PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023
The Palo Alto Networks Product Security Assurance team has evaluated the OpenSSL vulnerabilities that were disclosed on February 7, 2023 (CVE-2023-0286, CVE-2022-4304, CVE-2022-4203, CVE-2023-0215, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217, and CVE-2023-0401) as it relates to our products. At this time, there are no demonstrated scenarios that enable successful exploitation of these vulnerabilities in our products.
|Cortex Data Lake||None||all|
|Cortex XDR Agent||None||all|
|Enterprise Data Loss Prevention||None||all|
|Exact Data Matching CLI||None||all|
|Expedition Migration Tool||None||all|
|Palo Alto Networks App for Splunk||None||all|
|Prisma Cloud Compute||None||all|
|Prisma SD-WAN (CloudGenix)||None||all|
|Prisma SD-WAN ION||None||all|
|WildFire Appliance (WF-500)||None||all|
Palo Alto Networks is not aware of any malicious exploitation of this issue on any of our products.
Out of an abundance of caution, OpenSSL has been upgraded or patched in the following products to address the underlying code defects that result in these vulnerabilities:
For PAN-OS, these changes will be available in PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.
For GlobalProtect app, these changes will be available in GlobalProtect app 6.0.6 and later GlobalProtect app versions.