Palo Alto Networks Security Advisories / PAN-SA-2020-0007

PAN-SA-2020-0007 Informational: Third-party or open source vulnerabilities that do not impact Palo Alto Networks Products

047910
Severity 0 · NONE
Attack Vector PHYSICAL
Attack Complexity HIGH
Privileges Required HIGH
User Interaction REQUIRED
Scope UNCHANGED
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact NONE
JSON
Published 2020-07-08
Updated 2020-07-08
Reference PAN-149916, PAN-137122, OSS-316 and PAN-147254
Discovered externally

Description

The Palo Alto Networks Product Security Assurance team has evaluated and determined that these third-party or open source vulnerabilities do not have any security impact on PAN-OS or that the scenarios required for successful exploitation do not exist on devices running a PAN-OS release.

CVECVSSSummary
CVE-2020-1189610.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-1189710.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-118989.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-118995.4 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119008.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119019.0 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119027.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119036.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119047.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119056.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119066.3 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119076.3 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119084.3 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119095.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119105.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119115.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119125.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119135.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2020-119144.3 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)This vulnerability in Treck TCP/IP stack (also known as Ripple20) does not impact PAN-OS software.
CVE-2013-74599.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)This vulnerability in pycrypto does not affect PAN-OS software.
CVE-2018-11227.0 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)Conditions required for exploiting this vulnerability in procps-ng do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2018-164029.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)Conditions required for exploiting this vulnerability in libelf do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2020-110226.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)Conditions required for exploiting this vulnerability in jQuery do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2020-110236.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)Conditions required for exploiting this vulnerability in jQuery do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2018-11215.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)Conditions required for exploiting this vulnerability in procps-ng do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2018-11205.3 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)Conditions required for exploiting this vulnerability in procps-ng do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2018-11237.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)Conditions required for exploiting this vulnerability in procps-ng do not exist in PAN-OS software. Hence PAN-OS software is not impacted.
CVE-2018-11247.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)Conditions required for exploiting this vulnerability in procps-ng do not exist in PAN-OS software. Hence PAN-OS software is not impacted.

Product Status

PAN-OS

VersionsAffectedUnaffected
allall

Severity: NONE

CVSSv3.1 Base Score: 0 (CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N)

Weakness Type

Solution

No product updates are required for these issues.

Workarounds and Mitigations

Timeline

Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure Policy Report vulnerabilitiesManage subscriptions
© 2020 Palo Alto Networks, Inc. All rights reserved.