Palo Alto Networks Security Advisories / PAN-SA-2024-0012

PAN-SA-2024-0012 Informational Bulletin: OSS CVEs fixed in PAN-OS


Informational

Description

The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. While it was not determined that these CVEs have any significant impact on PAN-OS, they have been fixed out of an abundance of caution.

CVESummary
CVE-2019-17006This CVE is fixed in PAN-OS 10.2.0, and all later versions of PAN-OS.
CVE-2021-3518This CVE is fixed in PAN-OS 10.2.0, and all later versions of PAN-OS.
CVE-2021-25219This CVE is fixed in PAN-OS 10.2.3, and all later versions of PAN-OS.
CVE-2021-27645This CVE is fixed in PAN-OS 10.2.8, PAN-OS 11.0.2, and all later versions of PAN-OS.
CVE-2021-34798This CVE is fixed in PAN-OS 10.2.8, PAN-OS 11.0.2, and all later versions of PAN-OS.
CVE-2022-1154This CVE is fixed in PAN-OS 10.2.3, and all later versions of PAN-OS.
CVE-2022-23806This CVE is fixed in PAN-OS 11.2.3-h2, and all later versions of PAN-OS.
CVE-2022-28199This CVE is fixed in PAN-OS 10.2.4, and all later versions of PAN-OS.
CVE-2022-37434This CVE is fixed in PAN-OS 10.2.5, PAN-OS 11.0.1, and all later versions of PAN-OS.
CVE-2022-40674This CVE is fixed in PAN-OS 10.2.4, PAN-OS 11.0.1, and all later versions of PAN-OS.
CVE-2023-3446This CVE is fixed in PAN-OS 10.2.8, PAN-OS 11.0.2, and all later versions of PAN-OS.
CVE-2023-4527This CVE is fixed in PAN-OS 11.0.6, PAN-OS 11.1.4, and all later versions of PAN-OS.
CVE-2023-24329This CVE is fixed in PAN-OS 10.2.8, PAN-OS 11.0.4, and all later versions of PAN-OS.
CVE-2023-24538This CVE is fixed in PAN-OS 11.2.3-h2, and all later versions of PAN-OS.
CVE-2023-24540This CVE is fixed in PAN-OS 11.2.3-h2, and all later versions of PAN-OS.
CVE-2023-47234This CVE is fixed in PAN-OS 10.2.11, 11.0.4, 11.1.3, and all later versions of PAN-OS
CVE-2024-24790This CVE is fixed in PAN-OS 11.2.3-h2, and all later versions of PAN-OS.

Product Status

VersionsAffectedUnaffected
PAN-OS Versions prior to those listed aboveVersions listed above

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Solution

The OSS CVEs are fixed in the respective PAN-OS versions.

© 2024 Palo Alto Networks, Inc. All rights reserved.