| | Versions | Affected | Unaffected | | |
|---|
| 6.5 | CVE-2023-0003 Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server | Cortex XSOAR 8.1 Cortex XSOAR 6.10 Cortex XSOAR 6.9 Cortex XSOAR 6.8 Cortex XSOAR 6.6 | none < 6.10.0.185964 < 6.9.B185415 < 6.8.B185719 < 6.6.B186115 | all >= 6.10.0.185964 >= 6.9.B185415 >= 6.8.B185719 >= 6.6.B186115 | 2023-02-08 | 2023-02-08 |
| 6 | CVE-2023-0001 Cortex XDR Agent: Cleartext Exposure of Agent Admin Password | Cortex XDR Agent 7.9 Cortex XDR Agent 7.8 Cortex XDR Agent 7.5 Cortex XDR Agent 5.0 | none none < 7.5.101-CE on Windows none | all all >= 7.5.101-CE on Windows all | 2023-02-08 | 2023-02-08 |
| 5.5 | CVE-2023-0002 Cortex XDR Agent: Product Disruption by Local Windows User | Cortex XDR Agent 7.9 Cortex XDR Agent 7.8 Cortex XDR Agent 7.5 Cortex XDR Agent 5.0 | none none < 7.5.101-CE on Windows < 5.0.12.22203 on Windows | all all >= 7.5.101-CE on Windows >= 5.0.12.22203 on Windows | 2023-02-08 | 2023-02-08 |
| i | PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023 | | | | 2023-02-08 | 2023-02-08 |
| i | CVE-2023-22809 Impact of Sudo Vulnerability CVE-2023-22809 | | | | 2023-02-08 | 2023-02-08 |
| i | PAN-SA-2022-0007 Impact of OpenSSL 3.0 Vulnerability CVE-2022-3996 | | | | 2022-12-23 | 2022-12-23 |
| 6.7 | CVE-2022-0031 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine | Cortex XSOAR 6.9 Cortex XSOAR 6.8 Cortex XSOAR 6.6 Cortex XSOAR 6.5 | < 6.9.0.130766 on Linux, <= 6.9.0.3387847 on Linux all all all | >= 6.9.0.130766 on Linux none none none | 2022-11-09 | 2022-11-19 |
| i | CVE-2022-42889 Impact of Apache Text Commons Vulnerability CVE-2022-42889 | | | | 2022-11-09 | 2022-11-09 |
| i | PAN-SA-2022-0006 Impact of OpenSSL 3.0 Vulnerabilities CVE-2022-3786 and CVE-2022-3602 | | | | 2022-10-31 | 2022-11-09 |
| 8.1 | CVE-2022-0030 PAN-OS: Authentication Bypass in Web Interface | | | | 2022-10-12 | 2022-10-12 |
| 5.5 | CVE-2022-0029 Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File | Cortex XDR Agent 7.5 CE Cortex XDR Agent 7.8 Cortex XDR Agent 7.7 Cortex XDR Agent 5.0 | < 7.5.101-CE on Windows none < 7.7.3 on Windows < 5.0.12-hotfix update on Windows | >= 7.5.101-CE all >= 7.7.3 >= 5.0.12-hotfix update | 2022-09-14 | 2022-09-14 |
| i | PAN-SA-2022-0005 Informational: Cortex XDR Agent: Product Disruption by Local Windows Administrator | | All agents with a content update earlier than CU-860 on Windows | All agents with CU-860 or a later content update | 2022-09-14 | 2023-03-08 |
| 0 | CVE-2022-28199 Informational: PAN-OS: Impact of the NVIDIA Dataplane Development Kit (DPDK) Vulnerability CVE-2022-28199 | | | | 2022-09-14 | 2022-09-14 |
| i | PAN-SA-2022-0004 Informational: Cortex XDR Agent: Allow List is Visible to Low Privileged Users | | All agents with a content update earlier than CU-630 on Windows | All agents with CU-630 or a later content update | 2022-09-14 | 2022-09-14 |
| 8.6 N | CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering | Cloud NGFW PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access 3.1 Prisma Access 3.0 ➔ View additional products | none < 10.2.2-h2 < 10.1.6-h6 < 10.0.11-h1 < 9.1.14-h4 < 9.0.16-h3 < 8.1.23-h1 none none none | All >= 10.2.2-h2 >= 10.1.6-h6 >= 10.0.11-h1 >= 9.1.14-h4 >= 9.0.16-h3 >= 8.1.23-h1 All All all | 2022-08-10 | 2022-08-19 |
| i | PAN-SA-2022-0003 Informational: Cortex XDR Agent: Proof of Concept (PoC) Reduces Effectiveness of Anti-Ransomware Protection Module | | All agents with a content update earlier than CU-610 | All agents with CU-610 or a later content update | 2022-08-10 | 2022-08-10 |
| 7.2 | CVE-2022-0024 PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit | PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 | none < 10.1.5 < 10.0.10 < 9.1.13 < 9.0.16 < 8.1.23 | >= 10.2.0 >= 10.1.5 >= 10.0.10 >= 9.1.13 >= 9.0.16 >= 8.1.23 | 2022-05-11 | 2022-05-11 |
| 6.7 | CVE-2022-0026 Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability | Cortex XDR Agent 7.5 CE Cortex XDR Agent 7.7 Cortex XDR Agent 7.6 Cortex XDR Agent 7.5 Cortex XDR Agent 7.4 Cortex XDR Agent 6.1 | 7.5.* without CU-330 on Windows 7.7.* without CU-330 on Windows 7.6.* without CU-330 on Windows 7.5.* without CU-330 on Windows 7.4.* without CU-330 on Windows 6.1.* without CU-330 on Windows | 7.5.* with CU-330 on Windows 7.7.* with CU-330 on Windows 7.6.* with CU-330 on Windows 7.5.* with CU-330 on Windows 7.4.* with CU-330 on Windows 6.1.* with CU-330 on Windows | 2022-05-11 | 2022-05-11 |
| 6.7 | CVE-2022-0025 Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability | | none < 7.7.1.62043 without CU-500 on Windows none none none | all 7.7.* with CU-500, >= 7.7.1.62043 on Windows all all all | 2022-05-11 | 2022-05-11 |
| 4.3 | CVE-2022-0027 Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports | Cortex XSOAR 6.6 Cortex XSOAR 6.5 Cortex XSOAR 6.2 Cortex XSOAR 6.1 | < 6.6.0.2585049 6.5.* 6.2.* 6.1.* | >= 6.6.0.2585049 none none none | 2022-05-11 | 2022-05-11 |
| 3.3 | PAN-SA-2022-0001 Cortex XDR Agent: Supervisor Password Hash Disclosure Vulnerability When Generating Support Files | Cortex XDR Agent 7.5 CE Cortex XDR Agent 7.9 Cortex XDR Agent 7.8 Cortex XDR Agent 7.4 Cortex XDR Agent 5.0 | | | 2022-04-14 | 2023-02-08 |
| i | PAN-SA-2022-0002 Informational: Cortex XDR Agent: Product Disruption by Local Windows Administrator | | | | 2022-04-14 | 2022-05-13 |
| 5.9 | CVE-2022-0023 PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy | PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access 3.0 Prisma Access 2.2 Prisma Access 2.1 | none < 10.1.5 < 10.0.10 < 9.1.13 < 9.0.16 < 8.1.22 none none none | 10.2.* >= 10.1.5 >= 10.0.10 >= 9.1.13 >= 9.0.16 >= 8.1.22 Preferred, Innovation Preferred Preferred, Innovation | 2022-04-13 | 2022-04-13 |
| 7.5 N | CVE-2022-0778 Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778 | Cortex XDR Agent 7.7 Cortex XDR Agent 7.6 Cortex XDR Agent 7.5-CE Cortex XDR Agent 7.5 Cortex XDR Agent 7.4 Cortex XDR Agent 6.1 Cortex XSOAR GlobalProtect App 6.0 GlobalProtect App 5.3 GlobalProtect App 5.2 GlobalProtect App 5.1 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access 3.1 Prisma Access 3.0 Prisma Access 2.2 Prisma Access 2.1 Prisma Cloud | < 7.7.0.60725 on Windows, < 7.7.0.2356 on macOS, < 7.7.0.59559 on Linux < 7.6.2.60545 on Windows, < 7.6.2.2311 on macOS, < 7.6.2.59612 on Linux < 7.5.100.60642 on Windows, < 7.5.100.2276 on macOS, < 7.5.100.59687 on Linux < 7.5.3.60113 on Windows, < 7.5.3.2265 on macOS, < 7.5.3.59465 on Linux 7.4.* < 6.1.9.61370 on Windows, < 6.1.7.1690 on macOS, < 6.1.7.60245 on Linux none < 6.0.1 on Windows and macOS, < 6.0.2 on Android and iOS < 5.3.4 < 5.2.12 < 5.1.11 < 10.2.1 < 10.1.5-h1 < 10.0.10 < 9.1.13-h3 < 9.0.16-h2 < 8.1.23 Preferred, Innovation Preferred, Innovation Preferred Preferred, Innovation none | >= 7.7.0.60725 on Windows, >= 7.7.0.2356 on macOS, >= 7.7.0.59559 on Linux >= 7.6.2.60545 on Windows, >= 7.6.2.2311 on macOS, >= 7.6.2.59612 on Linux >= 7.5.100.60642 on Windows, >= 7.5.100.2276 on macOS, >= 7.5.100.59687 on Linux >= 7.5.3.60113 on Windows, >= 7.5.3.2265 on macOS, >= 7.5.3.59465 on Linux none >= 6.1.9.61370 on Windows, >= 6.1.7.1690 on macOS, >= 6.1.7.60245 on Linux all >= 6.0.1 on Windows and macOS, >= 6.0.2 on Android and iOS >= 5.3.4 >= 5.2.12 >= 5.1.11 >= 10.2.1 >= 10.1.5-h1 >= 10.0.10 >= 9.1.13-h3 >= 9.0.16-h2 >= 8.1.23 none none none none all | 2022-03-31 | 2022-06-24 |
| 0 | CVE-2022-22963 Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965 | | | | 2022-03-31 | 2022-04-25 |
= Exploitable over the network with low complexity, unauthenticated attack.