Palo Alto Networks Security Advisories / PAN-SA-2020-0003

PAN-SA-2020-0003 Informational: Third-party or open source vulnerabilities that do not affect Palo Alto Networks Products

047910
Severity 0 · NONE
Attack Vector PHYSICAL
Attack Complexity HIGH
Privileges Required HIGH
User Interaction REQUIRED
Scope UNCHANGED
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact NONE

Description

Palo Alto Networks Product Security Assurance team has evaluated and determined that these third-party or open source vulnerabilities do not have a security impact on Palo Alto Networks Products, or the scenarios required for successful exploitation do not exist on Palo Alto Networks Products.

CVECVSSSummary
CVE-2019-169057.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)The OpenSSH package in PAN-OS is not compiled with XMSS support.
CVE-2019-111689.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2020-05617.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)Palo Alto Networks does not use SGX SDK from Intel in any product.
CVE-2020-05627.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)Palo Alto Networks does not use RAID WebConsole 2 in any product.
CVE-2020-05637.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)Palo Alto Networks does not use MPSS installer in any product.
CVE-2020-05647.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)Palo Alto Networks does not use RWC 3 console in any product.
CVE-2019-111757.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-01396.7 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-01408.8 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-01428.2 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-01435.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-01446.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-01457.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-01465.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-01475.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-01485.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-01495.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-01505.1 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)Palo Alto Networks does not use Intel Ethernet 700 series controllers in any released next generation firewall.
CVE-2019-111777.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-111788.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-111796.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-111807.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-111707.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-111827.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-111719.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-111725.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-111737.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-111817.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-111745.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)Palo Alto Networks does not use any affected Intel server boards or compute modules.
CVE-2019-127358.6 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)The Vim package on PAN-OS do not have 'modline' enabled required for exploiting this issue. Further the command itself is not accessible to privileged or unprivileged users.

Product Status

VersionsAffectedUnaffected
PAN-OS Noneall

Severity: NONE

CVSSv3.1 Base Score: 0 (CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N)

Weakness Type

Solution

No product updates are required for these issues.

Workarounds and Mitigations

None

© 2020 Palo Alto Networks, Inc. All rights reserved.