Palo Alto Networks Security Advisories / PAN-SA-2020-0007

PAN-SA-2020-0007 Informational: Third-party or open source vulnerabilities that do not impact Palo Alto Networks Products


Informational

JSON CSAF
Published 2020-07-08
Updated 2022-04-05
Reference PAN-149916, PAN-137122, OSS-316, PAN-147254
Discovered externally

Description

The Palo Alto Networks Product Security Assurance team has evaluated and determined that these third-party or open source vulnerabilities do not have any security impact on PAN-OS or that the scenarios required for successful exploitation do not exist on devices running a PAN-OS release.

The conditions required to exploit jQuery vulnerabilities CVE-2020-11022 and CVE-2020-11023 do not exist in PAN-OS software. However, out of an abundance of caution, the jQuery library was upgraded to a fixed version that does not contain the vulnerable code in PAN-OS 8.1.19, PAN-OS 9.0.13, PAN-OS 9.1.8, and all later PAN-OS versions.

CVESummary
CVE-2020-11896This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-11897This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-11898This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-11899This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-11900This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-11901This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-11902This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-11903This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-11904This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-11905This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-11906This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-11907This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-11908This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-11909This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-11910This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-11911This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-11912This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-11913This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-11914This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2013-7459This vulnerability in pycrypto does not affect PAN-OS software.
CVE-2018-1122Conditions required for exploiting this vulnerability in procps-ng do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2018-16402Conditions required for exploiting this vulnerability in libelf do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2020-11022Conditions required for exploiting this vulnerability in jQuery do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2020-11023Conditions required for exploiting this vulnerability in jQuery do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2018-1121Conditions required for exploiting this vulnerability in procps-ng do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2018-1120Conditions required for exploiting this vulnerability in procps-ng do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2018-1123Conditions required for exploiting this vulnerability in procps-ng do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2018-1124Conditions required for exploiting this vulnerability in procps-ng do not exist in PAN-OS software. Hence PAN-OS software is not impacted.

Product Status

VersionsAffectedUnaffected
PAN-OS allNoneAll

Solution

No product updates are required for these issues.

The jQuery library used in PAN-OS 8.1.19, PAN-OS 9.0.13, PAN-OS 9.1.8, and all later PAN-OS versions does not contain the vulnerable code used to exploit vulnerabilities CVE-2020-11022 and CVE-2020-11023.

Timeline

Added versions of PAN-OS that upgrade jQuery to a fixed version
Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2025 Palo Alto Networks, Inc. All rights reserved.