Palo Alto Networks Security Advisories / PAN-SA-2020-0007

PAN-SA-2020-0007 Informational: Third-party or open source vulnerabilities that do not impact Palo Alto Networks Products

047910
Severity 0 · NONE
Attack Vector PHYSICAL
Attack Complexity HIGH
Privileges Required HIGH
User Interaction REQUIRED
Scope UNCHANGED
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact NONE

Description

The Palo Alto Networks Product Security Assurance team has evaluated and determined that these third-party or open source vulnerabilities do not have any security impact on PAN-OS or that the scenarios required for successful exploitation do not exist on devices running a PAN-OS release.

CVECVSSSummary
CVE-2020-1189610.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-1189710.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-118989.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-118995.4 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119008.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119019.0 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119027.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119036.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119047.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119056.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119066.3 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119076.3 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119084.3 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119095.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119105.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119115.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119125.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119135.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119144.3 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2013-74599.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)This vulnerability in pycrypto does not affect PAN-OS software.
CVE-2018-11227.0 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)Conditions required for exploiting this vulnerability in procps-ng do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2018-164029.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)Conditions required for exploiting this vulnerability in libelf do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2020-110226.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)Conditions required for exploiting this vulnerability in jQuery do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2020-110236.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)Conditions required for exploiting this vulnerability in jQuery do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2018-11215.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)Conditions required for exploiting this vulnerability in procps-ng do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2018-11205.3 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)Conditions required for exploiting this vulnerability in procps-ng do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2018-11237.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)Conditions required for exploiting this vulnerability in procps-ng do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2018-11247.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)Conditions required for exploiting this vulnerability in procps-ng do not exist in PAN-OS software. Hence PAN-OS software is not impacted.

Product Status

PAN-OS

VersionsAffectedUnaffected
allall

Severity: NONE

CVSSv3.1 Base Score: 0 (CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N)

Weakness Type

Solution

No product updates are required for these issues.

Workarounds and Mitigations

Timeline

Initial publication
© 2020 Palo Alto Networks, Inc. All rights reserved.