Palo Alto Networks Security Advisories / PAN-SA-2024-0013

PAN-SA-2024-0013 Informational Bulletin: Impact of OSS CVEs in PAN-OS


Informational

Description

The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the affected OSS package, PAN-OS does not offer any scenarios required for an attacker to successfully exploit these vulnerabilities and is not impacted.

CVESummary
CVE-2017-12424PAN-OS is not affected as the underlying operating system components used by PAN-OS are not affected.
CVE-2021-3114PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2021-4034PAN-OS is not affected as PAN-OS does not use the affected package.
CVE-2021-31525PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2021-33195PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2021-33197PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2021-33198PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2021-34558PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2021-36221PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2021-44716PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2021-44717PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2022-1664PAN-OS is not affected as the vulnerable component is not used in PAN-OS.
CVE-2022-1705PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2022-2880PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2022-23772PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2022-24675PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2022-24921PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2022-28327PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2022-29526PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2022-30629PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2022-30631PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2022-30632PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2022-32148PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2022-32189PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2022-41715PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2022-41717PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2022-41724PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2022-41725PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2023-24534PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2023-24536PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2023-24539PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2023-29406PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2023-29409PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2023-39318PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2023-39319PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2023-39325PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2023-39326PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2023-44487PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2023-45287PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2023-45289PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2023-45290PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2024-24783PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2024-24784PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2024-24785PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2024-24786PAN-OS is not affected as PAN-OS does not use the vulnerable function.
CVE-2024-24791PAN-OS is not affected as PAN-OS does not use the vulnerable function.

Product Status

VersionsAffectedUnaffected
PAN-OSNone, NoneAll, All

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of these issues in PAN-OS.

Solution

No software updates are required at this time.

© 2024 Palo Alto Networks, Inc. All rights reserved.