PAN-SA-2025-0012 Informational Bulletin: OSS CVEs Fixed in PAN-OS

Informational
Description
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. While it was not determined that these CVEs have any significant impact on PAN-OS, they have been fixed out of an abundance of caution.
CVE | Summary |
---|---|
CVE-2019-5827 | This CVE is fixed in PAN-OS 11.1.4, and all later versions of PAN-OS. |
CVE-2019-13750 | This CVE is fixed in PAN-OS 11.1.4, and all later versions of PAN-OS. |
CVE-2019-13751 | This CVE is fixed in PAN-OS 11.1.4, and all later versions of PAN-OS. |
CVE-2019-19603 | This CVE is fixed in PAN-OS 11.1.4, and all later versions of PAN-OS. |
CVE-2020-9283 | This CVE is fixed in PAN-OS 11.2.5, and all later versions of PAN-OS. |
CVE-2020-13434 | This CVE is fixed in PAN-OS 11.1.4, and all later versions of PAN-OS. |
CVE-2020-13435 | This CVE is fixed in PAN-OS 11.1.4, and all later versions of PAN-OS. |
CVE-2020-14040 | This CVE is fixed in PAN-OS 11.2.5, and all later versions of PAN-OS. |
CVE-2020-15358 | This CVE is fixed in PAN-OS 11.1.4, and all later versions of PAN-OS. |
CVE-2020-29652 | This CVE is fixed in PAN-OS 11.2.5, and all later versions of PAN-OS. |
CVE-2021-20305 | This CVE is fixed in PAN-OS 10.2.11, 11.1.3, and all later versions of PAN-OS. |
CVE-2021-27918 | This CVE is fixed in PAN-OS 11.2.5, and all later versions of PAN-OS |
CVE-2022-1962 | This CVE is fixed in PAN-OS 11.2.5, and all later versions of PAN-OS |
CVE-2022-28131 | This CVE is fixed in PAN-OS 11.2.5, and all later versions of PAN-OS |
CVE-2022-30633 | This CVE is fixed in PAN-OS 11.2.5, and all later versions of PAN-OS |
CVE-2023-3978 | This CVE is fixed in PAN-OS 11.2.5, and all later versions of PAN-OS |
CVE-2023-27536 | This CVE is fixed in PAN-OS 11.1.8, 11.2.5, and all later versions of PAN-OS. |
CVE-2023-28321 | This CVE is fixed in PAN-OS 11.1.8, 11.2.5, and all later versions of PAN-OS. |
CVE-2023-28322 | This CVE is fixed in PAN-OS 11.1.8, 11.2.5, and all later versions of PAN-OS. |
CVE-2023-38546 | This CVE is fixed in PAN-OS 11.1.8, 11.2.5, and all later versions of PAN-OS. |
CVE-2023-43804 | This CVE is fixed in PAN-OS 10.2.14, 11.1.5, 11.2.5, and all later versions of PAN-OS. |
CVE-2023-46218 | This CVE is fixed in PAN-OS 11.1.8, 11.2.5, and all later versions of PAN-OS. |
CVE-2024-1086 | This CVE is fixed in PAN-OS 10.2.11, 11.1.5, 11.2.3, and all later versions of PAN-OS. |
CVE-2024-34155 | This CVE is fixed in PAN-OS 11.2.5, and all later versions of PAN-OS |
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Solution
The OSS CVEs are fixed in the respective PAN-OS versions.