CVE-2022-22963 Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965
The Palo Alto Networks Product Security Assurance team has completed its evaluation of the Spring Cloud Function vulnerability CVE-2022-22963 and Spring Core vulnerability CVE-2022-22965 for all products and services. All Palo Alto Networks cloud services with possible impact have been mitigated and remediated.
The following products and services are not impacted by these Spring vulnerabilities: AutoFocus, Bridgecrew, Cortex Data Lake, Cortex XDR agent, Cortex Xpanse, Cortex XSOAR, Enterprise Data Loss Prevention, Exact Data Matching (EDM) CLI, Expanse, Expedition Migration Tool, GlobalProtect app, IoT Security, Okyo Garde, Palo Alto Networks App for Splunk, PAN-OS hardware and virtual firewalls and Panorama appliances, Prisma Cloud, Prisma Cloud Compute, Prisma SD-WAN (CloudGenix), Prisma SD-WAN ION, SaaS Security, User-ID Agent, WildFire Appliance (WF-500), and WildFire Cloud.
|Cortex Data Lake||None||all|
|Cortex XDR Agent||None||all|
|Enterprise Data Loss Prevention||None||all|
|Exact Data Matching CLI||None||all|
|Expedition Migration Tool||None||all|
|Palo Alto Networks App for Splunk||None||all|
|Prisma Cloud Compute||None||all|
|Prisma SD-WAN (CloudGenix)||None||all|
|Prisma SD-WAN ION||None||all|
|WildFire Appliance (WF-500)||None||all|
CVSSv3.1 Base Score:0 (CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N)
Palo Alto Networks is not aware of any malicious exploitation of this issue on any of our products.
More information about the vulnerability's exploitation in the wild can be found in the Unit 42 threat brief: https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/
No product updates are required for Palo Alto Networks products at this time.
Workarounds and Mitigations
No workarounds or mitigations are required for Palo Alto Networks products at this time.
Customers with a Threat Prevention subscription can block the attack traffic related to these vulnerabilities by enabling Threat IDs 92393, 92394, and 83239 for CVE-2022-22965 and Threat ID 92389 for CVE-2022-22963.
See https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/ for more details on Palo Alto Networks product capabilities to protect against attacks that exploit this issue.