Palo Alto Networks Security Advisories / CVE-2022-22963

CVE-2022-22963 Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965


Informational

Description

The Palo Alto Networks Product Security Assurance team has completed its evaluation of the Spring Cloud Function vulnerability CVE-2022-22963 and Spring Core vulnerability CVE-2022-22965 for all products and services. All Palo Alto Networks cloud services with possible impact have been mitigated and remediated.

The following products and services are not impacted by these Spring vulnerabilities: AutoFocus, Bridgecrew, Cortex Data Lake, Cortex XDR agent, Cortex Xpanse, Cortex XSOAR, Enterprise Data Loss Prevention, Exact Data Matching (EDM) CLI, Expanse, Expedition Migration Tool, GlobalProtect app, IoT Security, Okyo Garde, Palo Alto Networks App for Splunk, PAN-OS hardware and virtual firewalls and Panorama appliances, Prisma Cloud, Prisma Cloud Compute, Prisma SD-WAN (CloudGenix), Prisma SD-WAN ION, SaaS Security, User-ID Agent, WildFire Appliance (WF-500), and WildFire Cloud.

Product Status

VersionsAffectedUnaffected
AutoFocus NoneAll
Bridgecrew NoneAll
Cortex Data Lake NoneAll
Cortex XDR Agent NoneAll
Cortex Xpanse NoneAll
Cortex XSOAR NoneAll
Enterprise Data Loss Prevention NoneAll
Exact Data Matching CLI NoneAll
Expanse NoneAll
Expedition Migration Tool NoneAll
GlobalProtect App NoneAll
IoT Security NoneAll
Okyo Garde NoneAll
Palo Alto Networks App for Splunk NoneAll
PAN-OS NoneAll
Prisma Cloud NoneAll
Prisma Cloud Compute NoneAll
Prisma SD-WAN (CloudGenix) NoneAll
Prisma SD-WAN ION NoneAll
SaaS Security NoneAll
User-ID Agent NoneAll
WildFire Appliance (WF-500) NoneAll
WildFire Cloud NoneAll

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue on any of our products.

More information about the vulnerability's exploitation in the wild can be found in the Unit 42 threat brief: https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/

Weakness Type

CWE-770 Allocation of Resources Without Limits or Throttling

CWE-497 Exposure of System Data to an Unauthorized Control Sphere

Solution

No product updates are required for Palo Alto Networks products at this time.

Workarounds and Mitigations

No workarounds or mitigations are required for Palo Alto Networks products at this time.

Customers with a Threat Prevention subscription can block the attack traffic related to these vulnerabilities by enabling Threat IDs 92393, 92394, and 83239 for CVE-2022-22965 and Threat ID 92389 for CVE-2022-22963.

See https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/ for more details on Palo Alto Networks product capabilities to protect against attacks that exploit this issue.

Timeline

Added additional service status. The investigation is complete.
Added additional product status
Added additional product status
Added threat prevention signatures and additional product status
Referenced CVE-2022-22965
Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.