2020-5311This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions.
CVE-2020-5312This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions.
CVE-2020-11984This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions.
CVE-2020-12403This CVE is fixed in PAN-OS 10.2.8, 11.0.4, 11.1.0, and all later PAN-OS versions.
CVE-2020-14145This CVE is fixed in PAN-OS 10.2.3, and all later PAN-OS versions.
CVE-2020-25658This CVE is fixed in PAN-OS 11.1.3, and all later PAN-OS versions.
CVE-2020-27619This CVE is fixed in PAN-OS 10.2.8, 11.1.0, and all later PAN-OS versions.
CVE-2020-35527This CVE is fixed in PAN-OS 11.0.4, 11.1.4, and all later PAN-OS versions.
CVE-2020-36242This CVE is fixed in PAN-OS 11.2.0, and all later PAN-OS versions.
CVE-2021-3177This CVE is fixed in PAN-OS 10.2.8, 11.0.4, and all later PAN-OS versions.
CVE-2021-20231This CVE is fixed in PAN-OS 11.2.0, and all later PAN-OS versions.
CVE-2021-20232This CVE is fixed in PAN-OS 11.2.0, and all later PAN-OS versions.
CVE-2021-21708This CVE is fixed in PAN-OS 10.2.8, 11.0.3, 11.1.0, and all later PAN-OS versions.
CVE-2021-25287This CVE is fixed in PAN-OS 11.0.5, 11.2.0, and all later PAN-OS versions.
CVE-2021-25288This CVE is fixed in PAN-OS 11.0.5, 11.2.0, and all later PAN-OS versions.
CVE-2021-26691This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions.
CVE-2021-34552This CVE is fixed in PAN-OS 11.0.5, 11.2.0, and all later PAN-OS versions.
CVE-2021-39275This CVE is fixed in PAN-OS 10.2.8, 11.0.2, and all later PAN-OS versions.
CVE-2021-40438This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions.
CVE-2021-43527This CVE is fixed in PAN-OS 10.2.8, 11.0.4, and all later PAN-OS versions.
CVE-2021-46848This CVE is fixed in PAN-OS 11.1.3, and all later PAN-OS versions.
CVE-2022-1271This CVE is fixed in PAN-OS 11.0.4, 11.1.3, and all later PAN-OS versions.
CVE-2022-3515This CVE is fixed in PAN-OS 10.2.5, 11.0.3, and all later PAN-OS versions.
CVE-2022-22720This CVE is fixed in PAN-OS 10.2.8, 11.0.2, and all later PAN-OS versions.
CVE-2022-22721This CVE is fixed in PAN-OS 10.2.8, 11.0.2, and all later PAN-OS versions.
CVE-2022-23943This CVE is fixed in PAN-OS 10.2.8, 11.0.2, and all later PAN-OS versions.
CVE-2022-27404This CVE is fixed in PAN-OS 10.2.4, 11.0.1, and all later PAN-OS versions.
CVE-2022-31676This CVE is fixed in PAN-OS 10.1.9, 10.2.4, 11.0.1, and all later PAN-OS versions.
CVE-2022-31813This CVE is fixed in PAN-OS 10.2.8, 11.0.2, and all later PAN-OS versions.
CVE-2022-37454This CVE is fixed in PAN-OS 10.2.8, 11.0.3, and all later PAN-OS versions.
CVE-2022-47629This CVE is fixed in PAN-OS 10.2.5, 11.0.2, and all later PAN-OS versions.
CVE-2023-2650This CVE is fixed in PAN-OS 9.1.17, 10.1.11, 10.2.5, 11.0.3, and all later PAN-OS versions.
CVE-2023-0286This CVE is fixed in PAN-OS 10.2.5, 11.0.2, and all later PAN-OS versions.

Product Status

VersionsAffectedUnaffected
PAN-OS Versions prior to those listed aboveVersions listed above

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of these issues in PAN-OS software.

Solution

No software updates are required at this time.

Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2024 Palo Alto Networks, Inc. All rights reserved.