PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
Informational
Description
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the affected OSS package, PAN-OS does not offer any scenarios required for an attacker to successfully exploit these vulnerabilities and is not impacted.
| CVE | Summary |
|---|---|
| CVE-2017-8923 | This issue is only practical to exploit only when the memory limit is raised from its default to a value larger than 2 GiB. PAN-OS limits it to 128MB. |
| CVE-2017-9120 | This only impacts PHP scripts calling mysqli_real_escape_string(). PAN-OS does not make use of this function. |
| CVE-2017-18342 | Prerequisites for exploitating the vulnerable function do not exist on PAN-OS. |
| CVE-2019-1551 | PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL versions. |
| CVE-2019-16865 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
| CVE-2019-16905 | PAN-OS is not affected as our OpenSSH build does not support XMSS. |
| CVE-2019-19523 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2019-19528 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2019-19911 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
| CVE-2020-0404 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-0431 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-0466 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-1967 | PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL function. |
| CVE-2020-5310 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
| CVE-2020-5313 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
| CVE-2020-7760 | CodeMirror bundled in PAN-OS does not have vulnerable code parts |
| CVE-2020-10379 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
| CVE-2020-11538 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
| CVE-2020-11608 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-12114 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-12321 | This only impacts some Intel Wireless Bluetooth devices, which are not part of any products. |
| CVE-2020-12362 | This only impacts Intel(R) Graphics Drivers for Windows. Does not affect PAN-OS. |
| CVE-2020-12363 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-12364 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-13757 | The vulnerable API isn't used in PAN-OS. |
| CVE-2020-14314 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-14351 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-15778 | File uploads to PAN-OS can only be initiated from within the PAN-OS firewall CLI. This CVE requires initiating the file upload from an external system, so PAN-OS is not affected. |
| CVE-2020-24394 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-24504 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-25211 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-25212 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-25284 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-25285 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-25717 | Though PAN-OS software contains Samba packages, there isn't a Samba file and print server that runs in PAN-OS software. This CVE can not be exploited on PAN-OS. |
| CVE-2020-26541 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-27152 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-27835 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-28915 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-28974 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-29368 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-29661 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-35508 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-35653 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
| CVE-2020-35654 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
| CVE-2020-36312 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-36322 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-36385 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-36558 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2020-36694 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-0342 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-0512 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-0920 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-0941 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-3347 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-3428 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-3450 | PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL versions. |
| CVE-2021-3489 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-3501 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-3564 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-3609 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-3635 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-3653 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-3659 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-3669 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-3679 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-3743 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-3744 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-3764 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-3773 | PAN-OS is not affected as the vulnerable functionality is not used in PAN-OS. |
| CVE-2021-3923 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-4002 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-4028 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-4083 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-4093 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-4154 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-4155 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-20239 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-20317 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-20321 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-20325 | The affected components are not present or not used in PAN-OS. |
| CVE-2021-21706 | This is a Windows-specific vulnerability, and does not impact PAN-OS. |
| CVE-2021-21708 | This only affects PHP scripts that use FILTER_VALIDATE_FLOAT. PAN-OS does not make use of this function. |
| CVE-2021-21781 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-22543 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-22555 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-23133 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-23840 | PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL versions. |
| CVE-2021-23841 | PAN-OS is not affected as PAN-OS does not use the vulnerable OpenSSL function. |
| CVE-2021-25217 | Prerequities for this CVE do not exist on PAN-OS. |
| CVE-2021-25289 | PAN-OS is not affected by this CVE as the underlying operating system used by PAN-OS is not affected. |
| CVE-2021-25290 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
| CVE-2021-25291 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
| CVE-2021-25293 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
| CVE-2021-26708 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-27364 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-27365 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-27921 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
| CVE-2021-27922 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
| CVE-2021-27923 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
| CVE-2021-28676 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
| CVE-2021-28677 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
| CVE-2021-28950 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-29646 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-30002 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-30139 | PAN-OS is not affected as PAN-OS does not use Alpine Linux. |
| CVE-2021-31440 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-31829 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-31916 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-32399 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-33034 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-33655 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-33909 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-33910 | The vulnerable systemd software is not included in PAN-OS. |
| CVE-2021-36159 | PAN-OS is not affected as external FTP is disabled, and PAN-OS does not use vulnerable component libfetch/apk-tools. |
| CVE-2021-36368 | PAN-OS is not affected as the underlying operating system used by PAN-OS is not affected |
| CVE-2021-37159 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-37576 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-41864 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-42739 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-43056 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-43267 | The affected functionality does not exist in the kernel version used by PAN-OS. |
| CVE-2021-43975 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-43976 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-44733 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2021-44790 | PAN-OS does not use the vulnerable mod_lua or proxy forwarding. |
| CVE-2022-0001 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-0002 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-0168 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-0185 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-0286 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-0322 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-0330 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-0492 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-0494 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-0516 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-0617 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-0847 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-0850 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-0854 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-1016 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-1048 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-1055 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-1158 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-1184 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-1292 | PAN-OS is not affected as the "c_rehash" script affected by this CVE is not shipped with PAN-OS. |
| CVE-2022-1462 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-1586 | PAN-OS is not affected as the vulnerable functionality is not used in PAN-OS. |
| CVE-2022-1679 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-1729 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-1941 | PAN-OS is not affected by this CVE as the underlying operating system components used by PAN-OS are not affected. |
| CVE-2022-2068 | PAN-OS is not affected as the "c_rehash" script affected by this CVE is not shipped with PAN-OS. |
| CVE-2022-2078 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-2153 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-2196 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-2526 | The vulnerable systemd software is not included in PAN-OS. |
| CVE-2022-2586 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-2588 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-2639 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-2873 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-2964 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-3105 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-3106 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-3107 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-3108 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-3239 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-3524 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-3625 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-3707 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-4139 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-4269 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-4378 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-4662 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-4744 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-20141 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-20368 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-20572 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-21123 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-21125 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-22721 | Exploit requires request body to be 350 MB. The request size in PAN-OS is 1MB. Therefore, this CVE does not impact PAN-OS. |
| CVE-2022-22817 | PAN-OS does not make use of the ImageMath module. Therefore, its eval() method is never called. |
| CVE-2022-22942 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-23960 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-24303 | PAN-OS is not affected by this CVE as the underlying operating system components used by PAN-OS are not affected. |
| CVE-2022-24448 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-25636 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-27664 | PAN-OS is not affected as it does not use the vulnerable functionality |
| CVE-2022-27666 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-27950 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-28331 | PAN-OS is not affected as the underlying OS components used in PAN-OS are not affected. |
| CVE-2022-28388 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-28390 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-28615 | No code distributed with the httpd server can exploit this flaw and the vulnerable function is not used in PAN-OS. |
| CVE-2022-28893 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-29217 | The vulnerable package is not used in PAN-OS. |
| CVE-2022-29804 | The CVE is specific to the Go distribution on Windows. Does not apply to PAN-OS. |
| CVE-2022-30634 | The CVE is specific to the Go distribution on Windows. Does not apply to PAN-OS. |
| CVE-2022-31625 | PAN-OS does not use the affected PostgreSQL extension. |
| CVE-2022-31626 | PAN-OS does not make use of the vulnerable PHP PDO MySQL driver and hence not impacted. |
| CVE-2022-31628 | PAN-OS does not make use of the vulnerable phar functionality. |
| CVE-2022-31676 | There are no scenarios that enable successful exploitation of this vulnerability on PAN-OS. |
| CVE-2022-32250 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-36760 | PAN-OS is not affected as PAN-OS does not use the vulnerable mod_proxy_ajp. |
| CVE-2022-37454 | This issue is only practical to exploit only when the memory limit is raised from its default to a value larger than 4 GiB. PAN-OS has safer and restricted limits that do not enable exploting this vulnerability. |
| CVE-2022-38023 | Though PAN-OS software contains Samba packages, there isn't a Samba file and print server that runs in PAN-OS software. This CVE can not be exploited on PAN-OS. |
| CVE-2022-39188 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-39189 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-40133 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-40897 | PAN-OS does not allow customers to install custom packages. |
| CVE-2022-41218 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-41222 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-41716 | The CVE is specific to the Go distribution on Windows. Does not apply to PAN-OS. |
| CVE-2022-42703 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-42720 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-42721 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-42722 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-42898 | The vulnerable function/feature krb5_pac_parse() is not called from PAN-OS. |
| CVE-2022-43750 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-45198 | The GIF images that are processed come with PAN-OS and cannot be submitted through any form of user input, so this is not exploitable. |
| CVE-2022-45199 | The TIFF images that are processed come with PAN-OS and cannot be submitted through any form of user input, so this is not exploitable. |
| CVE-2022-45869 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-45884 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-45887 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2022-45919 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-0266 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-0386 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-0394 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-0459 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-0461 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-0597 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-1075 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-1095 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-1118 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-1281 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-1382 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-1829 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-1989 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-2124 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-2177 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-2235 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-2513 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-3090 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-3141 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-3161 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-3390 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-3609 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-3611 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-3772 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-3776 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-3812 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-3961 | PAN-OS is not affected as the vulnerable functionality is not used in PAN-OS. |
| CVE-2023-4004 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-4132 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-4155 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-4206 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-4207 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-4208 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-4622 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-4623 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-4732 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-4921 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-5178 | The affected kernel component is not used by PAN-OS. |
| CVE-2023-5633 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-6546 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-6817 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-20900 | There are no scenarios that enable successful exploitation of this vulnerability on PAN-OS. |
| CVE-2023-22998 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-23455 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-23931 | The vulnerable functions/features are not used in PAN-OS. Prerequities for this CVE do not exist on PAN-OS. |
| CVE-2023-25690 | PAN-OS does not use the vulnerable component mod_proxy or mod_rewrite. |
| CVE-2023-25775 | PAN-OS does not use the vulnerable drivers. |
| CVE-2023-26545 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-29400 | PAN-OS is not affected as it does not use the vulnerable functionality |
| CVE-2023-29403 | PAN-OS is not affected as prerequisites for this vulnerability do not exist in PAN-OS. |
| CVE-2023-31436 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-32233 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-33203 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-33733 | PAN-OS is not affected as the underlying operating system components used by PAN-OS are not affected |
| CVE-2023-33951 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-34058 | There are no scenarios that enable successful exploitation of this vulnerability on PAN-OS. |
| CVE-2023-34059 | There are no scenarios that enable successful exploitation of this vulnerability on PAN-OS. |
| CVE-2023-35001 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-35788 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-35824 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-37920 | The vulnerable component is not used in PAN-OS. |
| CVE-2023-38408 | This issue affects ssh-agent, which is not used or enabled in PAN-OS. |
| CVE-2023-40217 | The vulnerable Python features are not used in PAN-OS. |
| CVE-2023-42753 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2023-44271 | PAN-OS is not affected as PAN-OS does not process untrusted images with pillow. |
| CVE-2023-45283 | The CVE is specific to the Go distribution on Windows. Does not apply to PAN-OS. |
| CVE-2023-45284 | The CVE is specific to the Go distribution on Windows. Does not apply to PAN-OS. |
| CVE-2023-46324 | The affected component is not used in PAN-OS. |
| CVE-2023-50447 | PAN-OS does not make use of the ImageMath module. Therefore, its eval() method is never called. |
| CVE-2023-51384 | This issue affects ssh-agent, which is not used or enabled in PAN-OS. |
| CVE-2023-51385 | The ssh configuration file on PAN-OS does not contain the vulnerable configuration settings. Therefore, PAN-OS is not affected. |
| CVE-2023-51781 | Exploit requires shell access on PAN-OS, or ability to run arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. |
| CVE-2024-4577 | This is a Windows-specific vulnerability, and does not impact PAN-OS. |
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| PAN-OS | None | All |
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of these issues in any of our products.
Solution
No software updates are required at this time.