Palo Alto Networks Security Advisories / PAN-SA-2024-0001

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS


Informational

Description

The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the affected OSS package, PAN-OS does not offer any scenarios required for an attacker to successfully exploit these vulnerabilities and is not impacted.

CVESummary
CVE-2017-8923This issue is only practical to exploit only when the memory limit is raised from its default to a value larger than 2 GiB. PAN-OS limits it to 128MB.
CVE-2017-9120This only impacts PHP scripts calling mysqli_real_escape_string(). PAN-OS does not make use of this function.
CVE-2017-18342Prerequisites for exploitating the vulnerable function do not exist on PAN-OS.
CVE-2019-1551PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL versions.
CVE-2019-16865PAN-OS is not affected as PAN-OS does not process untrusted images with pillow.
CVE-2019-16905PAN-OS is not affected as our OpenSSH build does not support XMSS.
CVE-2019-19523Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2019-19528Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2019-19911PAN-OS is not affected as PAN-OS does not process untrusted images with pillow.
CVE-2020-0404Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-0431Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-0466Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-1967PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL function.
CVE-2020-5310PAN-OS is not affected as PAN-OS does not process untrusted images with pillow.
CVE-2020-5313PAN-OS is not affected as PAN-OS does not process untrusted images with pillow.
CVE-2020-7760CodeMirror bundled in PAN-OS does not have vulnerable code parts
CVE-2020-10379PAN-OS is not affected as PAN-OS does not process untrusted images with pillow.
CVE-2020-11538PAN-OS is not affected as PAN-OS does not process untrusted images with pillow.
CVE-2020-11608Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-12114Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-12321This only impacts some Intel Wireless Bluetooth devices, which are not part of any products.
CVE-2020-12362This only impacts Intel(R) Graphics Drivers for Windows. Does not affect PAN-OS.
CVE-2020-12363Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-12364Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-13757The vulnerable API isn't used in PAN-OS.
CVE-2020-14314Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-14351Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-15778File uploads to PAN-OS can only be initiated from within the PAN-OS firewall CLI. This CVE requires initiating the file upload from an external system, so PAN-OS is not affected.
CVE-2020-24394Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-24504Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-25211Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-25212Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-25284Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-25285Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-25717Though PAN-OS software contains Samba packages, there isn't a Samba file and print server that runs in PAN-OS software. This CVE can not be exploited on PAN-OS.
CVE-2020-26541Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-27152Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-27835Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-28915Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-28974Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-29368Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-29661Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-35508Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-35653PAN-OS is not affected as PAN-OS does not process untrusted images with pillow.
CVE-2020-35654PAN-OS is not affected as PAN-OS does not process untrusted images with pillow.
CVE-2020-36312Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-36322Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-36385Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-36558Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2020-36694Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-0342Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-0512Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-0920Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-0941Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-3347Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-3428Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-3450PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL versions.
CVE-2021-3489Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-3501Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-3564Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-3609Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-3635Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-3653Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-3659Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-3669Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-3679Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-3743Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-3744Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-3764Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-3773PAN-OS is not affected as the vulnerable functionality is not used in PAN-OS.
CVE-2021-3923Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-4002Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-4028Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-4083Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-4093Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-4154Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-4155Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-20239Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-20317Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-20321Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-20325The affected components are not present or not used in PAN-OS.
CVE-2021-21706This is a Windows-specific vulnerability, and does not impact PAN-OS.
CVE-2021-21708This only affects PHP scripts that use FILTER_VALIDATE_FLOAT. PAN-OS does not make use of this function.
CVE-2021-21781Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-22543Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-22555Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-23133Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-23840PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL versions.
CVE-2021-23841PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL function.
CVE-2021-25217Prerequities for this CVE do not exist on PAN-OS.
CVE-2021-25289PAN-OS is not affected by this CVE as the underlying operating system used by PAN-OS is not affected.
CVE-2021-25290PAN-OS is not affected as PAN-OS does not process untrusted images with pillow.
CVE-2021-25291PAN-OS is not affected as PAN-OS does not process untrusted images with pillow.
CVE-2021-25293PAN-OS is not affected as PAN-OS does not process untrusted images with pillow.
CVE-2021-26708Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-27364Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-27365Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-27921PAN-OS is not affected as PAN-OS does not process untrusted images with pillow.
CVE-2021-27922PAN-OS is not affected as PAN-OS does not process untrusted images with pillow.
CVE-2021-27923PAN-OS is not affected as PAN-OS does not process untrusted images with pillow.
CVE-2021-28676PAN-OS is not affected as PAN-OS does not process untrusted images with pillow.
CVE-2021-28677PAN-OS is not affected as PAN-OS does not process untrusted images with pillow.
CVE-2021-28950Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-29646Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-30002Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-30139PAN-OS is not affected as PAN-OS does not use Alpine Linux.
CVE-2021-31440Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-31829Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-31916Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-32399Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-33034Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-33655Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-33909Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-33910The vulnerable systemd software is not included in PAN-OS.
CVE-2021-36159PAN-OS is not affected as external FTP is disabled, and PAN-OS does not use vulnerable component libfetch/apk-tools.
CVE-2021-36368PAN-OS is not affected as the underlying operating system used by PAN-OS is not affected
CVE-2021-37159Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-37576Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-41864Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-42739Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-43056Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-43267The affected functionality does not exist in the kernel version used by PAN-OS.
CVE-2021-43975Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-43976Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-44733Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2021-44790PAN-OS does not use the vulnerable mod_lua or proxy forwarding.
CVE-2022-0001Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-0002Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-0168Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-0185Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-0286Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-0322Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-0330Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-0492Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-0494Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-0516Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-0617Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-0847Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-0850Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-0854Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-1016Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-1048Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-1055Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-1158Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-1184Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-1292PAN-OS is not affected as the "c_rehash" script affected by this CVE is not shipped with PAN-OS.
CVE-2022-1462Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-1586PAN-OS is not affected as the vulnerable functionality is not used in PAN-OS.
CVE-2022-1679Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-1729Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-1941PAN-OS is not affected by this CVE as the underlying operating system components used by PAN-OS are not affected.
CVE-2022-2068PAN-OS is not affected as the "c_rehash" script affected by this CVE is not shipped with PAN-OS.
CVE-2022-2078Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-2153Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-2196Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-2526The vulnerable systemd software is not included in PAN-OS.
CVE-2022-2586Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-2588Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-2639Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-2873Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-2964Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-3105Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-3106Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-3107Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-3108Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-3239Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-3524Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-3625Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-3707Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-4139Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-4269Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-4378Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-4662Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-4744Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-20141Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-20368Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-20572Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-21123Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-21125Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-22721Exploit requires request body to be 350 MB. The request size in PAN-OS is 1MB. Therefore, this CVE does not impact PAN-OS.
CVE-2022-22817PAN-OS does not make use of the ImageMath module. Therefore, its eval() method is never called.
CVE-2022-22942Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-23960Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-24303PAN-OS is not affected by this CVE as the underlying operating system components used by PAN-OS are not affected.
CVE-2022-24448Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-25636Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-27664PAN-OS is not affected as it does not use the vulnerable functionality
CVE-2022-27666Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-27950Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-28331PAN-OS is not affected as the underlying OS components used in PAN-OS are not affected.
CVE-2022-28388Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-28390Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-28615No code distributed with the httpd server can exploit this flaw and the vulnerable function is not used in PAN-OS.
CVE-2022-28893Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-29217The vulnerable package is not used in PAN-OS.
CVE-2022-29804The CVE is specific to the Go distribution on Windows. Does not apply to PAN-OS.
CVE-2022-30634The CVE is specific to the Go distribution on Windows. Does not apply to PAN-OS.
CVE-2022-31625PAN-OS does not use the affected PostgreSQL extension.
CVE-2022-31626PAN-OS does not make use of the vulnerable PHP PDO MySQL driver and hence not impacted.
CVE-2022-31628PAN-OS does not make use of the vulnerable phar functionality.
CVE-2022-31676There are no scenarios that enable successful exploitation of this vulnerability on PAN-OS.
CVE-2022-32250Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-36760PAN-OS is not affected as PAN-OS does not use the vulnerable mod_proxy_ajp.
CVE-2022-37454This issue is only practical to exploit only when the memory limit is raised from its default to a value larger than 4 GiB. PAN-OS has safer and restricted limits that do not enable exploting this vulnerability.
CVE-2022-38023Though PAN-OS software contains Samba packages, there isn't a Samba file and print server that runs in PAN-OS software. This CVE can not be exploited on PAN-OS.
CVE-2022-39188Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-39189Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-40133Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-40897PAN-OS does not allow customers to install custom packages.
CVE-2022-41218Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-41222Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-41716The CVE is specific to the Go distribution on Windows. Does not apply to PAN-OS.
CVE-2022-42703Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-42720Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-42721Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-42722Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-42898The vulnerable function/feature krb5_pac_parse() is not called from PAN-OS.
CVE-2022-43750Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-45198The GIF images that are processed come with PAN-OS and cannot be submitted through any form of user input, so this is not exploitable.
CVE-2022-45199The TIFF images that are processed come with PAN-OS and cannot be submitted through any form of user input, so this is not exploitable.
CVE-2022-45869Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-45884Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-45887Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2022-45919Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-0266Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-0386Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-0394Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-0459Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-0461Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-0597Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-1075Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-1095Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-1118Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-1281Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-1382Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-1829Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-1989Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-2124Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-2177Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-2235Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-2513Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-3090Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-3141Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-3161Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-3390Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-3609Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-3611Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-3772Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-3776Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-3812Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-3961PAN-OS is not affected as the vulnerable functionality is not used in PAN-OS.
CVE-2023-4004Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-4132Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-4155Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-4206Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-4207Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-4208Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-4622Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-4623Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-4732Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-4921Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-5178The affected kernel component is not used by PAN-OS.
CVE-2023-5633Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-6546Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-6817Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-20900There are no scenarios that enable successful exploitation of this vulnerability on PAN-OS.
CVE-2023-22998Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-23455Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-23931The vulnerable functions/features are not used in PAN-OS. Prerequities for this CVE do not exist on PAN-OS.
CVE-2023-25690PAN-OS does not use the vulnerable component mod_proxy or mod_rewrite.
CVE-2023-25775PAN-OS does not use the vulnerable drivers.
CVE-2023-26545Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-29400PAN-OS is not affected as it does not use the vulnerable functionality
CVE-2023-29403PAN-OS is not affected as prerequisites for this vulnerability do not exist in PAN-OS.
CVE-2023-31436Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-32233Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-33203Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-33733PAN-OS is not affected as the underlying operating system components used by PAN-OS are not affected
CVE-2023-33951Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-34058There are no scenarios that enable successful exploitation of this vulnerability on PAN-OS.
CVE-2023-34059There are no scenarios that enable successful exploitation of this vulnerability on PAN-OS.
CVE-2023-35001Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-35788Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-35824Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-37920The vulnerable component is not used in PAN-OS.
CVE-2023-38408This issue affects ssh-agent, which is not used or enabled in PAN-OS.
CVE-2023-40217The vulnerable Python features are not used in PAN-OS.
CVE-2023-42753Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2023-44271PAN-OS is not affected as PAN-OS does not process untrusted images with pillow.
CVE-2023-45283The CVE is specific to the Go distribution on Windows. Does not apply to PAN-OS.
CVE-2023-45284The CVE is specific to the Go distribution on Windows. Does not apply to PAN-OS.
CVE-2023-46324The affected component is not used in PAN-OS.
CVE-2023-50447PAN-OS does not make use of the ImageMath module. Therefore, its eval() method is never called.
CVE-2023-51384This issue affects ssh-agent, which is not used or enabled in PAN-OS.
CVE-2023-51385The ssh configuration file on PAN-OS does not contain the vulnerable configuration settings. Therefore, PAN-OS is not affected.
CVE-2023-51781Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with.
CVE-2024-4577This is a Windows-specific vulnerability, and does not impact PAN-OS.

Product Status

VersionsAffectedUnaffected
PAN-OS NoneAll

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of these issues in any of our products.

Solution

No software updates are required at this time.

© 2024 Palo Alto Networks, Inc. All rights reserved.