PAN-SA-2024-0004 Informational Bulletin: OSS CVEs fixed in PAN-OS
Informational
Description
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. While it was not determined that these CVEs have any significant impact on PAN-OS, they have been fixed out of an abundance of caution.
| CVE | Summary |
|---|---|
| CVE-2017-8923 | This CVE is fixed in PAN-OS 10.2.8, 11.0.3, and all later PAN-OS versions. |
| CVE-2017-9120 | This CVE is fixed in PAN-OS 10.2.8, 11.0.3, and all later PAN-OS versions. |
| CVE-2020-25658 | This CVE is fixed in PAN-OS 11.1.3, and all later PAN-OS versions. |
| CVE-2021-21708 | This CVE is fixed in PAN-OS 10.2.8, 11.0.3, 11.1.0, and all later PAN-OS versions. |
| CVE-2021-43527 | This CVE is fixed in PAN-OS 10.2.8, 11.0.4, and all later PAN-OS versions. |
| CVE-2022-1271 | This CVE is fixed in PAN-OS 11.0.4, 11.1.3, and all later PAN-OS versions. |
| CVE-2022-3515 | This CVE is fixed in PAN-OS 10.2.5, 11.0.3, and all later PAN-OS versions. |
| CVE-2022-31676 | This CVE is fixed in PAN-OS 10.1.9, 10.2.4, 11.0.1, and all later PAN-OS versions. |
| CVE-2022-37454 | This CVE is fixed in PAN-OS 10.2.8, 11.0.3, and all later PAN-OS versions. |
| CVE-2022-47629 | This CVE is fixed in PAN-OS 10.2.5, 11.0.2, and all later PAN-OS versions. |
| CVE-2023-0286 | This CVE is fixed in PAN-OS 10.2.5, 11.0.2, and all later PAN-OS versions. |
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| PAN-OS | Versions prior to those listed above | Versions listed above |
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of these issues in PAN-OS software.
Solution
No software updates are required at this time.