PAN-SA-2024-0012 Informational Bulletin: OSS CVEs fixed in PAN-OS
Informational
Description
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. While it was not determined that these CVEs have any significant impact on PAN-OS, they have been fixed out of an abundance of caution.
CVE | Summary |
---|---|
CVE-2019-17006 | This CVE is fixed in PAN-OS 10.2.0, and all later versions of PAN-OS. |
CVE-2021-3518 | This CVE is fixed in PAN-OS 10.2.0, and all later versions of PAN-OS. |
CVE-2021-25219 | This CVE is fixed in PAN-OS 10.2.3, and all later versions of PAN-OS. |
CVE-2021-27645 | This CVE is fixed in PAN-OS 10.2.8, PAN-OS 11.0.2, and all later versions of PAN-OS. |
CVE-2021-34798 | This CVE is fixed in PAN-OS 10.2.8, PAN-OS 11.0.2, and all later versions of PAN-OS. |
CVE-2022-1154 | This CVE is fixed in PAN-OS 10.2.3, and all later versions of PAN-OS. |
CVE-2022-23806 | This CVE is fixed in PAN-OS 11.2.3-h2, and all later versions of PAN-OS. |
CVE-2022-28199 | This CVE is fixed in PAN-OS 10.2.4, and all later versions of PAN-OS. |
CVE-2022-37434 | This CVE is fixed in PAN-OS 10.2.5, PAN-OS 11.0.1, and all later versions of PAN-OS. |
CVE-2022-40674 | This CVE is fixed in PAN-OS 10.2.4, PAN-OS 11.0.1, and all later versions of PAN-OS. |
CVE-2023-3446 | This CVE is fixed in PAN-OS 10.2.8, PAN-OS 11.0.2, and all later versions of PAN-OS. |
CVE-2023-4527 | This CVE is fixed in PAN-OS 11.0.6, PAN-OS 11.1.4, and all later versions of PAN-OS. |
CVE-2023-24329 | This CVE is fixed in PAN-OS 10.2.8, PAN-OS 11.0.4, and all later versions of PAN-OS. |
CVE-2023-24538 | This CVE is fixed in PAN-OS 11.2.3-h2, and all later versions of PAN-OS. |
CVE-2023-24540 | This CVE is fixed in PAN-OS 11.2.3-h2, and all later versions of PAN-OS. |
CVE-2023-47234 | This CVE is fixed in PAN-OS 10.2.11, 11.0.4, 11.1.3, and all later versions of PAN-OS |
CVE-2024-24790 | This CVE is fixed in PAN-OS 11.2.3-h2, and all later versions of PAN-OS. |
Product Status
Versions | Affected | Unaffected |
---|---|---|
PAN-OS | Versions prior to those listed above | Versions listed above |
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Solution
The OSS CVEs are fixed in the respective PAN-OS versions.