PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023
Informational
Description
The Palo Alto Networks Product Security Assurance team is evaluating the OpenSSL vulnerabilities that were disclosed on February 7, 2023 (CVE-2023-0286, CVE-2022-4304, CVE-2022-4203, CVE-2023-0215, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217, and CVE-2023-0401) as it relates to our products. This is an ongoing product security investigation and product status can change as more information becomes available.
At this time, there are no known scenarios that enable successful exploitation of these vulnerabilities in our products.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| AutoFocus | None | all |
| Bridgecrew | None | all |
| Cloud NGFW | None | all |
| Cortex Data Lake | None | all |
| Cortex XDR | None | all |
| Cortex XDR Agent | None | all |
| Cortex Xpanse | None | all |
| Cortex XSOAR | None | all |
| Enterprise Data Loss Prevention | None | all |
| Exact Data Matching CLI | None | all |
| Expanse | None | all |
| Expedition Migration Tool | None | all |
| GlobalProtect App | None | all |
| IoT Security | None | all |
| Okyo Garde | None | all |
| Palo Alto Networks App for Splunk | None | all |
| PAN-OS | None | all |
| Prisma Access | None | all |
| Prisma Cloud | None | all |
| Prisma Cloud Compute | None | all |
| Prisma SD-WAN (CloudGenix) | None | all |
| Prisma SD-WAN ION | None | all |
| SaaS Security | None | all |
| User-ID Agent | None | all |
| WildFire Appliance (WF-500) | None | all |
| WildFire Cloud | None | all |
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue on any of our products.
Solution
No software updates are required at this time.
Timeline
Initial publication