PAN-SA-2024-0004 Informational Bulletin: OSS CVEs fixed in PAN-OS
![](/INFO.png)
Informational
Description
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. While it was not determined that these CVEs have any significant impact on PAN-OS, they have been fixed out of an abundance of caution.
CVE | Summary |
---|---|
CVE-2015-5739 | This CVE is fixed in PAN-OS 11.0.4, and all later PAN-OS versions. |
CVE-2017-8923 | This CVE is fixed in PAN-OS 10.2.8, 11.0.3, and all later PAN-OS versions. |
CVE-2017-9120 | This CVE is fixed in PAN-OS 10.2.8, 11.0.3, and all later PAN-OS versions. |
CVE-2019-10081 | This CVE is fixed in PAN-OS 10.2.0, and all later PAN-OS versions. |
CVE-2019-10082 | This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions. |
CVE-2019-17626 | This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions. |
CVE-2019-18874 | This CVE is fixed in PAN-OS 10.2.0, and all later PAN-OS versions. |
CVE-2019-19450 | This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions. |
CVE-2019-20916 | This CVE is fixed in PAN-OS 10.2.0, and all later PAN-OS versions. |
CVE-2020-5311 | This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions. |
CVE-2020-5312 | This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions. |
CVE-2020-11984 | This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions. |
CVE-2020-12403 | This CVE is fixed in PAN-OS 10.2.8, 11.0.4, 11.1.0, and all later PAN-OS versions. |
CVE-2020-14145 | This CVE is fixed in PAN-OS 10.2.3, and all later PAN-OS versions. |
CVE-2020-25658 | This CVE is fixed in PAN-OS 11.1.3, and all later PAN-OS versions. |
CVE-2020-27619 | This CVE is fixed in PAN-OS 10.2.8, 11.1.0, and all later PAN-OS versions. |
CVE-2020-35527 | This CVE is fixed in PAN-OS 11.0.4, 11.1.4, and all later PAN-OS versions. |
CVE-2020-36242 | This CVE is fixed in PAN-OS 11.2.0, and all later PAN-OS versions. |
CVE-2021-3177 | This CVE is fixed in PAN-OS 10.2.8, 11.0.4, and all later PAN-OS versions. |
CVE-2021-20231 | This CVE is fixed in PAN-OS 11.2.0, and all later PAN-OS versions. |
CVE-2021-20232 | This CVE is fixed in PAN-OS 11.2.0, and all later PAN-OS versions. |
CVE-2021-21708 | This CVE is fixed in PAN-OS 10.2.8, 11.0.3, 11.1.0, and all later PAN-OS versions. |
CVE-2021-25287 | This CVE is fixed in PAN-OS 11.0.5, 11.2.0, and all later PAN-OS versions. |
CVE-2021-25288 | This CVE is fixed in PAN-OS 11.0.5, 11.2.0, and all later PAN-OS versions. |
CVE-2021-26691 | This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions. |
CVE-2021-34552 | This CVE is fixed in PAN-OS 11.0.5, 11.2.0, and all later PAN-OS versions. |
CVE-2021-39275 | This CVE is fixed in PAN-OS 10.2.8, 11.0.2, and all later PAN-OS versions. |
CVE-2021-40438 | This CVE is fixed in PAN-OS 10.2.0, 11.0.0, and all later PAN-OS versions. |
CVE-2021-43527 | This CVE is fixed in PAN-OS 10.2.8, 11.0.4, and all later PAN-OS versions. |
CVE-2021-46848 | This CVE is fixed in PAN-OS 11.1.3, and all later PAN-OS versions. |
CVE-2022-1271 | This CVE is fixed in PAN-OS 11.0.4, 11.1.3, and all later PAN-OS versions. |
CVE-2022-3515 | This CVE is fixed in PAN-OS 10.2.5, 11.0.3, and all later PAN-OS versions. |
CVE-2022-22720 | This CVE is fixed in PAN-OS 10.2.8, 11.0.2, and all later PAN-OS versions. |
CVE-2022-22721 | This CVE is fixed in PAN-OS 10.2.8, 11.0.2, and all later PAN-OS versions. |
CVE-2022-23943 | This CVE is fixed in PAN-OS 10.2.8, 11.0.2, and all later PAN-OS versions. |
CVE-2022-27404 | This CVE is fixed in PAN-OS 10.2.4, 11.0.1, and all later PAN-OS versions. |
CVE-2022-31676 | This CVE is fixed in PAN-OS 10.1.9, 10.2.4, 11.0.1, and all later PAN-OS versions. |
CVE-2022-31813 | This CVE is fixed in PAN-OS 10.2.8, 11.0.2, and all later PAN-OS versions. |
CVE-2022-37454 | This CVE is fixed in PAN-OS 10.2.8, 11.0.3, and all later PAN-OS versions. |
CVE-2022-47629 | This CVE is fixed in PAN-OS 10.2.5, 11.0.2, and all later PAN-OS versions. |
CVE-2023-2650 | This CVE is fixed in PAN-OS 9.1.17, 10.1.11, 10.2.5, 11.0.3, and all later PAN-OS versions. |
CVE-2023-0286 | This CVE is fixed in PAN-OS 10.2.5, 11.0.2, and all later PAN-OS versions. |
Product Status
Versions | Affected | Unaffected |
---|---|---|
PAN-OS | Versions prior to those listed above | Versions listed above |
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of these issues in PAN-OS software.
Solution
No software updates are required at this time.