Palo Alto Networks Security Advisories / PAN-SA-2024-0008

PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS


Informational

Description

The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the affected OSS package, PAN-OS does not offer any scenarios required for an attacker to successfully exploit these vulnerabilities and is not impacted.

CVESummary
CVE-2010-1622PAN-OS is not affected as the affected components are not present or not used in PAN-OS.
CVE-2015-7552PAN-OS is not affected as the affected components are not present or not used in PAN-OS.
CVE-2018-16840PAN-OS is not affected as the underlying operating system used by PAN-OS is not affected.
CVE-2019-7639PAN-OS is not affected as the affected components are not present or not used in PAN-OS.
CVE-2020-7774PAN-OS is not affected as the affected components are not present or not used in PAN-OS.
CVE-2020-17049PAN-OS is not affected as the affected components are not present or not used in PAN-OS.
CVE-2021-0131PAN-OS is not affected as the affected components are not present or not used in PAN-OS.
CVE-2021-0132PAN-OS is not affected as the affected components are not present or not used in PAN-OS.
CVE-2021-0133PAN-OS is not affected as the affected components are not present or not used in PAN-OS.
CVE-2021-0134PAN-OS is not affected as the affected components are not present or not used in PAN-OS.
CVE-2021-4044PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL versions.
CVE-2021-4160PAN-OS is not affected as the affected components are not present or not used in PAN-OS.
CVE-2021-41773PAN-OS is not affected as PAN-OS does not use the vulnerable httpd versions.
CVE-2022-1343PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL versions.
CVE-2022-2274PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL versions.
CVE-2022-3358PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL versions.
CVE-2022-3996PAN-OS is not affected as the underlying operating system used by PAN-OS is not affected.
CVE-2022-21449PAN-OS is not affected as no realistic scenarios exist where it is practical to exploit this issue.
CVE-2022-22963PAN-OS is not affected as the affected components are not present or not used in PAN-OS.
CVE-2022-22965PAN-OS is not affected as the affected components are not present or not used in PAN-OS.
CVE-2022-24697PAN-OS is not affected as the affected components are not present or not used in PAN-OS.
CVE-2022-32207PAN-OS is not affected as the underlying operating system used by PAN-OS is not affected.
CVE-2022-40664PAN-OS is not affected as the affected components are not present or not used in PAN-OS.
CVE-2022-44792PAN-OS is not affected as the affected components are not present or not used in PAN-OS.
CVE-2022-44793PAN-OS is not affected as the affected components are not present or not used in PAN-OS.
CVE-2023-1255PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL versions.
CVE-2023-3341PAN-OS is not affected as the affected components are not present or not used in PAN-OS.
CVE-2023-4236PAN-OS is not affected as the affected components are not present or not used in PAN-OS.
CVE-2023-4863PAN-OS is not affected as PAN-OS does not process untrusted images with pillow.
CVE-2023-22809PAN-OS is not affected as the affected components are not present or not used in PAN-OS.
CVE-2023-23919PAN-OS is not affected as no realistic scenarios exist where it is practical to exploit this issue.
CVE-2023-51767PAN-OS is not affected as no realistic scenarios exist where it is practical to exploit this issue.

Product Status

VersionsAffectedUnaffected
PAN-OS NoneAll

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of these issues in any of our products.

Solution

No software updates are required at this time.

© 2024 Palo Alto Networks, Inc. All rights reserved.