PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
Informational
Description
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the affected OSS package, PAN-OS does not offer any scenarios required for an attacker to successfully exploit these vulnerabilities and is not impacted.
CVE | Summary |
---|---|
CVE-2010-1622 | PAN-OS is not affected as the affected components are not present or not used in PAN-OS. |
CVE-2015-7552 | PAN-OS is not affected as the affected components are not present or not used in PAN-OS. |
CVE-2018-16840 | PAN-OS is not affected as the underlying operating system used by PAN-OS is not affected. |
CVE-2019-7639 | PAN-OS is not affected as the affected components are not present or not used in PAN-OS. |
CVE-2020-7774 | PAN-OS is not affected as the affected components are not present or not used in PAN-OS. |
CVE-2020-17049 | PAN-OS is not affected as the affected components are not present or not used in PAN-OS. |
CVE-2021-0131 | PAN-OS is not affected as the affected components are not present or not used in PAN-OS. |
CVE-2021-0132 | PAN-OS is not affected as the affected components are not present or not used in PAN-OS. |
CVE-2021-0133 | PAN-OS is not affected as the affected components are not present or not used in PAN-OS. |
CVE-2021-0134 | PAN-OS is not affected as the affected components are not present or not used in PAN-OS. |
CVE-2021-4044 | PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL versions. |
CVE-2021-4160 | PAN-OS is not affected as the affected components are not present or not used in PAN-OS. |
CVE-2021-41773 | PAN-OS is not affected as PAN-OS does not use the vulnerable httpd versions. |
CVE-2022-1343 | PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL versions. |
CVE-2022-2274 | PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL versions. |
CVE-2022-3358 | PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL versions. |
CVE-2022-3996 | PAN-OS is not affected as the underlying operating system used by PAN-OS is not affected. |
CVE-2022-21449 | PAN-OS is not affected as no realistic scenarios exist where it is practical to exploit this issue. |
CVE-2022-22963 | PAN-OS is not affected as the affected components are not present or not used in PAN-OS. |
CVE-2022-22965 | PAN-OS is not affected as the affected components are not present or not used in PAN-OS. |
CVE-2022-24697 | PAN-OS is not affected as the affected components are not present or not used in PAN-OS. |
CVE-2022-32207 | PAN-OS is not affected as the underlying operating system used by PAN-OS is not affected. |
CVE-2022-40664 | PAN-OS is not affected as the affected components are not present or not used in PAN-OS. |
CVE-2022-44792 | PAN-OS is not affected as the affected components are not present or not used in PAN-OS. |
CVE-2022-44793 | PAN-OS is not affected as the affected components are not present or not used in PAN-OS. |
CVE-2023-1255 | PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL versions. |
CVE-2023-3341 | PAN-OS is not affected as the affected components are not present or not used in PAN-OS. |
CVE-2023-4236 | PAN-OS is not affected as the affected components are not present or not used in PAN-OS. |
CVE-2023-4863 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
CVE-2023-22809 | PAN-OS is not affected as the affected components are not present or not used in PAN-OS. |
CVE-2023-23919 | PAN-OS is not affected as no realistic scenarios exist where it is practical to exploit this issue. |
CVE-2023-51767 | PAN-OS is not affected as no realistic scenarios exist where it is practical to exploit this issue. |
Product Status
Versions | Affected | Unaffected |
---|---|---|
PAN-OS | None | All |
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of these issues in any of our products.
Solution
No software updates are required at this time.