Palo Alto Networks Security Advisories / PAN-SA-2020-0003

PAN-SA-2020-0003 Informational: Third-party or open source vulnerabilities that do not affect Palo Alto Networks Products

047910
Severity 0 · NONE
Attack Vector PHYSICAL
Attack Complexity HIGH
Privileges Required HIGH
User Interaction REQUIRED
Scope UNCHANGED
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact NONE
JSON
Published 2020-04-08
Updated 2020-04-27
Reference PAN-111636 and PAN-141921
Discovered externally

Description

Palo Alto Networks Product Security Assurance team has evaluated and determined that these third-party or open source vulnerabilities do not have a security impact on Palo Alto Networks Products, or the scenarios required for successful exploitation do not exist on Palo Alto Networks Products.

CVECVSSSummary
CVE-2019-169057.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)The OpenSSH package in PAN-OS is not compiled with XMSS support.
CVE-2019-111689.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2020-05617.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)Palo Alto Networks does not use SGX SDK from Intel in any product.
CVE-2020-05627.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)Palo Alto Networks does not use RAID WebConsole 2 in any product.
CVE-2020-05637.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)Palo Alto Networks does not use MPSS installer in any product.
CVE-2020-05647.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)Palo Alto Networks does not use RWC 3 console in any product.
CVE-2019-111757.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-01396.7 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-01408.8 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-01428.2 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-01435.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-01446.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-01457.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-01465.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-01475.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-01485.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-01495.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-01505.1 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-111777.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-111788.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-111796.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-111807.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-111707.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-111827.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-111719.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-111725.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-111737.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-111817.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-111745.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-127358.6 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)The Vim package on PAN-OS do not have 'modline' enabled required for exploiting this issue. Further the command itself is not accessible to privileged or unprivileged users.

Product Status

VersionsAffectedUnaffected
PAN-OS Noneall

Severity: NONE

CVSSv3.1 Base Score: 0 (CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N)

Weakness Type

Solution

No product updates are required for these issues.

Workarounds and Mitigations

None

Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure Policy Report vulnerabilitiesManage subscriptions
© 2020 Palo Alto Networks, Inc. All rights reserved.