Palo Alto Networks Security Advisories / PAN-SA-2022-0006

PAN-SA-2022-0006 Impact of OpenSSL 3.0 Vulnerabilities CVE-2022-3786 and CVE-2022-3602


Informational

Description

The OpenSSL Project has published two high severity vulnerabilities CVE-2022-3786 and CVE-2022-3602 that affect OpenSSL versions 3.0.0 through 3.0.6 on November 1st, 2022.

The Palo Alto Networks Product Security Assurance team has evaluated and confirmed that all products and services are not impacted by these vulnerabilities.

Product Status

VersionsAffectedUnaffected
AutoFocus Noneall
Bridgecrew Noneall
Cloud NGFW Noneall
Cortex Data Lake Noneall
Cortex XDR Noneall
Cortex XDR Agent Noneall
Cortex Xpanse Noneall
Cortex XSOAR Noneall
Enterprise Data Loss Prevention Noneall
Exact Data Matching CLI Noneall
Expanse Noneall
Expedition Migration Tool Noneall
GlobalProtect App Noneall
IoT Security Noneall
Okyo Garde Noneall
Palo Alto Networks App for Splunk Noneall
PAN-OS Noneall
Prisma Access Noneall
Prisma Cloud Noneall
Prisma Cloud Compute Noneall
Prisma SD-WAN (CloudGenix) Noneall
Prisma SD-WAN ION Noneall
SaaS Security Noneall
User-ID Agent Noneall
WildFire Appliance (WF-500) Noneall
WildFire Cloud Noneall

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue on any of our products.

Solution

No software updates are required at this time.

NOTE: Cortex XDR Broker VM versions earlier than Cortex XDR Broker VM 17.4.1 contain an affected version of the OpenSSL 3.0 library but are not impacted. There are no scenarios in Cortex XDR Broker VM software that enable successful exploitation of these vulnerabilities. The OpenSSL 3.0 library has been removed from Cortex XDR Broker VM 17.4.1 and later versions for security assurance.

Workarounds and Mitigations

Customers with a Threat Prevention subscription can block known attacks for CVE-2022-3602 by enabling Threat ID 93212 (Applications and Threats content update 8638). This mitigation reduces the risk of exploitation from known exploits.

Frequently Asked Questions

Q. How can I find vulnerable versions of OpenSSL in my environment?

With Prisma Cloud, security teams can prepare to detect and patch vulnerable systems as soon as the fix is available. Prisma Cloud customers can apply controls to address this vulnerability across multiple stages in the application lifecycle, from the code to the cloud.

See https://www.paloaltonetworks.com/blog/prisma-cloud/prepare-openssl-vulnerability/ for more information.

Timeline

Investigation is complete
Cortex XDR Broker VM 17.4.1 is released and removes OpenSSL 3.0 for security assurance
A threat prevention signature is now available for CVE-2022-3602
Updated advisory to reference the CVEs
Initial publication
© 2022 Palo Alto Networks, Inc. All rights reserved.