{"success":true,"data":[{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2026-0228","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Improper Validation of Terminal Server Agent Certificate","datePublic":"2026-02-11T17:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-295","description":"CWE-295 Improper Certificate Validation","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-114","descriptions":[{"lang":"en","value":"CAPEC-114 Authentication Abuse"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"],"versions":[{"status":"unaffected","version":"12.1.0","versionType":"custom"},{"status":"affected","version":"11.2.0","lessThan":"11.2.8","changes":[{"at":"11.2.8","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.11","changes":[{"at":"11.1.11","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.17","changes":[{"at":"10.2.17","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","platforms":["PAN-OS"],"versions":[{"status":"affected","version":"10.2.0","lessThan":"10.2.10-h28","changes":[{"at":"11.2.7-h10","status":"unaffected"},{"at":"10.2.10-h28","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.0","versionEndExcluding":"11.1.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.17"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:PAN-OS:*:*","versionStartIncluding":"11.2.7","versionEndExcluding":"11.2.7-h10"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:PAN-OS:*:*","versionStartIncluding":"10.2.10","versionEndExcluding":"10.2.10-h28"}]}]}],"descriptions":[{"lang":"en","value":"An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.","supportingMedia":[{"type":"text/html","base64":false,"value":"An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so."}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0228","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"MEDIUM","baseScore":5.3,"threatSeverity":"LOW","threatScore":1.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber"}}],"configurations":[{"lang":"eng","value":"This issue only affects PAN-OS devices that connect to Terminal Server agents on Windows.\n\n\nFollow these steps to check if PAN-OS devices connect to the Terminal Server agent (https://docs.paloaltonetworks.com/ngfw/administration/user-id/map-ip-addresses-to-users/configure-user-mapping-for-terminal-server-users/configure-the-palo-alto-networks-terminal-services-agent-for-user-mapping):\n\nDevice > User Identification > Terminal Server Agents","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue only affects PAN-OS devices that connect to Terminal Server agents on Windows.<br><p>Follow these steps to check if <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/administration/user-id/map-ip-addresses-to-users/configure-user-mapping-for-terminal-server-users/configure-the-palo-alto-networks-terminal-services-agent-for-user-mapping\">PAN-OS devices connect to the Terminal Server agent</a>:</p><p>Device &gt; User Identification &gt; Terminal Server Agents</p>"}]}],"workarounds":[{"lang":"eng","value":"No known workarounds exist for this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"No known workarounds exist for this issue."}]}],"solutions":[{"lang":"eng","value":"VERSION                        MINOR VERSION            SUGGESTED SOLUTION\nCloud NGFW                                              No action needed.\nPAN-OS 12.1                                             No action needed.\nPAN-OS 11.2                    11.2.0 through 11.2.7    Upgrade to 11.2.8 or later.\nPAN-OS 11.1                    11.1.0 through 11.1.10   Upgrade to 11.1.11 or later.\nPAN-OS 10.2                    10.2.0 through 10.2.16   Upgrade to 10.2.17 or later.\nAll older                                               Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\nPrisma Access 11.2 on PAN-OS   11.2.0 through 11.2.7    Upgrade to 11.2.7-h10 or later.\nPrisma Access 10.2 on PAN-OS   10.2.0 through 10.2.10   Upgrade to 10.2.10-h28 or later.","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>Cloud NGFW<br></td><td></td><td>No action needed.</td></tr><tr><td>PAN-OS 12.1<br></td><td></td><td>No action needed.</td></tr><tr>\n                                <td>PAN-OS 11.2<br></td>\n                                <td>11.2.0 through 11.2.7</td>\n                                <td>Upgrade to 11.2.8 or later.</td>\n                            </tr><tr>\n                                <td>PAN-OS 11.1<br></td>\n                                <td>11.1.0 through 11.1.10</td>\n                                <td>Upgrade to 11.1.11 or later.</td>\n                            </tr><tr>\n                                <td>PAN-OS 10.2<br></td>\n                                <td>10.2.0 through 10.2.16</td>\n                                <td>Upgrade to 10.2.17 or later.</td>\n                            </tr><tr><td>All older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr><tr>\n                                    <td>Prisma Access 11.2 on PAN-OS<br></td>\n                                    <td>11.2.0 through 11.2.7</td>\n                                    <td>Upgrade to 11.2.7-h10 or later.</td>\n                                </tr><tr>\n                                    <td>Prisma Access 10.2 on PAN-OS</td>\n                                    <td>10.2.0 through 10.2.10</td>\n                                    <td>Upgrade to 10.2.10-h28 or later.</td>\n                                </tr></tbody></table>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2026-02-11T17:00:00.000Z","lang":"en","value":"Initial Publication"}],"credits":[{"lang":"en","value":"Paolo Nero of Wellcomm Engineering","type":"finder"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.7-h8","PAN-OS 11.2.7-h7","PAN-OS 11.2.7-h4","PAN-OS 11.2.7-h3","PAN-OS 11.2.7-h2","PAN-OS 11.2.7-h1","PAN-OS 11.2.7","PAN-OS 11.2.6","PAN-OS 11.2.5","PAN-OS 11.2.4-h15","PAN-OS 11.2.4-h14","PAN-OS 11.2.4-h12","PAN-OS 11.2.4-h11","PAN-OS 11.2.4-h10","PAN-OS 11.2.4-h9","PAN-OS 11.2.4-h8","PAN-OS 11.2.4-h7","PAN-OS 11.2.4-h6","PAN-OS 11.2.4-h5","PAN-OS 11.2.4-h4","PAN-OS 11.2.4-h3","PAN-OS 11.2.4-h2","PAN-OS 11.2.4-h1","PAN-OS 11.2.4","PAN-OS 11.2.3-h5","PAN-OS 11.2.3-h4","PAN-OS 11.2.3-h3","PAN-OS 11.2.3-h2","PAN-OS 11.2.3-h1","PAN-OS 11.2.3","PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.10-h12","PAN-OS 11.1.10-h10","PAN-OS 11.1.10-h9","PAN-OS 11.1.10-h7","PAN-OS 11.1.10-h5","PAN-OS 11.1.10-h4","PAN-OS 11.1.10-h1","PAN-OS 11.1.10","PAN-OS 11.1.9","PAN-OS 11.1.8","PAN-OS 11.1.6-h25","PAN-OS 11.1.6-h23","PAN-OS 11.1.6-h22","PAN-OS 11.1.6-h21","PAN-OS 11.1.6-h20","PAN-OS 11.1.6-h19","PAN-OS 11.1.6-h18","PAN-OS 11.1.6-h17","PAN-OS 11.1.6-h14","PAN-OS 11.1.6-h10","PAN-OS 11.1.6-h7","PAN-OS 11.1.6-h6","PAN-OS 11.1.6-h4","PAN-OS 11.1.6-h3","PAN-OS 11.1.6-h2","PAN-OS 11.1.6-h1","PAN-OS 11.1.6","PAN-OS 11.1.5-h1","PAN-OS 11.1.5","PAN-OS 11.1.4-h27","PAN-OS 11.1.4-h25","PAN-OS 11.1.4-h18","PAN-OS 11.1.4-h17","PAN-OS 11.1.4-h15","PAN-OS 11.1.4-h13","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 10.2.16-h6","PAN-OS 10.2.16-h4","PAN-OS 10.2.16-h1","PAN-OS 10.2.16","PAN-OS 10.2.15","PAN-OS 10.2.14-h1","PAN-OS 10.2.14","PAN-OS 10.2.13-h18","PAN-OS 10.2.13-h16","PAN-OS 10.2.13-h15","PAN-OS 10.2.13-h10","PAN-OS 10.2.13-h7","PAN-OS 10.2.13-h5","PAN-OS 10.2.13-h4","PAN-OS 10.2.13-h3","PAN-OS 10.2.13-h2","PAN-OS 10.2.13-h1","PAN-OS 10.2.13","PAN-OS 10.2.12-h6","PAN-OS 10.2.12-h5","PAN-OS 10.2.12-h4","PAN-OS 10.2.12-h3","PAN-OS 10.2.12-h2","PAN-OS 10.2.12-h1","PAN-OS 10.2.12","PAN-OS 10.2.11-h13","PAN-OS 10.2.11-h12","PAN-OS 10.2.11-h11","PAN-OS 10.2.11-h10","PAN-OS 10.2.11-h9","PAN-OS 10.2.11-h8","PAN-OS 10.2.11-h7","PAN-OS 10.2.11-h6","PAN-OS 10.2.11-h5","PAN-OS 10.2.11-h4","PAN-OS 10.2.11-h3","PAN-OS 10.2.11-h2","PAN-OS 10.2.11-h1","PAN-OS 10.2.11","PAN-OS 10.2.10-h27","PAN-OS 10.2.10-h26","PAN-OS 10.2.10-h23","PAN-OS 10.2.10-h21","PAN-OS 10.2.10-h18","PAN-OS 10.2.10-h17","PAN-OS 10.2.10-h14","PAN-OS 10.2.10-h13","PAN-OS 10.2.10-h12","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h21","PAN-OS 10.2.9-h20","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h21","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h32","PAN-OS 10.2.7-h24","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-4619","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Packets","datePublic":"2025-11-12T17:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-754","description":"CWE-754 Improper Check for Unusual or Exceptional Conditions","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-129","descriptions":[{"lang":"en","value":"CAPEC-129: Pointer Manipulation"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:-:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h20:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h19:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h20:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h19:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"],"versions":[{"status":"unaffected","version":"12.1.0","versionType":"custom"},{"status":"affected","version":"11.2.0","lessThan":"11.2.5","changes":[{"at":"11.2.5","status":"unaffected"},{"at":"11.2.4-h4","status":"unaffected"},{"at":"11.2.3-h6","status":"unaffected"},{"at":"11.2.2-h2","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.7","changes":[{"at":"11.1.7","status":"unaffected"},{"at":"11.1.6-h1","status":"unaffected"},{"at":"11.1.4-h13","status":"unaffected"},{"at":"11.1.4-h4","status":"affected"},{"at":"11.1.3-h2","status":"affected"},{"at":"11.1.2-h18","status":"unaffected"},{"at":"11.1.2-h9","status":"affected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.14","changes":[{"at":"10.2.14","status":"unaffected"},{"at":"10.2.13-h3","status":"unaffected"},{"at":"10.2.12-h6","status":"unaffected"},{"at":"10.2.11-h12","status":"unaffected"},{"at":"10.2.10-h14","status":"unaffected"},{"at":"10.2.10-h2","status":"affected"},{"at":"10.2.9-h21","status":"unaffected"},{"at":"10.2.9-h6","status":"affected"},{"at":"10.2.8-h21","status":"unaffected"},{"at":"10.2.8-h10","status":"affected"},{"at":"10.2.7-h24","status":"unaffected"},{"at":"10.2.7-h11","status":"affected"},{"at":"10.2.4-h25","status":"affected"}],"versionType":"custom"},{"status":"unaffected","version":"10.1.0","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","platforms":["PAN-OS"],"versions":[{"status":"affected","version":"10.2.0","lessThan":"10.2.10-h14","changes":[{"at":"11.2.4-h4","status":"unaffected"},{"at":"10.2.10-h14","status":"unaffected"},{"at":"10.2.4-h25","status":"affected"}],"versionType":"custom"}],"defaultStatus":"unaffected"}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.4","versionEndExcluding":"11.2.4-h4"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.3","versionEndExcluding":"11.2.3-h6"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.2","versionEndExcluding":"11.2.2-h2"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.0","versionEndExcluding":"11.1.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.6","versionEndExcluding":"11.1.6-h1"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.4","versionEndExcluding":"11.1.4-h13"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.4","versionEndExcluding":"11.1.4-h4"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.3","versionEndExcluding":"11.1.3-h2"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.2","versionEndExcluding":"11.1.2-h18"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.2","versionEndExcluding":"11.1.2-h9"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.13","versionEndExcluding":"10.2.13-h3"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.12","versionEndExcluding":"10.2.12-h6"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.11","versionEndExcluding":"10.2.11-h12"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.10","versionEndExcluding":"10.2.10-h14"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.10","versionEndExcluding":"10.2.10-h2"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.9","versionEndExcluding":"10.2.9-h21"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.9","versionEndExcluding":"10.2.9-h6"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.8","versionEndExcluding":"10.2.8-h21"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.8","versionEndExcluding":"10.2.8-h10"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.7","versionEndExcluding":"10.2.7-h24"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.7","versionEndExcluding":"10.2.7-h11"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:PAN-OS:*:*","versionStartIncluding":"11.2.4","versionEndExcluding":"11.2.4-h4"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:PAN-OS:*:*","versionStartIncluding":"10.2.10","versionEndExcluding":"10.2.10-h14"}]}]}],"descriptions":[{"lang":"en","value":"A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.\n\nThis issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma® Access software. This issue does not affect Cloud NGFW.\n\nWe have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows. Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process.","supportingMedia":[{"type":"text/html","base64":false,"value":"A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.<br><br>This issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma® Access software. This issue does not affect Cloud NGFW.<br><br>​​We have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows.  Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process."}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2025-4619","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"HIGH","baseScore":8.7,"threatSeverity":"MEDIUM","threatScore":6.6,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"eng","value":"This issue is only applicable to firewalls where URL proxy or any decrypt-policy is configured.\n\nWhen any decrypt policy is configured, this issue may be encountered regardless of whether traffic matches explicit decrypt, explicit no-decrypt, or none of the decryption policies.","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue is only applicable to firewalls where URL&nbsp;proxy or any decrypt-policy is configured.<br><br>When any decrypt policy is configured, this issue may be encountered regardless of whether traffic matches explicit decrypt, explicit no-decrypt, or none of the decryption policies."}]}],"workarounds":[{"lang":"eng","value":"No known workarounds exist for this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"No known workarounds exist for this issue."}]}],"solutions":[{"lang":"eng","value":"VERSION                     MINOR VERSION            SUGGESTED SOLUTION\nCloud NGFW                                           No action needed.\nPAN-OS 12.1                                          No action needed.\nPAN-OS 11.2                 11.2.0 through 11.2.4    Upgrade to 11.2.4-h4 or 11.2.5 or later.\n                            11.2.0 through 11.2.3    Upgrade to 11.2.3-h6 or 11.2.5 or later.\n                            11.2.0 through 11.2.2    Upgrade to 11.2.2-h2 or 11.2.5 or later.\nPAN-OS 11.1                 11.1.0 through 11.1.6    Upgrade to 11.1.6-h1 or 11.1.7 or later.\n                            11.1.0 through 11.1.4    Upgrade to 11.1.4-h13 or 11.1.7 or later.\n                            11.1.0 through 11.1.3    Remain on a version older than 11.1.3-h2 or upgrade to\n                                                     11.1.4-h13 or 11.1.7 or later.\n                            11.1.0 through 11.1.2    Upgrade to 11.1.2-h18 or 11.1.7 or later.\nPAN-OS 10.2                 10.2.0 through 10.2.13   Upgrade to 10.2.13-h3 or 10.2.14 or later.\n                            10.2.0 through 10.2.12   Upgrade to 10.2.12-h6 or 10.2.14 or later.\n                            10.2.0 through 10.2.11   Upgrade to 10.2.11-h12 or 10.2.14 or later.\n                            10.2.0 through 10.2.10   Upgrade to 10.2.10-h14 or 10.2.14 or later.\n                            10.2.0 through 10.2.9    Upgrade to 10.2.9-h21 or 10.2.14 or later.\n                            10.2.0 through 10.2.8    Upgrade to 10.2.8-h21 or 10.2.14 or later.\n                            10.2.0 through 10.2.7    Upgrade to 10.2.7-h24 or 10.2.14 or later.\n                            10.2.0 through 10.2.4    Remain on a version older than 10.2.4-h25\nPAN-OS 10.1                                          No action needed.\nAll older                                            Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\n Prisma Access  on PAN-OS   11.2.0 through 11.2.4    Upgrade to 11.2.4-h4 or later\n                            10.2.0 through 10.2.10   Upgrade to 10.2.10-h14 or 11.2.4-h4 or later.\n                            10.2.0 through 10.2.4    Remain on a version older than 10.2.4-h25.","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>Cloud NGFW<br></td><td></td><td>No action needed.</td></tr><tr><td>PAN-OS 12.1<br></td><td></td><td>No action needed.</td></tr><tr>\n                                <td>PAN-OS 11.2<br></td>\n                                <td>11.2.0 through 11.2.4</td>\n                                <td>Upgrade to 11.2.4-h4 or 11.2.5 or later.</td>\n                            </tr><tr>\n                                <td></td>\n                                <td>11.2.0 through 11.2.3</td>\n                                <td>Upgrade to 11.2.3-h6 or 11.2.5 or later.</td>\n                            </tr><tr>\n                                <td></td>\n                                <td>11.2.0 through 11.2.2</td>\n                                <td>Upgrade to 11.2.2-h2 or 11.2.5 or later.</td>\n                            </tr><tr>\n                                <td>PAN-OS 11.1<br></td>\n                                <td>11.1.0 through 11.1.6</td>\n                                <td>Upgrade to 11.1.6-h1 or 11.1.7 or later.</td>\n                            </tr><tr>\n                                <td></td>\n                                <td>11.1.0 through 11.1.4</td>\n                                <td>Upgrade to 11.1.4-h13 or 11.1.7 or later.</td>\n                            </tr><tr>\n                                <td></td>\n                                <td>11.1.0 through 11.1.3</td>\n                                <td>Remain on a version older than 11.1.3-h2 or upgrade to 11.1.4-h13 or 11.1.7 or later.</td>\n                            </tr><tr>\n                                <td></td>\n                                <td>11.1.0 through 11.1.2</td>\n                                <td>Upgrade to 11.1.2-h18 or 11.1.7 or later.</td>\n                            </tr><tr>\n                                <td>PAN-OS 10.2<br></td>\n                                <td>10.2.0 through 10.2.13</td>\n                                <td>Upgrade to 10.2.13-h3 or 10.2.14 or later.</td>\n                            </tr><tr>\n                                <td></td>\n                                <td>10.2.0 through 10.2.12</td>\n                                <td>Upgrade to 10.2.12-h6 or 10.2.14 or later.</td>\n                            </tr><tr>\n                                <td></td>\n                                <td>10.2.0 through 10.2.11</td>\n                                <td>Upgrade to 10.2.11-h12 or 10.2.14 or later.</td>\n                            </tr><tr>\n                                <td></td>\n                                <td>10.2.0 through 10.2.10</td>\n                                <td>Upgrade to 10.2.10-h14 or 10.2.14 or later.</td>\n                            </tr><tr>\n                                <td></td>\n                                <td>10.2.0 through 10.2.9</td>\n                                <td>Upgrade to 10.2.9-h21 or 10.2.14 or later.</td>\n                            </tr><tr>\n                                <td></td>\n                                <td>10.2.0 through 10.2.8</td>\n                                <td>Upgrade to 10.2.8-h21 or 10.2.14 or later.</td>\n                            </tr><tr>\n                                <td></td>\n                                <td>10.2.0 through 10.2.7</td>\n                                <td>Upgrade to 10.2.7-h24 or 10.2.14 or later.</td>\n                            </tr><tr>\n                                <td></td>\n                                <td>10.2.0 through 10.2.4</td>\n                                <td>Remain on a version older than 10.2.4-h25<br></td>\n                            </tr><tr><td>PAN-OS 10.1<br></td><td></td><td>No action needed.</td></tr><tr><td>All older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr><tr><td>&nbsp;Prisma Access&nbsp; on PAN-OS</td><td>11.2.0 through 11.2.4</td><td>Upgrade to 11.2.4-h4&nbsp;or later</td></tr><tr>\n                                    <td><br></td>\n                                    <td>10.2.0 through 10.2.10</td>\n                                    <td>Upgrade to 10.2.10-h14 or 11.2.4-h4 or later.</td>\n                                </tr><tr>\n                                    <td></td>\n                                    <td>10.2.0 through 10.2.4</td>\n                                    <td>Remain on a version older than 10.2.4-h25.</td>\n                                </tr></tbody></table>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.\n\n","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-11-12T17:00:00.000Z","lang":"en","value":"Initial publication"}],"source":{"defect":["PAN-247099"],"discovery":"USER"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.4-h3","PAN-OS 11.2.4-h2","PAN-OS 11.2.4-h1","PAN-OS 11.2.4","PAN-OS 11.2.3-h5","PAN-OS 11.2.3-h4","PAN-OS 11.2.3-h3","PAN-OS 11.2.3-h2","PAN-OS 11.2.3-h1","PAN-OS 11.2.3","PAN-OS 11.2.2-h1","PAN-OS 11.2.2","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.6","PAN-OS 11.1.5-h1","PAN-OS 11.1.5","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 10.2.13-h2","PAN-OS 10.2.13-h1","PAN-OS 10.2.13","PAN-OS 10.2.12-h5","PAN-OS 10.2.12-h4","PAN-OS 10.2.12-h3","PAN-OS 10.2.12-h2","PAN-OS 10.2.12-h1","PAN-OS 10.2.12","PAN-OS 10.2.11-h11","PAN-OS 10.2.11-h10","PAN-OS 10.2.11-h9","PAN-OS 10.2.11-h8","PAN-OS 10.2.11-h7","PAN-OS 10.2.11-h6","PAN-OS 10.2.11-h5","PAN-OS 10.2.11-h4","PAN-OS 10.2.11-h3","PAN-OS 10.2.11-h2","PAN-OS 10.2.11-h1","PAN-OS 10.2.11","PAN-OS 10.2.10-h13","PAN-OS 10.2.10-h12","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.9-h20","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-4614","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Session Token Disclosure Vulnerability","datePublic":"2025-10-08T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-497","description":"CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-151","descriptions":[{"lang":"en","value":"CAPEC-151 Identity Spoofing"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"],"versions":[{"status":"unaffected","version":"12.1.0","versionType":"custom"},{"status":"affected","version":"11.2.0","lessThan":"11.2.8","changes":[{"at":"11.2.8","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.6-h21","changes":[{"at":"11.1.6-h21","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.17","changes":[{"at":"10.2.17","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.6","versionEndExcluding":"11.1.6-h21"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.17"}]}]}],"descriptions":[{"lang":"en","value":"An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked.  \n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.\n\nCloud NGFW and Prisma® Access are not affected by this vulnerability.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. &nbsp;</p><p>The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.</p><p>Cloud NGFW and Prisma® Access are not affected by this vulnerability.</p>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2025-4614","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","subConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"MEDIUM","baseScore":4.8,"threatSeverity":"LOW","threatScore":1.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"The debug option must be enabled on the following URL: https://<ip>/php/utils/debug.php\n\n\n","supportingMedia":[{"type":"text/html","base64":false,"value":"The debug option must be enabled on the following URL: https://&lt;ip&gt;/php/utils/debug.php<br><b><br></b><b><img alt=\"\" src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAtcAAABmCAYAAAAAh72kAAAAAXNSR0IArs4c6QAAAFBlWElmTU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAAC16ADAAQAAAABAAAAZgAAAACSlvNXAAABWWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNi4wLjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgoZXuEHAABAAElEQVR4Ae1dB2AURRd+6Z0Seg+9946AFEWxSxEVKRawgMqvggUpIjZQBMGCFUWlK4KKqCgqvffeewskpJdL/vfNZS6b4/bu0kPyHlx2d/p8s7P7zZs3sx6pLCQiCAgCgoAgIAgIAoKAICAICALZRsA72ylIAoUCgZSUVEqy8C85hSx8jiGXJdWjUNRNKiEICAKCgCAgCAgCgkBeISDkOq+QLqD5JCWnUkKShRKSjQUUUm1EQ84FAUFAEBAEBAFBQBBwFwEh1+4iVcjCQTsdl2BPqgtZJaU6goAgIAgIAoKAICAI5DECQq7zGPCCkF1CYgpFJ6QUhKJIGQQBQUAQEAQEAUFAEChUCAi5LlTN6boycUysY4VYuwZKQggCgoAgIAgIAoKAIJAFBIRcZwG06zWKM2Lt7Unky3+8vT3I29ODPAqB2TUWZSaz+Usy25Un8kJN/p8jUhixyhFgspBIbrVRFooiUQQBQUAQEAQEgRxBwEO24ssRHAt8ImamICCKAX6eilgX+Epks4Ag2HGstc8qyS5KWGUT6ixHz24bZTnjPIy4cf1aWrt2dR7mWLSzat/+Bmrdtn3RBkFqLwgIAnmKgGiu8xTu/MkMixcd2Vj7+3hQkL9X/hQqH3KFZh6/mHgLxSdlbnv3ooZVPjSPyjI7bZRfZc5sviDWE8a+nNloEj6LCIyd8JaQ6yxiJ9EEAUEgawiw3lKksCOAXUHsJdDXs0gRa2P9MaBA/d2VooyVuxjldLjMtlFO5y/pCQKCgCAgCAgCWUVANNdZRe46iaf2sc6whzURtLAwBXElFrZR3nrCGrl5VW/ych3FVZIFxh/1T2GDX1cabHexKjAVK0QFcbeNClGVpSqCgCAgCAgChQABIdeFoBGdVQEfiDEK7IadmYKAbJ64aKE1B5Po69XRdDHWaj5RJtCDBnUMpg61fKhqGS9F0I3pXo/nwCHZkmxqg+0Kq+uxztdbmV210fVWHymvICAICAKCQOFHIMfJ9ezZsxVqAwYMKBDo7dmzR5WjQYMG+VqeHTt2ELDZuXOnKkf//v3VETjB/bvvvqPffvstR8uIT5pn/PKidfGio0xOX7bQ6IVXaeWhRNboEjWv4E0DbwimBzr4q+Bz1sTTj5tiaezSZOLNRKhrLV+a2KcYVQrNWZvtM5dTaPPRROrZzI93+CD6YmUs9W0TQOVL5o7aHNrRqDjH24i4o90HOJGb19OVzZuugTVs6LBr3PLTITH8Enn6+pJ3SLH8LEam83bWRvaJXf3zF/KrVZf8wmrZexWI6/17d9PhQwcKRFmKSiF279xGF86fprLlKjmtckz0Vfrrj+XUpetNFFKipNOwrjzRzufPn6XOXW5yFfQaf95kgH5Y8B21aN2OqlevRSeOH6U9u7bTrbffc01YMwdn+SfEx9Pvy5ZSx843UslSZc2SsLlv4+ebxWKhlm062NwKwklBLVdBwEbKkP8I5Ci51iRRE8f8r561BLt371Yn+UWwR44cqUh148aNCb8mTZooMp3b+CRZMi7agyYWC8YcydTfoglmID8PD6Wa5b0pwDfjXnwP3xhA+MUlptLhc8n0zq/RNI3jTHqw+DXJgZxXGXne5u7DWTZlsj71wRJUvZxzMr7hSCINmxtJexuUodPhKfT2H9FUq5w39SzpZ0svJ0+Ah7fntTuIOMPKmP+xTz+kkx9OMzplOHdJsFNS6L/m9ah87/up9tgJtrgXlv9K+0eNoI6bdpOHj4/N3dFJFL94I7ZuoSoDHnbkTVc2raP9Lz1PSRcvKv/A2nWp/qSpFFijpsPwBc3RrI0clfPsjElU9uGnTMl18uVLFLNhFYXc2IM8AwJVEo7cHKWdE24L5nxDJ44dyYmkJA03Edi6eSNZ3NgiKDIyguZ+/zU1bNws2+Qa7ezP95c75Prwwf108uRx6tKth6pRVOQVJtdz6WpkFFUfUov27t5J38/+KlPk2ln+8bHRqp7Vuf+7Q65/52dRQnxcgSPXBbVcbt6WEqyQI+CYaWWh0kZiXVC01qgGCHXDhg0JBFtrsbNQvSxH0drqSZMm0eTJk9UP+EBLjUEINNb45YYk2b1QzIg18oY5SItqvtSoqs81xNpYNpBuhEHYWCbazuSGaj40b2hJevmWEDp4yUJ3zwh3Fvwav/qVvenwm2WVFvsazxx0cISLIzf7LF0Ra5BuhHFHzi2aS+GrVtqCpqY61qbbAhhOIndso2PvvmVwST9NZY3T3hHDqFijptRy8XJqPm8xefr50P4xI9MDXQdn7rSHO9VIPH2STk98hSxREbbgjtxsnjl4Ao3kgQP7qELFyjmYqiTlCgEvLy+qUKmKq2A55q/buXHT5m6luX7tKpr91We2sMVKhNKnX31Pgx97wuaWmZPM5p+ZtCWsICAIuIdAjpDrgkqsNQT5RbCNuEBbbRT45bZgCz6j4AMxZlI62JMuRma0zzYLC/fzERYqV8z57dO9gT91rONLj3cPpOduCqbwuFQ6et6ax9tLo6nFuItU56XzNPzrCP5qZMayIg+YiLR5/SKtP5KES9pzMpl6Tw2nsFHn6QZ2/2NXgnJ/i9PqNPGiMmeBwzG2GW8y5gKt2G31V4Gc/HGEiyM3YxL2xLrKsGdt3iXbp++pC4INsxF3BNrl5KuRDoPGHj1Ce0Y8RWs6tqQdQwZQ+Jp/VbhzPy+mEx99oM433tlDaamNCcSfOsVEMopK334nBVavTsH1GlC9N6ZQxf6DKZW15hBj2ruHD6WYg/tsScQeOWzLd2v/XnR53Srld/7XJYRrLZFbNhLyR/kTeDoc58e//MR6/Miq2T8x61N1DT816MAXZNwUV+1hTMYSHUknXx1B+25pS0efeJBitm9U3lH//k4nx4xQ50efGkhnJ40nR24IEPnbYjo+cijBzOTgAz1p/z030rmpr1NKbIyKjz8JJ46oMMjnUP876fJC7tNpdQq/eE5NvVuS0/vUieNH1PR6hQoVbWnISe4jULZcBZXJtPfeoC9mTqeZH75PA++/m558tD/N/farawqwf+8uev7pISrMK6OepfBL6bNwiPPr0h9o/OgXlP8Lzz5OawyDYiSm27lR46a0a8dWemzgfRQfF2/L5/dlSwjxIJ/MmEK/cV+KZ80wwv3y0yLl/tILz9B//6xQ5/Z/jh87TC8+N0zl//jDD9DCed/ybZfel4z5I+6pE0dp4tgXVfinnxjMs6jb7ZOk5VyGF54ZqsK8+dordJo16fby9ZczaTD3eeQ56/OPbXkmJSYqtx1b003jjvO9jvqgH0Bio6MI+CP+owP60rKlP9KrL46gpT8usM9GXR89ekjFX7vqH3r2yYdVuV4fO4qOHT2cITzqDQx1uRYvmmPz/+2XxQqnP377RaWFMCgDyiIiCOQ2As7ZkRu5GwlkQdJY2xc9Pwg27KxhBuIIl9zUWOu6G563yglfXjSTyqW86dBFu21FzAKzO8JWCnVurmCMDnMSiC/vVDJzRSxN/yeG+rYMoJd6FqOfmQQPY4JtL/i6Igh5PMe9ynbRfT65TBeiU+ite4pTGNt6D54VQWevpFCH2r50JCKFthy3lv9PTg/x2tRwr3yOcHHkZl8+fQ0yDfMPEGz8Gn3ytTpqf0f22NpPH8NGvkye/v50ZPK1GmgLE7qdTz1CCeHhVGvsRPItXZr2PPkYxRw+RMWbNKfS3W9RyVR//kUKCquhk1RH/8qVyadMGTr02qt0YtbnFLVnJwVUrUrlbruLPDw9yRIXS7ufeYIsCbFU+/V3yIO1fDuffJQsMWwmxL+dwx615jvmdRVv9+OPUOKlC5TML6i44+kv4GQmB/EnjlFqcjKlJiap89Nffkbl+z1AoZ270Jkf59Px99+ligMGUeVHhyhTmlNzv81QVmcXmWmPCx9PJf+adajC/16mlKR4OjlqOJcpgfzrNaRS/QaqbMo+/CQVv+Neh24IYOH6xbBG8fwXM6hM/0epzMChFLHsZzr77jhrMblzHX9uqDLZqfL2dCp5571Mvt+i6I2rlf/C+XMIZOTgAeuaDzju2r6NfNjmvXjJUGsa8jdPEKhY0WprHX7pEv3153Juk3008OHHqXnL1rSUyexSvjeNMue7WcpE4857ejMxPUbvG/rkVR48fvfNl1SsWHEa/OiTFBQUTB9Oe5cO7t9rS0K3c6Uq1SgxIZ7iuI+lWKwKAgSK5X515fJlFb5b91upXv2GBO36I0OfomYtWin3yIgrFBcbq86Nf0AmJ4x5iXzYVOy5ka9Ql+43048L59LGtEEvwhrzRxqvj3uFzU5O0INsNtaxUxf69GPrYFynu4pJ/DdffUp1eOANXM6fO8v7sL+UgYTu27uHtmxcRw8+9DC173Qj/bH8F5oz+0uVRAoP0qO5v8RzXbUkxSeqeifx8wDy7jsTaPPGDXQXY9rnvgdp8Q/z6eiRQyqejmM8JsYnqPgfM3Fu16ET9R/4KJ09d44mjnuZYBuvZf++vXTxwjkaOHgIzwhVogVzv2Mzmh3KOzo6mk7xIGEem/rc3auvyhtlmDJpoo4uR0Eg1xDIls21JtYoHYgkbIudCcwiclNWrlzpVvJ5ZYONxYtm9uc5vXjRUcUtqRnJtLNPmter5ENvLotW5iHYfs6ZwIRky+kkev62EGfBaP7GGCrL2u2dJxPpy3VxFFbckwm5Jy3aHEtda/rQy3cFq/gx8Vbb6mQ7G3Fj4puPJVMka7cXPhlKDdhc5O6WfvTNqjiK4S8uQjsexHfy7zviqVVYMC3bFkddqvtQSIB7Y0dHuDhyM5bHeH5l7VqlidX21fZabWNYs3MfXkBVZ8LbtJuJbcluN2UIFs2LoxLPnKHGH36h7KRLd+1Ol//7ly6v+U/ZWQfWravCl+7SPUM8XIAsN/nsazo29T0mt5MIdNi3YkWqNXo8lerYhaL37FJEuN4775Efa/gCmRBs6X07XWXtHUTl+9HnrPWuRaVv7EYhLdqSJTZO+bn6U/PV16jcrXeoYIcnv02luHxl0gYCkbfdRhd//ZkqPzDAVTLKPzPtUeL2e6kM211DvMqUoxPP8gDh5DEm3HUpsFEL5R7Uuj35lLVqkB25qUD8p/KYdyiggXXWybtYCTo1fiSVG/4S4+pJyefOUPEhT1NQ8zbWX5uO5F3cugYBxKxcuXJUq3Z9nRRt376F6jHBF8lbBAKDgmxaVgxuxk+cRMEhaKfbKJpndX5e8iPdee99tkLd338Q3XZnL3UdHRVDf6/4TcX3SLsJq9eoRc+9OEb5d7qxOw1/fKDS/Naua23rzLRznfoNKKx6TV7kepA6cH90JVcjListdyfui81atlW/Nm1voBIl0te+GPPfvm2TIrDvvDedKletrpL38/OlBfO+t2W1aP731LpNexr6lHVWp3XrNvTU44Np+7Yt1L7jjbZwwK1kqTLqOhGLIplgP8ik15VE8DoHkOBHhgyj7j16quCNmzVnrfJwV1Hpjrt60X0PDlLhmjZrQc8/+wRt3rTBZsvu7x9Ar4x9k7y8vald+440hLXqmHmo3zB9pvi5UaOpAZvFQUJCStCsLz6mK+EXbXVRHvJHEMhhBNxjHzmcaVFKDoMOV6J3EnEVLjf9W4bxPtbMqbel7WvtLC+E8eYXTYtqzGidyL5LKTR8XqQi1h2Z7C4aXkqFPsD21w0q+dpi1qtkTef4xRSbm/3JobNWDUidCl7KK9DPg55gc5NavPgS+2/f2diflu2IU+Yl604lU6/WQfZJFPjrUNbQYGHjwTEvsnb4oq28Maw9gwRUC1NHTx9fCmCyG8+aa3cExLjBtI+p/X8bqS4vZPT09qU9w4aShbXNOu1tD/Sm9d06KGKNNOOOH7NppgPSXsrQrFfq+wBrsKu5ky0FMInXErVtM4WvXKHyQD4Xf/2VonnKPDfEv276zkABteqpLCxRV7OUVUD9xrZ4gc2tWsUEnvL2Kh5KQfwyP/36y3Ry9NN05ae55M22st6lyqnwFStVpXv6PEjePul95ABrNxs3aWZLT07yBoGzZ89SVJTV3CqMZ3asxNqad4vWba1aV4PZRq3a1nsGIerWq6dMeZKTrM8fuLVk8qnFx9eHYP4BLayW3Gzn4iVLUWUeAEPTPPbl/9FPvFYjNDSUSpUpr7MnY/5H+RkBAqqJNQI1b9XWFtbCmuULF87Txg1r6b23J6jf559+pPyNu9rAlEkTa3i2YtxgDgKS6kqOHD6ogjRr3twWtHKVMFUum4PJSfOW6ViX57UKwcEhdMSAdeUqVRWxRvRA9sOsUOTVjGYfRqLdopW1Dx+XRcUmiItzTiGQ/uTPQora3AEmDrAp1tdZSCpHonTp0sVpOljQeJF3TMACx7zYOQQmIe7IqFGjTDXc7sQ3C+PlkUpG7TXMRMw0gNBW96jnSz9viqN2rFV2Jks5zC31fcnPhYZ7bM8QZW9tn1YV1mafCk9/WZ3iXUEg0GrvPGUf2nodVtZKqk9y2Op8DnPhdYeTqA6T69IhHtSnbSDN3RpPc1lDDunZNJ28W1Mw/wtc7MUZVvZhYQoCrbVevIjz6C0bCBrtzEr150ZS+L8r6JhhKto/zWY08fw58uOpT1Q+4ewpCr2xi8vkYTN96Z+/qFI/Jno8lV32ltvUTbB/5LOUeO486bTb/buefJQ2Ly1JvlEur7eaOCTwdKx/pUrKRjtq1zYm+awB82CTEtb6pbAGC6TbEp1ui+yoUMFsvlKiRXOq/uwoR94u3Ry1kX2kPR2tpPrclDcIP6McH27Vfmm3g71u0qe2oyO3PZ2u1TQff3qwLQ5OonhaHb+zkyco9war9mTwxwVsWEFGGjVtRoePHr3GXxxyDwGYRiSn7ffvzTM5RvHxtj7rLJZEm7N3mhscPO3Cw83bK+PzEWGS08wfjO2MsFpSKf0hg49XZUcmvv0+rV61ktat/o/ms2kVfqPZXKwB73Jin39iUhI/81lrYhBdZzjpcoO0luGZFi3NW7Rmc5X0QaqXAROE8fayUoek5HTcWL2vo/P6l3RFSSCbzkBieMbLql7B0oRUSkoyxLXFzHiCmQajeLIpW1JC+loab++M7enF/kaBuY2x/rrcidwXRQSB3EQg452YhZxAqPWuF3mxSC8LRVRRQKxhDpJXxBqZAhuYhjjTXucmZnbPVP5YSvrDzxGO/TsG0YJt8XQ+0jzcucgUWshhEDarcnMDP/qJ7aIXbUigf/cn0uTfo3irPv4wjd32f8b0m/HOI9jSb9TcCGVbPf6Hq9R35mW6Em1RwdrygKA4a7PHLI2im9gGG5ptd8URLo7cjOmVbGnVgMANixZ3PTFIHfUOIVkh1kjLm19ydSa+g1MleCmHNGxEXiGssZn6DkXv203HP5muttUrmaZB802bqr3I9qSwkzaKF0+JH586mQ6/PZEXKh6gKJ4yPbfge5UebK912sfYHjqWbajP8cKmdT06URTnEwJbUM736BS2JWat64lPZ9D2AfdTcuRVCqhUWWVzcvYXFMU2jqe//syY7TXnJTt1prOLFlA424bGHD2i7Lz3jX7+mnBmDq7aA/FAar1Kl6EKI8epc1zXXWYd4FSb8bVyC/v4O5VFrfm/2cI4cis/4mVruHnLbOGqvv+pcqv9w59U/+9tVGfJP9Tgv93Kv+5v68i7fEUqxdpqR7KTtfR40VetVsORt7jlIgJVecYnmO9jyFG+94xa6L28BgGa3aDgYm6XYPeu9NlIkMQD+/ZQWI2aKr59O/tx2pBTJ0+qI/6cPX3adq5PLCnW55i+Njsm8XqGaN7p5sauN9NLvA5i5pffqfL/+fuvKop9/thuDzbfMM3Qsmf3Ln1Kfjwwhv14m3YdlL01bK7xG/zY42xaka4cOnvmVIZFmXvZVA33cxk2rdKDkRMnjtvSPccmU1rCqtdWp0vYzloL9tnG3tmuZK8Ba2xRCJv36jWs6bmKC3/kcerkMVvQ/Wm28WE1pB/aQJGTXEEg2+QapSroBDs/iDVwgTYf2mtoph2RaJBuaP0xOMkNrb+X3QLG5GRz0ozyQmPdLsyHJi62TqHCzV5e//EqdWATD1fabcSzJ/c6rVfuDqHbWEv+zPwIeuCzK1SZbbFnDQnV3g6PZUI4zMMl6TBrru+cHk7fbIijMawZr837Z0NQ1V5N/dV539bWF5q6cOOPI1wcuRmTKs72jsYdQoxkGgRbi9Zq62t3jqHtOlLF+/uroB7kQT7FS1LDaR9RzIGDtLXfvXSWX1I1x0ygYk1bqjChHTpSUIP6tO/5p3m/600ZsvArV57qsb3lpb9+py197qBt9/eiuFMnqfHMrxg0T5V2/akfUiTbV26+5xY6OHqU2kkkpH6j9HwPH6at991Np7/9mmqwHTXMQkryBy5Kdb2JTsyYRtse7ENBbM9sLbDjQU21Rx5XCy+xEHNLr9so8colqvaE1cYzQ4FNLly1h0m0a5x9oflniVi6kBJZ+w9x5KY8+A/MPrDbSPSmNXTmnfEE0xCfMhUo8fwZOnDXjXThi2k80DnLJjr7KYU1+b5hVpL1Nw90sLPE5fALKqldO7ZTnTr1MmjRdB5yzF0EqoZVJ980DSh25Zgy+XXax6R62c8/sj317/wxlW6ZKgAI7IK53yhSjZ1HLrEJV2e2gYbYtzOIPWQO70qCPFdyP1yz+l/lpv9U5v6EWY0Vvy+jSAMJ1v7G4/lzp2j4E4+oXU/wYZzDB/YrDbDOxz7/pmyGBO3vm6+P4YWOW9TOJt98NdOYJHW76Ra10BO7oGA3Duw+8uxTj3F500k4SOrkt8aqxYJ//bGMlixeqOy0oRX2Yu1xaKnSqvybN6yhnWwC9t3XX9jy8A/wVwsh1/IakaeGDqT/8SLpOd/NUuXSgbC7CHYh2bIx42wfwmHBJT4E9NYb4xWh16YdOq6r4+Q3X6PtmzfQJp6Jm8nP5vLlK6hBgat44i8IZAcBKzPJTgppcTU5BFmE6Os073w75Bex1hXGIk698BNkGoRba7Kh1Qb5zi2sfPhLKAmGva4T+dzZVwdBhif2LkY9ebu7Gb/H0PAeGbXT05fH0D+HEum3/+nJPV3LjEcQ3dPvpk8xZvTFlKIHffZYScJHbmDKaNQy39PKn/CDFGOObEynC5uibHmtDF2JSaXi/Dl249gBZiInr1jUwsabGvnZZ+n0GrjYiyusEF4vYDSSaWM6bhFrJridth8wRlPnNV8eR/hpAZlvtXgZ79IRzdpt6zSr9sMXF1vM+YmwpzUWMNpLGX55luneQ22R58ELf3xLl80QpGSrdta02S7ZKzAoQxrp+UaRN/uBkEPwYZsGUz/ixY0x6hx24HUmvKX8fNju0b5OyLfOa29SbR4UpPCuAl5pU8Uqght/HLWRaTQjv8dNDUk7ePMX6ULve4guzf5cEeKqk2aynfS1bojiw7atwe070fFhg3BJgTygqPwq15HT9KscpjTk5z+aQpd4i0FIaO8HqPit96jziIhwpWXTW7DtZaJyNy9yFMl7BLCzhpaGjZqw5vcq76BhnZmA+cPAh4do72uOGNzaiyKj/CXHxYvmK4LY+74HbB9YsW/nEF4Ei1065n3/jcozgD8s06pNO0XCdbqt+cuHPy2aR19+9iHvfNGb7ucdOcwEttP97n+IFi6YowYGCIfFiLfe3ktFsc+/eGhpen7kaPpo+hR6a+JYRU778LqJedipJ61v9Ll/AF25cpnmfve10vRCI92XzciMX2SsxR+egmnIxPGvqHzq86zW0Kf+p87xZ/izIzn9MTxweVO5deXnDQYunml53H53b561CaPNWzbyR7u8qEfP22jMSy/Y4sfycw07jkRERNjccIJdPrC7Ccg9NOzYISWU+6sWR+2juzzCAG/YbU9ie3IIdhR5mRUERlMR5SF/BIEcRsCDp7WcqzMzmaHW0OYWYcxkcWwfjskLG2tnZQMuINX68+eaVNvvf+0sjcz64fPnV2IyTr1hBw1XH+TYxDtzDP78MvVt7k/P326dTn33l6u0aFsCzXoslFq6WMiY2XJmNzy2+av1ilVD+MF9Jah3G/fJNUib2efP3cEKZde21sZ6wGwExFQk+wg4a6Ospp6KUR2/hT0MNptGN+xZHb7oe6o9Zxmlso1nKtuWegZZ+4J9nhaervYMKpYhLYTBHtfQ6l04d5r+9/TjNOHN96gmk5QPpr7LW51ZyZ19WnKd8wiM5UHfMyNeUAsAQ5lsjmCyGc0LHP38AjJoT93JuX/fO+hRXlPR7eaeFHklnPDBF03U7NvZmB62q4NZgzG80R/nCbz9nC/v5KHTs/e3v8bOIUHBxdU9Bj9n+cMf+QfyfYp70pGACiBNZ2WE/bonk2M/f8fPWGuZkEe63g7pfskmZbV45gbmLBB8lXLsK8/TsGeepw6duio33V9wgc+3T+C9uad9+BmFli5H0VcjVLlUQDf/QAP/2y9L6PNv5itsk5MTMmX+42Y2EkwQcIhAeg9w6J15x4JCqnXJ85tU63LkBy6erNr14xZOSF87SHEJKS7Jdaswb5rDX1Yc8X0ELZts3bs0mBcvzhlSkr/OmOO3jIYoy0csrPzl6VJUpZQXlQq+VtPkLGHgYSbuYIW4WoNtlo64Zw8BZ22U1ZQ9DLt46DQcucHPw89P/XQ4+6MXm+04Ek1idmzfrjSG1WvWVsFA7ETyFwHjjiFZLQl27jCKfTsb/bAQzz680R/nZoTVPpy+Bgk2irP8ES7E5D7VaYDUuypjQGCgDu7waF8mBEK6HrwA+lP+mNRSNifx4VmuE8ePKvOMFi3b2dLR/cXmkHYC7Bylax/O2TWwxT8RQSCvECh4TCmval5E8vHz8WJyna69hgVETDybT/g71l5oWBrzJ86XvVCaFqxjcs18tW9bfyblmSOuOq3cPsI8pFkWtOnAwYFFiK247mJliyAnOY6AqzbK8QzTEgxs2pq8eBo6J6R8hQr8gZBhrPGzmtTkRJqSRuYR6Hn7Pbz4L3sECyYZdeqmb9VnLEV+t3N+52/Ewv4c938Lns3bu2c3JfAuIT3vuJvad+hsOnOAPeJhmgLNfFalSdMWvK+1+wtVs5qPxBMEHCGQ42YhjjIRt/xFIDouOYP2GqUJ9PV0an+dvyXO/dyhDY1NNNdaG0tQ1LEyYpGX55lpo7wsV3bzErOQ7CKYufjaLCRzsSS0ICAICAJZR0DIddaxu25iWtj2OsLO9hqFx97WrjTY100lM1FQaEPxlcnMSFHFKjMY5WTYrLRRTuafm2ltXL+W1q5d7TSLGF7cFRkZyfsQJ6lwnjytDs039lT28sIRH0/yVOYmWIDmhWsc2dbVXZtdpwUoRJ7t299Ardu2L0Q1kqoIAoJAQUdAyHVBb6EcKl8Ca2mjHdgX84YiSoPtapFjDhUjX5PBwjhoQ52ZgjgrYFHCyhkOuemX3TbKzbJJ2oKAICAICAKCgDsICLl2B6VCEiaOCXasA4KN6oE4gmB7s121NxsxG7czul6rj31w8PER7JEM0pZVUm1f/8KIlX0d8+o6t9oor8ov+QgCgoAgIAgIAvYICLm2R6SQXzsj2IW86lI9QUAQEAQEAUFAEBAEch0BWb6e6xAXrAwCeCFjsJ80e8FqFSmNICAICAKCgCAgCBQWBERzXVhaMpP1wCLHuATLNbuIZDIZCS4ICAKCgCAgCAgCgoAgYEBAyLUBjKJ4msT2yAlJQrKLYttLnQUBQUAQEAQEAUEg5xEQcp3zmF6XKeJT6UkW/vGqP2i1sdDMklowPxpzXQIshRYEBAFBQBAQBASBIoGAkOsi0cxSSUFAEBAEBAFBQBAQBASBvEBAVrblBcqShyAgCAgCgoAgIAgIAoJAkUBAyHWRaGappCAgCAgCgoAgIAgIAoJAXiAg5DovUJY8BAFBQBAQBAQBQUAQEASKBAJCrotEM0slBQFBQBAQBAQBQUAQEATyAgEh13mBsuQhCAgCgoAgIAgIAoKAIFAkEPA+fvJ4kaioVFIQEAQEAUFAEBAEBAFBQBDIbQRkK77cRljSFwQEAUFAEBAEBAFBQBAoMgiIWUiRaWqpqCAgCAgCgoAgIAgIAoJAbiMg5Dq3EZb0BQFBQBAQBAQBQUAQEASKDAJCrotMU0tFBQFBQBAQBAQBQUAQEARyGwEh17mNsKQvCAgCgoAgIAgIAoKAIFBkEBByXWSaWioqCAgCgoAgIAgIAoKAIJDbCAi5zm2EJX1BQBAQBAQBQUAQEAQEgSKDgJDrItPUUlFBQBAQBAQBQUAQEAQEgdxGwDu3M5D0M4fA2rVr6b///iOLxUKxsbEUHx+vzlNTU1VCHh4etgRxrq8dnTtzM8bz9LSOsXR4s6MtYzkRBASBAolAp06dqH379gWybFIoQUAQEASKCgJCrgtYS4NYv/jiiwWsVFIcQUAQuB4QeOedd4RcXw8NJWUUBASBQo1AgTULOXv2LO3Zs+ca8Hft2kVnzpy5xj0rDtAO//vvv5ScnGyLbpavLYDdSVJSEiUmJtq5yqUgIAgIAoKAICAICAKCQFFEoMCS699//50OHTp0TZv89ddftG/fvmvcs+IAUvz3338r0wsd3yxf7W9/nD17Nn3zzTf2znItCAgCgoAgIAgIAoKAIFAEESiQZiGwLz5+/Dh17do1T5skK/ned9992S4j8o2Li6OIiAi6ePFittOTBAQBQUAQEAQEAUFAEBAE8gcBp+R6586d9Mcff5C3tzdduXKFgoOD6bHHHlPn3377rVpoh8VvrVu3pp49e9KSJUsIZhUgiViI17x5c7rrrrsoJSWF5syZY9NE16lThx544AGKjIykuXPn0rlz58jLy0uR6RtuuIEOHz6srqtWrUognvPnzad9+6/VVm/cuJGgaYZZR4kSJWjgwIH01VdfUffu3alp06YK0Y8++kiVDxf2Yf39/TOgbsz36tWrBK30pUuXVFm6dOlCHTt2VHWMiopSZNjHx4dKlSqlynjnnXcqE5N//vlH1bd06dKqPFgsOG3aNKpYsaIaMISEhFC/fv2oUqVKqp7z58+ne+65R5nArFmzhn7++ecMZZILQUAQEAQEAUFAEBAEBIHrBwGnZiHYrQJEEsRy8ODBisRiN4uSJUvSQw89RGPGjKH+/fvThg0bKCYmRpFlEGtocwcNGkRbt25V7vv376ejR48qNxBgmHscOHCAli9frojo6NGj6eGHH6ZixYop5LZs2UK1atZS57CJ3n9gP/Xt25deeOEFCgwMVO4g1IiPfMaNG0fFixenn376iSpWqEirV69WYU6dOqU0wXXr1nUYVgUy/DHm++effyrSPHz4cOrRowetWLGCYF+NAQFIeI0aNahz584UdTWKQMQTEhKUiQkGGYiD8sHkBAMLxCtXrhw988wzqpyoEwSDFl9fX1q1ahUNGTKEpkyZonAxFElOBQFBQBAQBAQBQUAQEASuIwSckmvUIyAggJo0aULVqlWjhg0bKvIHNxDR999/X2meEQ4EE1KtajWqXr06hYWFEbS2J06cIGiYtRuO0EjDDWT6woUL9MMPPyjS2rhxY5UGyHfzFs3VOYg58m7QoAEFBQWRn5+fct+2bZsiriDYX3zxBYWHhysi3alzJ3XEoAAku0qVKqrMILn2YVVChj/GfGHX3bZtW6WZbtOmDUFLvX37dhW6Tu061K1bN1UnHR0DCZStVatWtjjGBZkwccGgpGbNmkq7j3io14ABA9QCTcwMiAgCgoAgIAgIAoKAICAIXN8IODULsa8aNLAg1gsXLiRohfv06UOVK1emt956yz6ouobJCMw6oMX187WSYnhAYwu3W2+9lcqWLUs7duygBQsWKBIPIgu/2rVrqzSQJ0ipvcDsBOS9C2vVtYDcwtwC5ivQBoOY33///YrAOwqr4+F4+vTpDPmCjKOcWhAfZTETLI5EGC0wc0Ea9mIMAz+UuUyZMgpX2F2LCAKCgCAgCAgCgoAgIAhcvwiks0GTOoDoglTClhraXGiXoWUFKYZpBMw9XEmzZs3o8JHDdPnyZaVhPnbsGLVo0YI2bdpEMNmAyQm04thiDxpgaLZBzCEwp4AZBjTT58+fV2YqcIedN7bSQ5rQhiMctODaD6YqIMew73YWVkXgP/b5QsMM7TrMPQ4ePKiOqIeZtGzZUtlho6yIA82+HiCYxQGh//HHH5W2e+jQocrMBLbZIoKAICAICAKCgCAgCAgC1ycC6apZk/KDWL/55pvKF4v0QIph9wxS+Nprr9lsoBFAE2L7pGBWgsV606dPt6UDMr1g/gL65Zdf1IJBaHmx0A+LIm+66SZbErB3BrmdMWOGctN5QOOLr5H9+uuv6gfPevXqqfK1a9dO2TujrBCzsPXr11f+SHPv3r0Z8oXZB8xN3n77bRUGaUFrr/NXjoY/MFlBPbHQEwIzkt69e5uGRxiY0mBXlFtuuUXlg51CsPjxvffeg7eIICAICAKCgCAgCAgCgsB1hoAHm21Yv6vtoODr168n7H4xYsQIZTKhFxMiKEwYYNcMDba7gvAQ7JihBeYUcIfpBxYLfvDBB4QFjkaTDISFVhphQFqNguJDew1TEJBoZ2IWFpp4s3yxWwjK6yptnS+01qgPBiJZkUmTJskXGrMCnMQRBAQBwhcaR40aJUgIAoKAICAI5CMCLjXXKBt2tMDPKNDi4pcZMZJqHQ/pYjs7CExPsHDRnljDz4zEQ5Os4yOcMzEL6yzfzJJkkHB3ibijskIbjxekiCAgCAgCmUUAzw8RQUAQEAQEgfxFwKnmGtvrQauLRYsigoAgYB0AYncbmPOIFCwEsPtOr169qEKFCraCYeAs7WWDw60TRzgiomDpFnxFOpDZvVOkQZHKF0kEnJJraHphSlFUj/Z3BHCAFGVMitq9YH8PfPjhhwRbfXwgSaRgIYBFyVg7MWzYMFvBpL1sULh94ghHRBYs3YawyAY0u3eKLCBS8SKLgNPdQkAiIUX1aH9XAIeiikVRrbf9PQCNtRBre1QKxjXaxX5GQdor823jCEekIlhmHsuiFsPs3ilqOEh9BQGnNtdaS1nUYDKrt5l7UcOnKNQ3O239755IWn88hk5cjqWEJMNe55j4SOU/qSlUKsSHahQPpMFdy5KPt9MxblGAO9/qKG2Vb9BLxoKAICAIFFoEnJJrra0stLU3qZhZvc3cTZIR5+sYgey09coDV2h0n/r8USE2qwIGhv14rJNBqRQelUTfb46gCYuu0NjevAuOEOx8uVukrXIHdmytit2f8H0CrN3BLkoQLPb29/dX3yUoXry4061Kc6dkkmpeIyC2+nmNuOSXmwi4u67AKbnOjvYuNyuX22mb1dvMPbfLI+nnPQLZaesLUYnk5+1Fuy54kCfs9K3KarJQCm9pmUrxicnUpXYItanjTRssl2j8gis0vq8Q7LxvZd7iU9oqx2HH13PxMS3sDlWlShW1TSq2ccWANSIiQm1VeuLECTpy5Ij6eFh2dlfK8cJLgjmOABYUY53Kgw8+mONpS4KCQF4jgHUFuKeNa3sclcHpfHR2tHeOMrte3MzqbeZ+vdRLyuk+Atlp69jEFEUkfL08yYd7mDeTaz4lL84eXNsTbJuJdvlivnRb6/JUsboffbjshPuFk5A5hkBm2iqg3GJuKx9pKxfoH+Mv8IJU46Na5cuXV+Ta09NTfSwM26aGhYVRhw4dKDQ0VH0gzEVy4n2dIyC2+td5A0rxMyDg7roCp+Qa2ruiKGb1NnMvihgV9jpnp621FQjItJdHKv+YUHNfsv2YaZ8Nj6dqwUnUsJQHDWlXijYejS7skBbI+mWmrWLiT5HF73NpKxctCc01SLUrqVSpkvo4mKtw4i8ICAKCwPWGgFOzkOxo7/IaiAUbiYb+QBSZ7Drn4lzrT3sR9W3tOKxZvc3cHacirnmNQGZs+1zZTWW3rWFb7e3F21jyv1QQaws7sA22Nx9S2L760OUUSryUTCkpCdSphj95ic11Xt8utvwctdWFxAO0+dISOhuzl5KOWMiSYKEqIVUpKTmG/MrN57iNbPHlJCMCsLdG/zl37pyyr4aNNb6sC7fY2Fj1Rd1Tp05RzZo1+f43LPjNmIxcCQKCgCBw3SLglFxDe5ddkpFXyLhLrFEeEHCENyPXZvU2c8+rOko+zhGAHVSLFi1c2kIhlbVr1zq1m8pOW4OsgTJ4swEIb96o1jN6MLHG8sbUFP4LGxE/9rWkMLnw4rB87XHtJNKWk3/SlpMr6cD5DVQttBG1qdaDmlfpxqTdl85fPU6z1o6jYV2mUbBfcefA5LDv7A0TqXpoQ+pY616nKW89tYLWH/uDnuj4ttNw+enpqK3OJRykjRcXUMWAUtS01J1k4d1dLKk8EEq1UHKKhWJjNtCIH4bR1F4fqqIvWbKEFi9enKEasDGuXbs2Pf7444pgZvB0cJGcnEwTJ06kf/75h2666SYaPXq0g1CZd/rzzz/p999/p0mTJmU+chZjaHKNL+3CxhqabLxHUEcsckxMTFQmInBz9H6J27KWEjeup4Sdm8m3TgPya9+J/Ju3JQ9vH1WiK++OpcA7+pJfvcZZLKF70a5++wklHz9qC+zBizG9ylWkgG49yadSNZt7Zk4S9mynqDlfkOXyJSo1ZhJ5l5cPtAG/nOhDmWmHnAqL+3fTpk3UunW6pg5rCYYOHar2hbf/2jK+SF2xYkV69NFHCTM3RUFWrFhBK1euVO9cmIrdcsst1LVr12u++p1XWGC9x/jx4+n9998nLKrOLbn2jW7IydGDz+BdoE7d0ViveZLo/R7WYjsLb1ZvM/cCBUQRLgxs+9q3b+8WAgiH8GaSnbZmbq3INayqlCkI02ocPXgbPl+2FfHhcx/YY/OiR18fkGvsJZ+xJD/t+Jg++ucpOhdxlDrUvJuSLYk0c9UzNHvjGyrg1YQrdPDiGuWeMWbuX+09u5ZORhx0mdHpK0do9+mVLsPlZwBHbXUoYh2V9gmhsoHlaMvpTbRwyxyat34OrTu4njbsW097DiXYiDXKvn//fgKJbdy4sfo1bNhQkcrXXnuN7r//freq99dff9EHH3xAd911F/XokfaQcium80B4kaBseSnoO/h5eXmp3UGCgoKoRIkS6kWGQQe02LDBBgm3WCwZiha9eA6Fv/AYJZ85RgHde1JqcgKFv/g4Rc3+xBYu5tdFTE4v2q5z6yR+wxpKOnqIvMqWVz8P3wCK+fVHuvBEP0o+ezpL2UZ8+A6l8FePg+7qR14lS2cpjcIYKSf6UH7gMmvWLHruuecyZI0BctWqVenSpUtq0I0vXOtnA8j1559/Tt26dVP+GSIWwouPP/6Y+vbtqxY44+u5GFg/8MAD9Pbb+adwwVfHoQxBWXJTCo3m2hVIINXtalh///vdeWgzraWZu/PUxPd6RCA7bc1KTkWWWUnNhBrnVubMfIJZN4g102nsd80CwxHMjCeDYacJNL5Ld7xPvZq9TLc1elg707Lds2jR1jepffW7eYHkteNiEPCzV49SMf8yVDwg1BZPn1yJOU+X4y5QmeAqHKaEckYcC2tkLSnJFJMQSWVCHGvSkjjc+ajjVLE4dyIHEhF7kaITI6hCsepctoyPFWh8z0QephIB5TJo2WMSoyjAJ5AHHrBOJ0pMjmftcAr5s5uWmISrdDX+EpUvXp3iEqPJ19ufvD2tGkwdJjtHR211OHIbXY65wHuVr6OyAbVoRMeFlMRmPZ+uHErBXgFE8Y9yWRO5LL62rIsVK0b/+9//bNc4+eKLL2jkyJEEEwi8YCF4oGPBX+nSpdWCPu0GEhwcHKw0WiCgUVGMTUAAwR0aLr2jRnR0tEoPZk3w14J7DPlASww/vMSNAiKLfFFO5J2bojXX0FQnJSUpAo3+BHe44QdyjTLDTUv81vUU8cFEKvH8BAq+vbd2Jp/6TSli8qvk16Er+dV1YI7D90zy+XM8kvUi7zJlrauGbbGJLBHhTMbD2a88eYYUs/pwvinxseTpF8Bxz5J3BdYiYjRsJ37N2lDxIentWmzwU3Tmng4U++9yKtZ3sGkalsgrlBJ9lXygmeZBBiQlNoaSTxxR6QV1uYU8/PyVu6OweCiYlc9p+MBgskRGUCrn5V2uAmOS8TlhCb/A+QaQZ3CIylv/SU1O4gHDKfIqHkqexTJq85BeSsQlTq8Sefin33M6bk4ds9OHjGU4c+aM6i8Y0GEbSKSLQRxMkrCDjRZc6wEg3HAvor9hxgV9DvesFtzH6D/oc9A84/7FfQyihm0m0S/RfyF//PEH3XnnnTqq0mLr/g9HzGZ16tRJaXP79OljC3fx4kU1KK9evboqg/Yw69txcXEqHOp28uRJqlGjhqqPjqePR48eVQNbLCDWgucLBr14XiBuWFiY7RmDMI7qq+PiaFZWYxgoDDAD995779HDD6e/x1q1aqUGJLfffju1bNnSFgVp4vkIfDX2uo64xoxAuXLlMmibzbDRiQIbxAP+xuel9tdHR89l7ZfVY8a3oF0qKHh2BYVetGiRGr3gps0PAbF+9mZrzvfNdF0Cs3qbuTtLER0YLzqzuqODAiO8UN0RdGSUA3aMhUEKan2y0ta6PVJT0qa7DcRa+aV1JxiIWP6aSYl/fsQvtIO0u0wFahV4OweZqILBFKREQCXq2WiwutZ/bm0wkCqWqE5VStSiM1ePaGd1XHVoMX2zfjST0yR1Xb98Nxre5X22PgmgY5f30NQVQyg6IV3b17PRMOrd7Fn6dc8s+mvf1xSfHM1a8Dh6otN0alXtlgxpa1IPR2+QS4NcjY+gD/56kvPYrFw9PXxoeNePqUnFzuo6ITmKnlvY2Zb3jXUeogFtxiq/Z+e3pEc7vEfta1hfRAu3TqU9Z1fTxLuW8j2eQtNXPkM7TltHwiUDq9KV2BMZwhuKkeVTR231SL0pypSHm5EHHRb6fuNE6tPyVSruU4Feu3cc9XlnUwZibZa57tO6r/7000/09NNPqxcx4kCjM23aNJozZw6NGjVKJYOXHF7ON998s5qFgflS06ZNCS+q119/naZOnWrLDmYkTz31lCLivXv3VtPT2vP777+nW2+9VV1Cg9a9e3favn27uobmCFpyEIvcEPQd/PBiw0+TaZzjpe25eQnRtqV08MIpKhVUks4nnaRydz9OCZvWkE+dhhR8W68MxQq+9W5Ffn2qhGVwx0Xi0YN0+bWRTFqtMykg4qXGTSFv1jYnHT9E4eNesPkhfPGnXqKQPgM43gG6MKQ3+bXuRAkb/6NiA56gYg8/jSBOxYOfux5BIczELA7TCO4ziC5PepXiV69Q6SBsqYkzyL9pKzrbrzulxkRRxNQJFL/+Pwp96U3TsI7K5yztpJNH6PzDd1PQbb1Zu75I5e1Tox6Vfu9zJswlKfncKbr00nAbFv43dGezlMnk4etHsav+pCvvvKrKhohBPXtRiWdfVX4RH06i6EVfq/Twp9gjT1Oxh56wXef2ibt9CH0MJkfoB1u2bFHFwgwQTKKwFmffvn3KFOHAgQO2wSXCQoOMAfDu3bsVATx06JCKiz73zTffqF1v9u7dS/fcc48ilPBEH503b54ibeiDEGiqQQ5xr//22280efJkRcaVp90fTfI0GYfp1BNPPKHKiqBw/+677xQBBwk269vYCg4Dapil6HjQpKNOkAULFqh+jrpBUIfp06crUo3ZNZifaXM25AmeBvMWs/rCzM1ZWVUmhj8rV65UW20OHjzY4Eo0cOBAhSHSg2zevJlgPqNn2FC2r7/+Wg0WUEdgsH79ettzEyZujz32mNPnHtoB4ZAO2gUyduxYGjFihDo3/jF7LuvntjFsZs4zDmvtYurRg3ZevXq1GlHAHb+OHTvSL7/8or0dHgEM9rfUHxFwGCgXHY3EetofRAutfcdpjvb11oHt3TUeaDQtGDUjHKZ3IZgOwsvTTNAB6tata+Z9jTtuDlf7K14Tyc5hypQptnbESzg/xVV98EIGlvgYRV6KfVtnJm9ooVNYM80KW9YK6x9r6Zhw4Be3YiYF7J5HbR94hLpPX0Jt7upNd/qvpku/fauyOXh+E1Vlm2aQcKN4sF1200o3UpBfmvYtzfNs5FGatW4U3VDrfvrgvs30dNfPaP/5/2jJzo9ViO/Wv8FkMIim9t1I0/ttpRbV7qRluz5UBBYBQLq71xtEz3T7ghpXspLitKTpSPgupS3v2fApmtZ3E91Ub7Ai4dp/9voJdCpyD7106wJ6r/c6alr5Fprx95OcZqQKArLftMpNKu9ezV+mfw58SzvO/Kujmx5/2f2lItbDunys0q1cop5p2Ox4mLVVoiWBiXUKffbfKDbNOc7tRnR/xwk0cvaTdCXmSeryWkfq8+69tqyvXr1KM2bMUD8QZmix0U/vu+8+9TKH9gjaG7wUoB3DS23ZsmU0c+ZM5Y6XXpkyZdRiP63NwUth+fLlilAjPIg1XhanT58m9OFXX32VNm7cqNLBCxZT6yASAwYMoHfffddWNmjV7r33XhUP7ngeaRJhC5SDJ1pzDSKNH150mminblpMJS5uonYPDVP3fuf7+1P0lnnq3k/YuZVtrBteq0Hm+96fNcierJU1SqolWRFr7ypVqcKClVTum5/JkxUZEe9PUMGufvWh0tBWXLKOKv26iYLvHUCRH73N00XcQdPEi7W0ZWZ8T4G399VOGY4psVHKBARmILAFj5jxliKhgV1us4UzpoE8E/fupLKfLaKKi9dQ0M13U/irwymFSXWlpevIM7QslRw9mUq/MYOchdWJu5u2Dp+amEQVFv5D5WYt4YW4+yju798wdaaItXelylR+7gqFFcoYvWS+It2Xxz5LIb0fooq/bKTSU2axVv4PgnlO8rkziliXfu9LqrxiJ5V48U26+uV0pRnX+eXkMTt9COVAn4OmGmQNZMyR2Z8jpQnuUfTNMCbNIKKIC2KliRhMG7BPN97t6MeYRUIfgu0wBrwgg5cvX1aDVfTHWrVqZbCn/uqrr9RzAX0cfbZnz55KO4sBL2TChAmEvZNBRtEvoc3u37+/GizgGeGsb8Nv9uzZimTDBA1EFgQYA2loyDHAQJnBM0BeoUXWsmvXLvr333+VPxYXwwYZYlZf+DkrK/yNsm7dOsK2dfbvUmj9u3TpomYUoJkGP4TyEWVetWqVOofNum4r2GzDlAbPPTw/oYjA88QZNsAczzoQbDxv33zzTVV2TeB1OZ09l3WYrB6dkmtdOWPimGLBDYwpEtxcd9xxB4Fk5oY4yt9VPiDTKZOJ+tSyhtQaaxBrV+YgOm2zfM3c8TIFJhBMBRsFNwtGnmZy991304YNG8y8r3F/44031Kj4Go9MOMBGDHVp165dhmnZTCSRY0Fd1QflXLp0qZq+yrFM3UjIrK3diMpKLSuJHr8tiV7fmkSv8XH8VguN32yh17Ym08mfplLtLneT/6G/iGY9SIFHfqQaVUvSmV8+Vckn8o4UXp6+7mSlwmw+adWSNSjfhg6H7+ApS57WLN6ANh7jFyvLsBvfp9G3zOFPscfSvvPr+MGUrNxBILX0bjaCtc2dlKZbu+G4+8xadXln4ycUqb+nyTCjN20/tZxqlGpNcUnRdCJiL5P/TkxEk+jAhY22cH2bP6fMQXo2GMQmID60+YS1vLYADk62cZiw0NbUvHJ3ZeLSq/nTDkJl38msrSZu9aIxv79IqZ6RbBefTM/P6kDPzmxD0SlX6EF++bVu3oJa1mhtKwAILB7cUDbA1hok+MMPP6SPPvpIhYHmGYI+t2PHDvUCadu2rbq3lYeDPyDJ0CRBi4Y+gJc/9onGi7hOnTpKw4UXjDbzQL54QUObZv8SAdGHxkzbgGMqOLcE5Bo/vAA1sUZ/glv86nlUt2uvDPd+tcol1L0PUwYPg6mNq/IlnTiqNLF+jVpQ0pmTZOEpej/WEMev/4dS4mKpxIgxVOqNIhMrIAAAGLpJREFU6ZSamEAJe3fwKNd636fyTKGWINZi+zVoqjTd2s14jP3tRzrXv4f6wRY8lslqiWdetZqRpAU0phHzx0/k34KfqzxjmXj8MPm2aK3IeML+XcZk1bk7YTObdnC/QeQVWpp8qtZkLFqzOUc4JbMpCDT7QXf2U/X0KlWGykybRQFdelD8Jmv/9mnUnBIP7VMmLH5NWlHcvyvYhCZElTPq+y8o5q/fKKBtRybZu1gTbjUpu6ZC2XTITh/C/YV7HrNBMKuAVhQE1R2BNhukFnuvg2xhUIs1OX///bfSlsIUASQUxBRhcW5UqBnzQD+HuYNR1qxZo7TS0GbjeYAy4p2PtQeQhQsX0g033KDygob9xhtvVOcgzq76Np4NyA8afpBpYLht2zZb/3/++eeVGQWI/G233WbTVCNfENVGjRopf5DwCxcuwFmZXpjV11lZVWTDHyhWzWbsdTCUFXjj+YS98Rs0aEBDhgxRsw/nz59XwVBulA/PL5xDYBHgDBs8L9GG4FfQygMbKC/wvDRKVp7LxvjOzr2deWLE4YhkoCFh1zdmzBj18HzmmWfUaBGaE0xvYFoGNi4gmlr1j+lQTDtg/1NoS2HTBHKOFwVGMtjp4b///lOjJ4xgADBGgXi5wE4Koxd3pG1Na6j5jxOtO2I9x9FdYo0YZvV25A47J+xQ8e2336pRI7RXIK8HD1qnKV944QVlcwUcYcSPGwRaKIwwMUIEVpiinT9/vup0uBGABXBCZ0YcDF7wwoT9EkapeGHhRYtRJATXZcuWVQ8DvNyRP7bBQof98ssvXe45u3PnTjVlBNskpIMHB2zG8MPNhxc6bMsw2sToFm1jDIuOgYfF+PHjVVkxcgceqANGmVgJDtMYnGMGA50JU9UYqKEeKD86Oh5uKDOm3NBxcMT0GARTXcAGWom8EEdt7W6+FlaH4j1ePsSbWpTjhVus9cTPwkNZHEvyTh/+ZasT9fzZlqT3uIps+xmursNKNaHTEfttfsaTvw/Mp1plmhqd6FL0KXU9J22xo/YM9LXaTh4O305frX6FTT8i2cY5lE1Oyqsgum/DzdPBbiUIBDtrmKjA1hmCnUrKhlin82AzDSJ9JHwjp39A+eNPMf/y/BXKWHUd7FfGZmcNzTtIfwTbMzsS7Mih5XLsaWpcuau+pEpsCpMbYtZWy/7txfblxalxrSY8+5BEjevUp2SeioD9+AHuJxeOXqH7bx9oKxLsBPUUK/o+XmY//vij6tN4vkHrAhk3bpwtDk6MdpAZPPjCaKcJ7Qv6DF6WWvRuA+gbeIZAC65nol566aUMpibaBERPs0Nbl1uC/gxNHl5meA5BO6XF88oF03vft113XkDo+L6P+WsZ+dauRz5VuN+kiV7UGLNsMXn8sVQ7E8whUq5GUtKpoxTx7mtkOX+KvCuyPWqFCtYw/CzW4l26nD51eAy89V6bzTV2C7HXniOSTgM21TD7iN+yjrXG6f0B5Uk1YIA4LsOyKQcks2l7lUi3q/WApp/rmnzGeu/51LD2W6SrdztJuWQlMFc/mQJnm8Du2pNNWspM/46ivv2UrrwxUvkFdO1JoSNfzxXb6+z0IWi9QSwx6NQC215ngsEfBLM9EPQdvHO0YEYZ9zHe4QgLMxG8k/Ee+uyzzxR/0WH1EeTtrbfe0pfqiLDoyygfiDW0yM8++6wixCCgcMc7HuYYWpA3FHaYtXXWt427lOBdCsGzBsQUGnXd3+GOGTHwDC3on1oQTuNhVl+8n52VVaelj9rERF8bjyDp2DlEE3rM8GsB4YfgeQcBJ9ECO3EIBurOnnt47hgHOXifQ5kB7mGUrDyXjfGdnTsl1/rl6ywBTHuC5OHmfvHFF5UNIG4gNOKgQYMIozYIRhF4sYAkwr4GNyk0OFowlYFRIx7MWFWKqRFMiYLcwa7QXenwMRF2BdGLFxEPbpkRs3qbuWP6CHZEuEHRoBg5a3KNI25I3Aywn0TnxegV9k4YHcIdnwqGYFSMG3jPnj1q4PLkk0+qAQlGadi6Bi9WdBpghAEN0gBZhR9uNNhuw/3XX39VDxmcQzOM6ShngpE5iAGmvtAm6ISYqkF90Akw6gNRwLY1uPEdhQWhhy0niDSmgzAqx/2AARe095hmQ/0x5QbijXsAg5K5c+eq+qBOqDem9jCIwD2FMJgOwnQ48tdkwlldcsrPrK3dST8lkV9o3K7MsWn9aSbaHrzvb5qJh4XNRSqEVKDY7b9Q0JLh3H5nKIbdoq7yF+xKW0eGdcu1VSYRBy5sozplm9my3H76H/puw6v0cPvJVLZYNZt76aBK6nzc7YttCxkPXdrOi/CwQNBCM/8dQY0qduN4r1MIL2T8a/88tiMeo/wQ0YsXgplJlRJ1eZA6n0Ckg3xDuE5JTOaPcXA2T+FraKLbVr+HHm73mkoCixK3nfqb6pZtQ/8d/kGZnGCxJBY54niaTUhqlRtgyy4uOc52finKSgLg0JDNX/af22DzO3jRai9sc8ihE7O2Cq2zgE7seZ7iYtfz3taJtGffAUrmz9bj55FSi6Y//jy1rOX45Q2FAl6o6A8YjMKmE8QBgsGvJtToa87M5UDKteDljJcftGlaoKVGn8AzBs8cKCcwdQ2NOQbl7mrudHo5dcQzAv0cRAdKmApMavVg9TwvKjS7930aNKGYn+dT4sE9TKQb2IoTv20jXZn4AoVO+CADufYKtZKD4sNHUkCrG1R4SzgvimJba2hXzz/2HAV2u02RYyzgi/nrV0rYvDqjwsiAsS1Dw4lnYAjv6lHK4OLgNC0Nz8AgZY8d3PNeKvboMyogtORYqOlbL508wMNVWMulc9aM3EwbCw6t4pF2TD94hVqJeuLh/TYNPbBI4YWKHqXKqYBlpnxpW8iYeHgfpfJ7BQsZLTxIKf3mDDUTELvqb4p4+yWK7XwzBd14S3oGuXCW2T4ERQ0EyirMpkOgNNKC+w+CBXxatNkI7k8IuAk0pBAQbryP8G6Esg+cBspEpAnlE97FUA4aBXHwvgOJcyQg5VA4YvYKW/HhPQrFIdzxvtUDbzwT0M8xOHDVt7V9OfLTttXodzCjxDXIu17EifevWdmM5TWrL8xInJXVmAbOQa7xrod2ulmz9PcYeA/MPmC6oRUIqEcXVt5BtAINiktn4gwbPHeMFhV4duJ5CU5llKw8l43xnZ2nP70dhNI3pAMvm5MeGYH0wTAcCwig2cQ5yKK+mXHzoMLQbIM061GSLaG0ExBNaEWh5SxZsqSKYx/G1TXItNZau7OA0T49s3qbuUPbitEVCLa207JPE9eY8sAiI3RmdDB9ExnDwjYSL0x0AnSuNm3aqIEJwhjtjkFeQXYx1YTwr7zyitLug8jD1gg3Lx4OmBlwJXgw/fzzz+phAUIAgaYapFqbuUADjhvTLCzq9Omnn6oXOzTW0F7jHhg+fLiavcCUDwZiEJQNmnuMXO0F+eM+wYAKxF7vkoC65uaelPblMGtr+3COroN9PCjQz4NGNUqiFxsn0isNk+jlhonq906bFKrf+ynavX4NnUnwo0gmnRGXU+ngKS8q12OQSu6meg9Q5RJNaMqKQbTy4CI6xdveLd87mz5f9aJyv4G35jNKq6o3qcuv142ji1GneIu+bTRp+YO0/SQGb1btTIBvMbUzB9JasuMDFT7J4lp72aSSlbTM2fQOhUefpR+2faC01Tp/2FivPbyQNh5fzrt6RNBX68bT56tf4OmfdO3gTzs/Un7ztryn4rarbp02hYb7vwMLeGeOc7yf95+0++wKnSy1DevJJP4wzec4206tpNlct9wQZ2319aB3yTPOn2L5Yz+r3txO69/bTbs/OUC1Sr1sSqx1GfHixb0MLRamejEQhsB0AwQYLzCQAGzb5Y5gehNxQNqhiID2C0oIaH7QzzHLhJcn+qfW9OBFmB+CWSfshgCFCzR56McYVGDgHV61A+1ctzrDvX/kjJ+694Nvvov8295Il14eRjH/LKek08cpevli1j5PUO6BHbtnqI5PVd5VoWptivqGFwezSQN2wrg8cSRFz/nKtkMHNM1YhIi0or751Bo/F7X2sLGOWvw9xW1aTSlRvNPNFx+oMmUoeNpFZsIiSmbD6zx9KlRV2vyYH76jpJNHKZG16rBL9+T7I6C1tX9HfjFN4Zd4cC9dHDGYErZvoNSkBLo8+imKXrqA+7OnjZjb7zSi88npY2b6EJ7X4B2Y6cQgEwNXvLO0aAKNmV9oL6Fw0lpMkFG8r/DeRB9D/3zkkUfUYmPMuOL+xTV4Cd612IUE7zgIiCtIOvog+rI2X9D52h9B5qA0gsJJzzJBkYj3LLgT+jZINt6RqJOrvg1SivJhZgtKKKSPwa1ezIwBA0g/3sUg8/o5ZF8u47Wz+jorqzENnOP5B8Vfv3791Gw8yDDINjgS3PFMQ1nDwsJU2VFXWCuAR2A9n+aW9unqa2fYgEfBrAb54RmJNSrgRp07d9bR1VHjkdXncobE7C6yrbnGDYWbUwMBEq1JEEZ32q5I54vpSGgxNXmB5taoodEvBPt4Or67RxBs2F27s4DRPk0zraWZO+KD3EJbD8KIkZkrQad1lp6exkU6xnNjurArwlQVHggIg1Eq8DOOzvQ0ijGePtcDHG2r+cknn2RoS9iKY6EHOhtG7OgMZmHxUMMiDzwg0HnwgMPAyln+uhyOjtDCgySY1d1RnJx0c9Y2rvK5r3N5euXj7XT4XBzFJlrJrYqTxjdTqQV1TzxLzXYuoFIJvKCQzS5SWvWjlvdYR9XQ8j530+f8kZgxtHDz28qcA/GrlWxBT3R+95rssU3d0I7T6Mu1L9HLPy1X2uSGFbpS7+bPKjOOfq3G0IItb9H6owuU3831H6Xlez7hHT7SNTvXJJrmUIG33nu84wf09boxSoMNExKQYm1GMqjdONaMR9HM/55WMbCrx+Odp7IGvbS6Rvg1h36kX3fOUNf9Wo2nmqWtWrz+bccorfqoHzurXUgaV+xBF6OPq3CNKnSgu5o8T3/s/Yr+3PslL8K8g85d3c/bGPoq/5z647qtHqB4j1nUbcTf5OfrQbUrBNID3a1aaFdlwGIn9FHMIKFf4GWK6WC84NFPMeULczkInoH2zzz9jIQ/Vvrj5Y7ZIPzwEkVfxMAe9ypmCfU0KNJGX8Zz2JgG0tFifOZqt5w84n0Ae1D8MCuFFxskhHdBiVzxPR1c+imbQTFhK12Xyt8zkH/Wez/0lbcp8vOpBDMFmHNAsLNFiadHq3PjHw8vbyr1+vt0+e3RdGFob+Wlwg4bRR4+vrzjxRiK/ORdipr3hdIoY5eLyJmTFbn01HbDTGCcijN/PeNjCFPsUevixfBRQ1Wy2L0kdPyUjHbKaVk6C6tNXrgBbcVzFt6muTaEt0Xkd0PouMl0+Y2X6PygOxQWQbf2oqBuPMhlv1JvfUJXJo+lmKXzlF9g11t5R5VBVgyff00tvMQOJ5CQfo9SQDPHmllbfjl4kpk+hMWCIMx4T0GMZiEwgcCMKGZyQaLhBwIHQb8DCYMyCaQPAtIFEoz+g5knKP20CQaIOAa5EO2GtGAPrMma8jT5g3UPmMEGZwAJBpnGTid6PQT6DAYGMMfEM8KsbyN5lAWzxuhfMCXBuxqmp+Bk0Azj+YKy4pkAhZX9dqGOiuisvs7Kap8W7K0xaEAcaPsxaIEAI5BdCJRneB7CLFS3B/w1vghj9gxzhg0IPdoMz14I2h/PRDwvwZe0hIWFOX0u63BZOXrwgzldxWSXAipl9IaaHTcQRkLQbGLLKJAvaCSgOcGoDYVH4wBYuONmhSYDwGLEB3seECZMW4J4YcoAU5rQcELTgdEVzBIwwsDNhpsepFUbt9sV0XZZ8mX3Pn2uI+AT6FcymkZpL9WYxnprD0d4QFutzTp0ONhd42WK+kPzjJsLgwisWIV2CQICDG0uTCPQ6aHFRqeCJho4whwC2h6YQ+DlhAcAtt3BlC+u0VEQHiNSPZ0C8xFgCi00Oi06LEZveqoL+aLd8NLFQwgdEItAsKIWI3sszIRJB0xTUCdMy6CcuClBmDHFjekxR2GRDzRpaHfYm+IcJj0g8OhgGFCBcOOewYsXD00IHjCoDwgD7hMstEId8MDA/YJOCC0B6oSpJXsCohJJ+wNsgCdMkFwJ2gGjftiLOxL7ttZhMKPy8st8s+WhYA/pAN/gaxYbOioC9rIuxl8WtN9rOjU1hbeyu0AlA8vy/e10wspRsmzWkqpspUsEcfw0ExdjwAQ274hPirOZpRj9cG5WLuxrHYFyBZXLkO7mk3/wvZNMbViDDTkVcYDG/3wHjezBC+LKNldujv5AU4z7WUt+tJfO2+wITQpMQ1wt9nEUH30FM1iYrrYXDGah+YKf2QvJPo7ZtT2OCJfXWGI/Z0/eV1nvB21WVrinREfxYkjva22B+f6yRFwhrxJsGpGF+95Zns78sIgyldvDfs9oR3EyExbxMxvemCds0T2YfGHwYS/YD9wrhBcr8vs5gzCGyfy+8GKyhwGNK7G/d3LjvnHWh/DeA8fA8x2DUvAVPQOKPgJbZhBXR4K46JeOlELww/tMm3Xp+FAYwpQD/AWz7SC3WRGUDe9w+/SRlqO+DW063pF43qHf4/1pL+AxwAr1zezzxqy+ujxmZbUvg74G5wDJN8MH9u3wM/PX6dgfHWGjw6BtkK6j56UOo4/O7ikdRh/t73Htbjw67SmOCCZuINx4mH4EuYN9L7aWgYAwQXM9fvx4dQ3SB1tgCIgRCg8bG5AuECwQNm2LA1Kubw6MZEC+QSBh6A4tryv5tJf1k+bOvryo0wCxRngzcVRvhHXk7uiGdfRic+Rmlr+Zu04DR4xK0RZ6pK3LB3e0AQT+IPZGco1FlCDzaD+Y6GDkDZzRTpgqQzsYBYMnkGt0ZIhZWCy6wLQcSDTMOjByhCZNb0WGuHjIOtKY6XohDBZhoNwwocHgAn4YrGmNADq8mYDQYzEoBiSuBGVEeDNx1NZmYXPbvURg+sITV3mBpDoSEOrQIOtUpiN/V24g1GZpIy7208bPTMziQgPuqFyBbMby3h8D1B7dwX6hvBf3NxwujLXejcyyuG7ctdlGVgqM543ZiwJ9T09XZyXtghYH+zO7K6amCnx/ubSZdjeTTITD/tH4uSOZCYv0MhveWAZnZN+rhGPCaTUJcfxcMaadl+fO+pCeOXdUHvQR/MzEWVwzPyh88ANxzI44K5uzvo1nguZO9vnj/Wn2vLAPa39tVl+Ec1ZW+3T0tXEBpXYzHh0NKoz+ZufOsEG7uFt/Z/eUWd7O3DOluXaWkNEPqzxBooxgYWSHESQ2WzcSLKzWxGhPm5UgHZArkD8IiB20lvjlleCGdESuzNzzqlzu5gMtOVbLYlRrxBXxUS+M5NBxjAMDTCvBHe3jSszCgvjCnMO+EyFdaBKcdVZo4/CAwAgc2jl7zQJGyRD7+rgqa1b9zdo6N7QwWS1jYY+3+vBPvG3fn3Q17hLVLteSbm80xLbziFnd7TUK0l5mSDl3t8cRoQVL55iJrxUB+3snv+4bLC7E5gHYPMH4riss7QTTERB6vZapsNTreqiH/T3uqMyZ1lw7SsTezdEoCtMyYWzfYi9YIGAvmKrHLiMghyBlMLPIS3FErJG/mXtels2dvDB40atg7cODNNoTV4RBJ3V35G0W1ow8GwdZ9uWxv8ZD0FE6eUWqdXmul7bW5S2MRyzctF+8WRjrKXUSBASBnEcANsgwdSysomeTC2v9rvd6OTW+BBHLD8FoEwb/+GH/ZNgt56WY1dvMPS/LVljzAqGG3Xlm7a1yCw+ztoY5iTs7sORWuSRdcwTQLmgfo0h7GdFw79wRjogpWLqHX1EO5ejekfumKN8Rha/uju5xR7V0ahbiKIK4CQJFGQGYNsGuW++RWpSxKGh1x0scdvR62y2UT9or863kCEfBMvM4FsUYju4d6YNF8U4ovHV2dI87qq1Tcg3tXVGcHjert5m7I2DF7fpGQNr6+m4/Kb0gIAgIAoKAIJBfCDgl1/lVKMlXEBAEBAFBQBAQBAQBQUAQuB4RcMvmGlo8SFE72jco6l/UMCjq9bW/B+RaEBAEBAFBQBAQBAQBZwiI5toZOuInCAgCgoAgIAgIAoKAICAIZAIBp5rrTKQjQQUBQUAQEAQEAUFAEBAEBIEij4CQ6yJ/CwgAgoAgIAgIAoKAICAICAI5hYCQ65xCUtIRBAQBQUAQEAQEAUFAECjyCAi5LvK3gAAgCAgCgoAgIAgIAoKAIJBTCAi5zikkJR1BQBAQBAQBQUAQEAQEgSKPgJDrIn8LCACCgCAgCAgCgoAgIAgIAjmFgJDrnEJS0hEEBAFBQBAQBAQBQUAQKPIICLku8reAACAICAKCgCAgCAgCgoAgkFMICLnOKSQlHUFAEBAEBAFBQBAQBASBIo+AkOsifwsIAIKAICAICAKCgCAgCAgCOYXA/wHA31jlP2vGjQAAAABJRU5ErkJggg==\"><br></b>"}]}],"workarounds":[{"lang":"en","value":"There are no known workarounds for this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"There are no known workarounds for this issue."}]}],"solutions":[{"lang":"eng","value":"VERSION             MINOR VERSION            SUGGESTED SOLUTION\nCloud NGFW All                               No action needed.\nPAN-OS 12.1                                  No action needed.\nPAN-OS 11.2         11.2.0 through 11.2.7    Upgrade to 11.2.8 or later.\nPAN-OS 11.1         11.1.0 through 11.1.6    Upgrade to 11.1.6-h21 or later.\nPAN-OS 10.2         10.2.0 through 10.2.16   Upgrade to 10.2.17 or later.\nAll older                                    Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\nPrisma Access All                            No action needed.","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>Cloud NGFW All<br></td><td></td><td>No action needed.</td></tr><tr><td>PAN-OS 12.1<br></td><td></td><td>No action needed.</td></tr><tr>\n                                <td>PAN-OS 11.2<br></td>\n                                <td>11.2.0 through 11.2.7</td>\n                                <td>Upgrade to 11.2.8 or later.</td>\n                            </tr><tr>\n                                <td>PAN-OS 11.1<br></td>\n                                <td>11.1.0 through 11.1.6</td>\n                                <td>Upgrade to 11.1.6-h21 or later.</td>\n                            </tr><tr>\n                                <td>PAN-OS 10.2<br></td>\n                                <td>10.2.0 through 10.2.16</td>\n                                <td>Upgrade to 10.2.17 or later.</td>\n                            </tr><tr><td>All older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr><tr><td>Prisma Access All<br></td><td></td><td>No action needed.</td></tr></tbody></table>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-10-08T16:00:00.000Z","lang":"en","value":"Initial Publication"}],"credits":[{"lang":"en","value":"Visa Inc.","type":"finder"}],"source":{"defect":["PAN-271216","PAN-286164"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.7-h3","PAN-OS 11.2.7-h2","PAN-OS 11.2.7-h1","PAN-OS 11.2.7","PAN-OS 11.2.6","PAN-OS 11.2.5","PAN-OS 11.2.4-h12","PAN-OS 11.2.4-h11","PAN-OS 11.2.4-h10","PAN-OS 11.2.4-h9","PAN-OS 11.2.4-h8","PAN-OS 11.2.4-h7","PAN-OS 11.2.4-h6","PAN-OS 11.2.4-h5","PAN-OS 11.2.4-h4","PAN-OS 11.2.4-h3","PAN-OS 11.2.4-h2","PAN-OS 11.2.4-h1","PAN-OS 11.2.4","PAN-OS 11.2.3-h5","PAN-OS 11.2.3-h4","PAN-OS 11.2.3-h3","PAN-OS 11.2.3-h2","PAN-OS 11.2.3-h1","PAN-OS 11.2.3","PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.11","PAN-OS 11.1.10-h5","PAN-OS 11.1.10-h4","PAN-OS 11.1.10-h1","PAN-OS 11.1.10","PAN-OS 11.1.9","PAN-OS 11.1.8","PAN-OS 11.1.6-h20","PAN-OS 11.1.6-h19","PAN-OS 11.1.6-h18","PAN-OS 11.1.6-h17","PAN-OS 11.1.6-h14","PAN-OS 11.1.6-h10","PAN-OS 11.1.6-h7","PAN-OS 11.1.6-h6","PAN-OS 11.1.6-h4","PAN-OS 11.1.6-h3","PAN-OS 11.1.6-h2","PAN-OS 11.1.6-h1","PAN-OS 11.1.6","PAN-OS 11.1.5-h1","PAN-OS 11.1.5","PAN-OS 11.1.4-h18","PAN-OS 11.1.4-h17","PAN-OS 11.1.4-h15","PAN-OS 11.1.4-h13","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 10.2.16-h4","PAN-OS 10.2.16-h1","PAN-OS 10.2.16","PAN-OS 10.2.15","PAN-OS 10.2.14-h1","PAN-OS 10.2.14","PAN-OS 10.2.13-h16","PAN-OS 10.2.13-h15","PAN-OS 10.2.13-h10","PAN-OS 10.2.13-h7","PAN-OS 10.2.13-h5","PAN-OS 10.2.13-h4","PAN-OS 10.2.13-h3","PAN-OS 10.2.13-h2","PAN-OS 10.2.13-h1","PAN-OS 10.2.13","PAN-OS 10.2.12-h6","PAN-OS 10.2.12-h5","PAN-OS 10.2.12-h4","PAN-OS 10.2.12-h3","PAN-OS 10.2.12-h2","PAN-OS 10.2.12-h1","PAN-OS 10.2.12","PAN-OS 10.2.11-h13","PAN-OS 10.2.11-h12","PAN-OS 10.2.11-h11","PAN-OS 10.2.11-h10","PAN-OS 10.2.11-h9","PAN-OS 10.2.11-h8","PAN-OS 10.2.11-h7","PAN-OS 10.2.11-h6","PAN-OS 10.2.11-h5","PAN-OS 10.2.11-h4","PAN-OS 10.2.11-h3","PAN-OS 10.2.11-h2","PAN-OS 10.2.11-h1","PAN-OS 10.2.11","PAN-OS 10.2.10-h27","PAN-OS 10.2.10-h26","PAN-OS 10.2.10-h23","PAN-OS 10.2.10-h21","PAN-OS 10.2.10-h18","PAN-OS 10.2.10-h17","PAN-OS 10.2.10-h14","PAN-OS 10.2.10-h13","PAN-OS 10.2.10-h12","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h21","PAN-OS 10.2.9-h20","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h21","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h24","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-4615","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Improper Neutralization of Input in the Management Web Interface","datePublic":"2025-10-08T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-83","description":"CWE-83 Improper Neutralization of Script in Attributes in a Web Page","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-165","descriptions":[{"lang":"en","value":"CAPEC-165 File Manipulation"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"status":"unaffected","version":"12.1.0","versionType":"custom"},{"status":"affected","version":"11.2.0","lessThan":"11.2.8","changes":[{"at":"11.2.8","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","changes":[{"at":"11.1.10-h7","status":"unaffected"},{"at":"11.1.6-h21","status":"unaffected"},{"at":"11.1.4-h27","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.17","changes":[{"at":"10.2.17","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.10","versionEndExcluding":"11.1.10-h7"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.6","versionEndExcluding":"11.1.6-h21"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.4","versionEndExcluding":"11.1.4-h27"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.17"}]}]}],"descriptions":[{"lang":"en","value":"An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands.\n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.\n\nCloud NGFW and Prisma® Access are not affected by this vulnerability.\n\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<p><span>An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands.</span></p><p><span>The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.</span></p><p><span>Cloud NGFW and Prisma® Access are not affected by this vulnerability.</span></p>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVEN-2025-4615","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"You can greatly reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface. This will ensure that attacks can succeed only if they obtain privileged access through those specified IP addresses. We recommend remediating this vulnerability in your next scheduled maintenance cycle."}],"cvssV4_0":{"version":"4.0","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"POC","baseSeverity":"MEDIUM","baseScore":6.9,"threatSeverity":"MEDIUM","threatScore":5.4,"vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:N/R:U/V:D/RE:M/U:Amber"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"The risk is highest when you allow access to the management interface from external IP addresses on the internet. Our recommendation is to remediate as soon as possible."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"POC","baseSeverity":"HIGH","baseScore":7,"threatSeverity":"MEDIUM","threatScore":5.5,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:N/R:U/V:D/RE:M/U:Amber"}}],"workarounds":[{"lang":"eng","value":"No known workarounds exist for this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"No known workarounds exist for this issue."}]}],"solutions":[{"lang":"eng","value":"VERSION             MINOR VERSION            SUGGESTED SOLUTION\nCloud NGFW All                               No action needed.\nPAN-OS 12.1                                  No action needed.\nPAN-OS 11.2         11.2.0 through 11.2.7    Upgrade to 11.2.8 or later.\nPAN-OS 11.1         11.1.0 through 11.1.4    Upgrade to 11.1.4-h27 or 11.1.6-h21 or 11.1.10-h7 or later.\n                    11.1.4 through 11.1.6    Upgrade to 11.1.6-h21 or 11.1.10-h7 or later.\n                    11.1.8 through 11.1.10   Upgrade to 11.1.10-h7 or later.\nPAN-OS 10.2         10.2.0 through 10.2.16   Upgrade to 10.2.17 or later.\nAll older                                    Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\nPrisma Access All                            No action needed.","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>Cloud NGFW All<br></td><td></td><td>No action needed.</td></tr><tr><td>PAN-OS 12.1<br></td><td></td><td>No action needed.</td></tr><tr>\n                                <td>PAN-OS 11.2<br></td>\n                                <td>11.2.0 through 11.2.7</td>\n                                <td>Upgrade to 11.2.8 or later.</td>\n                            </tr><tr><td>PAN-OS 11.1</td><td>11.1.0 through 11.1.4</td><td>Upgrade to&nbsp;<span>11.1.4-h27 or 11.1.6-h21 or 11.1.10-h7 or later.</span></td></tr><tr>\n                                <td><br></td>\n                                <td>11.1.4 through 11.1.6</td>\n                                <td>Upgrade to 11.1.6-h21 or 11.1.10-h7 or later.<br></td>\n                            </tr><tr>\n                                <td></td>\n                                <td>11.1.8 through 11.1.10</td>\n                                <td>Upgrade to 11.1.10-h7 or later.<br></td>\n                            </tr><tr>\n                                <td>PAN-OS 10.2<br></td>\n                                <td>10.2.0 through 10.2.16</td>\n                                <td>Upgrade to 10.2.17 or later.</td>\n                            </tr><tr><td>All older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr><tr><td>Prisma Access All<br></td><td></td><td>No action needed.</td></tr></tbody></table>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-12-19T21:55:00.000Z","lang":"en","value":"Updated fix version for 11.1.0."},{"time":"2025-11-11T19:15:00.000Z","lang":"en","value":"Updated Fixed Software Versions"},{"time":"2025-10-08T16:00:00.000Z","lang":"en","value":"Initial Publication"},{"time":"2026-04-01T00:15:00.000Z","lang":"en","value":"Updated exploit maturity"}],"credits":[{"lang":"en","value":"Visa Inc.","type":"finder"}],"source":{"defect":["PAN-292159","PAN-271221"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.7-h10","PAN-OS 11.2.7-h8","PAN-OS 11.2.7-h7","PAN-OS 11.2.7-h4","PAN-OS 11.2.7-h3","PAN-OS 11.2.7-h2","PAN-OS 11.2.7-h1","PAN-OS 11.2.7","PAN-OS 11.2.6","PAN-OS 11.2.5","PAN-OS 11.2.4-h15","PAN-OS 11.2.4-h14","PAN-OS 11.2.4-h12","PAN-OS 11.2.4-h11","PAN-OS 11.2.4-h10","PAN-OS 11.2.4-h9","PAN-OS 11.2.4-h8","PAN-OS 11.2.4-h7","PAN-OS 11.2.4-h6","PAN-OS 11.2.4-h5","PAN-OS 11.2.4-h4","PAN-OS 11.2.4-h3","PAN-OS 11.2.4-h2","PAN-OS 11.2.4-h1","PAN-OS 11.2.4","PAN-OS 11.2.3-h5","PAN-OS 11.2.3-h4","PAN-OS 11.2.3-h3","PAN-OS 11.2.3-h2","PAN-OS 11.2.3-h1","PAN-OS 11.2.3","PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.10-h5","PAN-OS 11.1.10-h4","PAN-OS 11.1.10-h1","PAN-OS 11.1.10","PAN-OS 11.1.9","PAN-OS 11.1.8","PAN-OS 11.1.6-h20","PAN-OS 11.1.6-h19","PAN-OS 11.1.6-h18","PAN-OS 11.1.6-h17","PAN-OS 11.1.6-h14","PAN-OS 11.1.6-h10","PAN-OS 11.1.6-h7","PAN-OS 11.1.6-h6","PAN-OS 11.1.6-h4","PAN-OS 11.1.6-h3","PAN-OS 11.1.6-h2","PAN-OS 11.1.6-h1","PAN-OS 11.1.6","PAN-OS 11.1.5-h1","PAN-OS 11.1.5","PAN-OS 11.1.4-h25","PAN-OS 11.1.4-h18","PAN-OS 11.1.4-h17","PAN-OS 11.1.4-h15","PAN-OS 11.1.4-h13","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 10.2.16-h6","PAN-OS 10.2.16-h4","PAN-OS 10.2.16-h1","PAN-OS 10.2.16","PAN-OS 10.2.15","PAN-OS 10.2.14-h1","PAN-OS 10.2.14","PAN-OS 10.2.13-h18","PAN-OS 10.2.13-h16","PAN-OS 10.2.13-h15","PAN-OS 10.2.13-h10","PAN-OS 10.2.13-h7","PAN-OS 10.2.13-h5","PAN-OS 10.2.13-h4","PAN-OS 10.2.13-h3","PAN-OS 10.2.13-h2","PAN-OS 10.2.13-h1","PAN-OS 10.2.13","PAN-OS 10.2.12-h6","PAN-OS 10.2.12-h5","PAN-OS 10.2.12-h4","PAN-OS 10.2.12-h3","PAN-OS 10.2.12-h2","PAN-OS 10.2.12-h1","PAN-OS 10.2.12","PAN-OS 10.2.11-h13","PAN-OS 10.2.11-h12","PAN-OS 10.2.11-h11","PAN-OS 10.2.11-h10","PAN-OS 10.2.11-h9","PAN-OS 10.2.11-h8","PAN-OS 10.2.11-h7","PAN-OS 10.2.11-h6","PAN-OS 10.2.11-h5","PAN-OS 10.2.11-h4","PAN-OS 10.2.11-h3","PAN-OS 10.2.11-h2","PAN-OS 10.2.11-h1","PAN-OS 10.2.11","PAN-OS 10.2.10-h31","PAN-OS 10.2.10-h30","PAN-OS 10.2.10-h27","PAN-OS 10.2.10-h26","PAN-OS 10.2.10-h23","PAN-OS 10.2.10-h21","PAN-OS 10.2.10-h18","PAN-OS 10.2.10-h17","PAN-OS 10.2.10-h14","PAN-OS 10.2.10-h13","PAN-OS 10.2.10-h12","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h21","PAN-OS 10.2.9-h20","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h21","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h32","PAN-OS 10.2.7-h24","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-2182","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Firewall Clusters using the MACsec Protocol Expose the Connectivity Association Key (CAK)","datePublic":"2025-08-13T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-312","description":"CWE-312 Cleartext Storage of Sensitive Information","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-158","descriptions":[{"lang":"en","value":"CAPEC-158 Sniffing Network Traffic"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","platforms":["PA-7500"],"cpes":["cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:PA-7500:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:PA-7500:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:PA-7500:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:PA-7500:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:PA-7500:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:PA-7500:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:PA-7500:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:PA-7500:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:PA-7500:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:PA-7500:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:PA-7500:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:PA-7500:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:PA-7500:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:PA-7500:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:PA-7500:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:PA-7500:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:PA-7500:*"],"modules":["Clusters"],"versions":[{"status":"affected","version":"11.2.0","lessThan":"11.2.8","changes":[{"at":"11.2.8","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.10","changes":[{"at":"11.1.10","status":"unaffected"}],"versionType":"custom"},{"status":"unaffected","version":"10.2.0","versionType":"custom"},{"status":"unaffected","version":"10.1.0","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","platforms":["devices other than PA-7500"],"versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:PA-7500:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:PA-7500:*:*","versionStartIncluding":"11.1.0","versionEndExcluding":"11.1.10"}]}]}],"descriptions":[{"lang":"en","value":"A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster.\nA user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is no impact in non-clustered firewalls or clusters of firewalls that do not enable MACsec. \n\n\n","supportingMedia":[{"type":"text/html","base64":false,"value":"A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS<span>®</span> results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster.<br>A user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is no impact in non-clustered firewalls or clusters of firewalls that do not enable MACsec.&nbsp;<br><p></p>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2025-2182","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"MEDIUM","baseScore":6.8,"threatSeverity":"LOW","threatScore":3.3,"vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber"}}],"configurations":[{"lang":"eng","value":"The following conditions must be true to be vulnerable to this issue:\n\n 1. Your PA-7500 Series devices must be in an NGFW cluster. For more information regarding NGFW Clusters see our documentation (https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/ngfw-clustering/ngfw-clusters).\n\n 2. A MACsec policy must be configured and enabled for the NGFW cluster. For more information about MACsec profiles please see our documentation (https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-web-interface-help/network/network-network-profiles/network-network-profiles-macsec-profile).","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>The following conditions must be true to be vulnerable to this issue:</p><ol><li><p>Your PA-7500 Series devices must be in an NGFW cluster. For more information regarding NGFW Clusters see our <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/ngfw-clustering/ngfw-clusters\">documentation</a>.</p></li><li><p>A MACsec policy must be configured and enabled for the NGFW cluster. For more information about MACsec profiles please see our <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-web-interface-help/network/network-network-profiles/network-network-profiles-macsec-profile\">documentation</a>.</p></li></ol><b></b>"}]}],"workarounds":[{"lang":"eng","value":"No known workarounds exist for this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"No known workarounds exist for this issue."}]}],"solutions":[{"lang":"eng","value":"VERSION                                MINOR VERSION           SUGGESTED SOLUTION\nCloud NGFW                                                     No action needed.\nPAN-OS 11.2 on PA-7500                 11.2.0 through 11.2.7   Upgrade to 11.2.8 or later.\nPAN-OS 11.1 on PA-7500                 11.1.0 through 11.1.9   Upgrade to 11.1.10 or later.\nPAN-OS 10.2 on PA-7500                                         No action needed.\nPAN-OS 10.1 on PA-7500                                         No action needed.\nPAN-OS on devices other than PA-7500                           No action needed.\nAll older                                                      Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\nPrisma Access                                                  No action needed.","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>Cloud NGFW<br></td><td></td><td>No action needed.</td></tr><tr>\n                                    <td>PAN-OS 11.2 on PA-7500<br></td>\n                                    <td>11.2.0 through 11.2.7</td>\n                                    <td>Upgrade to 11.2.8 or later.</td>\n                                </tr><tr>\n                                    <td>PAN-OS 11.1 on PA-7500<br></td>\n                                    <td>11.1.0 through 11.1.9</td>\n                                    <td>Upgrade to 11.1.10 or later.</td>\n                                </tr><tr><td>PAN-OS 10.2 on PA-7500<br></td><td></td><td>No action needed.</td></tr><tr><td>PAN-OS 10.1 on PA-7500<br></td><td></td><td>No action needed.</td></tr><tr><td>PAN-OS on devices other than PA-7500<br></td><td></td><td>No action needed.</td></tr><tr><td>All older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr><tr><td>Prisma Access<br></td><td></td><td>No action needed.</td></tr></tbody></table>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-08-13T16:00:00.000Z","lang":"en","value":"Initial Publication"}],"credits":[{"lang":"en","value":"This issue was found during an internal security review.","type":"finder"}],"source":{"defect":["PAN-284490"],"discovery":"INTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.7-h3","PAN-OS 11.2.7-h2","PAN-OS 11.2.7-h1","PAN-OS 11.2.7","PAN-OS 11.2.6","PAN-OS 11.2.5","PAN-OS 11.2.4-h12","PAN-OS 11.2.4-h11","PAN-OS 11.2.4-h10","PAN-OS 11.2.4-h9","PAN-OS 11.2.4-h8","PAN-OS 11.2.4-h7","PAN-OS 11.2.4-h6","PAN-OS 11.2.4-h5","PAN-OS 11.2.4-h4","PAN-OS 11.2.4-h3","PAN-OS 11.2.4-h2","PAN-OS 11.2.4-h1","PAN-OS 11.2.4","PAN-OS 11.2.3-h5","PAN-OS 11.2.3-h4","PAN-OS 11.2.3-h3","PAN-OS 11.2.3-h2","PAN-OS 11.2.3-h1","PAN-OS 11.2.3","PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.9","PAN-OS 11.1.8","PAN-OS 11.1.6-h20","PAN-OS 11.1.6-h19","PAN-OS 11.1.6-h18","PAN-OS 11.1.6-h17","PAN-OS 11.1.6-h14","PAN-OS 11.1.6-h10","PAN-OS 11.1.6-h7","PAN-OS 11.1.6-h6","PAN-OS 11.1.6-h4","PAN-OS 11.1.6-h3","PAN-OS 11.1.6-h2","PAN-OS 11.1.6-h1","PAN-OS 11.1.6","PAN-OS 11.1.5-h1","PAN-OS 11.1.5","PAN-OS 11.1.4-h18","PAN-OS 11.1.4-h17","PAN-OS 11.1.4-h15","PAN-OS 11.1.4-h13","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"PAN-SA-2025-0012","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"Informational Bulletin: OSS CVEs Fixed in PAN-OS","datePublic":"2025-07-09T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","description":""}]}],"impacts":[{"descriptions":[{"lang":"en","value":""}]}],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"status":"unaffected","version":"","versionType":"custom"}],"defaultStatus":"unaffected"}],"cpeApplicability":[{"operator":"OR","nodes":[]}],"descriptions":[{"lang":"en","value":"The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. While it was not determined that these CVEs have any significant impact on PAN-OS, they have been fixed out of an abundance of caution.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<span>The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. While it was not determined that these CVEs have any significant impact on PAN-OS, they have been fixed out of an abundance of caution.</span>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/PAN-SA-2025-0012","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","exploitMaturity":"NOT_DEFINED","baseSeverity":"NONE","baseScore":0,"threatSeverity":"NONE","threatScore":0,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"}}],"solutions":[{"lang":"eng","value":"The OSS CVEs are fixed in the respective PAN-OS versions.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>The OSS CVEs are fixed in the respective PAN-OS versions.</p>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-07-09T16:00:00.000Z","lang":"en","value":"Initial Publication"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-4230","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI","datePublic":"2025-06-11T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-78","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-248","descriptions":[{"lang":"en","value":"CAPEC-248 Command Injection"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"affected","version":"11.2.0","lessThan":"11.2.6","changes":[{"at":"11.2.6","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.6-h14","changes":[{"at":"11.1.10","status":"unaffected"},{"at":"11.1.6-h14","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.10-h27","changes":[{"at":"10.2.10-h27","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","lessThan":"10.1.14-h15","changes":[{"at":"10.1.14-h15","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.6","versionEndExcluding":"11.1.6-h14"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.0","versionEndExcluding":"11.1.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.10","versionEndExcluding":"10.2.10-h27"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.14","versionEndExcluding":"10.1.14-h15"}]}]}],"descriptions":[{"lang":"en","value":"A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI.\n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.\n\nCloud NGFW and Prisma® Access are not affected by this vulnerability.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<p><span>A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI.</span></p><span>The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. </span><b><span><br></span><span><br></span></b><span>Cloud NGFW and Prisma® Access are not affected by this vulnerability.</span>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2025-4230","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"HIGH","baseScore":8.4,"threatSeverity":"MEDIUM","threatScore":5.7,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/R:U/V:D/U:Amber"}}],"configurations":[{"lang":"en","value":"No special configuration is required to be affected by this issue.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<span>No special configuration is required to be affected by this issue.</span>"}]}],"workarounds":[{"lang":"en","value":"No workaround or mitigation is available.","supportingMedia":[{"type":"text/html","base64":false,"value":"No workaround or mitigation is available."}]}],"solutions":[{"lang":"eng","value":"VERSION             MINOR VERSION            SUGGESTED SOLUTION\nCloud NGFW All                               No action needed.\nPAN-OS 11.2         11.2.0 through 11.2.5    Upgrade to 11.2.6 or later.\nPAN-OS 11.1         11.1.0 through 11.1.6    Upgrade to 11.1.6-h14 or 11.1.10 or later.\nPAN-OS 10.2         10.2.0 through 10.2.10   Upgrade to 10.2.10-h27 or later.\nPAN-OS 10.1         10.1.0 through 10.1.14   Upgrade to 10.1.14-h15 or later.\nAll older                                    Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\nPrisma Access All                            No action needed.","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>Cloud NGFW All<br></td><td></td><td>No action needed.</td></tr><tr>\n                                <td>PAN-OS 11.2<br></td>\n                                <td>11.2.0 through 11.2.5</td>\n                                <td>Upgrade to 11.2.6 or later.</td>\n                            </tr><tr>\n                                <td>PAN-OS 11.1<br></td>\n                                <td>11.1.0 through 11.1.6</td>\n                                <td>Upgrade to 11.1.6-h14 or 11.1.10 or later.</td>\n                            </tr><tr>\n                                <td>PAN-OS 10.2<br></td>\n                                <td>10.2.0 through 10.2.10</td>\n                                <td>Upgrade to 10.2.10-h27 or later.</td>\n                            </tr><tr>\n                                <td>PAN-OS 10.1<br></td>\n                                <td>10.1.0 through 10.1.14</td>\n                                <td>Upgrade to 10.1.14-h15 or later.</td>\n                            </tr><tr><td>All older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr><tr><td>Prisma Access All<br></td><td></td><td>No action needed.</td></tr></tbody></table>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-06-30T20:30:00.000Z","lang":"en","value":"Updated fix version for 11.1.0."},{"time":"2025-06-24T17:30:00.000Z","lang":"en","value":"Updated fix version."},{"time":"2025-06-11T16:00:00.000Z","lang":"en","value":"Initial Publication"}],"credits":[{"lang":"en","value":"Visa Inc.","type":"finder"}],"source":{"defect":["PAN-271215"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.5","PAN-OS 11.2.4-h12","PAN-OS 11.2.4-h11","PAN-OS 11.2.4-h10","PAN-OS 11.2.4-h9","PAN-OS 11.2.4-h8","PAN-OS 11.2.4-h7","PAN-OS 11.2.4-h6","PAN-OS 11.2.4-h5","PAN-OS 11.2.4-h4","PAN-OS 11.2.4-h3","PAN-OS 11.2.4-h2","PAN-OS 11.2.4-h1","PAN-OS 11.2.4","PAN-OS 11.2.3-h5","PAN-OS 11.2.3-h4","PAN-OS 11.2.3-h3","PAN-OS 11.2.3-h2","PAN-OS 11.2.3-h1","PAN-OS 11.2.3","PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.9","PAN-OS 11.1.8","PAN-OS 11.1.6-h10","PAN-OS 11.1.6-h7","PAN-OS 11.1.6-h6","PAN-OS 11.1.6-h4","PAN-OS 11.1.6-h3","PAN-OS 11.1.6-h2","PAN-OS 11.1.6-h1","PAN-OS 11.1.6","PAN-OS 11.1.5-h1","PAN-OS 11.1.5","PAN-OS 11.1.4-h25","PAN-OS 11.1.4-h18","PAN-OS 11.1.4-h17","PAN-OS 11.1.4-h15","PAN-OS 11.1.4-h13","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 10.2.10-h26","PAN-OS 10.2.10-h23","PAN-OS 10.2.10-h21","PAN-OS 10.2.10-h18","PAN-OS 10.2.10-h17","PAN-OS 10.2.10-h14","PAN-OS 10.2.10-h13","PAN-OS 10.2.10-h12","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h21","PAN-OS 10.2.9-h20","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h21","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h24","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.14-h14","PAN-OS 10.1.14-h13","PAN-OS 10.1.14-h11","PAN-OS 10.1.14-h10","PAN-OS 10.1.14-h9","PAN-OS 10.1.14-h8","PAN-OS 10.1.14-h7","PAN-OS 10.1.14-h6","PAN-OS 10.1.14-h5","PAN-OS 10.1.14-h4","PAN-OS 10.1.14-h3","PAN-OS 10.1.14-h2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-4231","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface","datePublic":"2025-06-11T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-77","description":"CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-233","descriptions":[{"lang":"en","value":"CAPEC-233 Privilege Escalation"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected","cpes":[]},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:palo_alto_networks:pan-os:11.0.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.0.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.0.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"unaffected","version":"11.2.0","versionType":"custom"},{"status":"unaffected","version":"11.1.0","versionType":"custom"},{"status":"affected","version":"11.0.0","lessThan":"11.0.3","changes":[{"at":"11.0.3","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.8","changes":[{"at":"10.2.8","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected","cpes":[]}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndExcluding":"11.0.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.8"}]}]}],"descriptions":[{"lang":"en","value":"A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user.\n\nThe attacker must have network access to the management web interface and successfully authenticate to exploit this issue.\n\nCloud NGFW and Prisma Access are not impacted by this vulnerability.","supportingMedia":[{"type":"text/html","base64":false,"value":"A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user.<br><br>The attacker must have network access to the management web interface and successfully authenticate to exploit this issue.<br><br>Cloud NGFW and Prisma Access are not impacted by this vulnerability."}]}],"references":[{"url":"https://","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"The risk is highest when you allow access to the management interface from external IP addresses on the internet."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"HIGH","baseScore":8.6,"threatSeverity":"MEDIUM","threatScore":6.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"You can greatly reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface. This will ensure that attacks can succeed only if they obtain privileged access through those specified IP addresses."}],"cvssV4_0":{"version":"4.0","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"HIGH","baseScore":7.1,"threatSeverity":"MEDIUM","threatScore":4,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"The risk is greatest if you allow access to the management web interface from the internet or from any untrusted network either:\n\n 1. Directly; or\n\n 2. Through a dataplane interface that includes a management interface profile.\n\nYou greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management web interface.\n\nUse the following steps to identify your recently detected devices in our internet scans.\n\n 1. To find any assets that require remediation, visit the Assets section of the Customer Support Portal:https://support.paloaltonetworks.com (https://support.paloaltonetworks.com/) and then select Products → Assets → All Assets → Remediation Required).\n\n 2. Review the list of your assets that we discovered in our scans to have an internet-facing management interface. We tagged these assets with ‘PAN-SA-2024-0015’ and a last seen timestamp (in UTC). If you do not see any such assets listed, then our scan did not find any devices associated with your account in the past three days that have an internet-facing management interface.\n    \n\nGlobalProtect™ portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you are exposing the firewall to attacks through the management web interface (typically accessible on port 4443).\n\n\n\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>The risk is greatest if you allow access to the management web interface from the internet or from any untrusted network either:</p><ol><li><p>Directly; or</p></li><li><p>Through a dataplane interface that includes a management interface profile.</p></li></ol><p>You greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management web interface.</p><p>Use the following steps to identify your recently detected devices in our internet scans.</p><ol><li><p>To find any assets that require remediation, visit the Assets section of the Customer Support Portal:<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/\">https://support.paloaltonetworks.com</a>&nbsp;and then select Products → Assets → All Assets → Remediation Required).</p></li><li><p>Review the list of your assets that we discovered in our scans to have an internet-facing management interface. We tagged these assets with ‘PAN-SA-2024-0015’ and a last seen timestamp (in UTC). If you do not see any such assets listed, then our scan did not find any devices associated with your account in the past three days that have an internet-facing management interface.<br></p></li></ol><div><p>GlobalProtect™ portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you are exposing the firewall to attacks through the management web interface (typically accessible on port 4443).</p></div><b><p></p></b><p></p>"}]}],"workarounds":[{"lang":"en","value":"Recommended mitigation—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our critical deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview more information about how to secure management access to your Palo Alto Networks firewalls in these documents:\n\n * Palo Alto Networks LIVEcommunity article: https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\n\n * Palo Alto Networks official and detailed technical documentation: https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices","supportingMedia":[{"type":"text/html","base64":false,"value":"<p><b>Recommended mitigation</b>—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">critical deployment guidelines</a>. Specifically, you should restrict management interface access to only trusted internal IP addresses.</p><p>Review more information about how to secure management access to your Palo Alto Networks firewalls in these documents:</p><ul><li><p>Palo Alto Networks LIVEcommunity article: <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431</a></p></li></ul><ul><li><p>Palo Alto Networks official and detailed technical documentation: <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\">https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices</a></p></li></ul>"}]}],"solutions":[{"lang":"en","value":"VERSION           MINOR VERSION           SUGGESTED SOLUTION\nPAN-OS 11.2                               No action needed.\nPAN-OS 11.1                               No action needed.\nPAN-OS 11.0*      11.0.0 through 11.0.2   Upgrade to 11.0.3 or later.\nPAN-OS 10.2       10.2.0 through 10.2.7   Upgrade to 10.2.8 or later.\nPAN-OS 10.1                               Upgrade to 10.2.8 or 11.0.3 or later.\nAll older                                 Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\n\n\n*PAN-OS 11.0 has reached EoL. We listed it here for completeness because a patch for PAN-OS 11.0 was released before it reached EoL. If you are still using any vulnerable EoL versions, we strongly recommend that you upgrade to a supported fixed PAN-OS version.","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>PAN-OS 11.2<br></td><td></td><td>No action needed.</td></tr><tr><td>PAN-OS 11.1<br></td><td></td><td>No action needed.</td></tr><tr>\n                                <td>PAN-OS 11.0*<br></td>\n                                <td>11.0.0 through 11.0.2</td>\n                                <td>Upgrade to 11.0.3 or later.</td>\n                            </tr><tr>\n                                <td>PAN-OS 10.2<br></td>\n                                <td>10.2.0 through 10.2.7</td>\n                                <td>Upgrade to 10.2.8 or later.</td>\n                            </tr><tr><td>PAN-OS 10.1</td><td></td><td>Upgrade to 10.2.8 or 11.0.3 or later.</td></tr><tr><td>All older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr></tbody></table><br><p>*PAN-OS 11.0 has reached EoL. We listed it here for completeness because a patch for PAN-OS 11.0 was released before it reached EoL. If you are still using any vulnerable EoL versions, we strongly recommend that you upgrade to a supported fixed PAN-OS version.</p>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-06-11T16:00:00.000Z","lang":"en","value":"Initial Publication"}],"credits":[{"lang":"en","value":"spcnvdr","type":"finder"}],"source":{"defect":["PAN-215223"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.0.2-h5","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h5","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h4","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 10.2.7-h24","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.14-h14","PAN-OS 10.1.14-h13","PAN-OS 10.1.14-h11","PAN-OS 10.1.14-h10","PAN-OS 10.1.14-h9","PAN-OS 10.1.14-h8","PAN-OS 10.1.14-h7","PAN-OS 10.1.14-h6","PAN-OS 10.1.14-h5","PAN-OS 10.1.14-h4","PAN-OS 10.1.14-h3","PAN-OS 10.1.14-h2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-4229","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Traffic Information Disclosure Vulnerability","datePublic":"2025-06-11T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-497","description":"CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-37","descriptions":[{"lang":"en","value":"CAPEC-37 Retrieve Embedded Sensitive Data"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"affected","version":"11.2.0","lessThan":"11.2.7","changes":[{"at":"11.2.7","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.10","changes":[{"at":"11.1.10","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.16-h1","changes":[{"at":"10.2.17","status":"unaffected"},{"at":"10.2.16-h1","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","lessThan":"10.1.14-h16","changes":[{"at":"10.1.14-h16","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.0","versionEndExcluding":"11.1.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.16","versionEndExcluding":"10.2.16-h1"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.14","versionEndExcluding":"10.1.14-h16"}]}]}],"descriptions":[{"lang":"en","value":"An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall.\n\nCloud NGFW and Prisma® Access are not affected by this vulnerability.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall.</p><p>Cloud NGFW and Prisma® Access are not affected by this vulnerability.</p>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2025-4229","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"MEDIUM","baseScore":6,"threatSeverity":"LOW","threatScore":2.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/U:Amber"}}],"configurations":[{"lang":"en","value":"To be vulnerable to this issue, an SD-WAN Interface Profile must be configured on PAN-OS. The interface must also be configured for Direct Internet Access (DIA). Adding an SD-WAN Interface Profile requires the Advanced SD-WAN License.\n\n\nYou can verify whether you configured an SD-WAN Interface Profile by checking for entries in your firewall web interface (Network → Network Profiles → SD-WAN Interface Profile).\n\n\n\n\nTo verify if you have Direct Internet Access, see our documentation about configuring Direct Internet Access (https://docs.paloaltonetworks.com/sd-wan/administration/configure-direct-internet-access).\n\n\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>To be vulnerable to this issue, an SD-WAN Interface Profile must be configured on PAN-OS. The interface must also be configured for Direct Internet Access (DIA). Adding an SD-WAN Interface Profile requires the Advanced SD-WAN License.<br></p><p>You can verify whether you configured an SD-WAN Interface Profile by checking for entries in your firewall web interface (Network → Network Profiles → SD-WAN Interface Profile).</p><b><p><img alt=\"\" src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAycAAAGgCAYAAACwgxjgAAAKsmlDQ1BJQ0MgUHJvZmlsZQAAeJyVlwdUk9kSgO//p4cEAgkISAm9SW8BpIQeem+iEpIAoYQYCAI2RBZXYC2oiIAi6CpFwVUpsoqKBduiYMG+IIuAsi4WbFjeDxyCu++8986bnMl8Z/65c+fO+W/OBAAynS0UpsIUANIEmaIQL1d6VHQMHTcGMIAKZIExkGNzMoTMoCA/gMic/bu8uwugaXvLeDrXvz//ryLL5WVwAICCEI7nZnDSED6B6CeOUJQJAOoo4tdamSmc5tsI00RIgQiPTnPiLH+e5vgZRlNmYsJC3BDWBgBPYrNFiQCQzBA/PYuTiOQhTe9lJuDyBQjnIeyUlpbORfgswvpIjBDh6fyM+O/yJP4tZ7wkJ5udKOHZs8wI3p2fIUxl5/yf7fjfkpYqnttDD1FSksg7BLEKSM/+SEn3lbAgPiBwjvncmfgZThJ7h88xJ8MtZo4zUkNZc8xlu/tK8qQG+M1xAt9TEsPPZIXNMS/DI3SORekhkn0TRG7MOWaL5msQp4RL/Ek8liR/blJY5Bxn8SMCJLWlhPrOx7hJ/CJxiOQsPIGX6/y+npI+pGV8d3Y+S7I2MynMW9IH9nz9PAFzPmdGlKQ2Ls/dYz4mXBIvzHSV7CVMDZLE81K9JP6MrFDJ2kzk5ZxfGyTpYTLbJ2iOgTvwAH7Ihw7CgSWwAubAFiCdyeRlZ04fxi1dmCPiJyZl0pnIjePRWQKOySK6hZmFNQDT93f29XhzY+ZeQorx8760aABs1iHQOe/j8AFoN0KuzZ55ny4NuZoRAJzu44hFWbM+9PQXBhCBDKABJaAGtIA+8gthAWyAA3BBKvYBgSAMRINlgAOSQBoQgZVgNVgPCkEx2Ap2ggpQDfaDOnAEHANt4BQ4By6Ba+AmuAMeggEwDF6ACfAOTEEQhIPIEBVSgtQhHcgIsoAYkBPkAflBIVA0FAclQgJIDK2GNkDFUClUAdVA9dAv0EnoHHQF6oXuQ4PQGPQa+gSjYBJMg1VhXdgUZsBM2BcOg5fCifAKOBcugDfD5XAtfBhuhc/B1+A78AD8Ap5EAZQUSgGlgTJGMVBuqEBUDCoBJUKtRRWhylC1qCZUB6obdQs1gBpHfURj0VQ0HW2MdkB7o8PRHPQK9Fp0CboCXYduRV9A30IPoifQXzFkjArGCGOPYWGiMImYlZhCTBnmIKYFcxFzBzOMeYfFYhWwelhbrDc2GpuMXYUtwe7BNmPPYnuxQ9hJHA6nhDPCOeICcWxcJq4Qtxt3GHcG14cbxn3AS+HV8RZ4T3wMXoDPx5fhG/Cd+D78CH6KQCHoEOwJgQQuIYewhXCA0EG4QRgmTBFliXpER2IYMZm4nlhObCJeJD4ivpGSktKUspMKluJL5UmVSx2Vuiw1KPWRJEcyJLmRYkli0mbSIdJZ0n3SGzKZrEt2IceQM8mbyfXk8+Qn5A/SVGkTaZY0V3qddKV0q3Sf9EsZgoyODFNmmUyuTJnMcZkbMuMUAkWX4kZhU9ZSKiknKf2USVmqrLlsoGyabIlsg+wV2VE5nJyunIccV65Abr/cebkhKoqqRXWjcqgbqAeoF6nDNCxNj8aiJdOKaUdoPbQJeTl5K/kI+Wz5SvnT8gMKKAVdBZZCqsIWhWMKdxU+LVBdwFzAW7BpQdOCvgXvFRcquijyFIsUmxXvKH5Soit5KKUobVNqU3qsjFY2VA5WXqm8V/mi8vhC2kKHhZyFRQuPLXygAqsYqoSorFLZr3JdZVJVTdVLVai6W/W86riagpqLWrLaDrVOtTF1qrqTOl99h/oZ9ed0eTqTnkovp1+gT2ioaHhriDVqNHo0pjT1NMM18zWbNR9rEbUYWglaO7S6tCa01bX9tVdrN2o/0CHoMHSSdHbpdOu819XTjdTdqNumO6qnqMfSy9Vr1HukT9Z31l+hX6t/2wBrwDBIMdhjcNMQNrQ2TDKsNLxhBBvZGPGN9hj1LsIsslskWFS7qN+YZMw0zjJuNB40UTDxM8k3aTN5aaptGmO6zbTb9KuZtVmq2QGzh+Zy5j7m+eYd5q8tDC04FpUWty3Jlp6W6yzbLV9ZGVnxrPZa3bOmWvtbb7Tusv5iY2sjsmmyGbPVto2zrbLtZ9AYQYwSxmU7jJ2r3Tq7U3Yf7W3sM+2P2f/lYOyQ4tDgMLpYbzFv8YHFQ46ajmzHGscBJ7pTnNM+pwFnDWe2c63zUxctF67LQZcRpgEzmXmY+dLVzFXk2uL63s3ebY3bWXeUu5d7kXuPh5xHuEeFxxNPTc9Ez0bPCS9rr1VeZ70x3r7e27z7WaosDqueNeFj67PG54IvyTfUt8L3qZ+hn8ivwx/29/Hf7v8oQCdAENAWCAJZgdsDHwfpBa0I+jUYGxwUXBn8LMQ8ZHVIdyg1dHloQ+i7MNewLWEPw/XDxeFdETIRsRH1Ee8j3SNLIweiTKPWRF2LVo7mR7fH4GIiYg7GTC7xWLJzyXCsdWxh7N2lekuzl15Zprwsddnp5TLL2cuPx2HiIuMa4j6zA9m17Ml4VnxV/ATHjbOL84Lrwt3BHeM58kp5IwmOCaUJo4mOidsTx5Kck8qSxvlu/Ar+q2Tv5Ork9ymBKYdSvqVGpjan4dPi0k4K5AQpggvpaunZ6b1CI2GhcGCF/YqdKyZEvqKDGVDG0oz2TBoyKF0X64t/EA9mOWVVZn1YGbHyeLZstiD7eo5hzqackVzP3J9XoVdxVnWt1li9fvXgGuaamrXQ2vi1Xeu01hWsG87zyqtbT1yfsv63fLP80vy3GyI3dBSoFuQVDP3g9UNjoXShqLB/o8PG6h/RP/J/7NlkuWn3pq9F3KKrxWbFZcWfSzglV38y/6n8p2+bEzb3bLHZsncrdqtg691tztvqSmVLc0uHtvtvb91B31G04+3O5TuvlFmVVe8i7hLvGij3K2/frb176+7PFUkVdypdK5urVKo2Vb3fw93Tt9dlb1O1anVx9ad9/H33arxqWmt1a8v2Y/dn7X92IOJA98+Mn+sPKh8sPvjlkODQQF1I3YV62/r6BpWGLY1wo7hx7HDs4ZtH3I+0Nxk31TQrNBcfBUfFR5//EvfL3WO+x7qOM443ndA5UdVCbSlqhVpzWifaktoG2qPbe0/6nOzqcOho+dXk10OnNE5VnpY/vaWT2FnQ+e1M7pnJs8Kz4+cSzw11Le96eD7q/O0LwRd6LvpevHzJ89L5bmb3mcuOl09dsb9y8irjats1m2ut162vt/xm/VtLj01P6w3bG+037W529C7u7exz7jt3y/3Wpdus29fuBNzpvRt+915/bP/APe690fup9189yHow9TDvEeZR0WPK47InKk9qfzf4vXnAZuD0oPvg9aehTx8OcYZe/JHxx+fhgmfkZ2Uj6iP1oxajp8Y8x24+X/J8+IXwxdR44Z+yf1a91H954i+Xv65PRE0MvxK9+va65I3Sm0Nvrd52TQZNPnmX9m7qfdEHpQ91Hxkfuz9FfhqZWvkZ97n8i8GXjq++Xx99S/v2TcgWsWdGARSicEICAK8PAUBGZgrqTQCIS2bn6xmBZv8TzBD4Tzw7g8+IDQD1iJkevQLyAKhyQWYQRCmITo9FyJgEW1pKdG4Wnpnbp4VyGIB9v5v5hfndZuaBf8rsTP9d3f+0QJL1b/Zf0q4Iu0OcQRUAAQAASURBVHja7J11nF3V9befY9fmjktmJjLJTNzdBZIQQkiA4NoCpVCoUG9p31L3/mq0pThJcRIsBAIh7u42k/HJuMvVI+8fVzKTTKwlBvvhcz9hrhxZZ5991nfvtdaWrpw500IgEAgEAoFAIBAILjJqXnGtsIJAIBAIBAKBQCC4+OJEN0xhBYFAIBAIBILPAJIwwUVDhCJ9SuJENGKBQCAQCASCzwayLAsjXAxhYllgCXnyqYgTYQKBQCAQCASCzwaSGHW+iAJF2ECIE4FAIBAIBALBCeJEKJSLI0yEOhHiRCAQCAQCgUBwXJwgwroujt2FMBHiRCAQCAQCgUDQ0UmWJMQI/kVRJwIhTgQCgUAgEAgEJ4sT4SlfeG0iBKEQJwKBQCAQCASCKBZgIQltclFsL4wuxIlAIBAIBAKBAAjpERULTbJExa6LQFCyMIQZhDgRCAQCgUAg+Nw7xkiMl318z+5FkZWOigWOp6CIv8/L37IFuy2JX+sxGEhiDkWIE4FAIBAIBILPLyaQIplM1donw4sciPPPcRkimaYQJUKcCAQCgUAgEAgiAsUKu8uHLKizFFFU+DwSsfVA2SBBkggKkwhxIhAIBAKBQCA4jhR2m/9uxvIRbuxi9uS8ihMVi2esWiZIpjCIECcCgUAgEAgEgs4wZQkDBUOIk/MqTiRMYWEhTgQCgUAgEAgEp0NGQpbEWvHnW5zISGCJTBMhTgQCgUAgEAgEp0QCJLHcyYWxszCDECcCgUAgEAgEgtMgy0iSLFYtvwDiRJj4EhYn1kn/c/zKCVUpEAgEAoFAcIGcZgkkSay3cf7FidS57yu4+OLEAizr1BdHrFQqEAgEAoFAcKGcZpCFOLlA4kRY+ZITJ6YJCW6YM1aia2rHayRLUNcMb6+3qGsO/S0QCAQCgUAgOJ9eswxCnFwQcSK1X/dScPHFiWWBpsKw3vDVGyRyup/wBQWKSmH1bqhptJAVYXCBQCAQCASC8+s0i4T4C4tQJ5eMOAHITIZ542UyUjq5NlY43OtTvtTSf7kd6RJoutJ5/L5AIBAIBAIBSMiImZPzjSwsfGmJE9MCtwOmDQu9XI7O1UTkLcs6N2fbNE+dxGIRSvSi3b+dfs+ysNqpo8jvpHNMgmm/nTP9/lTfjZyPdY7b+G+PWSAQCAQCwedUmoiE+AskAYWFLylxIhGeNZkok5lywgeRf6VQnokZnkGxzNBaNafLPbEsi9hYN1MmjiMuNhbzxKkXy8IfCNDQ0EhhcQnlFVUYhtHBebcsC03T6JXVg4H9+2C320ECr8/Pvv0HKS0txzCNszpPm81G397Z9OmdjQQUFBVz8HAefr//pH1Gvtu3dzaSLFFQVMKhQ7k4XU4mjhtDXKybNq+XffsOUlp2DP2E444YLi0thbGjhhPrduP1+Th0OJeCohJ0XRctViAQCAQCwRnFSSjnRIQbnS8sJCRLCJRLRpyYJsTFwFWjJIb0AkUFzNBnlXWwcpdFRT2RYX9umhq6cIYB+RWwcqdFiwdkubNtmyQlJPDAvXfRq2cPDMPscNktLPx+Pw2NzRw8nMuSDz5m6/ZdHcSCaZrEx8Zyx63zmTVjGg6HA0mCxsYm/vPqIha9vYTmllZk+fRrp1qWhSLL9O2TzVceuJf4uFg2bNrK7/7vCSoqq1AUpcNxx8eF9jnjisl4vD6e/8+r5OUV0C0zg4e+dA89unWlta2ND5ev4tkXXqKquuakc4+Li+X6a6/mzltvJDEhnpq6Op598RXKjlUQDAbFDIpAIBAIBIIzqBM5XK1LrBF/vpABSZJDg/FCA15ccWIRToLPgesnS8THhIWJBD4frNkDf1tsUVQVEiN9u8MrP5bo2V2CIOwtgPpmi80HQTdOLjNsWRaqqpKenkZ6l7TTHsvQIQPpmtGFQDDAzl37os67qqr07NmD6VdMIrtXVvT7qSnJTJ00nhWr19Hc0noWIw8SPr+f0rJy3DEuunfLZNyYkWR170pNTV04SCvcSGWZzIx0Jo0fQ1aP7hzNL6SgoBif34/L5SQjvQtduqTShVTmzp7Jvv0H+eiT1VFRFZntGTZkIDfPn0v/vjkgSag2FacjNPMjclAEAoFAIBCc0X8JV5ESo/rnE0vY91IRJ6YJCXEwb4JEn66hanURH728DpZsNqmoC4dztQvrwgzJzL7d4KapEgXlFuV1p7nk4XCuxsYm3nrvA+rqG5Dl0EhAUmICQ4cMYsigAYwfO5rcowXkHS2krq4ey7KIi4tl7KjhdElNxe/3c+DQEeLj4+mV1Z3BgwYweGB/KqtqCAQCZ5yJ0HWdktJj7Nl3kG5dM0hMTGD0yOEcyj1Kc3MLsixjmiaxsW7GjBpBWmoKhmmSe7SAgqJiAsFgh/MByMzowrw5V7HvwGEKi4rDdjVJiI9j3pyr6ZOTHVVtliXkuEAgEAgEgnMQJxJihfgLIgHDo/OCiydOLAscNhjdD6YMkXBGkuBlaGmD97dY7DgCAT0UsnWS32+Cwx767erdsGyrhT94+kUa6xsbefaFl8k9mo+qqkiSRFJSInNmzeD73/kaKcmJDB08kBiXi5qaOhRFJr1LGldMnURsrJuCwmKeffFlsnv15Mv33U1yciITx41hy7ad1NadnDdy8g0u0dLSyuat25kycRwJCXFMGD+apR99QnNzS/R3sW43E8aNJC4ujpaWFnbs2kNrqwe5k5Oz2WyMHjmcKZPGUVVdTVubB5vNzrAhg5g0YQxOp0O0zM8wwWCwQ9EEWZaRZblToWwYBqZpomlap58ZRih3SlGUaJhhJDdJVdWT9ivLMoqiYJpmhxwmSZJQFOWkUEfTNKOvU30n8j1d11FVtcPnJ+4nsv/IubY/h8jnkdeleu0is7OdceI1OfG6hj43AeskW1xMTNPEMIxoH9vZIM2JbcqyrGj77KxtWJYVbRMn9rO6rkfbtK7r0d+3vzdO7Icj3z9Tm2zf5s50f10M2reRUx3fmWx7uuvV/j7v+H0Tyzp5e8FgMPr3ifdr5Bgj+4lcO8u6tNrviXY51fF11t90dg6n6ytPtMnp9ns27VnX9TP2r/+14yzJSJZ5rj/DskJ+nKaALFuhZOFO3g/qEsYJm5clUGQIniKtV5FDA9aKDKoS2baFbkiYFtgizVayME2JoHF8f5YlYZqgm6FjUeTQS26X6xzUiR6TJB3/jiSFfh/QO+7bInys4aUxzmnNksjMlHR++odTPRM7a5MgoSihe/hUz3LDMNA07Zz7887acXuf4+KLE6BHGtx2pUy31OMXx9Bhz1F4d71FU1vnuSTtSUuA+ZMl9hVaFJSfzQiA1KFiVV1dPfsPHsbr8SAlJxEfH4eiyFiWic3moG/vHPr1yQHgyNF8Nm/dSXHJMW66/lp69ezBiOGDycjoQn1DY4cL0+kshSTh9fnYu/8gJaVlJCUNpm9ONj2zenCsvDL68O2amUHv7F4oikx1dS1bt++mra0tFI8Yvkksy6KxsQlN00hOSuL6a69mz94D7Nt/KDSbcu0sMrp0oaWlFY/XR2pKkpgy/AwRCd0bM2YMdrsNSZLx+30UFRVTU1ODrusdbnbDMMnJySYlJZWdO3dimmaHDiwjI4PBgwahGwaHDh6ksroaVVEYPnw4Xq+Xo0ePRh0KVVUZM2Y0ZWXHKC0tJTU1lQED+kf319jYxNGjR2ltbe0gctxuN7179yYjI52amlry8nKjbbj9caalpdK3b1/2799Pc3MzkiRhmibJycnR/ZimRUVFBcXFxdHOLisri169emJZoXukurqG0tJSmpubLznHB2D06FH4fH4OHz7c4dhM08QCunXrRp8+vZFlmaNH8yktLYmWUzcMg/T0dPr27YPD4aSwsJDCwkIsy7qo52maJhkZGWRlZbFr166TZpRN02TAgAHY7XYOHDgQfYipqkpOTg69evXE4/GQm5tHVdXxXLyYmBgGDOjP3r37ots0TZOEhHj69evHrl270XU92l6Li4sZP348mqZimhaWZYaddhmPp41du3bj9/uJjY09ZZsMnUs6vXv3QZYlDMOkrLSUkrIyrPBD92ILk0ibjzz0i4tLKC8vj7YDXddxOBz079+f7t2709jUSF5uLrW1daiahhW+r/r27cPevfvweDzR+1xRFMaNG0d1dTXFxcVhwacTG+umT5/epKdnUFNTTe6RXJpbWnA4HIwdO4bi4hKOHTtG166Z9O7dp101zNAx7969h5aWFpxOJ2PHjiUhIYGioiLy8/NPKkhzMQcOEhIS6Nu3DykpKZSXV4T6tLY2NFU9yfamaVFdXUVBQWFUjFiAIsuMHTOG+oZ6jh7Np1u3rqe0SVtbG7quk5iYSJ8+fUhJSaa8vILc3FyCwSATJkzA6XRiWRExLSPLEoFAkO3btxMMBunXry85OTk0NjZy4MABWlvbPhV7htZg/G+qk4Jds5gx3M/2PBuNrTKKEnrfZTe5akSAHUdt1DXLjOwdoGe6jmQdFwMNrTJFVSrDsgNIRAoiSciyhSxDeZ1CYozJkWMahZUqigyGKdEnUycp1mDHUTuSBKYpkRxnMravn215NuqaFXQDMpMNhvUKkhJncPiYxsFiDY9fQlNDxziyd4Be6ToS4PHLHCxRKa1VkSwJTbWYPsxPWa3CkTIttG8DxvUNkBJvsGqvA92QkM5BH0qfopdmWRZ9+/YhMzMz2kYrKyspKyujra0NVVU7PFfl8OKBoTZpUlJSQmZmBkeOHKGhoTEqLgzDoEuXLvTuncOOHTsZPHgQXq8v6iPouo7T6SAnZwDdunWjsbGR3Nxc6uvrsdlsjBkzGrc7toNgKi8vJy8v77zd+2ctTixC6nXGCIkx/UCzEU2CP1YL724wKa4KNcTTrgRvhX47bgBcM0biP5+EBY105hsm9LLQNJXUlOSog+TxeELOgWURF+tm6uTxxMfH0tjUzLr1m6lvaEDXdfbsO0j3bplk9ejOsMEDKSgoprWtjbi4WCZNGEu3rpkoshx9SPj9fvYfPMLefQcpKT3G3v0H6d+/D0nJiUwcN5q9+w5QW1dPbKybsaOHk5aWiq7rHDqSR1lZObpuoGlqh4f80cIiyssrmX7FZIYOHsiMK6dQXVPLlInjmDx+LEiwa+9+LMsiPm4EIv/9syVO7DYb9913L4qi0NbWhizL2Gw2ioqKWLjwPxw7dgxFUULftdu47777yM7O5le/+jX79++PjnqMGDGCr3zloZBgsSwk+Rb+/ve/k5ubx2233UppaRm5ubnttmXnyw98mSXvLyE3N4++ffvy0EMP0djQgG4YOJ1OWltb+fe/nyI3NxeAoUOH8IUvfIHEhAQCwSCaquLxenn55VfYunVrdNuWZXLNNbOZP38+zz33HO+88y42mw3DMKL7aWhowDRNYmJiyMvN499PPUVNTQ1jRo/mlltvoaqqKjoaI0kSS5Ys4eOPl190x729U5mZmcnXvvY12lpb+fH/+wktLcfDOh0OB7fffhuTJ08mGAhghm2+ceNGFixYCMCNN87n6quvjo6MORwO9u/bz1NPPYXvhOp/F9qpGzFiBPfe+0Wef/553n9/KTabLSpQ09PT+eY3H6Wuro5f/vIIHo+HjIwM7r33i/Tt2xe/348sK8iyxAcffMj7779PIBAgLS2Nr371q3z00Ue8/PIr0VHoHj2y+OIXv8ihQ4fxeDzcdtutFBeX8PLLL3PDDdfjcrnQNC3aJi3Loqamht279zBkyBDuvfeLp2yTkXvjnnvuprKyClmWiYmJYefOnTz33PNnFcp7PtF1nTGjR3PzLTdTWVmJoig4nU42bNjASy+9jN/vJycnh/vuu5euXbvi9/tRFAXDMFi0aDGrVq1C13X69+/H/fffz89//ovogEKkz/jSl+5n5cqVHD16FMuyGD5sKPdE7+MAqqriaWvjyX8/RWlpKV9+4AEWv/U2eXlHo7arqamN3nuBQICCgkJM0+TRRx8lO7sXnrY2YuPi+Oijj3n99dcv+j2q6zoTJ07kzjvvwOFwoOs6NpuNuro6Fi78D/v374/a/pZbb6aiohJJknC73Rw9epQnn/w3TU1NEJ7R+OIXv8CGjRvZt2//KW1SWFhEY2MjkydP5s47b8dud6AHg2g2G1VVVSxcuJBrrrmGtLTUaDv0er3ouk5rSyt7du9m1qxZzJ9/Ax6PB7vdTk1NDb///R+ifcv/PnfCOfsQpgVOu8XP725i/QE7P1qQQGRhh3i3xY9ua+YHLyRQ2WDn1ileZo/zUNegYFkgK5BfrrJ0m5OvXdcKFsQ4LOyaRWOrjKRYrNvnYHSfAIfLNL73XAKWBaoC37qxhUE9gtz061QaWiUChsR14708cm0L83+VimFJ3HlFGw/ObUWRLExDQrNZ5Jer/O71OA6W2lAki1uneJg91kdlnYJds1A1iwUfu3l+uRu3zeIndzaxaF0M+4ptSCZcM8rLr+5tZMFyN8t3hfN0ztZmFp+ajxYZIJ8xYwZTpkyhtrY2NPOjqASDQd58cxHr16/v8FxtaWkhEAwihwXGW2+9ze2338bmTZtZsHBhtA1JksTtt99Ot25d2bt3H7fccgvHjpWTm5uLZVnk5GRz772hPsfn80X76ueefY4DBw/yhS98AbfbTWtrK5IkYbNprF27niNHjpy32ZOzFycW2DWYOBhiTljTpLEFdudDm+/MIiNyQZ12GJAFThs0tnLKaTGXy8WUSePpnd0TOdwBx7pjuObqGSQlJuDz+Tl0+Cgery+UCJ/Vg/FjRmG329l34DAbt2ynrc2LaZp8+PEKJo4bTVJSAlMmjeeTVetoam4m1h3D/LmzmTZlEppNjU7NNjU2seDlN8g7WkBzSwubt+1g9qzppKWmMGbUcF5b9A41tXW4XTGMGjGU2Fg3jQ2NrN2wmeaWFuQTjCEhUVNbx3tLP6Jb10xGDBvMrBnTaGhoZN6cWWSkd6GwuIQlH3zMyGFDEOkmn0EkCVVRWPL+UpYuDTmBWVlZfOlL9/PVrz7Cb37zW9ra2jAMg8GDB9O1a1daWlqYNGlidNTaZrMxf/4NHD16lH/9819oNhujRo2ktrYu2hmdKVcpNHoX4O9P/IPi4mLS0lL5wQ9+wKxZszhy5Ahdu3blq1/9KuXl5TzxxBPU1tYRFxfL3XffzSOPPEx9fT15eXnIskxSUhIjR46krq6OiRMnsHz5JwQCgQ77eeKJJygqKmbw4EF85zvfYcqUybz++htIskRDQwO/+MUvow/o2bOv5p577sHv97NixcpThlBdWHFiMn78eCQk4hMSGDlyJCtWrMBms2FZFvPnz2fmzJksXLiQDRs2RsVdUlIShmFw1VVXcdNNN7F48WKWL/+EYDBI3759ycnJvkQiwkNHMWfOHLZu3UZdXV3U4b3mmtmkpaVRXV19XOh++QEyMjL5+9+fIC8vD03TmDXrKm677RZaW1v48MNl0QGZuddeS2FhEevXrz+lwyVJEm1tbfz8578gGAwyZcpk7rzzTv7yl79SVlaGaZqkpKTw9a9/7bRtcv/+/ciyTFubh1//+je0trYwZsxYHnroQfbu3cfq1aujwuuidQHhNv/LX/4Sj8fLtGlTueeeezhw4CD79+/nkUcewTRNfve733Ps2DGcDgc33nQjX/rS/TQ1NrJx06azcnRM0zx+H1eU88QTf6e2tpaEhEQmTZrUqVCL2O5Xv/p1Bwe5ubmZOXOuoW+f3vzyV7+itLSMQYMGXhLPKF3X6devH4888hV27drNK6+8SktLC6kpKdx3/3187Wtf5ec//wXFxcVIskR9fQO//OWvaG1tY+CA/nzv+99j4sQJLFnyPmq7GeFIH3oqm7S2tjJgwAAefvgr7N69m5dffoWW5mbSuqQxduxYmptb+P3vfw9ATk4O3/72t3j55ZfZsmVreFBK47rr5rFs2Ue88/bbpKalMmDAwE+tKqeM9F/NnMjh+1E3JGaO93KgxMaLy92oSkiYhYuwIssSqmqRV2rja08mEdQlZCkUUhXUJdYfcOALSDw8t4W5Y7zc838peHwSnoDEd+Y3M3esl6RYi5pGhe5dgozIDuCIMZnQ38+7m13EOCymDvKxv1jjWJ3GVSO8fP/2Zt5e7+LZZbG0+SX6ZAT58V1N/PqLTXzpbyk0tkqoKuSWanz1X0nohsQ3b2jmwdmtfLjDRatXijqbAV3myiE+fvHFRpZtd/HMslgk+Sx92HbqLxTW9emJc0VRKCws4o9//COBQICYmBhuuulGHv7KQ7S1tbF58+boc/Vvf/t7dIYULNraPPTu3ZuJkyby7nvv0dLSgmVZdO3alREjhrN48WJaW0OVaiN9REJCAo888giWafH73/+e0tIyYmJimDJlMn6/HwilIqxYsYJFixZjs9mQJAgG9fMa1iWfwzUgYMDefPD56bCeSXIc9Osu4bCFk9/PYmNtXtieC63e01/XpIR4HrjvLn7w3a/z/W89wve//VW++fUHmTVjGna7nYqqKlav20hTY9PxGYzUZADi4mK567ab+MG3v8o3HvkykyeMxW63oaoqQwcPpEf3ruFpMougrmOdIjZTkiW8Xh979oVCuwC6d82kf78+xLrd9MzqRp+cbBRZpryikp2799Hm9Z7cKUhg6AZ5+YUs+eAjWlpaGdCvD1+461ZGDh9KIBhk7YbNbNuxG5/Pf5K4EXx2CAQCtLW14fF42LNnD08//QxZWVlMnDghGmIwZcpkioqK+PDDZYwePZqUlBQMwwiNtjocEE51rK2tZdmyj6ipqYl2OoZh4Pf7O7zah4VFHr7Nzc3U19dz7Fg5DQ2N2GwahmEwefIkbDYbTz31NAUFRfh8PsrLK3jqqadpbW1l5syZyHIopnr06FE4HA5efHEBaWldGDhwYId4WMsKdZrNzc3s27ef1tZWXK6Y6MPfNE3a2tpoa2ujoaGBV155lW3btnP99aFR9ItdFMKyLNzuGCZPnsSqVavYvn07U6dOwW63YxgGCQkJTJ9+JR9//DHvv780ei7r12/g3Xffw+FwMG/eXLZs2cKbby6iqakJr9fLrl27eOONRRd9ND8kDmQaGxvRNI05c+ZgmibBYJDevXszfvx4ioqKkGUZXdcZOXIk/fv358UXX2Tbtm14vV6ampp444032bp1O/PmzcPlcgEWHo+Ho/n53HffvWRnZxPspEBIdMFZy6KtrY3W1lZ8Ph+WZeH1emltbQ0L9DO3yVB40/FtNTQ0smPHDvx+P/HxsZfM/R9q8x5aWlpYvXoNfr+PlJQUxo0dS0ZGOs8++wyHDh3C5/NRW1fHiy8uID8/n7nz5mK3208dhtzOnrquM2nSRGz2iM0K8fn8lJeX89prr1FQUBAVoCceW0NDA/X19dTX19Pc3IJpmtjtjmiYndfrZfPmLezcufOi54fJssysWVfR0NDIM888Q0VFBT6fj/yCAp5++mkcTgeTJk2M9kmGYdDY2EhDQwOFRUXR2an2ZjizTUKhq1ddNZPGxnb79fspKirm1Vdfo6qqCr/fT2trK16vF8uy8Pl8tLa2hmfNFTRNQ1FkdMOgsLCYZcuWfXr9gRwOT4pMBZzlS5JDgsavQ36xxiNzW5gy2I9fl6P3F4S+B6Ecj5omhepGleomhTafjG5KNHsVmjwK/oCMaUGLV6HJq+ANKGzNdeCwW4zuE8AblJk6OIA3IJFXrDFtiB9FkUiNNxnQQ2ftficgcf+sVvbla/xhUTxVTQoev8zWPAe/fTWBnhk614z2EjRC67XrBjR7FMrrVbbn2lFVizhXqN6pZYEvKDOge5Bf39fA9lw7v3szHsuSUORztNV5WiDbMIyof1BdXc1zzz1PfkEB1193XYf7v6mp6aT7dP369bjdbkaNGomu6+GBtXEYhsGWLVs63POR0MP09HSeefZZDhw4iM/no66ujkWLFrN33z5UNSRAvF4vdXV14f01RAcgzxfq2T+8IBCEdzdaDOklMX0kaFpowC0tCW6eKpF3zGJ/YUigSKcRJsEAbDsCa/daZ5xtsdls9M7uedL7Ho+X7Tv3sGz5Srbt2IU/ECAzM50J40bjdscARBdE7FT0JCUybcoEjuTl09zSwjtLlrF7734URT0prMvnC4VcNDU1s2fvQQYN6EdyciITxo7i0OE8Ro0cTpe0VLw+H1t37KKmti5U1qwTVSnLMi0trXz8yRqmTp7AtMnj6d+3N4ZhsG3Hbt59fxlNTc2XbEKw4NNyBo8nwtrtdkpKSqivrycjIwPLskhLS2P48OFhh28rc+dey5gxo1m69AO8Xi+frFjBF7/4Rf7wh9+zceMm1q9fT3FxcbRjy8nJ5q677kSS5Ohsi91h7+AIKorCnDlzaGxsoGfPniQlJbJw4QI0TaN37z7kFxRQW1uLzaZFEzibm5vZs2cv/fv3CzsrQaZMmcL+/ftZv349V101kylTJrNz585wgmjoXLt27YrT6WTq1ClomsrBgwc6jLq0T/rz+/0cPHiAoUOHEBcXS1WV97yO0JyJYFBn9OhRJCYmsnrNalJSUvnG179Or549OXDwIFlZWaiqGh21j9y7sixjGAbx8fG43W4OHjyIYRihRWHDn19K7bGpqYlVq1Zx4403snbtWgoKCrhx/g2UlJSQn5/PiBEjME2TzMxMfD4fhw4dxG63R8/D7/dz6OBBhg4dQmxsbHhkzuKVV17hnnvu4ctffoBf/OKXJ4nkE/vH9snhkYe/0+mkd+/eZ2yTkfh+WZbp0aMHPXr0YPbsqwkEAuzdu++itqMT7e10OgG48sorsNnsVFRUMGjQQOrq6igtLQuPUIYSr0ODGHuZPfvqqHNyevFj4XA46N07h4KozWzRRNdI2EZnwsZut3PrLbcQCASQFZkd23dw+MgRduzYwZVXXsFPH/8J23fsYMOGjezevTuaQHuxRF6kbezatZvm5pZouLfNZqOmppbiomKys7Ox2+2YRii09Oabb8YwDIYNG0pJSQlr167rEIJ9Jpts27ad0tJSevfuze7de2hqao7u98RE4RPbcyRhvrm5mW3btnHDDTcwdMhQNmzcwPr1G2hu/pSe/5KEJMvI55gQb4ZnRRQZFn4Sy+xRHn5yZyMFf0lFN+TojHgoh0wmPTnAt25oxrQkgjos2uCmsVVGVUCVpWgOsqpIqEpou7sL7LR6JEbmBPhop4vpQ72s2O2kqFrj4TlNJLpNxvXzI8sWmw47iHNZ9EzT+c/KWLx+BZcjMqsFR47ZqG+S6ZFqoMgSliXjtBsMzAqSEmtwz8xWDpdplNWq2NTQrM7kwT5mj/VQ06jyk4VJBHWZyAT9ubTkkNw5P5nB7ftCj8fD7t17mHPNNaF2HE56nzv32tCgkqqxZ+8e9u07QGFhIbm5eUyePIU1a9Zis9mYNGkSO3bspKqqGofDET16WZZJT0+nvr6ekpIS7HZ7tK3abLZoH6HrOkPDIbWaptHU1MSKFSujxUwuqjiJXLTSGli83qRfD5meGaH3NQ3G9IcbJkmUVlvUNYeqIZyK8jpYstGkvPbM+2xqbuGjT1bR2NgcmkmwLHz+AHX1DezZd4B9Bw7R2tqG3W6PJsIrisKx8goqKqvDoyVS9GLY7Xb65PQiLtbNtMkTeevdDzhaUMSK1etOWVUj0qG0tLaxccs2rp55Bd26ZTJ86GD69s5m7OjhuN0x1NTWs2nLTlpaWpFOFb4Q/resvIK33/uA/n17k5mRTmNTM++8/yF79h0gxuUSuSafQ0LFFUJJvWPGjEGWZQ4fPozf5+PQoUNMmTIl2iF88skKKisrmTBhAjNnzmDatKn8+c9/IT8/H8uycDqdpKenR0e6olW0rMgDN9S2k5OTcDgcxMfHoygKXbt2paioGIfDTksnawGZponP54smH+fk5JCVlcUnn3yCZVns3LmT6667jvT0dEpLS6PJ+PfcczdutxuPx8MTT/yD/fsPdFqBrP3IUcgx0y76dVFVhUmTJlFeXk5DQwNtbR7aPG1MnDSR/QcORDv7QKDzcAxN08JJhwaXcslJVVVZt24948eP57rr5rFu3XqGDBnC7373e/r26xs9t0iejdnJNLlhGuFzVkPVdBSZxsYmnn3mWR7/6ePcffddbN++45xnw2RZPqs2GXKYQo75ww9/haSkJKqqKvnzn/9McXHJJREiaJomiYmJ/L//9yNUVcPtdrN8+XL27N7NmDGjo7NLnd0T51J1LDTw4cDj8Zy1vSMhzZldu2IYOrKscPjwYWRZpqysjN/97vdMnDSRCePH8+1vf4t33nmHN99cFH1WXiyhp2kagYD/pDZpWRaBQCDqdFmEBmXS0kIVfex2B5qmkpGRTmNjI3In4rUzmxw8eCi6X7/ff87tOVIc4rnnnufA/gOMHTeWO++8k3HjxvHnP/+Fpqam/1mgRMKzpHO2Z6ibkiXwBmR+/UYSC79TzY9va+BPixOj0TFSeO01h92id6aOBfgDocT0SKRTKLG8/UBDaLtNHoWNh5xMHOBnUI8gOZlBFqyM5WiFja/Pa2LqYD/DegUoqdYortZwOULJ9IZFeGbHivpTkRA0m2ohyxK6Cd3Tg/zx/npSknS2HnTyq9cS8QdlnLZQ4RKX3UKRLWJdJkmxFq2+49s85/Z3wfoNIyoKLYuosIiNjcNm0ygoLITwIuXr1q3l/vvvp3v3biQlJZOSksILL7x40oBEJOf15MpfJ98DcfHx9OjRA1XVcDprzvv9rp5ro/UHYNuh0CrwtydIuJyACTFOmD1GYtthixW7wB+kYzxquMF7fLBub2jmxBc4c6heQ0Mjz77wCkcLCtFUFcsy8QcCBALBDqNEsW43E8aPJiU5iZbWNt55fxkbNm6JznpEHgpJSYncdfvNTJs8nh7duzFsyEDKyyvx+jpPSG0/4uHz+zl0JI/SY+V07ZpBv769+cJdtzJ86CAkSaLsWDn5BUXRaVnrNB2T1+dj05YdbN62k1nTp7Jj117WbdxKm8eL2+0WnvrnBMuyCAZ1UlNTSUxMpKamGpvNxvjx47HZbDz66DcwzVBYUWxsLH369GHfvn0A7Ny5i127drN06Qf89KePM2LECHJzc1FVlYMHD/Hkk09GR0jdbjeDBw2KTsXLciiB7rXXXqewsAhVVfjCF77AXXfdxaZNm8nPz2fcuPE4nU5aWlqi23E4HAwcOICSklJ8Ph8TJkxA02xcf/31zJs3D7vdjsvlYsyY0RQWFkZDv/7+9ycYOHAA8+fPR9c7lkpsb4tIYYuuXbsSCARoamq6qCFPhmHQNTOTQYMGoes6jz/+OJIk4XK5GDlyJElJSRQWFiJJEr169WTHjh3REqOGYaDrOg0NDQSDQbp374ZlmdGZ2Ug5yIhTfbGR5VC4zuLFb/GNr3+Nvn37snvPXvbs3cugwYOifVdDQz1OR0j8RvJNImEGXbt2C1+35mh1F03TOJx7hBdffJH7778ft9vd6fU/nSPn8/koLCxkzJixp2yTpaWl4RAdGY8nlHMyd+61jB8/nkAgcMmsGSVJEl6vl1Wr1tDS0kxxUTElpaX4/H5qamqYOHEisbGxVFVVoapqVOD37NmT+vr6sHg5vg5W+9fxaxmyWVFRMWPHjsHlctHc3Bzd3qmcEVmW8fl8PPnkkx3yK1RVRdd1ysrKeOP1N1jy3hK+/OUHmH7llXzwwYfhypTSRbGl3++nrKyMAQMGhJPhg9FZy5iYGHr06MGGDRui4VstLS0888yzeDwe3G43jz32Q+bPv4G8vD+1KwesnNYmkZnnY8eOMXBgaL+RkswR+56pLLBlhcIeV6xcyeo1axg1ahTf+tY3GTx4cHjE+3+cPZEi4kQ+R5sej2axaVBSo/Gr1xL54wO1PDC7OezXhcL7VAVKKzV+8EIKQf14Mrkqh/cvS1EfLzrQK4XKEW/NczBlsJcvXd1Mq09hT5EDj0/mUImNeePayMkI8s6mGDwBBbvNpK5Zpm9mEFUB05KRpVD4VkqyTkq8QWWjimGFxFF+mcaPF6Twi3vqiHOZtPnlcBgW2FWLlXucvL/VzTOPVvGLe+r55lOpNHvlUHnhc5QbUlTRnR//IHL/Z2X1pD78LJFlmWAwyMKF/6GoqCg6UxcZNNy5Yye33HwzU6dOIyEhnrKyMo4cOXLC4EzIB6itrSE5eRLx8fFUVFRE+/NIyfDIdteuXcurr74Wnbk93+XZ/6vWX9ME7220yDsG7WcMu6bCjVNkMpOPV9eKVu8KvyrqYMkm87QLMLYXBRah2OGWlhaaW1poaW2LCpPjsxoSaWkpjBs9EqfTSWVlNcs+XsXqdZvYuGV7h9ea9ZtYvXY9LS2tJCclMPuq6SQkxEcdhhNfnYmljVu209LSSlysmxlXTCY5KRGPx8PWHbuorqntdETxxG1KQHVNLW+9s5T1m7bx7tJllJdXhiovEQlplP6rkQ/BpU+k5jhAUmICd999F4FAgM2btzB48GB6dO/Oa6+9xosvLuDll1/m2Wefo7GxgUmTJuJ0OrniimmkpKRE80aCwSB6uxHXs2nLkeOI5FpFypFKksS2bduIi4vl5ptvCofKhGYd5869lqysLNasWUNcXBzjx49j9erVPPfc87z00ss89dTToZyMKVOJiTmeV+L1ennvvSUcOHCAhx56kPT09A4OUsQpUBQlPBs0k7Vr135qZTX/e3ESSoQHeP755/nPf15i4cKFvPDCiyQkJDBmzGgqKio4sH8/1157LUOGDInm/KSnpzNjxnT8fj+bN29mxoyZjB07Nnq+CQkJXHXVzEsir6b9LM/u3bvZs3cf8fHxvPvuu+F1WY7PruzcuYuGxgbuvutO0tLSog7cuHHjmDFjOuvXrz/JWbVpNtasWcvq1auZMmVy9AF4Lk7omdrkurXrOiQTt7a28sorr1JTU82DDz5IbGzsaUPKLqRD7fF4+Oijj/jkkxUUhcMxbTYbO3bswDAM7rrrTuLi4oBQmNCVV17JuHFjWbVqVbR08EmOTCf72rFjBwnx8dx8y824XM5oztr48ePp3bv3KUVi+7VkIq/hw4cxaNAgZFnB6/XS1tZGIBi8qGFdkcpZa9asJScnhzlzZoeLVISK6dx66y3EuFxs3749Wta/vdMX2oaMYVhRhyw5OZnYOPdJdm5vC8sKjVCvX78hvN850RFom83G1KlTyMzMPGV7M02TtLQ0Jk+eRExMDLqu09LSgq7r+HzeT8nXlTt9DpztK+KoOGyw/qCLZz9M4JrxbeHcjY4zZRZS9GVaJ+ZjSCf5NDZNYlueg0BQYupIDxsPOWjxKgQMmTUHXIzs7yPWabIl14mmSrR6Zd7ZHMv0kR6uH+cJzc4gkRJn8ugNjfiCEmv3u7CroX1ZlkR5vcbvFyXRMz3Id+Y3IksyVtjltakS+ZU2fvqfFHplBvjRbQ1oakj0dPC9zvZ1HkRJaM2R0PID06dPZ/z4saxYsQKPx9tuwN06qV3KskxjUxMbNm5kxvQrGTt2LGvWrMHbSR60oqjs2rUL0zS54447iI+Pi/YJI0eOZMiQIdE2HBk8jOznfPel6rl3BiG1erAY3ttgkdVFIiEuNHti02DCIPjGjVJIfITLOixeF+46rVDZ4T35oSSqzgYVIjWXKyuriY1xU1lZHQ7x6FylWVZoCr9v72xsmkZRcSkr16ynsKgk2hF3HBn0sW3HHvbsP0jfPjkkJyeRkBBPZVX1WY0strS2sW7DZq6YMpGumemYhoksS1RW1bB+wxZaWltPSmTXdYPKympM06S2vh7TNJHDnerW7bvw+vzkF4ZnXMIhE83NrRwrr8Tj8dDU0oppWkKkfAaQAEVVueKKaWRlZREXF0tWVhYS8PTTT1NRUcFdd91JQ2MDy5d/gtfrRZZlAoFA+CF4DevXb2D+/PncdNNNHDhwgD59+oSS3bZuQdM0bDZbdDS+/ctut6MoauhRIoVKW95xx+20tLSQmZFBz549eW/JklDuwKHDvPbaa9xyyy0MHz6c0tJS0tPTSUtL4733lrB582bmzZtLXFwsH374IQUFBahqqOShpmn88Ic/YPjwYZhmyIGMfLZgwUJ++tPHefDBL/Ob3/wWCYnk5GQefPBBLMskvUs6Xbt1ZdvWbbz99jvRB8XFEpDx8XHMmDmD7du3s3HjpuhIqCLLXHHFNGbOvIq1a9fx8iuv8rWvfZUf/egxDh8OlcgdMCA0mr9ly1YWL36L9PR0vvOdb5Obm0tDfQN9+/WltaWV/fv3X7SR5+MPKSWak2BZFi+99BIff/wxhYWFqKqCqqrYbDZkWaauro5nn32Ohx56kF//+lcUFBQQExNDr1692LNnD++88260L4+E00Rer732Ot27d6d3794dYptPDPGL5GJFvqOqKgcOHDxtm9y6fRuqqqIoSrTN1dfX8/zzL/D4449z771f5Kmnnr6oznTkXBwOR9SZjbYpRaG4uITnn3+B++67l9//7rcUFhWRlJREt27dWb16NZ98siI6Ih8TE8O9936R1tY2VFWhsqKS95YswWYLFX2J5EG9uWgx8+ffwNAhQ8jPzyctLY2uXbvyzDPPUllZGe4XlKhjEx8Xx4MPPhgeoQ3NfC5atJixY8cyefJkduzYic2mMXjwYF577bXo+gsX055btmyhV6+e3HzzzUyZPJnKqmp69OhOXFwcL7/yKocOHUZVFRRZISUlhQce+BKWZdGrVy8SExN57bXXGDVqFGPHjqVv3z40NTWzbdv2aDjsyTbRWbRoERs2bKBPn97ccsvNTJw4gZKSErp3705iYiL/+Mc/KSsr63AvtF93onv3bjz00IOUlJRSVlbGqFGjyMvLY//+A9Ek5P9RmoQd53Nv65IEDpuFIocWctRUi5fXxNO/e4Bpo1pDi2wTyh/J6RbgV3fXhcK9ZKhvVvjXBwn4g6HpE021cNissOCSwgsjWtS1aBwqtTM+VWfzkVDSu02FTYedPBqUqGlSyDtmR1NCv3tzfRw5mUF+dHsdt09rpqZJoX+3IKrN5A+LksmvDCW+29RQ6WKHHQ6WOPj7O4l8/446DpXa+XBHDA6bFT4m2JHv4Jcvp/Kbe6v5VovCX99LxAoLlLN/pn+6fYksy/Tq1ZOHH/4KkiTTtWsmXdLS+Pjj5eH7X47e/3fffWe72TxYtuxD8vJCa5ds3LiJa6+9lra2NrZt297BF470uaqqUFBQyH/+8x++cM89/Pa3vyU3N5e4uDiys7NZtGgRhYWhYiiTJk2iS5d0FEVGVTX27dvHihUrzltRACU2scvP/puG6w9CXQv0zpDISgvnflvgssOQbImJgyUmDpPITIBfvWTx7nqLzQdhXxH49VMnwUuShGmZ1NXVs33nbjZu2c6RvPzTltdTVQW73UZBYRHrNm5h1ZoNVFXXnLRGgiRJWKZJc2sbFZVV7N6zn+07d1NQWIzH6z0rx9KyTDxeL5VV1WzbsZv1m7ayccs21m/cwvZduzuMtkTiIQ3TjH5/2449FJeUoYfjh/3BIKVlx2hrazs+RQi0trVx6HAem7buYO++gzQ0Nl4yo6uC/02c+P1+amtrCQT8NDY2sWfPXl5//Q0OHz6My+UiISGRtWvXcuxYOZqmRRMoa2pq8Pm8FBQUROudx8TEUFBQwOuvv0FpaSmKoqDrOvn5+VRWVnYISwwEAhw+fJj6+nokSaKxsSk0+hkIUF1dzdIPPmDNmrXR7x85coTDhw/h9weQJCgqLOLd995l5cqV4RLCyRw+fJh9+/ZFH+IRh9Dr9VJdXUN1dTVNTY0cPnwkOjpYUFCApmlUV1XR2tpKfUM9Ho8Hr9dD2bEyPvroI5aE18q4mEnjoSpdbkzTZO3adeFk25Dza5gm1dXVBINBioqKqK2tZceO7TQ2Noaqwfh8bN26lTffXITP58Pn87F9+3Zqa0Mzq8FAgD179vD6629QX19/Uc8z0kaqq6ujOUuh61cdXXfGsqCqqjoawlZeXs6uXbtoC89sVVfXsHLlSt566+1onfzQ7EVbdEG6iMjOyztKQ0MjeXl54TVfTm6voVnqBnJzc6Nhsmdqk5HcwNC51ETX66mrq6O4uARN1SgtLb2o1dEi+62srOTo0aMnCSVZliksLGTv3n14faGRzmPHyvnwww9ZunRpdMAtsqBvQ0MDra0tNDe30NjQQEFBAT6fn9zcXOrqQqXFDx06RF7e0eh6NGVlpbz11tvs3r0bVVUJBAMcPnyEhoYGZFmitq6etrZWPB4vHo+HtrY2Cgry2bZtO7W1dbhcTrxeH0uXLmXDhg0XvbBDRFDv27eP/PyQr2CaFrm5uSxatDhaoSgSjlVXXxe+J/0UFRXxxhtvcvDgQTIzMujWrSt5eUd54403o2tOgdWpTQoLC2hrCxUqKCoqjvoo+UfzefPNRSeF0bS1tXHkyBFaWlpRVZWKioroOhF2u52dO3fy5puL8Hg8/5VNDST6ykHm20Ij35844ilWY1CJJG2f5X/he80XlNhb6KTZo6DIEoYpsafQQXOLyt4iJ20+GdOUKG9Q8fgUWsOvpjaZAyUOjHDolQSU1mocKHFiWcf3YZgSdS0q5VUay3e7sSwZRQaPX6HFo7BqXwxHK+zIshRax8OQWH/ARUGFDd2QCeoyO446+PfSJLbkurBpofM0zdCsSO4xO4oscbTSRn2jiqpAfoUdr19mT5GDygYNmyZRUGmjqMqGy25RUGnDH5SRpbOzFUgowFW+OjJNnRITFut2TP6bXB8pOphdW1sbbmttFBUVsWTJEpYv/yQ6gBC5/5ubm/F6Q23S4/FQUlJCY2MjqqrS2tpKc3ML27dvIy/vaIcwrPY+gizL5OcXcPBgqDqgLCtUVlawdOkH0fs74rP4/T7a2jz4fF6qqqo4dqz8pFm0T+2+zsgeav13D+7QuiezxsCP7gwnx5+YY6JAQSl84bcWR0otVIVwXeizGbWMLPsjnVVJ3Y7TtGdWctHvS6GGf+6jqtZJJ3yq47QAK/z9s1WZ53o+gssDCwj4/dEV0SPXt32Fl4gTcWL1mEh51/YxoZHk5MiIMRB1vk4cjY7EXEcWcjwx7jwiLtq3tVApQiO6H0VRog/cyCrvJ64bEUlCjWwrGAxGR+XbbzOyUOOJFT86O46LKVAi53JipafIeUSqb0WuT/vjbp9PEsovCnbYdkR8Xmwi1yFyLiei6zqmaXa41pHfRB6WnZ1vIBDocO3b/y7yfmft9cTvdGb3ztrkqc4lGA4/6mx7F5oT283prkfkHE+8JyKft29LsiyHE8MDJ9nkdDbz+/3RmRZd1zsdCIxc92AwGM6EtjrtYy42Z2obkX6v/flF7u1QjH1oALJ9f2wYxiltEhFGkfujs/64/b1w4v0eOV5FkTEM83/qD/xIzFU8LIgJlXh9LL4Haxyp2Czzv3pO+QKhmQxFPu7nGCYE9FDyuSKH/l83Ojp1EuGZksi9Z0joBh3eo8NnEg7NjD4PI/uW5VB+yIl+Z8CQQsVQ5dDxaAooyvFtB3QJM7zKvRTenj8Y+tSuWfgCEqoCmmIdfybroW3aNeuc1jmxABWT3zfkMjroZV0Q7vTGof8P8ynBYDBaEKb9zHZkoKiz+//Etnz8mR8axDnxGd1Zn3umPqL9YH8kBPt83v//9VxsZPakQ3K8i9Cq8VJHjRL5/rk8E2Q5FL8onfXxnJsDL0XqVP/XU2+h4zvxPE81Wi6d5/MRXD4zJ6dzSjjN55FQl/YdVmecapG5yG8jHcvZlFWNOC2dcaqOKRLCcKrzab/N023/krheJ5zL6Wxz4vXpbFsXewHAU3Gm9tDZNTrTb05luxN/15lNTrftM7WZzn57KTnRZ9Pmz2Tb033emc1Pt89z6Rcu1fZ7trY93eenev9s2vmZ2tep7oWOfeGn3nn992FdhKJgTvRuVCX0irxn10IOfedbCLcZNfTqzEsKfdYxCf1U+474kY7jRSc79cDsWsf3JEKLfUfeO3HbEuDQzsaTO421PkVfTdO0M7ans31+2+22s76Pz6aPuKD38v+6gUhy/Ki+EsN60zHF/n+8ZufbNZcu8O+F1BAIBAKBQHABhlb+a3Fy6Z/ZJWVl4dtdauIkkhx/oAj+9a5FTteO65vIEtQ1Q0OrhVhTUCAQCAQCgeD8I0tSNO9VcB7FiSXse8mJEwhV3GrzhVaO5xSze7LEOcXxCQQCgUAgEAj+S6dZAkmWkSI5JyfGQom///e/o9UkhYN7yYmT4yodLImTBYq4ZgKBQCAQCAQXUJ2csEK8dAbfTPz9X/0tXNxLXJxEL5K4UgKBQCAQCAQXnvCIviEpBCVFhHWdZ1ObloGI7LrExYlAIBAIBAKB4CIRdpQH+ZvDTp5YH+18ihMFi0QzGDa8sLUQJwKBQCAQCASCkxTK3S3V0FItTHEBbS4mUD5FcWKYwggCgUAgEAgElysGYEgQNK3QwtKWcJYvFJGwLt0MLQxpIDIc/mdxkhQrjCAQCAQCgUBwuWICxZKN76kymV3TkWUltKS64IIgyxL59S3E1/uEMvkUkBrXDhetVyAQCAQCgeByFigWBCUJVVGRJJEBceEvgIlsGIgaBP87aryYOREIBAKBQCD4DGABQaFMLobdhSr59MQJIudEIBAIBAKBQCD4LxFTVZ8msjCBQCAQCAQCgUAguBRQEVMnAoFAIBAIBAKB4FIQJ6YUJ6wgEAgEAoFAIBAILjpSackRESUnEAgEAoFAIBAILjpi5kQgEAgEAoFAIBBcGuJE5JwIBAKBQCAQCASCSwFRrUsgEAgEAoFAIBAIcSIQCAQCgUAgEAgEQpwIBAKBQCAQCAQCIU4EAoFAIBAIBAKBQIgTgUAgEAgEAoFAIMSJQCAQCAQCgUAgEAhxIhAIBAKBQCAQCIQ4EQgEAoFAIBAIBAIhTgQCgUAgEAgEAoEQJwKBQCAQCAQCgUAgxIlAIBAIBAKBQCAQ4kQgEAgEAoFAIBAIhDgRCAQCgUAgEAgEQpwIBAKBQCAQCAQCgRAnAoFAIBAIBAKBQIgTgUAgEAgEAoFAIBDiRCAQCAQCgUAgEAhxIhAIBAKBQCAQCARCnAgEAoFAIBAIBILPFOrleNCSJCEhAWBZVvi90Gdm+G+BQCAQCAQCgUBwmYkTOeLVXx6qBNMy8ehegqYOgE3WUGQFwzCQJQm7akOVFU48K9MC0zJBaJfPJJZlIUkSSOf+O9O0UBSZc/6xQCAQCAQCgeDTdfe9Pt9l4a7LSDQHWllRuo51x7ZS528k1ZHE9O6TsTB5/cgSPLqP67PmMTJ5NHbZhhVWIrIsE+fUSIpxhhxYwWdOmLS0tBAXFxedUTtbmpubOVZZxcB+fVFVRRhTIBAIBAKB4CJyWcycSEhYWOytPcTqY5uZ0X0SfRNzaAq0EDACrCnbzI7avdS1etl70I2tpRzJsgEWlmURY9eYPqgHP7t+Ek5NEaFfnzVxQmjOQ5akcxafkhQSN7IsIcsiBUsgEAgEAoHgooqTy+EgJUnCE/SyqmwD/RKzmZw5FsMy+LBoFYfq89hXexiv7iVOTqGhJp4kRcammiGnVYJGj58lu/L54TXjcNnUDqFdsixjWVY0d6U97T870XE98TdS2DE2TbPT4z/VZ4LPL6ZpnrLtCQQCgUAgEAhxcgnjNwLkNRYxK2sqSPBx8VrKWsrpHd+TOl8DpmTQJ2EkJQ3deXzudHp3iUc3LVRZIq+qgZ++vZGg0VEcmJZFa0srMa6Tw70kSaKlpRW73YaqqrS2tqHrOhYgyxJOhwOn04muB7Es8Pn9GLpBTIzrJNGi6zo+nx+XS4SVfd4xTJOG+kaaWlrw+/0YholhGMcrOggEAoFAIBAIcXJpIwGGZdAYaCbBHk95axUvHXqLwuZSYrUYAkYQl82BIivYNIXs1AT6ZiZhGiayImOYFo4T8gkURaG2uobv/eSX3HTdtdx43RwCgQAAmqaxa+9+/vi3f/H1h+5nzMjh/P4v/6CwpAyn04EkScTFuZl79UyumDwRTVN5d+lHvLN0Gb/56WN075qJruvR/Tyz4CV27T3A//36p7icTjGDchlhWRaBQBDd0KNJ96qiYrNp5yw06+oaqKiqQtM0EhLiSe+Sik2zCV0iEAgEAoFAcDmJEwBZknGpDur9jSTbE0lyJnKkIZ9SXxPJzkTm9prBwJgJLCw+RtDQMQ0T3TBRAd00Oy3SZVkWLa1tLH5vKZPGjSYlJRnTNAkEAry++F2qa+rQDQPLsmhqbuGaq65k/rxraG1tY9PWHTz57EL8/gDXXj0TXdcpKill8btLefThB0LGVVVyj+bzwcerSEyIF+E7lxnNzS0cLSwiL7+Amtp6AoEAmqbRJS2F3tm96N2rJ3FxsWe1rdKychqamsjq1pX4+DhhXIFAIBAIBILLVZxYgFOxMzxlEHtqDnFd9lV8fdi9qJLMumNb6Z3Yi9v7XkegLQ5FrjjrasGWZZEQH0dcrJvF7y3l4QfuRVEUPlm9jmMVlfTM6t5uHRUJl9NJXGwsMS4XN11/LR6PhzffeZ+rrpyKBQwZ2J+de/ax/+Bhhg4eiGHovP7WErplpodG2YU2uSywLIuGxkZ27tlHVU0d3TIzGD96FDa7DY/HQ2V1NYfzjlLf0MDIYUNITEg45SyKZUHZsQraPB769+2NTdOEgQUCgUAgEAhOwWVRnsi0TByqg2ndx1PYVMyemoNkxHThiq4T6ZuYzZi0YciSxIG6I3iCPs62ApllWdg0jTtuvoH1m7dztKAIj9fLonfe57prZpGanNQhBCsiVAzDwDJNRg4fgtfrpb6xEcs06Z3di6kTx/HKonewLIvtu/ZSWFzCTdfNBSQxc3KZ0NLSys7d+wgGdSaNG8XYkcPJ6tGNjC5pZPfMYtSwoUwcO5pgUGfnnv20tLSecls1tXU0NDaS3StLCBOBQCAQCASCz4I4gdDMxeCk/oxPH8nqsk28X/gJNkVjdNpQUhyJfFi8mncKPqYl0HpOa10EdZ3BA/ozesRQ3njrPd7/cDmKonDVlVOjeSNnLaIMkxvnzaG6uoaPV6xm0btLuXr6NLplpp/ztgQXSwhbHC0soqaungH9+pDVvTtOp6NDO3Q4HGR178aAfn2oqqmlsKSUYCfX1zAMqmtqyOrRVQgTgUAgEAgEgs+SOLEsi1hbDFf1mMqNva/Bp/vZULGdIw35bK/eiwRc3XMaiY54zHOMn7Isi9tuvI79h4/w0htvcfuN1+F2x5y0HkokdEdRFCRZZsfufTidTpISEjBMC900SElJ5ro5s/j7U8/T3NzCtbNnohuGaGmXCcFAkKP5hfTo1pX0tLRThmtJkkRaaipdM7pQWFyM1+M96Tt19Q2omnbWeSkCgUAgEAgEn3fUy+2AY+1uRnUZSk58Fq1BD4ZpIMsySc44ymoCvKdsCqkuSYq+TldVyTRNdEOna2YGN193LflFxYwbM5JgMIhpHl+DwrIsPF4vzS0tNDe3sGnrDt5ZuowHvnAHNpsN0wwlzpumyVVXTmX33gNMmTSOuNhYDMMUFbouE3Rdp6qmlpEjhmK32077XafDTtfMDAqKivAF/MTRUYS0tLaRGB9/zqvWCwQCgUAgEAhxcplgWRaapJLmSiFdkggVGg6t8F0p1WBaFh5/gBZfgIBuYFMVPP5gJ6vChxZWdLtjomuRzLvmquiCi5YFMTEuNDVUMjY+Po5ln6xi9fpNyLJEfFwcX33gXqZNngCA3W7H6XBgmSYOh4MfffcbyLKMaZqoqhLdj+ASb1+ESge7nGdek0aSJGKcToJB/STxaZoWgWAQt9sljCoQCAQCgUDwWRUnEQfSsizMdnpDlWSQLJq8ft7bfZT9x2qJddho8QUoqm2i2evvsJ6EYZikJCfx28cfw+l0YJomkgSSFBIUmqby/UcfRlNVLMvih9/+WmgRRstClmScTgcOhx1d1wkEAsy75ipM08QIO6mR1eV1XScnuyc//9F3cTjsYgblEkdCwmbT8Hi80XVNTieUvV4vmqYhy/IJ4sQkGNRFrolAIBAIBALBZ12cnAqbouAPGjy5cg/dEmO5alAWyw8Uc6yhhUS3E/UEB1KSpFBuSVgwhCZXjiueGKcTK+yExric0C48x7IsgsHjSdB2my36fvt/ARRZxh0TI4TJ5XBDaCppKcmUlZeTmZGOq10y/In4/QEqq2tITkrCbrN3InQEAoFAIBAIBOeC/Fk5EdO0iHXamNSnK267jeoWDx/sK6S6xYPbYWPGgB7YNZUTo7tOJxhM63jOiWmG8kkirxPLAlvtvtv58QlhclkIXE2jT+9sjpVXUV1Tc8pralkWVdXVlJSV06tHd1wuZ8cbS5ZQFJlAMCiMKhAIBAKBQHCWfGZmTkzLIjnGyc9umMRjc8eFktkJjV7LsoRdVXBoSie5JwLBcSRJIqdXT+rqGzl0JA+A9LRU7HZ7NMTL6/VRVVPD3v0HkSTISO+CpqoniBMZu91OW5uHGJfIOxEIBAKBQCD4XImTkGMJLptKjP3k07IshDARnBVxsW5GDhvMzj372LhlO1ndu9IlLRWXy0UgEKC4tIxj5ZXIskwgEKSyuob4uFhsto7VveLjYqlraCQ1NVlU7BIIBAKBQCD4rIkTSQL5DE6eBRimECGC/6WdSSQnJTJu1AiKSkopLCnlcF4Buh5KcE9MTGDwgH5kpqdTUVXNkbx8APr2zo7mHgEkJsRTUVVNc3ML8XFxwrACgUAgEAgEnyVxEjBMWv0GxilmQCQkHJqMS1UQVXsF/ytxcbEM6N+XrB7d8fsDmJaJLMnY7TZcLieaqhIX5waJTgWKoihkdulCcWk5/fs6ReUugUAgEAgEgs+COJEkCBomC/aU80FuLa1BA0k6HqqlhJWIBPRPjeGhUd0YnBp7ShEjEJwtmqoSf5oV3m02G317ZwMhgWJZFkMG9o/mpyQnJ+Lx+SgoLCa7V5YQKAKBQCAQCASXvThBojVgsrG0kfuGd8WmygR0kwSHSoxNobI1AIBLU3jrcBVHaj0M7RKLYYgLLDj/2MMCxbIsco/m0693Nnb78dLC3btmUFpWzuEjR8nq3pX4eBHiJRAIBAKBQHAZixMImiZ1niDJMRpLc2s41uxnZnYSg9NiWXq0BsOwuGVQOg5VpjVoEFk5XiC4UAJlyMD+9OudfVJiPED3bpnY7XZKj1VQUVVDYkI8brcLm2YTIYgCgUAgEAgEl5M4iaCbkGBXuSo7hSa/Tq8EB6kuG/P6pGJaFjmJTiwLZElGkhSk0FryZxY/khR+hUPFwmuSqKqKEZ5+kWU5+v//k8HD27Q+5ZCzyDmI9VQuooiWpA4zJieSlppMSnIiNXX1tLZ6qG9sRA/qoXYlFIpAIBAIBALB5SVOFBka/TrLC2o51uxneq8kBqW5WZIXmjlxqAqyBJVt1ZS3ysTbErApttMKAUVRME2TpqZmvD4f7pgY4uJiCQQC7D94mK6ZGdg0jfqGRtK7pEZzCc4WWZZRFBldNzAMI7TNjHTi4mI/VYFiGAYer48Yl/Ocj1Fw4ZBlmS6pKXRJDYlg07JA5EYJBAKBQCAQXH7ixDjDzEl2ogvTslhS8Am1hoepmZMYmz6cJEdCp0FeiiJTV9/ACy+9zoFDRwALVVWZPm0Sc2bN5F/PLuDB++6muqaGBa+8yd9+/0uSEhMwTTMqACICQ5IkLMvq8L4sy5RXVFJSdowJY0bhCQT457MLuPfOWxk/ZiTBYPCk7US2dTbvRbBpGh+vXMO/nl3At7/2EFMmjiMYXpm8s+M63ftn2pfg0xUqsjCDQCAQCAQCweUpTuTwzMmHR2soC+ecDElz8/aRagzDwqYoyLLMuIwRNPs/4pdb/8otfeZyz4CbSHEmdRihliQJnz/An/7+JB6Pl+89+jCZGekczs3jaEERhqFjmCaBQJCRQ4fgdDhxu2OQCFVw8vn9aJrWIdxL0zT8fj+KokRfB4/ksW3nbiaPH4skSR1CujRNIxAIYFkWdpuNoK5HZ3J0Xcdut2MYBoqioOs6pmlis9nQdb3DefgDAdZu3IJhmqzZsImJ40Yd/xxQNRW/PxA9pvbHGwgEkCQJVVHQDQNNVQmEhY2maR32JRAIBAKBQCAQCHESxjQtusTYeHRcFt7g8Wpdj03qBUCSU2NZfg21vmoqg4XkNhTweu4SsuN7MDvrCuyKPZqDoqoqGzZvo6CohD/9+nF69uiOrutMHDuaSePH0tTUHHX+W9s85OUXMmbUcNo8Xha/t5TC4hLiYmO5+Ya5pKUk89Lri0mIj2P/oVxUVeHu225ClmU+WbWW2rp6nnx+IZPGjUZVlOh2V6/byLpNWzAMk0njxzDzisnk5Rfy9pJleLwe+uZkc/MNczlwKJclyz7GMAyGDxnEnFkzojMfiqKQl19AUUkp33z4AZ5/6TWKS47Rq2cPGhoaeeOdJWSmd2Hn7n3Y7Dbuue0mUpKTePmNt0hLTWXvgYMYusGtN15H/745rN+8jZVr1oEkMWn8GKZNmgB89mdRRCicQCAQCAQCgRAnZ3+gkozLpnC03kPvJBcADT6dBp+BhIUiy5Q0Bmjx+9lZsx2vVEySI4FqTy3vFHzE6LShdI/rimEaUWe0oKiEbl0zyOiSRjAYxLIsTNNElo8H28iyRHVtLRu3bOO2G69jwStvUHqsnAfvu4fN27bz5HML+O43HmbVuo30zu7F1TOu4L0PPmLBK2/w9YfuJy4uFn8gwMD+fYmNDeWZaJrK7r37eWbBSzzywL047HaeWfAKqSlJvP3+MuJjY7n7ups5WlBIm8fLUy/8h3FjRjB25HCOVVRhmiZKO5Gzcs0G+uRkc8WUiSxftZbV6zeSk92TQDDIsuWrmDJxHHOunsFb733A8y+9xjcf/jIr12wgJ7snc2fPZPW6jTz53AJ+/N1v8NTz/+GOm68nMzODltbWz82NEJrxOo+3g9SufpyIlhP2EDYUNhQ2FAgbChsKG16+4sTEIsYmMy0rgbcPV9PgDYIk0Rpow6N7SXUm0+Bros5XR5c4GNIljv31MQxNHUSVp5ai5jJadQ8SJ4+OdzYjcOIguizL2GwarW1tbNu1h5yeWezYvQefL8Cx8kqam1uIcTm5Ye7VjBo+jEAgwGuL3yUhPp7snj2QJIlpkybQ0tqCGc5F2b57L4qsUFxaFh21zz1aQFJiAgcP5dK/bwFTJ40PLQIYH8eefQfJ6taNKRPGoihKaNZElqlvaGTLjl1ce/UM6hoa6dcnh7UbN3PbTdcjyzKxsW5unT+PHt27ocgyf/33s7S2teFyOblh7mxGjxhGRnoXHvvZb2lqbiE+Po7N23YyZ9YMJowZdUobfWbuRUkiGNRZvnodlnn+ztPCwtANFFXptB1+3hD2EDYUNhQ2FAgbChsKG1624sSywKbI3D0kkwafTkA30RSNj4vXsqliB98b/RX+c3Axzx54lfoWmTTTjmFZuG0xDEruy6aKnQQNvYOpLcuiV1Y3ln60nIrKKnpm9UDX9eisSWdRPpZlIQE52Vlkde+GaZqMHzOSuFh3uATx8ZAxWZbCuSOhHJPQ6/i29KBORno6Ob16EtR1vvSFO8jq3g2Xy8myT1bx4fKVLPtkFb/40ff4waOP8MHyFby6+B0+XrmWn3z/UTSbhqKqbNu5m+bmFrZs28n2nXsI6jp19Y3s2rOfgf36hKqFhc9JVVWwjifCR85VC4sdp8PB49//JkuWfcLTL77E+s1befQrDyDJ0mdWoFiWhaoojB4xLGqn8yGA/MEA27bvZtSIodg12+e62ICwh7ChsKGwoUDYUNhQ2PCyFicRkpw2UlyhBe5kRaPM46K4zSAjNsiIjARyKjUqWmuo9EhMyhjNnf1uwKHYKWouQ5HlDrNUhmEwZuQIenRfzh//9iQPfekeumVmkJdfyJbtO7nh2tmh6S0r5MAahkmMy0V2rywqKqu58bpraWtro+xYRSgp3jSi4sM0TUzTjIZwtbS0UltbhyURFSr9++awZfsu0tNSSUtN4XBePqZpUFFZxZyrpjNiyGB+8LNfU11biyzL3HLDPPrm5PB///g3Xp8Pu92O3+9n+cq1zJo+lfvvuYNgUEdRFf717It8vHINfXJ6EQgEKCgqISEhgZVrN9C9WwYxMS6CwSCFxSX065PD8tXriI2NweVy0djYyH1330Z6l1TeXfoR/kAAh8P+mb8x7TYbinL+xAlSaAbObrNhtwlxIuwhbChsKGwoEDYUNhQ2vOzFiWlZRCJvVAy6uLrgVGPYVrWPK7tNoS3o57n9r9McbOWeATczIX0kSwtXkhOfRbwtroOhTdPE6XTw/W8+wvMLX+MPf/sXiiTjcDqYMW0ysbFuXC4nqqqAJRPjcqGqCvfedRv/fOZFvvXDnwIWI4YNIat7N2Ld7tB3CVW5crvdGIbB6OHDWLV2Iz/59R+47+7bSYiPwzItJo0fy+G8fH75h79is9mIjXXz4L13snzVWo7k5WNZFjOmTaFLWhr/fPoFauvqCQSDXH/t1cTFxiJJUFJ2jPrGRh684i4cDgeaqqNqGrOunMYTTz9PRVU1iqKw6N2lvLr4HRRF5esP3YdNs4WT9dexau0GAoEgD953N4os8eIrb+L3+/H4vMyfdw0ul/NTWXzyUiciGs/n9tvv5/PecQp7CBsKGwobCoQNhQ2FDTsVS36//7K8ghISHt3H4vwPOFJ/lDv73YBhGjyx+wVa9Fa+O+oraJLGgoNvcnXPK7iy20Q0WT1pxfjoIozNzfgDQWJjXLjdMei6gcfrxW4LzdT4AwGcDgeqqhIIBKhvaERVVZISE7AsC4/Hi91uC5X9NQwCgQBOpxNFkmhubSUY1ImPi8Xv96PZbGiqiiRJNDQ04g8GSYyPw+FwEAwGqW9oBCA1ORlJlggEg9TXN6BpKslJidHZnKCuEwgEcMfEnNSIfD4fjc0tPPaz3/D4D75NfHwsbpeLmJgYGpua+NYPf8qD995Nn5xe2Ow23DExmKaJ3x+gobERh8NBYkL8ZbHivGVZNDc3Ex8ff85Vt5qamigpq6B7t8zzOnPiDwTYtGUHE8aNEjMnwh7ChsKGwoYCYUNhQ2HDU6Beroa0sHCpDq7qPoUmfzMLDi1iXJcR9E/qjUf3srVyN4VNpfRN7MWI1EFoitqpoQ3DQJIkEuLjw1UKLHQ9NFMQcvpDzrmmhZx3wzBQVZX0tFSsdkrT7Q5917JC66DYNC26AnhcbCwQmq2JCQsJK7wyeGJiaIFI07Kia5qkpaZEnW7TNNFUlYwuaVjhbUSwaRp2m61TAeF2u/H5A6R3SSPW7aJLaiq6rkfzajIzuhAb5yY1NQVd16OzI3a7jcyMLuEcGlPcsQKBQCAQCAQCIU7OVqB0caVyY+9rWFGynk9K11HYXIphGvRPymF21hWMTR9JsiOhwwKMJ23nFNNX7Z3ziEiJfN844fsdv2udFELW6fcA6wQB0NmxdLa/0x03gK6HZmp+9sNvY7PZoivGAzgdDh77zjdCCy4GAifvyxAjDgKBQCAQCAQCIU7+K4mSGdOF2/tex/XZs9Ct8OrnsopLdaLKCqZlfS7LXkuShNPhwOxEwDjsdjHtKRAIBAKBQCAQ4uRTlyeWhSZr2Oy2aLngSMiV+Tl3wE91/kKYCAQCgUAgEAiEOPkfkSWJU+U8m0KMCAQCgUAgEAgEQpxcCCygzR+kLRDEsugwS6LIEjF2DXu4nK9AIBAIBAKBQCAQ4uS8oMgSZQ0t/N+y7WwtqDguQqxQYrwiS1w7LJuvTh+Jw6aimyZiEkUgEAgEAoFAIBDi5FNHlmTKG9oob2zlx3PHY1hgKSqGFVrVMq+yns1FlYwvbyIjzklqjA2HKosrLBAIBAKBQCAQCHHy6SIBfsPAoaq4bCp/WXMIvyOexNgYFBk8AZMGOZY/bComyWXjjsEZTO+VKGZPBAKBQCAQCAQCIU7Oj0DBsshKiSctJRmHy8WcPml4dRNZklAlGd20WFPSwLZjLczMTjqrMsKSJIVfdFh8UFXV6OKEsixH//9/Mnh4m592tazIOZyPhRMlSUKWJAhvX1T6EggEAoFAIBB87sUJgCLLFNc2s7u0lrsmDCS/wcPqogYkyaQp0EKzv5XyVg839MvEE0zDqTg5nTxRFAXTNGlqasbr8+GOiSEuLpZAIMD+g4fpmpmBTdOob2gkvUsq0qlKhZ0CWZZRFBldNzAMI7TNjHTi4mI/VSffMAw8Xh8xLuc5H+PpRImqKLR5PDQ1t2CaFokJcbhcLnRdF3ePQCAQCAQCgeDzK04sIGAYDOmeyjVDegEWNw/IYHKPOPbWHGRp8VqO1R4mLl6hPJDBewV1TOs2nlRHMrIknyRSFEWmrr6BF156nQOHjgAWqqoyfdok5syayb+eXcCD991NdU0NC155k7/9/pckJSZgmmZUAEQEhiRJWJbV4X1ZlimvqKSk7BgTxozCEwjwz2cXcO+dtzJ+zEiCweBJ24ls62zei2DTND5euYZ/PbuAb3/tIaZMHBddEb6z4zrd++33Z1kW73/0CUs+/Bivz49lWbhcTm6bfx3TJk+IrlAf+e7pjr2zv093DKc7X4FAIBAIBAKBECcXXZjYFYWAbnCksj7kwCLRNc7GMc8h9jeuwJBKmZ3Tl5ndJ7O9ah//2rOQIw0FfHnwHWTEdDnJ+fX5A/zp70/i8Xj53qMPk5mRzuHcPI4WFGEYOoZpEggEGTl0CE6HE7c7BgnQVBWf34+maR3CvTRNw+/3oyhK9HXwSB7bdu5m8vixSJLUIaRL0zQCgQCWZWG32QjqenQmR9d17HY7hmGgKAq6rmOaJjabrcOshSRJ+AMB1m7cgmGarNmwiYnjRh3/HFA1Fb8/ED2m9scbCASiMyR6u7A1VVF4Z+lHLHj1Db5w+81MHDcGgLUbt+D1+aLf0zSVQCAYFUm6YaDrOg6HHcMwOw0Da/+3pmkEg8HQQpqahq7rqKp6yvMVCAQCgUAgEAhxctExLZNuiW76ZiTxu/c3Uxy086WpQyluLufN3A8ZmTacewfeQUvQQ72vgQN1RznScJQ6fwODk/sxt9cMNFmLzp6oqsqGzdsoKCrhT79+nJ49uqPrOhPHjmbS+LE0NTVHnf/WNg95+YWMGTWcNo+Xxe8tpbC4hLjYWG6+YS5pKcm89PpiEuLj2H8oF1VVuPu2m5BlmU9WraW2rp4nn1/IpHGjURUlut3V6zaybtMWDMNk0vgxzLxiMnn5hby9ZBker4e+OdncfMNcDhzKZcmyjzEMg+FDBjFn1ozorIOiKOTlF1BUUso3H36A5196jeKSY/Tq2YOGhkbeeGcJmeld2Ll7Hza7jXtuu4mU5CRefuMt0lJT2XvgIIZucOuN19G/Tw66YSBLEi2trbz13lJuuWEeN153LYahI0kSt86fB1i0tLbx6ptvk5aawpbtu7j5hrloqsKSDz/B6/PRp3cvbpw3B4DnF77KDfOuoUe3ruzcs489+w5w6/x5vPfhcpxOB7l5BTS1tHD9nKsYM3IEe/Yd5P2Plnd6vgKBQCAQCASCzy6XTa1dw7RIjXXxtRkj+ONtV3DjqN5UtflYnLcet83F5MwxxNrcrCrdwIKDb7K75gBum5uWQCsfFq2kxluHLB8/XUmSKCgqoVvXDDK6pBEMBjFNk6Cudxipl2WJ6tpaNm7ZhqEbLHjlDQ4dyeMLd9xKepdUnnxuAW1eL6vWbWTfwSPMmj6N1tY2FrzyBu4YF3FxscTGuhnYvy+xsbHhGQKV3Xv388yCl5g+dRLzZs9k8btL2bP/IC+/+TaapnL3bTeTlJRIm8fLUy/8h+7dMrl1/jxiYmI6JL1LksTKNRvok5PNFVMm0r1rJqvXb0SWZQLBIMuWryIvv5A5V8+gubmF5196jUAgyMo1G9i2czdXXTkVh8POP595Aa/PF0p+V2Rq6uoJBIOMHjEM0zQxDJPWVg/1DQ20tXkwdJ0VazewfNU6Jo4bQzAQ5I9//zfZPXtww7Wz2bp9Fy+/8RaGYbBp+w5aW9uQJImKyip27NmHYZhs2rqDVWs3MGXiOHp078qTzy2korKKZxa8dMrzFQgEAoFAIBAIcXJpHKwskR4fw8CuKVzTL4Maj58X9u2mR1wWdsXGxyVrqfPVMzipH6nOJIalDmRIcn8ONhyl3teEzMmJ4p2Nxp+YTy7LMjabRmtbG9t27SHG5WLH7j34fAGOlVfS3NxCjMvJDXOvZvKEscyeeSUVldUkxMeT3bMHaakpTJs0gZTkRMxwLsr23XtRZIXi0jJy8wsAyD1aQFJiAkfy8snLL2DKxHHEuJzEx8exZ99BqqprmTJhLIqihGZNZJn6hka27NhFvz7Z1DU00q9PDus3b6W1rQ1ZlomNdXPr/HmMGz2SW26Yy9HCIlrb2nC5nNwwdzbjx4zijlvmU9fQSF19QwcB114AAby66B2+8f3H+d1f/kEgGMRpt3PrjfOYd81VlJaXk5KcyC03zGX0yGHcfP1ctu/aQ2tbG3abLboNWZbRVBULC1VRuHrGNCaOG83t869D1w3KyitITkrq9HwFAoFAIBAIBEKcXFIYpkVQNxiS5uaxSdkMSoUURwK13npeOfwO7+Z/zNsFH1Hrq0eTNaZ1G0+iPQ6/4Yd24sSyLHpldaPsWDkVlVXR/BFVVZEkmc4KXlmWhQTkZGeR1b0bA/v34Yff+hpxse5wCeLjIWOyLIVzR4xo4nh7/1oP6mSkp5PTqyfdu3XlS1+4gysmT+RL99zBVdOn8uHylfzo57/F6/Xxg0cfYfSIoby6+B1+/ru/hBLpZQlFVdm2czfNzS1s2baTP/zlH+zed4C6+kZ27dmPqiihamFhwaGqKljHk9AjQkRTFCQkjPAMhWGYpCYnY7fb2b5rD5Ikocgy99x+E3ffdiN19Q2YpomiKMS4XAB4PF4cdntUhLicDvSgjmmY4f2FzlsJh7VFRE/kbyl8LIos871vfOXk8/2UKpAJBALB2aAoMk6Ho0OfFenDnA7HSQM5dpsNu93e4T2bpuFw2DsMzjgcjmif7LDbUVU1HKJ7dvvTNA27zdZh8MzR7nObTTvpOE73vrDhpW1Dwf+GJEk4HKE20qGt2e1omhb9f6fTgdPhwHbCYKrDYe/QTjVVxdau7XTcj6PDdpROBntVVcHpdHT4TFWU6O+c4W04HI4Ox+F0OE46h8+aDTvY6XJsbBbgUGR6JjjJSUzBa3iRZZlkRyJ5DQXU+5sZntKfO/pdT6+47hxtLEaWlPAvwyLHMBgzcgQ9ui/nj397koe+dA/dMjPIyy9ky/ad3HDtbCRC655YloVhmMS4XGT3yqKispobr7uWtrY2yo5VhJLiTSMqPkzzeCK4pqm0tLRSW1uHJREVKv375rBl+y7S01JJS03hcF4+pmlQUVnFnKumM2LIYH7ws19TXVuLLMvccsM8+ubk8H//+Ddenw+73Y7f72f5yrXMmj6V+++5g2BQR1EV/vXsi3y8cg19cnoRCAQoKCohISGBlWs30L1bBjExLoLBIIXFJfTrk8Py1euIdceQmpyEaYWOO9Ydw63z5/HCy6/jjolh4rjR2GwaVdU16LoBSOHzDJ30oAH9+HD5Kg4eyaNXVg9WrttIz6zuxMfFISGz78BhumZksP/gYQzDCK3JYpkUlx6jzeNh/aYtAGSkd6Gqpvak87XZbGL2RCAQXCCnWqG4pJQ169Yzc/oVZGZkRIuTlB0rZ+WqNVx5xVS6d+saLTCydNnHeL1err1mNooSehB/vGIV9fUNXD9vDna7narqGj74aDlTJ02gR/duvPLGIvrk5DB61AjyCwrPuL+sHt1Zs3Y9rR4PV02/AlVVqaisZOXqtcyaMZ20tBRWrFpLY1MTc6+5GlmSsMLns2bdBqqra7l2ztWh2evz3J8KGwouBWHi8Xh49Y1FjBoxnAH9+4b9F3j73fdJSIhj/NgxvPnWO1TX1CJLMn16ZzNuzChcLidVVTWsXreeWTOnkxAfjyRJbNuxi7r6emZcOS2aCyvLEm0eL6++sZi2tlAIe/du3Rg1chhpqanRVAFVVTice5SNm7Zw9VXTyczIQJIk9h84yJr1G9E0DVVRCAQCqKrK/OvmkpycRF19Pe+9/wEjhg1j+LAhF7RI0IWy4WdCnEQEimXBoKS+HG0sYnjKQL4+/D4kYGPlDmb0mMJVPaawqnQj3d0ZJDsTMduJE9M0cTodfP+bj/D8wtf4w9/+hSLJOJwOZkybTGysG5fLiaoqYMnEuFyoqsK9d93GP595kW/98KeAxYhhQ8jq3o1Ytzv03fCojNvtxjAMRg8fxqq1G/nJr//AfXffTkJ8HJZpMWn8WA7n5fPLP/wVm81GbKybB++9k+Wr1nIkLx/LspgxbQpd0tL459MvUBvOAbn+2quJi41FkqCk7Bj1jY08eMVdOBwONFVH1TRmXTmNJ55+noqqahRFYdG7S3l18TsoisrXH7oPm2YLJ+uvY9XaDQQCQR744p24XM5oo9MNg6tnXIHNpvHuBx/zztJlWJaF02HnhrmzcTjsuGNiUFUFyzQZNngA18+Zxd/+/SyqohIfF8tX7r+HuLhYrp97NW+8tYR1m7aQlJhAUmJiSLipKlu27+LAoSO0tLZx7123kZSUwIJ/vHnS+YqHgEAguJAj/sUlpTzx5DNUVFbzw+9+MzQSKMHCl1/jnfeW0rt3Dlk9ugNQVVXN3/7xbzxeL4MGDqBfn95YgKzI/P1fTxET42L+dXN5+rkXOXDwMNddO5tAMMjCl1/j2tlXM2XShDPur0/vHHpn92L12vVUVFUx88ppKIpMRWUVLyx8mWFDh5CR0YXVa9ez7ONPyMzIYMK4MRiGQWVVNX/4899xOp1cPWsGNk27AOJE2FBw8bHZ7azfuIU9e/fzu1/9DE3TOJpfwF+e+Bff+vrDWBa89MobuFxO+vXtwwfLPmLUyBH85LHvUlffwD+efIbCwmK+/+1vYHc62bJtO4eP5DLjymknOfAvLHyJnllZZHXvzsbNW/nPK6/x2Pe+xdAhgwgGdSwL3lz8Dq++sRjLsvjy/V/EsixaWlo5Vl5BRWUlubn5jBs7ivi4OALBIDZNY/Wa9fzl708yY/o0Bg/sjyTLF7TtXQgbfobEiYWExPiMkRyoP8LOmv2MTB3CqC5DqfHWkROfRVFTKZ+UrGNKt3FkuFJPSqw2DIO0lBS+/81HaGpuxh8IEhvjwu2OQdcNfvbYd6JTvz/70XdQVZVumRn8/LHvUN/QiKqqJCUmYFkWv/zx97HbbQQCAUYMG8ygAX1RVJWcXln84Zf/j2BQJz4ulv59ctDC23zgC3dy07w5+INBEuPjcDgc3H/37dQ3NAKQmpyMJEt886tfpr6+AU1TSU5KxLJA1w0yM9L5829+ijsmJrquSSAQYEC/Pvz51z+lsbkFgEe+fC/x8bG4XS5iYmJobGrCsizuue0m+uT0wma3ERsTExUmQDT066orpzFp3BhaWtswTZPYWDfuGBfBoM4vf/L9aAlkSZK49cZ5zJoxDX8gQEJcPHa7jWAwyLzZVzFp3BgkSSI+LpZAOEwrEAhw3TVXMWXiOCRJJj4uFtM0Oz1f8RAQCAQXVKDIMrFuNytWrWHunKsZOXwo23fuZvXadcTGuqNhCqqqsnrdBhIS4snMSGfFqrX079cHPagzfdpUdl2/l/+88joer5fNW7fxi8d/RJfUVBqamrDb7aEBnnAO4Zn2Z4UHv2ydhCRFwijsdjuWBa++vogRw4bgdDp4+933qa6pZWD/fsKGl5kNBf+Dn2hZuJwOrp87hz///Z8Ul5QyoF9fVq1ZR3JSItOmTMYwdBRFZtbM6XztK19mwcuv8q+nnqO2rgFVU3C5XLy/7GOys3ty3z13oZ4qrAsJu93BrTfdwHXXzqa2rp7Hf/FbnvjX0/z9z3/A6XRQUlrG3v0HmD1rBmvWb+CWG2/A7XYxdswopkyeyAfLPuav//g3P/zuN+mSloZhGLS2tbJyzVqmXzGV4uJS8o4WMHBgP4JB/TNnw/bIl3XDw6KrO505PaezpXIXHxStIMkez5guw6jx1vFy7jt0dacztstwbIqt05XiI9PJCfHxpKemdJg9iMwMqKqCOyYmuk6Jqqqkp6WSnJQY3Y7bHXN85kRVQ98HTMsiLjaW5KREZFkmJiYmOh1smSaJiQlkpKVis9miU9BpqSmkpaaAFJrh0VSVjC5pJCclYZpW1FG3aRqxbnenjrvb7cZht5PeJY1Yt4suqanY7XZ0XUeWZTIzuhAb5yY1NYUYl6vDGiftG2UwGMRms5GSnESX1BScdnv0pojYJ/JdwzCJj4sjLSUFTVOjtrUsi+SkRJISE6Kxk7Isk5aaSkJCPMlJScTFuqNrwJzqfAUCgeBCYVoW6WmpjBg2hFdeexOfzx92VoeSkpyEZZnIkkRbm4cVq9ZwzayZ3HDdXNas30BDQ2M0XOG+e+5CUVX+9Jd/cO3sWYwdNZJAeDDpXPZnnmU/GAwGmTZlEpVV1azbuJmi4lJWrVnL1TOnh0KlLmB/KmwouNgEgzrjx40mPj6Otes20NLaxqo167hy2hSSk5Mwwotqt7W1UVpWxqHDR0L+k8OOaVjEut3ceN1cnl/wElu2bT+jUx2pbpqUlMic2VdRXFpKdU0NmqaxZt163DExPPrVr9DS3MqOXbtRVS0a7h9pV5EBWUVROHg4l5LSYzzy0Jfo0aMby1etvuA5uBfahpe9OAmdgMzw1MHMz7mGak8t7xetZFPlTnZW72dYygDu7D+fDFfaaR1cy7JCDapdDkWkkUXaS/tZF8uywt89vsBg5Lvtt9d+O5G/2//GijTk9u+Ff2ue8J7RbhsnHndn6HpopuZnP/w2yUlJ0YUOQ6FZDh77zjfokx3KSTlTqd4O9rFOts+JN2ZnCy+2f980TVRF4dGHv8S4USNOOoZTna9AIBBcuFFXE0VVuev2W8g7ms8///0s+QWF3Hn7LaEReMtCVVUOHjpEYVExLpcLu91GTXUNO3btQVPV0APb4yHoD2C326mpqY3ONP83+5MkIJy7KMsykiSFyrxYx6sqGoZJVo/uzLt2Ni+/9gZPP/ci/fr2YeL4sR1mx4UNLw8bCv5HgWyaJCclcuXUKaxZv5G16zdQ39DAzOlXRH0MTdN49/0PeeDhb3DocC5ff/jLJMTFYZgGpmly2y03MnXyRH7/f3+jqKQURTlT0FHI/5GkkP8YcdxXrlpLWkoKjU1NJCYm8MnK1dH8Ecs6PnweFSvAipVrcNjttHk8pCQnsXb9RurrGzutrPpZsuFlL04sLGyyxvj0EXx/9CM8N/MPvHXtM/zflJ8wP2c2mTFpodEXPn8jHZIk4Ww3Vd0eh91+QRt3Z9jt9otWfUIgEAjOhK7r9OndmyumTuHZFxZyxbQp9MnJPu5QAJ+sXIPdbmPLth2sWLWG2LhYPlm5Bt3QMU2Tp559gdS0FH7y2HdZu2ETn6xaE61wc277s1BkhS6pqRQWFVNdU4Mkyew7cAjdMKIzzZHtXD9vDm1tHtas28Ddd94WrWglbHj52VDwvzrXFlfNuILa2jqefPp5hg4eRO/sXhjhNhgMBpl91QyefOIv/PuJPzP9iqnRaJJIwvvXH34Qp8PBhx8tP2Xbg1Aoo6KqNDQ08eFHK+jerSuZGens3XeA0mPH8Pp8vPzqm2iaxu69+yktKzupuhyEQg1ramrZvHU7bncMr76+mLq6ehobmti2YyfaBfadLqQN4TLOOTlRoAC4NRdooXAqK2wQ83PekZzq/C+FDlZ08gKB4FLFMAx8fj+GaXDzjdcjyxI3zb8OwzDx+UKl6Y8dK2fF6rV88e47uP2WG7Esi+UrVvH7//sbBYXFHDx0hPUbN/PXP/6WMaNGsHHTFv7x5DMMHjiAhPg4fH4/engW4Ez7M0wT3dCZNXM6K1av5ds/+H9075rJ7j37uPGGeXRJC+VVBgJB/H4/yYmJfPWhL1FeUcWgAf05ejQfv98vbHiZ2VDw6bTDnOyeDOjfl4+Wr+Thh+7HFs6XBfB6fbhj3XTNzMDr9aLrOqqqYpqhdqPrOkmJiXz/29/gG999DJ/P16kf6vf7WfTOErZu30lBUREej5fHvvctbDYbby95n55ZPfjNLx/Hpmk0NTXzwCPfYNnHK3j4wfuRpPD94vNFZxRXrllLU3MTf/rdL8nMSMcwTR7/xW94d8kHXDF1cnQ28LNiww4i7yc/+cnPLkZjkaXQyL4k8anNaVjhBhL5T/D5we/3d0hoPJffNTW3Eh8XiyyfnzjOyEOz7FgF3btlonYySvJ5QthD2PDSt2Ho2ZSclET/vn1JiI9j7JhRuJxOTNPA7rAzZNBAdF3H7XZzzdUzcblcSEB6ly7ExMSQmpJMc0sLkyeOZ+L4sViWRd++fZBlidSUZFJTU7BpGkOGDKJLWhqWZZ52f4MHDiAmJob4+DgmjB2DqihoNhs333gd18+7NlTyNhynnp2dRUZGOj2zejBk8IBo7l5aair9+vb51GbNhQ3FvXy59IeqqtIlLZVePbO4avoVKO1mwew2G4MHDiAtNSWaKxvaLsTFxjJo0AAUVSE1JZk+vbPpmplBdq+eUX8j9I+E0+kkOTkJp9PJuDGj+dK9d9Ondw4ej4eGxiZmzZhOr549kCSJmBgXXdLSiHG56JnVI7wtidSUFIYOHoiiKFRX1zB65AhGDh8WXgzcRrfMUPnhvr1zzjj7cDnZ8KTj8fv9F9SLj8xq+HSToGmiyTIOVY6+LxCcsyi1LJqbm4kP19A+F5qamigpC92Mkbr656Pj9AcCbNqygwnjRmH/nK/ZIuwhbHg52FBRFDRVxR/wd8itkyQpXJkxlJBts9k65M2FPrcTDAZRFAVJAr8/EN6mjE2zEQgGMQwDh8OOrhsEg0FUVT3t/oKBYHSh3MixhYqmWNGcwtDxaFgW0QqO7c9HVdVPdeRf2FDcy5dTfxhpHz6/v8PnkTZ04vohEUHgb/d9TdOi1UZPPAa73R4SKhaYVmgR7oijbrfbMU2zQ5uKJIZHtqUoCpqmRfcXWhxcirb9yDlE2uCn2U4uBRt22M+FbkQBw2R3ZQvP7j7GwZpWBqa6eWB4V4ZnxKLJsrjLBAKBQHDRMQyjwwhg+8GQUEhSiBPDE0Kf+6Lb6LhNE6/ha/dbf9QxONv9ne7YQo5O8JzOR9jw0rah4NND1/VOFzA8sW1ECIUkdWybwWDnbaN9m+2MzgTtic75ie2rs32d6hw+Cza8qOLkaIOHP20uZn1JA96gSWGDl0afzuNTshmU5hZ3j0AgEAgEAoFA8Dnlgk1VSFIolGt/dSt7Klto8ukYlkWjT2dXRTO7q5rx6iayJC6KQCAQCAQCgUDweeSCzZxISARNi2Mtfry6gSSF8k8AdNOiLWicdWWtUCK9FK0hfbbrYUiShCxL0QVuRFynQCAQCDojkttA5DljhOKp2z+nJElCU1VkRQakDiEPmqqitIsNl2UZm6bhDwSO/x3OtQAr/P/B4+sGqCqSLBMIBDrkYJwYViTLMpqmIkkyYBEM6id9R4vEqZ+wppTdbg8VAukkRv7TsWHHGHqgQ46IpqpotlBSr2Va6IYeXUfEbrdFc0FOfI6fyubt92uzaQQCHe2laSqqqgFWeOFgA103LmlfoH07hFBbjIQIRXIcLIvwuegd2lb0M12PVlU6GxvabLbwYpOEKpwFg5d15dP27TxsAHRdJxgMhnNBjOji0qqqoioKvnY2Ntq1y5BtNfw+PxahRHDTMqO/j+Q3+f2BaN6IqiqhfUuhsMRAIBBe4FvD7/ddFmt6dtYOA35/tF047HZMy+oQqqYoMpp2PN/EZtOAzvN1VFUN5/2GFzu/kCfXFjAoavThUhVaFQPTtIizq6TF2Kht0/HrJrE2ldOlxiuKjGVaNDU3h0qXxcQQG+s+7YKEkQalGwbVNfUoikJSYkJ09VmBQCAQCNo7tyUlpaxcsw6fz4/dYaN3djajRg7H5XRiGEbomaLrbNq8lf0HD6GqKuPHjWHQgP5IksSmrdsoKirh+nlzcDgcVFRWsXHzVq6eeSVut5va2jo++mQl06ZMxOlwsmL1GmbNnE5CuLDHth27qKuvZ+b0K/B4vbzy+iLGjx1N75zsqMOtKApNzc1s2LiZgsJikpMSmTZlEl27ZkadTVVV2bF7D3v27ueGeXOIj4/HskJO/3tLP6SmphaAzIx0RgwfRrd2v/1fUFWFw7lH2bZ9JzdePxen0xkqtfrWuwwePJDhQwaz98BBNm7aQjAYJCEhgbGjR5KT3ZNgUOfdJR+SkBDHpAnjo+d7Opu3t0nZsXKWr1jFlEkT6NM7G103UFWVrdt2snP3HkzTJC4ulkED+jN40EBkWeqwAPOl2A79YUdQUzXmX38tToeTV99YTGtrGw6HjUEDBjB82BBUVaWmtpYPP/oEj9dLjMvFiGFDGDigf1S4nMqGkcWSP/hoOUVFJUiyRE7PnowfNwaXy3FJ2uh0SJJEMBhk0dvvUl/fiN1ux7JCORBDhwxm4vixvLHobXp078aY0SMB2LN3H0fy8rl+7jUAvLn4HYYOGUSf3tkYhsmx8nI2bt7GvGtnY9M0lnzwEV0z0xk+bCiGYVDf0MDyT1Zx9VUzSExMYM26DRw6fAQzLIZ7ZfVgzuxZHDh0hD1793HDdXMv+SIIp2qHN8ybQ0pKMsFgkNcWvU1crJsZV06LVrwrLi5h/cbNXHvNLBISEkJrF+k606+YGvW/I0WMtm3fye69+zBMk+FDB1+YsC4JCBomR+raqGz1c+eQdAaluemR4OSmAV340oiu1HoClDb5MEwL6TTCpL6+kT//8xm+9dhPeeznv+Wbjz3Oiy+/gc/n61DaLzK7EunQ6hsa+c2f/sYPfvprvveTX/KHv/0Lr9d73srHCgQCgeByFScyRcUlPPfiS+QXFlJYWMwTTz7Nj37yC2rr6lBVlUAgyJ/+8gS//eNfyC8oYvvO3Xzn+z/m7ffex26zUV/fwD+feo7co/k4HQ6Wr1jF7/74F3bu3ovL5WLdxk089+J/kGWFuvp6/vHkMzz1zAtYponNZmPLtu28/8EyJEnC6/HwwsKXOZJ3NFriU1EUKiur+N4PH+eFha9QXlHB+x9+zKPffYw9+/ajhldXDwQCvLjwFf76xJOs27ApPMsiEdR1XnrldVavXU9NbS3vf/ARj37nB6xdvxFNUz8FGyocPpzLCwtfxuvzI8sygUCQF156hT179+FwOti3/wDPvfgfqqpr2LBpC9/6/o/Zs3c/iqLwzvtLWbt+Y/S5HjqXU9tcVVWk8H4/WPYxf/rrP1j01rtEhnoVRWHz1u28/NobVFRWsWffAX7y89/wj38/g24Y51zp8YK2wwUvcbSgkOrqWqprqtF1Ha/XywsLX2b3nr3sP3iY//ezX/HmW++iaRo1tXW8sPAVcnOPsmPnbr7zw5+wfMUq7OHZuVPZUAuvS/Hekg/4ZOUqysqO8dd//pvf//lv6PqlaaMziRPTNKmorKK4pIRXXnuDjz9ZSVl5BQ2Njei6zqtvLmbL9h3RKlg7du1h4UuvENR1dMPgpVff4Ne//z/q6huw222Ulh7jxf+8TMDvByyWfLCMn//mD5SUlmEL3/cLX36dhqYmFEVhxao1vPXu+1RVVVNVVU19QwOKorBv/wFeWPAKAX/gkrdrh3aYX0h1dQ3V1dUEwrOf+QWF/O0fT/K3fz5FXX1oAiD0m1JeWPgyjU3NKIrMJyvX8MGy5e2uT+jfZ55fyI9/9isOHDrMgQOHePwXv70wMyeyJFHvC/JRfh0uTWFkRhyaIlPe4ufeYZkYpsXReg+rixroEe8gxWXDOEFFSlKonNqfnniSNo+X733jETLS0zicm89TL/yH1rZWvvrl+5BlCUVR8PsD7aa7JZYs+5jGpmb+/Juf4vF42blnf1i5iQexQCAQCE5wbGSZ+LhYHv3qV+iZ1YOj+QV8+/s/5rU3FvPdb36dpR9+xMcrVvGbn/+EiRPGoes6Tz79PM8+v5DxY8cwbsxoYmNj2L1nH8OGDGbn7j04nQ62btvBldOmsGt36P2umRkcPpKHy+Xi/WUfk53dk/vuuQtVVaOlRiVJwuFwnLSS9EuvvkFDYwN//uNvyOrenYbGRv7fT3/Fv595nr/84Te4XC4OHjpM6bFjXDltMitWreWaWTNRw+sjSLLMzOnT+OpXvkxjUzN/+ssT/OPJZxgyaCDx8XFnHTJ9OoFy4vpTDrsdRVFCo/iSTEpyMj/87jcBiS8+8DBr129i2NAh2G22Dus42DSNZR9/ckqbjx01ih7du9JQ38D6jVu4ZtYMdu/bT0VFJenpXcIDlRLZvXrx/374Xew2G6vXbeBnv/odgwcOYNbM6actbXpR22FsLN/95tfo1bMnfr8fw9CpqanFbrdz683zmXvN1XzrBz9mw8bN3HHLjciSTIzLyQP33cOQwQP50le+zuat27l+7hxWrFpzShuOGzOaLmmpSLLEpInj+emPfsDTzy/gmecX0NTcTEpyEoZx+ThNZljoP/rVrxAMBnn4G99h5IhhfOvrjxAIBPB4vdht9g6rrauqit1uj/4dE+Pi4KEj/PPJZ/jpj3+AoiodPnc5HZSVlfOnvz7BH379c1RVxeGwt1sDRWLk8KH85hc/QULC5/cjSxKKrOBw2EG6jPrD2Fi+9+1v0KtnFoGAH78/gGmZLF+xmn59+9Dc0sLadRu57ZYbsSwTWZE73P82m4au29rZWmPr9h28sfhtvvW1h5l77WwMw2DJ0mUXYuZEQpJlgqZEVZtOQaOPV/dXEtBN8hs8rClq4G9bS9hR2UJBkx+/JYF08mGpqsq2nXvILyrhe994mCGDBpAQH8/kCWN55IEvsnbDFkqPlWOaFoveWcqv//R3fvvnJ1i3aSsg0dbqRQs3mp5ZPbjxujk47HYR1iUQCASCUzs4hoFpGPTpncOUSRPYtXsvbW1t7N1/kP59+zBm9EhM00TTNOb8f/bOO76q8v7j77Puvjc7zCSEsPdGcKOiiHtRXKh11NpWW+uu1dpha9Vfrdu691bcExBRFGRvkBE2CVk3d5/x/P64N5cEEsRaEfR5v16B5J79vWc8n/Nd48ZiOzbLV6ygXXERA/r1ZcHCRSxfsZKt26o4e+IZLFi4mHWV61m6fDkjhg/J5FY4BAMBTjnhOB594mm+nP1VVpi0+sJPVYnH48xfuIhDDzmIivJyLMuiuLCQo48aw+o166itrUNTVT74aCpdy7twyYUXsGZdJStWfd1C5DiOwLEdfF4vxx17NA3hBtauq9xFCH1fCCGoqt7O4qVLqa+vp6Agb5fxWtMb8AULl7Rp8xUrV+J2u5k1Zy6xeIzfXPYLDMNg+ozP0fWW72Ftx0EAo0YOp0uXUuYvWJQZreyDg8JMaNJDjzzBLX/7R9r7pWfEpQKrVq/hg4+nUlm5nr59emUEXTqnZsmy5bz/4RTqauvp27sXAliwaPFubLgKXddQVZWt26qYNn0Gs+fMpU/vngT8gf16vNS07035xntyLE1hcKedfAJfzJ7Dcy++kvHQKZnp6Vyf444dy5YtW3nokSdaRO00jV1XrlrNrf/8P26/6x6qq7dncn32s5c1mTydl1+dzIMPP8Ynn6a9mjU1dXw28wtOO/kEjj5yDB9NnUY8Ht8jb5CmaixYuIjcnBzGHH5odjvHHXv09+85EU6KRKyOoBnl+sE6dXZ73qtM8NHaOsIpi5eXVXFASQ6XD+9AkRYhkNpEMhZCc+dkEvx2GGb12ko6d+hA+3bF2YZJlmXRp2f3tLtt4ybmLVzM+x9P44JzJlK9fTv3/edx8nNzGDvmEP5y+7/51ZU3MGrkcMaPHUOnjh1kzXKJRCKRtP0M2+kBLZpPyXR13vEqLl38RVXTncdHDh/K4089x2uT36KkUydOPP5Ypkz7lBdffg3Lshg+dAi27SBI50xOOP0UEskE/7jjLrp2LUfT9FYHCU37JcTOYdDpfVIU0A2d7TU1fDbzC4YNHUw8HscwdD6eNp1BA/q3epT/6+iS5h20FUVBUdPJrtmQa00lHA7zu2tuwHEcDhx9AMceM7ZFEnyLwZ7Sts11wyBlmnw0ZRoFefk0NDTQvriIj6d9wkknjCfg9+8yUCWzrNjXW0ArZEJltHRRn4xRFRQ+nfE5L738Gn379uH8SWdnE5SFELzz3kesWbeWIw87lFNPPiFj17ZtqGnpxG1d01m16mv+8o/bcRyHu++4Da/X84P21/iuwqT5dy52Kmqx4zzbtcCSbduMGD6Unj26c/9Dj3D0UUe0EO6WbdOze3eOPnIMf/jT37BtC03XWlyXiqKga3qmoaiyyzWyP4TLKRlR//WaNbhcrqxnc/acuVRvr8XQdfx+H6vXrGX5ipUMHzpkt/cFJVMVqymNqbkJFL7XUsIKwrGI1Sxn68LH2T73XtxrHqNL4xSOKUmHdv18YDFD23s5pWcBfVxbca17lu0L/kPDhs9wrPi3ulMKINwY4cvZczn6yMMYPXIYJ44/hl49ujPji9n06tmd2/9yIycdN44Fi5Zw8613sm0/VbASiUQi2Ttomoama6xes5ZPP5vJoAH98fv99O/bh+UrVjJn3jw0TcOyLN59/0MMw6B7twqSySRDhwzCsize+/Bjhg8dTEnnzvTq2Z1XXn+T0s6dKencOfuCLP2WVuHXl16M1+PJrqs5qpquOKkoCn6vl0ED+vPJjM9Zt64SXdfZXlPLBx9NoaJrOcVFRXz+xSzCjRGqq2t4/qVXCQYDzPxiFttra9EyuRyqqqLpOolEgnff+4hgMEiXLqXf+cWd4wjaFReRSqVYvmIluq6zevVaEokEHdq3zyRfC/x+P3++6QYevu8ubrjmSnJCoWwX92xlzsz30L9f3zZt3qtHd1avWcuCRUtQNZWnn3+JZDLF2nXrWbp8BVrGe9JUqUpRFGbNnsPadZUMGtBvFyG6Lw2sXYbBheefy43XXsVBo0elRUJmwH32xDO4+OfnsXr1GtZlPF5CpL/Xyy75OWeccjKLly5ly9ZtuFzGbm3Yo1sFlm2TMlMcOOoAbrz2KpKJJHPnL2iR0/ujeOkgBC7DRft2xSxfsYpIJEIsHmfFqq9p164Yj8tFU9y/aZqcevLxHHH4oTz/8mukzJZ5IinT5LBDD+bMCafx4quTiUSi2emWZdG9W1euvvJyfvebX1JUVIhjOy0G6k3X9b6MIwTuTIjcP/5yM6eefAKJRJKPpn5CTk6QDz6eypy5CzAMFx9Pm97m+L3pmlYVBSEcBvbvS31DA1M/mZG12bsffPz9eU4URcFMNtBQOR3dW0het/GY0Wrq131EqbcDvxtYgRrfSjxfUOT3EatajqO4yCs/EHeoFEVztbhTCCGoKC/jnQ8/Zuu2KspKS7AsC13XWbpiFalkkvKyUj6cOh2f15tdzufzYma6vbZvV8wpJxzLYQeN4pe/v57Va9bSsV0xKduRT2CJRCKRNBtcO4QbG7nngf/gcbtZvmIlHTu2Z+IZp5JMpTji8MOYO28Bf771n/Tr24dIJMKaNev4xUXn06ljB0zTpEP79pSXd2H+goUMHzYYVVEYNmQQr73xdkbkeHFsJ9NFOYllWeTn5XH1737Db35/XbazsiBdPvbFl1/j85mzMAydSy++kHPP+hnLV67iiquup2ePbqyrXE8qmeLGG67GcRxef/MdRg4fxh+vvxpVVdiwcRMXX3YFn3z6GcccdQSO4zBl2nS2batiw8ZNbK2q4vLLfkFBfv4edXHeHZZl0a9vb4YNGcStt93J5LfeZfmKlfTr24chgwdiWTaWaWLZNp06diAnGMSy7eyba8dx+OzzL/hD419wHIfTTjmRcWOPZF6rNr+Azp078X9334vP6+WvN/+BYDBAMpni17+7mslvvsMBI4bjCMGateu49bY7icXjLFm2gvHjxnLowQd95+P9Ps/DhnAjd951DwF/AN3QuWDSWenQvkQCIQSnn3oS0z/7nNvuuIu7/+82UCCRSKDrOuedM5GZX87izrvu5W+33MjYIw5vw4bn07FjBxKJBMlkipSZ4oCRwzjhuHHc9+DD9OhWQe/ePfdb7wmZa6ip5G9TaduTThjPX/9xO5f//lo0VWPV6jVcc+XluD1u4okEyWQyc8wKl1x4HmvWrmPZilVZ70sylcqU+HY4a+IZfL16LdM/+6yFB2vegkX84ea/YFs23bt15ZyzfoYQgurtNdx6250oikr/vr05/dST9tkqsrZtZ+5H6X3TdZ3FS5cy+6u5/OHa33PYIQehKPD0cy/x/EuvMOnsiYAgkTlHm2wxf+EibvrL3zFNi3Fjj+CwQw/i1JOO5657H2DKJ9NxHIdly1ei3XjjjTd/L+JE1UhFtlDz9ZvkVxxDsP1QDHeQVGQrZmMleuNq1GQVrsRWrMZKNE8uyYZ12KlGDF8Rhq8YRdVbiJP27YpYuHgZUz+dSeeO7dF1nXkLFvHwk88xbMhAxo89gpVfr2Hp8pUMHTyQzVu28tJrb3LYQaOYOXsOVdXbKSzIY/6iJXw1dz4njR9HTk5I5p38CEgmk7skXu7pcg3hCDmhYKtvLhQFVKUpLOGbf9oS6rZts3HTFko6d8xW2/mpIu0hbbjv2zD9di8vN5dAIEBebi5jjzicSWdPJDc3F9u2MQydUQeMoLSkM6mkSWlJZ86fdBYHHzgq63UwDJ38/Dx69ezB8GFDEUKQn5dHcVEhhx1yEKFQCEcIFAVCwSB9+/ZG0zWKCgvo3q0rnTp2oGt5FxTA6/VSXFSIz+8jNyeH3r16UFxcxMGjR5Gbk4NlWQweOICLLzyPHt0qCEcixGIxxh9zFO3bFwMKOTkhCgvyyQmFKOncCY/HTVFhIR6PmwH9+3HBpLMZNKD/Hg9Av+k8NAyDA0YMIy8vD9uxOeSg0Zx/7lkE/H4cx0FRFDq0a0ffPr1RVbVFaVGXy0VRYSF+v49gMEj37hW0Ky7igBHDdrH5IQeNJplMUVNTw8EHjaZ3rx6oqorH46Zjxw64XS4qunbB0HUKC/Lx+bx07NCe0089iZOOH59N0N+Xz8NgMIDX6yUY8NO7Z098Ph8ej5v+/frQrriYvr16YdkWHdq3Jy83h2AgQL8+vWlXXETvXj1JpVKUdO5ETk4OB4wc3uZ5K0j3xenZoxudO3WkZ48eeLwefD4vnTp13CfHS990HjadU4Zh0KdXDzp17JAtm1xWWsLgAQPSOVtFhVww6SwOGDEcy073v3G5XfTp3YucUAi3202/vn0oKiygb5/e2QpfPbp3o7ioEFVVGdCvLwUFBfTt3TNb/KGwIB+vz4vP66G4uJhuFeWoqkphUSGhYAh/wEfnTh3T1/oPFOL1TechQEF+Pv369Un31wGqqrbTqWMHjhhzKC7DQFVVOnRoj8fjTp9roRD5eXn0zyyjael7WzAQwO/30bVLFzp36sDggQPo2aMbZsqiXXERE884FSWZTH4vZ5qi6iTqVrNx1r8o7nMGoc4Hkopvp2bF6yQbN2FGq2nX/xyEsKlZ8QrF/c5O9y/Z8AmpWBWdhv4Kd6gzwtnhWtY0ldq6Bp549kUWLV2OEIJ4PE4imeLft/2Z8rJStmzdxv2PPMnWqiqEIxg6eACTJp7B+x9P5c33PsS20hffaSeOZ9xRY75zNRLJD48QgnA4TE6mP8C3oaGhgfUb0xej1kqIn+kITNvBYffJkoJ0jKRbV9FaiSlNplLM/HIOo0YO3edrmu+Nm6C0h7Thvm7DXZowOk66CaPTMiTDMIzsiw3LsncZ2BuGgaapJBLppm6qqqZLujZrqNjUNK95s0LDMLKlgJuaMCo7NeJrStg1DAMlcx+yLCub1+F2u7EsM9tADsg0nXOyDeh2NGEU2WX/l+fhzvtnmjsaTTYN7pofdxPZRoAZmhoq7s7mTUUEmlfdMjKDpmQymW5GmU0Yb9m4cH84D5u++1Qy0wAw05izKYqkqcknQuByu0llmm422TmVSuI44hvP2+YNMHecR9Y+6zXZ0/th83O/OWn7aBkPQcvpTcfevI9O88aibpcr3agyY5udr+U2mzBqWroBafZzm1TK3IfPw10bqrb2WcvmsuzGFkr23G3RhDHT+PP7S4gXDporgC+/O9GqhaiuIMnwBhJ1XxNoP5S4shw72QCqhmr4MWM16N4C3MHOpKJVIHYVDbbtkJ+XwxW/vIhwYyOJRBJd0/j3g4/wf/c+xA2/v5z2xUXc8PtfU1vfgK5p5OXmAoITjh3L4YccSCQSwef1EQoFcWQyvKTNCxUSlsP/zdrMytooqd3032kSJy5VYUTHIBN6F1Hgde3XHXUlkp86tu0QtxPf+GLkm8rPmqZJ87GQ4zjEEy3Xmw7rSuyyXPPt7Dy9+bJNHcN33rfWlmk+b2vL/a9pa//ICKm2Brxt2XV3Nm/t8+Z2NHfqlL6/n4dN32/TW+94szFN8+9+Zzt/03mbTKb26Nzb3/hvzsOdl7Ftu4WAT+5kx52v5fT1v6vosGwbK27vR+ehvcuLi9Y+2/n498QWTU1hm0/63sSJEALNk0tu17HUr/uY6qXPY8Zr0TQ33rzuuIKdiWyaiWObhDqNBqBu7fs4ZoxQpxFonlxEK91IbTvtCg4Fg+QEg6iqym8vu4TnXnqNZStWUZifh6pqFBUUZPcj3T3exu/zEfD7sm9MJJK2UFFIWA5vrNpOp6CbfK/G7prjqopCTdzk8YXbGNEhRLHPhSO1iUQikUgkEsm34nssJSxQFA1PbjlFvU7HseKkIlupWTmZeN0qcruMwZPXFRwLzZ0LOPgKe0FG1GiGD3DaFD5NLiTbccgJBbns4vMwTStb5aM1l54M4ZJ8GxwBSVvwsz5FjOoUxNxN8ylDU/liU5ibZ6wnbjnsZ410JRKJRCKRSH7s4iSNomgYvkJQFFyhzviK+gAKqu5BUbSMjMnEn7pCO/7+FiExTYlNEsn/GlWBjgE33fK8pHYjTlyawvqGJP9NNcCm0no7x7LvLLKb5tu5ZruqqiDELmFk6XjiHevduRTknjai2tu0Zo/WPm9KoG06hm+armaqFuxs59bylFost9N6Wtunfc2e+4oN2zpfm2+vNZu3ts4f4h5vGAZ2poJUW+fBLjZqdp21eq22Ma35MTcda/Pt769IG/5vr+nWroXd3Yf+W1vu7nnR2vbaug80FT5o7X6U3cZOz689fSZ+V/u1tp3m5+LOx9TyHN3RK6a1c3p338nO6915f1qz4b5y/gnhtBie7zwuaeve3Vop6qZlWrOlvjcOSggnWxZYNfyAyNTobhlaJZChVpJ9D1sILCf9szsRY/+XN03TNDEtC7/Pl70JNcWke9zuzA0gnbQYT8Tx+3wtLv5INIquabjd7hYPj3giiWPbeL3edNGAxsb0+jO76fV6cLkM9jV9YpoWiWQCn9fb4oaWSCSxbRufL10qPBKJ4vN5szdGy7JIJJP4vOnPotFoOvnY7UZVVRKJBIlkkmAgkLWfaZrE4vHswLvpAen3+dA1LdM/qRGP241hGC0eMIZhEE8kiDRGUFSFnFAIVVX3iQfJD23DpupS8XgCr9fTwnbhcCNutyvb5dxxBJquEQwEUFUF23ZIJJOkkqkWiZd+v2+v2lDTNGZ+MYv27dtRWtKZxkgEl8uFq9mxKIpCNBZDQcHrcWM7DpFINDsg8/m8uN0uLMtucQ0qioLf58flMrAsC03TSKVSNIQb8Xo9BPx+TNNkytRPGDigH7m5ufvl4Fra8H8k8HSdRDJJYySCoRuEQgEcR2STjOPxOI2RKIauZyuQNh1rJBLFsi0UFPx+Hy6XK10EYHfT2nhepIs7pCubNYTD2LZNTjCEYehEYjGSySSqoqaLSDjpQWcgECCVSpFKmdl7jaqqqIpCYyRCIpHE7/fh9/uz296TZ+K3esmoqti2TUNDGMNlEAyku92nTJNkMpl9pgohaGyM4HIZmaRuk0QygXAEuqFnl3Mch2g0jmmlkyS8nnQ1s6YyxZqmZUpAh7Esi5xQKGtbIHN/yxQ1cLnw+/3ZUr2JVmzo9/t/8EaNpmmRTCbwN2tm2iQmGiMRvB4PeuY83fne7fN5aWxsTKdlZApwCOHgcrnxeNxZWzY9N7xez/ctTtrqfNmy7qrIiBWJ5KeGyzCY9dUc7n3gYW645kr69e2D4zg8eO8DaKrGb39zKZZpYRguXn7tFR55/Emuv+ZKxhx6SKa2us2tt91JONzIbX/7E95Mj59YLMZV1/+Rgvx8/nTjddQ3NPCrK65KF5HQdWzb5tJLLuCYo478xoTevW2P2V/N5V/33M8/b/0zJZ07Yds2brebx596hvkLFnPHP/6CZVn8/robGTVyOBdMOgtQmL9wEXff9xD/vvMf+H0+brn1n5SWdOZ3v7mM9Rs2cMNNf2Fg/3786tKLsg/1ufMXctsdd2HZFo7tpKuPuHRuuPr3DB86mFlfzeXaG2/m5BOO4xcXXZBN5tM0jWnTP+W5F1+hqno7Qgh69+rJr39xEe3bF2P/gL2T9gUbulwG1131O954+11isTi3/PE6fD4vb73zAY8+8RS3/e0Wtm+v4c+3/hNd13G73fTt05OLzp9Ep04deerZF3j+pVcIBoLYtk15l1L+cvMf8HjcOHshmUtVVWpqa7nr3gf4zWWX0LFDe6685g906tiBG6/7PYqioqoqVdXV/O7qGxg2dDC/v+LXLF+xkmtv/FO6QpKm0aFDe84/9yyGDh7Etqoqfv3bq0kkkng8bjp17MgFk85iQL++rKtcz7/uuZ/Va9fh9Xr5+aSzGXPYIbz6xlts2ryFc8+euE9dp9KGew9d15k1Zy5PPPUcm7dsweVyc9DokVww6Rx8Pi/Tps/guRdeZlt1NaqictCBB3D+OWeRm5tDJBrl6hv+yObNW3G7XXTs2IHzzjmTIYMGEolEWp22s52bPy/GH3M0m7ds5ZHHn+KrufNwbIcuZSVc/qtf8NnMWTz7/Evoup5+U65p5OaEeODuO/l46ic8/dyLPHjPv8jJCRGNRnnm+ZeYNn0G0ViM3NwcJpx6MuOOPgpNVb/xmdgkAvb0PKyrq+df99zPkqXL0Q2d0085iTMnnMpHUz7hkSee4oG77yQ/L49wuJFf/fYqTj35eM6ccDovvvI69z3wcLpss9fDsCGD+fl5Z+Fxe/jHHf9i/oJF+Pw+cnJCnHbSiRx1xGGoqsqmzZv5z6NPsmTpMpLJFF26lHLheecysH9fVE3N3N9eJRQM4vN6OGbskZz5s9N59Y23eOHFV3ex4b/v+DuBQOAHE9cuw+CrOfP462138KtfXMS4o48ilUrhcrl46533eeA/j3DjdVdz8IGjePKZ51vcu7t27cIN11zJn/76D9ZVbkAIB1VJi8Xjxh/DReefw2133MW8BQvxeD0UFxZy2ikn8r22/BSOiZUMYyXq2/5JhhF2in2zN6tE8j2jgG3ZrF1XyW13/pvt27ejaxqxWCz7NlpRVRojEaZMm45pWnz08TRM08q+6UkkEnw5+ys+/HgahmFg6DrvfzSFWbPnZsuXCkdQ3xDmpBPGc/vf/8zf/3ITQwcN2vcajynpbrvhcOMuN+JEIkm4sTH7HiPc2Mgjjz/F1E9m4Ha5ME2Tuvp6hOMAgkgkQiqVIpFIctsd/8YRgrPPPCPrSbAsix7dKvjzTddzzsQJJJJJfj7pbG7+w3V06VKKZdt8+PFUTNPkkxmfU1NTi6aly6J+NXcet/ztn5SVlHDT9Vdz5W8uoyAvL5PzpvzkbXjTH66lR/cKTjruWObMnceMz7+gsTHC408/y4jhQ+nerSuxeJxEMsmVV/yKyy+7hFmz5/LCy6+haSqxWJzcnBxuuek6bvvbn/jVpRdnHth75zlhGDpfzpqDy+ViQL++mKZFNBrlwynTmDV7Li5X+g3ya2+8nR2ANNkjGoly0fmTuOWP19MYjvDYk8+krzMB9Q1hTj35BP580w0kEnHuvv8hTNPkpdfeoKamjttv/TNnnnEaOTkhPB4Phxw0mumfzSQWi/3gb06lDX8YYbLq69X86S//IDcvl5tuuIafTzobl9uNruvMnTefP9/6Tyq6lnPzH67lgvPOZsrU6dx9/0PpayXT6O+wQw7K2CvJfQ8+kq1A1ea0jJ2bPy+GDRlMPB7nzrvuYfaceVx60QX84drfU9G1nEQixZGHH8o///5nDhg5HEc43HD177jmysvxejzE4wnq6upxRNrj9Z9Hn+T1N9/hjNNO5i833cCQQQP55//dzSeffobhcmHbu38mftuB9dvvf8CiJUv5y803cPEFkygsKEiXzk0mCYd33A+FENQ3NBCPJ9LRB7E4tm1z8x+u4fxzz+Ltd9/nnfc+wjAM6urqGTxoALf99U/07tmDu+59gC1btxKPx/nzrbezZu06Lv/VpfzxhmvQNZ0//fXvVG7YgK7rxGIx8nJzueWP13Hg6AN4+PGnWLBwMccceUSrNmweFfFDPVNM06Smto6nn3uR+voGDEOntq6eZ154kdq6ekzLznjbYy3u3Zf94kJ8Xi+XXXIhN11/FT6vl0ED+/OPv/2J444Zi2XZ1NbVMXjwAG695UZyckL87bY7vyfPiaIgbIvqZS+yfdnLpKJb276BeQsp6HkiRX0montyQaRdt62VEpZIfqwU5OdTX9/Av+55gFv+eD26pme9i7qus3DRYqq3b+fXv7yYx596lsrKSioqyjFNUBSVks6deP3Ntzn8sIMRjuCNt96lpHPHFg9jVVXx+3zkhIIoSg6hYGCfLHfc5Pb/ps/dLhedOnbg7vsfoqK8Cy6Xq8V0TdOINEa476GH2bx1K3//800UFhRkBZkQgmAwQFFRX1IpE8PQ6datgn59e2NZFlu3bWPWV3O46PxJTH77Xb6YNZsTxo/DtCzeff8jupSV8rvLL8Pn82HoOkeMOYxkMtGip8RP2YapVIqBA/sz7pixPPvCy3y9eg22ZXHOmROyAk7X9WyzwS4vlrKtqioTspMOmwsF0+EQOaHgXm2UJwQsWbacXj17EAqFqK9vwO1y0764mOdfepURw4eyefMWPvp4Gl3KSlt4/jVNIycnRF5eHj6/j6LCQjRNzfYk6dypI0MHD2LQwAG8/d4HpEwTVVGoq69n/YaNHDnmUIKBAMlkksEDB/Dci6+wvaaWTh077FdVJqUNvzuapvHx1E8wXAZXXfEr8vPzsy8cHOHw1rsfUN6ljMt/9Qu8Xg8jhw0lmUhy/38eYdJZP6OoqBBVUSgoyGf40CH07F7B3PkLd+SUtTpNgLLr8yIvL5flK1YyZ+58rr7yco49ZiypVIqhQwZlbVpWVsLs2XPweNLNCv1+XyZPLb0+TdOoqq7m3Q8+4tyzfsaE007Bskz69O7F11+v4e33PmDMYYcAym6fid92YI2AaDTK6jXrOPSQA8nPy8v2zNn5PqmqaovnptvtpnevnvTu3ZOHH32Cbduq0ue3AgUF+Qzo15fq7dt59/0PiUZjbNy4ma9Xr+HO2/7KsCGDcBxBSedOnH/xZUz9ZAa9e/YE0mFyPXt0x7IsXnp1MslUMh3+WNp5FxumUql9Ip8xPzeXcLiRd97/kPPPPYt333uZaCRKTiiUdTAoqrLLvVvPNPVMpUz8fj9FRYUMGTSARDyRLsWsQE5OiEEDBtC/7zw++2LW9yNOFBQcO0ntyjdJ1K3Gcdp+O2snG6lf+xG+wj64/B1QVBXdk4fmCvzwbyAlkr2AIxxyckJcetEF/OUft/PMcy+mcxdEujuT4zh88NFUenSrYNzYI3njrXeZOv1TenTvln7TaFuMG3skc+Yv4K2338MRAp/Py4hhQ1m1enX2Bq2qCk8+8zzPvfQKwzMhFM2Tk/cnhEgPjM85cwJTpn3Krbf/i1NPOg5N1Vq8MZsx8wsSiSRHjjmMruVddqllL3ZqPNfUlE3TVD77/EsEMH7cWCrXb+CDj6Zy9FFHYNsOVVXVdOtajs/rpb6+niefeQEhBEeOOZRePbpj7QcDoO/bhk15AWf/7HQu//11PPXsC/z+il/RsX17bDvt+TNNk0cee4pYPM7y5Sv53eW/QtM0NE2jcv0GfnvVdWi6zjW/+w2DBw3cK03gmvaroaGBLmWlmUaAAoHg9FNO5M133uOjKdNYsmw5FRXlFOTlZd9EK4qC7djccde9qKpCOBzmtJNPQNN00rUEFN5570PmzJ3PtOkzOOrIw/F6vZx60vFs3rKFW/95J/n5+fz215cyetRIcnNzUVBoaAjTuVPH/eb6lDb839jQsiyqqrdTWtIZv9+fHaSqqoppWVRVVdO1vCzd1DNl4jiCiq5d0DWd2vp6iouL0XWDj6Z8wvyFi1i/YSOXXnQBPq+XcGNjq9O8Xg/hcMMuz4vrrvod1dtr0HSdLmWlJJPJbAO9pmeIaaaveyF29A5xGUaLY6qtrUdVFLpVlJNKpTBNE5fLRXl5GYsWL80eY9vPxG9HKmVy7DFHsXZtJXff9yCPPvEUv7jo5xw//uh0SgE7ku13TrpXVIVYLMa/73uQLVu2Ut/QwOgDRiAcB0PXmTd/IX/9x+18/sVsenTvTnmXMhYtWYqh65R27kwikW4+mJebQ7viIqq31+CIdOjrps2bue6Pt7BmzTqOGnM4/fv2yTZc3dmG+8Y4RZCfn8cxY4/gjbfeYUD/vrz5zntMOO0U3nznvXRueUZQt37v3tHwNN0Ic0d1XUM3mD17Lr+84vesWbOOSy+64PsL6xKORTK8AccxURS1zR9wiNd+zZY5D7Dxi3+yec691H79NnYqgqzHKvmpYFkWQ4cM4pKLLuCJZ55j1ldz08mHqsqWrduYPWcum7ds5c5/30skGmX6p5/T0NiYTcDOyc1h4hmn8fxLr/Liy69x5oTT04mRTWEwAhxHcN45Z/L4Q/dy2SUX7fPCRNe0TNdYrfWbpeMQ8Pu59vdXUFtby38efSpbLQTSoU1HjjmM66+5kmnTZzD5zbdxuYw9GhTE4wmmfvIpyUSSu+55gK/XrGHx0mWsWbsOr9dDcXERa9dVkkylcLvdGC6dyW+9zder17S5vz8lG2ZfPtk2nTp24OADD6CwsIAxhx3SogmeEIJYPEFxURF/vukGjhxzaKZrsE2XslL+fec/uO9f/6Rvn97Ye/EhraRPhF2OpWPHDpx0wnjue+gRpn7yKeeceQaGy8gGJQsh0FSNK39zGc889hAnHjeeBx9+jHA4nHnepZu6GYbBZZdeyMUXTMKyLMrKSvnnrX/m4fvvJhQM8tIrk7FMK/t6bn98FEobfteXBwJd18jPz6Ny/QYi0Sgulyvb8d7tMiguLmTtuvWkTBOXYeB2uVhbuR7HcSgqLESIdCXT8i6luFzp6UOHDEJk3nO3Nq3pxcUuzwtFoSA/D8uyWFe5Pn3f03V0TWvVS9vWMeXn5+IIweo169LFETLhpOsq19O+XTvcblf2hUdrz8RvPajO2OKWm67nqccepHu3Cp5+7gXi8UQ24T6ZSOB2uzCtdIK8z+fLOAIUbMchFovTtbwL//jLnxg2dDCmmU7etiyLlGlxwnHH8Kc/XIvX66W4qAjLstiwaRMetxu32019Q5iqqmratytCVdLP3VAwRHlZKTW1tQwbOohAwL+PvygUmKbFUWMOJz8vj+tvvIXCggKOHHNYi3u6/V/cux3HoVPHDuTmhLAdm1Ejh3/POSc4e3CyOuieXNoPPI/SA6+nsMcpRLbOx0rUZW9EzdmTUIXm8zb/2TneNFs1oo3pEgmApijo6jf/aP/l+dP0JiGVMjn5+PEcM/ZIVq9Zg6KApqcTrxVFYeIZp3LAiOFMPP1UNm/dxpy587OJc6lUisMPPZiu5V3oWt6FQw4aTTKVapFz4DgO0ViUhoYw26qqCYcb981zXggsy2bV6jUsXrKUNevWNWum2vJ4UqZJWVkJv/31L9m6bVuLztu2baOqKieOH8cpJx7HvQ8+wuLFy9B1vc3vQAjQdY1ly1eyYuUqzjjtZEYfMJLTTzmJ/Lw8Pvh4KpqmMX7cWNZWVnL3fQ+xafMWDh49Cq/HK23YRsKmYRjpQVUzkdSU8HzJzydx5RWXMXLEsMw+pp8LqZRJQ0MjdfUNbNm6ba+FIAoh0A2DvNxcqqq3ZzxC6beZlmVx3LijyckJccCI4Qzq359UymwxqLAdm8ZII9Xbt1O9fTt2xoMkENkk0Ouu+i3HjTsat9uN4zg8+czzTH7zneyb05ycIIauU1tXhxCC3Nzc/crDKW34v8G2HcYcdgixWJw777qXhYsWM33GZ/zr7vtpbIww/pijWbN2LXff/xALFi3m9bfe4bEnn+HQgw+kY4f2GS+mSc/u3bj+6itJJJM8+J/HEMLJDK5bmdYUNrbT86K2vp6KinIG9OvD/f95lPc//Jgly5Zz74MPM3vOXHRdT0dQtXIfaPrMtm2KiwoZe+ThPPP8S7zy2mQWLVnK/Q89wuIlyxh/zFHour6bZ+K3e141jfFenfwWTz37ArF4PN3EO5RuW9GjezcMXefRJ55mztwFPPbkMyiKQp/evdLlp20bn9fLFb++lN9cdgkDB/TFtm0E6c7wgwcN4IZrfsc5EyeQn59HKpVk0IB+dC3vwu3/dzefzPiMWbPn8I87/oXX6+WwQw7OepkDAT8XXTCJY8YewT0P/If16zdmXyLt7l76Q17Ttm0RCPiZcNopxONxzjj1JPx+H3bGI9I0pm/t3t28jPPO16FpmZR07sxVv/0NBfn5/OOOf+2NUsI75Y8oO+oZNz1EFUDR3KDqCGFhJWoRtsXOYV3p8nbpkmVpN3GaRDJTHtPbcnAQiUSzJfNUVcHr8eD1erEsEyEgmUyRSKbdbqqiEAj4MXR9vwjJ+CnwXeua/08eDgI2R5J8XZfA3E0FJkNT2BxJIsS3DEYU6YFbMBjIXg8XnX8ulZUbcLlcxGJxZn81lyMPP4zjjxsHjsC0LGZ9NZcvvpzN6ANGEAwEsonwN//hmvT+6Douw8iW/VNVhdycEK9Ofos3334fy7a45MLzOTZTdWMfejmDy+XC43Fz930P4TgOvXv14G+33IjX6yUQCGRvI8FgAJfLIJlMMWrkcH5x0QW8Nvmt7HvbgN+fqe7kcMF557C2cj0PP/EUt9x4PV6vp8XNX9d1QsEgup5+OMz8chZdu3Zhwmkn4/N50VSNbduqmPbpZ9TU1DBsyCBuvO5qnn/pFa6+/iYc4dC7V8/sQ+2nbMOdvTRCCFwuF4GAf0deQea8D4WCOI6TLXHcRCDgp76hnhv/9Bcs26GspDN/veVGvB7PXntoD+jbhyeefY76+gZUVSMYDKBpKqFQiDv//tf0oFgIvB53Oq4+YwO/389Djz6BrmkU5Ofz21//koDfTzQaIxQKoqlqutxmZhCdLhNu8eQzz2OaJqWlJZw9cQKarjHrq7kUFxdRkJ+3X5bBlTb8bliWRZ+ePfjDtb/niWee44ab/oLP5+XAUSPRNJ1hQwZx3VVX8tyLL6WTyXWDww85iPPOOSv7/AwFgyiKQof27fjlxT/n3gf+w+yv5jGgf99Wp82aM5ce3SpafV6cMP4YrrziVzzw0GPclameVVbamSPHHJ59+eHxeAiFgjue34Db7SI3NycTAgYXX3AeHo+Hp559gWQqRV5uLlf/7jeMHjUSM5O71toz0TD0/6qwq6LA62++zfMvv0pxYSG//uXFaJpG504d+e1vfsnjTz3D9TfdQjAQ5PLLfkG3ruWYloXb7SIUCqZLrCeS2VBVlPS90e12k0ymWhSWCQQC/OG6q3jw4ce4/V/3YNs2ZaUl3HTDNXTu1BHLtvB4POlBvW1zwaSzWb5iFS+8/BqXX3YJCuxiw33hudw0TjFNi9GjRvDoQ/fSvl0xkUiEYDCQLRff1r3bp+uAQjAQwOvxtPhyAn4/upEuJ3/ZJRfy99v/DyWZTP7PR36KomIl6ln0/DHYqQiaK5j2gigKdrIR0SwHRVF1NHcO7kAH0FxY0SoU3UPFUf/Cm98N4eyoG711WxU33Xo7V//ml3Sr6IJl2bhcLl54ZTILFi/lxquvyL7RS6VM/nLb/7F2/Ua8Xk9GLQc47ugjOeyg0ei6ziuT3+aZl14lNycHx7Hp1LEj5591BuVlpftV0tyPVZQ0XfBNrty2RIoQgnA4TE5Ozre+mBsaGli/cQslnTu2ELyaolCbsBj7/CJKQy7yvcZu39yqCtTGbbZEUtxzdDeGtw9gOjviWZOpFDO/nMOokUNxu1wtjsWyLJLJVIsa8KlUCsu2cbtcRKJRvJ4dvSKaqoyYpoXP5yWRSGTKt+5IZm7yptjN+pxEY7EWdes9Hk/Whb63v9/d28MmkYin7S3S3iO/z0cylcK2LHw+H4J0uWS3y5V+Y6eksx4jkVjWjrF4HK1Zj45UKkU0GiMYDOziabVtm3hiR1+QWCyOpql4PJ6szS3bJhqNEvD70TQVXTdIJBI0hBtRFMjNycmW3ZQ2VFvua9P56vdlxXvzniot5s+8lUw2q5Wvauou/X2+TxuqqkpDOMxvfncNF/98EoccNJr6hnDWVs2vs0SmulFTj45YLI6TeSHn83rxeDzZWOtoLIYnU2lp57e7DQ1hEskkuTkhvF4PiUSSK6/9AwePHsXECaftk2VwpQ2//2u56WVTLB6nsTGC2+3OFjNpKucdi8UINzbidrnJyQlmwrLSzayjsTiGkS7XrQDhxgi6ruHxeIhGY7tM03QNr8dDJBrd5XnRVGHNsR3qGxpwhCA3J5S976Wv9fRg3ef3orDjWZ5KpfBlruGmSJVwYyPJRJJAwN+iz0mbz0TLxuNxf2sbappGY2OEWCwtbn0+b7Zwia7rRKNRGiPpe3sg4M/meZimSTKVavXe0/zeuDOapmHbNuFwGNtxWvQ5UYBEMpXtN9XUPyqZTBEI+FFVtVUb/vDPlB3fSVO0UVMD9Fgsng7zM3SSyeRu793pZ6uG2+1q1ZaqqhKNRr8/z4lAoKoGRl5XvPk90D25CMcium0+ibo1CNtE0Vx4crviyeuK7g7hOBaReE367VobHYebmjM1J5lKEd2lxJygIdzIuKMO5+TjxxGJRJk5aw73P/wkyWSK8UcfSTQWo2P7dtx07ZWkUinu+c9jPPTY09xyw1V7tTKMpOUFYlkWlZWVVFWlq2IUFxdTVlaWdffunRcFAq+ucna/IuZvixA17d3eIgQQcKmc2quAkqAb+1vspmGkGz45zdzpTWEwQghyQqEWHWaFELjdbjyZt8h+v7/VkB23251NrlMUhVAwuMv1tC+e44ah43KFWnzmOA4etxslc8wKZBtiNe9MGwzuqAUf2MkuhmGQl9d6IzZd1wgFg9lpfr8PRSFbulYIga5pmRcZ6fAv0zTRdZ3Cgvxmbm9b2rCVkI7m52tb533za6lp/p33f2/hOA65OTlcefllFBYWYttOC1s135emt4BNicqhULDFsTcNdJquwZ2vu6bzJhQKkqOEMqFP6XC6syeeQa+ePfa9kt/ShnsV07JwuVwUFRZkc0Wajr4poby4qDCbK5K1TeZ6zl7jQCi0w367m9bW86JJhOTl5e5y30tf666st7UJl8uVDb9rfi0HAwFCmXOi+ffzTc/Eb0tTGFUwGEBkzo3mg26v14vP580mobe1381pfm9sbXuKopCbm7vLOSwAj2fHs9lxHDyeHffHtmz4wz9Tdnwnzb9zZadz7Jvu3U25Nc3ttvNzxu/3f49hXYqCO7ccT343nGQjuitIonEjnrwKUuFNmKkohicHf/sBOGYM3ZNLIrwRX1FfnFQMRdForfdJmzknrYgZRVHweb2EgkH8Ph+nnjieWCzGS6+/xVGHH4KqqrhcLnJDQQyXi6PHHMYDjz5FPJHI3kQle5/KykoqKyuz33VlZSUAFRUVe+/BKsClKfxySEeSlsM3da8QmeluTUVXlW8VH9/aDa75363doJov09YNbOf17i8hDW3d8L/peL7t9JbTyFYb2THvnn1P++J9Yl+w4Xex3b5gV9u2GTxwAHZmALE7W++piPo20xRFYdTIEdiWtU+W/JY23PvXtL2b68Vu443YzjbZOedsT6d9l2u3rfn39NnV2jny34jlbzttd8f5Tc/Tb2Oj9EswsU8/V/bUFt+0763ZrbXz8HsRJwKBpnnIrzgGKxnGcYXwFw1M77SdwpNbni4X7MlDM4Lo7vzMdAdVc+Hyt0d3h9p80H1bgzbdJFVFYcig/rz1/kfU1tejqiqWZRFujJBMmbz38TS6lHbG6/FKYfIDkC2dWFXVokCBqqpUVVXtde8JgK4oGC7tW5z7IE8dieTHgfkDl/Hcn9/2SxtKJJL/euz1PUksFM1FfsU4YlULCK+fRmL7fEjVk19+FO37TUi7H22beP1aIhs/zUxvIFR+NJ7CvmiG/3sf5em6xtdr1nHtzX/DNE06dmjHheedjWHoMudEIsWGRCKRSCQSyY9CnGRw9CD17h5s80SJN6zH5R9AvdkJI5pD0OuiKOTF485jY9iibvsa3IGBOHoZ7XX/bsuy7ij/u2PU2LwsMNCstnn6N03TUFSVOfMX4fV6yc/NxTQtystKufryS/H5fYT8fnTDkMLkhxICQqDrOsXFxS3CuhzHyTST0qVHSyKRSCQSiUSKk2+HQrqb5BerN/PGgtWs3RbHNgMoqommzUfXVUryg5w+oicdcwI8v8pgyfoAmmZSvm4Fpw0TDCkrxqVru7y1tm2buvoGampqMS2bnJx00mcymaSmtg5d01AUBVem0kAsHifc2Eg43MjMWXN4/e33uPDcibhcLmzbxjB0OrQrRsv0i5DC5IenrKwMYJeE+O+TdDlK5Xtf9/e5nf0FaQ9pQ2lDaUOJtKG0obTh3hUnqkIkluLh6QsZ0LmIM0f0xu9JiwXTttlY28j89dW8PHslvxwziEvHDCOaGkQkkWLqsvW8PHsFJflBSvJD2Nm8E4Gmpcvf3fPQY+i6RjKV4vSTjic3J8SWbVVcf8vfIVNT//Jf/JyCgjze+2gq02bMRFUVckIhLrvwPA49aBQAbpcLv8+HLQRKK41hJHufJu9JRUUFpaWlwDeXEv5fkEyl0FT1e7vok2a6IWIylUq3/vkJn2vSHtKG0obShhJpQ2lDacM29+f76HOiqQpV4Rhn3Psmt5wymsN7lYKmAgrrq+t5aNpC+nUuZPHG7Vx82ABKi3IBAbbg42WV/Pujufz11IPp07EAy25ZBSAWj+PYTWX00mXLVEXNNlNMGzldGz1lmtm62aqi4vV68Hjcmc8gZZrpPhA7lT2T7DsXy56Iku/S5yQcDrN63Qa2bNuGcL6/C1EgsC0bTdf2Wt3yfVqESntIG0obShtKpA2lDaUNW+H7qdYlwKXrdG+fy+y1W/G5DQJuFz63gWU7xFMma7fXc0BFB2qiCcKJbSgoRJMms9ZuoUOOH59r106gipLuLrnzwBRo0dAF0nkKfl1v0S8lXUt7R+UQt8vVopeBZB+7UPaCak83sdI56rCD0bTvMQVLSYc7CmitQvZPUHlKe0gbShtKG0qkDaUNpQ1b2ZX/meekmQhID/jh05UbeO7L5azcWocjBAM6F3HlMcOpaozy6pyVzKusJp6yssbQVIVu7fM4Z1RvRnTtiFuXjRB/QGWwX4mY79IhfsPmrQzo2xtN0+T3LpFIJBKJRPID8r97VezYmc7uTQ3pFA7u1oEhJYUkTBsQ6JpKyOOiJNdLn3a5xM10Y6RmsgaPoeF3GyiKQFgm0ju3t0f6GXWpKPyUjC9FsEQikUgkEsmPQZwoCjg22iN3oSycD7reTGqAW1F2jHGbJdi4FYVcpfXBsRBCeuV+uFE6qCr2xZcj+g6GH7iBlkQikUgkEolEipNvO6JFWTgP9eOP0+LEsmjyn+yiZfZE7yAdJj+AKgFVBU0HTcM57SzE91S9SiKRSCQSiUQi+R7FCaAboOuIDu0QvfuBoqbj/1sNDxIgBEI48hvYV1BVlJpqlKVL0yJFChOJRCKRSCQSyX4rTgAsC9G7H9btD4KqYSXqsRL16XyUZqFdqCq6JxfdnQOKiiytsA9guFBnfIR+xS/2q2R4iUQikUgkEokUJ22jKKAZOMKiavlLxLcvRdgmzb0niqrjK+5LYa/TcPnbNxMnIp2TIj0qex9VS/9IJBKJRCKRSCQ/GnGSkSGOGaNxwwza9Z+EJ6/rjrfxikYqto26r98lXPkpvsLeKGp6NxTdhe7JQzN8yKyTHwDpMZFIJBKJRCKR/NjESXqg6yDsFN78CrwFPRGOk5Uu7mAnnGSU+sop1K19P5M7r6J78wh2GEZu+ZFoRoDWwr1UVcVxWnpW9rST+PdBU28M27bbnEdtkb8h/qumj4qioGkqoGBlKmipqoqqKFi72bZEIpFIJBKJRPKjECe7G/Rnp+129Wq6LLDjIJzMgFoBw3CRX3YgoeJeOFaSpspe8bqvqV/7AbkdhqB5crDtlmVsHSGIRqIEA/4WAiUeT6Aoyi5d4ptjGAa2be8ibL4LqqpSuX4DQkBZaedW1y2EINwYyYoXl8sgGAhg2/YeiylVVTBNi1WrNxCNxejbqwcul4ttVdWEGyNUlJfJM1kikUgkEolE8uMVJ7ZtE4vH8Xo86LqxkwxRME2TeCKBz+dD38Ou3AJoSFhsj5mkHAFKPkpT+JaiEncSbKuHSF2Mjm6THNeO9Wqaxvaqaq7/061ccM5EDjnwAFKpFLqu8dgzL1CQn8vZE04jlUrtIqoEMP2zL+heUU5xUWFaMDUTBoqiZP9Wdj7SNgSaoijous57H00jZZpcfumFOI7TYl2qqhKNxrjmpr8SjydwGTqqpnHU4Qdz0vhjUNW0eNt5Gy32R1GIxRLccc8D1NTW0btHd3pUdMXn8/H5rK+Yt3AJf7z6CjRNy66rtX1tS2RKJBKJRCKRSCT7tDhJD4jjzJ43nw7t2tG1vAselwuBQEEhkUqxZu06tmzbxvChg8nx+75xQ4qi0Ji0eHNVNVPW1BFOmTvPgbBTWImx5M6NM6TTBi4Z0hm3rmZTIYQQ1NbXc/8jT1BW0onSks4I4ZBIJEgmU+kD0jUcR2CaJm63GyHSv09++z0mnXkGHTu0J5VKZcPDVEXJNEXPDOoVBeE4aJqGqqokk0kMw0DTVCzLzgolIQSO42T/B9A1DdOyMn0M04LAcRyi0SjnTjyd0SOHMXvOfO556DE6d+rI6BHDEEJg2za2bWMYBgDJVAq3y5Xd1rRPP2fTlq3c9qc/kJ+flw2RcxyR9cioarp0cyKRxO12ZQWYpmkkk0l0XUfTtN2Gn0kkEolEIpFIJPucOAHweDy0b9eOFV+vxhGC7l3LcbvdJJNJvl6zllWr19CjWwUej2eP3sirCtTGUny2vp7jexTStziwa8q7ooCisqyqkUfmbeDs/h3x6hp2xpchhCA3J4fCgnzuuv9h/nzD1fgDPhRFyXoHVqxazVvvfUQ4EqVX9wpOPHYs7308jcoNm3j9rfdYvXYd22vrGNivDyOGDmbJshV8MOUTLpx0Jj6vl5def4sO7YsZ1K8vz73yOps2byEUCnHS+KPpXtGV9z+aRkNjmMoNG+nYvj0oSlYYfD57DrPmzGfSxNMJhYI7jl1VCQb8hIJBDj94NK+88TZr1lYSDjcSiUZZunwVA/v3ZuTQIbzw6htUb6+hqLCACaecQDKZ5O33P8aybF549Q1sx8ZluDh34mlome1qmkZtXT0vT36LLVu3UViQzxknn0B+Xi6vvPE2i5Ysw+f1ctwxR9G7Z3cpUCQSiUQikUgk+yStdtoTQmAYOt3Ku9C9oiurVq9h1Zq1NITDrMoIk+4VXelW3gVDNxB70KdEARKWQ23cpCLfR8itt7ZhNBx0DbbHTOydRI8QAl3Xueyi82mMxnjsmReAtDBRVZX6hjB33PMgJZ06MmniacxfuJh3P5pGaedOqKpCeZdSunfrSjjcyJRPZgAw44tZvPHOB6z8eg3xRIL3PppKwOvjvkeeYN36DZxy/LEE/X5uv/sBGiMRKjdu4slnX6KwIJ+B/fqgkM5nWbBoCQ888iQD+/UhJye0S/5JNBqjMRJh6oyZbN1WTY9uXZm/aAkvvPIG3Su6UFZSwp33PEgikeTUE8cTi8e5854HCQQCdGjfDp/XQ+9e3SkuKuT9KdOIJxJZUWbbNvc89Bg1tXWcd9bPAHj6hVdYsGgpk99+j5OPG8eojJdGIpFIJBKJRCLZV9ltQrzb5aJ713IUBZavXM2mTZuJxGL06tGNbuXluDOhXm3jgKKgqCoKCoqSrmxVnzB5Y2UVi6si2EKgKsoOlaRAXdyiJm6itZLKYts2RQV5XH7pz7npr/+kV49uGLqOpussXbGS7TW1xOJx5s5fhKbrrF1XybgjD8Pv9zFs8ED69OpBLJbgocefYltVFWvWVjJ65DDmL1yC4zgEA36KigpYsmwFf7zmt/Ts3o3uFeV8+dVclq1YhaooHDBiKBecPRGAz7/8illz5vHFrDmcO/F0xhx6EKlUaocoUxSEgMeffZEXX3sTx3GYePpJDBnYn/c+msqYQw/izNNPYcWq1WzcvIWrL/8lRUWFdOrQjsuv+SPRWIzyshKi8SiHHTSaTVu28Oa7H+5Ql6pKTV0dS5evYOSwIcyeMw8h4Os16zj0oNE4Dkz//AuOPuJwenQrz4amSSQSiUQikUgk+5U4EQjcLhfdyssRAlatXkPP7jsLkzaS4RUVRXMRr10NQqArEG9IYtsp/C6dI8oLGNExhwKfwfaYScxMexqCbo1Yyua2z9fSVsXdlGnSr3cvJp15Bo889Vw6XKpdMZZpkRMKUtG1C4amUVbaiQ7t2pEyTRxnR25Irx4VuF0uJr/9AV6vl1OOH8eTz71ETW0t/fr0yoaqeT0eIJ334XK5SCSSCATBQGBH8jnpEDiXy2Bb9fZdktIFAkWBCaecyKgRw3AZBqFQANt2EAJ8Pi8AsVgMVU1vJy0M3aiqSiKewHGcbH6JaVq7SkDbQdd1enXvRn5BHqUlnTjq8IPpUdGV66/8Ne99NIU/3XoHE08/iePHHdXqOiQSiUQikUgkkh8a9ZtmEAhcLhc9unVlzCEH0qNbV1zf4DERQqDqXoKdRlO78g02zvwnG2fexrYFj2In6olagmnr6pizJUzApTFnS5hXl23l1WVb+WpzA0V+A4+utRqG1CQwbNvm2LFHMHLYYBYuWYYQgu4V5ZimhaapDB08kJxQDpZto2cS2LfX1FLf0EAwEKBf71688Nob9OnVg769e2LZNjNnz2HEkMHk5eaQm5vDR9M+JRqL8dW8BTSEG+leUY5ttSxHbJkmvXt243e/+gVvv/8xUz6Zga7rzQ2I4zjk5eZSVFiA3+/DsuxswnrTuko6d0TXVKZ9NpNoLMbUTz/HZRh06tQBy3ZwmtmiaZmmZPq83FyKigqprqll6MD+lHbuhGXb1NTWEQwEuOKySxg0oC/LVqySZ7xEIpFIJBKJZJ9lD5swClyGgdtlIMSelKR1UDUXxX3PxErWg2OhqwoNNUm0r6L4dYXDuuRhO4I8r8HBpbn0LgwA0D5g4NHVFoPxpn1QVZVAwJ/1TCgKnH/WBNat3wSKQof27TjnZ6fx2NMv8OyLryOE4OwJp9CltIRRw4fy4GNPccDwofz6kgsYMqg/n8+azdBB/dF1nRFDBxFPJOleUY6u61xy3tk8/ORzzJ67ANMyOS9T6cswWubYeDxuUqZJ94pyLjhnAi++/ibdK8rp1LFD1osSDATQNDUrRpqS971eT7Y3S15eLhdNOounXniF9z6aiuM4XDjpTAJ+Py6Xgd+b9rA0t4Hb5cLr8eDxuLl40lk89PjTzJo7D8eyOXLMIQhH8MhTz+HxeEgmklw46UyZdyKRSCQSiUQi2WdRksnkdxutKkpafFx5Mer77+EcfQzWHQ+BqtOUrA4KuqqwpKqRm6au5LLhpXy+sR4hBKf0LuaVZVUsq44A0KcowMGledz8yWqePaU/7fzubGK8EIJ4PIHX68kO8NPlflMI4eB2u9FUlYbGRiKRKMFggIDfjxACy7Kobwjj83nxZsK24okEvsyg37IsLMvG43GnVZuuEYvFCTdG8Ho95ASD2I5DIpkEQVZUJFMpEGmRoigK4XAjbrcLw3ABIrvPLrcLPdNNvolEIomqqrhcRmabOo2RCNFojIDfRyDgx7LsdFiabePxeHCEIJGxgWVZWLad6UWjEYsnqK8P43a7yMsJgaLQGIkQboyQmxMi4Pe3XanL5UL99EP0yy9O2+Ouh3AOPgqa5c/sqwghCIfD5OTkZM+LPaWhoYENm7fSv0+vlh4viUQikUgkEsle5/sdjQkn26PEQUFXBT5DY3MkyZAOIRQgmnIY3jFE34znxOvS2NyYJODS0FR1Jx2kENipO7zjONnBvRACy7YJBgKEggGE2BECpes6xYUFOJlwKkVRCPh3rMswDFwuAyeT6GJZNm63m3YeDwKwMoN6j9ud3dbOfwshCIWCLZo8Nu3zzo0fIe05ab4uy7Lw+7wEfD4EIpu83tTzRGSKBzTZwOVy4QYckZ7X7XLRoX3RjuMWopkthCwhLJFIJBKJRCL5iYkTVQWXC5SWXgIB5If8DCot4LkVtUQzSdmOSPdAaeoULxAEXDoHdC3G5/fi7FSyy2lNA+30d1vz2LuZT7SyntaWEf/Ftp22tNseztvWNnbe5286xm8+Gwx5RUgkEolEIpFIfiTiRFVRaqtRP/0IVA128hTkAZfaDufm29hO29FkmqrgS23F/Xk6gVuR39NeOBN0lMVz0wpHlRaXSCQSiUQikezP4kQI0DSUxUvRr/hFRlLsLEAUDAV836Q4RPP/ZQL33kEhEw+2i9dLIpFIJBKJRCLZv8SJpoKupf9vU1SInYSHZN+hKb5OA01LFzqQSCQSiUQikUj2O3GiqNgXXY5z6lnpnBPJ/o2iIHr2A0s2a5RIJBKJRCKR7E/iRKS7xIu+QxA/YK5C05alQ+Z/hGWlQ7wkEolEIpFIJJL9RpxkB7PmD3IAQtjYiXqsVLpPiu4KonlyURTpwZFIJBKJRCKRSH6a4mSvoyCERaJ+LfVrPiRetxqEgze/G7nlR+HJ7Yqi6khfikQikUgkEolEsn+w37oXFEXBTtRTv+YDUKC4788o6n06Aqhd/TZWom6Pu4UrioKqqmiahqqqO7rPK8o3dg1XVXWXzu+7VYN6ehtNy2Z/9qEE9BY2aL6PrTTF1DS1xfz/i++1aVuKTMqXSCQSiUQi+Umx33pOFFXHNuPE61ZT1GcCwY4jAAXF8FC16GkcK46i6gg7tdv1aJqKENDYGKExEsHlcpOfl4OuadTU1bF1WzXdK8rRNG2XDu+qqrJl2zai0Rhdu5R94z4LIVixcjU5OSEKC/IJhxuxM3kdHrcbv9+H9S2S0DVNQ1GUb7XMNy0rhCDcGMHjdqHrOpFIFDMzj2HoBAMBHMdJL2vbVFXXomka+Xm5KIqyi42+DYauE08kaQiHAQiFgnjcbtnZXiKRSCQSiUSKk31WliCEjRmvIVG/BjNWhZ2KkKhbA4qClajHjFWTqF+L7slFNfwoikZr4V2aplFbV88Tz73EoiVLcQQ4tkNFeSm/uOBc1lSu57mXXufWm6/Dp2kIyL7NF0Kg6zqffvYly1et4g9X/RZVVXF2SiJv/vbftm0ee/ZFDh41ktEjh/Lb627OeAoU3C4XJxx7DEcdfnB2/ellBUK03G7Tvq/8ejWRaJQhAwdkB/A7z7fzfggh2lxWVVUikSjX3vxXzpt4OsOHDubv/3cP6zduwuPxoChwwLAhnD3hNCLRKHc/+Ahr1q1HURR6dq/gN5dcgM/nxXHE7vdDiF2+DV3XmT13Pk+/+Bp19fVomkqHdu2YeNqJ9OvdC9txmtmE7ySCJBKJRCKRSCRSnPxvpImiYCXCVC97keiWuThmjOolz6PqHgAcK4FjRqle/CyxmuUU9T4Dw5vf6iA5kUjwz3/fR2NjlMsvvZCyks5Ub69l2qefk0wmEUK0GLhrqkIikUTX9Wy4l+M4mf6TGqZp4XIZ2LaNooCmaiSS6fk1TcOyLGzbzqzXIZVKcdVvLqWiazlTpn/Gw088Q9cuJfTo1hUFBdO0cITA5dJxHIFpmrjdbhzHQdM0Zs2ZT7gxwvAhgzOfqS3ma9qWoetYto1l27hdLlRV3WXZJvsIIbLekrQXpZFxRx3OiePHsXzlKv757/sp6dSJ7bW11DeEufNvNxGLxZm7YHFGOCgYhkYikUTTNHRdx7KsbKhWMpnEZRhpsZYRcrqus2TZcv7+f/dyzJGHc/QRh7J582Y2b97C5k0bcekaXbp0weUySCZT2fC7JiGoyvLVEolEIpFIJFKc/EDqBDtRT6xqEUX9zsSTW45jxjHj2wEwvIWohpdE/Vq2L3sJu3wshq9gF8eJrut89sUsVq+t5Pa//JHyslIsy6IgL49ePboBsH7j5mwORDQW59U33mbVmnV4vR7GHXk4QwYNQNM06sONPPzEs1Ru2Ejf3j057cTxNEaiTH77fVavXYff7+Os00+hY4d2LTwpqqoSCgbJzQkx7sjDePWNt1mzbj2Lli5H0zS+mruAIw87mPKyEl56/S3CjY107tiRn512Ips2beWL2XMRQvDwE89w4vijqa2r5413PiAcidKre1dOGj8On8/DnHkLee+jT0hZKfr16km3rl348qt5OI7Dw088w/ijj6SosKDFfjXtp6Io+Lw+QsEAI4YOpnfP7qxbvx4UBcMw8HjcFBcV0SVjv1TK5K33PmTJ8pW43S5OGHcUfXv3orqmhpdee5Ot26rJzQlx8vHjKCvphG07OI7D5Hc+oG/vnlx03lmsXr2aSGOY3JwgQgjWr19PQ7iRL+YsIBaLoWoa448+gj49e2CaJq+/9S4jhgwiNzdXXtESiUQikUgk+zH74SvndFiXcCw8oVK8BRXo3nxqVk6mZuVkdG8+3oIKPKFShGMhhM2OLijNNY7C6rXrKenUiY7t22GaJpZtU1ffQF19PaZpNm0OBYWnXniZ2fMWcNJxx9CltIQ77n2IzVu2YhgGGzdtpqiogCMOO5g33/2AT2d+SVVVNalUklNPPJZoNMYzL72K0ywsqYnGSJRwYyPvfjiVRCJJWWlnPvtiNpPffp8hg/qTEwrxj3/dR04oyCnHH8uaykrue/gJQqEAfr+Pgvw8evfsQbgxyh13P0BJp45Mmnga8xYu4YMp09i0eSt33vsQ5V1KOGHcWDRNJRAI4Pell+3Vswdut3u3YVLxRILGSITZc+ezdPlKupSWMOaQg9hWvZ1fXXkD9z/yJOs3bETXdV5/610++WwmE087if59enPfI09SV1/Pg488xbr1Gznl+GMp71JKPJ4A0sIvnkiwtnIDgwb0BSHYvHkz0DKEbevWrfj9Xg49eDSJRILX3noPVVXZsGkzb7z7Yca28oKWSCQSiUQi2Z/Zz0sJ2+CQFSvpAe2Oz1oTJS0Fyo7fNVWlpraOv//fPWyrqubM006mqKgARVGIRCPMmbeASWdNYNjggQzs25svv5rLnPkLURTo3bM7J48/BkVVmb9wMQsWLeXIww6hS1kJW7dV07FDO1asWk0ymcxuU1UVUqbJv+7/D4auo6oqF513Fl27lOE4DscdfQSnnXgcn37+BclUirPOOIVAIIDb4+Yvt91FKBikrKQzuq5z4AHDmfrpZ1RtryEWjzN3/iIMXWfd+o2Ylk274iLOOPl4DENn2OCBAHTq1AG3y8VBBwzHNM0W+RzNBZyuabzxzvtMm/E5lmVzzBGHcciBB+D1eLj9zzfy+Zdf8cGUT/hq3nxuvvZKZs9bgNfrZeHipcQScSKRKEuWrWTl6jXccNXl9OrejcED+2HbNrZtp0OyhMj8tP49OY5Dbk6IY485GsPlwu/zcesd/2bzlq18MmMmPbp1JScURDjf+JVLJBKJRCKRSKQ4+f4QQmB4C+g86moADG/BHiVLCyHo1rUL73wwhS3bttGltJSCvFxuuvZK7rr/YWrr6ykuLswMjgWmZeHzpPNaFFXB43aTSCSzA3jHcdCaygorsHDxUh59+nlKO3ciGotlBuHNtu+kc0EuOf9selR0xePxEAj4icXjqKqK3+8DIBKN4Xa70DLlir2ZfUiZKRzHRoj056ZpkRMMUtG1C4amUVbaidLOnflgyid43G5URcG2HVRVQVHUbD5Kky3aspFl2xxz5OEcP24suqYRCqVDrWzHoX27Yk454VgOO2gUv7rqBlatXouiKJSVdKKstATLMhk6cACeTJ6Mz+NBiHSOTpMxHMfB6/VSVtqZ+YsWc8oJx9KxY0fWrl2brf4lhCAaT5CyLBRFoVePbnQpLeGFV99g1eo1nHfWBHRNQyBQpDqRSCQSiUQi2W/ZjzOJBSgKiqqg6h48oRI8oRJU3YOiKm1W6GrCsiyGDxlEj+5d+edd97No8VKi8TjxeJztNbWZgXG6epff56NLaSlTpn9GJBplyfKVrN+4ib69e+I4Dpu3bKW6ppbK9RuZu3AxPbp15c33PqSsc2d+edF5lJeWZMvxOpnBtsgM/osKCigqKsDrdWfL+jqOyCZ79+jWlbq6er6av5BoLMbH0z6lID+XnJwcFFWlIRymtq4+nTNj22iaytDBA8kJ5ZBMpejXuydr1lWyZPlKItEoX8yeRzyRwDB0GsJhamrrdikn3DxB3nEcQsEgRYUFBIPpMsKmZfHEsy/y4dTpNITDLFiyFNtxqCgvo1vXLmzeso1ePbrRt1dPkqkkRYUFhIIBPpgynXg8wdLlK1lbuaFFv5cTxo1l0ZJlPPT40xguN8FQDg3hRhRFYfO27cxfsjwjQMBlGBxz5OG8++EUfD4f/fv0ytpXIpFIJBKJRLL/sl96ThRVQ1FU4nVfZ3TKTiJE0UiGK1FUPSNSWpE2QuByufj9r3/Bsy+9xr8eeDgrCko6dWT0yOFsr6nB7/Oh6zrnnz2B+x9+gt/fcAuWbXHScePo06s7K1Z9jcvl4o67H6SmtpZ+fXpy2MEH4jiCV998l7/+818Yuk5hfh4o4Pd6cbkMVEUhGAigKGkB1Lz8rt/vzVa06lLamXMnns4Tz77Isy++imEYXHz+2Ri6zvDBA7n/4Se4+dbbufryX3LemWfw2NMv8OyLryOE4OwJpzBqxFDGjR3D/933H7weNx3ataNfn56MHDKYe//zGH/6+x387leXUNKpYza0KxgIYGS2H/D7MZpVJlMUBU1Vyc/L5flXXueZF15BAGefcQolnTtx2onjufc/j/P7P/wJVVGpKC+jT6+eXDTpLB58/GnmLliIoqhMOvP0bAibZVkM6Nebqy7/Jc++9DozZs7CMAxKOnXgvLMmUBuOYW+pytrHtm0GD+hHfl4uYw45EI/HQyQSkVezRCKRSCQSyX6Okkwm96uGEYqiYsZrqF76AtGqRbSVaKCoGr6ivhT1mZAJ9XJaXV9TZarGxgiRWBS34SIUCmIYBolEgpRp4vV40HWdZDJJfTiM2+UiNycHx3FIplIoQCKZJGWaFOTloappr8v2mlocx6GwIJ9kKoXb5cqWFtY1jVg8gdfj3qUUbjyeQDf0rCjQNI1wYyPxeIJQMIjP58GybBRFob4hDAhCoRCGrtEQbiQSiRIMBgj4/VnBUVuXTvLPz8vNlkHOLhsMtugfEo8ncLld6JqW3hddy4qVrKrVdRojESKRSLqaVyiIbdtoqopl29TU1aMA+Xm52TLC0ViMhoZwdt927gmTbsKYoCHcmKlkFsDlchFPJHBsG08mpM0wDL6YNYfHnnmBf/zpBgJ+H/UNDWlv0rfMim9oaGDD5q3079MraxeJRCKRSCQSiRQne7rLCGFjJ8NYyXpw2ugermjonlw0d+gbQ7x2iJSm3GyRHdQripIdRDf9DbT4rPn/TctCOsm+KXyraZqqKNnPWmvamN4XJbsfLfaPHWFhzT9vvj/Nj6P5ultbfudlm8/bdByt7UtrNmu+DkVRWhznju0pO8LlHKcN8ansYstdGlCqKv954llyc0NMOOVEUqkU4XBYihOJRCKRSCQSKU5+qD1XUZTdp8wI4WQ8K5IfG8lkEpfLhaooOEJIcSKRSCQSiUTyI2D/HY0Jp81QLcmPn6YQrz2pzCaRSCQSiUQikeJEIvn+tKkUJRKJRCKRSCQ/OlRpAolEIpFIJBKJRCLFiUQikUgkEolEIpFIcSKRSCQSiUQikUikOPnOKNlGjG3OoagoqkZrPVAkEolEIpFIJBLJvsf+lxCvKDhWglR4G7rhx/C3a3U2M7oN24xi+Nuh6p5du8hLJBKJRCKRSCQSKU6+mzbRSEW3snnWXWiuIO0GnJcRHk3iQwFFYevCx7FTjXQacTne3AqEsFpdX/NGiM2bD6a3taMJY/PmgE2InRoi7thHJfsjhGiz4aBEIpFIJBKJRCLZj8WJEDbuYGfyKo5l85x7iU25BsNb2GIeM74dxzHpOPQy3MHOCGG3sS5BuDGC1+NB01TCjRE8bhe6rmeFRX1DGJ/Pi23ZpFKpFn3mfV4PhuGiefd5w9CJxROEwxFMM0VuTohAwI9l2W0ek2EY2LYtRYxEIpFIJBKJRIqT/UydoKgGeV2PxoptJ7xxBp1G/h6a8k+Ew6YvbyfU+SDyuh6dFg6tNGvUNI2t26r4499u55orLqNDu2KuvfmvnDfxDEaNHIZwHB59+nmWrljFtb/9FU+/8AozZ88l4PdlvSUXTTqT0SOHY5omCqBqKtNmfMHLr71JOBJBAC5D54RxYzl27BEtPC9N6xDA9M++oHtFOcVFhVmB0jRvcy9OW709mk/7puV2N69EIpFIJBKJRCLFybdBUXCsOFa8Lh2qpWitzKMhhEWqcRO6N6/NnBMhBJFINCsIIpEolm2jKAqvvPkuU6Z/xh+uvoKiwgJq6uo4ePQIzjvzDFIpEwCv14Nppn/XdZ0ZX3zJv+77D6eecCxjDj0It8tg1lfzaIzGEEJgGAaWZWFZFm63G8dxsCyLyW+/x6Qzz6Bjh/aYpomu6ySTSRRFwWUYpEyzRZhYc1HRXGwYhpH17rgMI7tvTaFrzcVR0zZ0XUfTNGzblleDRCKRSCQSiUSKk2+nTTRSkS1sW/Aose1LseJ1bJx5W4t54rUrSEU2Ea9dSbuBF+DN67bbnJMdv2u4XAaffDaT51+dzO9/fSl9evbANFMoikLQ7ycUDGbnT6VSmX1SSCSTvPT62xx+8CjOnXg6jm0jgPHHHIUQAtuymDnrK6Z++jkN4UZGjRjKsUcezlvvfUjlhk28+ua7rFu/kWOOPIx3PviYr+YuQFEVxh15OO3aFfPqG+9w3lkTCAX8vPLGO7hcLk44diw1NbU889KrnHHyCcyet4A58xaSMk1OHn8M5V1KeeLZFzn9pOPp3KkDyWSSJ559kVEjhrF2/QbmLViEz+vluGOOonfP7lKgSCQSiUQikUikOPk2CGHjCnSgw5BLqVv7IZEts+k0/HJ2VEV22DT7LgIdhpNXfhS6N7/NnJOWoif9/4uvvcnayg1ceO5EDhg+JOt9MHSD2XMXYFo2yWSSgf16c+ABw7HttEciGouzrWo7Z5x0PCCwbJtkKpX1hOiaxoqVqxk8oC+apvPIk8/SvWs5nTt1RFUVKsrLqOhaxtTpn/HKG2/zm0t+TkNjI/954ll+84ufM3/REpYuX8Gg/n15/a33cHvcHDt2DHMXLGLl12uxbIuNmzZz9BGHsmTZCh549Elu/+sf2bxlK+99NIVLLjiXxUtX8NW8hXQt78Krb7zD7y67mHBjRIZ1SSQSiUQikUj2Cfa/PidCoGoePHlluAMd0NwhvPk98RZkfvJ7orlDuAMd8OSVoWrfpoywID8vl3ZFhSxYvDQbWpWeItA0FZfLwO1yoWt6qwInk82Boeu888HHXH7tH7n2pr9iWRbnnXUGQwcNJDcnhMftYfPWbQzq3xefz8fwIYPo17sXs+ctwO12s3zVatZv3IRpWdTXNzC4f18WLVnG4mUr6NC+GJ/Hw4pVq1m0dDmDB/SlpFMnLjznTEo6d6Rzp45EY3Esy+b4cWP5fNZX1Dc08PH0GYwaMZTyslIsy2L651/QrriIvr17SK+JRCKRSCQSieQHR98/d1sgHBDpfxCO1SIhHiEQwsnkwe+ZMGnSL2PHHEr7dkVce9PfePL5l7nwnIlYtsC0LIYM6s95Z56RXaYprEsIgd/vpX27YubMX8DBo0ciEBx/zFF0Ky/n/+57iFg8wZPPv0zlhk10ryhH1VQQaQ9L83LDlmXTsX07unYpxTRN+l7cg24V5TjC4eXJb1MfDnPgAcNpCDfywZRPWL2ukssuPI9t26q59+HHMXSN4qJCVFUllUoxcthgXnj1DZ57+XVWr1nHGScdT0XXLlz/+9/w/kdT+dOtdzDx9JM4ftxRmKYlrwiJRCKRSCQSyQ+Guj/vvKKoaXdF807xmc921z2+Oc3L9zqOQzyeoLRzZ3532SW888EU3nr/o3RpYQGNkSjhxka219SyvaYW07Ky4sTtcjPhlBP4ZMYXPPPiq1RX12BZFlXV1Ti2w7r1G5j++ZdcdtF5HH/0USiAIwRqJqG9ensNkUiE3j26sXVbNV1KOzOwX9/s/vXv25u6+gbmLVzCiKGDGTqoP5/OnIWqKPTsXsGUT2dQW1/P5b+8iOFDB2PbFo7j4PP5OOrwQ3jx1Tfp1rULXcpK2FZVTSgQ4IrLLmHQgL4sW7FKXgkSiUQikUgkkh+c/dNzkqnYlYpuw0o0YMa3Y/jSvU7M2HasRAOp6DYcK46i6m2EdQlUVSUYDKBpaSETDAQwDB0hBMOGDOTSn5/D08+/SnlZKUUF+cz4fBbzFyzO5mhc2KyUsGVZjBw2mKsuv5SXX3+LD6dORyFdFeuE8UdTUV5Gl5LO3P3go+SGguTl5WDoOh6Ph1HDh/LgY0+xaOkwzp14Ohs2beH6P/0dXddp366IX5Z0pqiwgCED+7O9tpbiokJyc0J0aFfMsMED0XWdfr17MfXTz/n7/92D1+OhfbviTLK/YOSwwTz78muMOfSgbAnlR556Fo/HSzKR5MJJZ/5o806aN89sq2mmRCKRSCQSiWQfGbslk8n9brSmqDrx2hVsmvUvzHgNRX0mUtDjBABqVr5B9dLnMLwFdBpxBd78numwr9bkiRDE4nG8Hg+qqhKLxXG5XehaujyxqqqEw43oRropYyqVaqFzvB4PhmGwcxPGRCJJuDGCZVkEAn6CgUDaK5NIUFNbR25OCJfhQgiBy5UuL9zU7NHvS/dRqamtw3Fs8nJzM4KJ7Pbd7vSyyWQSVdMwdB1VVWkINxKJRCkqzMd2HAxdx+128+a7HzB1+mf87abrMAwjXUI5GiXcGEk3ifT79+ucEyEE4XCYnJycrBBpKrHc2NhIJBIBIBAIEAqFsssANDQ0sGHzVvr36YWu6/KOIJFIJBKJRCLFybfdawXHjGPGqhDCQXOFMLz5AJjxWuxUGEVRMXzFqIZ3twnxTT1Amn7f+e1602dNA96dB8WtvYlveluvKOlNN2+sqKoqwnGycqapV4mqKDiZ9WWXh+xnzbff9LeqKgjR/G8VRVHSPU0yksm2be66/2EGDejL2DGHteh9kt4/gePs396EncWJoihYlsX69evZtm1bVnhpmka7du0oKytD0zSEEFKcSCQSiUQikUhx8j/ZdRRVBZRMYnwmd0RRM/kmAuE47GlC/I8VIQTJVAqP2/2jPsadxcmmTZtYu3Ztq2FdXbt2pVOnTjiOI8WJRCKRSCQSyT7EfpwQLxCOnQ7ZEk6zjx2EYyEc+ycvTCDtbfF6PCg/oeN1HIft27dn/24+DWD79u2ydLJEIpFIJBKJFCeSH0TGCfGTkmm2bZNKpXYJw2sSKMlkUooTiUQikUgkEilOJJK9J8j+m2kSiUQikUgkEilOJBKJRCKRSCQSyU+cH0UGcLYZI2S7w0skEolEIpFIJBIpTvYqQthY8RqsVLqXhe4Konly97hDvEQikUgkEolEIpHi5DuiIIRFon4t9Ws+JF63GoSDN78bueVH4cntmu4OLyt2SSQSiUQikUgk+wX7rXtBURTsRD31az4ABYr7/oyi3qcjgNrVb2Ml6lqt1rSLAVS1xe87fpRdtqdparbR4f/qGDT1f7tOiUQikUgkEolkf2W/9Zwoqo5txonXraaozwSCHUcACorhoWrR0zhWHEXVEXaqzXUIIQg3RvB6PGiaSrgxki0x63IZBAMBbNtGVVWSySS1dfW43S5yM83+vkvVJ0PXicbjhBsaUTWV3JwQhmF85xK3iqJg6DqpTCf4/ZnmzRMlEolEIpFIJFKc7ItDVoSwMeM1JOrXYMaqsFMREnVrQFGwEvWYsWoS9WvRPbmohh9F0dg5vEvTNLZuq+KPf7uda664jI7ti7nmpr8SjydwGTqqpnHU4Qdz6gnj2bhpM3c/9BjbqqoBGD5kIBefdzaapiGEaHMQ3ZqAURRQFZUp0z/npclvEo3GAOjQrpjzz/oZPbt3xbLtFp6U5utQFBAClMwRNd+2qqo0NISZt3AxB40akd2//W2g37SvZkZgGYYhRYpEIpFIJBKJFCf75sDVSoSpXvYi0S1zccwY1UueR9U9ADhWAseMUr34WWI1yynqfQaGN7/Vga0QgkgkiuM4CAHRaJRzJ57O6JHDmD1nPvf853HKSjoz88uv8Ho8/Pu2P7Otqpqv16zDEQJdUdA1jUQyiWEYqKqKbdtomgZAKpXC5XIhhMBx0hXEdE3n05mz+PeDjzDhlBMYc8iBmKbJlOkziESjoChZUWGaJpqmoaoqjuOgKAoK4AgHRVUxdB3TNBFCZLe/YfMW3vlwCgeNGoGqKAhFyXp+DMNA01Qsy963v1/LorKykqqqKgCKi4spKytD13UpUCQSiUQikUikONmnRq/YiXpiVYso6ncmntxyHDOOGd8OgOEtRDW8JOrXsn3ZS9jlYzF8BW3mxe+ccxIM+AkFgxx+8GheffMdvl69lmg8jtvtwuvx0KtHd3r16I5lWUSiUV57813WVq4nFAxyygnHUl5awoZNm3ll8tvU1jfQrriI004cT2FBWiAlkkleeeNtDj94NGeefnI2jGvSxDNAUXjvw6k0NIbZsHEzXq+HZCLF2CMOpU+vHliWxTMvvU5ZSSeqa2owDIOVq9bQ0NjIyccdTVlJCZPffo/NW7fxwKNPcvjBB1Fa0pHnX5nMps1bCIVCnDR+LBXl5ft0h/TKykoqKyuz301lZSUAFRUV8oqVSCQSiUQi+RGzHybEp8O6hGPhCZXiLahA9+ZTs3IyNSsno3vz8RZU4AmVIhwLIWzSQVB7RjQaozESYeqMmWzeuo1ePbtz1OGHsmDxUi678noef/YFqqq3o6oqjz/7IstWrOLciWfQvl0RDz76FA3hRv5138PEE0lOPXE87YuLSCSTKEraKxCLx9lWVc2Qgf0BsG0b27azOSJr12/gyWdfoiA/j1EjhhGLx3jtrffSXpGNm3l/yjTaFRfx2RezmTr9Mw4ePZLSkk7c+5/HSSZT5Obk4PV66NO7J3m5Odz70GOsW7+BU44/lqDfz+13P0hdfUMLUbbv6M6016SqqipbJEDJeH6qqqqwLEsWDpBIJBKJRCL5EbOflxK2wSErVoAWn30bUdKUy/H4sy/y4mtv4jgOZ552MgP69kbXde74yx/57IvZvD/lExYsXMo1v72MufMXUdGljDnzF5BIpNi6rYrFy5azrbqaa3/3K4qLChnUvy+WZWHbTlYQ7C4ySTgOB4wYyvln/wwATVO59Y672bxlK1M//Zx+vXtSUV6GqigcOeYQRo8cRp+e3fl0xhc0hMP0692Dyg0bOeKQg6irq2fJ8pXcfN2V9Ozeje4V5Xzx1VyWrljJIaNHkkrJZpUSiUQikUgkEilO/mcIITC8BXQedTUAhrfgv8pLECItUCacciKjRgzDZRgEA35sx0EIQWlJZ0pLOjN65DCuuvEvbN66DU1VqehaRllJZxzH4cADhhOJRFAUBbfLlc0zab6vPq+X4qIC5s5fyCEHHpDNT2mesB4MBBBCYFkWvXp0p0tpCS+8+gYrV6/hwnMmphPtYceymdLHlmVl80kcx8l4YxS8Hk9G6Gi4XS4SicS3Em5787vUdZ3i4uIWYV2O41BcXLxXck4cxyGZTOLxeKSXRiKRSCQSiWQvsx+3UU+rCUVVUHUPnlAJnlAJqu5BUZVWK3S1NRht/ntebi5FhQX4/T5sxyEeT3D/I08yc9ZXhMONzF2wGI/HRUmnjpR3KWXL1ioG9OtD94pyEskkpSWdURSFqZ9+RjyeYMGiJWzZlg5TEkLg8Xg4+bhxfDz9M5596VWqt9ewraqax595gamffoaqatl9EkLgMgyOOfJw3v1wCn6fl359e2HbNo4jqNywiWgsxoyZX+IIQVlJZzRNIxKNUlW9HZfLRX5eLh9N+5RoLMZX8xbQEG6ke0XXfTrnpKysjLKyMtxuN263O/v390u6slosFiMSicjEe4lEIpFIJJIfgP3Sc6KoGoqiEq/7OqNTdhpIKhrJcCWKqmdESuviRlVVgsEAmpbWaMFA+vem6lqKomBkPCgPPf4MjuOg6xo/P3sihfl5nPuz07jvkSf57bU3AYJB/ftx4aQzueDsn/HU8y/zwZRPcLvdXHL+2dm38JZlcciBB2BaJi9Pfpt3P5yKrmt06tiBMYcexLrKDQh2CCbbthk8oB/5ebmMOeQg3C43sVgMw9D58qt5LFm2gsZIlPPOmkBubg59e/fAeEvn+lv+zsXnncVlF53H/Y88yey5CzAtk0lnnk5pp477rDhp8p5UVFRQWloK7J1SwkI4xONJTNOUHhOJRCKRSCSSH2qcn0wm96tXxIqiYsZrqF76AtGqRSAcWgtRUlQNX1FfivpMyIR6Oa0OhGPxOF6PB1VVicXiuNwudE1rtr10Qna4sZFoNEYwGCAY8GNZ6ZLBqVSK2rp6dF0nPzcXFDLzR4hEIuTkhPB5vS08NEqmBHE0FiPcGMEwdELBILquE4vHQYDb7coOzL+YNYfHnnmBv//penJDIeLJJNfd/DfGHHIgB48eiaKo5ISC2Jn+KNFYjEQiSU4ohNvtIpbZjtfrIScYxNqHvSYtv+s9680ihCAcDpOTk4Oqqpimybx581oVGk1llwcPHoyu6zQ0NLBh01a6lpeiZLaZTCbJz8/fJ4sGSCQSiUQikfyY2e88J0IINHcORX1+Rl7FMeC0MdBWNHRPLpo71ObgVlEUgoFAVjgEAn6EEC3mF0Jg2zbBQIBQMIAQZPM6bNtG13XaFxchMvPumN9PKOjHcUSruSemZeF2u2nn8WSXtW0bj9vdYkDu2DYLFi9lzKEHkpebg2WlBUi7oiJyc3MoyM/PJNzb2eUCfj8Bvz+bt9J8O/uLMNkTUfK/QlXTdna73bt8VxKJRCKRSCQSKU52N2RFUVR0bz6Gr/AbBrdOxrPS9iB355yTPZlv5wG03cogek8Gua0tu/OA3HYczjrjZFwuF6aZrkimaxqXX/rzrOfmm7bd1j5K0miKiqZpMpxLIpFIJBKJRIqT/1ajOK2Gav0Y8WSqbTUXLu6dPCwSiUQikUgkEokUJ5LvX4e1IkCkKJFIJBKJRCKR/NiQGb8SiUQikUgkEolEihOJRCKRSCQSiUQiaeJHEdalKGq6vTuAED+ZXBSJRCKRSCQSiUSKk30IIWyseA1WKpI+IFcQzZObFiwSiUQikUgkEolEipPvHwUhLBL1a6lf8yHxutUgHLz53cgtPwpPblcUVWd3ZYQlEolEIpFIJBLJvsN+615QFAU7UU/9mg9AgeK+P6Oo9+kIoHb121iJuj3qW9G8C7iqqi2WaeoO3/z35j9trV9RFLRvmEcikUgkEolEIpG0ZL/1nCiqjm3GidetpqjPBIIdRwAKiuGhatHTOFYcRdURdqrNdQghCDdG8Ho8aJpKuDGCx+1C13UURUEIQX1DGJ/Pi23ZpFKpFn4Yn9eDYbho7p0xdJ1oPE64oRFVU8nNCWEYRraD+3cRY4aukzLNn8zJ2STs9mbZZCkmJRKJRCKRSKQ4+TbDR4SwMeM1JOrXYMaqsFMREnVrQFGwEvWYsWoS9WvRPbmohh9F0dg5vEvTNLZuq+KPf7uda664jA7tirn25r9y3sQzGDVyGMJxePTp51m6YhXX/vZXPP3CK8ycPZeA35cdLF806UxGjxyOaZooCqiKypTpn/PS5DeJRmMAdGhXzPln/Yye3btiZQRKa4NuRQEhQMnsafN5VFWloSHMvIWLOWjUCDRNyy77Qwzg95ZAMDNCzDCM7/0YFUUhmUyxZctmQqGQFCkSiUQikUgkUpzs2SDSSoSpXvYi0S1zccwY1UueR9XTXdQdK4FjRqle/CyxmuUU9T4Dw5vfZiPDSCSK46Sre0UiUSzbRlEUXnnzXaZM/4w/XH0FRYUF1NTVcfDoEZx35hmkUulBs9fryQ6gdU3n05mz+PeDjzDhlBMYc8iBmKbJlOkziESjkAn1QlFIpVJomoaqqjiOg6IoKIAjHBRVxdB1TNNECIFhGKiqyobNW3jnwykcNGoEqqIgMmFmyWQSwzDQNBXLsvf7E1JRFCzLorKykqqqKgCKi4spKytD1/XvRaAoqkIqZbJmzRo2b97EgAEDpDiRSCQSiUQikeJkj0av2Il6YlWLKOp3Jp7cchwzjhnfDoDhLUQ1vCTq17J92UvY5WMxfAVt5sW3zDnRcLkMPvlsJs+/Opnf//pS+vTsgWmmUBSFoN9PKBjMzp9KpbID6kQyyStvvM3hB4/mzNNPzoZxTZp4BigK02fMZOOWrdTU1hGJRFA1jfFHH0Gfnj2wLItnXnqdspJOVNfUYBgGK1etoaGxkZOPO5qykhImv/0em7du44FHn+Twgw+itKQjz78ymU2btxAKhThp/Fgqysu/c/jYvkBlZSWVlZXZ76ayshKAioqK70UMJZNJVq1ayZo1azEMQwoTiUQikUgkkh+I/TAhPh3WJRwLT6gUb0EFujefmpWTqVk5Gd2bj7egAk+oFOFYCGGTDpb6Rs0DwIuvvcm/7nuY88+awAHDh+wILdINZs9dwEOPP8PdDz7K9M9momk7kuVj8TjbqqoZMrA/ALZtY9t2Nkdk05atPPHsi+i6xmEHjyaRSPDaW++lvSIbN/P+lGm0Ky7isy9mM3X6Zxw8eiSlJZ249z+Pk0ymyM3Jwev10Kd3T/Jyc7j3ocdYt34Dpxx/LEG/n9vvfpC6+oYWYmv/051pr0lVVVW2mEBTIYKqqiosy5LCQSKRSCQSiUSKk31XpOCQFStZMZL5bE9ESUsE+Xm5tCsqZMHipSSTyR05HQg0TcXlMnC7XOjark6n3UUcCSHo07M7F517JqNGDOOk48axZOlyNm/ZytRPP6df755UlJehKgpHH3Eoo0cO42cnn4CZsmgIh+nXuwd5OTkccchB+LwelixfyQVn/4whgwZw9oRTSCZTLF2xEl3X5Fn9bb5xIXC73XTv3oPu3bvjchk/qvwdiUQikUgkkv2JH0ETRoHhLaDzqKsBMLwF/9XgsmmRsWMOpX27Iq696W88+fzLXHjORCxbYFoWQwb157wzz8gu0xTWJYTA5/VSXFTA3PkLOeTAA9C0tEhonrAeCPgRgGWZ9OrRjS6lJbzw6husXL2GC8+ZmK4QBjuWVVVUNe1NaMoncRwn441R8HrSeTaapuF2uUgkEv+FINu3vktd1ykuLm4R1uU4DsXFxd9bzolwBC6XQffu3QkE/LhcLoQQ0ksjkUgkEolEspfZjz0nAhQFRVVQdQ+eUAmeUAmq7kFRlVYrdLVGUzJ80+/xeILSzp353WWX8M4HU3jr/Y/SpYUFNEaihBsb2V5Ty/aaWkzLyg6qPR4PJx83jo+nf8azL71K9fYatlVV8/gzLzBtxudomobjOAghEAJchsExRx7Oux9Owe/z0q9vL2zbxnEElRs2EY3FmDHzSxwhKCvpjKZpRKJRqqq343K5yM/L5aNpnxKNxfhq3gIawo10r+j6o8g5KSsro6ysDLfbjdvtzv79fQsjt9tFaWkpbrdbek8kEolEIpFIfgD2S8+Jomooikq87uumkeVOM2gkw5Uoqp4RKa2LG1VVCQYD2dyRYCCAYaTfzg8bMpBLf34OTz//KuVlpRQV5DPj81nMX7A4O3C9sFkpYcuyOOTAAzAtk5cnv827H05F1zU6dezAEYceRG1tHV6vN7t127YZPKAf+Xm5jDnkINwuN7FYDMPQ+fKreSxZtoLGSJTzzppAbm4OfXv3wHhL5/pb/s7F553FZRedx/2PPMnsuQswLZNJZ55OaaeO+704afKeVFRUUFpaCuydUsLNty+RSCQSiUQi+YHG+clkcr8ajSmKihmvoXrpC0SrFoFwaC2USVE1fEV9KeozIRPq5bQ6EI3F43g9HlRVJRaL43K70DNhVaqqEg43ohvppoypVKqFDvJ6PJmB846eI7qmEY3FCDdGMAydUDCIruvEEwkc28HjcWcH3F/MmsNjz7zA3/90PbmhEPFkkutu/htjDjmQg0ePRFFUckJB7Ex542gsRiKRJCcUwu12Ectsx+v1kBMMZvuo/GhOzj3s4SKEIBwOk5OTg6qqmKbJvHnzMv1nlF3mNQyDwYMHo+s6DQ0NbN1aRWlp52yzzEQiQX5+/n5dXEAikUgkEolkf2S/85wIIdDcORT1+Rl5FceA08aAXNHQPblo7lCbg1tFUQgGAtnQrkDAnwm7Ss/vOA6hUDD7d1OOR/N9ab5uIdK5KW63m3YeDyLzmW3buF2uFgNtx7ZZsHgpYw49kLzcHCwrLUDaFRWRm5tDQX4+lmVlPSFCCAJ+PwF/eh+tnbbzYxMmeyJKJBKJRCKRSCRSnPzQQ1YURUX35mP4Cr9hcOtkPCttD3J3zjnZ3fQ9HSwLIbB3mnfnZW3H4awzTsblcmGa6dwVXdO4/NKfo2laNtm+rX1pazsSiUQikUgkEokUJ3tdozithmrtT3gynpjmwsXtdn8rISSRSCQSiUQikUhxIvnu+qoVASJFiUQikUgkEonkp4rM+JVIJBKJRCKRSCT7BD8Sz4mCoqigKIDI5JpID4REIpFIJBKJRCLFyV4WJsJJkYrX4phRFNXA8BaiGj72pAmjRCKRSCQSiUQikeLkfyRMTKJVi6hb8wHJxg1oriA5JQcTKjkI3Z0rBYrkG7GFg23b6LpMwZJIJBKJRCKR4uQ7iJN4zXLq136IJ6eUgh4nkIpX07BuGigquV2OQNXcUqBIdovjgKppWJa1S9NGiUQikUgkEokUJ3ugSxSEnSJavRSEIK9iHIavEK+VwE42Etu+DH9hHzx5XRFO2w0KVVXdpZninkz7JjRNw3EcWX1r/9C4+LxeTNMkmUxKe0gkEolEIpH8QOyX1boURUFVFWwrgWPFMXyFGN58hBAomhtPbleEGcFKhlEVlbbehTtCEG6MtNp8UVEUGhsjmKb5rfdPCMHGTVuIx+MoioJhGKiqLIz233zPe8uToSgqXq8XwzCkoJRIJBKJRCKR4mTPiSdNlm2s4Yt1taysSdHQsBUzXpsWBnaKZP1aNjYkmLOxgXXbG7Acwc5jXE3TqK2t49dX3cDb73+My+XKTjMMg0VLl/PLK69j3sLFuAyjzcFy099N01RVJdwY4dqb/8q0GTMxDIPpn31BVfX2FgLlm9YlRYmCaZqYprmXRIpAURR8Ph+BQECGd0kkEolEIpH8AOxXYV2KopA0Laau2MCj0xexuSFGT1+Us7vUk7fmfXyFfbGS9dSt/YDPN3uYv2EbJWvnctGh/akoykXslHsihKAxEuWVN97mwJHDKCwswHEcUqkUL7wymarqGizLzggWHdO0cBwHt9uNZVlpT42ioGsaiWQKw9BRFAW/z8cvLjiX7hXlmKkUk99+j0lnnkHHDu1JpVJtrgtA13VSqdRe9Rrsa9+xZVlUVlZSVVUFQHFxMWVlZei6/r17NVQ17UGRSCQSiUQikUhxsls0RWHd9jAfLF7LqG4dWbc9TMDVjr5DDiC1ZQbhjTNRDS+gcES5n8M7deW15THmrdtG+5Afn1tv0f5ECEFuTohQMMArb7zNpReeh6ZpfDTtUzZt2UqXspL0YFhRmD7jC6bN+BzLshnYrw/HjzuKaDTG869OJj83l4VLl5MTDHD2hFPJz8/j6zXrKCrM58uv5lK5YROvvvku69Zv5NixY/j08y+Z+ulO64rFeOGVybQrLmb23Pmcd9YEunXtgm3bP7mTsrKyksrKyqynqbKyEoCKigp5xUokEolEIpH8iNlvwroUwBaCDbVhaqNJzh7VhwO7dyJuK/iLBtKu/7l0GnEFHYf+io5Df0mRV6GTuYieBQart4cJx5OoO3kihBC4DIOJp53EjC++4us164jF47z8+lucMG4sRQX5aJrKoiXLuP+RJxjUvx/HHHk47340hbfe/whHOHzw8Sds2rqVY48aw9r1G3jljbdxHIfPZ31F1fYaOnZsj6oqVJSX0bW8jIVLlnFfa+tyBO98OJUvv5rLQaNGkJ+Xm24m+ROiyWtSVVWFqqotQuWqqqpkNS2JRCKRSCSSHzn7j+dEUUiaNvWxJB1z/RQGvRQHfQjh0JCwCRV0wCDTId6xyak4jrr108nTYyyPu0mYdkbitAwLMi2Lfr17MWzwAF589Q26V5SjaRpHHX4Is+bOR1VVvvxqHv169+TE8UcDsGHjRmbOmsPIoUMIBgOccdLxlHTuxIZNm1mwaAmmaWLoOrqmMaBvb3w+H8OHDKR3zx7c9/AT9OvVxroCAc4/awK9enbHNE0cRyZmSyQSiUQikUh+OuxXCfFOpqyvoWkIAS5dxdBUkqaFEDbCsbJlgwPF/WnX90yC+aUkzRSWcNqs2iWEYMIpJ7B4+QqefvFVfnbKCQQC/mwp4JSZwuvbkYfg8/kwTRPbsVEUJVvtS9e09Jt9kdFBgGXZCCGyQiOVantduq7h83mxbfsnWTFKCIGu6xQXF2dtn7adQ3Fx8V7JOZFIJBKJRCKRSHGyJ0NXdFXBbejETQuBIGnZpCwHr2tXB5CiGhj+diQcDYFo80Adx8GyLTp17MBpJ4znoFEjGDl8SAvPRa/u3ViweClr11VSV1/PjJmz6F7RFa/Hg207LdblZAbPTYNrRVEQQlC9vYZwYyO9undj4W7WJQffUFZWRllZGW63G7fbnf1bIpFIJBKJRPLjZr8J60p7SjRyfR4a40k21DaypT6Krqq0zw2ga2qLZHdFUUiYFpXVDeT5PHhdxk7VugSqqhII+LO5DsePOwohRKb5Ivj9PoQQHDx6JMtXfc3f7rwbRVHo8P/t3Xd0XNW59/HvPm26qlUs25JtWXLH2Ma90ELH1NAJKSSQkMJNz70kITeU3HCT3BRICB1CCSX0jimmg3HFxh1bbrJkq4+kmTllv3+MNEguQN5AgsnzWYu1rDOnzkis/ZtdnrJSzjjlBEATj0dzE7dDIYdYNIJSikQ8jmlaRCMRZkyZzJ9v/gszph7El887i411mz/wXP+uentPqqurqaysBLJLO/e+JoQQQgghPr1UOp3eb1p8lmGwqr6JP8xfTF4kRFt3msJImLNnjN5jNolS0N6d4bZXVzKnZhAnTKwh4ph7rNbV3Z0iEgn3TL4GULlGcHcqhW1Z2LaNUtDS0oYX+BQVFGBZFp7n0d2dIhwOYRhGdniW7xMKhUil0ti2jW1n92ttaycajRCLRkArWlpb3/dc4r16Lx8USrTWtLe3k5+fn/sclixZkquRsvu+tm0zceJELMuira2NLdt3MH7MKCzLkjddCCGEEOJf2d7fn27W15rK4jyOPaCaO15/h4a2ThSKd+qb9rq/Y5mMG1TMjBEVROz+waS38ds7tyTbcKVfxIlFIuhc41hRWFiQa+D6vr/H8b2FHLXWuV6X3DyKAcUEPXNPlOIDzyWkp0QIIYQQQsLJJ7yxGrJMDhk1mDEVRWQ8P9vg30cb1jAURdEwRbHwPs/5fmEg6NM47g0a73d839d33+7/necSQgghhBBCwsl+IOLYDC8pgA9R8qK3t0K+gxdCCCGEEELCyUdOa40nQ36EEEIIIYSQcPKJpxS5gosSYoQQQgghhJBw8vFlD0XPwlr9aBRojfZctJtB2SHoXYFJQooQQgghhBASTj5KWmvSnkfK9fvlDQNNSGmMTAp/6cv4bzyNc8iJWGOnZkOK7fT0qAghhBBCCCEknPyDDKVIpl0eW/4ujy/fSEcqg6EgQFGk05wY1DHYb6egfSeFmXa8N+bjb1qFUViKPeNoVKIQtKyIJYQQQgghhISTf/RmDYO27jTPr9pCeV6UsRXFoCBQBrHOZopXbCXqKCLDRuIMrIAdWwgat6M7WrEOOjRbkE9GdwkhhBBCCCHh5P+XIluAceGmHbywejNvvLudkyfVUFEYI9BgGooyq53KghhFo8ZjFhSD56GHVEM8D71zO7qtBYrK9ji3YRgfW30RpRSGYaB1QBDoj/C8oNS+7/vjfCYhhBBCCCH+vcOJUqQyHte/sIzV9c3EQjYL1mxhwZotBErhuBkmNC5lQLSFoupa/HcW4tdvxqweizGkFm/zerwVb2AOrgbbzk2O11rT3pEkEg5hmuY+r2/bNr7v/10NfqUUvu+zdVs98XiUgvz8j6ziuef5pFJdxGLRvb7e0ZEkEgljGMY/9J7blkXGdeWvRAghhBBC/FMY+8NNKgWpjMfq+ma+f8wUbv3Kcfzq7MO59vNHceMXjuKaY8dxYUEHg+nGXfAQ3pplGOVVBE2NqHgeoPHfWYj2MvQu8WWaJruamvn+Ty6jbss2LMvs1zDvpYEXX3mdxp27+jX2lVL99uu73TAMfN/n99fexOX/+1uWvf0Opmm+7zG7b9/XvpZlsf7dTXztO//Ja28uwrHtfiHqxVdf56Lv/hd1W7Zi9axU9r7X3cv1DMOgvb2D+S+8RBAEez1WCCGEEEKIf8twAtlK754fUF1WQCwW4anNSaLxKLUJk6rNSynPtON0tkMQoNub8dcsQac60Z3tKMvBmnwwygnRd9KJ1ppksjPXI2KaJpZp4nkelmlimiY6CHjosSfZuasp19i3bYsgCPB9H9t6r/OpN4BoDdvq61m6fAU//dF3OHTOzFwAcF0PyzJzDf7e472ecymlcq97nofVs63fexEEtLa1cdd9D9KRTGIYRi5Q3H3/w7S2teH7AYZhYFkmGddFKYXjOLkeItu2CLRGGQa2bRMEAUEQYFkWlmWxZXs9jz/zXC6sCCGEEEII8XHbrybEm4bBrk6Xu9Zs4e4VO0i6ARePCBNvqkcPqsYqrcAoqcDftIZg+ybIpNFb1kM4jDVqElg27DY0q7cBv2rNet5ctISM6/Lups3UVA/j9JPn8fRzC6jbso37H3mCTZu3cuyRh7FUGoZyAABMSUlEQVTg5Td46bXX8f2AWdOncMShc3ly/vO0tbezeet24tEI7clO0pk0f3voMWbPmEo8FuPRp+azq6mZcaNqOe3keYRDIRYtXc6T8xeQ8TKMqqnm1BOOY8PGTTzyxDO0JzsZVTOck447Bsexc8PCAq0pLyslnU7z5PwXOO3keQA8Mf95PM+jZEARSina2zu4874HqNu8laKiQkoHFHPQxAlsrNtMU3MLW7fXk5+Xx/Qpk3hy/vN0dnVx6rxjqRwyiIcee5LtOxq49qbbOHjWDA4YNwbf9+UvRgghhBBCfGz2q6/EDQWtaY+n1jexrrmTp9Y20LxzJ0bgYYwYhzloGOgAo6oWc/RkdFcH3rq3s+PCogn2qNrYJ6Ds3LWL+x9+nHgsxmcOmc1T81/g1TfeonLwIAxDUT2siuHDqliybAXX33o7h82dxbyjP8N9Dz7KqjXr2LJtO7fdeS8DigqZetAkhg+txLIsakcMZ0BRIavWrqN6aBXHH3U4T8x/gYWLl7G1fge/ueY6hg0dwgnHHIljO+xo2Mlvrr6OIYMq+PxZn2XJ8pU8/sxz/XpodBCQiMc445QTePSp+TTu2kXjzl088cxznHHKCUSjUSzL5NGnnuGd1es45/RTSKXTvPTqG+TnJViyfAWvL1zEnBnT2LCxjv/93Z+YNnkiA4qKuPam2wFFQX4ekUiY0aNGUlxU+JHNlxFCCCGEEGJf9quek0BrIpbBtMEF5IVtRkQCInUrIQgwB5Tjr3gDf+sGzOFjMIeOwQt8gl3bscZMRjnh961xojVUDhnEqSceRzgU4uXXFrKtfgeHzZ1FNBplyqQJjB5Zy7U33oZpGNRt2dozTwPWrFuPoQymT53MF889EwDHtomEwxw8ewaJeIyhlUNobm1j6/bt5Ocl2NHQSHNLK6UlJZx+8jxs2+KgiRN4/sVXaNy1i67ubhYvfRvbslj/7kY83+8XrVzXY8a0g3jp9Te5/6HHAMWQwRVMO2gy9z34WG6f8rISqodVMbC0BNs0GVQxEN8PmD5lMnNnTWdb/Q4WLlrKEYcdzPBhVSxaehXhUIjRI2uo27KNQ+fMxOyZQyOEEEIIIYSEE7IFGJVSdHR2ce7oItJBMVbLDrqfeItUaQmRcIygrRlj4FB0eysqnodRVAb5xVhTD0fF8uADvv1XSuG5HoFtE3IcADzPQ2udWwrY9TwGlpdTPWworudx/nlnUz1sKHf/7SES8Xi2h0FrfN9Ha43nebiux133PsDSFe8wunZEdpK5oUin00TCDoZS+H6A2TPfJT+RoHr4UGzTpKpyEKUlJXusFKa1xrIszj7tZH582S8BuOInP8S2TLTWuQBy2VX/x89+8WsS8RhnffbkfkPDAEylCIUcPNfF7JlnEwQBnucB4Ps+hkyIF0IIIYQQEk56G+IQdixqBxbxu6cXARpDKbSbobohxLcy26jpbEMVlhJsWYs54gCCdDeEotgHzsIsqcgO7dpLOOlt9PcNIL3bte65jtbs3NVEe0cHI2uGs3jp25SXllBaMoDV69ZjKEWg9R4BIggCDGXQ0trKI0/O58c/uJiqIYNZtuIdXNdl/JjR3P/I46xcvZaqysGsWbeBwYMq8Hwf0zSYPHECG+u2ZANCn9oluudanusxuraG4448nEDDqNoa2trbs9c1FJu3bse2LMaOGUlFWRmRSBjd81x9Q4rv9z+vRuPYDsnOTpqamkkk4kQjERnaJYQQQgghJJxorQnbJufPHc+GhlbSPd/qK8OkKDmEghVP4O/chj1uGnrkgWBZBPV1qFAIc9ho2OuQLo1hGCQScYyeFav61g2JRsKEHIdQOMyMKZP5881/YcbUg/jK589mY90WLrvqtziOQyIe41tfPZ9oJEzfDgbTNInHY2g0iXicMaNqufG2vzKguBDbtrEti3GjR3LMEYfxf3+8nkg4xMCyMr71tfM576zTuPn2u7nzngfRWnPO6acwfGhlbi6/ZVnE47GelcE05511Wu59UigS8Tig6OzsIj8/j/b2JBs3beYvd/+NH1x8EXmJGKFQtmcoFHJyz20YBvF4jCAIGD9mFA88+gSXXPZLvnTumcydNR1Xap4IIYQQQoiPkUqn0/vN1+FGzxyP3uoc2jAImhrovv86gq4OzMqRGIUD8Bu2EDRsRUXihE4+H6OoHAJ/r6Gnq7ubSDhMEAS4rkckEgYglU5jKIUTCuF7Hq1t7USjEWKRCChFS0sradelMD+PcDhEV3cKNLlGv+/7pNOZXDFE13XZ2dRMIhYjEgnj+z6hUAilFM0trbiuS1FhAbZtZ1fa6uggmewkkYgTj8X69cr4vk86kyESDverT9LbI5JKpTFNgx9ffhVzZkzl+GOOZOvW7Vx21W/56vmfY8K4Mfh+gOPYuK6L5/s974EmlUrl7rmzq4tUKk1+fh7mJ3g5Ya017e3t5Ofn597rJUuW4PYsobz7vrZtM3HiRCzLoq2tjS3bdzB+zKjcUtFCCCGEEOJfY7+bEJ8tU9KnVonlYFaOhB11+JtW4S3dhcorwiivxCgdhLJD+5wIr1S2lyEIsvM9HMfJhYBIOJxrzFqWRemA4uzQLa1RWlNYWIDivWFR4VAotz+813PSOzzMtm0GVwzMBQjLsnL/Lupzrt7rJ+Jx8hJxtGaP4WKWaWL3CSx9h1sppYjFoiilOOm4o7n/kSd48ZU3UIbi6CMO4cDxY3tqmWSv7TgOoZ5rG4bqd8/xWIx4LNZvGJgQQgghhBASTvaaVgJUNI4193isTApvxZu4rzyOPXce1qiJKMvJ1jZ5n4Z13wZ+3wb47v/2+/5MdjnfvvT7zGfJnWMfK17tHj72te39rr+3Y+fOnMbkAw8glUph2zZ5iTh+T7HFvvel93Hd97sHIYQQQgghJJzsTqls5XcnhH3QoVgTZmZ/Nq3e1ve/7YebHa4Vyg1V82Q5YCGEEEIIIeHkY9YbQCwLZdmA/rcOJX0FWt4LIYQQQggh4eSfoneCvKZ3aJU0xIUQQgghhJBw8s8KJJBbhSnj+3RnPMK2RcgyAdBo6SwQQgghhBBCwsnHeLOGAWhcP6A747GjrZPnV2/m5TXbmDysjKPGDWVgQYywZWFbZrY4YhBIX4oQQgghhBASTj4aCvC1Zn1jK10Zl5bOFFubO3hzUz1daY8DK0t5Z3sTdU1tHDC4hEGFcYpiEQbEI5Tnx7AtQ3pShBBCCCGEkHDyEYQTpehMZfj6X+ZjGoqCaIjBxQlGDyxmyrByqorz2dXRzbItO1m7o4k3N+6gsb2bRNjmZyfNoqo40W8pYCGEEEIIIYSEk//PcAJp16clmeInJ81gdEUxYdsiLxIiEXYwDYPS/DhVJQW0pypx/YAVW5u4+tnFpLwA07LRnrdH3Y6+1dX7+riKDu5+vX9lcUNDKZRh7LP2ihBCCCGEEBJO3kfINqktL6S2tIBdzS00bm9mR+Bj9LT3NdmVuxzLwO5qwWvbxbsbNuKkOojHotmq7n3CQXd3ilQ6ndumlEIBoVAIx7E/8vvv7k6RzmRAayzbIhGPo3rmxXzYcGPbNq6b+buHqfU9FhRtHR20tXUweNDAT3AoVbkQJ4QQQgghJJx84mitaGpp5fY7/sLyJc/T3NpFa1IRBFAQh2hY0dKhaev0aU93c9Pyu8lPxBkxahrf+ubFhMNhtNbYts19Dz3KY089i+M4KKVwXZfOri6++40LmTltCq7ropTaa+N4Xw3nvW3PbtNcd8vtLFy8jHgsitaacWNG8YVzTicvkcgFlL7X63supRTpdJqnn1vAIbNn4DjOXvfb4160ht2OjcViPPP8izz65Hyu+dWVxGJRgiD4u57pnxFKXNcFwLZtCSlCCCGEEBJOPnmUUrS2dbB8yfMcOnI1C1e7vP0OFOcppo6HooTJXc96NOxUTB+jOHWWybZdmidebOErX/ka0WgE39e4nse8o4/gyEMPRhkKUFz122tIZzKMHzsGrTWmaZLOZAg5DgC+76MAy7ZwXS8XcjzPQymFZZmkUmlM08SyLDzP63fvLW1tzJ45lc+fdTpbtm7jqt/9kQcffZIvnnsmKvtwZDIZbNvGNA1SqTSWZWFZ2Y+pI9nJ3x5+nDkzpmGaJr7v7/WahmFgGAbpdBrHtjEti11NzT3HTgXg4NkzGDmimnA41HPvFul0Ondtz8sO97IsC9/38X0fx3H2eKaP4/P1PI+6ujoaGxsBKC0tpaqqCsuyJKAIIYQQQkg4+SSlE9BBwK6WLl5d4bJqs8WwCsWpByvKCw3+9qJPZ9pi7oGKU+aa7GwLeGqhz46WLvoVaNSacDhMJBLBsiweefwpNm3ewhU//RF5iTibt27j/ocfY+euZkoGFPPZk46jorychx9/is6uLrZuq6elrZ1jjjiUOdOnks5keOCRJ1i5ei2hkMMJxxzB6JG1/eZ0KKWIRiLkJeKMHT2S6QdNYuu2el5+9Q221u9g585dBGjOO/OzPPrkM6xdv5FIJMyxRx5OTfUw/vq3h2hta+O6W25n9oypTDpwPPc+8Gi/a44dPYqdTU3c+8Aj7GjYSVFhAUceNpf5C16mta2Nm26/G8e2CYKAoVVDGDdmFM0trdz30KNs215PXl4eJx13FDXVw3n6uQU07NxJU1ML9Q2NHDxrOkcedvDHHhDq6uqoq6vDMIzczwDV1dXyFyuEEEII8Slm7Jc3bUB7Jzz+mk9bh8ec8T4R2+fOZ9K8usKlOM/jsImwcbvLTY+5LFkb4PnZifV99faOrFm3gVvuuo/PnXEqI4YPI9nZyW//eD2pVIZTTzyOru5ufnvN9aTSaZavXMVzC15h+pTJVA6q4Ppb7iDZ1cVDjz/Fglde46zPnsT4MaO55vpbaWvvwOhzUaUUqXSajmQn76xey2sLF1FbU03Dzl3ccsfd2I7NjCkHccc997Nw0TJOOv5ohlYO4dd/uJYdDY2UDCjGsW1Gj6xhYHkZ9z/8eL9r/vHG22hpbeXPN/6FTZu3csq8YxlaNQTP9ykuLMSxbUbWVDN+3GiSXV08+8JLeJ7HtTfeyqbNWzhl3rEkYjF+9Ydr6Ugm2Vi3mceenM/YUbUcOG4MN9/+V7Zur8c0zY8nd/b0mjQ2NmIYRm4BAcMwaGxszPVQCSGEEEKIT6f9quck6PnGXgOG6VBSVkVBXoQV9ZqVOxTNrmbwELDC8NgyzaaGTsxwlMohXs8kcr1byDHo7OrimutvZtIB4zj6iMPQQcDmLVup39HAf377G5SUDGDQwDIu/uGlbNm6DaUUc2ZO4+DZMxg9soZX33yL+h0NvLloKZFIhOUr3qEr1U1HMkn9jgYKakfg98wncWyHZ59/iaXLVpDJuEwYP4Z5Rx/BI088xZiRNVzwhXPJZDJce+OtfPHcMzlo4gQmjB3NG28tZuWqNUyaMJ7nX3yFQ+fMxLZtXn3jrX7XTCY7WblqLWs3vMsl37+YUTUjmDhhXPa98wOef/EV5sycRjwWo7W1neaWVppaWlm1dj2X/ug7jKwZQU31MN54azGr1qzDMAymHTSJIw8/hGSyk6eff5EdOxoZWjlEVvkSQgghhBD/vuFEKUXINmlOpigKXAaWlfKjH3yP6mHDyLh+T9igZ+UuxZK6Rm59ZSXfOWYKRmcLv/zV//VbFUsphWma3HXvAySTnfz0h9/BNM3sxPOMi2GYOD1zTUJOCMM0yKQz2QnrPecwzezcDt8PCIKAYVVDqKocgue5HDh+LIMHDcwFE4CMm2HurOmcc9opmKZBXl6iZ05HQDweQ2tNKp3G9TyikXD2Pg1FOBSiuzuF72fnufh+gGH6aK2pGjIod83JEw4gHAoRBAHRcBitA7TOhjDX6z02+175vp/rqVAoIuFwzzNlnzuVSqPUe5PTfd/HtqxcQPw4aK2xLIvS0tJ+w7qCIKC0tFTmnAghhBBCfMrtF8O6tIZoyGLmiApeWreVDY2tmJbF0KohVFcPZ2RtNSNrq6kdUc2I6hGovCI2pg3mTB7PxLGjqKysxLYt+q6/a5omr775Fg8/8TRnffYkHMemqbmFlpZWystKsSyTF155jc6uLp5/6VUc22bQoIH4vp9rIPc29iPhMLUjhrO9voFRtSMYO2okmYyLtdvwJz8IiMWilJQUk5eX6HeeIAgIAk0sFmNo5RCee/EVkp2drFy9ls1btzFm1EiUYZBKp9nV3IznetTWVPe7ZjqTpmRAMXmJOE8/9yLd3SneWb2WTZu3EA6HSaXTNDW30NnZlQschQX5FBbmM/+Fl+js6uKtJctoa++gpnoYnuv3CwNBEPxTwkFVVRVVVVWEQiFCoVDuZyGEEEII8em2X/ScBFoTsS1OmlTDXW+uYcO6epo6U/h+gNYBvp/99t/1A9Y2NHPvwjW0dWf46iETyA87NLoe0H/uh+u6PP/iK1iWxV/vf5i77nuQQGsMw+CbF3yRr51/HjfffjdPzn+eIAj4yufPpiA/v6fB7OTOE4/HMAzF6SefwB/+fCPf+/F/YyiD6mFVjKoZ0e85YpFIbuWvvr04oVCISCQCaCzT4kvnnsG1N/2F713yczzf46Tjj2HsqBqSXV0MqijnJ5dfxZmnnsjZnz2Z31/b/5pjRo3kK58/hz/fcjuLly1HKYMvnnM6o0fVUlFRzk+v+F/OPeNUotEwkUiYaCTCBV84l+tvvZOFi5fhei5fOPt0KgaWY9s2mveWK07EY7llfT++IJrtPamurqayshKQpYSFEEIIIf5dqHQ6vV+0+JQC1wtYWd/CvS+8zrIXn+WCL3yOORPHkhe2ae/OsLiugceWbSA/GubEA6sZN7iEkGNTt3kzf7z2On74ve9QUFCQCwZd3d25Hou+opEw4XCYjmSSzs4u4rEo8Xgcz/NIpdIYhoHj2Git6e5OEQ6HsG0Lz/NpamlFAUWFBRiG0a9BnT1W5YaL9cq4LoEfEA6HgGyvTjqdprW9nZDjUJCfn7vndM+E+rxEgnDY2es1e+fStLW1k0jEicfeGzLW0dFJQX4CDXieRyQcxrJMurq6ae9IEomEyU8k8IOAVDoNGkIhB032WUOO87FNiN/zM/9w9VW01rS3t5Ofn58dwua6LFmyJFenZvd9bdtm4sSJWJZFW1sbW7bvYPyYUbklm4UQQgghhISTD75ZIAA27WzhgVffZtWuJFOqKxg5sJhV25t5Z9suxgwq5tgDhjOkKC87/0QpMm6GlpZWBhQXY5pmrrFrZCdV7LWxq7XGMBQKhUbnAszuDWbDMPoVUDR65qT0nuPDNLb3Vbixd/vuc2UMpQh6zr+vaxqG6inoyB731ztvRPHeIgN9z9N3/92fdW/P9a8m4UQIIYQQ4tNhv2qNabKTZIaVFPGFz0xj2ZYGnnp7E/cvWk/VgDzOmDqKSVWlFEbDuf3RGsd2GFhe3m++CL0N8/dpaGcDid6jcdt/n6Dfa/77nG9fjfq9bd9XCNj9Gvu65r7uvd+x7/PaBz2rEEIIIYQQ/9bh5L0GtWZAPMyhoyqZOmwgac/HMQ1iYQezT89Av4a3LH0rhBBCCCGEhJOPQ28ASYQd8lS2A0Rr/bEudSuEEEIIIYSQcPL+IUWTq8mh6BkSJZ+tEEIIIYQQEk7+2ZQC19ekPB8FRGwD01BIJ4oQQgghhBASTv55wQRoSGa4Z+UOHlm7E8s0+PwBAzm+toSYbUoPihBCCCGEEBJO/gnBpKfH5In1u7hm4RZ2dmdQKHZ2ZkiELI6qLsbsWR5XCCGEEEII8clm7NfhBEVTt8uyhg62daTI+Jq0F7C2qZM3trXSlvb2qHMhhBBCCCGE+GTav3tOgI60R2NntscEQKtsocbOjI/raz5MNOkteKh6Vv36sPU8lFIYPXNb9lV0sW84+v8tYGgYBqZh4AdB7t5sy8LbrW6LEEIIIYQQ+7P9uucEBbu6XJIZn6KojQIcw2BIIkxnJiCZ8fmgdGKaBgpoa2+nfkcjyWQnpmliGMYHBgY/CNjRsJNdTc25au19pdMZWtvaaWlto62tnSAIsEzz73pE0zTZ1dTMm4uXsm17PYZh4Hk+S99eSXcq9anuGdo93AkhhBBCiE+3/bbnRKlsr8nqXZ1UF0YYWhDmyfVNjCyOceroMpY1drC2qZOhBWGMfTRwTdOgubmVm++4hxWrVqF1dtucGdM545R5hMPhXE9FbyNZa41hGDS3tHL1dTfx7qbNKKUYWVPNty78EtFohCDQOI7DI088wx333k9Bfj5B4DOoooIvnnM6w6oqCYIgF2h6ez/6XgPAsixefOV1br3rHoYMGsQRh86hcshgurrb+e2fbuCnP/w2QyuH4Pv+Hsfu76EEwHVdAGzb/tQ8mxBCCCGE+BSGE1Mp1jd38/q2NsaWxhicCJHxNXOripg+KI9tHSle29rGuNI4VQUR/GDPIVfpdIZf/eFPdHZ18/1vXcTA8lJWr93An2/+C8nOJF//yhcxDIVpmqTTGQzDwLYtlFI88uTTtLa185srL6Wrq5vFy1b0BI33rtHZ1UVFeRmX/ui7ZDIZrr7+Zv588+1cdsn3e86TPa9pGti2TSaTAcBxHHzfJ53OcN9Dj3HskYdz2knzoM+wML9nSJdSCtu2SafTKKVwbBvX8/brYOJ5HnV1dTQ2NgJQWlpKVVUVlmVJQBFCCCGEkHDyiWvCYhgmXR7UtWXY1NbNhLI4XhCwtinJ8oYOFm5vY3BelG5fYSgDH7//g1sWr77xFhs2bebXl/+UqsoheJ7H7BlTMU2DX/3+Wk449igGDSzngUceY/nKVViWyaFzZzF35nQ6k93YlkU4HKK0pIShVZW4mUy/xrNSCsdxKMhLYDsORx12CNffegfrN27izUVLcWyL1Ws38M0Lv8SS5St47c23AJgxdTKHzZ3NI088zdbt9axZu4Frb7yNVDrNtIMmMnpkzXtDnrTm8aef460ly1CG4shDD2bK5APxfX+//aWsq6ujrq4uN7Surq4OgOrqavmLFUIIIYSQcPLJEngpOpNN1Drd/HZugvVJh3vWtLK1LcX65m5qimNcMruKqnCKIr2d7s48zFABSlnAe0OoNmysY/DAgZSXleK6LlprPM9jzMgaQiGHLVu3sWT5Cp569gW+9Lmz2LlrF3+8/haKCvI58rC5XP6r3/ON717CjGlTOO7IwxhUMXCPUOB5Hu0dSdIZlyeffYFhVZX4ns/9Dz/GQRMncPDsGby1eCl3P/AInz/rNDSaW+68h5ATYmTtCEKOzeCKcqqHD+XeBx/FCTmMGzMKyE6Kf/bFV/jbw4/xra+eT1tHBzfcdicDy0sZPKhivwsovb0mjY2NGIaRG95lGAaNjY3SeyKEEEIIIeHkk0UHGZINS2jZ8ASB20letIAp5bNpqBxBc3eGrnSamgEFHFSYoXvDQ7S0bcEdOIXC4UdihvL5sGXjNdDekeSNhYs56jOHMHPaQQAsWb6Sl19fyFe/dB6/uvwnvPrGWzz93AIWLlrK5T/9IaUlxQR+dp6KZZqsf3cTP/rZlbiuS8XAMi74wrl0JJPkJRJc9OUvUFoygMt++X/MmDqZww+ZA8Dqtet57c1FXHzRl4nFokycMJ4J48fy1pLlufkzSik832fh4qWEwiFWr9uA67n4QcC7mzZTOWTwft17IoQQQgghJJx8oinDJN3RSPvWV4iWjCVePon2ra+S3vEGxw8biB/4pDoaSBQ6uK2byXhp8qsOI1I4AsMM9QsmWmuqh1Xx+DPPsqOhMTesy7Is3lmzjkw6zbCqSp55/kWikUjuuGg0gpvJTtQuLyvllBOO5ZDZM7joe//Fhnc3UlFWSqYnnHi+z7CqSn5w8deIxqLkxWKEwmGWr3gHy7JwbDs7tySTIRIOv3eNSIRdu5rxXA+ts70vsOcSx1qD7/kMKi9j+NBKXNdl7IW1VA4enDtmvwqeWmNZFqWlpf2GdQVBQGlpqfSaCCGEEEJ8yhn72+263U2k27eQN2Q20QFjiJUeABgE259F1T9HJLkCb+vT4LsEvktnwxIyXY17NGo9z2PKpAlUD63iqt/9iWVvr6S5pZWXX32D6265g1kzpjKyppqhlUN46dU3aGltY8PGTax4ZzU11cP4y1/v45nnX6StvZ1lK99BBwEV5eX4fQKE1hrbthhYVkpRQQGGaeYCRhAEBDrANE1GjxzBm4uWsKOhkfqGBt5ctJTRo2qwLIvA93OZSu82Id62LEaNHEF9w06GVg5mwrixBH6AbZn79S9lVVUVVVVVhEIhQqFQ7mchhBBCCPHptt8N61IoUCboIDv2SmuUYdLZvJ5I4XAKq49j58o7CRfWMGDkKbS8+zRNa+4nlKggXDAMHfi5hn4o5PC9b32NW++8h99ccx1aa7q7u0mlM5x8/DFYlsWZp57In268jR9eejk60MycdhAHz57JU88+z1//9iB33P03NHDuGadSVdl/KFXIcYhFo/hao3qWDobscsXxeAylFL7vc/xRn2HLtnp+cvlVAIyoHsaxRxyO73sk4nGsnrARiYQJh0MoIB6PEQQBx3zmMDZu2sx//ff/YFkW5WUlXPTlzxOLxfbLXobe3pPq6moqKysBWUpYCCGEEOLfhUqn0/tNi08ZJqnWTTSuvINw/lBi5ZNpq3uewOvGdBIEmS4SFVNo3fw84YIRRIpHkW7fTPvWlxl44FeIFNWgg/7DnUzTQGto7+gglUpjmSa///ONtHckueR7F1M6oJiMm6G5tQ3LNCksKACytU46kp0kk0mikSh5eYlsL0efc2dcF9/3+w3ZAvD9gHQ6TSQS7qkyb6C1prmlFYCiwoJccOlOpQg5Tm45Y6WySw13dXUTDodyQ52amlsIAp/CggJs2/7QVe4/0Z/3h6zdorWmvb2d/Px8DMPAdV2WLFmC67p7FHHM9mbZTJw4EcuyaGtrY8v2HYwfMwrLsuT/CEIIIYQQ/0L7VWtMBwFOfCBFw4+mZdOzJHcswU01k1cxnYKqQ+jY9gYt7z5NtHQcofgg2rcsIJPcQbx8Ila0GPSeE8R9P0ApRV4iQX4igWEYfPvrF3LXvQ+was06BhQVYhgmJcXFucat1pog8IlFo8Rj0ezcj71MPg85DkpBsFuNld6ek75DvJRSFBcV5q7Ruy0ei6F1gNYQDodyr/ce37vfgOIiFBD0HPtpID0lQgghhBASTj7JzVWUYRMtGYeTqMB3u+jY/iap5vUEQYaiEcfhZzowQ/kowyJcUEXgZ7DCBZhOfJ+N3X5zOYKA/LwEX7/gC7iul5tDsrdjPygEZM+799f2nNyuP/AafV/ffbs05IUQQgghhISTf1FAcWIDQUEobwiBl8YwHZTpYIUL0WjQGtOO9Ryhs3NUPqTeHgkhhBBCCCGEhJMPDCha+6BBKQvTsbPr6uqg35wPraXOhxBCCCGEEBJOPhZqjwnO772kANUbXT50sUUhhBBCCCGEhJO/mw5cfC/1/kO0lIFhhVCGlQsrQgghhBBCCAknHw2l0L7HzlX3sGvVfWQ6d+xzVzsygOKRJ1Iy5iyscAFoPztZXMscEiGEEEIIISSc/KPZBEXgp2le+wiplg0EgbvPff10B60b5xMdMAYnNhBlGFjhQkwnjvSkCCGEEEIIIeHkH6YDj3T7FoLARSnjffYM6G5eT/2iazGdOGYoTrxsIkUjjsMM5clcFCGEEEIIISScfAQBhQ8emqV1gBUuoHzCF4gU1ZJu38quNQ+QN3gmVrhgjxW8DMPYY9lgpbIT73ffbhjGbtfqX1+k97h9vf5h9/kwDMPANAwCrXMFIC3LJAi0LIMshBBCCCEknPyzIkq/+SN9Vunqae2jAGWGwLDQ2sNLNaN9j92HdWmtae9IEgmHMc33gkcqncb3faKRSL/9k8lOPM9DA4ahiITDRCIRPM9Fa0inM6TSabTWGEoRj8ewLQuvT/X4jOuS6k4RaI1Silg0QigUwvO8D/0OmKZJa2sbG+s2k5+fx9DKIQRBwJq1G8jPz6O0ZMCnIqD0hjgpMCmEEEIIIeHkk9lgNWxMJ5Ed2qUUfroD3WcOimGF8f0M2xf+HkwHr7MRZYVht6Fgpmmyo6GRS3/xK37wrYsYUT0Uz/NxHIcHHnmCZSve4Sc/+A8sK/sWZTIuv/y/q9m4eSuRSBilFHl5cY4/6jMcMnsmtm3xyBPPcMe991OQn08Q+AyqqOCL55zOsKpKfD977lffWMgfb7iNeDyG1gFFhYV87oxTGT92NEEQoHtCS2+DfPcGumVZLHt7JX+68TYGFBcxZ+ZUhlVVEmjNzXfew8xpB3HScUeTyWT228Z97327bvZztW1bQooQQgghhISTTw6NxjBs7MLhRIpqs0O0Ao/OhqWkWt5F+y7KdAgXDCdcOBwrlEcQeCS7m7LzTPZSH0VrTTLZuUcvQzqTobO7e487aGvv4JgjDuXkeceQTHby2puL+NMNt5FOZzjuqM/Q2dVFRXkZl/7ou2QyGa6+/mauu/l2fn7J9zFNE4BUOkMoHOKyS36AbVvcdte9/OG6m/i/X/w3sUgEZZpkMhkMw8C2bVzXJQgCQqEQvu+jdcCDjz/FxAnj+OqXznuv0d4zvCvoacDbloXrefh+QDjk4Pn+ftG4V0rheR51dXU0NjYCUFpaSlVVFZZlSUARQgghhJBw8olotRIqGEa4aARBugPLSZDq2Eq4sJpM+zbcTCd2OJ9Y+QEEbhdWuIBU+1aiJWMJMl0oZQJ7Nmx3n0fS20A29hJmlFJEIxHyEgli0SinnngcXV1d3Pvgoxxx6FwMw8BxHAryEtiOw1GHHcK1N/2F7lSKRDyePUdPcCjISxCLxzj2qMN5c9ESttc3sOCV1ygpLmbhkqWc/7mzaGjYyfwFL+F5PhPGj2He0Ufwwkuvsmr1WtyMy3W33E4qlWZ07QjmzpqOYRi5gWtvLV3O088tIJ3JMOmAcRx75OH9emQ+yerq6qirq8t9NnV1dQBUV1fLX6wQQgghhISTfy2NxjTDFFUfjZduJ3DyiJVMyE4m9zOEC4ZllwsOF2LaCaxQUc/rAYbp4MTKsUJ56I+g1klv4973fQylmHTgeB59aj7Nra0YhoHnebR3JElnXJ589gWGVg4mEo70CwW+79PekaQrneLRJ+dTVFhAJBzi8aefZVRNNYfMmcWWbfVcf8tfOOOUkxhQXMRNt9+FQjFh3Bhi0SilJQMYO2okTzzzHC2tbcydPSP7gZomdVu28ts/3cC5p5/C0MrB/PGGW0kk4hw2d3ZuqNQnM39me00aGxuzQasnIBqGQWNjo/SeCCGEEEJIOPkkpBONMh2Kqo+hq3EZ7ZtfILVrKWRaKRp2BOXjzkBrCHyf7taNJLe+1PN6G3nDjiI8YCymHfvYlxG2LJP1727iRz+7Etd1qRhYxpe/cC62beVW1DJNk6bmFn5yxVV4vkdhQQHfuPBLRCIRotEoXzz3TEbV1nDtjbcxemQtJx53FABbtm7l1Tfe4ugjDqWosIBRtSOYPWMqGzbWUbdla65TyLIsFi97m0w6zc6mJjqSSQzDYP2GTRx+8Bz5jRdCCCGEEBJOPgqBlaA1VEtDuJPuts04sQNodQdhd+aTiDiU5EUIhwrZ2u7RsutdQvEJBFYV5VYMU+27AKNhGD3/9V8WuHc7vLfOV++3+aZpogyDRUvfJhKJUFRQgOt6DKuq5AcXf41oLEpeLIZl27lgAuAHAUUFBfzo218nPz+PeCxGJBJh+44GLNMkGo0C2RXDotH3VguLRqO4novruug+ywf3PXcvz/UYUFzMiGFD0VpzzmknUzGw/BPda5LNoBrLsigtLe03rCsIAkpLS6XXRAghhBBCwsm/ngICrXl9w3YeXraBjQ3d+G4cZbiY5lIsy2BIUYLTpo6kIj/OX9fZrNwcxzRdhm1aw2cP0kyqKsWxzD06T3zfp6W1jaamZlzPJz8/D4B0Ok1TcwuWaaKUwnEctNZ0dXfT3tFBe3sHr725iAcfe5Ivn3cWjuPg+z62bTGwrBTTsgiCYI/woIMAwzQoKy0lFovi+z5+zzLCQRCgeybnj6odwZ33PcDGTXUUFOTz8mtvMqJ6GJFwGL9nVa/eBn3vvwOt8TyfMaNqeeCxJ8hLJBhRPYx1Gzbmli7eHxr3VVVVAHtMiBdCCCGEEBJO/vXhxFAkuzLc8OJyDhhcwtlTRxMLZ8OC6/tsbe5g6ead3LdwLRcddiBfO+wgOjMHkkxleH7VZu5buIYhRQmGFOXh5+adaEzTJBwOc/V1N2NZJulMhtNOmkdBfh71DY3818//B7TGcRwu/ur5FBcX8uT853nh5dcwDEV+Xh5f//IXOLhnvkfIcYhFo/hao/oEiD7RBMexicdiaK1zSwdrpTCMbF0UwzAIfJ+DZ0/n3U11XPmbP6CUYmBZKWeecgJaa2LRKE7P8rrhkEM0EkEpiEUiGKZi7OhaTjzmKP7vmusIhUJYlsn5553FoIHln/jPurf3pLq6msrKSkCWEhZCCCGE+Heh0un0J77FZxqKxvYuTr/mEX5+ykwOHVUJpgEoNu9s5boXljNu8ABWbN3FBYccQGVJAaDB1zy7qo7fz1/MFafOYUxFMZ4f9GsId3V3E/hBz5QNTSgUwlBGrpgiZFchjkYiZFw3W4RRawxlEImECYdDPduyBRZ93ycSDu/zWTzPI+O62Vop9K8U392dIhwO5SaDKwUtLW14gU9RQQGWZeL7Ad2pFJZlYVsWmYxLoAPCoVB2u2nhODaGYdDa1kZXV4r8/ASxSAR/PyvM+GHrtGitaW9vJz8/H8MwcF2XJUuW4Lpu7hx997Vtm4kTJ2JZFm1tbWzZvoPxY0blatoIIYQQQoh/jf1jtS4NjmVRU17Awo07iIZs4iGHaMjG8wO6My4bd7UyvXogTZ0p2lMNKBSdaZc3N9YzMD9G1LH2GNKllMot8du38QoQCjn9tgdBQMyy+tVL0Vrjuu9Vdg85DkpBEOy7MW3bNo7j7FFbRfVUlO/dnr0PRWFhQe5nvydYxaIRsqVNdO4+tdbEIhF0bl+f/Lw8CvLz0IHe74LJhwklQgghhBBCwsm/pJEaD1mcPX00d72xmkeWvksQaA4YUsJ3j57CqVNquX/RWv7v6UV0ZzwU2cWrTENRU17AuTPGUJoXJdjLUsLBPhrte2sYBz3FDt/vPj+oPd13jsgH3cu+9u0bfvq+Huy2b7AfBhIhhBBCCCHh5JMdTsj2LMypHcykqjJSng8aLNMgL+IwpDjBmIpiujMegSYXTpSCsGURC1k9k8HlAxdCCCGEEELCyUfAUIq8SIj8npFVWr/XWxAPOSTCzp7Bpmf4k+QSIYQQQgghJJx8ZHrnU/QmDdUTWJSSICKEEEIIIYSEk38hLwjoynh4PXMrLMMg6liYPcX7hBBCCCGEEBJOPla9RRmXbt7JD+5ZwOr6JgzD4MDKUn5+0iwOrCzBUEp6UIQQQgghhNiP7JddDEopMl7Apl1tdKZdSvOiTK4qJepYbGvtIO0FPUv+9v4nhBBCCCGEkHDyEdNovMCnLdXN29t2kgg7HD6mim8fdRDjBg1gXUMLnRk3G0m0jw48kD4UIYQQQgghPvH2s9W6DFrSbbxa/yaZVJiGjiRVA/JRSjGoMMHwknyWbt5JyvVBe3Q1rSbT2Uhi4EGYoXzYS50TY7f5KX1rgxh7mbsSBEFP9fb+xRj3Vbvk79n3/ZimgaEM/CDI3aNtWXi+L8UKhRBCCCGEhJN/NoWi0+3khS2v4btx2txyxpVUsaGhDR1oKgoSPL9qC+lMGq+7i44di8m0byU2YAxWqGCP/hOtNe3tHbnq6bZlkUjECXoCQHtHEt/3+wQNSMTjpFJpMplMrv5KJBwiGo3geXsGhVQ6TTqVRutswEjEY5im2e+8HxjKDIP6HY1s3V7PkEGDKCsdQCbjsnLVGqqHDyUSDn8qA0pvqJPwJYQQQggh4eQTx1CKfCefiaXjmb9xIS32LvLyKnDrg2xwiDhkfJ9U507ampeSbt9CbMBYTCcvmyz6tHFN06ShcSc/+tmV2TfCstA6YM6MaZx92smkMxl+eOkVdHV14zg2QRAQi0b52Y++w+333M9rCxcTj0VRQCwW5bCDZ3PsEYdhGEauMe04Nnfccz+PPvUsBXkJ/CBgxPChfPHcMykvLckFlGyBSL3XBrlpmjz21HweeOQJhg+r4pgjDqNiYBld3e389k838NMffpuhlUPwff9T05jvfQ7XdbOh0bYlpAghhBBCSDj55Ah0wIa2OlJemoSToNltpNVooV2PJ+WFMJRBxLHx3DSdu9bQ2vwCXhCQKD+ITHI7KhXCiVeg1HtDtYIgIJPJ8P1vfY2aEcN5e+Uq/vd3f2LUyBoOGDuazs5Ozj3jVGZPn0LG9TAMRSwWpamlhTkzp/KFs0+nq6ubpctXcPOd95Ds6OScM07B7zPUqr0jyfjRI/n21y+gqaWFX//hz9x+99/47jcuxDQNlFKk0xksy8KyTNLpDIZhYNsWvh/Q2dnF3x56jC+ddxYHz5oBWucKT/ZeRymFbVukUmlM08SyLDzP22+Died51NXV0djYCEBpaSlVVVU9AVICihBCCCGEhJN/IUMZdHvd/GHpzWzr3EF7Jsmmtq14gccL21/B7ZqEUgrHNEl1tdL87iJi/hpc36chfTOWk8COD2TIzB+h7Fi/uSeGYVBcVEheIsHY0aOIRiOk0+lsgUfDoKAgn7y8vNz+rpvpGcoVJi+RIBaJcPQRhwFw0+13c+ThBzOguKhfr0g4FCI/P4/8/DzmzprOS6++wdLlK1m9bj1dXV3saNjJN7/6JZ5b8DJL334HyzI57ODZTJ10IH/920O0tSdZtGQ576xaSyaTYc6s6VQPrczNZ/E8jwcffZKVq9cSCjmccMwRjB5Z+3cNHfskqauro66uLjfnp66uDoDq6mr5ixVCCCGE+BTbD1fr6vtD9vZ754wYhpHtVdAB2s/kQsi+vmtXSuH5Pvc++Cg33nYnP73iKmqrhzN9yuSe+SOw4OXXuPeBR7j97r+xfMU7mKaZPWdv70UQ4Ps+Ew8cj1KKzVu37zGRPu26tHd0sGnzZha8/Bq1I4bRkUxyxz33096R5JA5M3n86ed4cv4LHHPEYRw4fizXXH8Lq9asY8yoWmzHYljVEEaNHMHSFe+weu36nvtQWKbFA48+wYJXXuOsz57E+DGjueb6W2lr78BQ+9cyyr1Bq7GxEcMwcuHLMAwaGxvxPK/f4gJCCCGEEOLTZb/oOQl0QMgM8c0Dv0jKy7C+9V2uX3Ev21s7mDtwNm/s7J3noTFDeRQMPZxQQwuOGWXA2DMJFwzHsEIoM7TXFbssyyIUCjG0cgir1qxj9Zr11FQPA2BXUzOO7ZDJpBlaOYS/t26KY9ssXLKU717yczLpDCOqh3H2aaewfOUqBpaX8rXzzyMSifDd//oZRx5+MDOnHQTAkuUrWbh4GaefMo9IOMyMKZMpLy/juQWv5EKHUpBKp3jjrSVEIhGWr3iHrlQ3Hckk9TsaKKgdQbCf9p4IIYQQQggJJ59YhjKozq+iI9PJ6pa1lIUH0uGWk6fKKQh3oNF0pT1ikSjxkqHkRw6nq3UzfrqdUGIgppPXU/PkPVprLNPk5OOOZujQSgB+/j+/4bmXXqF2xDCUghOPO4q5M6cT+D4a8H2vJxhkA4JpGpimyeKlb6O1pnJwRb/liF3PY+L4cVx0/nk4oRCJeAzHcfB9n1g0ilKKVCpFxvOIRiK542LRCJlMBs/z0Frjeh6e5/U7t4LcymLDqoZQVTkEz3M5cPxYBg8amOtR2l9orbEsi9LS0n7DuoIgoLS0VOacCCGEEEJ8yu1Xw7oCHdCe6WB1yzrKQhUUuCPp6LBJRBwAmrtSJMIO0byBFNUch5M3iGTDUrxUO+yjURsEAU0tLbS3t7PindWse3cTFeVludd6w4Dn+7l/a63pTqVo7+igcVcTjz/1LLfccQ/zjjmCkgHF/QJEEAREwmEGDiynID+vJ9Rka534fvb84XCYEcOG8tKrb9DS2saGjZtYvnIVo2pHoLXuf74+dVL8ICAcjlA7Yjjb6xsYVTuCsaNGksm4WD3Dz/ZHVVVVVFVVEQqFCIVCuZ+FEEIIIcSn2361lLBGE7EiTC+fTFe3xa7NLWzc2UFhLAQatjZ3EA3ZOLaDHc0jMXAa4YKhmHYMvWeVE0zTJBQK8btrb8SyTJRSTJl0AMcddTie75OIx7Asc49gU5Sfz8uvvsmSZStQCuKxGGefdhJHf+bQfit1AUTCYXzfx+8JN72v2bZNLBbN7XfWZ0/ijzfcyg8vvRwdaGZNm8LsmdNobW0jHo/lhnLFIhFCoWwYi8WiGEpx+skn8Ic/38j3fvzf2R6mYVWMqhmxX/5C9vaeVFdXU1lZmXuvel8TQgghhBCfXiqdTu9XLT6tNShNUzLFDQuW8+w7mxlZXsSpB9Xy0rptOKbBlw8+gLJEFM/3AI0yspPH93auru5ufD/IhZW8eLxn+JZPd3cKx3GyAaWPVDqN67q5ZXzDoX0XYUxnMmitCYdC/bZ7nofrekQiYSA7PMzzPJpb27BMk8KCglyvSXd3inAkjKFUz3LBBrZt09XVTTgcwrYtPM+nqaUVBRQVFvSrt7Lf/nJ+yLot2WKa7eTn52MYBq7rsmTJElzX3WMCvdYa27aZOHEilmXR1tbGlu07GD9mFJZlyf8RhBBCCCH+hfa71phSCkOZxEMhhg0ooD21nhfXbGVLcwdhx+LsaaOJh2wCQBm9j6f3ea5EPN5vW6ADtM6+Fo/H0H2GUfWKhMP95odorXHdvdcV6Q0lu5/Dtm0cx8kN2fL9AMMwKSkuzu3fG37i8Vhuv94wo7XObc8ea1A2oBjd59j9nfSUCCGEEEJIOPm408U/3mhVGtsyqChKEA05bGvppGXLTg6sLKVqQD4hu+excpfa9zWDPRrAKrd77rXdv33fW8N5H8+l9/F67hx9tu9x3p7Xgj779T3f7tv9vRz7qSbhRQghhBBCwsk/JPCzjcp/oO2sAVPDjGFlPPSNeQRBtpFqmgZR20JpX9qtn+pQ0hO+lOIf+kUSQgghhBD/puFEKQh8zBt/h1q+FD6C8f02EFXv9XSge4Y0yef6KQ8nGgyD4IKLCcZNgkxG3hMhhBBCiE9DOAn+WbUwlEIFAWrZEoznngXbBt/vMzTno4kU8l36p5wywDTBNPFPPTu7tPJ+Vs9FCCGEEELsI5xsq2/4+NuTZIfgZLxuBnsuccchXZRP27AqwlYYS8kqSeKDaUNhtTYTWr8eDINdLa10bm/A8DLE+ixQIIQQQggh9tNw8nH3nGg03X6Kdck6Xq5/mc+1rGGyNllZovjNvMGMLhrPuPwRjEgMI2Q6MiRL7Pt3yXaIv/UiFVf8GHpWJAuCAKTnRAghhBDi0xFOPs6TKxRJr5OXGt/k+cbX2dm5nbO1BzpgcLyS0UVjeLHpTd5oXsrpVfOYWDQOx3BAIorYG8PM/ieEEEIIISSc/L3BJBNkWNK8kjebljKjeBIDyg9mcOwW0CvQBGzu3Mqatg2kvG46vU4sdQ4HFo7FUiYyrV3sQWtZPlgIIYQQQsLJ/0c4UYqG1C5ebnyDsfkjOax8FlFlEbXvAQy2d9bzUkMnHW4nQeCxqm0dj257hiGxCsrDJfsswKeUwjTNbJ0P3ycIgve25dqw2eE++zqHYRgYhoHvv1fR3TAMlFL4vp/bzzRNlFJ4ntfv577H9V47CAL6DpHrvZ++5wOwLAut9R7bP8r3vbfSueu6H+l5/573+P2Yppl7L13XJQgCLMvCNE0ymYwUXxRCCCGEkHDyETaQUfjaZ0NHHSErxLQBB1IYymd7x1Yi6VYKlIEXZOgKugiZFvmhfFozbaxsXc32rh2UhIowMPboPTEMgyAI2Pjuu3R1dVExaBCFhYUkk0kaGhrQPdXd8/LyKCgoIBKJkNltmVmlFI2NjSSTSQYOHEg4nK243tHRTltbOxUVFbn96uvr6e7uZsiQIZimScOOHSQ7Oxk0aBCO4wCQyWSo376d0rIyotFoLqDU12/HdT0qKipQvcUUg4B3392A44QoKyvLbd9bEAiHw6TTaf6eOUGGYeB5HitXrsB1PcaPH49pmv9wY18plX3O+vpcqMrLy6O4uBjTtPB978P/wlkWjY2NvP32ctrb25kzZy4DBgxg5cqVbNq0iblz5xCNxv7pAUUpWeNNCCGEEOJTGU4A3MClrnMbFZFy8u0EO1NNPF2/gJNTzQxTELMHEDcGgeEwvfhAXmp8nYyXoS3TiRd4PXNP+je8OzuTXHbZZTzx+GO5BvLPf345hUVFfPXCr+C6Hkplv9UfNXo0F174NQ455JBczweA44R49NFH+O1vfs3F3/4OX/vaRWQyGf7nF7/g6aef4pZb/8LEiRPZtnUr55x9JqVl5dx6622k02m++tULWb9+HT/72c8548yz8H2PHfX1nHXWGcyYMZOr/vdX2LaN7/v88n/+h23bt3HrrX8hEokAio6ODs499xxG1o7kT9f+Gcdx+vXABEGQfc5kkttv/wuf+cwRVFRU5AKBYRjZOi59junbuA6CgF9ceQX33XcPU6ZM5epr/oRt27lj+jb4lVIopfY43+7bINvTsaO+nvM+dw6dnZ25+5g9ew7f/8EPGTJkSO4ee+9jb+ezbZulS5fw/e99l5aWFoZXVzPhgAkMHjyYhx9+iNtuvYXHHn+S4cPz8Dxvj+f9OLmuJz02QgghhBCfynCiwNcBbW471aEqAq15u3U1T25/niPcdlCQTEVx0qeizBAbdsaIekMpDmcotquxDZvdJ8U7jsNf//oI991zN5/7/OeZNm06z86fTzQWIwgCWlpaOOywwznttNPYuGkTd9xxO1+/6Kv88U9/5tBDD831oASBz5QpU3Bdl5dfeonzz/8yu3btYsGLC2hpbubFBS8wbfp0li1bRt2mTRx55FEUFRXx0EMP8s47K/E8j8cef5QTTzopFy4y6TQPP/QgI0aM4OL/+DZBEJBKpejq6ur3DFprOjs76e7uBsDzPBzHwXVdPM8jEolgmiYrV67kql/+ktrakVRUVGAYBqZp0tXVhWEYhMPh3DG9Q7g8z2Pr1q389a93MW/ePH78k0uJxWJ4vkeqq5tQKIRl27ljfN8nleomFI5gGkYuTHR1dWHbdu6++t57S0sLEw48kK985QJee/VVbrj+OmKxKJdf8Yvc0KxUKpU7PpVK4ft+TzjL3uNtt95KY2MDN998GyNHjsSyLVzX7Re0DMPAtu09nvfj+V1V+J7P6rXrpUCOEEIIIcSnMpxoMJQiakZI+Wk0GsewsZTZ29JlQCTMf04aQxqLbtejKVXCS9s7WNSgKHRcBsZsDNW3DanYuXMnAEOGDOHII4/ixBNPQinFggUL0FozYsQITjjxJLTWTJ06lbPPOpObbrqBGTNmEAqFct+M19TUMmrMGN5+ezlNTU0sWbyI1pYWioqKePnll7no60kWvrUQZRgcfMghuK7LIw8/THl5OXPmzOXBBx9g1apVTJ48OduYNk1sx+bqq/9ATW0txx13PEopjJ5Gf1+9QSOVSnHF5ZeRn5/Pxo3v0tzUzNnnnssBBxzAr351Fb7vceUVl3HyKady2mmnc8P11/HiSy8Si8X43LnncfhnPsP/XvVLTMukfvt2HCdES2sLvu+zZMkS/njN1cyePZs777qTDevXM3z4cP7j299l7NixLF68mOuu+zN1mzZRWVnJN791MQMGDOCaq69m8eJFDBhQzJe/cgEzZszs1+vU+96fcMKJTJ06jfv+dh+bNtXx6COP8PTTT1FbW8vLL7/E//zyf1m6dAn33XsvXV1dTJ8+na9d9HWeeOIx5s9/BtM0+f0ffoehFArFhV/9Go7j5N6z9vZ2rrvuz7zU87znnvM5jjr6aLyP5XdVY5omI6qHY9um9J4IIYQQQnzqwgngGA7V8UqWtr5Dt9/N2IJRnFR5LHnONtBNhCwDLwh4ob6d+mQGN4DWlMeCrZ00p3xOHJ7P8Pz3hnZ5nsfBBx/MX++6kysvv5w777iTU045hfO//JVcCPB9n3Q6jeu6jBo1mlGjRrN61SpaW1vJZLLbLcumsqqSWTNnce3y5SxevIiXX36Z6hEjmDNnLn+57Vbefns5S5YsZsiQSg44YALr16/n+eef47TTTuecc8/lgQfu5/HHH+Wggw4CIJ1Oc9zxJ7B61Tv87NJLqaoamp2T8j6T+n3f5/XXX6Ozs5MzzjyLF19cwJVXXsEN199IWVk5b7/9NpMmTWbMmLFcffUfuOWmG/nWxf/B5s2b+fGP/4vBQwazevVqXn3lZSYceCDHHnc8lmny8ksvMWjQYCZNnsyyZcswlMFxx83jhhuuIxQKc8mPf8L3v/cdurtTnH3OOaxbt5adOxv587V/YsGCF7jo69/gjTde50c//CH33HsfpaWl/e67pbmZt95ayPPPPUdrczPVI6ppatrFE48/xooVbzNr1qxsQLnyCg4+5FAmTprEzTfeQHt7O2edfQ5lZeUkkx3MmjWbDevXc/df72LeCSdmP8OecPLHa67mxhuuzz3vJZf8J8OGD6N23PiP7Q/Bti1s25JwIoQQQgjxaQsnGo2pTKrzhvJa0xJWtq5lTtkMDi+fTVn0YaCRtpTPc1uS5EdDHDOmiDzHxFCwq9tj/pYkK5q6qcqzsZRCk115auLESdx8y6089NBDPPP0U/zm179CKcW06TP2GJLTuyKWbds0NjbwzW98nZaWFgYNGsTf7n+AOXPncv311/HYo4+ydOlSjj/+eObNm8dtt97CX267jfXr1nH8vHmUlJRw55130JlMUl5eTndXN4MHD+Hpp57ioou+gWGa+L5PbU0NZ599Np8/71wuueQ/sW273+pW+wopM2bM5LLLr+APv/8dv7jyCkLhEDNnzWL+/Gc448wzGTlyFJdc8p/k5efT2NhIZ1cnba1trFixAtu2GDZ8ODfedAtlZWW8s3Il8AumTJnCaaedzs5du9iwfh0bN26krKyczZvrePPNN3n33Xf56U8v5aKvf4Ouri62bdvKCy88R35+IfXbt+N52bk0GzasZ+DAgbk5JKFQiFdeeYXFixeTTqeZOm0aF174VZ577jkM0+Q//+sSTjzxJC7+1jcxTJPLLrucIZWVbN2yhaeeepLvff/7VFZV0rBjB1/96td46aUXeeCB+3Ph0lCK9vZ2nn12fv/nbcs+75gDJ31sfwh7m5cjhBBCCCE+BeGkN6CUhgcwvfhA3mpeTsyOMTo+jJgdB6AlnWbRziSn1EYZXRQmz8k2UAtCJq/Xd5EOsitv9YYOpRSdnUkqq6q48spfcOaZZ3HsMUexevVqJvf0YFiWRSQSxbZdXnvtVVatWsmhhx5OVdVQfnrpz8hkMj3zOizGjBnL0KHDeOqpJzEMg1mzZlNTU0tNTQ0PPHA/lmUxZ87BdHR08MTjj2PZNjfffBO33HIzqVSKjmSSV155hQMOOACAdCbDoYcexne/9wOuuOznKMNgwoQJH/g+KaVIp9JYlpVb3rh3fowOdG6J4qKiImpqahhljebQQw/jgAMm8NCDD1JUVESsZ95N77wM3/fp7Ozkl7+4kieffIKJEyfmXnPdDEopIpEovh9gmiaGMvD9gNLSEkbU1FBTW8u8eScwfPjw3MR0yK5MNmnyZC644EKKiooZOrSKAQNKePrppzFNk9KSstx9mKbZs6KZIhKJ4Lou6XQm9zzd3d17rKTWK9C63/MefPAhTJo0OdvzJX+zQgghhBASTv7ucKI1YSPEQcUTSAVp5u94idXh1Xw9004eBmUxg4klDrtSHquaU+SHTNCws9sj6QVU2yGMnknSvXMRfv3rX7HghRc49bOnUb99O91dXYwbPx7LsjGUwZIli/nTn65hc10dDz74APF4gi9/5QLy8/M5/PDP5FaOcl2XgoICps+YwYb16xheXc3YceOIRCLMmDGTZUuXMqC8nGnTpvH666+xbOkSzjz7bC644EJ836e+vp4LvvJlHn74QWpra3INbtd1+fznv8C6tWu5+6937XUZ4L71UPb8d7Z+imPbuJkMTz39JKFwmFkzZ/Lggw+CUpSVlrFkyWKmTplKEAR4ntev3kjg+yilaG5u5o47bufgQw7lvPO+wI9+9APS6QyjR48hv6CAO+64nbLyMhYteotJEyczdeo0Vq5cQTQaxbEdVq9ZzWGHHd7v3l3XpaysjEMPPSx3bc/LrnIV+D6+72GaJgdNmcJDDz7AjTfewKjRo3n22flMmTKFwsJCfM/PPXO2Voqf67HwPI9EIsH0adN44IEHcs+7aNEiZs+eI70aQgghhBASTv6BgIImYceZWzqd0kgpS3YuoTXTymANBWGLuYMTPLXV488rmkhmAixDEbMNKhM2NYUhTJVds0v1NGSnTJnKksWLufoPf8BxbM465xzOOedc1q5dQ0lJCatXr2blypXk5+czc+Ysvvil85k4ceJev6E3DIM5c+bw6MMPc8ihh1JQUEAQBMyZO5e77/4rc+bMpaioiBdeeIHS0lJOO+0Mampq8Tyf4cOrOeaYY1m48E22bdvGgAEDCIfD+L6PaZp8/wc/ZPPmzblg1UspRX5+AYm8RM+/84nH42itCYVCFBQUAjBj5kxGjR7DzTfdRMgJ8c1v/QetrW09w9gMJk6ciO/75OUlSKXs3PlN06SgsBAnFKKgoIATTjiR5557loYdO6iqqiKTcamqquKnP/0Zv/7VVXz74m9RUlrKtKnTueTHP+Fnl/6USy/9KbZlMWvW7H7hyjAMCgsLc7Vj+g6DCoVCFBQW5ooonnzyKWzZsoV777uXTDrN+PHj+a9LfkwoFCIai5GXlweAbdsUFBTiOA6RSISCggJM0+Qb37yY5paW3PNOOHACvud96FokvYUo97XCl2VZUtdECCGEEOITSK1d/+7H/nW0QuHh055upeaq/6bwtTfonD2H9d//BRuTAWtbUizYlqQ4bDGlLMKowjCD4ja20b8B2bu8bHNzM47jUFRcjKEU6XSGrq7O7OLDWmPbDrFYDMsy33cJ2iAI6EgmiYTDudW8tNZ0dHQQCoUIhcIkkx1oIBFP0Lu8sVKKdCZDd1cX4XCEdDqV3T8cBq0xDJN0OkU6nSYWj+emw2TPncS0TKKRCMlkEtM0icZiZNJpUqkU0ViMkOPQ1tZOV1dnTzHJKL7vsWvXLoIgoKSkBNM06ejoACAai2ULX/o+nZ1JQqFQdiiV57GzsZFoNEo8nqCru4t4LIZl2bS2tdLR3k5hYSGxWBylskPTmnbtwjAMSkpK+tUsCYKAZDKJbdu5pYF73gzS6TTpVIpYLJYdJmYYud6bTCZDUXExIcfB9Ty6urrQQUA8Hsfr+TkSiRAEAel0mng8ju04+N7uz2vhmybxt16k4rL/BGD7j68kedBcDC9DIhajsLAgNwRt3bp1NDQ07LFiWhAElJWVUVNTg9aatrY2tmzbwehRtTIhXgghhBDiX+yfMoRfo7GURXGoiLAZBjQGYHgudc3dvLktSUeXR3e3AjfDkAiYETCC/tVOPC9DyDAYVFoCWhNk0gRobBSF8Vj/K3ppPFe/b+kKE0VRPFuNXLtpVE+QKuzd5qXJj4RBKQIvQ9+7CRsGkUQcrQOi9nvnoGevkGEQjoZ7jnsvpBXGo4Am8D0KYtHsc7hpwqYiEs/OHQnS3eRHwxTEwgSBJkh3YShFeXFhTwPbR/sueZFQ9ueea1h97z2TwlYGg8tKe0KXT34kROBl8D2X/EiYgmgErbPXA42tDCpKinPn1Pq998/s977074mKmAbRnnvH89GARlGUyIaeIAjwU10YQF7YyZ3fQRGKx9A6AMMkascIAp8gtffnVbaD8t+/3onWGsMwGDRoEO3t7XR3d+cCShAERCIRBg0alBviJ4QQQggh/s3CSW9A0TpAo8G0cN5dx9Df/TdneJp5ro8iuyqXoSDxgkHYNKQonuj/O6QMrNam7BLNytjnfkEQEI1GGTlyJFu2bMn1MCUSCYYMGUI0Gt3rfCAhhBBCCPGv9f8AEFuLRzkFIhQAAAAASUVORK5CYII=\"><br></p></b><p><span>To verify if you have Direct Internet Access, see our documentation about </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/sd-wan/administration/configure-direct-internet-access\">configuring Direct Internet Access</a>.<br></p><b></b><p></p>"}]}],"workarounds":[{"lang":"en","value":"If you are not using the SD-WAN feature of PAN-OS, you can mitigate this issue by disabling the SD-WAN feature. To disable SD-WAN feature, see our documentation about uninstalling SD-WAN plugin (https://docs.paloaltonetworks.com/sd-wan/activation-and-onboarding/uninstall-the-sd-wan-plugin).\n\nIf you are using the SD-WAN feature but do not need Direct Internet Access, you can mitigate the issue by disabling Direct Internet Access on the SD-WAN Interface Profile by backhauling your internet traffic to SD-WAN hub (https://docs.paloaltonetworks.com/sd-wan/administration/configure-direct-internet-access/backhaul-your-internet-traffic-to-sd-wan-hub).","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>If you are not using the SD-WAN feature of PAN-OS, you can mitigate this issue by disabling the SD-WAN feature. To disable SD-WAN feature, see our documentation about&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/sd-wan/activation-and-onboarding/uninstall-the-sd-wan-plugin\">uninstalling SD-WAN plugin</a>.</p><p>If you are using the SD-WAN feature but do not need Direct Internet Access, you can mitigate the issue by disabling Direct Internet Access on the SD-WAN Interface Profile by <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/sd-wan/administration/configure-direct-internet-access/backhaul-your-internet-traffic-to-sd-wan-hub\">backhauling your internet traffic to SD-WAN hub</a>.</p>"}]}],"solutions":[{"lang":"eng","value":"VERSION             MINOR VERSION            SUGGESTED SOLUTION\nCloud NGFW All                               No action needed.\nPAN-OS 11.2         11.2.0 through 11.2.6    Upgrade to 11.2.7 or later.\nPAN-OS 11.1         11.1.0 through 11.1.9    Upgrade to 11.1.10 or later.\nPAN-OS 10.2         10.2.0 through 10.2.16   Upgrade to 10.2.16-h1 or 10.2.17 or later.\nPAN-OS 10.1         10.1.0 through 10.1.14   Upgrade to 10.1.14-h16 or later.\nAll older                                    Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\nPrisma Access All                            No action needed.","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>Cloud NGFW All<br></td><td></td><td>No action needed.</td></tr><tr>\n                                <td>PAN-OS 11.2<br></td>\n                                <td>11.2.0 through 11.2.6</td>\n                                <td>Upgrade to 11.2.7 or later.</td>\n                            </tr><tr>\n                                <td>PAN-OS 11.1<br></td>\n                                <td>11.1.0 through 11.1.9</td>\n                                <td>Upgrade to 11.1.10 or later.</td>\n                            </tr><tr>\n                                <td>PAN-OS 10.2<br></td>\n                                <td>10.2.0 through 10.2.16</td>\n                                <td>Upgrade to 10.2.16-h1 or 10.2.17 or later.</td>\n                            </tr><tr>\n                                <td>PAN-OS 10.1<br></td>\n                                <td>10.1.0 through 10.1.14</td>\n                                <td>Upgrade to 10.1.14-h16 or later.</td>\n                            </tr><tr><td>All older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr><tr><td>Prisma Access All<br></td><td></td><td>No action needed.</td></tr></tbody></table>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-06-11T16:00:00.000Z","lang":"en","value":"Initial Publication"},{"time":"2025-06-30T23:00:00.000Z","lang":"en","value":"Updated fix availability for 11.2.7"}],"credits":[{"lang":"en","value":"MMS Technology","type":"finder"}],"source":{"defect":["PAN-284744"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.6","PAN-OS 11.2.5","PAN-OS 11.2.4-h9","PAN-OS 11.2.4-h8","PAN-OS 11.2.4-h7","PAN-OS 11.2.4-h6","PAN-OS 11.2.4-h5","PAN-OS 11.2.4-h4","PAN-OS 11.2.4-h3","PAN-OS 11.2.4-h2","PAN-OS 11.2.4-h1","PAN-OS 11.2.4","PAN-OS 11.2.3-h5","PAN-OS 11.2.3-h4","PAN-OS 11.2.3-h3","PAN-OS 11.2.3-h2","PAN-OS 11.2.3-h1","PAN-OS 11.2.3","PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.9","PAN-OS 11.1.8","PAN-OS 11.1.6-h14","PAN-OS 11.1.6-h10","PAN-OS 11.1.6-h7","PAN-OS 11.1.6-h6","PAN-OS 11.1.6-h4","PAN-OS 11.1.6-h3","PAN-OS 11.1.6-h2","PAN-OS 11.1.6-h1","PAN-OS 11.1.6","PAN-OS 11.1.5-h1","PAN-OS 11.1.5","PAN-OS 11.1.4-h18","PAN-OS 11.1.4-h17","PAN-OS 11.1.4-h15","PAN-OS 11.1.4-h13","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 10.2.16","PAN-OS 10.2.15","PAN-OS 10.2.14-h1","PAN-OS 10.2.14","PAN-OS 10.2.13-h10","PAN-OS 10.2.13-h7","PAN-OS 10.2.13-h5","PAN-OS 10.2.13-h4","PAN-OS 10.2.13-h3","PAN-OS 10.2.13-h2","PAN-OS 10.2.13-h1","PAN-OS 10.2.13","PAN-OS 10.2.12-h6","PAN-OS 10.2.12-h5","PAN-OS 10.2.12-h4","PAN-OS 10.2.12-h3","PAN-OS 10.2.12-h2","PAN-OS 10.2.12-h1","PAN-OS 10.2.12","PAN-OS 10.2.11-h13","PAN-OS 10.2.11-h12","PAN-OS 10.2.11-h11","PAN-OS 10.2.11-h10","PAN-OS 10.2.11-h9","PAN-OS 10.2.11-h8","PAN-OS 10.2.11-h7","PAN-OS 10.2.11-h6","PAN-OS 10.2.11-h5","PAN-OS 10.2.11-h4","PAN-OS 10.2.11-h3","PAN-OS 10.2.11-h2","PAN-OS 10.2.11-h1","PAN-OS 10.2.11","PAN-OS 10.2.10-h23","PAN-OS 10.2.10-h21","PAN-OS 10.2.10-h18","PAN-OS 10.2.10-h17","PAN-OS 10.2.10-h14","PAN-OS 10.2.10-h13","PAN-OS 10.2.10-h12","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h21","PAN-OS 10.2.9-h20","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h21","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h24","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.14-h15","PAN-OS 10.1.14-h14","PAN-OS 10.1.14-h13","PAN-OS 10.1.14-h11","PAN-OS 10.1.14-h10","PAN-OS 10.1.14-h9","PAN-OS 10.1.14-h8","PAN-OS 10.1.14-h7","PAN-OS 10.1.14-h6","PAN-OS 10.1.14-h5","PAN-OS 10.1.14-h4","PAN-OS 10.1.14-h3","PAN-OS 10.1.14-h2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-0136","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices","datePublic":"2025-05-14T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-319","description":"CWE-319 Cleartext Transmission of Sensitive Information","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-117","descriptions":[{"lang":"en","value":"CAPEC-117 Interception"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"unaffected","version":"11.2.0","versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.5","changes":[{"at":"11.1.5","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.0.0","lessThan":"11.0.7","changes":[{"at":"11.0.7","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.11","changes":[{"at":"10.2.11","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","lessThan":"10.1.14-h14","changes":[{"at":"10.1.14-h14","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec.\n\nThis issue does not affect Cloud NGFWs, Prisma® Access instances, or PAN-OS VM-Series firewalls.\n\nNOTE: The AES-128-CCM encryption algorithm is not recommended for use.","supportingMedia":[{"type":"text/html","base64":false,"value":"Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec.<br><br>This issue does not affect Cloud NGFWs, Prisma® Access instances, or  PAN-OS VM-Series firewalls.<br><br>NOTE: The AES-128-CCM encryption algorithm is not recommended for use."}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2025-0136","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"MEDIUM","baseScore":5.3,"threatSeverity":"LOW","threatScore":1.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"You can verify whether you configured AES-128-CCM by checking IPSec profiles on your x86_64 Intel platform based firewall (Network → Network Profiles → IPSec Crypto → Encryption → AES-128-CCM).","supportingMedia":[{"type":"text/html","base64":false,"value":"You can verify whether you configured AES-128-CCM by checking IPSec profiles on  your ​​x86_64 Intel platform based  firewall (Network →  Network Profiles → IPSec Crypto → Encryption → AES-128-CCM)."}]}],"workarounds":[{"lang":"en","value":"Configure IPSec Crypto encryption to an algorithm that meets current security standards, such as AES-256-GCM or AES-256-CBC, on PA 7500, PA 5400, PA 5400f, PA 3400, PA 1400, and PA 400 series hardware PAN-OS firewalls. For more information on configuring the IPSec Crypto Profiles see our documentation (https://docs.paloaltonetworks.com/network-security/ipsec-vpn/administration/set-up-site-to-site-vpn/define-cryptographic-profiles/define-ipsec-crypto-profiles).","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>Configure IPSec Crypto encryption to an algorithm that meets current security standards, such as AES-256-GCM or AES-256-CBC, on PA 7500, PA 5400, PA 5400f, PA 3400, PA 1400, and PA 400 series hardware PAN-OS firewalls. For more information on configuring the IPSec Crypto Profiles see our <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/network-security/ipsec-vpn/administration/set-up-site-to-site-vpn/define-cryptographic-profiles/define-ipsec-crypto-profiles\">documentation</a>.</p>"}]}],"solutions":[{"lang":"eng","value":"VERSION           MINOR VERSION            SUGGESTED SOLUTION\nPAN-OS 11.2                                No action needed\nPAN-OS 11.1       11.1.0 through 11.1.4    Upgrade to 11.1.5 or later\nPAN-OS 11.0       11.0.0 through 11.0.6    Upgrade to 11.0.7 or later\nPAN-OS 10.2       10.2.0 through 10.2.10   Upgrade to 10.2.11 or later\nPAN-OS 10.1       10.1.0 through 10.1.14   Upgrade to 10.1.14-h14 or later\nAll other older                            Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\n\n\nPAN-OS 11.0 is EoL. We listed it in this section for completeness and because we added a patch for PAN-OS 11.0 before it reached EoL. If you are running PAN-OS 11.0 on any of your firewalls, though, we strongly recommend that you upgrade to a supported (non-EoL) fixed version.","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>PAN-OS 11.2<br></td><td><br></td><td>No action needed<br></td></tr><tr><td>PAN-OS 11.1</td><td>11.1.0 through 11.1.4<br></td><td>Upgrade to 11.1.5 or later</td></tr><tr><td>PAN-OS 11.0<br></td><td>11.0.0 through 11.0.6<br></td><td>Upgrade to 11.0.7 or later<br></td></tr><tr><td>PAN-OS 10.2<br></td><td>10.2.0 through 10.2.10</td><td>Upgrade to 10.2.11 or later</td></tr><tr><td>PAN-OS 10.1<br></td><td>10.1.0 through 10.1.14<br></td><td>Upgrade to 10.1.14-h14 or later<br></td></tr><tr><td>All other older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr></tbody></table><p><br>PAN-OS 11.0 is EoL. We listed it in this section for completeness and because we added a patch for PAN-OS 11.0 before it reached EoL. If you are running PAN-OS 11.0 on any of your firewalls, though, we strongly recommend that you upgrade to a supported (non-EoL) fixed version.</p>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-05-14T16:00:00.000Z","lang":"en","value":"Initial Publication"}],"credits":[{"lang":"en","value":"Benjamin Bai of Palo Alto Networks","type":"finder"}],"source":{"defect":["PAN-250162"],"discovery":"INTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.1.4-h18","PAN-OS 11.1.4-h17","PAN-OS 11.1.4-h15","PAN-OS 11.1.4-h13","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 11.0.6-h1","PAN-OS 11.0.6","PAN-OS 11.0.5-h2","PAN-OS 11.0.5-h1","PAN-OS 11.0.5","PAN-OS 11.0.4-h6","PAN-OS 11.0.4-h5","PAN-OS 11.0.4-h4","PAN-OS 11.0.4-h3","PAN-OS 11.0.4-h2","PAN-OS 11.0.4-h1","PAN-OS 11.0.4","PAN-OS 11.0.3-h13","PAN-OS 11.0.3-h12","PAN-OS 11.0.3-h11","PAN-OS 11.0.3-h10","PAN-OS 11.0.3-h9","PAN-OS 11.0.3-h8","PAN-OS 11.0.3-h7","PAN-OS 11.0.3-h6","PAN-OS 11.0.3-h5","PAN-OS 11.0.3-h4","PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h5","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h5","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h4","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 10.2.10-h18","PAN-OS 10.2.10-h17","PAN-OS 10.2.10-h14","PAN-OS 10.2.10-h13","PAN-OS 10.2.10-h12","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h21","PAN-OS 10.2.9-h20","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h21","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h24","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.14-h13","PAN-OS 10.1.14-h11","PAN-OS 10.1.14-h10","PAN-OS 10.1.14-h9","PAN-OS 10.1.14-h8","PAN-OS 10.1.14-h7","PAN-OS 10.1.14-h6","PAN-OS 10.1.14-h5","PAN-OS 10.1.14-h4","PAN-OS 10.1.14-h3","PAN-OS 10.1.14-h2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-0137","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Improper Neutralization of Input in the Management Web Interface","datePublic":"2025-05-14T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-83","description":"CWE-83: Improper Neutralization of Script in Attributes in a Web Page","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-195","descriptions":[{"lang":"en","value":"CAPEC-195 Principal Spoof"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"affected","version":"11.2.0","lessThan":"11.2.5","changes":[{"at":"11.2.5","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.6-h14","changes":[{"at":"11.1.8","status":"unaffected"},{"at":"11.1.6-h14","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.13","changes":[{"at":"10.2.13","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","lessThan":"10.1.14-h14","changes":[{"at":"10.1.14-h14","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.0","versionEndExcluding":"11.1.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.6","versionEndExcluding":"11.1.6-h14"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.14","versionEndExcluding":"10.1.14-h14"}]}]}],"descriptions":[{"lang":"en","value":"An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator.\n\n\nThe attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431).","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator.<br></p><b></b><p>The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">critical deployment guidelines</a>.</p>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2025-0137","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"The risk is highest when you allow access to the management interface from external IP addresses on the internet."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NEGLIGIBLE","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"MEDIUM","baseScore":4.8,"threatSeverity":"LOW","threatScore":1.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/S:N/AU:N/R:U/V:C/RE:M/U:Amber"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"You can greatly reduce the risk of exploitation by restricting web interface access to a jump box as the only system or source with access to the management interface. This ensures that attacks succeed only if they obtain privileged access through the IP addresses that you specify. "}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NEGLIGIBLE","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"LOW","baseScore":2,"threatSeverity":"LOW","threatScore":0.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/S:N/AU:N/R:U/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"The risk is greatest if you allow access to the management web interface from the internet or from any untrusted network either:\n\n 1. Directly; or\n\n 2. Through a dataplane interface that includes a management interface profile.\n\nYou greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management web interface.\n\nUse the following steps to identify your recently detected devices in our internet scans.\n\n 1. To find any assets that require remediation, visit the Assets section of the Customer Support Portal:https://support.paloaltonetworks.com and then select Products → Assets → All Assets → Remediation Required).\n\n 2. Review the list of your assets that we discovered in our scans to have an internet-facing management interface. We tagged these assets with ‘PAN-SA-2024-0015’ and a last seen timestamp (in UTC). If you do not see any such assets listed, then our scan did not find any devices associated with your account in the past three days that have an internet-facing management interface.\n    \n\nGlobalProtect™ portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you are exposing the firewall to attacks through the management web interface (typically accessible on port 4443).\n\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<p> </p><p>The risk is greatest if you allow access to the management web interface from the internet or from any untrusted network either:</p><ol><li><p>Directly; or</p></li><li><p>Through a dataplane interface that includes a management interface profile.</p></li></ol><p>You greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management web interface.</p><p>Use the following steps to identify your recently detected devices in our internet scans.</p><ol><li><p>To find any assets that require remediation, visit the Assets section of the Customer Support Portal:<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com\">https://support.paloaltonetworks.com</a> and then select Products → Assets → All Assets → Remediation Required).</p></li><li><p>Review the list of your assets that we discovered in our scans to have an internet-facing management interface. We tagged these assets with ‘PAN-SA-2024-0015’ and a last seen timestamp (in UTC). If you do not see any such assets listed, then our scan did not find any devices associated with your account in the past three days that have an internet-facing management interface.<br></p></li></ol><div><p>GlobalProtect™ portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you are exposing the firewall to attacks through the management web interface (typically accessible on port 4443).</p></div><b><p></p></b>"}]}],"workarounds":[{"lang":"en","value":"Recommended mitigation—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our critical deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview more information about how to secure management access to your Palo Alto Networks firewalls in these documents:\n\n * Palo Alto Networks LIVEcommunity article: https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\n\n * Palo Alto Networks official and detailed technical documentation: https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices","supportingMedia":[{"type":"text/html","base64":false,"value":"<p><b>Recommended mitigation</b>—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">critical deployment guidelines</a>. Specifically, you should restrict management interface access to only trusted internal IP addresses.</p><p>Review more information about how to secure management access to your Palo Alto Networks firewalls in these documents:</p><ul><li><p>Palo Alto Networks LIVEcommunity article:&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431</a></p></li></ul><ul><li><p>Palo Alto Networks official and detailed technical documentation:&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\">https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices</a></p></li></ul>"}]}],"solutions":[{"lang":"eng","value":"VERSION           MINOR VERSION            SUGGESTED SOLUTION\nCloud NGFW                                 No action needed.\nPAN-OS 11.2       11.2.0 through 11.2.4    Upgrade to 11.2.5 or later.\nPAN-OS 11.1       11.1.0 through 11.1.6    Upgrade to 11.1.6-h14 or 11.1.8 or later.\nPAN-OS 10.2       10.2.0 through 10.2.12   Upgrade to 10.2.13 or later.\nPAN-OS 10.1       10.1.0 through 10.1.14   Upgrade to 10.1.14-h14 or later.\nAll older                                  Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\nPrisma Access                              No action needed.","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>Cloud NGFW<br></td><td></td><td>No action needed.</td></tr><tr>\n                                <td>PAN-OS 11.2<br></td>\n                                <td>11.2.0 through 11.2.4</td>\n                                <td>Upgrade to 11.2.5 or later.</td>\n                            </tr><tr>\n                                <td>PAN-OS 11.1<br></td>\n                                <td>11.1.0 through 11.1.6</td>\n                                <td>Upgrade to 11.1.6-h14 or 11.1.8 or later.</td>\n                            </tr><tr>\n                                <td>PAN-OS 10.2<br></td>\n                                <td>10.2.0 through 10.2.12</td>\n                                <td>Upgrade to 10.2.13 or later.</td>\n                            </tr><tr>\n                                <td>PAN-OS 10.1<br></td>\n                                <td>10.1.0 through 10.1.14</td>\n                                <td>Upgrade to 10.1.14-h14 or later.</td>\n                            </tr><tr><td>All older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr><tr><td>Prisma Access<br></td><td></td><td>No action needed.</td></tr></tbody></table>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-05-14T16:00:00.000Z","lang":"en","value":"Initial Publication"},{"time":"2025-07-10T20:55:00.000Z","lang":"en","value":"Updated fix availability for PAN-OS 11.1"},{"time":"2025-07-11T16:30:00.000Z","lang":"en","value":"Updated the solutions table"}],"credits":[{"lang":"en","value":" Jasper Westerman, Harm Blankers and Yanick de Pater of REQON B.V.","type":"finder"},{"lang":"en","value":"a customer","type":"finder"}],"source":{"defect":["PAN-265549"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.4-h9","PAN-OS 11.2.4-h8","PAN-OS 11.2.4-h7","PAN-OS 11.2.4-h6","PAN-OS 11.2.4-h5","PAN-OS 11.2.4-h4","PAN-OS 11.2.4-h3","PAN-OS 11.2.4-h2","PAN-OS 11.2.4-h1","PAN-OS 11.2.4","PAN-OS 11.2.3-h5","PAN-OS 11.2.3-h4","PAN-OS 11.2.3-h3","PAN-OS 11.2.3-h2","PAN-OS 11.2.3-h1","PAN-OS 11.2.3","PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.6-h10","PAN-OS 11.1.6-h7","PAN-OS 11.1.6-h6","PAN-OS 11.1.6-h4","PAN-OS 11.1.6-h3","PAN-OS 11.1.6-h2","PAN-OS 11.1.6-h1","PAN-OS 11.1.6","PAN-OS 11.1.5-h1","PAN-OS 11.1.5","PAN-OS 11.1.4-h18","PAN-OS 11.1.4-h17","PAN-OS 11.1.4-h15","PAN-OS 11.1.4-h13","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 10.2.12-h6","PAN-OS 10.2.12-h5","PAN-OS 10.2.12-h4","PAN-OS 10.2.12-h3","PAN-OS 10.2.12-h2","PAN-OS 10.2.12-h1","PAN-OS 10.2.12","PAN-OS 10.2.11-h13","PAN-OS 10.2.11-h12","PAN-OS 10.2.11-h11","PAN-OS 10.2.11-h10","PAN-OS 10.2.11-h9","PAN-OS 10.2.11-h8","PAN-OS 10.2.11-h7","PAN-OS 10.2.11-h6","PAN-OS 10.2.11-h5","PAN-OS 10.2.11-h4","PAN-OS 10.2.11-h3","PAN-OS 10.2.11-h2","PAN-OS 10.2.11-h1","PAN-OS 10.2.11","PAN-OS 10.2.10-h23","PAN-OS 10.2.10-h21","PAN-OS 10.2.10-h18","PAN-OS 10.2.10-h17","PAN-OS 10.2.10-h14","PAN-OS 10.2.10-h13","PAN-OS 10.2.10-h12","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h21","PAN-OS 10.2.9-h20","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h21","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h24","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.14-h13","PAN-OS 10.1.14-h11","PAN-OS 10.1.14-h10","PAN-OS 10.1.14-h9","PAN-OS 10.1.14-h8","PAN-OS 10.1.14-h7","PAN-OS 10.1.14-h6","PAN-OS 10.1.14-h5","PAN-OS 10.1.14-h4","PAN-OS 10.1.14-h3","PAN-OS 10.1.14-h2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-0130","assignerOrgId":"00000000-0000-4000-9000-000000000000","assignerShortName":"palo_alto","dateUpdated":"2024-10-14T00:00:00.000Z","serial":1,"dateReserved":"2024-10-09T07:00:00.000Z","datePublished":"2024-10-09T07:00:00.000Z","state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000","shortName":"palo_alto","dateUpdated":"2024-10-09T17:05:00.000Z"},"title":"PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets","datePublic":"2025-05-14T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-754","description":"CWE-754 Improper Check for Unusual or Exceptional Conditions","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-583","descriptions":[{"lang":"en","value":"CAPEC-583 Disabling Network Hardware"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"affected","version":"11.2.0","lessThan":"11.2.5","changes":[{"at":"11.2.5","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.6-h1","changes":[{"at":"11.1.6-h1","status":"unaffected"},{"at":"11.1.7-h2","status":"unaffected"},{"at":"11.1.8","status":"unaffected"}],"versionType":"custom"},{"status":"unaffected","version":"10.2.0","versionType":"custom"},{"status":"unaffected","version":"10.1.0","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode.\n\nThis issue does not affect Cloud NGFW or Prisma Access.","supportingMedia":[{"type":"text/html","base64":true,"value":"<p>A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode.</p><p>This issue does not affect Cloud NGFW or Prisma Access.</p>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2025-0130","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"HIGH","baseScore":8.2,"threatSeverity":"MEDIUM","threatScore":4.6,"vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:C/RE:L/U:Amber"}}],"configurations":[{"lang":"en","value":"This issue only affects PAN-OS firewalls that have the web proxy feature enabled. This feature is only available on PAN-OS 11.0 and above. Additionally a license is required to use the web proxy feature.\nTo verify if you have configured web proxy on your PAN-OS device, see our documentation regarding the web proxy feature (https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-new-features/networking-features/web-proxy).","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue only affects PAN-OS firewalls that have the web proxy feature enabled. This feature is only available on PAN-OS 11.0 and above. Additionally a license is required to use the web proxy feature.<br>To verify if you have configured web proxy on your PAN-OS device, see our <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-new-features/networking-features/web-proxy\">documentation regarding the web proxy feature</a>."}]}],"workarounds":[{"lang":"en","value":"If you are not using the web proxy feature, you can disable it to mitigate this issue. For more information regarding the web proxy feature, see our documentation regarding the web proxy feature (https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-new-features/networking-features/web-proxy).","supportingMedia":[{"type":"text/html","base64":false,"value":"If you are not using the web proxy feature, you can disable it to mitigate this issue. For more information regarding the web proxy feature, see our <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-new-features/networking-features/web-proxy\">documentation regarding the web proxy feature</a>."}]}],"solutions":[{"lang":"eng","value":"VERSION             MINOR VERSION           SUGGESTED SOLUTION\nPAN-OS 11.2         11.2.0 through 11.2.4   Upgrade to 11.2.5 or later.\nPAN-OS 11.1         11.1.0 through 11.1.7   Upgrade to 11.1.7-h2 or 11.1.8 or later.\n                    11.1.0 through 11.1.6   Upgrade to 11.1.6-h1 or 11.1.8 or later.\nPAN-OS 11.0 (EoL)                           Upgrade to a supported fixed version.\nPAN-OS 10.2                                 No action needed.\nPAN-OS 10.1                                 No action needed.\nAll other                                   Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>PAN-OS 11.2<br></td><td>11.2.0 through 11.2.4</td><td>Upgrade to 11.2.5 or later.<br></td></tr><tr><td>PAN-OS 11.1</td><td>11.1.0 through 11.1.7<br></td><td>Upgrade to 11.1.7-h2 or 11.1.8 or later.</td></tr><tr><td>&nbsp;</td><td>11.1.0 through 11.1.6</td><td>Upgrade to 11.1.6-h1 or 11.1.8 or later.</td></tr><tr><td>PAN-OS 11.0 (EoL)<br></td><td><br></td><td>Upgrade to a supported fixed version.<br></td></tr><tr><td>PAN-OS 10.2<br></td><td></td><td>No action needed.</td></tr><tr><td>PAN-OS 10.1<br></td><td></td><td>No action needed.</td></tr><tr><td>All other<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr></tbody></table>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-05-14T16:00:00.000Z","lang":"eng","value":"Initial publication"}],"credits":[{"lang":"en","value":"Jari Pietila of Palo Alto Networks","type":"finder"}],"source":{"defect":["PAN-273308"],"discovery":"INTERNAL"},"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"x_affectedList":["PAN-OS 11.2.4-h12","PAN-OS 11.2.4-h11","PAN-OS 11.2.4-h10","PAN-OS 11.2.4-h9","PAN-OS 11.2.4-h8","PAN-OS 11.2.4-h7","PAN-OS 11.2.4-h6","PAN-OS 11.2.4-h5","PAN-OS 11.2.4-h4","PAN-OS 11.2.4-h3","PAN-OS 11.2.4-h2","PAN-OS 11.2.4-h1","PAN-OS 11.2.4","PAN-OS 11.2.3-h5","PAN-OS 11.2.3-h4","PAN-OS 11.2.3-h3","PAN-OS 11.2.3-h2","PAN-OS 11.2.3-h1","PAN-OS 11.2.3","PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.6","PAN-OS 11.1.5-h1","PAN-OS 11.1.5","PAN-OS 11.1.4-h18","PAN-OS 11.1.4-h17","PAN-OS 11.1.4-h15","PAN-OS 11.1.4-h13","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-0133","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal","datePublic":"2025-05-14T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-79","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-591","descriptions":[{"lang":"en","value":"CAPEC-591 Reflected XSS"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"affected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.2.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.14:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"affected","version":"11.2.0","lessThan":"11.2.7","changes":[{"at":"11.2.7","status":"unaffected"},{"at":"11.2.4-h9","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.6-h14","changes":[{"at":"11.1.10-h1","status":"unaffected"},{"at":"11.1.6-h14","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.16-h1","changes":[{"at":"10.2.16-h1","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"affected","version":"All","versionType":"custom"}],"defaultStatus":"affected"}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:cloud_ngfw:*:*:*:*:*:*:*:*","versionStartIncluding":"all"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.4","versionEndExcluding":"11.2.4-h9"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.10","versionEndExcluding":"11.1.10-h1"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.6","versionEndExcluding":"11.1.6-h14"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.16","versionEndExcluding":"10.2.16-h1"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*","versionStartIncluding":"all"}]}]}],"descriptions":[{"lang":"en","value":"A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credential theft—particularly if you enabled Clientless VPN.\n\nThere is no availability impact to GlobalProtect features or GlobalProtect users. Attackers cannot use this vulnerability to tamper with or modify contents or configurations of the GlobalProtect portal or gateways. The integrity impact of this vulnerability is limited to enabling an attacker to create phishing and credential-stealing links that appear to be hosted on the GlobalProtect portal.\n\n\n\nFor GlobalProtect users with Clientless VPN enabled, there is a limited impact on confidentiality due to inherent risks of Clientless VPN that facilitate credential theft. You can read more about this risk in the informational bulletin PAN-SA-2025-0005 (https://security.paloaltonetworks.com/PAN-SA-2025-0005)https://security.paloaltonetworks.com/PAN-SA-2025-0005. There is no impact to confidentiality for GlobalProtect users if you did not enable (or you disable) Clientless VPN.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p></p><p><span>A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credential theft—particularly if you enabled Clientless VPN.</span></p><p><span>There is no availability impact to GlobalProtect features or GlobalProtect users. Attackers cannot use this vulnerability to tamper with or modify contents or configurations of the GlobalProtect portal or gateways. The integrity impact of this vulnerability is limited to enabling an attacker to create phishing and credential-stealing links that appear to be hosted on the GlobalProtect portal.</span></p><p></p><p>For GlobalProtect users with Clientless VPN enabled, there is a limited impact on confidentiality due to inherent risks of Clientless VPN that facilitate credential theft. You can read more about this risk in the informational bulletin <a target=\"_blank\" rel=\"nofollow\" href=\"https://security.paloaltonetworks.com/PAN-SA-2025-0005\">PAN-SA-2025-0005</a><a target=\"_blank\" rel=\"nofollow\" href=\"https://security.paloaltonetworks.com/PAN-SA-2025-0005\"></a>. There is no impact to confidentiality for GlobalProtect users if you did not enable (or you disable) Clientless VPN.</p>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2025-0133","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"Without Clientless VPN"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER","exploitMaturity":"POC","baseSeverity":"MEDIUM","baseScore":5.1,"threatSeverity":"LOW","threatScore":2,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/AU:N/R:U/V:D/U:Amber"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"With Clientless VPN enabled, there are inherent risks that facilitate credential stealing (enumerated in PAN-SA-2025-0005)."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NEGLIGIBLE","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"POC","baseSeverity":"MEDIUM","baseScore":6.9,"threatSeverity":"MEDIUM","threatScore":5.5,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/S:N/AU:N/R:U/V:D/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"This issue is applicable only to PAN-OS firewall configurations with an enabled GlobalProtect gateway or portal.","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue is applicable only to PAN-OS firewall configurations with an enabled GlobalProtect gateway or portal."}]}],"workarounds":[{"lang":"en","value":"Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510003 and 510004 from Applications and Threats content version 8995.\n\nFor all Cloud NGFW, PAN-OS, and Prisma Access deployments, it is crucial to ensure that Vulnerability Protection profiles are explicitly applied to the security rules that process traffic from GlobalProtect interfaces. This ensures the Threat Prevention signatures are actively enforced. For detailed guidance on applying Vulnerability Protection to GlobalProtect interfaces, please refer to: https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184.\n\n\nYou can also disable Clientless VPN to reduce impact in the event of exploitation, though this will not block the exploit in it's entirety. For more information, review the security advisory PAN-SA-2025-0005 (https://security.paloaltonetworks.com/PAN-SA-2025-0005).\n\nPrevious versions of this advisory have listed the recommended content version as 8970 and 8990. We now recommend 8995 as it has the latest updates to the signatures to cover additional exploit variants. ","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510003 and 510004 from Applications and Threats content version 8995.</p><p>For all Cloud NGFW, PAN-OS, and Prisma Access deployments, it is crucial to ensure that Vulnerability Protection profiles are explicitly applied to the security rules that process traffic from GlobalProtect interfaces. This ensures the Threat Prevention signatures are actively enforced. For detailed guidance on applying Vulnerability Protection to GlobalProtect interfaces, please refer to: <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184\">https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184</a>.<br></p><p>You can also disable Clientless VPN to reduce impact in the event of exploitation, though this will not block the exploit in it's entirety. For more information, review the security advisory&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://security.paloaltonetworks.com/PAN-SA-2025-0005\">PAN-SA-2025-0005</a>.</p><i>Previous versions of this advisory have listed the recommended content version as 8970 and 8990. We now recommend 8995 as it has the latest updates to the signatures to cover additional exploit variants.&nbsp;</i>"}]}],"solutions":[{"lang":"eng","value":"VERSION                                       MINOR VERSION            SUGGESTED SOLUTION\nPAN-OS 11.2                                   11.2.0 through 11.2.4    Upgrade to 11.2.4-h9 or later\n                                              11.2.5 through 11.2.6    Upgrade to 11.2.7 or later\nPAN-OS 11.1                                   11.1.0 through 11.1.6    Upgrade to 11.1.6-h14 or later\n                                              11.1.7 through 11.1.10   Upgrade to 11.1.10-h1 or later\nPAN-OS 10.2                                   10.2.0 through 10.2.16   Upgrade to 10.2.16-h1 or later\nPAN-OS 10.1                                   10.1.0 through 10.1.14   Upgrade to 10.2.16-h1 or later\nAll other older unsupported PAN-OS versions                            Upgrade to a supported fixed version\n\nPAN-OS 10.1 is in L (https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-policy)imited Support (https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-policy) and reaches Software EOL (https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary)in March 2026.\n\nhttps://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-policy","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version</th><th>Minor Version</th><th>Suggested Solution</th></tr></thead><tbody><tr><td>PAN-OS 11.2</td><td>11.2.0 through 11.2.4</td><td>Upgrade to 11.2.4-h9 or later</td></tr><tr><td>&nbsp;</td><td>11.2.5 through 11.2.6</td><td>Upgrade to 11.2.7 or later</td></tr><tr><td>PAN-OS 11.1</td><td>11.1.0 through 11.1.6</td><td>Upgrade to 11.1.6-h14 or later</td></tr><tr><td>&nbsp;</td><td>11.1.7 through 11.1.10</td><td>Upgrade to 11.1.10-h1 or later</td></tr><tr><td>PAN-OS 10.2</td><td>10.2.0 through 10.2.16</td><td>Upgrade to 10.2.16-h1 or later</td></tr><tr><td>PAN-OS 10.1</td><td>10.1.0 through 10.1.14</td><td>Upgrade to 10.2.16-h1 or later</td></tr><tr><td>All other older unsupported PAN-OS versions<br></td><td><br></td><td>Upgrade to a supported fixed version<br></td></tr></tbody></table><p>PAN-OS 10.1 is in&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-policy\">L</a><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-policy\">imited Support</a>&nbsp;and reaches&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary\">Software EOL </a>in March 2026.</p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-policy\"></a>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue. ","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.&nbsp;"}]}],"timeline":[{"time":"2025-07-09T16:00:00.000Z","lang":"en","value":"Added fix version for PAN-OS 10.2. "},{"time":"2025-07-04T06:30:00.000Z","lang":"en","value":"Added Releases with the Software Fix, Updated Recommended Content Version, and Added Guidance for Prisma Access. "},{"time":"2025-06-18T19:15:00.000Z","lang":"en","value":"Changed Content Version for Mitigation and Updated Version ETAs"},{"time":"2025-05-21T20:30:00.000Z","lang":"en","value":"Removed Cloud NGFW from Affected Products"},{"time":"2025-05-21T00:00:00.000Z","lang":"en","value":"Removed Prisma Access from Affected Products. "},{"time":"2025-05-15T20:00:00.000Z","lang":"en","value":"Changed Expected Fix Release for PAN-OS 11.2"},{"time":"2025-05-15T19:00:00.000Z","lang":"en","value":"Added Prisma Access and Cloud NGFW to Affected Products. "},{"time":"2025-05-14T16:00:00.000Z","lang":"en","value":"Initial Publication"}],"credits":[{"lang":"en","value":"XBOW","type":"finder"}],"source":{"defect":["PAN-287002"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.6","PAN-OS 11.2.5","PAN-OS 11.2.4-h8","PAN-OS 11.2.4-h7","PAN-OS 11.2.4-h6","PAN-OS 11.2.4-h5","PAN-OS 11.2.4-h4","PAN-OS 11.2.4-h3","PAN-OS 11.2.4-h2","PAN-OS 11.2.4-h1","PAN-OS 11.2.4","PAN-OS 11.2.3-h5","PAN-OS 11.2.3-h4","PAN-OS 11.2.3-h3","PAN-OS 11.2.3-h2","PAN-OS 11.2.3-h1","PAN-OS 11.2.3","PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.10","PAN-OS 11.1.9","PAN-OS 11.1.8","PAN-OS 11.1.6-h10","PAN-OS 11.1.6-h7","PAN-OS 11.1.6-h6","PAN-OS 11.1.6-h4","PAN-OS 11.1.6-h3","PAN-OS 11.1.6-h2","PAN-OS 11.1.6-h1","PAN-OS 11.1.6","PAN-OS 11.1.5-h1","PAN-OS 11.1.5","PAN-OS 11.1.4-h18","PAN-OS 11.1.4-h17","PAN-OS 11.1.4-h15","PAN-OS 11.1.4-h13","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 10.2.16","PAN-OS 10.2.15","PAN-OS 10.2.14-h1","PAN-OS 10.2.14","PAN-OS 10.2.13-h16","PAN-OS 10.2.13-h15","PAN-OS 10.2.13-h10","PAN-OS 10.2.13-h7","PAN-OS 10.2.13-h5","PAN-OS 10.2.13-h4","PAN-OS 10.2.13-h3","PAN-OS 10.2.13-h2","PAN-OS 10.2.13-h1","PAN-OS 10.2.13","PAN-OS 10.2.12-h6","PAN-OS 10.2.12-h5","PAN-OS 10.2.12-h4","PAN-OS 10.2.12-h3","PAN-OS 10.2.12-h2","PAN-OS 10.2.12-h1","PAN-OS 10.2.12","PAN-OS 10.2.11-h13","PAN-OS 10.2.11-h12","PAN-OS 10.2.11-h11","PAN-OS 10.2.11-h10","PAN-OS 10.2.11-h9","PAN-OS 10.2.11-h8","PAN-OS 10.2.11-h7","PAN-OS 10.2.11-h6","PAN-OS 10.2.11-h5","PAN-OS 10.2.11-h4","PAN-OS 10.2.11-h3","PAN-OS 10.2.11-h2","PAN-OS 10.2.11-h1","PAN-OS 10.2.11","PAN-OS 10.2.10-h27","PAN-OS 10.2.10-h26","PAN-OS 10.2.10-h23","PAN-OS 10.2.10-h21","PAN-OS 10.2.10-h18","PAN-OS 10.2.10-h17","PAN-OS 10.2.10-h14","PAN-OS 10.2.10-h13","PAN-OS 10.2.10-h12","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h21","PAN-OS 10.2.9-h20","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h21","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h24","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.14-h16","PAN-OS 10.1.14-h15","PAN-OS 10.1.14-h14","PAN-OS 10.1.14-h13","PAN-OS 10.1.14-h11","PAN-OS 10.1.14-h10","PAN-OS 10.1.14-h9","PAN-OS 10.1.14-h8","PAN-OS 10.1.14-h7","PAN-OS 10.1.14-h6","PAN-OS 10.1.14-h5","PAN-OS 10.1.14-h4","PAN-OS 10.1.14-h3","PAN-OS 10.1.14-h2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-0127","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series","datePublic":"2025-04-09T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-78","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-248","descriptions":[{"lang":"en","value":"CAPEC-248 Command Injection"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","platforms":["VM-Series"],"cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"unaffected","version":"11.2.0","versionType":"custom"},{"status":"unaffected","version":"11.1.0","versionType":"custom"},{"status":"affected","version":"11.0.0","lessThan":"11.0.4","changes":[{"at":"11.0.4","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.9","changes":[{"at":"10.2.9","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","lessThan":"10.1.14-h13","changes":[{"at":"10.1.14-h13","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed.\n\nCloud NGFW and Prisma® Access are not affected by this vulnerability.","supportingMedia":[{"type":"text/html","base64":false,"value":"A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed.<b><br><br></b>Cloud NGFW and Prisma® Access are not affected by this vulnerability."}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2025-0127","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"HIGH","baseScore":7.1,"threatSeverity":"MEDIUM","threatScore":4,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"No special configuration is required to be affected by this issue.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"No special configuration is required to be affected by this issue."}]}],"workarounds":[{"lang":"en","value":"No workaround or mitigation is available.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"No workaround or mitigation is available."}]}],"solutions":[{"lang":"eng","value":"\n\n\nVERSION                                       MINOR VERSION            SUGGESTED SOLUTION\nPAN-OS 11.2 on VM-Series                                               No action needed\nPAN-OS 11.1 on VM-Series                                               No action needed\nPAN-OS 11.0 on VM-Series                      11.0.0 through 11.0.3    Upgrade to 11.0.4 or later\nPAN-OS 10.2 on VM-Series                      10.2.0 through 10.2.8    Upgrade to 10.2.9 or later\nPAN-OS 10.1 on VM-Series                      10.1.0 through 10.1.14   Upgrade to 10.1.14-h13 or later\nPAN-OS on non VM-Series platforms                                      No action needed\nAll other older unsupported PAN-OS versions                            Upgrade to a supported fixed version\n\n\nPAN-OS 11.0 is EoL. We listed it in this section for completeness because we added a patch for PAN-OS 11.0 before it reached EoL. If you are running PAN-OS 11.0 in any of your firewalls, we strongly recommend that you upgrade from this EoL vulnerable version to a fixed version.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<div><br></div><table class=\"tbl\"><thead><tr><th>Version</th><th>Minor Version</th><th>Suggested Solution</th></tr></thead><tbody><tr><td>PAN-OS 11.2 on VM-Series<br></td><td><br></td><td>No action needed<br></td></tr><tr><td>PAN-OS 11.1&nbsp;on VM-Series<br></td><td><br></td><td>No action needed<br></td></tr><tr><td>PAN-OS 11.0&nbsp;on VM-Series<br></td><td>11.0.0 through 11.0.3<br></td><td>Upgrade to 11.0.4 or later<br></td></tr><tr><td>PAN-OS 10.2&nbsp;on VM-Series<br></td><td>10.2.0 through 10.2.8<br></td><td>Upgrade to 10.2.9 or later<br></td></tr><tr><td>PAN-OS 10.1&nbsp;on VM-Series<br></td><td>10.1.0 through 10.1.14<br></td><td>Upgrade to 10.1.14-h13 or later<br></td></tr><tr><td>PAN-OS on non VM-Series platforms</td><td><br></td><td>No action needed</td></tr><tr><td>All other older unsupported PAN-OS versions<br></td><td><br></td><td>Upgrade to a supported fixed version<br></td></tr></tbody></table><b><br></b>PAN-OS 11.0 is EoL. We listed it in this section for completeness because we added a patch for PAN-OS 11.0 before it reached EoL. If you are running PAN-OS 11.0 in any of your firewalls, we strongly recommend that you upgrade from this EoL vulnerable version to a fixed version."}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-04-09T16:00:00.000Z","lang":"en","value":"Initial Publication"}],"credits":[{"lang":"en","value":"Pavel Raunou","type":"finder"}],"source":{"defect":["PAN-225690"],"discovery":"INTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.0.3-h13","PAN-OS 11.0.3-h12","PAN-OS 11.0.3-h11","PAN-OS 11.0.3-h10","PAN-OS 11.0.3-h9","PAN-OS 11.0.3-h8","PAN-OS 11.0.3-h7","PAN-OS 11.0.3-h6","PAN-OS 11.0.3-h5","PAN-OS 11.0.3-h4","PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h5","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h5","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h4","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 10.2.8-h21","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h24","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.14-h11","PAN-OS 10.1.14-h10","PAN-OS 10.1.14-h9","PAN-OS 10.1.14-h8","PAN-OS 10.1.14-h7","PAN-OS 10.1.14-h6","PAN-OS 10.1.14-h5","PAN-OS 10.1.14-h4","PAN-OS 10.1.14-h3","PAN-OS 10.1.14-h2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-0128","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet","datePublic":"2025-04-09T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-754","description":"CWE-754 Improper Check for Unusual or Exceptional Conditions","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-153","descriptions":[{"lang":"en","value":"CAPEC-153 Input Data Manipulation"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","platforms":["PAN-OS"],"versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h32:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h31:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h30:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h29:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h28:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h27:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h26:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h25:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h24:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h23:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h22:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h21:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h20:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"affected","version":"11.2.0","lessThan":"11.2.3","changes":[{"at":"11.2.3","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.5","changes":[{"at":"11.1.5","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.0.0","lessThan":"11.0.6","changes":[{"at":"11.0.6","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.10-h17","changes":[{"at":"10.2.10-h17","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","lessThan":"10.1.14-h11","changes":[{"at":"10.1.14-h11","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","platforms":["PAN-OS"],"versions":[{"status":"affected","version":"10.2.0","lessThan":"10.2.4-h36","changes":[{"at":"10.2.10-h16","status":"unaffected"},{"at":"10.2.4-h36","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.2.0","lessThan":"11.2.4-h5","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.\n\nCloud NGFW is not affected by this vulnerability. Prisma® Access software is proactively patched and protected from this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.<br><br>Cloud NGFW is not affected by this vulnerability. Prisma® Access software is proactively patched and protected from this issue.</p>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2025-0128","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"A user sends a malicious crafted packet through the firewall, which processes a malicious packet that causes this issue."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"HIGH","baseScore":8.7,"threatSeverity":"MEDIUM","threatScore":6.6,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"For Prisma Access, this issue can only be initiated by authenticated end users that use a maliciously crafted packet."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subAvailabilityImpact":"LOW","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"MEDIUM","baseScore":5.3,"threatSeverity":"LOW","threatScore":1.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:U/AU:Y/R:U/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"NOTE: You do not need to have explicitly configured SCEP on your firewall to be at risk. Firewalls for which you do not apply the explicit mitigation for this issue are affected.","supportingMedia":[{"type":"text/html","base64":false,"value":"NOTE: You do not need to have explicitly configured SCEP on your firewall to be at risk. Firewalls for which you do not apply the explicit mitigation for this issue are affected."}]}],"workarounds":[{"lang":"en","value":"If you are not using SCEP, you can disable it to mitigate this risk by running the following command in your PAN-OS command-line interface (CLI):\n\n\n> debug sslmgr set disable-scep-auth-cookie yes\n\nCAUTION: This workaround is effective only until the next reboot, after which you must rerun this command to stay protected.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"If you are not using SCEP, you can disable it to mitigate this risk by running the following command in your PAN-OS command-line interface (CLI):<br><tt></tt><p><tt><tt>&gt; debug sslmgr set disable-scep-auth-cookie yes</tt></tt></p>CAUTION: This workaround is effective only until the next reboot, after which you must rerun this command to stay protected."}]}],"solutions":[{"lang":"eng","value":"VERSION           MINOR VERSION            SUGGESTED SOLUTION\nPAN-OS 11.2       11.2.0 through 11.2.2    Upgrade to 11.2.3 or later\nPAN-OS 11.1       11.1.0 through 11.1.4    Upgrade to 11.1.5 or later\nPAN-OS 11.0       11.0.0 through 11.0.5    Upgrade to 11.0.6 or later\nPAN-OS 10.2       10.2.0 through 10.2.10   Upgrade to 10.2.11 or later\nPAN-OS 10.1       10.1.0 through 10.1.14   Upgrade to 10.1.14-h11 or later\nAll other older                            Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\n\n\nPAN-OS 11.0 is EoL. We listed it in this section for completeness because we added a patch for PAN-OS 11.0 before it reached EoL. If you are running PAN-OS 11.0 in any of your firewalls, we strongly recommend that you upgrade to a fixed supported version.\n\nWe proactively initiated the upgrade through Prisma Access March 21, 2025, to cover all tenants.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>PAN-OS 11.2<br></td><td>11.2.0 through 11.2.2</td><td>Upgrade to 11.2.3 or later<br></td></tr><tr><td>PAN-OS 11.1</td><td>11.1.0 through 11.1.4<br></td><td>Upgrade to 11.1.5 or later</td></tr><tr><td>PAN-OS 11.0<br></td><td>11.0.0 through 11.0.5<br></td><td>Upgrade to 11.0.6 or later<br></td></tr><tr><td>PAN-OS 10.2<br></td><td>10.2.0 through 10.2.10</td><td>Upgrade to 10.2.11 or later</td></tr><tr><td>PAN-OS 10.1<br></td><td>10.1.0 through 10.1.14<br></td><td>Upgrade to 10.1.14-h11 or later<br></td></tr><tr><td>All other older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr></tbody></table><br>PAN-OS 11.0 is EoL. We listed it in this section for completeness because we added a patch for PAN-OS 11.0 before it reached EoL. If you are running PAN-OS 11.0 in any of your firewalls, we strongly recommend that you upgrade to a fixed supported version.<br><br>We proactively initiated the upgrade through Prisma Access March 21, 2025, to cover all tenants."}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-04-09T16:00:00.000Z","lang":"en","value":"Initial Publication"}],"credits":[{"lang":"en","value":"independent security researcher","type":"finder"}],"source":{"defect":["PAN-255859"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.4-h17","PAN-OS 11.1.4-h15","PAN-OS 11.1.4-h13","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 11.0.5-h2","PAN-OS 11.0.5-h1","PAN-OS 11.0.5","PAN-OS 11.0.4-h6","PAN-OS 11.0.4-h5","PAN-OS 11.0.4-h4","PAN-OS 11.0.4-h3","PAN-OS 11.0.4-h2","PAN-OS 11.0.4-h1","PAN-OS 11.0.4","PAN-OS 11.0.3-h13","PAN-OS 11.0.3-h12","PAN-OS 11.0.3-h11","PAN-OS 11.0.3-h10","PAN-OS 11.0.3-h9","PAN-OS 11.0.3-h8","PAN-OS 11.0.3-h7","PAN-OS 11.0.3-h6","PAN-OS 11.0.3-h5","PAN-OS 11.0.3-h4","PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h5","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h5","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h4","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 10.2.10-h14","PAN-OS 10.2.10-h13","PAN-OS 10.2.10-h12","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h21","PAN-OS 10.2.9-h20","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h21","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h24","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.14-h10","PAN-OS 10.1.14-h9","PAN-OS 10.1.14-h8","PAN-OS 10.1.14-h7","PAN-OS 10.1.14-h6","PAN-OS 10.1.14-h5","PAN-OS 10.1.14-h4","PAN-OS 10.1.14-h3","PAN-OS 10.1.14-h2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-0126","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login","datePublic":"2025-04-09T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-384","description":"CWE-384 Session Fixation","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-195","descriptions":[{"lang":"en","value":"CAPEC-195 Principal Spoof"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h32:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h31:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h30:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h29:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h28:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h27:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h26:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h25:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h24:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h23:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h22:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h21:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h20:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"affected","version":"11.2.0","lessThan":"11.2.3","changes":[{"at":"11.2.3","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.5","changes":[{"at":"11.1.5","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.0.0","lessThan":"11.0.6","changes":[{"at":"11.0.6","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.10-h6","changes":[{"at":"10.2.10-h6","status":"unaffected"},{"at":"10.2.11","status":"unaffected"},{"at":"10.2.4-h25","status":"unaffected"},{"at":"10.2.9-h13","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","lessThan":"10.1.14-h11","changes":[{"at":"10.1.14-h11","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","platforms":["PAN-OS"],"versions":[{"status":"affected","version":"10.2.0","lessThan":"10.2.4-h36","changes":[{"at":"10.2.10-h16","status":"unaffected"},{"at":"10.2.4-h36","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.2.0","lessThan":"11.2.4-h5","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker.\n\nThe SAML login for the PAN-OS® management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched.","supportingMedia":[{"type":"text/html","base64":false,"value":"When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker.<br><br>The SAML login for the PAN-OS® management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched."}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2025-0126","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"HIGH","baseScore":8.3,"threatSeverity":"MEDIUM","threatScore":5.6,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:H/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"This issue impacts only firewalls on which you configured a GlobalProtect portal to use SAML Authentication.\n\nYou can verify whether you configured GlobalProtect portal by checking for entries in your firewall web interface (Network → GlobalProtect → Portals).\n\nIf you do have GlobalProtect portals or gateways in your configuration, then you can verify whether you configured SAML Authentication on these portals by checking your firewall web interface (Network → GlobalProtect → Portals → (portal-config) → Authentication).\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>This issue impacts only firewalls on which you configured a GlobalProtect portal to use SAML Authentication.</p><p>You can verify whether you configured GlobalProtect portal by checking for entries in your firewall web interface (Network → GlobalProtect → Portals).</p><p>If you do have GlobalProtect portals or gateways in your configuration, then you can verify whether you configured SAML Authentication on these portals by checking your firewall web interface (Network → GlobalProtect → Portals → (portal-config) → Authentication).</p>"}]}],"workarounds":[{"lang":"en","value":"This issue can be mitigated using a different form of authentication for the GlobalProtect portal (such as Client Certificate Authentication, RADIUS, TACACS+, LDAP, or Kerberos). For more information about configuring authentication for the GlobalProtect portal see this technical documentation (https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-web-interface-help/globalprotect/network-globalprotect-portals/globalprotect-portals-authentication-configuration-tab).","supportingMedia":[{"type":"text/html","base64":false,"value":"<p><span>This issue can be mitigated using a different form of authentication for the GlobalProtect portal (such as Client Certificate Authentication, RADIUS, TACACS+, LDAP, or Kerberos). For more information about configuring authentication for the GlobalProtect portal see this technical </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-web-interface-help/globalprotect/network-globalprotect-portals/globalprotect-portals-authentication-configuration-tab\"><span>documentation</span></a><span>.</span></p>"}]}],"solutions":[{"lang":"eng","value":"VERSION           MINOR VERSION            SUGGESTED SOLUTION\nPAN-OS 11.2       11.2.0 through 11.2.2    Upgrade to 11.2.3 or later\nPAN-OS 11.1       11.1.0 through 11.1.4    Upgrade to 11.1.5 or later\nPAN-OS 11.0       11.0.0 through 11.0.5    Upgrade to 11.0.6 or later\nPAN-OS 10.2       10.2.10                  Upgrade to 10.2.10-h6 or 10.2.11 or later\n                  10.2.5 through 10.2.9    Upgrade to 10.2.9-h13 or 10.2.11 or later\n                  10.2.0 through 10.2.4    Upgrade to 10.2.4-h25 or 10.2.11 or later\nPAN-OS 10.1       10.1.0 through 10.1.14   Upgrade to 10.1.14-h11 or later\nAll other older                            Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\n\n\nPAN-OS 11.0 is EoL. We listed it in this section for completeness because we added a patch for PAN-OS 11.0 before it reached EoL. If you are running PAN-OS 11.0 in any of your firewalls, we strongly recommend that you upgrade from this EoL vulnerable version to a fixed version.\n\nWe proactively initiated an upgrade of Prisma Access on March 21, 2025, to cover all tenants.\n\n\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>PAN-OS 11.2<br></td><td>11.2.0 through 11.2.2<br></td><td>Upgrade to 11.2.3 or later</td></tr><tr><td>PAN-OS 11.1<br></td><td>11.1.0 through 11.1.4<br></td><td>Upgrade to 11.1.5 or later<br></td></tr><tr><td>PAN-OS 11.0</td><td>11.0.0 through 11.0.5</td><td>Upgrade to 11.0.6 or later</td></tr><tr><td>PAN-OS 10.2<br></td><td>10.2.10<br></td><td>Upgrade to 10.2.10-h6 or 10.2.11 or later<br></td></tr><tr><td>&nbsp;</td><td>10.2.5 through 10.2.9</td><td>Upgrade to 10.2.9-h13 or 10.2.11 or later</td></tr><tr><td>&nbsp;</td><td>10.2.0 through 10.2.4</td><td>Upgrade to 10.2.4-h25 or 10.2.11 or later</td></tr><tr><td>PAN-OS 10.1<br></td><td>10.1.0 through 10.1.14<br></td><td>Upgrade to 10.1.14-h11 or later<br></td></tr><tr><td>All other older <br>unsupported <br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr></tbody></table><br>PAN-OS 11.0 is EoL. We listed it in this section for completeness because we added a patch for PAN-OS 11.0 before it reached EoL. If you are running PAN-OS 11.0 in any of your firewalls, we strongly recommend that you upgrade from this EoL vulnerable version to a fixed version.<br><br>We proactively initiated an upgrade of Prisma Access on March 21, 2025, to cover all tenants.<br><p></p>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-04-09T16:00:00.000Z","lang":"en","value":"Initial Publication"}],"credits":[{"lang":"en","value":"D'Angelo Gonzalez of CrowdStrike","type":"finder"}],"source":{"defect":["PAN-253328"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.4-h17","PAN-OS 11.1.4-h15","PAN-OS 11.1.4-h13","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 11.0.5-h2","PAN-OS 11.0.5-h1","PAN-OS 11.0.5","PAN-OS 11.0.4-h6","PAN-OS 11.0.4-h5","PAN-OS 11.0.4-h4","PAN-OS 11.0.4-h3","PAN-OS 11.0.4-h2","PAN-OS 11.0.4-h1","PAN-OS 11.0.4","PAN-OS 11.0.3-h13","PAN-OS 11.0.3-h12","PAN-OS 11.0.3-h11","PAN-OS 11.0.3-h10","PAN-OS 11.0.3-h9","PAN-OS 11.0.3-h8","PAN-OS 11.0.3-h7","PAN-OS 11.0.3-h6","PAN-OS 11.0.3-h5","PAN-OS 11.0.3-h4","PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h5","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h5","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h4","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 10.2.10-h14","PAN-OS 10.2.10-h13","PAN-OS 10.2.10-h12","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h21","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h24","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.14-h10","PAN-OS 10.1.14-h9","PAN-OS 10.1.14-h8","PAN-OS 10.1.14-h7","PAN-OS 10.1.14-h6","PAN-OS 10.1.14-h5","PAN-OS 10.1.14-h4","PAN-OS 10.1.14-h3","PAN-OS 10.1.14-h2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-0125","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Improper Neutralization of Input in the Management Web Interface","datePublic":"2025-04-09T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-83","description":"CWE-83: Improper Neutralization of Script in Attributes in a Web Page","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-242","descriptions":[{"lang":"en","value":"CAPEC-242 Code Injection"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"],"modules":["mgmt-ui"],"versions":[{"status":"affected","version":"11.2.0","lessThan":"11.2.5","changes":[{"at":"11.2.5","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.5","changes":[{"at":"11.1.5","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.0.0","lessThan":"11.0.6","changes":[{"at":"11.0.6","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.11","changes":[{"at":"10.2.11","status":"unaffected"},{"at":"10.2.10-h19","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","lessThan":"10.1.14-h11","changes":[{"at":"10.1.14-h11","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.0","versionEndExcluding":"11.1.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndExcluding":"11.0.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.10","versionEndExcluding":"10.2.10-h19"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.14","versionEndExcluding":"10.1.14-h11"}]}]}],"descriptions":[{"lang":"en","value":"An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator.\n\n\nThe attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431).\n\nThis issue does not affect Cloud NGFW and all Prisma® Access instances.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator.<br></p><b></b><p>The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">critical deployment guidelines</a>.<br><br>This issue does not affect Cloud NGFW and all Prisma® Access instances.<br></p>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2025-0125","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"The risk is highest when you allow access to the management interface from external IP addresses on the internet. Our recommendation is to remediate as soon as possible."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NEGLIGIBLE","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"MEDIUM","baseScore":6.9,"threatSeverity":"MEDIUM","threatScore":4.4,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/S:N/AU:N/R:U/V:C/RE:M/U:Amber"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"You can greatly reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface. This will ensure that attacks can succeed only if they obtain privileged access through those specified IP addresses. We recommend remediating this vulnerability in your next scheduled maintenance cycle."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NEGLIGIBLE","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"MEDIUM","baseScore":5.8,"threatSeverity":"LOW","threatScore":1.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/S:N/AU:N/R:U/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"The risk is greatest if you enabled access to the management interface from the internet or from any untrusted network either:\n\n 1. Directly; or\n\n 1. Through a dataplane interface that includes a management interface profile.\n\nYou greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.\n\nUse the following steps to identify your recently detected devices in our internet scans.\n\n 1. To find any assets that require remediation action, visit the Assets section of the Customer Support Portal a https://support.paloaltonetworks.com (https://support.paloaltonetworks.com/) (Products → Assets → All Assets → Remediation Required).\n\n 2. Review the list of your devices that we discovered in our scans to have an internet-facing management interface. We tagged these devices with ‘PAN-SA-2024-0015’ and a last seen timestamp (in UTC). If you do not see any such devices listed, then our scan did not find any devices associated with your account that had an internet-facing management interface within the past three days.\n\nGlobalProtect™ portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you expose the device to attacks through the management web interface (typically accessible on port 4443).\n\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<p> </p><p><span>The risk is greatest if you enabled access to the management interface from the internet or from any untrusted network either:</span></p><ol><li><p><span>Directly; or</span></p></li></ol><ol><li><p><span>Through a dataplane interface that includes a management interface profile.</span></p></li></ol><p><span>You greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.</span></p><p><span>Use the following steps to identify your recently detected devices in our internet scans.</span></p><ol><li><p><span>To find any assets that require remediation action, visit the Assets section of the Customer Support Portal a&nbsp;</span><a target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/\"><span>https://support.paloaltonetworks.com</span></a>&nbsp;<span>(Products → Assets → All Assets → Remediation Required).</span></p></li><li><p><span>Review the list of your devices that we discovered in our scans to have an internet-facing management interface. We tagged these devices with ‘PAN-SA-2024-0015’ and a last seen timestamp (in UTC). If you do not see any such devices listed, then our scan did not find any devices associated with your account that had an internet-facing management interface within the past three days.</span></p></li></ol><div><p><span>GlobalProtect™ portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you expose the device to attacks through the management web interface (typically accessible on port 4443).</span></p></div><b><p></p></b>"}]}],"workarounds":[{"lang":"en","value":"Recommended mitigation—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our critical deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n * Palo Alto Networks LIVEcommunity article: https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\n\n * Palo Alto Networks official and detailed technical documentation: https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices","supportingMedia":[{"type":"text/html","base64":false,"value":"<p><b>Recommended mitigation</b>—<span>The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"><span>critical deployment guidelines</span></a><span>. Specifically, you should restrict management interface access to only trusted internal IP addresses.</span></p><p><span>Review information about how to secure management access to your Palo Alto Networks firewalls:</span></p><ul><li><p><span>Palo Alto Networks LIVEcommunity article:&nbsp;</span><a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"><span>https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431</span></a></p></li></ul><ul><li><p><span>Palo Alto Networks official and detailed technical documentation:&nbsp;</span><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"><span>https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices</span></a></p></li></ul>"}]}],"solutions":[{"lang":"eng","value":"VERSION           MINOR VERSION            SUGGESTED SOLUTION\nPAN-OS 11.2       11.2.0 through 11.2.4    Upgrade to 11.2.5 or later\nPAN-OS 11.1       11.1.0 through 11.1.4    Upgrade to 11.1.5 or later\nPAN-OS 11.0       11.0.0 through 11.0.5    Upgrade to 11.0.6 or later\nPAN-OS 10.2       10.2.0 through 10.2.10   Upgrade to 10.2.10-h19 or 10.2.11 or later\nPAN-OS 10.1       10.1.0 through 10.1.14   Upgrade to 10.1.14-h11 or later\nAll other older                            Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\n\n\nPAN-OS 11.0 is EoL. We listed it in this section for completeness because we added a patch for PAN-OS 11.0 before it reached EoL. If you are running PAN-OS 11.0 in any of your firewalls, we strongly recommend that you upgrade to a fixed supported version.","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>PAN-OS 11.2<br></td><td>11.2.0 through 11.2.4</td><td>Upgrade to 11.2.5 or later<br></td></tr><tr><td>PAN-OS 11.1</td><td>11.1.0 through 11.1.4<br></td><td>Upgrade to 11.1.5 or later</td></tr><tr><td>PAN-OS 11.0<br></td><td>11.0.0 through 11.0.5<br></td><td>Upgrade to 11.0.6 or later<br></td></tr><tr><td>PAN-OS 10.2<br></td><td>10.2.0 through 10.2.10</td><td>Upgrade to 10.2.10-h19 or 10.2.11 or later</td></tr><tr><td>PAN-OS 10.1<br></td><td>10.1.0 through 10.1.14<br></td><td>Upgrade to 10.1.14-h11 or later<br></td></tr><tr><td>All other older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr></tbody></table><br>PAN-OS 11.0 is EoL. We listed it in this section for completeness because we added a patch for PAN-OS 11.0 before it reached EoL. If you are running PAN-OS 11.0 in any of your firewalls, we strongly recommend that you upgrade to a fixed supported version."}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-04-09T16:00:00.000Z","lang":"en","value":"Initial Publication"},{"time":"2025-04-16T00:00:00.000Z","lang":"en","value":"Clarified fix versions"},{"time":"2025-06-12T17:00:00.000Z","lang":"en","value":"Added 10.2.10-h19 to Unaffected Versions"}],"credits":[{"lang":"en","value":"Stephen Kelly and James Loose of Visa Cybersecurity team","type":"finder"},{"lang":"en","value":"Deloitte Romania, represented by Razvan Ilisanu and Matei “Mal” Badanoiu,","type":"finder"}],"source":{"defect":["PAN-259759"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.4-h9","PAN-OS 11.2.4-h8","PAN-OS 11.2.4-h7","PAN-OS 11.2.4-h6","PAN-OS 11.2.4-h5","PAN-OS 11.2.4-h4","PAN-OS 11.2.4-h3","PAN-OS 11.2.4-h2","PAN-OS 11.2.4-h1","PAN-OS 11.2.4","PAN-OS 11.2.3-h5","PAN-OS 11.2.3-h4","PAN-OS 11.2.3-h3","PAN-OS 11.2.3-h2","PAN-OS 11.2.3-h1","PAN-OS 11.2.3","PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.4-h18","PAN-OS 11.1.4-h17","PAN-OS 11.1.4-h15","PAN-OS 11.1.4-h13","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 11.0.5-h2","PAN-OS 11.0.5-h1","PAN-OS 11.0.5","PAN-OS 11.0.4-h6","PAN-OS 11.0.4-h5","PAN-OS 11.0.4-h4","PAN-OS 11.0.4-h3","PAN-OS 11.0.4-h2","PAN-OS 11.0.4-h1","PAN-OS 11.0.4","PAN-OS 11.0.3-h13","PAN-OS 11.0.3-h12","PAN-OS 11.0.3-h11","PAN-OS 11.0.3-h10","PAN-OS 11.0.3-h9","PAN-OS 11.0.3-h8","PAN-OS 11.0.3-h7","PAN-OS 11.0.3-h6","PAN-OS 11.0.3-h5","PAN-OS 11.0.3-h4","PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h5","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h5","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h4","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 10.2.10-h18","PAN-OS 10.2.10-h17","PAN-OS 10.2.10-h14","PAN-OS 10.2.10-h13","PAN-OS 10.2.10-h12","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h21","PAN-OS 10.2.9-h20","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h21","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h24","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.14-h10","PAN-OS 10.1.14-h9","PAN-OS 10.1.14-h8","PAN-OS 10.1.14-h7","PAN-OS 10.1.14-h6","PAN-OS 10.1.14-h5","PAN-OS 10.1.14-h4","PAN-OS 10.1.14-h3","PAN-OS 10.1.14-h2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-0124","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface","datePublic":"2025-04-09T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-73","description":"CWE-73: External Control of File Name or Path","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-165","descriptions":[{"lang":"en","value":"CAPEC-165 File Manipulation"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"affected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"affected","version":"11.2.0","lessThan":"11.2.1","changes":[{"at":"11.2.1","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.5","changes":[{"at":"11.1.5","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.0.0","lessThan":"11.0.6","changes":[{"at":"11.0.6","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.10","changes":[{"at":"10.2.10","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","lessThan":"10.1.14-h11","changes":[{"at":"10.1.14-h11","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files.\n\nThe attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431).\n\nThis issue affects Cloud NGFW. However, this issue does not affect Prisma® Access software.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files.</p><p>The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">critical deployment guidelines</a><span>.</span></p><p>This issue affects Cloud NGFW. However, this issue does not affect Prisma® Access software.<br></p>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2025-0124","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"The risk is highest when you allow access to the management interface from external IP addresses on the internet."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"POC","baseSeverity":"MEDIUM","baseScore":5.1,"threatSeverity":"LOW","threatScore":2,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/AU:N/R:U/V:C/RE:M/U:Amber"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"You greatly reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface. This ensures that attacks can succeed only if they obtain privileged access through those specified internal IP addresses."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"POC","baseSeverity":"LOW","baseScore":2.1,"threatSeverity":"LOW","threatScore":1.2,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/AU:N/R:U/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"The risk is greatest if you enabled access to the management interface from the internet or from any untrusted network either:\n\n 1. Directly; or\n 2. Through a dataplane interface that includes a management interface profile.\n\nYou greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.\n\nUse the following steps to identify your recently detected devices in our internet scans.\n\n 1. To find any assets that require remediation action, visit the Assets section of the Customer Support Portal at https://support.paloaltonetworks.com (https://support.paloaltonetworks.com/) (Products → Assets → All Assets → Remediation Required).\n 2. Review the list of your devices that we discovered in our scans to have an internet-facing management interface. We tagged these devices with ‘PAN-SA-2024-0015’ and a last seen timestamp (in UTC). If you do not see any such devices listed, then our scan did not find any devices associated with your account that had an internet-facing management interface within the past three days.\n\nGlobalProtect™ portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you expose the device to attacks through the management web interface (typically accessible on port 4443).","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>The risk is greatest if you enabled access to the management interface from the internet or from any untrusted network either:</p><ol><li>Directly; or</li><li>Through a dataplane interface that includes a management interface profile.</li></ol><p>You greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.</p><p>Use the following steps to identify your recently detected devices in our internet scans.</p><ol><li>To find any assets that require remediation action, visit the Assets section of the Customer Support Portal at <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/\">https://support.paloaltonetworks.com</a>&nbsp;(Products → Assets → All Assets → Remediation Required).</li><li>Review the list of your devices that we discovered in our scans to have an internet-facing management interface. We tagged these devices with ‘PAN-SA-2024-0015’ and a last seen timestamp (in UTC). If you do not see any such devices listed, then our scan did not find any devices associated with your account that had an internet-facing management interface within the past three days.</li></ol><p>GlobalProtect™ portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you expose the device to attacks through the management web interface (typically accessible on port 4443).</p>"}]}],"workarounds":[{"lang":"en","value":"Recommended mitigation—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our best practices deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n * Palo Alto Networks LIVEcommunity article:https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\n\n * Palo Alto Networks official and detailed technical documentation:https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices","supportingMedia":[{"type":"text/html","base64":false,"value":"<p><b>Recommended mitigation</b>—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">best practices deployment guidelines</a>. Specifically, you should restrict management interface access to only trusted internal IP addresses.</p><p>Review information about how to secure management access to your Palo Alto Networks firewalls:</p><ul><li><p>Palo Alto Networks LIVEcommunity article:<a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431</a></p></li><li>Palo Alto Networks official and detailed technical documentation:<a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\">https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices</a></li></ul>"}]}],"solutions":[{"lang":"eng","value":"VERSION           MINOR VERSION            SUGGESTED SOLUTION\nPAN-OS 11.2       11.2.0                   Upgrade to 11.2.1 or later\nPAN-OS 11.1       11.1.0 through 11.1.4    Upgrade to 11.1.5 or later\nPAN-OS 11.0       11.0.0 through 11.0.5    Upgrade to 11.0.6 or later\nPAN-OS 10.2       10.2.0 through 10.2.9    Upgrade to 10.2.10 or later\nPAN-OS 10.1       10.1.0 through 10.1.14   Upgrade to 10.1.14-h11 or later\nAll other older                            Upgrade to a supported fixed version \nunsupported\nPAN-OS versions\n\nPAN-OS 11.0 has reached EoL. We listed it here for completeness because a patch for PAN-OS 11.0 was released before it reached EoL. If you are still using any vulnerable EoL versions, we strongly recommend that you upgrade to a supported fixed PAN-OS version.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>PAN-OS 11.2<br></td><td>11.2.0<br></td><td>Upgrade to 11.2.1 or later</td></tr><tr><td>PAN-OS 11.1</td><td>11.1.0 through 11.1.4</td><td>Upgrade to 11.1.5 or later</td></tr><tr><td>PAN-OS 11.0</td><td>11.0.0 through 11.0.5</td><td>Upgrade to 11.0.6 or later</td></tr><tr><td>PAN-OS 10.2</td><td>10.2.0 through 10.2.9</td><td>Upgrade to 10.2.10 or later</td></tr><tr><td>PAN-OS 10.1</td><td>10.1.0 through 10.1.14</td><td>Upgrade to 10.1.14-h11 or later</td></tr><tr><td>All other older<br>unsupported<br>PAN-OS versions<br></td><td>&nbsp;</td><td>Upgrade to a supported fixed version&nbsp;</td></tr></tbody></table><p>PAN-OS 11.0 has reached EoL. We listed it here for completeness because a patch for PAN-OS 11.0 was released before it reached EoL. If you are still using any vulnerable EoL versions, we strongly recommend that you upgrade to a supported fixed PAN-OS version.<br></p>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-04-09T16:00:00.000Z","lang":"en","value":"Initial Publication"}],"credits":[{"lang":"en","value":"Stephen Kelly and James Loose of Visa Cybersecurity team","type":"finder"}],"source":{"defect":["PAN-254188"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.4-h18","PAN-OS 11.1.4-h17","PAN-OS 11.1.4-h15","PAN-OS 11.1.4-h13","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 11.0.5-h2","PAN-OS 11.0.5-h1","PAN-OS 11.0.5","PAN-OS 11.0.4-h6","PAN-OS 11.0.4-h5","PAN-OS 11.0.4-h4","PAN-OS 11.0.4-h3","PAN-OS 11.0.4-h2","PAN-OS 11.0.4-h1","PAN-OS 11.0.4","PAN-OS 11.0.3-h13","PAN-OS 11.0.3-h12","PAN-OS 11.0.3-h11","PAN-OS 11.0.3-h10","PAN-OS 11.0.3-h9","PAN-OS 11.0.3-h8","PAN-OS 11.0.3-h7","PAN-OS 11.0.3-h6","PAN-OS 11.0.3-h5","PAN-OS 11.0.3-h4","PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h5","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h5","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h4","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 10.2.9-h21","PAN-OS 10.2.9-h20","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h21","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h24","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.14-h10","PAN-OS 10.1.14-h9","PAN-OS 10.1.14-h8","PAN-OS 10.1.14-h7","PAN-OS 10.1.14-h6","PAN-OS 10.1.14-h5","PAN-OS 10.1.14-h4","PAN-OS 10.1.14-h3","PAN-OS 10.1.14-h2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-0123","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures","datePublic":"2025-04-09T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-312","description":"CWE-312 Cleartext Storage of Sensitive Information","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-158","descriptions":[{"lang":"en","value":"CAPEC-158: Sniffing Network Traffic"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"affected","version":"11.2.0","lessThan":"11.2.6","changes":[{"at":"11.2.6","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.6-h10","changes":[{"at":"11.1.8","status":"unaffected"},{"at":"11.1.6-h10","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.10-h21","changes":[{"at":"10.2.15","status":"unaffected"},{"at":"10.2.10-h21","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","lessThan":"10.1.14-h13","changes":[{"at":"10.1.14-h13","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.0","versionEndExcluding":"11.1.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.6","versionEndExcluding":"11.1.6-h10"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.15"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.10","versionEndExcluding":"10.2.10-h21"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.14","versionEndExcluding":"10.1.14-h13"}]}]}],"descriptions":[{"lang":"en","value":"A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature (https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture) in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted.\n\nIn normal conditions, decrypted packet captures are available to firewall administrators after they obtain and install a free Decryption Port Mirror license. The license requirement ensures that this feature can only be used after approved personnel purposefully activate the license. For more information, review how to configure decryption port mirroring (https://docs.paloaltonetworks.com/network-security/decryption/administration/monitoring-decryption/configure-decryption-port-mirroring).\n\nThe administrator must obtain network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. Risk of this issue can be greatly reduced by restricting access to the management interface to only trusted administrators and from only internal IP addresses according to our recommended critical deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431).\n\nCustomer firewall administrators do not have access to the packet capture feature in Cloud NGFW. This feature is available only to authorized Palo Alto Networks personnel permitted to perform troubleshooting.\n\nPrisma® Access is not impacted by this vulnerability.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture\">packet capture feature</a> in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted.<br><br>In normal conditions, decrypted packet captures are available to firewall administrators after they obtain and install a free Decryption Port Mirror license. The license requirement ensures that this feature can only be used after approved personnel purposefully activate the license. For more information, review how to <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/network-security/decryption/administration/monitoring-decryption/configure-decryption-port-mirroring\">configure decryption port mirroring</a>.<br><br>The administrator must obtain network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. Risk of this issue can be greatly reduced by restricting access to the management interface to only trusted administrators and from only internal IP addresses according to our recommended <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">critical deployment guidelines</a>.<br><br>Customer firewall administrators do not have access to the packet capture feature in Cloud NGFW. This feature is available only to authorized Palo Alto Networks personnel permitted to perform troubleshooting.<br><br>Prisma® Access is not impacted by this vulnerability."}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2025-0123","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"Firewall administrators can see traffic that they should not be able to see, which impacts confidentiality but there is no impact to integrity or availability of that traffic."}],"cvssV4_0":{"version":"4.0","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","subConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"MEDIUM","baseScore":5.9,"threatSeverity":"LOW","threatScore":1.9,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"There is no risk if the firewall is licensed for decryption port mirroring because firewall administrators are already authorized to obtain decrypted packet captures from Palo Alto Networks firewalls."}],"cvssV4_0":{"version":"4.0","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"CLEAR","exploitMaturity":"UNREPORTED","baseSeverity":"NONE","baseScore":0,"threatSeverity":"NONE","threatScore":0,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/U:Clear"}}],"configurations":[{"lang":"en","value":"This vulnerability requires the following configuration:\n 1. An SSL decryption policy matching HTTP/2 data flows tied to a decryption profile without 'Strip ALPN' enabled;\n    and\n 2. Global HTTP/2 inspection enabled.\n    \n    Note: Global HTTP/2 inspection is enabled by default. The setting to disable it is available only by using the PAN-OS command-line interface (CLI). To verify whether this feature is globally disabled use the following CLI commands:\n    \n    > set cli config-output-format set\n    > configure\n    # show | match 'http2 enable no'\n    \n      - If there is no output, then http2 inspection is enabled.\n      - If output shows 'set deviceconfig setting http2 enable no' then http2 traffic is classified as unknown-tcp and is not decrypted by the firewall, which makes clear-text data unreadable in packet captures.\n      \n    ","supportingMedia":[{"type":"text/html","base64":false,"value":"This vulnerability requires the following configuration:<ol><li>An SSL decryption policy matching HTTP/2 data flows tied to a decryption profile without 'Strip ALPN' enabled;<br>and</li><li>Global HTTP/2 inspection enabled.<br><br>Note: Global HTTP/2 inspection is enabled by default. The setting to disable it is available only by using the PAN-OS command-line interface (CLI). To verify whether this feature is globally disabled use the following CLI commands:<p><tt>&gt; set cli config-output-format set<br>&gt;&nbsp;configure <br># show | match&nbsp;'http2 enable no'</tt></p>  - If there is no output, then http2 inspection is enabled.<br>  - If output shows <tt>'set deviceconfig setting http2 enable no'</tt> then http2 traffic is classified as <tt>unknown-tcp</tt> and is not decrypted by the firewall, which makes clear-text data unreadable in packet captures.<br>  <br></li></ol>"}]}],"workarounds":[{"lang":"en","value":"Mitigation: In a Palo Alto Networks firewall, you can configure the decryption profile to strip ALPN (Application-Layer Protocol Negotiation) from the TLS handshake, which is used to negotiate the application protocol (e.g., HTTP/2 or HTTP/1.1) for the secured connection. When ALPN is absent, the following behaviors can occur:\n\n * Firewall behavior—With no ALPN value available, the firewall cannot perform HTTP/2 inspection. It either forces the connection to downgrade to HTTP/1.1 (by letting the client and server negotiate a fallback) or, if that downgrade isn’t possible, it can classify the traffic as unknown-tcp and potentially affects your security policy rules and application identification.\n * Client behavior—Most modern web browsers rely on ALPN to negotiate HTTP/2. If ALPN is missing, the client typically falls back to HTTP/1.1.\n * Server behavior—If ALPN is absent, the server can assume that the client supports only HTTP/1.1 and downgrades the connection accordingly. If the server enforces HTTP/2-only connections, then it may reject the handshake and cause a connection failure.\n\nConsequently, without ALPN, the Palo Alto Networks firewall does not inspect HTTP/2 connections, which prevents decrypted HTTP/2 (clear-text) traffic exposure to firewall administrators.\n\nYou can review how to strip ALPN and disable HTTP/2 inspection for targeted traffic in the App-ID and HTTP/2 (https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/app-id/http2#:~:text=Disable%20HTTP%2F2%20inspection%20for%20targeted%20traffic.) inspection technical documentation.\n\nAdditional mitigation: The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our critical deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n * Palo Alto Networks LIVEcommunity article: https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-ac... (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431)\n * Palo Alto Networks official and detailed technical documentation: https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administr... (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices)","supportingMedia":[{"type":"text/html","base64":false,"value":"Mitigation: In a Palo Alto Networks firewall, you can configure the decryption profile to <i><b>strip ALPN</b></i> (Application-Layer Protocol Negotiation) from the TLS handshake, which is used to negotiate the application protocol (e.g., HTTP/2 or HTTP/1.1) for the secured connection. When ALPN is absent, the following behaviors can occur:<br><ul><li><b>Firewall behavior</b>—With no ALPN value available, the firewall cannot perform HTTP/2 inspection. It either forces the connection to downgrade to HTTP/1.1 (by letting the client and server negotiate a fallback) or, if that downgrade isn’t possible, it can classify the traffic as <tt>unknown-tcp</tt> and potentially affects your security policy rules and application identification.</li><li><b>Client behavior</b>—Most modern web browsers rely on ALPN to negotiate HTTP/2. If ALPN is missing, the client typically falls back to HTTP/1.1.</li><li><b>Server behavior</b>—If ALPN is absent, the server can assume that the client supports only HTTP/1.1 and downgrades the connection accordingly. If the server enforces HTTP/2-only connections, then it may reject the handshake and cause a connection failure.</li></ul>Consequently, without ALPN, the Palo Alto Networks firewall does not inspect HTTP/2 connections, which prevents decrypted HTTP/2 (clear-text) traffic exposure to firewall administrators.<br><br>You can review how to strip ALPN and disable HTTP/2 inspection for targeted traffic in the <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/app-id/http2#:~:text=Disable%20HTTP%2F2%20inspection%20for%20targeted%20traffic.\">App-ID and HTTP/2</a> inspection technical documentation.<br><br>Additional mitigation: The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">critical deployment guidelines</a>. Specifically, you should restrict management interface access to only trusted internal IP addresses.<br><br>Review information about how to secure management access to your Palo Alto Networks firewalls:<br><ul><li>Palo Alto Networks LIVEcommunity article: <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-ac...</a></li><li>Palo Alto Networks official and detailed technical documentation:&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\">https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administr...</a></li></ul>"}]}],"solutions":[{"lang":"eng","value":"\n\n\nVERSION             MINOR VERSION                SUGGESTED SOLUTION\nPAN-OS 11.2         11.2.0 through 11.2.5        Upgrade to 11.2.6 or later.\nPAN-OS 11.1         11.1.0 through 11.1.7        Upgrade to 11.1.8 or later.\n                    11.1.0 through 11.1.6        Upgrade to 11.1.6-h10 or later.\nPAN-OS 11.0 (EoL)                                Upgrade to a supported fixed version.\nPAN-OS 10.2         10.2.0 through 10.2.14       Upgrade to 10.2.15 or later.\n                    10.2.0 through 10.2.10       Upgrade to 10.2.10-h21 or later.\nPAN-OS 10.1         10.1.0 through 10.1.14-h11   Upgrade to 10.1.14-h13 or later.\nAll other older                                  Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\n\n\nTo fully remediate risk, you must delete all pre-existing packet capture files stored on the firewall after you upgrade to a fixed PAN-OS version. This task can be performed through the PAN-OS web interface or through the PAN-OS CLI.\n\nUsing the Web Interface:\n\n1. Select Monitor > Packet Capture > Captured Files > (Select All) and Delete the files.\n\n\n2. Select Yes when prompted by the confirmation dialog.\n\nUsing the PAN-OS CLI:\n\n1. Enter the following operational command:\n\n\n> delete debug-filter file * \n\n2. A confirmation prints to the terminal and indicates that all packet capture files were successfully deleted from the firewall:\n\n\nsuccessfully removed * ","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>PAN-OS 11.2<br></td><td>11.2.0 through 11.2.5</td><td>Upgrade to 11.2.6 or later.<br></td></tr><tr><td>PAN-OS 11.1</td><td>11.1.0 through 11.1.7<br></td><td>Upgrade to 11.1.8 or later.</td></tr><tr><td>&nbsp;</td><td>11.1.0 through 11.1.6</td><td>Upgrade to 11.1.6-h10 or later.</td></tr><tr><td>PAN-OS 11.0 (EoL)<br></td><td><br></td><td>Upgrade to a supported fixed version.<br></td></tr><tr><td>PAN-OS 10.2<br></td><td>10.2.0 through 10.2.14<br></td><td>Upgrade to 10.2.15 or later.<br><br></td></tr><tr><td>&nbsp;</td><td>10.2.0 through 10.2.10</td><td>Upgrade to 10.2.10-h21 or later.<br></td></tr><tr><td>PAN-OS 10.1<br></td><td>10.1.0 through 10.1.14-h11<br></td><td>Upgrade to 10.1.14-h13 or later.<br></td></tr><tr><td>All other older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr></tbody></table><br>To fully remediate risk, you must delete all pre-existing packet capture files stored on the firewall after you upgrade to a fixed PAN-OS version. This task can be performed through the PAN-OS web interface or through the PAN-OS CLI.<p><b>Using the Web Interface:</b></p>1. Select <b>Monitor</b> &gt; <b>Packet Capture</b> &gt; <b>Captured Files</b> &gt; (Select All) and <b>Delete</b> the files.<br><img alt=\"\" src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABEsAAAJ1CAYAAAAheH6cAAABXmlDQ1BJQ0MgUHJvZmlsZQAAKJF1kM1LAlEUxc+kYd+0aNHCYKBVYSL2QbYIzIUEBYMmfWxifE5jMNpjnIigP6KVf0FUm5Zhm6AW7WolJESr2hS0E2ZT8rpPK7XowuX+OJx3ue8AHV0655YXQC7v2In4grq2vqH6XuGBH90II6izAo9q2hJZ8D3by72HImd5Qu4qFyNPoyP9Nycv1dM53536199WPRmjwGh+UIcYtx1ACRBrew6XfEA8ZNNRxIeSzQYfSU43+KLuWUnEiG+JB1lWzxA/EgfSLbrZwjlrl33dIK/vM/KppNxD7UcUSaSoVSwjTinMIvWPf6ruj2EHHPuwsQ0TWTj0MkoKhwWDeBF5MAQRIA4jRD0tc/6dX1OzLoHIGeCZb2qbz8C5CQwMN7XxGfrKG3Bd4bqt/6SquN7C1mS4wb0loLMoRHUV8I0BtYoQ7yUhase0/wG4cj8BZdxkMabiqrcAAACWZVhJZk1NACoAAAAIAAUBEgADAAAAAQABAAABGgAFAAAAAQAAAEoBGwAFAAAAAQAAAFIBKAADAAAAAQACAACHaQAEAAAAAQAAAFoAAAAAAAAAkAAAAAEAAACQAAAAAQADkoYABwAAABIAAACEoAIABAAAAAEAAARLoAMABAAAAAEAAAJ1AAAAAEFTQ0lJAAAAU2NyZWVuc2hvdLJOxLgAAAAJcEhZcwAAFiUAABYlAUlSJPAAAALZaVRYdFhNTDpjb20uYWRvYmUueG1wAAAAAAA8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJYTVAgQ29yZSA2LjAuMCI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOmV4aWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vZXhpZi8xLjAvIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj4yMTk4PC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6VXNlckNvbW1lbnQ+U2NyZWVuc2hvdDwvZXhpZjpVc2VyQ29tbWVudD4KICAgICAgICAgPGV4aWY6UGl4ZWxZRGltZW5zaW9uPjEyNTg8L2V4aWY6UGl4ZWxZRGltZW5zaW9uPgogICAgICAgICA8dGlmZjpSZXNvbHV0aW9uVW5pdD4yPC90aWZmOlJlc29sdXRpb25Vbml0PgogICAgICAgICA8dGlmZjpZUmVzb2x1dGlvbj4xNDQ8L3RpZmY6WVJlc29sdXRpb24+CiAgICAgICAgIDx0aWZmOlhSZXNvbHV0aW9uPjE0NDwvdGlmZjpYUmVzb2x1dGlvbj4KICAgICAgICAgPHRpZmY6T3JpZW50YXRpb24+MTwvdGlmZjpPcmllbnRhdGlvbj4KICAgICAgPC9yZGY6RGVzY3JpcHRpb24+CiAgIDwvcmRmOlJERj4KPC94OnhtcG1ldGE+CuWkGdgAAEAASURBVHgB7F0FYFVXtt1xd/cEd5cWlyIFKtRboEZtpDNtp97fqcxMvdNpp52pu02dKhQttMXdCQkQhWBR4slf69zc8BICJAEClH3g5d137z22jq+z9z5OGzdvrBZ1ioAioAgoAoqAIqAIKAKKgCKgCCgCioAioAgoAgYBp/4DhylZopVBEVAEFAFFQBFQBBQBRUARUAQUAUVAEVAEFIEaBJwkMF7JEq0OioAioAgcDQEnp6O9oc+PhkC1DjdHg0ifKwKKgCKgCCgCioAioAicGgi4Rgf7nhop0VQoAoqAInAqIoD1vROIEn5EdLF/LEVUpWTJscCnfhUBRUARUAQUAUVAEVAEWhAB18rKqhaMTqNSBBQBReD0Q4BEibOzs1TrYr9ZhUf8iF1VlY43zQJQPSkCioAioAgoAoqAIqAItDgCri0eo0aoCCgCisBphsBByRJImZxmaT8lkmukck6JlGgiFAFFQBFQBBQBRUARUAQUgUYhoGRJo2DSlxQBReBMRoAEiSFMzmQQjiXvIEuIYeWxhKF+FQFFQBFQBBQBRUARUAQUgRZEQMmSFgRbo1IEFIHTDwGjecPFvi0dYX+fflk5SSmmnReVxzlJ4Gu0ioAioAgoAoqAIqAIKALNREDJkmYCp94UAUXgTEGgGkSJJVmia/7mlLmRy2mOR/WjCCgCioAioAgoAoqAIqAInDQElCw5adBrxIqAInD6IAADr2BM9Cyc5paYJVnCv4phczFUf4qAIqAIKAKKgCKgCCgCLYmAkiUtibbGpQgoAqclArWSJUi9tew/LbNxEhNdQzQpW3ISy0CjVgQUAUVAEVAEFAFFQBFoCgJKljQFLX1XEVAEzkgEaJ601mbJGYnAsWXaMu/KMJQtOTYk1bcioAgoAoqAIqAIKAKKQEshoGRJSyGt8SgCisDpiwBES5ycsdBXHZJmleFBsqRZ3tWTIqAIKAKKgCKgCCgCioAi0OIIKFnS4pBrhIqAInC6IUB5CJUsaX6pKVnSfOzUpyKgCCgCioAioAgoAorAyUFAyZKTg7vGqggoAqcTApQsoeESdc1CwGCnUjnNwk49KQKKgCKgCCgCioAioAicHASULDk5uGusioAicJogUI1FPnkSZ6jhVFXZEib2yt8mUPS3VZyH4lENAJVoOk0quyZTEVAEFAFFQBFQBBQBRaAWgRNOlthT59oYay7spUX9+/pbEVAEFIFTDQGqkXDBT7MllpFSO4X1ezj9bSNjfRM3QlYfl7pv6S9FQBFQBBQBRUAROL4IcJOHcxf+U9c0BLjRU4UPv9Wd2QicULKE82NPF+zINtBGiysElfDMBl9zrwgoAqcDApSM4HrfGX8gWmKc3anxmx2Z/j6IS308CI+Nj/WW/lUEFAFFQBFQBBSBE4cAR92i4lLJLygVKcXcRddcjQfbBej5uUm4jyfWsE4KXeOR+02+ecLIEjbSSrTN7dsbxs0rRiTQTQmThtHRu4qAInBKIYDB0qiSmEU/ezd71sFr/X1kPAgRMVKnCCgCioAioAgoAicaAQ65XIO1TYqXsNAQcXV1teYwJzri30j4VdC5LigslB3pWVJcXKyEyW+kXJubjRNClrhgA3YPiMwekU7ywlQXiQq1dP2ZSDbgikqRF6ZVyDerqiU2QKTc3qxtbi7UnyKgCCgCJxABirByd6GqdtGPTq7WkTjR37VwGCLJEQ/2+7ozcxAfvVIEFAFFQBFQBE4MAtyaMERJ60Rp16aN+Pr6iLOLS63864mJ9bcVKtVvykpLJTgoWNZu2CT5+QXiAmmTU1cjhxt6NXMts5d3YtSH3Ei6UV3E3i+0ix23KrG4r6RhvxZ0nFu6ODvDpiDmnKz4dCgkpqOSjeA4ueNOljCtnCaXAciRPZzlwoEu4umHG3aa+QJUcD5dgIt91eIS1DiyxOzqwmvDjpWi4Sf23fr+j4cOmimX2sWTFdPRwq2fDvo6kh8u0IwfRMb3rI+dK/1WBBSBE4kA2zi7FnsQYls07b62V7Zjt+7avw722vadM/e5hd9B1I7SVduA6bcioAgoAoqAIqAINAEBrhmKS8skMT5G2rRuhUVjpaxZt16KDxxoQig1r9oLK06AzjDnhMV3ZES4RISHS+cO7WTJ8pXGfsmpikQVyrmsvNyQBKwD7m5uIHdgB+M4Oq4/M1JSEGJxg6G6hSZIiK/3Ede0DXps5k2zNkaaMjP2gnTYWTeU4DiJ8ve11sx1nzTr13EnS0g40R7JyNZOMvFsZ/F0B09SYogeJNqyX1JGeyUkT3xE3FCWlCw5GgFE9TGzYmkgm86wJcAJeAUCaYh4cKkxcGR75Tu0l3Isk3YWEsOt4xBgJcI+XLiswDS25OiYlsoGPPA9smVVyJPVAKrF3dUFDcDVxHE8GTPH9Oi1IqAINISARVqazlmJknoA1e3T6hNFVtdd/516QehPRUARUAQUAUVAETgmBLjrn1tYKhFhoeLn5yfrQJQsXrtBXI+yPqkfKZcl7tythytvYWkBE+lJ/MPZCtd3u3L2yOCB/hIB0oQSFcWQNHGF6gTXsi3lzAYd1o5UCzqS8/bxlZjgEHFzdzfrxvy8XCnIz21wTXykcBp6Rjy4tvVwd5PLr71GAgOCapfjhMKe3a1Zs0Y2Jydjrep6SLwNrc0biqux97hGLiuvgMSUq4wdN0xiYmLFDQQRXUlJiaSmpsrqtevBQVjqZ8ca/3ElS1CexpjrXpTplUNcpGuiJRbjBDSdGRPbHT6e5ZYqjhRVy9b9TuKN/AWQVDlCBdwJBqYhUsHU2r1gY/ycJDrI95B3WNGKwM7klSNwJhBfvq5O4uNmdQIEtqmOYVJEa2c+dI0cmDsSOsHuLgaD+mHafvYiH2UOdd7H1dmkx/F9kiSVlZWSnZUvgREBEh4cjErgKnmFRZK+ZY/4RriLv5enYRAd/em1IqAIHGcEakYBdh32oHVwaDjOcf1mg7PEQ0322AWzK/7N5lUzpggoAoqAIqAInBwEjOxrcWWtZMEBSJSQKAn08cK6xWHxcYTkca5TUlou7dsk4S0n2bw1VTw93A5ZAB8hiNP8kSVBnFtQaFRLuAjn4twiSTh7AaAt5MpBCORDUijI29PMQetEy7Uo1oo+vr4SHhULIscVBEKpIUzCIqJAJDhL7r498HKMMy7Ec6CkTCJg+6ZDpy6SvmO7FMGeC+uJcfiOi0+QfmcNkH379sv2rCzx9/SoJXioIlP7bp0MNO8HBQ9Ksa4PRXoGDxkiwcGhSE+BlJWVmQD9/AOk/9kDJCo6RuYvWCBVFeWI35p7Ni9GkeNKlpAsoK2SCR2dZARUcDy9kThIkTCR+/OrJXsfk1ktFWivYYEiF49xRuHCCOwukZScagFvUKcKEuB9RcXSvW2S/On88eIOxowkQk2NNXlmlWXhrFq9Vhau3gDjxZDGsGq0KZxy6FCNGTZIunfrgrhcxAWMV3p6hnz9/UwY7aFY2tFVeExENX9Y4BUVFdBjC5RLJw6T+LhYUyEYNiVAZs35SVau2yheIDcc01GBdLdOTJAbRgyVgAB/5KMCLJ2HpGdmyadffisV5Sxk5gadVFk5dAx95erJI6R/v96SEB8v3iBHMrN2ylqwxPN/XigbklPFB52XHYdjGvVaEVAEjiMCaJZs9/bHdGgmeKu9HoxJf9cdlGvwMPgdREmvFAFFQBFQBBQBReAEIWCGXmvBzxgoFUCipOpIO9IOSaFASS7IEm8fb6xIIKmCNUkEdugb69/MlWrCo6x9zZLMIYbjc2mW6pibHavUwKGp4QmIXF1b61dzfehLLXInLDRY2oeGStqOHSAIyo3tPDti5p/rzhiQBTTgm5m2XQ4UFYEscQNRECeBQSGSt3+fwaehPFjlwspydFeMNSzX4CUg3/735TQpykqGJ9rYoP9SSezUXS6++GIZOGiQVIOgKC0tMRiybJhurnlNeR09qiO+wXwwz7QlM2z4CPH09JQlixfK5i3JsjOv0PhNCA2SLl06S7uOnWT4sGHy48yZcqwKSceNLGG9IllSghBvHO0i8eH4AV6Dp20egHrTR3Mr5Q/vVYqfh0jBbpFFz7tJrzbOYKtEZq2slEteqpB4SJiUkQupgcoNrFgpxKCSRg2V3900FSJlvgbs+npYpRCN2gLm86133pf/vv+phHhZJAKilp2QYpl63RQZPmQQ0uIMQRBn2bhpC0iKbPli5jyJDfQVEiqNdVSD2Ql25+ILxsv9d98hUVERJsEkLQrAQu7Zs1fm/rxSfCP9pRqVi5XRg34yC+XhBy6TSVdcChGmAEP6MB/LV6yS736cK0V5IEsAFlWJoiIj5NZbpsqF540z4l+OaSsrv1AWgCx58tkXZNmqNeIFwkRVchwR0mtF4HgiYHfvDZEl9jM7Pv1tI2F91+CBL15Z/Tqu2CnWPKr7vv5SBBQBRUARUAQUgeOJgL2makqYrpCkMIM2vly5wGusw/hejMVxIdZVbvDni4U7110nwnG9VAH1FK6xToRrDm7HMx0kGvz8/SQSEhLZkNYoLinFhr+LmUIxHhIH3Ih3c3OHMdoSKSzIN0IBlCaiCk5waLh5TumThsgSCiQYw6iNSLRjDYgM8pfsikQZPOBs8cd6dvHChZKXmysrli+Tnr16y5hzz5VyEBp0xvwE1rqrV66QRStXwaaJT63ESSOiPeQVQ4xhrdyvf3/x9vaW2SBC1m/bLmGQvIny8zJzywMHiuS7OfNB0pRJ9x49pVeP7rJk6fJjko46bjXMHW0hLVfkrgkuMqATSAmEDCJJXECAJGdVyxtzqyTaU8QL9wuQfS+QJm7IF9VvhnZzlntHucgT31VKHIgqEiaWY/FAJwkF6o4GR+mNnbtyJDs7G/dYYarFExIXlO7o2rmjXDtlkixbCZ0pMEzUrSrE+eIXDTtbOnVob3SZdsFvYGCgJCUkyJCBZ8kXH38vLsH+UuFkkRp2rIf7ZoMvArvTvV9XOf+88RIdFQkplUxzvFTbNq3AcHlYFa9WXwhGdiAus2Pnfpk0aZxcMGGcIUrWw7Iy323dKskwdYyPFZn5zMwtlr/99QaZMukKFKwHiJ3NkgwiiBI1sTHR0rVrZxk5fIgUQgTqzgcelVywhjTk09IWiA+H0el+39Q16r2h6rH2EdcKdPoN6Qt6elDSybIp49gRUbfR1XRosKYNETqWHe+RHGPjtR39sJ6SdWVd5rXdcZF8q6BfBz1Fvm+FQ53JapB8DPtQscr66eK7VOOiX1wavxVonPRb/xnTRoNgzDOfnWxH0Ud3DgToeOuXwSF4OODFsiPTznKgI1bMU/McdxmsNso4+bGX/lYtYag2VnxGZ/2urqbtIZQtklFCW034bbzjOeHlhMTdBZMLPLPgtt6HNp9R52Pxsj+0N4Q48HhAprbUhGWlif48cc+8W+VkrnmPtqDY3zbk7PgYvxvi57yIEn/llZaoKVNvp9v2z/AqEL41geIbdHXz29Bv1iNi5mxl0PLWxL+H1lPWf1heR9uy3SH1oV778KiRTGRdsMrQws+xDTIsYsz2wrbInTSrnVlizayPJRCJZVtmv8uyZLb4zfZUinpK/yTVOUZZRtcqTmpbaig/jm2J/YWNh5VftjW7fIEHx1/kh/nme8TRMd8Mi31Yw9ixb8OGge3HvGXVEpapHSbHd6aTGHKSdTD2Gg8t9MW6wH6CE3DWbKbRLmdKfBIHux9lkogD6wftpnF+wLxaHq1nDIv3OQ7YmBNPhmGPBXbdpvqtjSP98B3ibTBBHHyPziqPg3WPfbndtzmWlXkZf5hmhmOHbd9viW+rvjCtRJO26qzx1B7XmCWmzxov8QJe45vE1JbWdayLdnjMC/3wXV7b4fMecaMjJgyHzq7jjI9Jseueeah/FAFFoA4CbHNlxQfnqmXFGBO4aDuKs/oyN0nC2sjH2wttsEL27YftDJgQ4DO7ndp9GYNjG+afmu7Negc/rN7u4HPe4D0rDMvuZFCgv3h5eUnO7j3mPp85zgkY9Onu2GdW1vT/BisbGGTM4M2xpKTY5Ju/PYCHr5+/eEC1wxVz5+CQUKk245nxbWEIv5Q04lhbYjQsjo5SbbTAmP3qgZzt4u8/WkIQftq+fAn1dJUNGzaA1Mk00h5m3YM5Esv17IGDJByGcst2F4kzyB+mhGscux40VC8aShHfo/HiyLAQqP3Ey6aNGyR5R5pE+pOAYZ1AZPjPuX+kv7fRxIiNjZNWrVvLvEVLxFOwtmumO8xUummhcaLNNMaFWUZdQ4OoR4XJNkLPzauWL3+tlBVbqyUpFBNKvMf0GtU5XFegPfL9iwc4yyeLsfAssSbu1lyNL1siVtW4QWBnzJwj1173gHTqEYNBskLiINlxy9Sr5aILz5MknCc+fsxIWTDrF2nTMUHSt66T88Y/bCQ1skCwvPzaOzLmnOEycEB/6dWzu/Q4q4th6zjxrUSCrOOHrAplI8BBnYXAQuKTQix2Lpl4ngwbMtAQN888/yIa6j555vGHcZZ5aL3FLRs2dAWDA+TySyYasmPdho3yh9vvk5FDB8qD999loqlk+ACxDBVwQI+OMmLYEEOULAYT9tDfn5QZX39q3ovp0EdefOoROW/cGBk8aICMHj5I/vPe5xIbhEW7nWD9bjYCnKznQe3rQM6GOmF4hSdKKBo4F+y246Jpx5Y1+BkuMa3CrEkZ/LthspaRsh33LXEw9zD49fORzEzooJVmS0RCBxME6xMnyzu3b5SQmLbGX1ryWvPM/uNR45f1ggaTyCCnb3V4B9ae44IDzQLNrrX100W/TFNmSg6ChUiX7QJjIboXYDqXQ57hnbC4duKBRVSZw0TU9tpS3yyPYuhJZm/bKJ4ogyCIhHLgsAeIQ/AIiYf1ax/TF3GxUddqd5hEJYUZ/01Nv+mFkBbTB9R81wzhDkHZJWDfQr+FS6oW5pc5yfIsJ+kWCdIKJIjp29CPYI0g+yFZt3W3s/SIRr+Hd0mS5Jfi/UyER7XFMJFu4dWG9CBZQeJkRRbexz10WyYsSvQtQhgxXtWGbF60FwHhXhffalm5CRdMCIhq84342P92TawWX3znQBMxZRfeJ4MdLtIzFGlEuki8FJYjHRnwT21FxBWI5239bYPUuF/HHf43cTOOGTTO6tdrfhz1i+XNRdAh9TQgRmJDWf+P3D7sdpuWjPbqESXR0UGmLXFhyWdsg0HRbWoXwiWQVMzGPdv5RCRJEHZDMlIycCtXolt1lv2Y/BVjslDfRSd1QplUiWNbDq5p3/XfPdG/iRsX+vXz4xfZSgJhsd5awFfX9GMHU0MsvND22b7YjvYgr+W7d0h4fHtzj3jVd3zWUFyBUa1Ne23ID8MIgz/WijTTl1qhhqLv4Vh8MhzLzTuc5Q18avrdjJQdSEqRxLXtLOnJ2bimDrijoygyG9DhnS/qkC82dugKIGpbuGubRCZ2NP0RF/eZqQizepcZH4hj+v48kb1ptQFy3CB5wPlIHvwf2LWh9plIkEQnRZnmvbfwACak203/zfpN8seui1FJjI9tr2Uc2z317Q8p+yCMWyGBpu3RWKLdruqmCtb/gTnrD4kOToI5HnDxxfA4Zu7cznI5gPbYyRBKJF3St+7EPbt8sCObGGueWWN13Rg4xrF+I2h1ioAiAAQ4UlNagyREaEhw7ZynU9t4Kcd8dX8uJRfQZhpAi+3IGwv1hPhYzB1hXwNdOElkbhoUFRdj8w8kNIhdvsc5KR3HKEw1YFMC6y+ES8dNEF6zvZvnfAcf9mdMn3nORSeeU7IgMDBAsrERHgLTCFQTodYA+wJHh1cPaecN3XP0c6pcm5UnE2tyXzdVxIcbETk7s8wD2laJiIwRd08vQ7BUAe/gEEzcat3BknNxtYiD7Vs3GdKkdp5W+24DFwZH1o8gCR0wEi9gcw/j0uCeXWXP7t2ye88eSc/ahbIIMOvhbSAy9mVskU6dO9cmn3ZFdhcWSwTm6k6oH8yaIbYx3/DEeMU8HckdQP3wgrAB87oze6eRXOK45uiP6wTWn31FByBQsF8Sk5JqpaOI5JFjaDj2ujWq4XeOeJcRU6pkB8an525wkW6t8QMpYV2uAqm/YH21PDKtUhKCsVbEby4ehGtOeoTje2wt7ROc5ZZRznL363g3ytqFNS8gMGLHgiQAhTDiIhWpUn4gwKi5zPt5mUSGh8g5I4dJSHCQxMfHwdt+fBIksXM/6dGtqynM9Rs2y99eeAsgu8vZZ/WVdm3byNBB/eX5Z16S+LaJUgmrq0VgrPJAwNQ6xBvo4WpEvNhB7Cw4IMP69JCLLphgOoUfZ82VF/7zsUy+Yoy1CENeTLaQKX5TNGz7liz5v4fvkEGQZKGF3o8/+Vzm/7hExowYYrXeGj+cHKan58rNU4cYozVU6fniq29ADi2UNp16IDxYZoZtlrfe+wh56iKJCfEgfc6Sz779ER0QdjMRZ0tOhGox+o1csCPeh4lm9w5tZfCNUyGx5GXKMCcnRxYt/FXWLF0gsa27WKQI8kxjR7fe9VfZsX2bfP3pdxLTGpUW9SUzJV0unnS59OjZS/bv2yfz5s6RFQtXy9gLRqHBtpIvv/zSIEZ2ND42WqZMmSw/Tp8uOXv2yY233i1hYF/Z+eTn58mCn36C3/Won5GSBkKOA8F1v7tDEhITIWKXLz8vmC+L5/8osW2QLkxK6eqnK6FdLBZDO+WCS8dKpy7dzCBEqaSlSxbLL/NWYHRzqXnWFcaguBOOhR50I3+cNVsytmYjz1FmUtuojtSk4Pj8YUdHybDWiXEy7JqrZeGvv8hStOEILGKcuXDem2c6zOt//xdJgKRYHvGY/5N5JwyGzHZuT5GLrpwsnbt2NQawlkM8cPoP8yU6JtBMnpuTSmJgfxrjnyRGHmw49Y+vlL9dWC6vz/NAH0LJEHAPeLarCKeGta2UxyaWyws/ekgJpDqW5DrJubGV8sB5pRIbXAUiw0XeXOAuqTCEHQEbUAnB1XL3uaXy8hx3OQAyg+RLEfrTlyaWSirefXa+m/zzglIjIfLTFhd55grqjeKEMhAwzpBw8YIkH1SR5cWZnjJ9m7NM6lohT15SBkKvWjZmush/kEYY0hdPhNs7rkoev7hUfD0hXQGSZsEmN3lvmatEQCKQ/Taqe4s4Snlkpuyurae0O0Ux06WLF4EYX4D2kXDE9hHTujPaR6Xcctt9sn1bqkz//ieJiQ8xUoLRkeEyedIkmT1rlhnoM1J3oz1FyM233SsxEH3dvWe3/DR3Htr/fLlk0lQJwCThjZfelP5D+sigG28w/QQHaQ7cmRkZ8vpbH2K3xVNu+tM9Eo96mQZDaLNmzpIC6BGzj3cc0E8keIyHi+6MlF0S0yZKbv7zvaj7MVAT3SNzZs+S9cuXgjwEKeLpJlegH/Pz90f6XGTvvr1I70zZkpEtMRC1zcLk+GxIM/bud6189cUXZhfv6imPmkkqKxb7qv2YjHz15ReGSIhrG+2A3R6ZMf0HM1aO+8PvzeSFKrPcGHCHva4KEFX/+/gj2V9QJH+65yEJCwuXLZs3yZw5c82imG2tJfBCVa6djLPcVkFceMnCtZLQKgJ952a5/OqrsUPnJh+88ZJcePk10rFTFzPesv5T6m3d2tXQDQ+WmNhYM8ZXwJgcFwvEJjVlK54FQUx5kWxN3Wbi6QAp1F6XXybTpk0zO2CZqVly3iWQVI2JNfdIiPcbPEoGDr4R9s0CTH/80RdfSXH5AQnG/KVLuzYy6Iappgy447h27Rr59uvZ4uznJv27dpI+/a7G76/NmECi5MrrfocJc4i88s4HEurj2TKYouwo8RERHipTrp6CXWbYPkD955i4bOkSM27Ft+0qadt2yyWTL5F27TuYvpVtgnOdzZs3YtIfacbA7ekZ4g29dG4ucAE3efIjMmPGdBl1zghTLu+//jHGqQizOXbuhVdIz959DPZr16yWr6bPlqTIkNo6bvffZaiHn33yCYzmF2LhdujJDUyHOkXgjEOAkwV2iHDh4WHok0NNeyRxnpGZaT3jO1yUOTh6oTQepfxJYGzZmiLbc/ZiQewrPiCJeaqnN9QkQnBYBd1uSIJQOoH2JihVSCmUQsy/SQYHg/woQLvMzSvAeOOOMcoL3x4Y84tNnxKCDcISqKPsQV/CeR8lGLwQTlxsjDFsegDEDN+1JUw4hpSDjLEJGpMA/CnDnMAmZex7p/Z3Xcwd02qPk1zH8DScvbt3Ss6ubDOm8z0bC45J9rgahJNzomITzLy/Gn0r7x/NsW+m4ALnC1zj+Pj4ih/sawYODZRff1kgG1PSpEObBBk2fLjExSXI6lUr5JMviw3RZYVdIbGoI10wj0rG2FoEVaFCTEjjo6NQP7wkNS1T/BEe1yFHdlZamW/+O5zjEwsbvH/07B0uGHPfovKO+MqRH3KyviNf5KL+TjKqpzPAw8SD+UTCUqB+89G8SgkEgVWBVJss1c8X3qOUCcyRyIT+LnLxYOzYYyfTjSk7QuGxUfEjpWAcayoAAeZkjC5lT55cduE4Q54Ug6T4+ddF2KnZK+vWb5A0qM5EoCM4q19fCUlKNBMzTizP6t1DJp03RiadP9Z8T75grPTp0dUwd9zR8MUE6LopV0mnju1lG3Y13n73QzAi9WQ6mGYPGK7Fgm5vfpEMGN5Pxp87GkxcoMyb/4t898NMgVGV2uJl+XESbRpyZaZ0xHneAaiI7Cx47FFAoCd2BqH/h4VjCJi4r0GecHJKx47JHwtDdmSsxOqajwDJsFLsyLVu01aGjDhHQkLDJAAT4L79z5YHHnpUbvjjXVh4rDOGdnftyICu3lky7vyJMnb8eYi0yixMMlPXy41/ukWunHyNeHn7SNfuPeWaqTfi+T7p0q27jBg91iwcmMq8/GLYu4mSocMRFyayZM6Hjxoj7Tp0gvicl3Tr0Vvuvv9BGX/ROdgZXCM9QeK89Nw/Zcy4CagTwdKxS1e5894HZOof/gJS4/Dp4kIT8gPSs09fOWvgYBjs8pX2nTrL7XfdK1dPvQziA5nSq28/OXvQUOgeBkooFixjEcfTzzwr5144CnnOMoMZ09ySjsRQwa5UGY6yuPCSy2T4yHOkas8ODJowdAyRv+7tW8sLzz4ro88dL35Id8fOXeTPd9wlI0CE5qTlyNMvvixXXX2thEdEQt8zVm64+fdyw42TJCt1g9ltbWpeOJCQkOTHnnAf7Zt945ZiZ+kM0uGysXly69gSWbvH2UiJ8Fi67ZA4ufOCIrl0RKEE+zjJMjz7+7By+ezOXBnXp1hCAyvkskFF8u09uXJFz0pZieeRgVUyZWy+PHxJsayCRIgnTvYqo7TboAMyoitYkFRnGdO7VM7tAxES9KGJkeUSG16OvrUIRrdR50LLJTGqXHYfcJJ/g2B590+5MrhLKU7cqpDrRhXJj/fmSh+kdy3C7t2qQiYOLTDPkqLL5fGrc+XlKcWSUkSSpvE4OOLUVNz5Pvvmg3V4COqwj7Rp217+9Je75bpbrjfto1fHdodpH3eCaFlvJmPDzxlt9FelfKfp03P3H0B9DzPtPRoqjjlpm2XUhMHy2BNPypBhI8Xb11969+kvd9x1D+IPNH4HDxuB633oJ0C2o26yvXDSERyC/gJ9vBRlyr333C0jRo01IrDDzxkjl11xhexG2NzlbylnESU75ZzxQ6z8DB+JCU6A9O7bXx5Ef3b5NddBYmsDxqUAIS4JIHK9MMk96+yBcv+Df5XeHdtiLC2Takg3sE8cgXe4mxOMye4Q9FnRsfGGOAoKCcW9EBD9e2Uk4vrHE08dxA5x3Y0+KgokTQh0p4OBVV+E371nH6G/MLRN7jo+/NBD0v+sQeKO8XX8+RfJxIkTZdeOTS2GF+snx1ASXuyDr7vxZnTpJII4CSkxi+8+/c4yRdcL/ejZg4ZgbGCZh0oQpEl9/fxMPQjGmNEe/ffQ4aMkPDIKxHekEYceNmK0jBg5UnKzUyR/Z6oMGzESfdrl0qd3b8lKoxTEfjOOdOnWAyTvRow1d8pd9/0fiN7uBuNRY8fJC/98Vvqgju/L3Cpt27UzdY/EXXhktFx3wy1y7wO3SxXLqm1b9JUUjQ4249Wk638vV0y6xhDEFbvTzbykJeog+8n9+WhfwGco6l5UTJwZX7pCf5zj1m33PSppICalYqepk73Qzvz8Aw2mxNHFxRVk0TA5F2NRXnaq+EGqkHk/99xxpr1uXJkMAu8sEEMslz2Ssb9AHnzsObnhd3+UmLh4CUFdm3TN9fLnm6diV7sE7XGMJLVuizQEmbGd5BZPirAXGS2BicahCJzKCLAtcA1lduRz87BOyjCkBNdP6RmZUKfJN8/4Tv12Yy/rgrFhzfXJ7n25ZmOrCuum/Xn5II89zHqF5gc4t2vVKtHMhaOwWZGADW6S50k4ACMehAfXc7wODPAz41N8HEgQ9M1c79DcAfsGbhaHYiziOMc4OTYxDq6leCKM7bhG9EXf0aFda/PcqGngIUmFjiCdKY1CSRWOAaeqM3SAUcU4egpJilBTgSQ65XCYTw8QSTEgLuISIN3oSylILq2tMY9SsE3JOcud5bMDG6oko90h9ceNhJSUrfikYH4ZiLH8bGhzRJsy4zxt7MghhqyxMC7DBpO3cBwdOmy47M/JkvK8XTJylDU3K9qdZiQoj5RTN4wtRkIJZUs7pizT+uXH36yTvkibF0gYGpc9VmGCg7XqSKk7wjOKjVPqsU8bJ4kJAew2d4DLogPVMndLlfggFpTfkR14D38v7J4GYoJSUinO2L1syPlgERrXuT/IjmCzc9KrVy+ZdPklaFj+UgiRmwycLiN+sVIN3aghA882p9ZsTdkmc376GcHtlQ+/XyATxi9BY4uTbrCWO6Rvd/nykxnSunOiXA07IYMhAWIDz8H0x5lz5bGnn5c0kC9/uOYyGTN6hBRhl/CTz7+SaZ99gDl0vBFnttNqGLz9hVIe5CMFzm4y5cpLjcoP0/DO+x/JqiVQo8Dizmb6UM5SgMHc2ZyGQ91aS1SX5MxeMKfl0GfiO6ZzYq3OTamVIqBNk5bcrbTz+Fv8dqyexdi1fviRRyQfk1sUltx+/50y/oKJkpGRJjMWLMS9Qhk8dLhkZaabCeD5l54H6ZIfcD8UHcVAWbt6pTxy758hbdJF2rRuZeBieVOMkSLxuyChJEW7UI7lMMpUagaoEjynXuHyJYvk308/Cj/u8sFX3xldv++++BCL/d+Zzue+u++UbRshEQJ3z8NPIl0XScrWFFm+eg3u1E3XeUjXNzidyXbZ2Zly/+1YCMA9+5+3pf+AQfLuay+YzpJ6hvfcOtU884Po89//9qhcAdJn6fJVZtFERrr+AGlePgF/2P6IU1h8B0jDdJWtycnSFjuPrTv1Nm1P9u+VG256ylj8vv+euyR1w3K0wzi5ePxoWbVmndx+3+3SBu+/8fJL8u3naKNw4yZeafmFCDgHxyY5VA7TJ1CuFF2w3T8cNQzkwxsduxmODrjI2F4H5OoenrIqy0XWFzrJU6NKpUNSmRQXuaDzd5LBUMW57cJ82ZDmIRe+6Cfp4D66gXyedkeuPHBJvry/KgQDIVRHENaovkXy70vd5NZpntI7lLYyOIAwfcAO14hWvl/vJmufCZT0VU6y/r39kpOLxeAfwEp3rJYbulXKHyfkyw/LfWTcm4gEeRweUS2f3LZfHruyUD5aGMScwvK5i9z8ur8sXuAinz9eJBeeXSj9f/CWLKTfB2v/o/br9UBiF9ZU51jvdmZnyf23WXX48edflaEg0d56+TksGG809aF++5iAdssdjEWr15n2drDfRYZBNHHixzbIwZTuysnXGmvyt919j5TsxOAPlZuBAwbgSa5ZUNtGy+DbSLfcfse9hiChX7rufQdhl7yjfPDe2/Llh29K1z6DzCTNN6KV2RWz3jqxf1k/ja2GAC+5agrzUyi3Mz8gH9mfPfH8MzIRi/WFixabyTDzNOP77+SLD9+QyKTO8tJ/X8HO0Ah59u8P4H2qrlWaI/mqOWFDAfIUudde+Y+sWjTvYEZ8YmXSlOtMXLXYIayzzuovm6DH/AP6MLrnXnlP8vNy5aG7bzW/h44+HxIZcfK3hx400ju9B4wwY2MAVIUomdCSjhNvHoeYCOLor/+4Vx69788meuLDCbrtsrIy5O4/Xmf/xHcINkg8sHGTJZR0I7lx5wMPSkUO8RYjNcGFOl6SgOg4SBwlYqe1wkwYv/viA9hAG2KIo+nfTpPOvQaAMJooSxb9Ko//1VLTTWjfQx5+9O9y/Q03ybKfZ5n5AMeo5555WrJAeN1+/99ALAwVL6gPcYyhxE4yVEHHnH+ZXHLFZBjAmy4vP/cYJLC6tiymaCRs78XY6X37zddM2sng3vDHO+T8iZfKnpxd8j6kdUhKJW/ZKPf9+SbCVevagPjp1LUbhtVEzO0ghgd1o+49e8vG9ZhDYdLJ8ZLzJLqpV14mfXFs5Scfvifvv/6iuTdy3EWmfQdiQk3R7+nffyOfv/+6ecY/VMOheqtj/1L7UC8UgTMIAbYBqvlxcc1Gy83XA7DPuG49VC7xuwjq6VTN5LjHNk2zBVSdILHi6NiWSTzbbYrSZLS9FxURhg1hN2wypxnJwnZtWhuSgyQIjY9u2rpNBvbrhUW+k2xMTpVB/XubE0G5vmGaNm3dLv17dcMmjYus2ZIiI0KCsDHvbeKhGsoBEDqUmGbqdmPdxPfomD7axWLe2rdtI5uTt5qxsT3iZ7gkgrhxZTpV4+PU+mOjyzWg7Rwu7Vt1vk2R8A8+nN+QIInAuMP8slwKYASW83lTkHV8NvYHCBOEvWzVajNW8+TWdWvX4SCXA0aCcHvqVsmHsVeS+hvWr4MUEdRysCFs5cEH65WtRhqlR68+cvPt95p+3ISxbq3QbIE9Rztcaryx6UR1sH2w19kGcazfuAl1DGUMAQVTQekR6SvEujoJdk3CwiNgbiMTAhgWmkfD73DxcnZ9TI5GC6E6Ll8vrZZ1OzCZcggxBifiTB4AkXmsDY36zZFiQj7Wp1XJtJVVEhMATR0EZaFr7WDSKwt4wrgxMmfaR/LeG/+Rj995BbvLj8uYUSPMAmb5ipXy3fSZRizlqmsuMBIg9OeK3fU//e4GefeDj+Wdfz1iDKvyfuvWSdK7Zw9cHUBFcjKESzh2GiPwCYf4Gb/NMb+ocB0TY2QyBmSKke2FOkzO7r1y3U1/lCkXjZN+vXsacTI2bKr9TMGOfRzY0qnnj5axo88x7Gc6RNgounTN1Cvl+ivOA9PZ1qTZH7YwJl08QQZAUkHC25mJKdPGsPxQydnorXrPBZBV2BRjpmNDpzHORi/ejC/9czQEiGdr6F1yMhUeHynPPfagsfR8NsgF7rT2GTgCu1RtZPp338i+vXtkwOAhCJI7hCUQXtpjziGffMOthkT76ceva6NjZxUTHQlVtXhp37UXxPX9jWgyX3CpKVvecw9NkAkXX2oWdylbkyWxQw8cAxYt33/7tSFK2nTqZXS5n3z4n8JJ88DBg6UAO5ZcaDimayDTVaP3zjxRf9R23J0vgVEo4/gMg5wExUtS++5SkL1X3njlZSNiN2bUSNmdvuUQEUY7nBPxTWkY7iyPRtzcrX/79Vcgoudjdmd34n6/wTg/PSYW+H9riJLWHXtKFE61+vyDD2Rv+h7p3qu3rF6xzBAlrTv1hIh2Z/n+yxny06LleM/PDCBNSbc9QWD7Yz9BLBvzYTOFEox4u6N25OJErP1ucsd5B2QNJES6guC/eniRrEn2lANQkSkqh0rM2WDdYaj1/o/8jOHXEeGwZ3LAWR7+1F+C/Crluj4wygspksISZ5m93BdkR55c36NSludjNwXFV9M71KQNOfR0kg7BuNuF/QnoN673OuA36sHF/UncOcsdH/lKN18nGRkhMneHi7zyox+kUcpkbHeKrmJ3Hao73m7wEwoO2tsiZQohEePeRMkSYkfMjsXRv+NAxyPyECoWm0PRPmLkh28abh+D0A7KcraZyYKdBvpjYEwR22UJBtZzxl9i1B4+ePcdQ5S0Qrvj4vOzb0iEWhOv2izAL/0NH9RbevQbLH3RJ9BeyV4Ys6O65VhIPI276CpZu2y1LPtlnrERwolLSzhOWHft2CXjzxkCMjdA3n/nLUOUsC2Ih7e8+sp/jfrH2DGjJTtnt8lHKMa7sFhIJQwdYsiQbakgil0ikVz0EbVlZ5Uf803Vty5Y2PeHuogL+qtxo6246mCHCcyXH31oNjGSOnQ3WackCY2v0cVBfZC7kJzAkezi4nb5r3Nk1eL12A30anI7NYE28w/TwLZNtwgqf90gAUGVHDprYmk9429O8Dv2OEv6DRppyLHopAhJSkJjheOuKfWw28dEmPzx3haolIRFREgbSL/169UDOvZBsvCXBZCOasfH0gsSJmwfb777iUw4/3xDLjz+9+eEhBH7+h2bcWLeN19BLSVa2nfrh0WKpXZLm1J0PujLSegU52QgDxapPRSn/1119XWyCv3gC08+3PJEiUmZ9Ydtjob1PTERTmjXRV5/8Rmow6WALOpX+5YnpCkjEzvJ2UNHSzcQjOIdDfW3OSZvk84fD1Joo0y84kJI9ATJrwt+qvVnt8ce6POTN200REkixjDWrdnzFsnc6dPM3IweOGFv27k36uw5Btf6/UltoHqhCJwhCLBX4447VVj6YB3Tr28v6dOrp/Tu1R2S972lc6cO0rljBzkb5AWf9euDT19c9+4liVjjUHKD7YjhcGymqhxVa9gHUtWcpH05wuc9LoJ342hXjrUkOQ1RAv/0k5t3wPRhfD8fkvS0JWa3T76bB+KGfRylHYuLSi1beoiV73BcpRFssyGJvrEA/m3HfpUq6inbeOxuqbSHNElHrL04303dvh0b+sXo3xu2wWKHcTK/7fnOwdHHnuc1PlXErxK4cEPIJpcb7/vwb/pgnr4JRMV8aG2UAVtuNpCo/2nGNBzCkmkkPlJTU2U5CH7OGawaQpt4LrIAxlaXYWOY0peUaJ83Zw5Ijy04KQdSIEeYJ3GcJvFViHJbtWKF+GCNPBJSm1zP5EP7Ihd1i598fOKg2sO1EevZsmXLoYKO3b1jcAe3S5oZCE9QCMCmyqLkanlvdqW0inSSaJAktFcShon6pOEusiS5Sjako8EwNsdSx0+yTc64n5FTLZ/9XCmZ+y0jhY6bv1ZDtKoNjflwcmA77nZR/23hkmXyyutvyfYd6ZCSzkBD7wNRIE72MCmDiHUMgGNhMT4SEXRkJGnotQs6AOpyv/P+xzJrzjzzjH/IilLdZg9E0iaMGlYrJcCO5f/uvcNM8thD8Exro5OLhnnlZRcZ+ykffPSJCZ8SLHQD+veT7l2xaoEHdi0UR6OLQdoevO9OiDWlm0a/DeJN3FX3gUHB7tAVnztjsQS19UIFwboXHc2AEeOhpgM2CY4WoGkA02rsFj7mgf45ZgTY8eajY46GoSK6PbtzjAoLr4cNH2l2ID997zXTWV9w0aVm8rxx3Xb59OMPZTImqdy5HXfeBTJrxg/y5n+eNWVLXc5bb7vTagMoLi4a2IlwsPLBxJeTYO6cvfzii4YkKCgokLde+Z+Mv3C4US+jLZGAqFaGRffDYiKX/8CuUm+Qjqoq3Bl1TBd3ttcu+9l0klQteuL51yUUKmgcYL77eprxxw7IuP2lUhpYbggiSk8xPbRzQMdJOGSmzfUJ/1OTHKpAbU3eLD/P/g5iemMgDt/XRB0BEXcuYmkPwh8LigPQXyWBGJGQaPRdSazYqmo0VkZJkri2MSbPHDg5wDbZwY+ZFPC7fid2mMAYjeUHL+D6v9P95LHJe+WWfj7SFyouvl5V8rfP/eXJybmyH4RJAoyrFoOIKAZJEe6NHRFIm3RG9duVB1sykBrpEF0FY7Cu6PSr5aHPfSU2pFKempIrMx4ONafUWPmqyRu/gIktQ8OfFqy4Qp/t512NM+ldBVMSWDHHkhhx9QJhsikbp55AMqVLLE+SoHpgtTx3bT7sllRJZEClvDojQLYWYjGIdJUj8Jr15WEQsG4zXoNFU8VQ6oVK0dIgLJbueegJ0z46du4Kez/fGdUQTgIoGlq/fbAecCA9kiM2nLB17NTZmtDl7BQaGWW94kDbLj5QtqzNqBME2w/b7/VQ72J9KAMx8K+nn5Q1y5bKF598ZKQDqPo1ESpkn3z0gcyERGNsYqiZPNYJ6AT8oO0RqnbExSeY/Ozds9vkpxiTiYjIACNNQkKHOy652dChRc0YPmKUkAymSlFWZoZ88fkMiYfh6rRkGsy0HMuQ+WafdfmVkw1RT/3lp598zPQTfLa7Hnbx2Plhm+MupO3s7obj75oVyfLNV58baYw//PkvMvHSy+WdN16DYeJkCYe++9F2mewwj/WbdZRxkexYAz1r5oPShD/AnhRVe6kiRMcJO3G7B5IjFPtOT0uTR/7+DwnFxJGOfSlx4oSvEBN8GnZd9OuvMnrseOnTty/0uOPNzt4777wrzz3/giGIqOZE43hSmAECPcAYpEOFwmZJsOnraeSUdbscdSwxEdIjSAMlXX5/65+NDZkgbOD8AKkUyxgc5jeol1OunWr6nnffeQdSd5C0RQattLG2t5CzOhwTGetGSW6JuMG+HN1ejKexEAun4+KJ6qePP/UURPNxgsGaVWhHj8Ie0bdy2ZWTIAE5UD548yWoPw020ijfffGd8cfgbdHqAEy4t2zeYO6zH6Tx4viYUOx2+iLfJCmrQbaPlkGDh5mF0tewsfPJu2/DPlFbUz+NR/2jCJxpCLCtYBHNNU1eXp5kwWAmbUfQFlMRNuLYbth2rf6bLc46nSsYdkMo5W8cOxd0K5wL8MTRiPBwad8qAf1cgWX7D3HQjghJ4g4wuMyxljZGaJeR0iFmIY3NF5LSZm2GcHjNdmw2qHDNTtU85zUiMs/xzX/Gv+l3Ie0KW4ORUN8px9zV9HlIINdHlCyjzahWUO/huL1tW5rJH9Xv+d6p7ACHGVOamkZDLCCvebmYA+3JwXjlKfvwTexq5/xNCJTpMI7FXVMe7liYesKOljmABXWFZREUTakdFyN5a8rGMxreHEDGZQD8rIY0PMc9kjhZ2VhfYQ1k9+c1MTX4xbR7ebjhpNgtpn51h+2Uc8eBUM/IsKTH4YvzxAiYOeDmM8NMxObO0lWroL3CdXfzbKFZI3yDSWr8TZ7QgHmgvPpLlZzTvUomDsLuEedrGKO6JTrJH8e5yGXPV0j7YA7YuI82Zr45hsFhDiCLNlTJG0thIAg7rgzP0TkacKHdj2nf/WAaG0HjBIeExtr1m2UPdvW8YOykD3Z8enTvagiJzKxs4YeixAQJZWz8sEEnJSVKf5AqfXt2k7dee0nmIW05uwtryhUvIvzAYE+kB1acMfjySOL8yAgzEaJRMDrmg3YU2PhZCSkumg+jQ2RAKRZG9Rumk0ymTdIwHdQV45FXZOLyoNNHf+wYFi5eJpddbJ2cM/GCCbJi9VqZv2wdGBkX7Ir7y+9vuEaSEuONAaOVq9aAXCqQGBgUpJ6auuOHABdJwRTzqwmSRvp2QpSLjqoh7HCpI009fzbIIUOHycZVT2AXuQKfmyF9cpZcesVVcu6E80GWvIMSt8T2//vvf5lJLyfgVC25/Kop6FgwmIANd4WYIifqH37wvrFncu3Um+Txfz4sb7/1ppnEh0eEy6KfpktE176mI6LajR+OCMvZZS1oOmHxWD9dg4cMNWQJ6yYlSfbt24P0d5FpX3wmc374wuSH9ZODjnuEj7HJsgNSU7SGTj80cEnHAbMlHNtI+r48Y+CQi73dENV+4G/PwPZIhLF9MGD4uZKRnm7woAHAX+f+IJFd+pidiO2pGbJrb6FZ3FCsj44nKbBd7YCB3Cqs7qNwVLitt9r4/FgLIA4Q/JhOhBWDhXqEb77qibLl8cGeIDjeXeEuF4AoefCSPEM+fLXITzIgcULpDS+ohOyChIi7G5lzSI+AsAjE6TY78pyldSikx/BO2l4XYxyWkYbCxsmUV8DIP5Aj036fD9HXmvRAtI/JMoljemsumWbzy6QfCxSQMsG+0G/FXfZh/jDiujzXWcaGwDglCJJte1ylTyKPkHWS1GwP2FApkPU7POW297xhG6XSGJeloBL9mkiO8M00mGhr4maSmuNYT9lGaCuCcX795Wfy1n+fg10o2AdBe2ywfaBt7qqxFM84Tfnhm7vyfr4WYc2ks72zHXFw507Hpg3pUOXCiWtop1k5e+jVyoR1Zd4jQfPOG68aqTPGn4/JYSgMpn3x0VuwLTVXhkKseDLsJkyElNjMb+aaNsT4mY8T6ay2iuMUd1r54TGCmzZnSFsQhnuhS07JLZICuZhEeYSxnThhF382jFHPhvG1eLPQ/r+//kX+/sAdOBkmsU56iQ/D//yTj2UbxG1JTG7eng5d8hpJSUgQOGKXtiUbUnD+sK0F68T1HAmFQPQ57732b/l++gzsXvaTq6D6dxEIpqW33SSuQV3NWF3P2wn9ybyxr//Ps/+ABf+uct8D/2ekB+0yYz0hcf78s08bOzjcAQ0yUjD1yxRHvyOsIJyEtnrJfNTBbEiQ9BUf2DfZBjHkjOTVpr6NGnOuIV82bVxv8sVJPW2gkPigmokviD7aWYoYcLapozsRTtt27U2ZZIPU6gcbMDu2pcq7r76AzoYbQtb8huMM6949990nt1x9o5QH+Jr+vKX6cZMQqyMyl9wNDEJdY19M54+FE9XD6LjrvB2STM8/96zEYlOL9toS2sXDuG6uUUc678JLZNjYibA/lyBzZ0NyWEjw0bFftsIrRFi+sDFEx7kZjUrm5hfKvqyt2DQLM+/NnTtLFsybi4l0ICRA90FyNFGJEoOY/jnTEaAKA9Uz0nP2yoDe3c3mL4mPRVhXtYLJA5o5sNsasWLflIO5Iduz6fnwx8zdMrLwFBswoSHGQCzf3YcNi3QYDCcBE4H1UzmIYErn796z1/jnprQrxF4Lceoa+z8fpIWbddw05mzGFfc9sP7hPc5Jzbt8js0M9r805soNMfYbJE0jME/mmg89IaM3fSXTxjUc12PMB1WFXHHvBA/FJv5j/UN8648uRw/T6hvtMiuE6mspxnyug50pnWCUwx066KMHeDANwI8nuu1NY1lzE6H+2gBroPINOC12l6TuQDmUZNXMuRmftZpnfihhsh2bDZR4p4pXU+blLDdPECYroQq0D2pXnSG1mZCYiLK1BCEqIa1B1RtKrLRr3056wFwHhRp+hVCFH4zaN8cdF7KEGSfBEY40/HdGpXRJgvGcRDCQ2Ih2wb1BnZ3l5iHO8srnB0F1x+KAYuIumJjv2F4tr8+qkhAEVIEPwzvoaiaXfIbJ6ebNW+TFfz4pofEdZQ/PASdqIB7CIOse4u8tqZtWy1WXXSIdABAnBh/973O564kXJdIP1vfxm0xYVvJe+cNtV8o9d95mpE6643QZCUoSTxAtcdE4ZcehBTEMjyoX+XnhYvl12UrTuElM8LhKspI784vl2gtHy98evNd0Ds8896I8+dqHEh9oiRO98/EXpnGyMdMfx/bc8mp59E9T5a7bbzWNlyobXJQiehheLJOLIdZ06UUXGPspT/3jIZkzb74Z1JnOEUMtsaKFi5fKjFlzxRclSLwc03wQO71qOgIWk7584TJ4LTDeeQINDYV+9dknMAAJUX1M9EhqsOPOBxvPRkmJELpzxg+VWYuWgTCZbSQ+br39LxAvtiQ5WJdScZRWTi4miXkZkPCIMHWU/srxjGXIhp+6caX5jDl3HPT542Xz6kW4v1fGgXj5+pN3scu9lF5wwsU9Ji08BYb66VRZqZ+ubj16mXfZaXIwfOqRe6UcxvVoy2EzxJYptcFn3K0sg02DrbvM6zLp7rvMQmXB/AUSCKaYg0vFMRojAABAAElEQVRLOFpGl31pMP50C86OLzELARqESocUCQfCEeeMMou4POhEjjl3PMT835It61hWYjDYALHAZIi9szy69B4o65b/Yp71GQhRPRBbS0A+BmHnpCkdMwMwVANwsgYfNGL8N+4I32zrHiRL8DLJjHY4Iv3xaX7y1d07ZQ+kOu6Y5iMTO5ZjoIdUDNZHX6/0lCnD8+TOCUUy7nlM/AEF1Rrfv6nASHt8vtpDzkrALj2kTKjas3S/i/zjsxD5x6Q96GirZckWa6enCuSMM/swxG3SiTB4jx/BpxtO1Jm91lNG9sqXR8YVyzVv+JoxL9i/Sm46p1D25LvJ55tdZUBbpA0SJxe97yv3JLvLE9flyMtTPeWWz7xleHyllCDdzOPRcOBzvmcP3JaHpv91Qd9N8uyeP91Q65knVP06dznUOPY13D6ghrIcp2+IVzTaWjUmVrR9ILJx9WIrDEjvsV1ywfbNt3PkyinXyqWXXylLFsyUrestEvJc2Lv54cs80x64g2I7EvWzvrMIR/sebU50hS2sudO/lNnfb4c0QT8YH+4KUR4S2pbIsv3uifpmWw2Li5Offv5FLrrsChiYvQr90VRJXscJpMiNsHXEvuvnBQskISLU6IxnQk100+ol5jPhvAtBSFkSAAdycAwtNhbouPikQVtOuFatWSMp66x+iM9+/nUh7GNcJZdeBuzmH8Ru1HmX4ni/bMmBug8dd/mtnX5I82BDIQmi3H6dO8n8md/It1D36w+7E1S1aGlnV2P2wVwI0D379FPywF8fxkSrjyzDyUu2o1QOCRBHlwSVLTr6Z32iYx9DEo1u88YNMMo6CnkukQ9+ecvcW79uDfqzsUaCj6o/dMtwShkl6G657Xfy8r8eN/f4ZzykFEluMd5OmBhyLvRPqIeOxekvt/zxzzD0fSdOaXrGkHhMQ3JysjwHQuehR/8hjz33hLFVRTUxtkE+b0lHPGlLbj+Ii/2YX0+88lromreX76bVtB2Az42lbRj3+LFciFFrmzFjpjGCfv0NNxud+NmzZxm1ygwYbTZtkZtycFswlg0bOcqMzzO//czcY1vknIl2jtj2KTG1fuVC84x/KD1m4VF7Sy8UgTMSAfYJXGhGYJPMH2Qt2wWNRHthzOWJOJSAd6lZiHKjl7YVaaMic+dCo95g9yn8pnR/OkgTkvLsC9lX0W3Zmmru8R2q25BoSYPhWPZGId4esCeSYuYrvpA62AK7JZwz0OFEdWwceUgK7J3Q8V2GZffZ+zEH51QnE0fW7ty126S9vkQi47D7PqapluQxIZ7af5hublKYza5GJpVdfBHGKc+aeft+SKAfdDR2itOJajYUD94/8pUnJXSwTqDB2FEjRxiJFRJdGFAa9MjbXIebeoW1zrZtqXivpsPGFesBJYHov6nzcUZI/zxqOD093Rgj9gZBTgKMjvWLamDkBnis9BCkpVt3jNH4XrhsufiBaGlqnMeFLGHiOIekms3cDdXy/dJKiQ8Hu4/NJKrjRMHw6zXnuECSwtjUM0cIb86EWGYZdl+wiFiyqUpmrK6SOBwmUG7NMxikNcMWqplgRxVqK5x40P4IXaCPhzkJAtHCWc2GBSmR7WD/oz/OeIY4MUTKli5fDnGRVHH3x25MJUWzKiQ60Ve+/XGeXHzh+YYsOX/COJk5ey5OqvkZYrLB1sKQASNYlIdxbPDVDL/GMUbIioAlwnFWYEC548TdOnOEa06eVIHFIEFSXW2dzkNvbPwszLI86uyR4QOjijzlYUdSKmCYDb+9narkmef/Y6ROhg6CTnhf6NjiYzuKxi34ZZE8/c9/y7JNKbDv4mOl135Bv5uFgN0RUXyMBpGeeP6fKEvu8vkbg3zz5842NjBefPNjLNhyjAFXO6KR4y+SP91xN45o/D2s7o82EiWZ6ThCC4ukdIhP84QDLyz4qZdNq/6sO7vKo40YN48oZpzeqNesQ7Tu/9fH/2V2t5NatZEff/jWRPMpRPmvgaTJO59+D3Ix1TxPSGwlTNfs77+QBtMFGwC333UfduUuNBWZu8ASkiDPPf5XnJrQTn73x9sMWcIIqG7z6NMvmjoZGhYBcfxgmfb5p5KyfpnR/6ZY84l2lLDJx/FxNIxLY30rly+Vxx+6uzbaO2DIcNDQ4SBKO8j/PnxPrr/pd/I28cCuJHdsuSv+6Ufvy6PPPCevvvAvefCRvxs1HjZiGlhcgiOguShzhaHDMuxuNNaZPgCNl6o+TiQcavqbo/lney/B+7QV4uNZiQ5a5NedrvL0l6Gyv8hZciA9Yj2DVW8Q9B9scZXXfwySm8bsk21Pl8qOHA9pF1MiEQEV8tzXIbJmn4sMb1dhwiLxMQDr2ccWe0jryEC5/sIckL1MEfoQDyzKOWbgnZqxw9yj+o7ANko07J/8d4WH9GodKFefs1/6ty+RXTD+2jWhGGFUycP/g+QGCBmG54HTvqa0r5In53nKgA6BcvOEPbJtN4jDddglgipPhWN/fQRAiAUH/eY42x8t5lOSS3xiJCkuDORFFcYdJqBKPv7gXVMf6rePn+bMEhpIbtO5j+lreerGQ088b4hM2uVYs3q1EeX0QNjcAflu2pdyMRb8r334lbANUy2FJ2ts3Zpi2ifbKx0lBa1+4jXTT1DElcfEbt++HcTNTbA9cYGx/dGhUxfsbswC75ohHpEtY2DTTCI8oCKydb18/cWncsmVk01+sjLSQXZAQgv2j6i2sXrxT9LrrKFm8jMWYqy9e/eGJGUIrOYnykfvvS3X3nKbdOjYCQvbDjDUttacFtSpU0cjTfL7P/zRSAawz8qHZORjf33MqNNcesWkOthRCujN116WlLQMgxtxKvUoMddZ23bJ2LFjZeyECyCBd56pH23bdpBpX35qntcMveb6hP5BtbTbOEkzy5irk2xLzjI43HH3/Va9QyI4ZvOIX7uvZJ2kQe/3Xv/EJJHHNppj51HXK9nc2G/CqPSihQtxktl5OF46DeTeTxIC+zALfpqPU3DON3auFsxaAmmKblZdbdfevMsTvihCHY9+nnOLd998zYoDmHMsob2Y6V99LF1gBJWqoDRkzFMCKLEaFRUJgmwO/LxqToi579FnYDD2b+hbY83c44TiaQInqFabpxrc1BtvhIrolUaVlScvrV6xXN772Cpnvk5pmYfRLoknT1tYunihfD59JojzdNkAUumCiy+DjaqvZSuI8XZd+5gY3FHHOTek+/ijjyUpqTWIo9vkHJw6R1KqVZt22BDYIG+/8YbBZMy5Ewx5yTrLOdv7sE20DyrW1LVnm1GnCJypCNhEwrZN2cbwKk9JS4XEfjHWKYvXbxFZsdGChpvcMK7Z86we0qZVK8yEOKbXbTucx5EQZxujs8dvDv/clKOzJcx4zRDoHKcHda6tx7XvmXdr7jle0w9JADZlR/8Or5pLOz3175+qv0n08uhlRw2Lw6WV/RjLJCycR/H6HhYHlhjXJBzrGP5RHcL1ATGRi7F+a/IWMy8KwolixtkF2EAgVlk4GRUvqqwGRPnVbkbwdZbXsTjml/03C52G+u3VNusXpZGcnNC3I445GGtpVoDHylOq+NvPpmMsDG/SWOjiGxj68LEk1tEvIffDjufyHSJnt4UOfhiKrQbIONgxGdPLRUb3dpGRPV3kyU9wGsPTFfL6N1Xyw8ZqicFmUlk93FjoBRWusH3iD8OqQZK6bbv8umgJRDO3ig8kN2iPgGCZwkY8PGK3XVyUJMFOCEW25s7/Web99AvpFkiBYFBFYthQSLikbYVuXRSlSATGaLJlydLlsjUzW/xwrndDlYfgMwyKc5kPJsucOLnjOwBGWv39fM055PN//lUy9uYYCRZ2Aw358UD8YbDmzNNs1qxbZ1RvaICH8VK/LhcD+A9zFkgpdkG5GKC4Go/uohrQ9zh6+NkX/iNL1qyXcD8LA8cy0OvmI1Dg5GlEql1hLZNly09hYQGM602Td175F4zkdTOGe5cu/lU2btklbTq0F//gcNmRlokjyAIkD+ztzBkzJDoqGot3f0mBvY3XXn1V8vftMtaoi1Geq6A3R9bbCeVMg0M8TnTt2jVGioIDFK06czJH9axZP/4AEfXXMYnuKCsWroMo/RrTDkgMlEAMjtb9aQ+Fk+w47CQfkq70TJwG5Q+DWEWw65MjhSDlNqK+VXj6y3ZIX0RiQu3s6mF05O38UiQuGztxH7z3jsz4+n/Yxeti2OSWGGDY3gvBBifERmEh6ov8T5dKJw+DnZd/MCR4snDfB2ez52Hn/ivsYGSYI7lp5KkUKkY0uPvV/36AbqyXzJs3D8/YLgNMH7R44S/yyrsfSiSMJNL6emMd881FeQDsJ3hjEcL+hn0B7x/tw4i9QFr4wkBqebmb/LzVXYLdnWRWiptsh0pNa0iTmE4dA9YvkNyIgKTd5xvcoT7hBYKEBEu1ZOz2kKe+DpQPIFXSKciK2xNilL+mQKcYZEsbhDFri7uEOrvLpkx3mYPTa7oGO8v2HHfZnOVq4vYBrpG+zrI12102wOaJH9IQCXLmjRVQMcz1xHHEZOixG53hKX/9LFB+3eEu8f7V4gF1oOpKN5m3yQNqPyDCN3tItDdO7sGJPAt3uMJWFTpd4sB/R8DDvIPndBxsOUDy/aa4/P27JQpSVrkQ6V2+fp24Y0LGdkQpiqDQAOy4bzi0fWBxRTUd7qgzTn+oRHDA5AKL9Z2SVuvX05ioNySyVoOsdpfFP82Q3Xv3G51Xkov5qGu0qcFTSGLjW8l+SH4t/mU1jr4NAPnC8YDjCv4jPEqtfPDGR7guNxIYXODSkOcrz7+JNCQY8rwpeT6Wdw0uYZGycN6PkpG109h14aK1APn5Cip4n7z7qkQldrRwqbENQhWnEuwWkjD66n/vyICh52BXMVzW4YhA2r4odPY0OzI+UDuxyhu7XShHToozs9NhY+KbQ7Cb9uVnMhfH3UdGBKEfdIKdigizw796+TL0p63kl5VrxK0adpKw88S+Z86sGcDwJdPvGKLhWEBotF8WoNUWadB9y+ZNkpq2HwRrJPrdueLu6Y0DuPbKyqULJTyK9j8suy0MnnWJ0k5c/EtwhIQBywqIkq9GP1/FDRHg4wVGlGLnwdi1Xbtqpaxfs0xCYNguE+qOIVCPIRmwduV88QsKFf+gMKhsfQK9/krs7IaaoxkzMMl8HYTTwp9XijeMzvtil5U7ZiuAoZOHr8xeuETiISHERUvq1hQQDq6yYtkyYZ+5HBKOzi7oH+BvR/p2YwPFJhgaDU8zXmTrdsE4Skle2iVgPWGbK4V9ktkzZ0DN6e/oi2NAtLng+OMgPMNz9INcEPA9SmtuWLIOpFKM5EKqshrSTAt+mifpsHvCSXvevmIchxljVJlWLk0WLzDRn383Q0LAOvtDwpJ5XAcS6+XX3zQqYJyjUTfezjv7Dh59SbtEZm7YjDyqF0XgVETAjG15xTjGPNGMY+kZGbIbJgo865GCbKNomGhbUOuFFAmNMMe3ijLH8HKewzVXa7SxNnHR0hq2RswnPkZatU0yhArtkHDXnushE5YDGAi2Zow4+IRXZsPpkLctjwffNN1xbWiO9+2bDd3jMxOv/dIxfFvhUCK4Stq2TjJk6xacpMNNQ+a3pRz7Ta5lqVJLFSVbzeRI8TPtJEHM/AT9IPu8hj4kEQoKcqUQcwLGczTHdziPWoQxe9ncpbJs6SpIXK6UZYsa+PC+/Vm4XFZCoru07AAIDPbxJ8ax3tsfppVre9ZjXvMkHEomcezkWLJl0zaME95Nki5xikjocFzTjvFRciD9ct3ZzvLIZFeJhFQJxnVT+01x4A83W/7wYrm8NrNK2kPN9gDIRswNGnTMaDF2gfMgwmmca7RExQVYKi0N+GBh7k5PxhNmC6REHI3N1K0IBJEqNFnbKJpkiVr7RLbG7i4M1fBhExxDLkaG7PQ5hyVJuI/nEcNBlmRnLown5aaZmFAGdWJkenk6SkbqbtwH6dQpEXGUS07yLsYmkZhwcmeTizh1xw8BNrSdEDXniTd1HXZb20Qb0oCntPBokJjW0L1EubN+0l82jnCE2SKcDIFjoffsqPXOE3VoyDAjJRv39sJ4anvjx9RrTNTycIpNUHQbsKPWCTC1Hs2FF+JpZTpoDwx0BZAqystOdXgFx2i3STLPj5wuTqTZwPZDJaijaQ80DEyxaAmOx+4d6qJAlcPBueKEC54cw+M7mdaWcoyLR73l4thmHrfqB5FL1nNizLQwzTxeLAJp24kdjvLdB7FGZiS6VaTpJDkZzknbXCfZzHuT2zfSw3jjcIpRECYPhug6zGBfJzL8YE+CZip5MN66Kt9JBoWAJMA9EN5GEs/sPKNYFu1zhpRIlXmXqng7i5xkw94azPG7Bwy/BoM4odQd+8nFDu8zTnAaMm+3s7SDpEecb7Vs2I8+F/c7gASh5AfTsAb3/BBvK5AgvMciZVw7CjCIYBFrEobn/cIgngminpsNBbBrshL+BuAe+3W6+btwEgriSbLDsW4f/S+iYN+8HQMWRSSbUqdYZhTpzUzBDhdsOZhFvkM/zefcXTi0fcAIbptE0075Tv36wESHxLSVvZnJ2PFobchLEukZmXvRzbK91jjXSIlPorFTtvFKicFxwll5BQ30E5DQatUJNiaYTgxyNS4G9zjpamnHPJOMpQ0g7tAfdGHoNyJMv0HVoD1Qf6nrQkFkRCG/a2tvh6Hf4qKSbdP0G7VPrAv2cyT/0zPQj5Q4YOcRBUmMILODw8kb7W/QxeCEKvafJBN4wpWja0mC1jHe2jqC4/2igwOgglaJPLlLeg0OPHo3LXk7vEAStJ5jneDGRnbGflTRnZh3tMcE1Zqw8VXWd0oYQiYWeY8xeefGSDZOeaEOXGzr1qY8+B7HgvStO3D/YDw0ZE2j3uwLOUaxPENj2xm9b7ZdKxxv8YFtp6Jd24yKCSf1LH+7HO2xBwG3iGNe7D67boTuyC8M/6IfYBqztnFuh0ljHReItmQZ5S6uGSc5JoWB8GQfTLskmamWnRe2OaOSU4vDwYA4t6K49e56YwHfIH6skyx3dYrAbwUB9tOZ6IfGjxskrdCvLFmyVNZtSZUAb0/TFg7JJ+q/LzZ7oyLDzThqmgPaknENNA00a/RV5ZK9MweL7cImjeWHxH2K3rCzX4b+dsyIobBL6Ae7Wj9C9QjkKiZDLdllsH/ih3PgxjhqQRgti0a8zLrCTZ2mOEMW2QA1wSOFAU5mX2uNwVhTO7lAuyTEzMlYlxvrjjtZQl6CFckV+D8JsuTyoWS1kBy70eE5yZLf/7tcXv+iShJbY26F3/bjhhLOTNL6LXcwS9FIy1GBj5RHTjZoPIa7a2QCD1ex+Q7fZQEWQyqluQXJ9HliN4cTPxI7DUmm1M8XKxwN1HDyUwI/9R3D5K4Mv5kP5peTK+aFk7jGxFE/TP19dASsCebBzoM7XZzU2ac58BSjSuwYsjNi2djOC/fZSdEuDSeodKxPnCxykcjFHid4nPjZzkgVYDLOBQjfNcZIUS94zbpejp0wx91VdpZ22AyDaWLa6I6ULpvUYf1hXHQMi/HxN8+ZpzSLHS8n/fTDhdTJcKY9IW02dnYabLxoTb0STAMHLSOCV/OCYzkxDGJllxHbWWMHEDs+ftM/22dCTFSTyRI2WrZXkhVuMNBaCvsftR1dzTP2l+6wN+L4zLyPe/TLKlYGf3ZR8Hf99xmPB96vhDFWSufxmo7++D7DodFWGpol2cJ7djrQxYAIqYmLfhAGoDKO6WBctE1ip8UTvysQDk/CcQzH8tHwX6aG77IdbMMRfiwnu1wa9nHoXdZNlifrrV2H6791pPbBd+u0LySI/Srrud0OGAcdJxBsr7bjO0yzHT/bMN8hCUrHPoL54SKOdYVjCp/TMc+sxyfTsd0ftp0gYew7mH4r+1Z/V44CZn6tMcfqx0z/gPeIl/W+lW/m0S6ThrAjznT0T7+Mh23YrgNMG+Oha247NZ6Pwx8SPjxJoQKMIrJaJ83MowfGbPbjdl1hHlg/7PHAzr9jP28ny4wRwIIqgHbeGR9twLCO2Pf4PuPgQt52jn0hxyjadqIBRGLJdDIcjgfss1lu9jM+t8uxoTTZ4Z+ob+bJri/sc9hWHMct4sj0UR3ZEVNiRDVm5s1u17xHu3O4Zd417Q8/aPuG8fDDumRvjnGOxN1YRGt2y/mccdjfNBDJZ+oUgd8SAuwfsnBy5vA+3SFd0l4yM7Mgwb5BckFssMLXrfP8hT4M7aoY9hKlBIO/45q87st8FYMaPh6QjPZxx7yGL1th4OI345hN9r9J8bHSFTa1eOwwDxfhPIAb2fVhOZUybveFR0uj3Y/a/e6plIcTlRaLHLfWTijGJrnjTpYwdu5YZhSLXNDVSZ6+3k3axtC4oJUuLg5Ksb6jZMkbIEsSasiSo6WaFYCuMQVr3uT7GBiPWmGaEO6R0mgFYw3GR3rP8ZnJ01HSaFV8yxdebVSeHOPQa0VAEWg+Amx/JZhwJ8RGG1WGpkiWND/WGp/syI7WgR1zJC0UF/LCRXVq6nYz4bD78+OVfA1HEVAEFAFFQBE40xHg2Mp5ClWWu3ftYuw3FpeUmHtmbXRYgI789FBvLTU5OTTmE33HzhltWFFdhcfUUo3DFQtY+9mJToOGf2ohcHD77Dimi2Le4dh0W7WtWh58F2LTwXUbIeqerEipFr8Y7n42LuLGkCR2SKYyG2bBvnP476aEe/hQDIeBx01rRo2Jm+80MitHSp4+UwQUgeYigGZNSR+LuDRX1g6LHR6bvWMXdzx/M9zjGR7TfLjw7Dwc7jn90jXzuRIkFnz6VxFQBBQBRUAROBEIcM1A6ZLCogOydv1G6dCuDVRsIoy6hY7BjUechFMRMExOSZXt6RlGAptTH3VnJgInhCwxc2lMvEsgffy/X/Ar/9Aq5g+ixKdGN/7MhF5zrQgoAqcDAnZ/RjWgaoqQ8ePo6v2sQ5zwvTP9OSEgBvVxIzbqFAFFQBFQBBQBReC4IcA5C9VF8vMLZOmKVcawJtXZ1DUeAZJOVGssK4NtLapEqDujETghZImNKKtXHGxLuoTbd2q+0ZJLIVFiq+bUe6o/FQFFQBE4pRColSrhgh8fJ/RhhkRBKmHCQ38fDQ8DG/+cUsWqiVEEFAFFQBFQBH5zCHB+YhuZLoZdH5VQb1oRc6rCeR9t+hFLdWc2AieULGEFM2o2jVS1ObOLQnOvCCgCpxoCtWt7EiQ1HyMh4bDuN+/o71oepCE8eE9FgE+12q3pUQQUAUVAEfitImATJDz9U3cqmlHKAFCJkmbg9hv0ckLJkt8gXpolRUAROMMQoDimsVTi5IwFP4ZOwwacYSAcY3Yt/I4xEPWuCCgCioAioAgoAk1CwCJNdNnfJND0ZUXAAQElSxzA0EtFQBFQBOojwCkGhEqMZISRjuAPdU1AwCabSJmoUwQUAUVAEVAEFAFFQBFQBE4PBJQsOT3KSVOpCCgCJxWBg2o4ypU0rSBqqJIaNRylS5qGnr6tCCgCioAioAgoAoqAInCyEFCy5GQhr/EqAorAaYGAJVkCsgSGvpyqSJqcFsk+ZRJpwWWRTUyUwfOUSZ0mRBFQBBQBRUARUAQUAUVAEWgYASVLGsZF7yoCioAiYOyTUN+3Vg2HhIni0nQEAKATjw1SpwgoAoqAIqAIKAKKgCKgCJwmCChZcpoUlCZTEVAETg4Cxh46FvvO+FRx0a9r/qYVRI3RF0rmqFMEFAFFQBFQBBQBRUARUAROFwSULDldSkrTqQgoAicFAVttxD46WJf8TSwGAmaTTApeE8HT1xUBRUARUAQUAUVAEVAEThYCSpacLOQ1XkVAETgtELDUcCybG5QuUdd0BEg00dCrOkVAEVAEFAFFQBFQBBQBReB0QUDJktOlpDSdioAicFIQsLRILLLESJeclFScvpHa+JFoUrrk9C1HTbkioAgoAoqAIqAIKAJnGgIgS3T6eqYVuuZXEVAEGosAJSLgjBqJM76q+KOxnvU9gxZkSiiR4+R8EDv+NsAqRIqAIqAIKAKKgCKgCCgCisCpiYCrVFWeminTVCkCioAicNIRwAK/slKcsbJ3xmUVuBKlSppaKJZUjjkMpxoAAkRSUFRvUqcIKAKKgCKgCCgCioAioAicqgi4Vnt4napp03QpAoqAInByEcAJLiRIqpzBK5MycXLBR+mSJhUKWBFKllSBbKp29wBNAgyBq5IlTUJRX1YEFAFFQBFQBBQBRUARaEkEjGD0lXfq/l5Lgq5xKQKKwGmFABVv/LDYd8eHnaVSJc0rPmKXB+ZJB5zm4ae+FAFFQBFQBBQBRUARUARaAgGyJIYpEdcqT++WiFHjUAQUAUXgtEWgQFf4x6fslGk6PjhqKIqAIqAIKAKKgCKgCCgCJwiBmgkrCBNXgVi5OkVAEVAEFIHDI2DIZf5Rd0wIVKnuzTHhp54VAUVAEVAEFAFFQBFQBE4wArVTfpIltFqoThFQBBQBReCwCFCwRIVLDgtP4x8o4dR4rPRNRUARUAQUAUVAEVAEFIGTg4AhTIxkSS11cnISorEqAoqAIqAIKAKKgCKgCCgCioAioAgoAoqAInAKIeAacAolRpOiCCgCioAioAgoAoqAIqAIKAKKgCKgCCgCisDJRsA1r0olS052IWj8ioAioAgoAoqAIqAIKAKKgCKgCCgCioAicOog4DrAq+LUSY2mRBFQBBQBRUARUAQUAUVAEVAEFAFFQBFQBBSBk4yAU8mc/mq38CQXgkavCCgCioAioAgoAoqAIqAIKAKKgCKgCCgCpw4Crh5uRadOajQlioAioAgoAoqAIqAIKAKKgCKgCCgCioAioAicZARcq6vdTnISNHpFQBFQBBQBRUARUAQUAUVAEVAEFAFFQBFQBE4dBFydqg+cOqnRlCgCioAioAgoAoqAIqAIKAKKgCKgCCgCioAicJIRcK1yiT/JSdDoFQFFQBFQBBQBRUARUAQUAUVAEVAEFAFFQBFoJALVhzG96nT8Tvt1Sk1JPkwsjUykvqYIKAKKgCKgCCgCioAioAgoAoqAIqAIKAKKQAMIVAsoB0fWAXyGRWk0kdjg6yYc/AEp4uzkbAdk7jOe6irzF+E3MewG0u1a6ezZwG29pQgoAoqAIqAIKAKKgCKgCCgCioAioAgoAopAUxFwZEZEXFxcxNnZhfyGcdWQCqmsrJSqqqqagBtLbFSLkzNIEmdnqaiolIrycoRjheGEwF1cXcTdzd2EWVlVie/GhluTjHpfrk5iJ7DeE/2pCCgCioAioAgoAoqAIqAIKAKKgCKgCCgCikCjEagGOeIKCY8qynmAIHGW3P17JT8vT8pAbriA6PDw9JTAgEDx8fU1pAleNpIiR4wCBIsT/FaBBNm+Y5ts3LhRsrOzTbgkXTy9vCQsLFw6duwoCQkJ4ufnK1UgZGoZmiMG3vBDp63bdtSlfRp+T+8qAoqAIqAIKAKKgCKgCCgCioAioAgoAoqAInBYBCjhkZOTI97e3uLh4SGbN2+S1atWSXpamiEuXCH9wfsJCUnSo0cPiY2LM5IiJDzotyFHSRRKk5SWlsq69etk5fKV4h8YID3hPzo6WlxdXSUPZEx6erqsX79egoKCpE/fvhIVGSn021ynZElzkVN/ioAioAgoAoqAIqAIKAKKgCKgCCgCioAiUIsASY2333oTEh6dzL1Zs36Ufv3Pkg7tO0hkVCQIjzLJzPx/9q4DMKvqbD/Ze5IFCSQh7CFDNoiAC/fAbdW6ah119nfWUbVW22q1jlpH6661dS8UVFBEVGTvkAQIIYMkJCF7/u9zvpzk5iMJAUII8J7k++6955753PPdc85z3vc9W7Fs6VKkpaXhpJNOxrDhw42qTnvEBsmU5SuW49tvF2DG9OlGgqS6uhr5+fmorKyEv0irxMTEmPN58+ejuKgIp59+OsLDw1FPqZSmEnb8xLvjQTWkIqAIKAKKgCKgCCgCioAioAgoAoqAIqAIKAJtI0DSY8GCb+EttkrOOPMsDBkytCmwt7cPBgwYiKSkZPzwwyJ88P57okLjj0GDBhsbJu7SJUyLkiM5OTlYsXwFjjvuOAwdMsSo+SxaugT/e+ddVJSXo0dkJM444wyMFYmSY2bMwOzZs7Fo0SLMOOYYsWPis1cSJmI+Vp0ioAgoAoqAIqAIKAKKgCKgCCgCioAioAgoAvuOAG2WfP3Vl5g4abIhSihtQtLDfijp4ePrg8mTp4jUyXj8vHgxikQShIZgGcbpSJ7U1taKOs96IznSv18/Q6rUi52TyIhInH3WWbjyiiuMZMnSJUtRWlqKSCFORowYgbT0dOTl5raarjOPts6VLGkLGfVXBBQBRUARUAQUAUVAEVAEFAFFQBFQBBSBPUKgrq4Wa8R2yA8/fI9XX3kZc774AtXVVU02SagSwy1+SaLQtsi2rKwmssQ9I4apEcOwmzZtQv/+/eEjUiJ0NBw7dOhQTJg4EZ5enigT6ZLIHpFGCoU77cTHxyM2Nha5+0CWqBqO+9PQa0VAEVAEFAFFQBFQBBQBRUARUAQUAUVAEdhjBCgZMmPGMRgsqjL1sq0vt/ClpAe3DraO0iL2EyHSIWfNOhs9evQwO+O4q+EwDu2VlJa5JEZ43xqDZV4rV6zA//73P4wUSZKpU6ca47GURAkNDUVoSAh27txpSBmb954clSzZE7Q0rCKgCCgCioAioAgoAoqAIqAIKAKKgCKgCLSKAAmMPrJ1b9+UlCaSguRGjRAYVsWGZAY/1iUlJ5uwDOd0ToWcuppa+Pr6Om+b84KCAtTW1GHChAlGmoRGX+kokUJixeZpPPfwS8mSPQRMgysCioAioAgoAoqAIqAIKAKKgCKgCCgCisCuCJCkmD9vnqjE9DBqMlYKxBIXNNa6etUqfPTRh2JLxKVi4y02Tn55+eWyDXC8Ubmx0iV2Bxte+8p2w2VlZQgRaRGnowQJ1XOCgoKMxAnvMTx3yKmUrYajgoP2mjBRmyVOpPVcEVAEFAFFQBFQBBQBRUARUAQUAUVAEVAE9hqBMlGZWbF8GcpKy4wNEZsQSQySJ3369MGFF12EWWefI9Iifpj92WeG3LAkiQ3PIyVDaPiVajqpqaku4kPSsS5RpFiOPnqqIVGsZAoJm+LiYpN/eHhEk9qOjdPRo5IlHUVKwykCioAioAgoAoqAIqAIKAKKgCKgCCgCikCbCJDcGDlqNHKys7FcCJMG2bWG0iR0vEdCg1In/fr1R0VFBbyE2OgnkiEiD2LCuH8xDo26Jouqzpq1a7Fjxw6zJTH96X748Qe88tprxr9Z9QaGWPH09ADJlBpR4dkbp2TJ3qCmcRQBRUARUAQUAUVAEVAEFAFFQBFQBBQBRaAFAiQxevbsiaOnT8dPQmR8t2ABCsWuCEkSP1GlofRIfn4+Fi78DnPnzMGUo44yRAh3vJGbLdLiBdNjnEGDB5vdbb6e9zVKSkoMAcMdcUJDQpEQ30uufZpImTVrVmP1mjU44ogjECjqOSRsWpNa2SUzNw+PjRmbnXZT3G7rpSKgCCgCioAioAgoAoqAIqAIKAKKgCKgCCgCHUeA5MSSnxdjgZAlkRERQqD0QrDYG6moKEdmZibyZEvfo6dNwxEjRuKb+fOE2BiBnr16tbBZYnMjYUJVnOzsbZg7d66kE4oRQoTExcUZWyVeIrlSLfZJtm/fjtSNG7Fq1UoMkd14Jk2YZLYVtuns6VHJkj1FTMMrAoqAIqAIKAKKgCKgCCgCioAioAgoAopAuwhYKZJ1a9dg27ZtRiKEkh5xsbEYOGiwGHTtZeIznFWraStBSnh4Sjiq4SxZugTZ27IRGBhoPlTzqWokS+pku+JJkyZiwIABTbvxtJXm7vyVLNkdQnpfEVAEFAFFQBFQBBQBRUARUAQUAUVAEVAE9hgBEiH8uByPLsUWkiO7I0hay4xp1Uvc3JwcZGVloby83GxDTBUfGoGltEl4ePhepe2en5Il7ojotSKgCCgCioAioAgoAoqAIqAIKAKKgCKgCHRbBChNQtUcGnWlI/FCuyi1tbXm2BkFd5ml7YyUNA1FYDcINPOIrr2vpUXvJkbzbWfIZmay+b6eKQKKgCKgCCgCioAioAgoAoqAIqAIdEMEKEXiKJaRM2mSNnHc6OApiRGSIsYorFsclyQLPV3SLFZ6xcwhOzr/lKgM6l0n7Is6RWB/I2CJEuqZ8YfSsIftjvHJHLKx18gPw9X093epNX1FQBFQBBQBRUARUAQUAUVAEVAEFIGDFQEPkTzh3HFPeQ9RHoJ3RFjowVpvLfdBhgDZPBreYWOlTpll+XZbDeql1dWhoHAH/Pz90TMmGnVyrU4RUAQUAUVAEVAEFAFFQBFQBBQBRUARaA0BEiUVFRVGLcd/D+eftbKVsXd4aEhr6aqfItDJCDSIPpmXWEAulnQ9EBYWJo2WhEezjIiTPGlWtXHtq11bU4sssXgcEOAve2kHd3LZNDlFQBFQBBQBRUARUAQUAUVAEVAEFIFDDQHRTTAqO2HhezL/dJEsqoZzqLWG7lofUZ+h3ld9PckPEYMSyRAa4CEpQpKER6rZWMf7ljzhPYpNeXg2Eys2HRtej4qAIqAIKAKKgCKgCCgCioAioAgoAoqARYDzSO6cww/nk/WyrXBH5p+0Gcu5qnfz9NMmqUdFYD8gIA2VDdM6ntuGSpKkuroa+fn5xkiPj4+P2e7J19fXpW7DsIzosArEpJzp2XT1qAgoAoqAIqAIKAKKgCKgCCgCioAicHgjYBfeLQqcT3Z4/tkYtnN3wxHGxr1QpnBmYuva0scWVo+KANsKiZKioiKkpaWhtLS0CZTg4GD069cPoaGhrbepppB6oggoAoqAIqAIKAKKgCKgCCgCioAioAi0j0BH5582lU5lMDx9/OATELDLx9svQGgcZuUQDbAl0ONhiwCZPUqUbNy40RAllCixHxInqampRtLEMICHLUpacUVAEVAEFAFFQBFQBBQBRUARUAQUgX1FYI/mn7Kw32mSJcy4JHM5SrI2OCQBRKSkoR4BEdEISxwNLz8xzCnX6hQBy+pR9aa8vNyQJE6pJJIm9C8uLkZsbKyQJtUKmiKgCCgCioAioAgoAoqAIqAIKAKKgCKwxwjs6fyTGXQCWULjnF6oqSxG/ur/igSJP/wi+qKhjpNbIUvEKOeOdf+Fl683wpMnOirlMuzp8NDTwwwBy+zReE5rjv7cati4vRRKchIwreWhfoqAIqAIKAKKQPdFgPa9um/ptGSKgCKgCCgCisDBhEBH558MR7fvZAknsWIutq5K7E3IVrBxY85DSM8BYphTbjAT+S/KGIS8ZW8iZ9k7oo3jYzIO7T0aUYNPgLd/mEibtNxC1gTQr8MCAZIZbREa9p5trHsDyL7E3Zv8NI4ioAgoAoqAIqAIKAKKgCKgCCgCikD3RMDOMVsrnfu9XcgSBmhrgtnePQ+xSULepK6mUvYxrkdDbRW8hETxFMIkMmE4/P2vRk3ZDiFLvFFdloedmd+gdudI+Ab1QH2NkCWOlRPmQ9dWOcxN/TpkEGjrObfl35GKsw3RHkppWZloflFyxdHAOpKAhlEEFAFFQBFQBA4oAg3w9fNDUGCQrEm13FHugBZLM1cEFAFFQBFQBA5yBNqaZ7r770KW+Ph4i1SIkB2NhIUTB96jakR9vYvMcN5zndPfQwgST1TJ/DS3rAo1tXWG9PDwS4JHQF8590S1/3ZkZ6yAd1kFxPRrC8d8aa+CrqamRgmTFujoRUcQYBvamL7JtJ+6urpW23JH0tEwioAioAgoAorAgUSAO8bR9YyLQWREhOnP3AdyB7J8mrcioAgoAoqAInAoI9BElnDdvU6IkOycAoSFhcLP13eXSWZ2Ti6Cg4IRFBTQJmEiShXUysHavBI88G06aoR4qZPJaz3JF35E0sRTjLzmlw7ELH/gytgK9AjwQi15Frnv7e2NrG3ZJu/4Xj1FSqW2iTCxBI5zoGD9+JCsv/Wz17yn7vBBgBIlJNrY3Nie1CkCioAioAgoAgcrAjU1taisdNnv0nHNwfoUtdyKgCKgCCgCByMCzTNJITFqZRX+x5+XyupFOMaMFhUZkfCwxENqegYWL1mGGVOnICQkWKRPWpf6oNpNpajhLMsuxpHRQbh2UopRgCAXYh3FSdfnl+GfSzNRUFqBmKBQIUVcEgCc3H49bz6q5fqqyy5pIV1CAodkCyfDdCwbpVC48sLJMR0lX5x+bRkPNYH165BCgO2BA0mq3lCihG3Jtt9DqqJaGUVAEVAEFIHDBgEvL0+Ulpaa8Y0nV6PUKQKKgCKgCCgCikCXINBElnBS6efrg7GjR2D+d4vMqvy4I0eaCeeGjWn4aekyjBk1EjHR0S2kPVorpSSFWlHVCZIdcPJLK5FdWCaEhnTw4m8kT2RCu7WkEjvKq1wSJ27mJEh+eDGRRscJMD+paekm75S+ycYWioeE25adg9y8PPRNSoKXt5fo9gZia9Y25BcUgOECAwJ0wmyBPEyOtFGiJMlh8rC1moqAIqAIHPIIeLjGSntYT+0H9xAwDX5AEGge7R+Q7DVTBwJu0zHHHT1VBLoPAl0tYdlElhAC8hOxMTE4evJEfLNwERb+sBjh4aFYvW69IUoG9ktpBynn605UcSRkpajgLN1WjG9Tt8NHPGjwlWImvLe9vBq5VWLPRKRMjGVYR8omJUdy7PCfff4lZIkakL9Il3gLKXLX/92CJULgvPjqmxgysD9+/8hjOH/W6UKaJOK9jz5FUp/eWLZiFX5x/jmOlPX08EBAX/eHx3PWWioCioAicHggsDe9WlcPKA+PJ6G17GwE9qZtd3YZND1FQBFQBNpCoAVZwkAkJmJjojFtykTM+/Z7pGZk4KiJ49FfpDTadR4uI2Qe3AFHyAwRJYG3Rw1iQvwxpX80hvYMw8qsIhQJSRIa4IPosAB8vC7HGJPddaOSZqbETyzBLxbVoJ+WrsDzf/uLkXS5+FfX4yfxW71mLY6ddhTOnXUmFi9fhZFHDMfyFSuN9MnFF54HH7VX0e4jO3RvNref1urYIFJP/ONAku19X8Wa7erdgRiYMm+bv7OurJP176xydXZ6zvLquSKgCCgCikDbCLTfq+0aj+/r3O35Rm3ZGol1hmorPfpz8trivuPCcepMrum8vfvt3WMC0iub76bEGk9MvAZ7j8eWrmW6vLJh2NO379q+78rPVaa202jKwZSP4Zz5u+HYSjJt5+8KvLv7NsdWkm7yakqj6aTpVtNJO7dMmN3dZ6AOhWEg+yhNyq1/dSQtxuxIuI6EaTWtdiK2c6tFhWxLbOHJC7cbbpe7BHd67C7s7u7btDoSTobJHXIdCbZXYdwiuV22WrbOCLO7NFrctxdsFB58Y1iPVovnuNt6K2o/NptO+yHavCtlo2t5n1em4OLfenl2jUOflq5lmq3ca86mxc3dxmsRWmyriokFXxGaiI2OMnM4t9v77XIXsoQ5sZONloIcN2MqyisqEBcb0/bDkZo2iMFWL99AIUkCkf3jy0BIPPKz/OCZMFXsoNSbD3fQobHXKvnU1En3Iteu59IaVGIElhIn4jjpy8vfjn59kxAgKjW8njBmFPLz8zFl0gQ88/w/jeGzEUMHoU/vBFPW/IJCXHr1b3DJ+Wfj5JnHGz1fk5h+Hd4IuN4H8PP3byRIXC8G2sDZa9s2kgQJPcbnj5htumnw1AVoe3t5w0fU51yEiPxm+LOR329VlWzdLYQlf8s0kux0liRy+u3unHFoC6i19HYXV+8rAoqAIqAIdC0Cpk+QsRknO0YduZ2B8L6WrLFr3Y85NJfQ1Ws3X5szWwDr3Woge7Njx05IomMZNYZqJopMJy6+PO5f17E6uoPbuWXqWBn2MM99THQfo+9RYff5Ke9zAi2L28nJtUzcXHWsPe3/crAwtiyuJ941ebaEZJ/ztAk4q2L9HFm14uW42zmn+zsPkkSlZaXy2Niv7e/cWmLSKlnCICQzIsPD0SMycpfJVsskpMAkS3wCET18Fsq3p6FSjK36Fgk5IgFLKmuQL1sIV9TUif2SKuTtrBTjrfWIDBYyxVTW1UidaXJCVlFRiSqZxNbJRK9nXBy++f4FQ5D4C2Ey+6tv8ch9k40hzzwhRgICA3DmqScjQCbBnPhec9XlmH70Ubjh9ntxzLSp8Bd/7vTTtdA6a6TnBxoBtikSbfyBrVq5AqmpG4Rkq0SfxEQMH36EIeIYho5H01Za+TE67/GchMSKFcvxzfx5Isnkg/MuuBDBwcGoJ3Ei8W2azh+2ScORtvu1RHK9whvDtJUGDdhuF3s9y5YvM+SIkZiR36KPsK5Tpx6N2Z99imHDhiOhd2+8/uorOPf8CxAhW0+SSCEW/FjXVh4st7338UcfIkpsFo0bN968E5z3nPWzGPLo7m/z06MioAgoAorA/kOA/Rv7iEgZw9n+aP/ldvCmrOPC7vrs7Oyvs8pn09t1zuHKgS2h+V5XtYvmHPeknl1Vuj0pk4btLAT2rk10Vu7dOB2ZGwUFBaKkpMTM3zi37yrXJlnCAnB3HFku79iERyZVQbGDEdJrmNkGONpzMzLyi5EYEYQwf2+Ei+rNEaKKUxEZiAA/byFXvFFF6ZJWKAySNK+//R42pmcgO3c7zjnzVFx/5aW4/+E/ixFXb5x54rFG5ead9z/EAJE44eTvr08/hymiLsRtj7+a/61ZSbn+ykvMJJiEi07auqpJdc98SAxQ+uPNN17Hv156Ab+4+FJEyCDyNSER+vcfgOt/c4MpOMNRgoJSIvyw3Tjbjr1HaQ1KOq1Zswa3/fZW3HHn3egtdnL44yW5YFs2w9MZqRNz5pKWspIsTNuWrekoBAzPucMT7zslOprKInmQqMnNzcVvrrsW9//+ASMxY7faZn4//fQjevbqZT6fffoJzjxrlkn35X/9EzNPPBEpKf3MC4fFYlr8MD7Lxnx4zXPmz+OqVasEq/7wHD/RpMN6cjDOsFZ6hX4WQ8bhh84SLuZCvxQBRUARUAT2CwJ81/KdXCFSwRRXZl9g3r/ir04ROLgQ6Ow221567d3rbqgdTGXtbthpeQ5mBBqkP2O/xv7Nzrea5kX7sWLtkiV7WoAG2U64tq5aJEY80SfEGy8tL0ZucSW8hAStEGmSALFlYhaz5Xe+raIGR/QKRbTYNKkTtRzp3Y2kCYmPGdOPxlFTJrk43sYJGSem02Tb4npR44mMjEC1TCQ//nwuLrvoPFHHmWiA25CWht/ddqsYox0hgwOgRw9ZUeFkTdJWd/giwIEif1xfffklHv7DQ/jyq3lISk42gJx08inYUVhoBpfeIhlSXl6GbVlZCBcJjJCQEDPQtJIYjJAl97hSFyi7LpEgWPzTTzjjzDMxbfp0QzxYUoQkAlfztmZmGjWZiIhIM2Ble2R6QUFBhlTg6h/ToTRKmWx5TJUevgRKd+5EXM+epv1u25ZlCIvo6JjmgW9jmyahMWXKFJxz7nlSpiAJLwSnOEpY3X7HXSZdsrBxcT1NfsxjtZAeU48+uokoITbFxcUoKipCjBh45guI8cvLy038nJwcU99rr7ve/EZr62pNWVkHqsORjIyJjTVlZb0ZN2vrVgTK/dDQ0CZ/UzD9UgQUAUVAEdjvCNRLv+fJgZA6RUARUAQUAUXgEEGAczr2b13p2iVL9rggMoHjH92o+Ag8O3MIKqqojEP5EZqOkT/yInLtKQxKXGggIkTipE48nXQGJ1x2RZ7+BIWr7GEy8aLjOcP89oZr8eEnszF/wfeI7xWHX19xmZmQUtWARA8noXtK+JgM9OuQQoDkHSfwH334AR57/K/oKxIVpaU7TR1JFFD6gu1k+bKleP4fz5mJf072Npx3/oU4YeZMQ4i89+47xn/TpgyUlZbiD398BHm5eXj1lX9h0ODB+P399xkShOneKVImoWFheObpp7B9e55pk1SRIUHRKz4e7/z3v7j3vvsRKO35u+8WYME33+Due+8TtZnPhIzJBMmJXr3iccGFF4FSICRXSiXP8ePH4/TTzzS/I/NDkhrwN1VZWWXq5yPSWnVCJpoXiZAyT/3tCZxyymkYMGCA+S3U1NbgP2/9GxkZ6XjxhecxeNBgXH7FVZgvKkTvv/suego5s6NoB667/gZERUXh8cf+jMSkJLz28sv402OPY61I0ZB0Of6EE/D0U38zxA6JmHXif8ZZZ5ny5m/fjqeeehK1NbWiRldlfsdTjpqKmSfMlJKqUwQUAUVAEegKBJxjqq7IT/NQBBQBRUARUAS6AoGu7t86lyxpRIiToiBfLwyNC22brJBAtTKhqzOqOC2h5WSPH6ez5Af9eM4V/GFDBmNg/35mosiV/gZJr6aRIGF8JUqcCB6+59yeuqaqGtlCgHCyXyeSEXRW7YXthFIVDz5wP2659f8wWSQ11qxZjTNOOxULZAttGlD9+IN38cnnXyI+IQGPPvJHfPbpp/jV1b8WQuUCQ9z94uJLjErMjb+5zlzTjsnGjan4+3PPm7R/deXlkvZvhTzZbq7Zum07Lq8op56KKdeXc+fi6Wf+bkgVEjeUHLnzrrtF8qNI1H1+i0FCcAwdNsxIn5g6CBG0Y0chXnrxBUNeFO3YgRNPOhkjRow0/pQCYT4kSmhT5exzzsW3Qs5c9aurTVqbN2/CHbfdgpdfeRODhwzBe++9a1SVbrzpZqxcsQLx8Ql4/6NPjMrR/HnzRPIk1uC2ReJNnDQZN99yK9auXYOzzjgdlNL5+eefTf0ffuRPSF2/HnfecRv+77Y7ZItwUYOS36z+JvnU1CkCioAicOARsGqStiTsEw82514Hlt/ZzzjPD7a6aXkVAUVAEVAEDjwC+4UsYbXIgVSJUVczKZRrJ/XRxAjJJK7pvBGL1oiSxltNB0ukcKceL+ncKR1AyQE62zHaY1MkPTlsETDEmbQTGj5lO2HbsO2MAy2qnWzZvBmRPXpgzNixRm1k4MBBOPW000BJEl8fX5x65iyxSdJHSINAY+B08eIfTTpUm+EAk/5UFQsSdRoaE+4R2QMhwSHYsmWLUfNh3rSRkieSJlZqyrZjEiIsE1VySLoMHDTIECrr161FrBg3fv21V015JQiKhDRxDmgpWeInaQ+SOP7+AUKilCNMbP6wXiy3qat98pIA68r4vr5+RhWI9Q4NjcDChd+ZT4Go1TCNqqpKUWPrgRnHHGuOxI0Gme0uVSzzqFGjTZ379k3BxIkTDaETJ+Wl5BfVjzIyMgw5RRUj8wxYAXWKgCKgCCgCBxQB+z7mIpNzrMQ+yPZLe1pA26/uabwOh+cCmlsfwh6FdXBtFtCcEhfNrGN/pE4RUAQUAUVAEdhbBPYbWcICsfO00yN7bK+gJFR8xK6Jl6yAd9TVSUdYoyvWHYXrsAzHwR8JtbFjx2H+vK+N5AhJAxIKJA7YTnm09kbsoI/3TQuWxkuygB9XvDoTnunaD22FUHKC5F2ttEnuQOPn74fPZ3+GILEl8uBDD4vx4TDUVLuMtpJsoCqZv5AtZhttKQPbP8tB9TFXusC0aTMwavRoQ2CcL2pBXvL74ICWqkV0DBci6jzTZxxjyA+WmfFZVuZBx98e60TnqrPLPpCr7p4YOnSYMf7K+rNMHHwyvofkYaS1pD7MRzxMGvxielQPYhzaEbLlptpO0Y4ifPrJx4ZIue2OOw05pCpxTdDpiSKgCCgCBwwBvsvZN/DdvWDBAqwXCUC+nwcNHIjRRx5p+kpX/8Meqbnv4Dn9bf/ovEd/qx5t+xob1hnPeW7uuxJx9S88F2fj85xh2Lewr3nyySdx0UUXoY8sWjAv+vM456OPjM0tbkjAuPSbNm2akXKMFJXso+X8qb/9DUdNnYoxY8YYqUybhz0yLzrmR+fubzz1SxFQBBQBReCwHCSq/wAAQABJREFURKDbyFyyk/Lx8sRW2UHnnXk/4c1P5uONj1v/8N7rH83DO1//iMzCYun4ZVJ3WD4+rXRHEDCDMhlE0RDryy//y9jroOQDVW8WfPuNsb9BCQ4aKv1WrhmeajSffPyx2DdJMQM1kgZ2AEUbOhxc0pF8MKQKiQT50DirpwxEaTQ2dUMqYsXwaWJykoSvMfdoHPYz2dI3M3MLCgoKzGDVW2yNSKaGdKgj6SLnlFIZP2GCGKWda/INCgrG6jWrsFMMv3p5ekl7b2zxcqAhVn5ovJW2TThYJK1BI8isC0NysMk8WAfaGdkh6jrcSYf125C6Hhnp6cZwLf1TN2wwA9HKygoTn3H4R3zqG9XmSKbQGUwkM+bv5eWNvLxcsbmSbSRiOKillAqx4sBWnSKgCCgCisCBQ4D9AYkS9lMP/P73uPyyy0w/yD7s9ttvF3XOF807neHYL3GRgY7XfNdbAp7+JNYZj+dbxaD3Y4891ih96FqAsGEZn+e2D7D+lLBkX8k06Md0eGRedDwyDqU36d5/7z3Tx9HPloeEzxmnn45ly5aZMFxIqG4k8ZeL36ZNm4z/7NmzQalJG5dlZ36sk82PAelnJT9NRP1SBBQBRUAROOwR2K+SJXuCLvtHbgu8PH0rnlm0HrOG9Ia32JpwdWSc+jU7+vlK2DlrtqBINv/4xdSRZnLYHELPFIFmBDggIoGQkNAbs7+Yi1fEaOr9992DYNnthoMj2vEgqXH7nXfhnzJYJEFRurMUr772uhg97YUNG9aLik6UIQyYKtVbQkJcxoatWosdvMXGxpkBX6mQBANlpY6DuYy0dMnzXzj2uONw7rnn43f33Iu77rgDI0eNEkOwoWbXHQ4YAwL8ESCqNNLoTbzTzzjTbG185+23wdfPV4yuRotB1iuFoWiuGweXvcRALSVa7EDQDgBp6NhbCAxec2cdlpEDT9b3kT/+wUijXP3ra/D7Bx7CCy/8AwxPmyc0bEsSJTo62kiy2NyoTuMr9lvoeogBWA44+bulI04sFkmZYcOHo0oGrevFUO3f//4MLr30Mhx3/AmN0iqOwpuY+qUIKAKKgCLQVQiwz/jPW29hrtjHmjd/vtilijdZn3vuuYaMZz/CMLny/qaqM+/zXU+Chf0UJQ83CwlBlVOS/+xXqG66SdQuy4Q0Z5/IfoBh2WfQkaD3ljT9ZRGA59wljTvLBcp1lPQzXLjIy8sz/TB3oSMZz76ZiwOZsrBBP5aDZXM69m2UGLlQJE6OFAlMLjRQJYdqODfedJPp71gOqpRyfEnHdLn7W6EsaNCoORcm2E+zHiRX2MfRNhcd/dQpAoqAIqAIHN4IeAgT3y16A9dkMQD//XIRCmvqcdUJE6Wnkp095PlwVbu5kFR9gOl431m4HKk5hfjNSRPhIx1kc5jD+6F219pzoMOBEgc4HPxwQLZZbGakyZbPHMA4ByYMwwFTikzak5KSUCGDsA1pGQgPD0NSn94mLMM4HePTj9vZbstx2QZxpslzrhpRbaS0rLRpMMe8mRcHhNViCJY72nBAGCAfkiwcSLF9Mi7Tp6QEr0ma0HAqHY2n1kt7rZF0OIh88onHZeDXE5dceqkJ/+9/vymkSZohZJheiQzWfIW4YD5cDWPaVlrFpkV8mB8xY35U47H580hHf8ZjHdwdy25IFEmH5fLmSp48A+LArYk5qKUf82MZiImxuyJb/jIuMfERTGiclY7qRTxnuUzacrTpsQysw9133SG75cw0xl45YH5WdgQKFWLpUlnBZB623O5l1WtFQBFQBBSB1hHgmMdLdhAc0C9lF8LAPYbtB0kGkCBw9q18X/O9frQQDH/4wx9w0kknYadII/K9zP6P73ZKJz7z9NNYsmSJkX6cNGkS7rv/fqxcuRJPPPEE+vfvj7SNG7FKrp997jlDst94ww3m/U4S5K677zYEB/v134pRcpbn4YcfxhDZNe40kQK59pprjF2uO0SS5auvvzaECqVcmC6JkdtlIWGMqAP9tHix9Cd3GbUblm3RDz/gjddfxwBZhGDfQj/2KSccfzyeEBWdiSKJWWH6GEo8euKhBx80CxJnyU5tlD655tprZVe2E/CuSKi88cYb6C2qspQ2uefee2UhJQF/+ctfDOFDKUnugnfhhReavlX7LPcWpteKgCKgCBwYBPg+Zh9GSXdL1u/uHW37RJLknKuwn9qT+SdJ+24jWWJhZ6VqZTL75vwlmLMsFR4ySKiRCaGf2GqwU2OzlbCEW7Q1H9dOGSadscS2NxsTopcByCbMa/kwWEeAZTQbjhNSOg401B28CPB5cpLPI1e8eOSz5cDL3qNNEBpipT9/kPTnoIyO7Ykf5zUJAnuPYf2EgGCYk046BS+++LwMKlPZkCSOlxAGl5t7TDtcpDgYjsSJHcy6p8V7TJM/bDpeMw79rKNKjre/Sxza+tmjJVAYx89PbLSQfJRzOmsEltfVNSRSvJtePLbe/o1xbHo0UkvHODQQy18Uz1ke5sWXD7c7fu3VV8x2y5Qu6RHVA6eIoVxuJaxOEVAEFAFF4MAgwHc1xzBUtaSjtKHdPZD+tn9hOG5Tf/PNN5v7o0UCctbZZ4vUo7/slPYGvlu4EON+9zu8+eabuPWWW4x0yjVCgLz99tt4UmyDUEKRO6kZcl36BqZHUoODVPYRX331FZKTk1EgZA4HryQ7nn7mGRwnkpefyi5zjz76qPSdL+JeITHOv+ACkUy8RHanWysqst+avtTZ/0nixmbXSy+9BO4kVyTpsbzniJQM1VK5SMDeknlzcWCzSMDMEvJksezaNkrCvSwSn6++8orY7DoL90l+OaKaykUJSrnY/teApV+KgCKgCCgChy0C3Y4ssU8ipWcP6eDqEOLvi/Agf2wvKTe7jJAoIXHSNzYSny/dANHC4Vx0F+ctdky8ZcWczk7oeM5Ok58WHS5vNDqGZYfOiSsnjXRcbafjpFrdwY2Afe4cCNHx2vrxyOdv24f1p5/TOa+d5wxj4gsx0E9Wye7//YNGyoVtyYgBS7uyadujjeM88pzO5s+w9tr6GQ/5okUSYyDWejiOzrKRKHE6Z/5t1ds9jjO9Brf0TL2lnCNHjsKAAQPNih1Frsn8ciDuzM9ZDj1XBBQBRUAR6BoE+J4maUAigeMbvpvpZ9/tJPIp9Tn16KlYvPhn5Al5wHc4w3PXtWOOOUa2pR9h4nEHtL+JRAdX3ajSyn4kSKQSqW4jF2YcZdOmaoztZ6jyyp3maHx11apVZgFj8U8/YYkQGJRqobQlpVJoe+R4IVIkMSNdQqPpLF8LJ+mSlKFx2iFDh5r4VEulo1QNJSHZe7O/Zz+cnp5u7lEFae6cOcZuFyVJokSt9OKLL8b1111nVHqmT59u6qiEiYFLvxQBRUAROKwR6J5kiZAfOTt2YmHqVkzuH4+UXtF4b8kG0Z+tgo8Iw/SKCsHpE4cjS4y7rhM1HKdj50yyo1B25Ni0aYsYEJMtY6WT5GStRiaxfXrHI1o6Rl7bgQLj246cUgNcnUjdmI4hgwaYuPO//c6oW0w76igjIWAHADZfxlV3cCHQ3jNr716HainNgRIsbHcU9WV7qRPiz0kY7EkeexK2Q+WTQK2l2ZpfR9Oz4VhvDsb7JCa6iCP5nTnrbcPpURFQBBQBRaDjCOzrKIPvd07+Kak4duxYzJs3DxNEgoTva/ZRdjyUnZ0tNr3uQ/8BA3DEEUcYSQtbSjv2YVrc/Y0LSBxvUSSaYydnH0KSgvfobyUumQ7tZlnSg2qiSUlJRl2VYelIzpDUMFIhkg/TZNnaqj+lVqbPmGFsljBPpt20GGJSdEkFMz7TOvXUU/HLX/6yiUBh/Wk75SlRPVr0/fdiv+sFLFq0CPcJBs76NCalB0VAEVAEFIHDDIHuSZZIjxcXEYLxKb0QGx6ChB6huO2UyUayJH1HJuKCxViX9HzF5ZWubYPdHho73e35BXj340/NKsf873/ExCNHSagGXHjuLPQS8VN20hRB5YSW4a0ObImsktz30KMYNmQQ+vfri6eee1E6ag9MnjDOHJkVBwwcAPDDVY0699UOt/Lo5YFBwA7sDkzurkFbldhAkfFZk2OZDnXHgao7QXI41PtQf65aP0VAETgwCLDXEIXHfc6cRALJARo/HT9uHMJF5eR4seNBv3liP4RSIjTenS7GWv8u9khoL2sTd5QhmSLjpG+FYCGRMUCIlHfffVckCUeaNFi+HDEIS3th4eHhxjj4U089hSuuuMJIpfz73/82NkTYD1BKhTVhHNopYV/x448/GhKDNkt4PmzYMFHHrsPXUqZZs2YZ1Z3PP/8cjz3+uMRq6UiWME2Gp5QIiRWqhTJd1pd5sU9iOEqffC1qQNwumZIxG1NTTdyeIo3Csp8gWFAa5WGx58I4HONp39USb71SBBQBReBwQ6B7kiXyFLILS7AiPUtERWsweUgyIoMDsHTbKizM+wpXxv9COjEfDIrvhT5RspIt5zV1zaoKXN3u1zcZD91zp3SeFdi0+f/wm19fibjYGOkQC0RntwjbZPWkvxhLo45qbt52pEj4MFlx+XHxEkPAXHTeOdgiHff3Py3BC3/7i+jhhhvjYdTbpbX07dsLkCVpJIrkQEhIsHao3eqXIyLAMuAhCaYDnW71YLQwioAioAgoAnuAgCUWZM1G3L6R7SQSuDBEkoMGUx8X8oGkB42Sh8iHdkpos6u37Bx3/fXXG8Onxx57nCFK2Jf2SU422wvnbd9ujH/TOCoXi0hu9Jat4s884ww8IjZHpooBWRpcvVBsjkyePNnYJSHxQEepQxoWJ5lB2120c0Jy4j0xvFosu+KcLsZYJwiR8cdHHsH999+PTz75BGPGjMFVV11l4jv7dEKSKOmRHLESKKwjHcdzNKJOxLjrDYmTOFEBev/DD/EnKSNVb0jw3HjjjbIrXRgekfxIHtEw7oMPPWQIJGu/yySoX4qAIqAIKAKHJQLdbject+cuQn51Lcb06431mbmIFQmTowb3xYaCVNz19Z+QEBiNY/seDT9P2T1F/urlb2SvYUgI64W6BjGIadYRuBDiUsfhdne/vvH/8KeH7hMd2XBcd8vtphNMSU7CyOFD8alsJesv27VyL51bb7gOTz77DyxfvRZTJ40XIiUP60Ud56iJ46RTzTOSKH95+PdYvGQpnvrHP3HkyOGyWlGF64WIoRgnO2N1bSPAQUxX7IbDwQ51pzmAcg6s2i6Z3lEEFAFFQBFQBLofAjKUEeLfU3amKRQVmhAjDdteKdnnkThobTccG49hqA5DMoDSJAxPWyWUtKVEBSU0uJ0vCQX22yQ6lsruOPfccw/e+s9/DNFh+1guTvE+x1qU3iDpQjKE/jTgSoOpXLhgXkyfR4ZnuiwH+2kSOAxLCReGZ1zGocQIzymtwjCWELH14JH+TNeSJPYe4zE8d3SrkjyZHj8My7LuFKmZQBkn0Ng7y8F0aPyW1/yQzFGnCCgCioAi0H0Q4DudfchhvxuO9FqyUtGAPDHouiYrH7VyTUNd5XXlyK3ajgBPb6zOXydbBcs2d3JeXlOO5B6J6C0ACt+xi3N58ds1gMgRKZIH774dR44aYeyajB97pHTGtbjs2puMrZKTZx6HktIy3HTdr7Fm3Xo8/vRzIpVyldgwScOTf3/BdLJ/f+kV3HjNlRg/dowMKGQLWOl8lSjZBfoD5yFtgQMn/qj4UacIKAKKgCKgCBzMCHi4REs6pQrsF0kOsJ8kEUFHkoR+dJSgDYqPN34c2xgyQogGGirnOe2ekIywhASJBZIvNIbP8LwmMREdHW3SsKQIjyRE7HjJDnxtWPqzDPRn2kyPBl+ZnpVMYRpOxzD0c/cnCUNn87RhLGkTHRNjysFrOqYfFxdn/Gy9zA39UgQUAUVAETisEehGajic1NbLlqaheOKLxZgpZElIgC+2iTrO/f+ejanDknHvpJvwzdYf8Otxlwn1UY8l2SsxIeFIhPtJx10vqwiNUiV8onaSzFRd565tYhN6xoqebAo9QfskH4hdkypR9aGUSjVXIuSPAwjXx3VuVyQ4GOAKha9sszpwQH/DbIWFhUpHXiMdbMsOnGVQd+AQ0Kdx4LDXnBUBRUARUAQ6BwFO8s0Yxo0k2NfUmSbTthIUvHaNlWQkJrud1dWIvY9GP0qMDB482Ngx4XiIBIO9x3Lw3KZl/XntJB14TWeJEnMhXzYuw9Lx2h5pRJaxbBhzw+3LPT172+bHa2cYm5arbM35NZVXwtsy2LT0qAgoAoqAInD4IuBS7uwG9WfnVCsSHiNSEnDnsaORHBOGxMgQJIlx1wFxkYgVEdEZKVNw1oAT4U3xTfn7MXsp/rf6QxRXlYjBV7FPYbrVXStDEsS6ClGb4c4k7Cjv/P3DGCw73lx9+aXmNjtLflyDB6FjhACh1An92NlWyICBqyLs8xf/vJQ9KtLSM4wqjnauFuHucVR5ku7xHLQUioAioAgoAp2AQCOJ0AkptUiCY5ddxy+7+lHyglIcrYd3Jemejvt1i4zdLlpNt9WyuUXcy0tX2VqOFIzffsJ5L4up0RQBRUARUAQOMALdRrKE/RPVb3qIIddTxg5xdN7CTAgR8t2mRbh99jMI9PBFZR3FND2xrSQbDxT9C4N7DMDkpHGGBHEIlzRB20OMiHk2doA9xG4JT728vXDctKMw75vvsDF9ExITehmjoN7iHyZ6wSREvGUFJTI8zKTDgUJIcJARNb3x2qvw2FPPYc7X841+7nW/ukJIFJfkyp4MDpoKqCeKgCKgCCgCioAioAh0UwTsYlI3LZ4WSxFQBBQBRUAR2C8IdBsDr87asVO2jmckOnJ25iGrOFskPOrkWrb6FcLks41fIac8D3dPvRn9IpPMjjitkRVWR5X37DnVbOi2b88XI1+BRke3XvLlOgN1d6mXS2kSSplQ99Wc019IE94rFwNhpTtLRd83zOi6OsU8TcL6tQsCxLxLDLyKkTYameNzUqcIKAKKgCKgCBysCHA8xLFLYQf7tabwYuic2/12haFzM2JzjNsOVqy13IqAIqAIHBYISJ/SUq7u4Ki1ncdTRTNSdm6z/V17pbdhaEScc3ra3KI66ebNm5GWlrZLH2nzSElJQVJSkjGC3m0kS5wVZUGts2fc7SYxsjetdYlYiAc25WcieFswfjP8NCRH9EGtkCjOeDY+j06DYvac4NHFxcUaIqRBiBFLoBBE3ue1v7+f3G88F38SKlTh8ffzlR1wXMbLlCgxUOqXIqAIKAKKgCKgCHQTBGh83pAlMr4xIrWdVS4ZB3EExTGXpxiepaQvnR2vmQv9UgQUAUWgOyMgL6yDkzLYN1DN21te4Jy7Ns1fHfPufUt9P8aWfseDgg5yrBSypCtdtyRLWgOABlyr61xWyz1qPBAVGIGbxl0Ff29/bnTTrmtqDBLKec5ILiNfjV28PAB35zTcSqKEjgME+tfVubamc4+j14qAIqAIKAKKgCKgCBwwBGScQulKqhPLMlqLYtjFIqdnW4tNzjC7nMuQqLyyAmWy1XCDjIlqZQDrmnzsOpbaJa56KAKKgCJwoBCQ9yOlDPjZq3ffgSp3J+RrNSTCZYMSu2tYJyTbZUk0SL9W2bhzW1dl2u3IEnbirXXkTkDqhR3xlm2DyQnWCTPGLfX2dkVjX34k+xLXWR89VwQUAUVAEVAEFAFFoDMRcKcsOLbiuKWtsQvDtzeWsvFZxsIdRYYk8RM1ZW417OMraq+7S6AzK6dpKQKKgCKwDwh0ZL65D8l3z6jyjuaurtz4ZHPmVjOHTujVE8FBQWbu3Vbf0J0q496vdUXZuhVZQgB8xMCql/ee2JqoR011rVGP6QrANI9DEIH2CDqK6TWKGB+CNdcqKQKKgCKgCByiCLgTHxwI7xRba5szM5FfUGhWVUl2xMbGoE9CvFFZbg8KxucEY1t2jjF2Hy+DbGs8v714ek8RUAQUAUWgeyAQGBhgChIbHYUiseORtS0bvXrGGVuPTkK8e5R211K492u7huh8n25DlvABkSjZWlCMxWsyUFVWhgbpmNtXsWlATFw0Rg/og1CxLVLHVZPOx0hTPKQREIqunZW2Q7rqWjlFQBFQBBSBQx8BrkTJ4Chj8xZ8+/0PqK6qRlxstKjoeKNkZyE2pGUgIjwUR02agOioqHZXGLNz8oyBPO4OSHcwDK5NQfVLEVAEFIFujgBNPHDq6y7hwfcsnbv/3lbHlZ4HwsPCzCctY5OYpahFpOwY29F3+hdffIGE+HgMGTp0t8WwaWZu3YpVq1dj2tSpZit6688E7HmFbKAy75tvMEzS7Z2Q0OS/20z2Y4BuRZZQomTxmnQ8tmA1fjm6n7EL0lbd2Zgqquvx6Iff458XBWFM/96orVYbIm3hpf6tIMCXjzSkqpIcFKQvQU1FpRlQNodsQHBUAiL7jhFVr5Y6381h9EwRUAQUAUVAEejGCBiiZDO++/4nJIoEydDBgxDVI9IUmLv/5eUXYMmyFfhm4SJMmzwJPeSeHbg6a7UtJwchIcGyAtksst1Zg3dnPnquCCgCisDhhgDfuTSY3Zqz79nW3suthd+dn3t6KclJ2LAxTQgMf6NWubv4vN+jRw98MecLI9MwtAOECeOEhoTILrTbMWfuXBx37LFNhAnvsUwkSr6Qe9y5hmG7i+s2ZIkFpKqsHJeO6odfnXyUy1iYgEdixEWquZg1zmjpVysM3LJN2bKNbxX3F7ZJ6FER6BAC9qVDoqRg9auI6H+6GKmjgTpaXBYDQju3IW/bXPjJwDA4bliH0tRAioAioAgoAopAd0CAfRwdVW8WfP+jUbWZOnmiGZTSn/e5+19PUcOZMXUKPp79BX5evgLTj5psjMMyjHXl5RXSN3oeNKLattx6VAQUAUWgOyPAtzRnsCQLNm3ajGhRjwkSGyJ09l6qEBn+fn7o3TvB5S/vbifhYTzli372vd+an43jfo/+VMXJEcnB5KQ+rZLlNo49jho1ymya8tVXXxqv9ggTW64wkWQ5aeZMfPzJJ/h6/nzMmDatSf2zsrLS+BXKtvennnwyGNbO02yeB+rY7cgSedLG/sh/v1uGdxetQYB05NwiyM/Ls6kR1NKoqyBGXdlX1m3Fr04YJ9vcWCLFBSWvDMgOZG2jo7/dJthxW08PUwQoUUKiJGHcBbsgsH31x0j97A74h1PMTIwPS9sLjR+K2BFnwCcgwvi5XnOOqLahOb3ET5prt3dmbC3lPAiK2u2x1AIqAoqAInAgEbCD5k1bMmX3vnoMHzrYjKO4sx/HT3bgzHBcUTxi2FAjXZK3PR+0R2LjM1ypqEaHhblW+my8A1k3zVsRUAQUgUMBATve/u877+Lcs8/BuvXrMHBAf0NEuCRNPPDu+x8gsXdvnH/eOXjnvfdx7DEzEBYa2hhGttNtdHxnt/Z+tn6t3ec9+tPIK9/9NABLW1bW8R4/7o7xLGEyhxImMj8aNny4e7Cma1uGKFH1PPHEE/HRxx8bcmS6ECZ0JE+2bduGU085BQxDZ+OYiwP41f3IEj4P+aTEReG4I1IQ7O+LHsEBKCitEEmTeniJBElooGwXLGoRDJpdXAqjIMG9lx3OW8gV70ZDsc7GUVdXKysp3qiWxtDaw3ckoaeHCwLypqJESaU0qC9Wb8Wc9TkYGBOC44f0RlDsBCTP6IX62hqDRkNdFbJ+fA4hCWMQlhBh2tAuP2b75mvEj+8YeaccUMffCl1rxaitc9319nJJbDEcfVoLy3vqFAFFQBFQBA4eBApkpY42SSIjSPC7Fpqcpbd9WJ/e8eLdgKKSEhdZ0hi2XgbBNbJ7gr+fjL3UKQKKgCKgCHQKAnZ++r933xOy4BtccvkVQmzXmbT5Xrbzh8suudjsOFYm2hcffzpbVCkHi7pMgGz96yOSgzuRvmkTkhMTjT2pEnl/U2IwX9QrqVJJKZU1a9chPr6XsU9i82ytAiRMiotLECPSLTYcy2H7CPc43t7eGD9+PIKDg7Fw4ULZoMUbg6Vs7TmmGxsTg1NOOgmffPopvvn2WxM8KyvL+PGezbu9dLryXvcjS1h7maVlF5Xgx7QsDEmIxoi+8fgxfRUWpWahurYeYwb3RWBktMEpr84HW4oq0Le0CsFkTTwoNeJltrXbtGmLcCqeRpyUe2nX1dahp4gZZcp2ScOHDTH7S9sHwqPTuRqpy8/ZSGw4px/j2XScaej5QYSAvAw+XbcdX6RvxzppT7Xyoln69Rr0CQvErTNGu9pWY3VyV7yP+hpR/XI4u1K3cE0BvlxViN+d29+QDdY/q6ASj3+Ugbtm9UOPEB9jj4eMsW03bH48t35kV0hW0NiT9bNtzqbJ8BSoIoFo/CSG8L8Sy0V62HCrtuzEE59uhq+3pwknu8rjtycn4oG3N+Kes/sic1spMqV8V5yYjPTccoQGeCMq1FfKw2GzawXSpsUqM186lsf6u/yayRYTQL8UAUVAEVAEDjgCHP/4Nq4U8l1t+xL3gnELYC9ZeKqT8MbxXS/v+VoZvHNQ7FrldI+l14qAIqAIKAJ7g4B9Fx81ZbIQBSfinvsfRH0jWeIaarve1x9/+hliYqKNasqixUvw4r9ewWWXXixESCAe+dNjmDB+HN7899u447ZbsWTJEjz2t2cwZcIEZGVnC4nSB9uFOEkXI65/++uf0TMurmnuYctsyxEYEIAdYi+Ejn60IZK2caORNpFLTgpaOF4yHAkeCiO89NKLuPLKqzBo0KAW4ZwXDM9+KE7KccIJJ+Cxx/9qkv3tLTcbv/b6KGc6XXnePckSQb+nrIKMSe6J2PAQ+MskLyYyAnmhdYj19UZmhSfG+HigsqYOo1KS8eGWUiwqWIf7jxkIX5k4klFjw3j340/F2rsX5ouu7oQjRxrL7yceNx3/eu3feOyPD4qhshCzWsKH7C078bBhMi5XUTi48BP9MDorhULVHQ44+CCrqqqMYZpvv1so4fwxbsxoUN/KNriufIia174hQJmksuo6fJO2Hccn9kBKaADmZuRjS2k1yho88ENmIY6J9UVd0Q54RQnj6SNbW0s7cTrzUpMXSWFRJe69ZQOOHhyBqcOFmTVshgde/DQDj7+ThZtPS5ZoPk2DTtte+BJqPucbyeXs4NTeo6/dqpF+IgxiXJOfoVhIaIi3eYsJ8VhYgZfWlODbawY1hY8N88X5Y6MQFxmA1esKUFrqkpz5+5xMXDC5pyFLTJka07PpM7O2ysJ7zJfx1CkCioAioAh0DwQoUl0kq4W1smDEsU5brrS0zIx/fNjH0TW+zCleTWKcrjsOZE3B9EsRUAQUgYMQAb5TrTRFWXl503vXWRVK9pHEPkoMcA8fMgi33XqTkCcxuO6Gm5EoZMgJxx9npEc++eRTMd7dA8cePRW33Hwjfv/gH8Ctgh99+EHccfc9WPzzErEHclKb73EKGFjJFuZPsmTRokXYIfMfDw+ZLTX2A86ysfzePt7Iy83Fxo1poIRIe2QJ43IewXn2ps2b0adPH5PcZjmPi401xLwz/e5w3j3JEplsZRcWY3n6NvTrFYXkuEis25qPcDG6eeG4FPQM8sWR8eEuA6+9I5FbXoU3F6YbyRFPGRRUy644/fom46F77gSNkm3a/H/4zdVXoo8YxikqKgaZs3JpANvW5Ihhs1hEyFZJFFciEUJxVd6PFYNna9dtkGfUgH79UsSsGUwDWrNuvSFg+iYnGaJl0U8/o7dsnUTr8pzYOieS3eEBaxk6hgDt4PBZ8zlHBPph5oBY9A31w7J16SjblIaqdZtR/p9nEHj57fApkV1ziooA+X3b5+3kB4ZdHIVnZmdiVP9whPh7Y2VGMe5fugMTRoUKWSEGnHLL8NpXW7GluAZXi4rPmAGRePf7bGlg9ViQWozkHn64cmayGZz+75ut+HbjTkxJCcEvju1jpEjoN2dtMcYkBCA+0h/Tx8RhfUYR3vo+FxEBXrhEwvUSf2vGh0THzMRATBns2v3AIkJzfVRX43g4UOJtyCrFW0sL4S0kZG11nJQ/Av/5KhOLN5divOR/wbTeWJpWhK3bK7BWpFWG9Q1DfIQfXp6/DbGhPrj0mN7oGeGvhIkFWI+KgCKgCHQDBDgQX70+Fbl5eU22SGzfxeJZAoRbC3McZNV1bL9mBsmN9XDG6wZV0yIoAoqAInBQI+B8p3KBv/naRVCzclyst/6U/uN7mm6nENy0ZbJatuM9Wgxzjxo1Et/JIj7nsHSJfXobwQCeJwkp0SQ1SI9WHIUFfESKkI79QmRkJK686qpWQrb0ysvLxaeiUjN5yhRMmjSp5c1WrkiUfC8kzPKVK3HWGWeYEB9/+okh6yeKRAwlGbuT616lITLSO4smDRKiwjF2QG9EhwUjIshfJn9hqPCsRZ8QP7y2IkvmlfUorarFnPR8nDWkJ2ICfMyDNUlIGnzI/HAC7DyyseUX7sA//vmKIVXyZAujZ/76J/y8dBleePVNREf1wMXnnY3P5szFtuwcs4VSzNLlOP+cs/DMP15EqZAv61PTcNlF5xpRpo/nfI1hA/sZiZRTTzqB2as7yBBgKwkP8EVgmQcyiysQGeyHijpveJcJcbHofxgRWIvaXr3hM+FE1Cz5HuFbNsOzchEaEkfCI0x0wE07c1W6tKIWN06NETWyakM0XHlSMv7wTjr+c0YfzF5RaOzupG4rE+IiwpBrV7y4HgsfGo9Xv8tFtK8HrjklCZc+vxb9ogMwYlCkIQRvPyMZZz29CgMTgmSXHk/cNycbX9xyBB5+bS0ycsqRnBCC0U+vw7fXDkZuQQVueXkd3rx5ZNMGUVTTmb2lHK/NzhCCrx594oMxdWQszv8gE2uTwuTF6GlstgTKb2irgBEbJWRhVCCe/TAdi9JK8NDFg3D3GxsQHeIrLzAPnPbIGrx10wAjfXLyU6vx/vVDzW/M2j45yB6/FlcRUAQUgUMSATu45kJRtKw2Ll+52hAhNObqdAzHhaIVq9eYhSaOg+hsfEqj1AuZb9VCnXH1XBFQBBQBRWDfEaipqTXqLpQioeP71zV/dS3Wk8igo7HtIlGVCQ8PB3euCQ0NMQZfd5aWGtshDFNVVc2D0YygwVY6akRYCUHj4fhiPsyPAgaUEtkTlyNbyn/88UdC0MThWNkO2F9sqbTnKLny408/YcWqVThZDL1SMobuJDn/dPZsM58eP26cObaXTlfe40J6t3J8YNInI7ekDGuytosthRKUi+ho3s5y7JQV7yE9wzA9MQKPLMzAs0sycY4QJSk9xCCN3LMdu7NCnAjTNc9nXTYgrrjkQjx0713SMGuwIXWjmbjGxUThuSf+LIydD/76/Ks4dvo0TJowDn9+7p/IlsZw2SUX4a7f3oSrLr0Qb73zAfr374cZUybg1BNPwDlnybazzZm4MtXvgwIBtpvC8mrslHY3RAy7njtSjCSJdMnstVkY4VuH6F6J8OgRB6+ERHgl9kNQylh4CpvbIPp57o5NwENEOq4+ORmv/5iPl+eI3RwJdOrEXtKmXS/A40bFiJElP2wvqUao3Nwh6j6Rwd74xfR4jBZpjbuPEUmRraXoJVIaJ4/riS0iyTEgxBslouITLPZExkQJaSGEYJ2QIKdPkK2+snciQYiW1Myd2JxXjqqd1agUItH990DJJ+FaGndBAKZH+AhRIgmJqxFbQAmRfjg2zh/HjYhCYg9/vLi4AAmirrNwVT78GuqRI+o8FUK2XDUzFueJlMkYkTyZ1jsQL32xBXy19haShao/Aqc6RUARUAQUgQOMgO0D/P39RHx7PCpEVZjbA6elbxK1YZfdLQ6Ol61Yhc+/nIfMrGyjfuzcLZDjGl5zAE1VY3WKgCKgCCgCnYOAnTeu35CKex940Bhrfea5f2CeGHvl+9vep8aDlbY45cSZuOqaG4xKzY2/uc4YfL3tzt/hmt/chIyMDEOY8J1PFyDxaIuKLjg4qMUuN8bT7YtaF+Gyyw6d7T/cgphLW65cUb358MMPxNZIzyaipL2pMMman5csNZ8Tjz9eyJ4kU0emx3P6LZH7/LRF7LRWnv3tt2f00X4tjYek3oCwiDA8/dVynFZZLSoMfsgr2ol3v1mG3KIq+AZGUPDEqDLQ8CQfJCd/nJzR3+nsQ6Y/zxmGjg+EDSZCGDkvUUFITuxt1GkoEjRx7JEmbG5uHiaPHo6yslIzoHjigbsQFEhrwusxf8FCM+Bgw6UeLwcRVmTJlYN+H2wIUE1lzmpRtUkehwGxYSgoq8Znqzfjquos9E8WoiQmHvVZm9FQ5IeG6kp49xsCbN2Eqh++QcDMs1wNsPHtwB1lSqvqECMGUi8Y2wOX/WYVln02GQE+bKhsf8Cj/1kvRoe9MCwpFJ70F+cjREal2E2ho4RGuBiBXbxhB/720SZcfVIfRAf7GP/kXsFYu6MG//h8M04eG4sJQ6Pw1txN+OXQUFx2HEXs6nDj6SnNRl+lblwNnCmkxkXHJ5n0TR7iJ1kax/qz3HTFVWzTrvNAKdtp42NxlNheOe+oXvCVMn/wXRYiA1067wz2+q2j8P3aAswSCZlnZyVippA7uvpooNQvRUARUAS6BQIc98TIVoxHT5mEJctWyPbAPxhjfBwDcUBKNZtB/VMwUBaAVsuuCdRxHyxbVzpdqOx2sEPUT3mP6dkxljOMnisCioAioAh0HAH7HqVph9/dcVvThiSWGKEdTboLLzjPHPn1qysvx/nnnmPexbQv9fenn0ShSAZy1xt/IUb6iFqOdRec3xzvkksubporuxPiLAd32qH0irXXadNo7cjw27fn4YMP3je77MyYcYwhZtrqG6x/ZmamkSqZecLx6Nu3r0naYsAL+p0g9z7/Yg5iRJUoUVSHbNzWytFVft2GLCFYtSJ6NHpQMu4SXaXinWWmM5Y5HfxETaC0vgyZspC/QAxvfrmpELeOTzJqOG+vzsb05Cj4+nlzUbtVVy3pcpJqHcWTaN2dD6BSxJLoeG5FlXqLyCrVbcaNHSMkSaDsrLMDWduycd8jj+Otfz5rbJm88MrrRiWC4kQUiSLZou4gRSBItrzaXovTJ4aIqkkA3l+diZqM7xC/5P/gceqTQEi4GHXNRtAFV6L0n3IdGIwGed6Vbz8L/2NOhYfoDrL9kA0pq6zDzgoX6XHu0Qno/1YwRiSHGWPEG3fWyv1avLlkBx45J1lCN+Cb7Cpw595NYr+kSqQ76ErLZecmGcSuTC8WgkKMG0cE4OvMcswcGo6dcm9xbiUmJQcjVWyMLE0txCRRqblzznIMnZcJPwmfIxIsV89MMmnxi+nOzq1CtWREQRL5qZnfypcFNUbNp1ykUAobDbz2D/PBkx9m4ObTk2QXoJ744webwNr8nFqEk4ScYdyMQpdIX15xFT4SWytjRF1obIyf/B7kpjpFQBFQBBSBboUAx1fso6JkG8npU6cgV9SPi2V7Seqvc7BNGyVUveEAmmTIwkU/mU5i8EDZ1a0xLlV3iks85bMTYSL2zfScg9xuVWEtjCKgCCgCBxECfA9bw9qtkRWWPGGV+N4NC3NJf9j3cA9Rs6TjtTOs87y1hX0bn3G5c06vnj152qH3+3cLvpMdZntid0QJ07N9RQ+xgTLrrDONGQv6t+b69+tnpGNChKCns3FbC9tVft2ILKF9ywaZrAbilLFDWoIjDWPazgo8/X0a3liZhUtHJODovlEmfJ00jBeXbcVMIUz8/cRuCdkVN9dDBgJ2tVwSloFBmFFFYLAw2RGHzB0bKYkRuiGDBuLk44/BTbf9DsGyLVOSGMg5+8zTMGbEULzyxlsmTG/Zr5or8tNkpeaRJ541hMqF555t7unXQYKAPD+6ioiB8E6pxxGigsPtdb+S7YPPEJHlmFGvo37DBnhGx4riXyVKX3oSHtTlqxAir74WgVfcYYgSpmHb18QhkSIh4iI9IoJ9MWOky8gSDak+fVYiekcH4o1fD8bcJXnoK7ZD5t8wWOyleOGuE+LRJ8bV/qaOjDarfX16hRiW94fV+Xjq3GQMSwzBgmW5+OOMWFx1UhIWrMjH6EdWoe6Fo/D1LcPx+Y85LAomD5VBr1TN/hSGiE2T2eclGumVxiqDXDX9KAEzelAP9E90kX0PnZOCT77fhqKdNTj3qHhEiXrQajHqGicGXBNEzcZPJFBuEMO3dKGBPsZuyTdL83DltF445kjBSZzFwlzolyKgCCgCisABR4ADTg6MfaQPS+jV03xaK5SRKJFh1I8/ixi0rDIOHTywaTwWJyt9mVnbZDDu1TRecg62W0tP/RQBRUARUAR2jwDfpU7nJAnMPXmHc9biCuYiq+173cYz17yQQM33XNoVLdNw5WXzSJNthfl+55y3o+90GnMNFkKDqj4djcPw/OzOcXvj7uQ8RAe15dM5wKUzhXFrMLzkBGzbzkq8tTwLhRXVOHlgrFmt/3BDHgaLzZKzh8vELlC2d2UDcasDt/4lGWIbBa995ZrECQ3pkCzhg+aHLBwnlF5eIt0iBnRocCc8PMz4l4kESYmsqvSQ1RkOIlxhPVCyc6dJj+JPTENd6whw1apEVrP4HLhtM3HnVlFpaWnGsrMTO4bhc0pJSUFSUhIqZDutDWkZ5lmQvGJY+zxtbtaPkkBkJC1La++7Hyl+TMJr7ppsfLipAPdOH4DNBaV4bGEa/njykUisyEXxX++Bd9IAeA8aIY1CyLjifNSlrUd9VQWCLr8FnhFRrjeXpMNHLwfjTDOQc5J3e0Ie2DK5l9Vevy9qMG8tEnJiahx+3lQKHyEvbjmrn729y9FZpl1uunnskjebcmN93IK2qKv7Pb1WBBQBRUAR6BwE9rRfawovYtkhIewHXbsmNJVGOgXXKEW+m97xzarK9qVPdZyVq9di1umnmL7Upst0cmRXHcalNIoVE29KX08UAUVAEVAEDgoEqBnBzUy43XCk7AzrfM/vrwp0JI/2wnDeTmO2lIhsL5wtvw3DOT21QELFJsuezD93yhy/20iW2EqZuZmdcTZ62suE0AD8YlRvfCCT22dkq2BvkQKYNVREgPrFIMTX26V7axNyHEliWCvC9HZe2+2XbHCCygkmHwYBpaOqDa8phkqdMF47CZbwsDDzwJx52PT02I0RaBwo0ujdopwiLMsqwtzUXIwUCZNIP2mJVbIjTsowIUgKUJu2TuyViIHWWlHbqiyHlxh9FRakReXYTk37EV+SMHRO1RRry4OkRNMgVU4ZhqQKyR/GYxou13jOpBhOjmdMjsfAxFCs2FQiUitRGCtGVuma0uSFhGvKX85NdvLlTtqwPKZ8co85uvJ21YF5sTwMYx3ju6flft+G1aMioAgoAorAAUSAL/HW2G7x5x1zz3Virty/hg4ehAEiDm3FuJ2LE3GyFfH2/EJs2ZolK5FBxii+j7ePjItkZzX3hPRaEVAEFIFuiIBrvnf4vbG4sxkNuZIoYW/QOyHeGIElHs73/O4e2Z6Gt+l1JI+OhLHpdcWx25El7VWaUiNxsq3rlWMTcfGIeDN5DJCda+hakyixabmTGM7r5ompDe068kFZOyQ854cTw7q6ml0aE8N1twfbsjZ61RoC9pmNTonDL0V15s0lm5FZUoE/nzgcIWLcoyEsEgFnXSJMRB2ql/6Ayn8/hYBf3ASfEePILMBTbJkYJ23DOtNW7IXb0ZIVhsiwURqPTlLFlovRm85tePEbLGo1/DhdizSdN+ScxWtKx3HPlocBbPLuYZvCNMbb3X1H8nqqCCgCioAicMAQ4CTATgTscc8KQ5Wd5jRaxo2OikRUVIQxCsiddSoqKl2LUuwk1CkCioAi0F0RkNchX1Ocu9UcZvM3zgW42O8nthbjRR2TR7q9IT5am1d010e+r+XqdmQJH1hbBAYry81X2RX7+7osBNcKQ8YHtj/659YaQkf9WFZ13RsB22biwwJwzYQUVI1ONO3I1wwQpZ3JC8UjPNJUwv+Yk+E39XixWeIm0nwAqmilO/hDsBIkB6AYmqUioAgoAopAN0PAjlFCNn0M7x1rAd/d64e3XQWSLK2THw01sioZMxzBQy8w0iVtp6F3FAFFQBFQBLozArbf6M5lPJBl61ZkCbtlHzEc5iXinB139aiprnWpIXQ8koZUBFog4CLgWvk5kJmgIyFniRKHn+tm136T5NEXW9dirrkpAoqAInDwICCGXEs2AJtflEGVbCNZs6lzi+6TDI+aDOmIrpF0ucDFHrSxr+zcnDQ1RUARUAQUgf2AgM4jOg5qK7PDjkfuzJCUJiFRsrWgGIvXZKBKdKkaOCtst/9tQExcNEYP6INQf792VXE6s6ya1mGEgBU/cVa5NT/nfT1XBBQBRUARUAQOJAJeAS6iJHQIEDmrc0tSKBIrJZKkt2sHN1eXSMJEnSKgCCgCioAicGgh0K3IEkqULF6TjscWrMYvR/drYVzSBbuLOeG3mIxAhdiZePTD7/HPi4Iwpn9v1IoBTmXKDq0GqrVRBBQBRUARUAQUgb1AgBIlkWehYcodsvDUSWSGhxgBXPBHoOAzKZBTbZojs07KYy+qqlEUAUVAEVAEDl0EKNRPO4quDS1cfEBX1bbbkCW2wlVl5bh0VD/86uSjUCu7zpD8MKsWTf2wqzPmd40YXF26KUes+la62BObiB4VAUVAEVAEFAFFQBE4nBFoECtvnmJ7C2LjrTN5DEmzoaFUdlOTtD3srnCdmcHh/NC07oqAIqAIKALuCFihfhqlLbMX7oH203W3I0vIjJA1+u93y/DuojUIkK3oKmrr4SMdsuxPI1us1qFBSJR6WdHw9vbFqxty8OsTxssCx64skzUU65Q2oZ+9Zj62e7d+xNkZxh133rO8DbN0Pi+mwZ12PN22lHVPo7Xr1sraWjj1UwQUAUVAEVAEFAFFoD0EzDjGS3arKSnC5vXrZaxjRzvtxdr9PY6A+hTvQLBvEkrluGX9hsa0dx2D7T41DaEIKAIuBOz8gb9TfvT31D1bhj6nrn8urt8Dd6TlTj41NTXoGRvdpcXofmQJ3w/ySYmLwnFHpCDY3xcxYYFYX7AR72+ci9l5q4GqfAwKS8L42BGIy613RWhlIODj42OID+fWvmSk7FZRft5SfSE4OKgg+Jbo8JV4DGMJDOcT8ZWtij1lNcU6xmkgQSIPsLq6GgEBAebYWlwbx/3IsD5SFjaCKklDnSKgCCgCioAioAh0JgIysLDzD8MbmK8OZMBIHQ3bgeTaDNKicK2H4gpNB51rIace3jJeCQzwl7q7BpyuJaKOpdOSYGnEQdRwvL1k7NRQZ46BAX5NaXcNTh0EQIMpAgcJAmYOIPOOjekZiImOkt2lAlEnC8Mtf38HSWUO4WLqc+r6h0ty3kv6sFKxY7o9Px/9U/qirLzczN27sjTdjyxh7aVPzy4qweL0bUiKCUdAZBHWVX4D7+A8nBfeBxcPvxVBfkF4ddlbyIlYgk3lo3FEVU+RPvExEiccElC6Y3PmVrOHdGxMNOoojSKkxlpZBemdEG/IkM1bMg1JEhwcjKTEPvCTl1VlVRVS09KR1Kc3LNnifCBp6ZtQXFIiRAokzVpER0XBVwiYgsJCDOzfD98s+A4jjxhuSBPmSWelViyB4n5NkmRbTg7yCwoxdPAgU05nnu7hnWk6w+m5IqAIKAKKgCKgCLgjYCf6Dn924k7RUMetlqedQJSYvJhqe2m1cc+WkWk4FmpalrG1K0mvoRZeMq4JDQlpIjTseKK1GO5+dsxiik0IeUKyhDsW1leZozPtdqvnnrheKwKKgEGgQVbMfWQhNiQkGKGhIS6ypK6+Y68nxbDLENDn1GVQN2XEbs9LNEw8qWVSWWl+H7zek36sKbF9OOmeZImAExceggkpCaj3LcWbaz/AKX2n4OpRV2F7eT7C/UKxaMvPmL91GSK9CvHMipfQKzIak3qPlQGBSHpIfG+R1Hj7nfeQkpSIc2adacgSSpjccf/DeOrPDwlDVYDLb7wDl8w6Fembtwjh4YN77/iteQD3/eFPeObxR9EjMgJWKoUPpk7Ilqeff0nIklIMGdjfkBvHHD3FvNC++Go+7rn9t/jTk8/i9RefRXrGZmRs3oyZxx2DSnnAjO/n5yuPysNInvCZsYwkVEjKrFm7Hp9+8SX+/If7jZQJVYToT4kXS7rw2oogMT7JH3WKgCKgCCgCioAi0B4CMsmvKwXKcqXjlEWMwCjAN7K9CK579bVArWz74iW7vniJdMbeOkt4tBVfpDRQUyzDAxmS+QixYVkHDmZqimSwINIbtA1SLWEgYbwkzO7SNGI0JEwaGscQci6uTiZm/OzOMXkfGZQ2O8ZhGtaoq6eRvnWNT1z+TeVujqRnioAisBsESEp6CjlSLx/+nuoaj109IdxNMQ/72/qcur4JWMLe+bvgObUxutJ1bW4drBm75JzCEvyYmoGfShfh9CP747TBJ4iJMi+sK9iAV1a+jdlbFqK+uhKBvsFYUrQJn6TOxZheI+Hj6S3SJS4SgcSCu/0QPyFF+ALiS2n8yGG48bqrzaDjht/eiUU//IQZ06aaLYxdw4qWBaZfdU0tLr/4fEydPMmQHt6SR8GOHRg4cKDk5YHY6B5mcLJm3TqkpWdg4rgxQpL4mXKsW59qBhf9+6UYEqawcAf8ZMvj9E2bMWrkEZJGf/OipD+JkS1btyJRJFzMyo3kvS07B7l5eeiblCREi5eRaNGXactntL+u+IPlh3i7Y25/zE5/G9ZZHpuGHXDatKz6V2vpOOPvy7m1Hm3z3Je0NK4ioAgoAgcFAvLONqRC/nJg8WNA/mtClkjJw04GRl4PJM50VcOGs5UieeEh6raF64DvrgKO+B2QLHFkMcaQFjacJSR4vUsajWFJ0OR8D8SMBkL6MKB8GkcYNk72D8BP9wuJI/cnyjE4QcKIE5VjzL8RiJ0s+V8gdXhc2I7twKSHAT8ZazjTMhFa/2KO3jI+yS2twhMLNyGjsFxGU6KC3Epww8EImeLp44VLR/TEMf0pmdts641RGkvfdHQlY31bSVS9FAFFoEMI2F+RczzZoYgaqEsR0OfUNXDb3wHxtpg7z7qmFGaJoquy6mA+goaHDCB6R0VgVL+eKCiox7TksWYc8mXGt/gqYwFSIpJxrJAWc7YuxIyECfhh+0qszl4jkhai42d0aZvzor7Tro6ZyIKRqNHQNkmN2Akp2FGE8PCw3Upr8MFVyO47VaKuQx2qyIgIrFy1Bj/8vATX/+oK+ItKTmbWNsz79juRPNmBN95+B78472y8+uZ/ULKz1Eiw9Fy+EmecehLufuBhQ3gMFpJkYP8ULJd0rrvqctx2zwPo0zvekDEFhUV44tGHsG7DBjz/r9cwdNAA/OEvT+LE42bg0gvP27Vq6tNpCFjCwx7tj9ZeM6O2zm1YZ2Ho1+zf/LO3hJ6950zTGX9fzj05Ajaj4I6lsj/K0LGcNZQioAgoAp2BgPT9fOdVFwLfC9lRlAoMe0akMkSFZM1zwOcnAmcsFhLjSMe7UUgSs3NMo12y6jJg6yIxoiakBV3Tzi+N4RzDt+b3q5AkEIkMG7Y4Dfj0TOCk91xkCYck9vVv3snikf4JkDnHNSIjKdOvkSypk53+cv8txEhfiSTpFm4EKlcLYVIl1+Kcabl82vz2FtXknJJKPL9cyBs6loHxrTPXjQn6Sv1LqhAnx2n9opurZsPqURFQBBQBRWC/IsBxON/T+2q7Rsfz+/6Yup1kCR9qvRgiyy0px9qs7ciq3Y7Y4Gjk7NyO277/C9YVZuCUnhOoNotttdmiejMOExPG4N2VHzUSHXYUwomsGF5tHLCYRmfwclkyptTJ2tR0PPToY1i7YSPOO/NUjD1yNErEHgnvOccQFmamQUNpf3/xZXwy+wsU79yJB393p5HysKo2JaVlIvmRiOlHTTakybVCfvzw42L8443/4oXHHjZlvOl3D+D9xckAAEAASURBVGD8uCOFdKnA1ZddIudj8PncL426DkclVVWVuPLSixDfKx6XXXMDNmzciCXLluP46UeLStEZWL56HUYOH2okVkjcUKJFXechQNWr5/7xvEnw6l9dZaR8NqalITcnF0eIPZoQ0f+27YkER2rqRgSJQa5evXqZOBQRS8/IQErfvkaiiGEZbocQclsyt5g2QD+2s34pKVgnOxUMHzYM6ekZRlUrOTnZpGPj8YLn1jEt5zX9nX48dzrGXLlyJaqrqjFkyGAEBopIuTibhjO8lXJZuWoVXnrpX7j8sksxYsQIU2ZL6pjI+qUIKAKKQHdGgO9MvgtLs0Wi5GNg4H3AKJEkJRnSawKw9CmR3BAVG7piISHWvg3sEGIjIgUYdDYQPsAVn9qz1laIe7jB54qUSj+TBApWARuEECneJnF7A0MvlKz8JN1XRGIkUe4J6RESL+TMWAkvZZN/V/kyhZD5DEgQ8qZczjfPA/rKuaeo/bD83skugoe5eIufT7jLn9cddLb7qBUJERlgIc5bFn3ktE6St47VLBS/4xJDERfih9d+zjYLV4xLZRw57Na5uh5XorZ/2W0kCdCReEzP2Vd1JF2G6Ug8m+6elLmj+Ws4RWBfETC/KPmRsH3aMdru0nS1aUpE8/fVcsxo2zvT0Da/OyQ7dt/iyHEy554Wd2fs9t5z7s+E6dFUg33mznTaO7fP2paH8wz6WZMS7cXVe20jwD6wmzi+DhoQFhGG15ZnYMmGzQj080GRGL3N21lgOtOUwJ6IFX3en3KWY1HhGtwy+EpM6SNkSZ+xiA+Pl9h8KzR3jsEyKSwXQoKOjY6JVNdUy2QxQGyB1GLYwH745S8uMC+fxN4ug658EXlJY+eHjd45QWSDIzlxzZW/FNsiv8fjD4sEiBiLrRa7Ij40eCZOgpgvxqOKDh0t+E4aNRxlZaUyYS7En++7wxiepU2UgQNcAy2GNySN/EDCQkMRER4u157G0GxVZRX+n73rAMzx6sInRCSyI0EIQohN7b33KNWq0iqqVqlRtUe11CqlQ6miWlVU7dWW2quU2nvvHRIRBPE/z/ly4/M1NDTV+PtevrzrznPXuc8959zSJYrL6vW/yeTvp0venJREyaaSJxZQoiRO1D8cVNauWycvN3hJgZLvp06TPn3fkxUrV8rrTZvLORjjZVvgj+3ooxEf673JxOTvvpMateupShXfsU3Rbdq0SZ4rWVUW//SzzJ4zV5Ys/VUuXrwoAwYOUgPBS35dKht+26h+p/0ASSQAd3QMb9LjlYOg/TPv6cw7fbD7M3z4CPl45CiZjjh79e6DdnNbvzr6v4R2OmfuPP2WP18+yZsnt+zdt98uJuvWooBFAYsCzwgFYsdFcYO6indJkX0DRVZDwuTAbNtEXfEjkYwVRW5A0mIVVHIOfSPiFiByeIrIytaQSIGtkGSAEO6ivLxGX8b7dvA3yc5fG0h64H3kKZFlAE4OfgbPYFq29RFZ0RHvj5IhwS8StkeuYTC3jb0PUPA8VISubBXJ/bpIBkiVnEQcEcdtXjQsTsjjlY5qQFQRekJnmykgVYvwyKUgV3IdPzKCBErqZPWTmrnTya3bTAcvbduavPlLZ2PqbYs5M+cxkGHazb39s3nHIyEZhr/YkvLTA87wR3zpGIf9HGgfiP4Yzt7Rr3143pu07f1Z9xYFkgIFtH3GttHkWMfwxM14nRnvYj9S9Zr9yrRvE8Y8W23eUCRxrhxneNgHN0tpAJumFEhr/owz4xxt0ti/d6wTPnPNegm2NbkO4PqQ7+zXo4zTvDfxm3g4xtH8A/MUGRkpFy5cjANejF/r+ngUAIKQNBwr9w5Ah0I5s0gfqNKER0ZB6NRNyjjnkvWnf5cmBRpI39KdZPLWH2TsvmnyQlAVaVbwFckVECrTd86VbAFZAU7YGqcpUUHsiHeFQdeSxYviBJwg+XH2XAARnjiaK0D2HzgIpO2uhMJ+yIA+3aVxm07yy4zJ+j0KgAhBFtcbrnIXC2c2OjMZExihoVa+Y8PHB51o76CD0NGmCVq1vguPAHMEx9N3rkfdkGJFi8DKtbucP39BbZVEXo9SNSD6oZVl5oeOJ/IwPjZ8SqzwWGK+O4+O4wagpx5UeNwRDzul5f4ZCvj5+Unq1KlV3WrtuvUy+rNPJADtZsDAD2XV6jXySsOXNeEtW7ZIbpxgFBgYqM8bN26SefMXSkUY/lUjRBgwjSNQ16dLG+nTq6d5pXU86uPhEpgunYJrbB8MNxvGiZ/Ln1+lQDjoXr58WU7Bhk327KEK9l29elXb4MWLl9SCOk902gVpkPQZMkjaNGk0XrbZo0ePypx582X9mlXahtn2CMLRMc6TiDM0e3ZNZ8+ePbJ6zRqpUKE8jBv7SZq0adTAcFxmrRuLAhYFLAo8MxQANIA5VNzSiZSGFMnW0SJHh4rsRgE4LGdsJlLmQ+xm7ANA8YtIMXzL9aKIO8CV9d1FTgO49kBY8rqwhSbnAGicWgp/Q+Dvpfv+zmwA+oBNmQt7oWqzAFIhADz243d6mYhXdqj+tAVAM952TVfKlieiFhif5R7Ak2OI0wPPmcrD6CzS3j1M5OwWSKfkwEs6ZiBxnImJySfHn9t44YFrBPiPouk8pWrONLL3bLjMOAgACB50A8oEekgWuChzc3WV9es3yHfTfpDUUE0+dfasvNnsdSmJTZ4PPhwijV95WefJMePGC9WOK1WsiM2j6zrvaLip08UX4WiXrUXT16RcubLKg7lg7uMcN/5rSDk2bwpp2/Qabtz4r6Ve3do4xTCzLhgI6jPuzh3aqUQn51CeUDjyk8+kyauNIbmZR3kpLkC+mfwd5k5XaY50tvyxFc/fQ2LYTS7Bf60a1eT52rWsXdiH1LX1+ulRgGAGgRH2jynoV97e3qrGX7F8WSlVsqTyeCY34ydOgl9XafLaq+KCNr5rz170hwni4+2phjDPYbFcuWIF9Jk6MuHrb9Seotmg7fj2W5IubVqrzRtiPubVgBg8jGPGzFnyKw77yJwRWgE6XgXKiJGfSeVKFWCXsoAMGzFSgQtvby+Jwvovf/680qhhQ/lx1izZ9Ptm5em51mvXppWOlyM//VzqYr1XCuPoe+8PlNq1akjpUiVVK8EVY+6cufOVh+/Q/i2VZmfdcspj26lRrbJUqVxZTpw4ifHzGxk+dJCCJ8yv5R6fAkkILMEGDibsAM9UUqdY7lhwwklyn3KTIRvHSOjJrFIzRxW5fitKxh6fJ8XSFpAM3oGy9vhGWXD0V+lU6E1xS5FSbsN6PQcB2hQpXOg56dCyqfR6f5B4eriLSwoX6de9i1KJflL7+eh5zQXy5ZV+ndvJxG+nSMd2rQGYeMjAoSPgP4UCFT26dMRiNi0WsTEYfLz0zGdGQhspdJQq4bnoZH4CUvuptEGePLlk2ux58h4Yha4d35a6NatJp2691VhrxqD00vy1xmAqfKAmRLYFcaRwFk/EwSc/2E4x75keWz8ZhpDMGbVcn37xlRSGQdgmjRtaA5xSL/H/0AAwgTEyUZ9/OsommYRkCDD4A0QxbtnyFVKrZg19PAMGcdCQoTJq5Aj5YsxYHbCMP14JXigQBgAuGnZyCLhRiqVf/w9k/LixaLdQ/0JdU6pl1boNMubLcdK6ZUsFTz4bPVonyKnTf5AB7/eXjRs3ytDhH0v2bNnkhXp1ZevWrThSy0vCYGy4bevWkhZABx1BH1qNHjv2S6lf/4U4UGfDht9k0rffStEiRWQupEnebNFCFi5aLNu375BxX42XLp07aXgFBPXO+mNRwKKARYFnjAKcX2MgmQE7Z1J5BMQoekNN5jhAEwAUuyBZ4psLoIe/DTw5vQS6vT9ioMZzugIAQCBzwdNwOCkT1Lh+NtYfwp6ZafMXCIkV2kSJvAC7IvDnkw1/ECBHQ/wIqOP+zkFbHOBv4hwZVuYt/CiAEUjzOQNE2TsL4h6XAFLA1wkALVQF4uk4grQT2UUj+Zv4eQM3D6dqjocLjOinkV1nwmX8zvOSDqq95/A6QQ5l4Q7m+fPncQLgCTD6LZVPSR+YXue5mfMXSx0w+eS5/ti6XfzJ9+Cec50Jd/zkaenQvq2GC/D3t/E1SJxz5u07t+XjYUPkMjaLhg35UMOuXL0WC4GKes+FwcpVq2XKpAlSuGABBUsYjnPsuC8+V2ngYYMHKjCza9du6fpOZ+nZpx/iTob5PEx+Xb1Bpk0aq4sMTw8PnbcZ3nIWBf5NCsT1jwvn5eDho/LR4AEqifxOz/7Sp1snqQ++j+7osWPSZ9SXUJ1zk6pVKsPeYUbwqH7SqkUzWbNmrfy8dLn06dkNm2gB2JSNkaXLV0odgIIVsSl2DVIHVpv/e7XMenLFQR1Lf10nX0+eKqNHDVfV+jvYOIcMuCxdsUqeK5BPJU1qVKuKtURyBTAI4s5bsEABsI2bfgfwmxFgVl0JD78q6bH5evjwEQAgxyDhTaD3lvyybIXs2rtPJkOVnsDycYy1BJAbNWmm4+Q12MScPGexLMGm/+kzZ+Sl+vVxaMkmVb2/Gh6BE1f3YU1cUIEWjr+WezwKJBmwxGT7LhreXagJcJ7GScqS0z9UmuVqINMPLJCwm+GSwStQPirUSfzdfGXenp9kHpiel7PVkjxpQqGK++fZveGLL+jxvVRloQFX7iwQSCHKlx92Iqgqw+cG9evqjgUXsKOGDdJjgjUTmDNTQrSKi1qqvPB4YaroMAzjisa1eNHCsHdSUBelg9/vq50iOFMm+fKT4To4URLlpReelyoVyymQ4gtmge79Pj3ULyf14pA6oc0UShEMfK+3XpnmO2+31Um8Q7de0qzxy1JGUcWbcuzkSY3DmtSVDIn/B/Vu2CUydHSzZ89Rxqt8+XL6fBqGfC9euijPoS2xrj78cLD06tldmTUyYSacesYftq2Ph38kUVFRcgzHSrdr2wZAS02JCA9XxtH4K1+unJRAm+rXp7ekgZRI1eo15UUAHTWqV5dfliyV5QBoeIpS5oxB8tWXYyAldUBqN2ouh7dtkKxZsphoNE7uRkwcP04mffOt5ClUXNg+W7Z8Uz6AhEzdus9LzRo1pEu3bgBJtkvjRo203ffs0V3BOiLlVvuKI6d1Y1HAosCzRAFzcs2VA1CzeQVGU9/BqTYtAWhA2sMHkoBHAZbcgDKKL8Q6uO+Ro6lIcBWRa5hbw/eLBBYBQALwghNBMoiiOGNDhPorcf5OwN8hACsloLqz3PbtJvzTnfgVIMgGnLjT3haW74zdE96b2eUcJEiiEI8XwO39w/EaiEuqvDDqOhcGabvjnsA8GFtjLJYn9CiAopE89h+d0wDaZPJzlXvOyWTXBZTfHTxH0SCJuHFHxu+5ICmwoLobK334OAkkQ5hgnN6XJThYg3FXnHNd5vTpMBfamHNuKpFvspeWoWpBmgB/lZb19vLGnMfTd2CsPxawoNTt8/UbyCEsHL79boq80awpDOv76HfyS5xL10N9deoPM2Tq9BkAZmppHARRatd7SU8b5K5tpYoVZMas2ZKrYHGdi5lJztHBQYHY7PKQFC4p4qQytQDWH4sC/yIFTPun3cU8uUJ1zcI+5YJ22veDwVINwIgP1PW5YTfonba6CF6zZh2kSxrrYpr28MIgLbVj914pUxqgLhz7I0/XJF+YCn2Ri25KqZN/Nen9i0V+dpPG0pP023zkpG6oVq9aVe0YUnqOYxvHGQ5nXHcSqPgBB38MwHqBvD7Xf7Qj6IM64fjojnt//9SybsMGSMTlVrMMVMUpAiD44JFjkFxZIa81bqQS49nzFVG/BGwYb+7M6XWdGw7/HPtYx2wzJWAX8wjAF2o3WO7JKJDkwBKdzNGq9IoypQBjUDlrGcnonV6WH1srq4+ul9sAKFxd3cTPw0/eyg9Rz0w4ntc5pdyFLu/9kBTIuKcNkY2P6g2UBDELQIIkKfAzAAsnVg4aDGObzO8TlGisgWF42g3v6Y+Of41/vqNoFOPij2myg1Aihely55/lMio7xq99mvZxMH4yA+xoXd5uI/MX/yKr1m6AKGo6adeyBT9rPqxBTkmR6H9MnZO+SwBSzJ47V8aNHRtX36tWr5KyZUrrILlm7VoZO2a05MyZQ1asWAkUF2KQkOZo3+4trUNmjgDbu926y5BBH2p7oH4j2wXbAYZabSumEKxzA9IRiaYa2a7du6Tp669J8eLFYT9lhVQDSk2XIzRUlsyaIu927S4FYIC2C3bO2NbYRNn+smfPLoORZqeOHeSFl16WIkUKQ+wyjQRBpFnjfI1xFlNDtQR0jFQT4zb9kPeWsyhgUcCiwDNDAQ5+dO5psSrOjBNxWgGAALjhHgiVGoAU0fgWVBTH8uYDWIH7/QAoBLZJTq6FCOEYqNQAZKG7hd8deM5YGKIYuHf0V3MfbI0AMAGeIr+PgjrNHyI7IJnnnkOkMK7YZFFG4SDi982GX054hLsTCfUcSJMwXPmRyEOI4iJyaJHIr7CZcmIdBvfqECw5D79Q86Gj3ZPos5z4bc+P+5ckQdDUqVykdHZ/yex1FQbyvcU1RXIZ98cZxH0XfBHVbx7PkW+hhO20yZPkFlSYqTo85MMBUBF1l1vRt+Kyq3YUAGIZ3X3lfeB3zozlujvLhUW3Lp0VzOA3OvJSVPPp37e3vPpGa9119YCkcAwAFfJev/++RReA5cqWkWnTf5StMIZfp3ZNXQDSLlyL5k0wd8/X+fcG1KHf7fgWVFb36LzNBcbaP/bIRyM/0UVF7x5dddFiD9Y8HiUs3xYFEpcC7AU3YZyfC2/2hYAAm5o1eUcuomfMni8jBg+QGzdvyIhRo1XSmODkdQAj5DkJhNCsANc87FPuUOX/YeZsmbNgMaTTX5aa1aslbob/Y7FxfXAD5hJKgIeeMKivdO/7vtBe5mhslnPzknVAuhsp7e++nyYrsI5bPOcHNT3B9wRJfkQ9rlm/UcqVLSVtsKEZhfpOC9V/jnGsd/LlXTu/LfPmLVSJcW6S9u7WWVauXqMUZz7OXboiX4z9CoeWHJTcUHckMMb3adP4y9Wr4RrPf6x6Eq24SQ4sia9kKbCrkz9tLsmROkSiIZLJmZcNQBeUAEmoV8vGaA+UmHjo7y4amgnDZzr6d2QI2CDNN72J548BV+w/MS7jTBx85oTL1SpTZLoctOhMHuz9PiwOvuegmDd3bhh1zR6HQhLA4bHHJi6N2PqTaBRglZIZo1uydKkMg5HUKZO/VYaO9UEmi8ZY+/frq36KFS0K+yDHYiemKJyA9LtUr1YNuwAuOkCxnljfybG7SACMPzq2CQ6m5GAJqpk2wUnwCiROvLx9gBwHqIRJsWJFMeDxiGsfbRO0Z0PHSbRs2bIQq6wo9V58ESo524TSL5SEOoxTfJivSpUqanunWlFa6Ke6YyeNV4IkHES9YMtn3779es/8EDRh24uvT2mi1h+LAhYFLAokaQrEIgOuASIVR0PtZjKkPVYAKIH0h1uoSIXpIlmqAKAAWF1pg8j2sTg27AN8g2pOcQAW3tkxie8D2vwSJDz8oKqS+c/+Siy2+WNSFebgSOJJMPKKXxAkSgq2w04KUBjvTLh/H+musqndGLCEhmHdIGWaD0AJ1Xkklh3LXNVm7PUupD6oupMZgIs/8kIJk7TYGYwB4JKcADsc030ch+hoi2TzhUjx90gp9fKkkytR0TJ+y2k5FX5TPPHtGvykesx4lb+5e0eaNH8TmwEDVKKWmwCcK7lZZfgUzklubtg9xUaSASTIx7zZ9kUZNWKYzjecE7nbahznWtp3y5w5k4zBAqRKpUZStHROla7kiYJUwTlx8pQMhMrzKYifr8bGRbWqlXWREQ7x8+LFimGu3iQNYbB9FWxycQ7lhpVtTr4rtcoXky8+HalzNW3U3ULaJr8mD9bVosC/RQG2RZ62SGkQ3MqOHTvEF/e0qUc+c/OG/TJp8hTlJZdt2SEHDx0UGuinX/YdNSeAB8bD54hrkdKxfVtIKldTaZQ7XFNZ7okpQLrqeAF681CIBi+9JK+/8aZs2fKHbmRynUpHmzKbN/8h4yZ+K9MnT5AMsC9I3h0VJ7Rv+XbbltIQthBpkJX1xB+BZq4JeE9pEW6GXrhwQV6ECtYsHBLBNvAzNnKZPvn1rBnTy4cD+qv/yrXqyTocCtLolQYqEU+JJM3nE5f0vx0wyYElrHD+7B2f7kAqhOJobi5usZ/oD+8xQcc1VvtAdvc676MxPW3n2DAdnxOaH4bjApZXLr4NI/Gk8SU03f+yP0pz0GjqWRic69qth4SGZpcPBw2SbZio3u/XT1wBOlDaw9/fXwczMn/80XFwo9FUSpnQmfbMuuOxw+Yd648/2hfhlac0OcN2DR3Vbl5p3ETtpQwaOEA6d3lXjdnRLsqnoz6GnqmnDYyDX1q6HvnJJ2q4uDhAm0LQSzSOqDTtnEydPl3t3nTs0F7z3Ql2dPq+974EYcC+cPGiDBzwvhSAiOBY2El5u2Mn+XLMFziRyRenN10xUVlXiwIWBSwKPGMUiJ33vbKKlOoPyYmOAEAATrsAxEhuG6+1QIEloE6DcfPWVdu3ZLF8hh/G8Jo/wAuACrqH+eO3bC+IBFeG9AdADjeAKyoyAibFLY1IyX5I910bMEO/dB4AUaqOww3jRj4N3+MVLFL9G7yjw7eKH+MKhptjcVGoEqVwwbPhZ8yVfhPoMNe4wk7JzIOX5PKN23I2Mlr2X4Z4Po4TJlASW9L7SSQgWs5flNo4D9tqnMeoOkPHuW/N8qVyGzYTeH/rZrTM+HGWXCFgASCledPXdR6bCHXSktgMuHbtmhQpXFjy5s0Tx/MQVDl09LiqEBSHn/FfD4U9hjd0w2HHzp3y7dfjISG5W+di6uoXLlhQjbpyV3Xtlu0KmjTCIoRzdSF8mwlVnCtXrmLORVXBrsDiebOQpxrKV2WDDTCKqhsgJwFFt7xYFPhHKGD4RvaTCWO/gGp2ETkEVYoZcxfJhNEjtT999sVYGTGih6re0H+2kPEwWDxFPhoyCP3DTY0aHzl+Mi5/3Oy9jLa/YOEi2AC6pBIRVaDOQ4P+BCnZjy33eBQgv09gmMZWly5bAdWa0lCXOSG5cuZUmm7afUBaYAwjcPtG2w6SCir0v0MtcNmy5cLxpmTJEloP8xYs1A1w8ty1a9VU3py2mUy9bNtzQA8cqVWjulwbPBSqVaXVKOypM+d0rOaYtXrZL3HjG9eM2UKyahs4jA3TEhg7rep9vLq19+2E3WnbrGb/9l+6Z0ZSQHwsOcQ5E+4gYRF9J06dJuHhLJ9PmwKKagMd5YBM0ICI63HoG1P6gUCCmRyYL/ohKBQSEiLBwcFgxKLkwOGjqo9HvWj6dRzYzTsaOaXRKiO98bjl5CBT6/l60hv2R8qWKaPBOSDyxzSoA7hv/36V8KAhJpMur3S8coBzhvSIvUoL3/GbY75YTr7jYEdnE7u7B8YxQnUZ+Y1huSNG9RrSijt2LD/90lHKJALoNHUdSWc6ky/ecwCmtAh1I41zjJPvuVPHcjK+njhmuFrVKkDLG6h0Fm31WM6igEUBiwLPHAU4NmO8fMDpO77Be8fvjs8moON7+2f7e/p3fDZxPObVRBN2JUxBcsf5I/7oUN61g3DM8RdyJ1MruZyvAwzgO8vG42FS7fttEuKSHCfh3JMrADXcQRcXSHzQXpxxKfF8BDZM3swTIIPq5pXk+Hb/6z3x3f65OJ/6Vu4ENZOw/G9jTkopByAWfg6nrfEEHPrm5hbnmNUQE88D8IMnvm3GbuuZ06d1UcBy1MHJMydOnFDD4kw7EjuthQsVUqOEnIc5v1HKktKSXFRw7mOca9auU+Dj4sULAPsvSenSpVSahXMiT6vjRkY6pPcbDKHz9AjOfXScww4cPCSXYKi9FOKjvRMaNWecnPuoskojiBZYouSy/jwlChi+8BB4XKpMGMkrSoUcPnJEduzcpZLOKbEoL1AgvxpxpQTC6jVr0Q+eUylhZpV29HbiVMTyOE2KvN5BtHWeosj+wb7Bdk37PZcAlBgJ6Qrly8N2iY/V5hNQ1w+rJ/Lc5M8p6cPNS9ZJvnx548Yqgha+AKTWYtzCxKAn4fAAiSxY2xQFCLZ12zY5dfKUSrxxLKItE0p7N3ytuXw6YqhkzZoFqvcrpSDAXj/YmWE+mCZPuqGB3zKoX9YppVlol8YJ3wrgNM0cOUJ1fG0BkGbSuNF6wINZOySguEnGC8tKKZzzFy7hUIusuI8SV9gCpWSN/TrnYRk2fsIhrU/6ch31OOtPgvhJBizRRojd/FOXw2XznqNyC4S5h85tN0PHQ4d7kiZdgBQKzSReQOs42SOE5ZIoBdjgyfhw0E7KYAnBAh6hyw5ZvRqtVz9cAMt0wn+S5I5pOD47pm3/3f6e/syzuZqwjs9HjhzFwL9JysAmCxlPx+8mnHW1KGBRwKLAs0OB+0t+BUkeyPijvtl7fJQ/8y0+ToTf4ntvH/ef783Ya9sEcAewTsmSv3JIyw4sCcvfQVywObH/YqSUmLULRmwhXUP+yt6Bf9L8mdcAUnoVyyBdyofESYrYvD8Illx5rgO+QyAHQAYZUKMeaqLm5gI3BMikcgeWfsgDkLnjHMv5lWH5jj/6NZK0jIN8A+138SQ5zs30wzjph3HxR6BDSYsiUNWUajYmPeaH4YxjWoyT7wnY2KfNhQTjtZxFgadJAfZxtkV7sIRtlu+pPsE+z3bPZ/YPA3SwP5m+xfyavmTafHx9kmHY/hkfHfsOTRWYbq8vrT/xUuBh9UTPHIfMWMKxx4xhVL+hBBuBKo5bHPd4EhfpT3+sK4K5tCmDl5ou37GOFv/0i6SHjUpKxNGx3s2mKp/ZZljn9G/SZzg6k/7+AwdlNyTv6r9QT8ObeldPz8gflunfBksevgp8ykRkI6REyeY9R+TjtbuleaFsmOA4ecfv2KZuRMfIsPkb5OvX3KVI9oywwWad3hE/tay3j0MBdkyi7caxbZoBxtzzSmfeG7+JeTVpmTQcnx3Tiu+7fVj6N8/mGl8YviOSzR+d8aMP1h+LAhYFLAo8sxR41JLgUd/sC/wof0/6zT7+R90/Kv6Hh2OoO7CJlcnHTZbVzSmXrt6ImwviDcU5D1K+IWlgIBD3D+fEEBofOZ9w0ca5wjDrJl4yufzOn4Ia5gOu9MsFAMMaZ/yaZy7kaKySfvmNzsTJhcMDaeIz/Zo46M8+HMPa5/Ov0qZ/y1kU+LcowHYcjXXNLRh4Nc60bbZ70w9Mv+Di2wAptrB/7pOUPLB3TpAi4z/L/T0KGNqbWMw4SEDY1BmlgRwd/TmOi8Z/9WpV1DuBDwMUm7rmBzN+MQ7H9E0clGrhj9/twzrmw3p+NAWSDFhisnkLDatZwWzSunZZ3R2wVTgXbPRhpmwYKkLfvg0wZduxs7D0jJ0AvrCcRYFEooDZiXJktMxgY66JlFy80Tim4fjsGOhR3x/2Lb73fMeJmDRwLL9jmtazRQGLAhYFLAokZQqQb7LZeEvhdE+KpPeWZEEwLJsAd+cO1JwxD9x34LMQx31ezO4L5o345hPOIcbZ35t3DBNfuLjvuKFYub2zj8cxrP03+3sT3j49+3vz3bpaFEhKFHhUG3Vs345+HZ9ZLscwSamsz3Je4qO1I70fRvuHvTfrEMd4DJ3s07S/N995ZRzk5/ndck9OgSQHlqBG1f7Ij+u2yezf9ogbRJNuYvcgJXY5jP2H6Dt35RbeUf90+oHT0qZ68fjm7j81EDYYTLtMQp3t+UHi8Z1jwzX+2NjMPUPZYrsf/kkaIw0uMTuPCmvSfJSf+7m4f5eQuI3vx/Frwvw/Xx3bwP9zWeMrG9saxfosZ1HAooBFAYsCzyIFyFmAUXbCkaHJabMjGZ8kCozLPRh4TQjr7OTkLPhv5+7HybgTFIldaOvWooBFAYsCFgWeLgUed+34dHP3bKT2wDSYJLIcu2kRks5fquYPEQ9XFxxxl0ouRl6XW7dx3Bsy6eflIWm8ePQcjF5GLlcLwY55J5DCxR6N6BhH/S6ibAat43f+2JDMe/qx11klUEF9Mn6nGBPv7Rse31HXjDqy9rpkJs2HXRkvF+RuiI/uNsRQCVg4OvqjHhwdxUft03b06/jsBt1E5i8h+Xocv47pWM8WBSwKWBSwKGBRwKJAUqIA+AknT0l264q4XdqBjZ7EyRs3m5JF42SeZDhNKLEiTZysWbFYFHjmKZBI3fSZp0NSL4BVT0+3hh6k94NPTyMnSQ8sYakxGZ+9GiGbDp+W3EEBkj9rBtl24pycunhV7sEIbK1sOEEvm7/c8/KV1N4ATZLRMA7ENEG/ewhLoCQMlokvh12RkCzBcRImJ2GF3QtHrnp6eihtr8IyLo9zonEcHhPrDuvRBw4dhjX05xSUIUBC4znbYYnaw8Nd0qcL1HvqidHxe6aMGeXsuXOSAaei+Pn5PgBMENiITyqE7xTIAfixFZbYeZ8je7Y4UMYAIoyf4AwN9PA+Z45QBUyM1IOJm3lxTIvffodl5EwZg3AsmC902wA0gTYmbn5nc6O0zoN+bUeIMU46e/+OafC7yYPxx3eWsyhgUcCigEUBiwIWBf5FCpAfSu4nySIOiOfmnomakXvJPME84FQGxkrGgoyXPvFqOYsCFgUemwLkxTWQMuqxvcnqT49Nx386gFVP/zSFH4hfV6qcY7gqx5XrX7MGfsDjP/yQNMESjBiBPl5SJEugpPX1hBV3GBpL6yepU0GqA9ISnge3SPjSiZK8fnMpmCWdeEZckntR6WCQDBIYMMtOsCQq6oa079pbJn0xUjLhNI/rsPjctnMPadP8Nalft44u8ufMX6jGkwhEZMyQXo3gjB4/Sb7+YpTqyBpLwz8t+VVy5wwVN1c3eaNDN3mheiW1Qnzj5i2p/3xNmfTdVGn88os4viuNghpGgoVSHcY6sr0BM1b0DQA0H438TCJjjS0F4Aikrp3aC48Ku41wdARR6HcjjvpiXHly59J0eU9wgkCO+oMfStAw3WSw3ULLy/QzetzX8lbLZjiKLA28wT/iu32H1pQBAuGeR9uy7DQu9Pm4idKuZXNJGxCggA9BGkqkEBgyaREYSYHjB+9ADcrkgWkyn/THuCxnUcCiQNKgAPurBWImjbqwcmFR4KlT4B7mbjmDZMEXJbMtwxIrD05OMFTodE6c7+HUhhjwKwYsUaY2sVKx4rEo8N+gAOfqZDFOksIJ65d7d219KuauLg7/GxR4Nkpp1dO/UE/sG4AOndEv7t29DRulNyDgcEvXyk8zN0kTLAGAdDYsXLYfOSPZ0vtLpgBfOXTmoly4FC4xWMR7nT4vob8tkBhYOm/ZqK3ErF4sUXJdnIuXh8l3GCQDUJAhfaBkC86E88l3S+ZMmWTf/gNyMQznYG/+Q2pVr6oqLyvWbJB32reWLMHBBKzk9JmzEpDaD/THoAVQ4OixEwqquCJN15SuAAPuSrZMGaT7Ox3ipEAIEHRq10bSAGS4dPmyAgdhOOucx0UFpksnh3BG+g0AN6Gh2SU5EqG6Do+P2rh5ixw5cUqmThyrwMO58+djrxcQl7/Gc+78BY3Dw91dy3Th4kVIy4RJ9pAQBSeuQHqGVqyv4jjebDi55BTSvQZry6E4h5ogRr8eXcQfIEwM0jx67Lg2sizBmYXxMZ5jx0/osbB+OGP9vZ5dcX63D5rkPVVD2rvvgPj7p4Y0TVq5BQmYsCtXtUzHQJP0gelUWoXs1ylI61y6HCYhSJ9H9nEwsVziUSAawNc9TppPwVGL3WYnGZ1BXWLV5f34jErZUyjOfz4JAiUEPFUNjwOcVmdi1On9+jRgjK3f831ixB9P1Wn+MWECIP43dhXiyZH1yqJAkqQAp2D2y6uZ6svaiHw4T5SbSIncL5kGbJZEx7jL1T0XcG85iwIWBZ6UAuyd5OXvxmCDNCIc/TcCbxK5zz5p5qxwcRSw6imOFE/1hvPZDWhH5AnwEbWkSE2Sp+ySHliCWZfG1oP8faRoaEYJ8PYQn1SukjdzoFz29RK3FE6SPRw4EzYz7u7aLClmfS1y+ZzcwVnkzoVKQhzDWcEBSkZUKlda1v22SZ6vXVM2btosnVo3g9rLTgVFKIERHnFN8ufNI1NnzJRASIWEZM2qiBWBkoU/LZGZ8xZK8cKF5Jsf58mnH/ZVIIBSGZEAaYzEBaUqPhnzFUCXNnIMgMTn47+RNP5+0uL1xvIb0ty8dTsAj7Syau16ad2imTIxBC8C06aVM+cuyPfTZ0il8uUkKEMGuXjpknwwZLh8MuxDXRSMHP2lxuMLEGPop2NVrWjNhk3SoF5tqV2jmrzbqz+kYYIBVlzRNCkpsm3nHqldrZK82rCBfDp2vLRv9QbKvF2WLF8FP6kBqmSVgs/ll48/GyM5Q0Nk+aq10qLpqzJ2wiR5s+lrCpT0GzgU37LJ3v0HpeGLdaVC2TIycNjH4u0F/WdIsezZf0jGjhqq4Mz0mXMkKwCYbTt2SZNGLz/l5vv/ndy24xdk3OJ1cvH4IS1oYvO7hnpch9Jejn+qFFIwY2rx80yFaTrx2F8TE490LFKooOTPl9ckbV3/AQoQuODkEhYRKfOXrhSnmxGwjQSwNxEbENsMpcsoxeaCsTc5VCH/SdaO6fEIxcyZMkrxokUUrP4HSGdFaVHg/4ACNpY+2jur+BfMCglSm8Qtl2N0HB8S2lcZwgCiGpghwajGREWKk4urHi+cmZIllrMoYFHgb1CAczb61Q0cs+0CO4ZYxyQ6wPk3cmcFNRSw6slQ4mleaS6Cm/bBHs4S4OctqSGkQDMaT9MlObCEE/ldiKOdj7gue09flJuQFAlJHyAnL4fLybBIcTt9SPxXz5dAVz8MLlD/2LpenGJwBrlvOojowC4HBhlO8PegjvNc/nwyY+5CBUe2QsJkUP8+OJc8Snbt3qPMdqECecQVaj03btxUFRIyEClTuqASIuSb73+Qjwa+p6o5YVeuKIhCYOTsxUvyHsAEVlyO7CHSrvWbek/2I/p2tAQFppVPhw9WSY63e7wnw97rqbZM2rzbR0qVKCaFCz6nai9k+j8e2Femz5wrI8dNkt6d3pIK5coo0KPMDDJDdReWhSo8FUoVk7fbtpIqFctL/8HDpXyZ0ioF8FbLNzRv9Zu2kmVzp8uFCxel74fD5IXna2uZKMlCaRpKjbQCWEOpkpWr18oOSI506fgWABR/0DtGrl0D84MGOXfBIilZtLC82fx1tc/y3qCPpPBzyDPUhl4HGFKyeFHp1qe/7N6zT8IgncI8vv7qK5IiViXoaTbe/+e0KFHy5aK1ci4qWtzTZtQ6+ufKiz0NSk15YjBCu/QFWJLYEzXbVsT1G/IHgDva3rEkTP652jRgyaHDhyXyWoQUyhkCND7hC6SE5oyA2klI47k4J5Og9OnjAOSEhn9cf04AZE6cOSOHDh9RlURTzseNx/JvUeC/QIFkMbfFF9twKZzv205juSnh6oxNj1js5JGkIG9wJ8YOWlGsBIs6Z6j4wH4cdnUwV9hAmEdGZH20KGBR4BEUQB8iWALc0Qkbwk7oswlGNB8Rq/UpsSlg1VNiUzQh8XH9cBv9w1lsUvZqNzQRN/8SkockBJZwwr0n3r7eMnr5dql7Mxon4aSUi1evyYxVf+hA4u3iJKVThEvo3Sty19lNF3ROzq4CtEJioKKiCzwQVQmLxWZGGDfNBFsklJoIzhQE2x0BUhTGWyd+Nw3AbXKpV7N6HI2I6jI8F3FUb/GHUdQgqPLQBUBShODLPTANgWn8ZUDfngqqMB3aR6GUSjKE585niWKFVYXmPECLHFmDVXXn7NmzMqhXF02fu7F0BF4KY5edPxpw7d5vgOSFTRIan+U3Z+TPFeVHYXQHl2o2dFSB8fX2RJFvibe3lxqlTYk8F8mbCzZVXMXH21v88J55TQ5bL6Rqy2avKw1atOsk7d5srqBN22avqmRKuVLFIRHSUFVoeArQ6bPnpVql8kxKsmTOLL6QJiE9fLy8hBIudCGQJLkWeU3qQGLn1Jlz0qxNB2naqIFKu1h2S5RET/yHbKn2BIAXl04eEQ8AJa6o38SUCrDPnKbFPoNZOo1ncgnw8UTfcEZ7t2OQ7QM84T2RYW/0kctoo5Z7OhRwSe4kQX4e4umeKs4OUmKmTLtH7m6wbYSxhpJ8qh6Dev6nHAFZFCnuhDMLLPmnKG3F+/9BAYj1YxhPBjCDw7mZWy4BgD8TfgMqwTHKKz2srOzJabxcJY0HJEiMp9iIYhCnE3/Y2LLFbDxYV4sCFgUemwLsV7ArRFySkvUwXWK5pEgBq57+lVrhLEM+kxt0dFx7c238NF2SAUtY+DswElooZxbpDaY4/BrE0fCObZM2ou9BlNT52AFx/mkKjgqOluRFy4rcjJKYQ1txQk4KuYeFvr2jnr57KjcpCfCi0csvyZJfl+vn7NlC1MbGqXPnpW+3d/QdmW6zyKexU18fbzkPCZJjJ06q2Pdvm7fqqTpcsFKSIhXipUTKPey60LCq2pVgHvE9OjYfGYMyyE3c582TR9Vwzpw9p+AG88WFBU/YiYCtkVIlimvaPImHJ+6cPQ/bLABafABM7IL0B2lAIObQkaOa1z+27cARyndUQoTqQNz54Y+GYlkGxk+pF7oYNC7eU1qmN8q6fOVqmfDdVKhB5JFaUOOpWK6sNH6znZQpVUKSAVgh6JIVdl7Wbtgo5SC5snP3brkGSRx/2HGhLRQD9BDVu4M8sKm2a91CqgBc6QgpmsoVyildmJ+n24y1uE/0x9S7Cayd0Dzgyjp9EhsJDEfnGJ++TOgfxME65D/tCAkN9xj+bLm0RW/uwQIjBvP0GJE90ivi1Ebx5PGSpja6IoeMjn+e0Jl6Zxx/J56/Sp75jS/+v9s+mP+EtEsbtW01+ld5ffzvHJljqzU28JPXSEJSt9VVfPRMSGjLj0WB/zIFtG9ivPt531l5f/tp8cPcchcvcXnAYWNbwvGOe3iNA72kT7U8Kj2mU5rjmMtIHcKbyOzHavPOuloUsCgQDwUS0K/Ynww/YT8Hch1ChuiBd4/ya5KPJww/MZ6HpvWQeBnO1t8fHd7RH5/t3ZOky/BPGs6EVQ5JB0hbbkx83OQjbeOc/T1fxjP+mbCko32dxMURe0N/9t8fFo68HpNxojSgnaN/ugfiYFswzi59E/efymP8PgtXR9o/5TwnIbDEhhwFQAWgTtHcDzQAoBJAXSGAE+Ak16ZA9SOltziXqCjO+YvKnS3rJHrWRHHydLc1arYfEjW2IeXKESr1GzeT3Lly6mLf09NTalWtJMdOnoRqiq+Sm4ZJVe8eO6U0zOoNKQraHOkzcIgUg+SHl4eHSpywUQak9o0DJWyN1QmSHl6qs884CKTQ0U5J62avSc/+A9VoLA3EdoZdEy9IajAc45oEVZ+ZUBMiMEPbIhkgyl6rWmXpBimTQgXySVZIw3BB5AFpk937Dsqg4SNlDwCUbh3bSUqANZ7IFxs/f5SEYZwEPfx8fJQEXghHYIan+WyFTZG7AHraQRXnLICiLyd+oyffPF+jktocMWo0PClo+CejpXvf9yFREi493nkbZUol7tidNn5IIwI7v+GUnrkLfxIv0PTtlk3VcO1dSM7Yd14lRhL+81cLzictiwln6vpJSZAcW+nOqNMY3Wq4PzJrXaO+eWUaBPJ06MSV0k50BK3QGfS/M/3hH9FZfUEP6vCMb7YfuhmlkfgM+9OmDLEen/jC/Kn0FfOlcT9ZVMxPYuXJsd7/bj09rETx5dc+Lfv7h8UR33vH/Mfnh++cKPWGHyXnbKRn3f5dR6YNLYTx4seGlwwqMsmSPXqn+slTtUtPC8E2bDmLAhYFHpcC7DmHz0DX+3SEpHBzlhvsyHaOcn9hEEcplN5LjkP65I9DF+VeFe7n2eYPO6+PvGW0KV2g/Idr9G2OC4/0bn20KGBR4C8oQJ7fJsF+y2a0Hf7JB6QEf05Jct2o5XSMTkdD6Cmw+Ul+/DY3T2N5Jxec6Kk8Cfxxw/MOTsfkM8PQP7spJcwpYU8biLchLW/vxwXrCUq+M05zIiazzfD8phvI+GbCcwPc2Hc0/ii5TKlU+xNCzTceTMF07cOZuGkXLRoS9dwQtuertLwIw7Dx5vch4UyaLrARc/fuHV3X8R0dN8PJM926ZTPRYJ+ezUf8f/8qrwxFP6w30lvrJjaqh9Uv118Mw3oxjnRmeI7epBXzx98D9Yu6N9+etDwmPeuKLnTz5s0HZ8t/mSqaGTQMe8eGQqNHdw/skptDOolEXJCUnUeIS4WaEr14pkRP/kiS12giro1aYfSAHq1deN6ys7PzajxoUOxsXFyyw9KZTs/OYfxyQKABGXZAqreww+sggSvjsndUv6FRWCKATIP3TJdhI65dUxslvgAwGN74obTHLagPMQ2CNe6wJWIGgSs4ecYVgASPEaZkAQqkydFAJqU/aHeEEi3MkynXg/d3NG2+Y17YiRgnB1AfSM0wj5GR1zVfqSE1wo6LdqD5Y/y0c3IVqjdulHZhWhj8aMiRqkGGBoyT8V0FoMJFeGo/v7iy2dPG/p7pUJqGYQlaMa7jx4/LYdhWMOUw/umH6YaEhEhwcDBOFIqSA4ePav5pV8PUpfHPq3lHGzMEkkj/RzmW+ciRo6rSRH+kfzakdwZ2GHgMNNsFVaieg80WOhO/udeX+MO88ptxfN65a5eekJQWhnwdvxl/5j39G8dYzIT1Wv/PxCMos6RC+2O7MY7+YzC4X0EdXoO9HVeU0w9gYUr2EajvXI2MUq+p8U6t3iDsJdikcQG9vT1gj0RTMLHxESmi7CW8oqVA7lCALaTb/fLY+XziW+aZNn0OHT2G47af/1MfelTEhu6XYAD55KlTSs80AWkkKCiDBjPfzZUv46Ut6oj5iISUFI0xqyqbl7dkyRKsbdGEYXhTJyZO+yu/09n7sX/Wj/jDfnQE9jWyZs2ifYXvTTynUA4CmQE4RSu+dO39mnv6Yx9iu9y4aZMULVIkrt+YvNAv2wr9bduxQ46fPCHZs2bFpEwQk18Tx7G5O6dA/0U5YmBXikaeOd7Y54Mp0R9VGOn4zXzne3zR/2yOfDb5s7+nL5uznVB28OgRyZwxE+xR5Y8rp/FhXS0K/D9SwIwZCZ3XjH+eUncB6yRlqm0dDuZFnGTIgu3y7c4zEuAG/iT2PemG7SYJQ1etEuwnBYNTy6Idp8T5erR83xYSo+RvjF/EEWfgFTyAdl47wtt4q2Sy60gE1PSSS7YMHgqYGC+mn/PZLkrbjKPjgvFpNyao59j3HMdi/T0QF14n4hAXm5h1sSjwlCjwkH5l5s19u3epDbI8+Z8Db87eCoAEPPKeHdvFHZuXobnyKA9LvvcyeKV9u3ZIYFBGCc4aonPlbfBfRw4e1AU6wYGgTJklIG062zoCvMixw4cUXMmZN5+cOnFcjhw4INly5lQ/XHST3z966KCcPXNacubJJ37+/nGLfQIch/bt1TVDlmzZ5eSxY3Jo/17Jmj1U0iMP5Fk4LtHf1bDLcuHcOQkJzRFHWH4jaHEOcR/ct+eBcARXjh48gDJdlNz5CqCsHnG8hi2ci5w/d1YO798fl1+CEKTDkUeEI4/EuA8f2C/+4Cc9sUnO+Oj27Nyua468BQpqmcwaUT8+pJ74jTR6WJoaFvHT9hrXmSfIy6BuGIbMz4E9uyX86hUtowfWR8wJAbBd27Yqr5grX37ln8jf8UTV4wjPNVTawPRa78wj02bZWb8ZUL9p06XXtPaiLXANFW95NGNJ+w/7APnLNFh6UzCA7Z6aFRR4YJ0ZvvJhpTB+wrHeJp28UNePs/68hnX8g3I9D0vpKb7nZGcGB3Ol5IQTKj95+kySskknSZajKH3hRByggRfOSvKy9cSlSl0AJZy47y8qmW0EjVtQ8JlEI5GMlATfsVOxwXKnVO2E4B0JSvsf5jhc+mF+iNA5OldXILL4xjjoL7a/aYVSvYbHCrNjmgUv/RIo4Tse7cuGz4bAvNGPHxoDARqWmwAF4+WPgAv9Eiixz8uf75kfoKMAZPiNLiAgtQINLBfToGQIAQE6PrNcTIPHLtNpvvCOjdIWv4vml3k09OI980qghPHy+VlwJp9nYCyyau26Mmv2HFmwcJH8OHO2nIPUzfgJE+XgwUP6Gz9xkhbp559/kaNY6NORXqSJ+TE+c88r3eejx+DY6p167/jNpG/eq6fYP7bQtgdGRSkR+x+lTDjoXcHEUSK9j7QvX0Dq5ARocD0CxztfkWiokVXOHijlMvvLeTDLgO3kDtDx+vmzSKlM/mrMmCAh7dnYx2ukUTCSq3SJTVKA0gKJ8+MEwbifxBl6LVu+Qlq2fktWr14jHTu/Ix+PHKVtztDcXJmGoa0Jy3fmfveevVKkUg1Ztmy5fDTiY2nzVjsYK74SF8YxHhOfuZq4TZz2z+Ydr5zocuQIlSVLl/JRJzT6JViTMWNO2fDbb/rehOfV5PHHmbMUWKQH0944XtCxT3bv3lP7HJ/tw/H5Qcd2SrtK/CVOXdrioaSKLT8UD40vbn7nWOHh4Qlw1AtjjJvmg+8JjqYCw5cKYCyvBIv5nQAS7/Ubv+OXElJ5zL9NDNW+hzxYUuvJooBFgb+mgM7S+MPrLfzhj/KwlCipkMlXquXNIKcuXpM9l6OwoYT+Ro8JdGQBaPDZHVIri36/JNv2X8UYgNML8SGlC/o97uk0SvrFsyve2+Y62oADKArjlnynacemy2zwPd/xnuH4Y7y8/rzlkhw5F4VTv2zSLLHBrItFgWeeApzfx3/+iUz4fJQs+2mR9IG0Nw233wSvN7BnN1k0ZyZOpxwh3341FpusbgAb9krbJg3lj02/SS8c4vArwnDj8xg2JTu2eF3m/zhdpk6aIJcuXtC1EAnEEzq/HvO50mov+Na2rzWUTRvWSvumr8qe7ds0/JzpU2Vgr26yYfVK6fhGEzmNjU6zLrqFvHz+0RBIvLvJ1t83avjtWzYjfGPkY6P64xzOPHd6s6kc2LsH72wb2NxMoVQK89sO/k24LRt/A3/gofkd+l5vWbnkZxyE0U4uXbig8WnfR7idABPehhS/fX4JqMxDOeMLx0Ianmv2tO+lWrHn5Mypk7r+YZwTv/hMZk39TjZvWC8f9u4u17DByzUjvz3M8RtpsWDWjD+lSYDIhCWQTN6H8dcoWVh5QtJl0tjRMubjj7R+WcYILOqvY4Hep3N7WbpovkwY/QnawChNnuA3aVMuf06U/Q8Fwwn6HD+C+n0ztn6/Hi+XQSfa5pww+tPHLs/Dyvlffg904RlwnEnRyJzcoApSvqY4l6psY5zRwVM2eIOyaLFW2QmUwK+DMw3VvH7Us02Sw9aZCACwU9GZMFy4ODoTxvgx3xmW/o3EiHnPK7/Rv0nDpMNv5h3vWW7jzHvj1z4vD97bwsTtBCECSobQ2Ye1z5cJb74TNOG9eTZlZBz25WSe6Iw/fXhG/rDMhaHuNOD9/roYM9nu8k5nCYQh3bVr10k6AEqk06KffsJEkFKCYDSYEj8ROHb6yJEjkiVLFrVFE44TlFJADYuDHN2AD/qr8d0oABukFxFNLpJDQ0PjaLV33z4dOHlsNOlnpGvu09JmQJhABlshwTOiqR73bkn/5nUlS1B6jZv+G8K2zIS5S2TBtgPSrwFUq4ICJfr7ubL66AVJk8pFGlUpJXsOH5df9y1TA8AUWGK+tHUjPCcsxkNRRw7e+g3PieEYF+PkhIOW8sRRUhLorTatpOWbLaTFG82ldt0XpHy5cpILhpEZP6WUcubIobaC9oG2QRmCxN8/tfZBJsr6pj/WZ6M61aVb13e1zD169AKgsUQavfKKSjlRIiQH6onu8uXLWOx74HSrYxr3ZZwAdeLECZVAonQUaXYcz9ch5ZMrVy48azD9w3KXLFXekKErAABAAElEQVRWBg0eKmVKl1Y0mx8IzAHd0vrmczgm42OIP1NGnEQEpJzSZnPnzYO9o9wACzDmob0RCDt18pRkg80lliFbtqzank7iXQYYsWYe46szghikO8t+v10x1b/nmBbjTYYTyWKc7toAthguemwE4HeqHnJHivVy40aUpAsMFF8AqxQNvo52HH7+qq1NIAzrhFJsBGyvoKxkMOjol4yPoTXFkC1nUcCiwN+nAPsoZWTd0P+uQkU3e4CHlAtNK3tOhcm0fecxYJKPsBvQEpCkMwCNo2ejhFyBG4yfuALI4LxFrmkHJE3coJqTJdB22poTUI8j8Bt5446EZnCX65B+44ZVFJ4vR8LguLeL+Hthkwphr9+6C393MT7YwJXzAHKoApgVcV2LuiM/b78iqZBe5gBX3QRIQFYtLxYFkjQF2D859589fQoL4UMyYOTnUMn3lHavNwLYsBuACXa70Qc+GD5KJUleqlpeKlatLtv/2CzNWreTV5o1AcBQXkYM6C81wCudPnlc2nR6FwcytJFbNymZHq0S5QRYKNVAXoOSIARaukANv2a9OrJw1lwZ9+lIGfLZGNm4bo0Mgop+zjzZpX+3nvLb2tXSqHkLzP3JFejIDcmH9EFBMnncGOk5cLBUq11dsuXIKTOnTpbnihTVuf3rMZ9J1VrPy8tNmmr+WQHcPOE8v3Lpz9Kt/wANR6mTn+bNlozBwfL5sMHy3bzFkiVbdhn54Qcyf+Z0adnhHbkLfpBSFJ9/NBg2E3tLDeR3wcw5Cjy86/8+wIdhMmnWAsnqEC4aPDk3ZGZPmyKrl/0qlarXVP6DgMPV8+dk5vffyqK1v8NupJe82bCB7Ny6RcqDrlHgWQx/Y99wTD2dQT19OvRD+W5ubF4HfaCATeuOXZQPIg/GzaENa1bJL/PnyfMvNdT4Ll+8KAcgNUQap8bG+hsN6mn9cj0QlClYur73gVwBH9oQJhMaN28pZyAtPGbkMKn/SmOAXBhZY9vJiWNHpS3qt2nrNqjXaOUHKcEzB+VcuHZTgstjXzbr/j4FkhxYwobH3yOdM3W14AeTeTI0KHV/FeaREcb/Mb6OEb/PR799VDzxfYvvHVN42PtHp277Gl/Y+N6ZuB71zfjhNaH+7MMknXvbSUMEMbijzXZHCZuvJkyQ+i/U03dcEG6CbZZ5CxarziAnL0oKDRs+QkqVLCHffved9O3dS/ZBBPDjj0fpZNYcpw9t3vKHVKxQXov6btceenLQL0t/xTHLjaV582by6Wefy6nTp3UyXLd+g3z+6SgY3s2neSBN2QN4dU5u0++MwQIZHyFVcl3eqV9BgZL5K9bJ/A3bpEi2TNK6QW1p+UI1WbdrP5jNG5puyxeqyqEx3+NEqauqEkLAjDt3lCzhKQn3HdPTFDH52qQPCJ4klmM5uMjl7++0F+ppsp7oOMHTjs5NSM0MHTpMJYICcNpVk9delXFfjYeNolzy/eFp0qzp62pkmWEIMtCxbFyUm7yk8kilk86cOXNlDQCyC5i8KleqgLBNpe97/bVOAiBy+vzzdWT69BmSPXs2WbFipRBU+/77qWoIOT2AgF+XLZMOHd6Oi5dAYtGiRSQN8jVlyvfSrt1bChysWrUaAMoQZRAuQ/qne8+eCpT8sXWbjB0zWrbjeOV1MLI85stx0rpVS81b7779AAyVlTuLYXeobVuAOGEyctSnKmVyATtEY78YrYCC49jJhQrLbcquBEiEP1qnaCu8ktlh/LZ7GwhMCbiLMFQ96ZuvZeeOnag3SqYllyZNXpcaNWvITuxefTx8OIBGb+1XxwAWvd2hAyRuMsrgwYNtanBor0cBSHbp2lVq1a6tgK8FliRC5VlRWBQAAhGT0hmSiHckmgy3R0p5IU96OXs1Sr6h8VdQKAxzhW1e+Gtykf2iBMm8tefkm98uSYXsnvL5hisy/pUguX7zjgyZehi232Aj5WaMFMjqIfXKBMqkxSdk7aFrktbHRQpmchcffB/36zkJwDU0KJVsPxopQ14PkYxpU8lXC0/gZD5IyiIrUzaHSRnEMXF3uHz9Auy6AUD56WAkFjwxcgtFqV7IH2MmMkTPlrMo8IxSgPMpeYjU/gHS/6NRurlCcICSxZS4+G3tGqmIhT4lLn2wyVLv5Uaya/tWadikmW5GAAtRQCJjcBbdlKBExuI5syDdEQXgIVSKlykbN2evXbFMylaqqqr5Udj4KVSsOMLelCIlSslkSKxws+PDUZ8rz7J+1QbdFMz7XEGAAJBUBz+1buUKqVyztvIq7bp2B3+VAvO6yDVIwKQLzKAgAYGJoe/1UcBl828bJBfUfYzjZkm7Lt0VeGG4iPCrQvWhE0ePSrHSZSVNukClRfEy5RQs2QpplS9GDJX3h3+Cbu4kBYva8lu4eElZsnC+bFq/TkpXqAw1lAfDbft9k0p+TPxxrpQqX0mqALgZ3LenbiYRzPCABGy1OvVk+c+LVc2IdM6WI5dK/rM+4nPkubi5Q3WeEmXKx+W1ZNkK8s2XowFc3FA6U3rmJACNTwYPkAEjPlVJIG4meUFjYCBoS9Uc1oNfan/JAFVjqtfkzJtfk4zE6aNe3j5Ix1nSpc8gI7+aJD/NnaOSOgo2Qf0+7NJFWTx3trYPAkslypZX1aKqdeo+VnniK6P1DvIYSYkIXK6loF0MdLSEuXtAFm/bdo4f0pATFo/l679IARozPXgIomtQ6aDxJJ5c1AfAB9UcOHhz5+rmzVtSEicWValUQdq3aycF8ueTFi1bSXDmYKlRg4u+3TJ37jzJkzcPTnC6Jt9PmayqUj/99IuSlINhSEgW6d6tq9St+7x0hxRD/fovyJx582UJxCPPnT+POHapVAIDPDAgY2wmsMEf+wbzmNbdRfJkzyKHjp+SMUs2SmhwsEz945AEB26SGmVLSPk8sfqpmGQ9gWJ3e/V56TRinBre4i5ECpSZ8fF4ujiHvkOmmF2IfrhTcO9e4u7gm0V7XJpPcENR0pmzZoG+rjJ/wSIpBpsdRbFjMWTocHm7/VtSs0Z1BSHIYNSqWVNm/PijfD1pknR7910FN5hk7dq1tH42AgCbOm2a7NmzT7ZjMd+2dWsFG1g3BL46v/OuvNKwIWzWnJNWLd+U2rVqatqUKvng/ffU7wmcltXkjY6yYuksqK35S5Xa9aR8+XJoI7YJjukRzKEkzGtNm8uLL9aX76dOQ/3XU6aDEiS0GTTq4xEqddKrdx/ZtGmTvFCvnuTPm1v69ekNoCWNPF/vBRkISaVChQppG2Db5MTe4e32KlXSsNGr2oZKlSqpwA7TVYc6ZnuyAWBYRSTmGAkGwR4gSQZQL1lySK8gYb7n4mka6Hv0yFF5r//7Wo7FixdJzx7dJCeALEqKXLhwXjp26iyhkAaKAFNFQGrPnj0ax9sdOqokShQkprjjRcPEVElkn7RvurEltS4WBSwKJJgC6EGYB6pkTyOnL0XK+rAo6VMsWMeH8bvOihs+30U/006cgDjZ16keEx55W0YuOyeTWmWXHMFeEhaOUwvx/o+9YTJlT6TMaJNNLl65JX3mn5Ks6d3l281X5Ie3c9hAEESyfMtFuQKQY3yzbOLjiRP8JuyXTXuuiDfuJ+2MkAUdcsrsFWekbqi7dGiUTUr8dk4+A7gysX1OKROcSlpUSS/FQr0xfz9oADIBRbC8WBRIshQgP8a5mwAEVURos4RAA0EMSmzw4AZ+p80N3ifHXOwGKfwjB/fLIKiRfDF5mvILBBS4CGd8Q/v1km7vfyiVa9SS87DLt3vHNmnY9A1dcHNRTwCCPAbncv5uwjZe+iAPBQQIUqSAfZE06dIhrmRyErYEuVDPmScv+t4tjAXOqj67fcvvCmhMW7gUkreRMnr4EOna7wO1gdKjfWvpOWCwSmxQhUdVeZEvqt0y3EcD+smy33fIjj+2QLLUU+uGfA83y65CZTotDsN4u1sv8EMwwAqwhnyOyS83NM+dOaXgAoEMx3Bd+tokyQMh0U1p5esAIsga0UgupTn8YBrhW0jH0CaLH4AqD9CVakqPckyfKkaU/KFjmpQ0J89OfpTxUjLlkyEfSqcefVWC58rlS1pubtwRbNm7a6d80ONdKV66rAImzDtVbgiODQPI1LxtO/CJGN9co1XaNjIyQv0xbap8FypWIq5+h/TrKT3eHySVatQWb4Axj1ueR5X1v/otyYAl2jDADJ+6HC6b98DoJhoWjZHFyxmTI0dD8gvwkyI5gsUnlSt2ymNVCv6rNWmV+7EpQBG2UEgJfDpqZJzEAiPhwp4DkLrYCycM7o7TUQUnS5bMsmf3bqlSuZIUKJAfi7y9Uq1qZV2I0w9tgjAMT6TJFpKVr/QIZtqw4eKvwYsvyKeffqaTzVttWwMkpFHgB5eBTJrgBePST3jhhgGY7gImDJ7ClMY/tWTFIB1x3SZNEuDjpWDIuYuXZN3m7dLo+erS/bV6GLBtDKSZ/DQSkxzKGkNFcFw5kVKaxiZZElt49fx3/mBhTekDLnb/VjT31I6Qr6+fdIIER+HChXRSot2cPFDFoTuP3ZNcWHwfPHhAcuXMgTqpqpOV0RvVekW5eYITjTwRYOECnmos23fskMWLf1Ja++Lobk6+VOPJkye3xl0b0g009ET1n04d2kMaJJPUq1Ned1dOQDTy+6/H4RSsdOqXf5hWOAwg08jvu507SQ3YxymQP6/07tVTfvhhhkq30N/sOXNUUoTAXdmyZfhKGR4yBrRlROYjV25bHviOEzDzznLTsQ3TWK2jY/WyvlUNBwwFcuTo5W88Qw0nFrxAzWoaTIcDNqWzzpw+A9syq+SdLl2kcJHCWo6XXmogPy9eLPugU50BjApBHPpXoA55Y73a2h5zDlAEzAuffbWctrZpTt/5Gxm3gloU+I9TAOMAQIk7ABUq5gqUmpzrMM9M/P0Y0F2Ib+MeFtQei0acp8Ku3ZYs7sklE1RhnDBhpYUKDd11gCivhLjJjQiMUZAymdQok1wEkJItIKX4Q9WGUiAERO7iWjnEA0bIUwi3B14qHSDfLj8HyZd78nI2d8mYJpVEQHSkQGaoJiLLGfDMMYIGplNi/uKPp75xJEzMkU4LYf2xKPAvUYDABRfNtDNCo6B9hwzXZ6pscCHNbwQpLkCFhNIILimTybEjJ6T7W61l6OhxkqfAcxIFsCJfQRu/5OEOCS+Eo02OmnXrwMbIb2r4k9Ipt2JVW8wCP4JSyVjsUwU9DKog6cHzjJ8+W74Z9wXsc/wo7d99R9avXqFSDFSXpWoQr/t275SubVrIV1NnQoolBEDALj3Bs2WHzjiFE/bLIHm6aPZMSH9UUsCAvBZVVEy4qfN/wcI/vezduUOuXrmsvBQBB0q4kCdIh3JmCw2BatFZLYvJbzg2Oqn6TnWiFb/8HG+4LODHI8Kv6aYoq5RgBYe7lLA9uX3975DuWC4TZ8xRsGXU4AGwI7JQGrwKtSEFVeIfWTgOEcigSg35Ps0r8uEOyRTee3p5yJJFi6DiM1lCwJ+uX71S9mP98P3Er6Th683VT3ZIsCxcs1ElT1Ys+VlebPyqAkND+/eBdE0Zeb7BK1o/MZAiIb0IilGqhEATnynpQyOwrF+CUwfAZ9HA75rlyx67PP9SU0/SySbu9vHfKCoXipQo2bzniHy8FlafoQt/LQZHBd/78y8S78KgFNtz8e+y/xSN/fx5ofk3smIF/Y9QgG2Og6zNuKSrLvJYdKqr8Jv5zndEoHlCEF0IBlsOjFWxEKckQXqg3BwguQtuHG2+cADlyjsqygZkELBgPGRDeYrQJdi/KFiwoNrdMOF0MW8eMEny2fYDyozFaeSt2xjkb0uOLJnEKTpKdsAQ7VEYqs0caDPWe+j0eV0g017E2J/XyvZ9h6R0kYI4HchdjfdSDed+nGAqMQIgCaaEfzagSBfYWMg6GoB98mebHZTkmlD8k01ckR9xQzsXZcuWhYpMRQVK6JWTBCWBSFe60OzZMY44S6VKELGsUkUyBGVQ1Y6GLzeApMjLCjJEYcLNjgm8DsCP0qVLKVBC2yTP139ZXn+9CWyXvKx2MxgfgQmKvtJRSqh5s2YyA0bBBkOaxRPHgJOWBQs+p5IsBXBqkh9sctg72g26hfDVq1eDmlUeaQEVLDpO6ATOKP1y+MhRebfLOwB5QuPKQTsmbG+cyFmeDRtsxmBPnTqtorJst/zR3WDZ2ajicUaih2DVk9ffn8Mq+IVJ2gCLJm6+J7hz/XqkMk6psUtzF/2JNl1okyQ9QJIraPeUCPQHszd9+nTp36+f9IDk1UkATrSIz3JNnDBe3uvXV4YOGaz+aSdIy8I2ZDmLAhYFnpwC7EIYl+YcuCD7Tl2RyNt3ZcKmY3IMEibumB9o8FUZQ/izzQp/nRRtmvl5Ynf0Gk5kgB2SCNgRWXYQNhUQh7cvwFMculiqYIBULZVOAjN4SghsjSw7fUNOnL8B/CRGDp25LncQx00cM4whHRJ5YP6zwsA+DL12n3tGapcM0DwzX+fDbiHMPdm6DzvMns7YxICtAfin7ZJbiCuhef7rUlk+LAr8+xRwwmbZjMmTZMWSn6RLn/668UBehCopfM8TVHhKzZQJ41Qd5Rhs07Vv2khatO+okie0d0G3FSooFwGonDsbBqOvC6HikRdxiS6mS1esrPOuF9RiM2bJKr8smKf87+K5s+AvHyQXoqV14wZqL4O2Tmg3g0AAVXV+37BOipYqrdINBAb2794ljWtVkQ8+/kxBi7BLl9VWGY3SUg3l8pUotQNCWyKUliEP5xguJHsO5PWynrqzc+sfCppQcoNGZitUq6582YY161WSgyfKmPz+vGCuqiQVK1VWtvy2HicC7VSJDxOOfOLGdevBm3PziLz+bQUgyENyDGM5w3lQAsAnlpOgA6VEHuXIA9Jv9ly51eAqAR6TV9o6odTHVkgyFyhURH7dvEMqVaspVWrWltRQz65aq44CYJ1bNVdQiFI2J48fU2CJ0jyDICFCEKvh682EwBVpxfGN+SZfynzS3gvLY6vf81q/SxctENKQ7eQy1LQfpzyPKut/+VuSkSwxlXALC85mBbNJ69rQz0cjtS3sdJ40XtBUsEjC3/3nwmDwEgtRMtBcLPCD5SwKJJACRKi5688BiI7gCNubFyQ2KOnBQSkVxBnpXoQNk1Zt2sHOwjBd2Pbs1VtVO07jqLPBHw4EKp4KqgUe6pd/vLHzT/1C5zsp1C4D3zE9AisUx+NpSBmDgmT//gPy5bjx0v+9vpCOyK15IVhBx2bN02/4iwFw6O6aXMKx57Zqy06pWrKQDHqjAU4bOCxBaf2laL5ccvTUWdl09Iy8jp19xpEVRyyPXbhS+vl6S4a0AVo2FyxkNT4mYBbYSMiIMipSbfeJ3hLHoTBEwf9GH6VEDo8fpuOCmkAC64vqG8Yg6GuvviqDhgyR9h06KiDV4o1mUhnACSc81i/DKNKPuuI70olxULLk9cYNZfLk79SOTA6g/3Rc7NskIGCgcMdOmTJ1qqb3VpuWavCV9kPavNUe9RqIE6zcoMbVUwEZhmW8tFfCiYzpfDPp67iBjEf9UYqHRmEXLvpJvho/QU5D5acs8kH3EtSBGjZuorZshg0ZJF1x+s2CBQsh6eIvbdu00nZr2glP7aLo6X1nI7L+RR6YD/4S02mc7CEat62sjJ/P7E8+Pr46yVPCpGTJkpI6ZWoYqD0phw4elHpQM7JJn5yWXuhHufPkUYkdSuWchh0fgkOdoRrHvnITjAbrhnWl6mNsQ3EFuX8X98q6sShgUeDRFMA4SJcOE8Cs/RdEjmIxdQun/8UCJTwZJwW96M9MEgwRv+PQcofSIe4ppFfVdNJm8lGpCkmQDKmSA6C/J0Vz+UnhXVek2Se7JSUMwNI+Sbu6meWT6mml19Qj4oF5rVpeH0gIJxcv3DM+gsweqVJIxdzech7GXkMzekLo5a76+XrLVTlwaZ8cuwhD5w0za/iXC/hI0x+Oy8c1oqUeAJk7BE2s4SH+CrPePhMUUBttkMCgKkqPt9tK7RcbyND+vfUo2d6DhqkxVwITnVs200Xx55OmSDpsRvAEGBr2XP7LYpn27USAkxmk18ChsmHVCpwYs075UEogVIdtDp5Aw/k6K2yY3IJtjRQpUsJ2SDc1pLp25TLllTr3ek8NrXLB3rtTe/DH3tjoSCt1XnpZ1qxYJpmzhKgdDYICnKe/GDEM+QhSA6o0vkqwpdt7A6RD994ypF8vgKe+UA3xhVRKD/inUedkCn7EF657/4Ey+NMxMnLQB8ozZMuZS2rXb6DgSfd2rWTeyvWIp7sM/+A9seU3pXTu1VcNpX44arRQMoTSuPbhurZ9EwZcN8nhgwfkO6gycTOLhmcJ5pSvUk3qvvyK9OvSEScAuatqU0WAG8buSHwNhzwP+VGq7wz65Iu4NENg3LYO6mzLxg0yrH9fmbZoCQAMHPCA8lKyJ0fuvHq8LwGjUuUrSNe2LZU/Zd0QZCEA9P2Er+QVqEd1e6sVwJQr0g9SRaTtZ6Drof37lKe9fi0SxnzfgN2Y5QoQka+kNFFxSKNQ6ojqVY9TnvjKaL0Dbwuk7a9nw6dAKXZYGgWcumiVhENyxB+WiGf/tkfcUPE30QFdsGC0LSFt6jZc8H2167isbldPyhYIhVHLW2q80j6rNukAMvC2t2zUieVsfMSDqj+6UMAkzx1Qpk33JGmSUWBOnySsJppE/3BQjMCOOctFmwUED3hSxuHDh3VQNjRj9umHaG9ISIgEBwfr4HIAupE+Pt4SDBCAfh3pY97x5BBPLLAeXED+mShsc5QASYkBxd5RcoP2ERgfB38urul4og0XeRx8iUKHYYeci14e88zBkv5NmvZxMB2+p0oOd+Bpl+Gdrj3kh6nfoQzJAMK0VfsTZcuU1omLdOIi8Y0Px0hw7nwASVwVzABVFMGOCLsodQqGSvnC+XEyjw3v3H3omHy3bKNcvH5TejeshiMUXWTk3FUQp8aC3eWedG1cR3YeOi5fr94h6XHCD7IPF9v1kYeYOxCLvhcmJaEyYTvSzQYg0VdiOFOm7TDsWbdWzTiaPk7cpDGdik3aBWQ74YRDUXDjWDesJ0oNOTrWqX29mu+M/9KlSwpIsG0xz6oGg8U77+mohsPJlUdrG3cDuwGUFKFUCcORqswJ2wPDm/Zj/PNqXxae/sJwNHbKfLF8bF80jkaAiG2HZWTf8fMjeMOjx29p+RgX02D+2J/oGJZ+tm7fAemly5IHDAb9JLZjPvdjR4sSVLlz5tQ8sRz8EWycAEPJs2b+KD169lKbJQsWwE7PkiVq+0WP7Ybkz4qVK6HG9pzSlaDIchjJ7dunl0yf8aMEQYSUO0HsP6Zv7d67V2lfsED+uHImdrms+CwKJCUKsO2zTyV0XjP+L8EI9AVgy2SY+Y6Oqs0f/bJLvt52GnLnGC/4mt/w3kwH6pEDGPp1odSwLfJaMZxq43xf1Rl+Y6IixckF6jbo5xoe3hkkGVRhrkIdR4//Rfx3ICnighNwmP8rVMNBUt5emE+RJsesiMhozMExOKGNEmU4ORBppnCO3SzAGNZn0gGpXtBPqhZJI7fxbcjUQ5IjnavULh2ofrmBQKCGLuL6bRw5nFyPEtYX1h+LAs8SBeLpV+w3lCDgZpaqnOGKGVY3FMjfkH+kmgp5NtosIZ/AH8NR4oBXOqq9sL9dvRKGJydsZPgpX0G1F/JOWbNn13D0a/iNaxHhiBMbMRg/GBc3pCh1QSkKhqdtk104tpfAR4ZMmeIkcFUSF8nSfoqmj3tKOjsjnkjwMARlfJSPSaZ8EP1wfPpzOKjWIQ3yT5TwoLSGD/gulojADFWPaZvFMb/0b/iueMMhLFWFbJIZ5B0xtoHvIsjANShpGn41DHm7qxIxBDfsaQkP8Y5/HNNIK8c0jXQybe6ZcZh+yQNyY4h8G39XwKuxjn1RRvoj78OyMm/GMX7WI8EWhqE//qjCRDpeBd/L/GkcsXwTyxWOen9oeUzkSfjKsrFO02Dq8IdaNts4Twb1A/DG8ms7e0T+jR+u4Uh3qrGTfgldf5LvT3KSJbbJG6oO6fylav4Q7Bq4SGoPNwnDIhBdH5/NRJpMdl68LmfCb0g0GjXm6D85dgL+6EgsEokN768I+6eI4nnBRS8XBGyYxrEyU4KpsJ06Ql0yLmpsA5fxk5CrWXzbd5KEhLP8PB4FOOg4AiWMwSXWLgjv2aGM42KWjm2Ji1F/f9uCmc+mnRm/8cXBNkOXEwvLt99qIx/hRB0Ofq1athACJXT2bZMtiwbykoN5dIrFLpInTynJgerP33FUlu48LO5ob9Fo0xG3sbPn7SuZfJPLd6u26iDrDgkZF0yiHFQGTvtJJ9Q0/r7aLm3WQ2xMpkp84NhXwZhsM7QF8CT2k2YqEf6oxEps+Z80Okcam3jswQgzKN5Xh2FB7vdRhmGd2teriYfxp7OzOcL39nHzmSCfzYQXn2xtgRMsf/qMEYrMDB3r0jG8fsAfUxbml8cFG2fes33ZtzfGQ6kS48hEGEdm4WFO6Q5g2eku6vdBMjwsSMLeg6ychFlWYNvabiguzDKjSPiYTBpByofSVRMnTtBxlyfdfPLpZzh+O5Met1y+fHmlVjTG5TvUw8WTM/pe5uAsujC7jV0nAowcR/Uf4reNt4ncOBNWYsuXRYFnngKwfiW18geBuU4pUTyq1/Av2mlji8dxQodNJ8mV1lMlEXVc/YvSM8hdSJL4wOYIo+OmD0/IoS0Scm6+sEuCG32mX9oa8YI0inlHFVHOd+jySNNJLgN0yQj7J8VywZYCpEo4D+bK7CHpfV3Ursl1nORDyRVTBMbPNO2L8hdZtj5bFEjSFGC/I49ozxcyw3yvaxkwbQQu+GxAEsOL2BeMGw78+QKkoGPYmzduS2iuPOiZ98PyG9cx5I9o3JSGTanKwfQJLlCqhB2O4AFVRvJio4Px8pvJI4EZR2f8cFHvDh6K4bkeM2F4fVg4lovfCDYw3ywrgRsamaX9Dsf88pnxPTQceCeWi3RNiY1IxqeDEOjA96CsAkCmnDF2+XQs1wPPD0mT/BnVi5lXU17G7QIAibYBmT7zzHqkM2Xkxqyjo1/+aHQWN7GfOWba6EKQhI6qzzqIIx3WHwGtxy6PxmT9MRRIemAJc4YJ9ezVCNl0+LTkDgqQAiEZZMP63bL+TBQsKdtsM3D6dUmbScYdBFLkflJqhKYRT+iu6iIPjYgi2+dxdCVPsyAqS/sAGYMy6GKHnYjO1kn09n4jjn1vGrXxE/eM71z00sjniVOn0OnZudBo8Z9GP48dPyFZswSrwUYig3ly51TwhPHExRHXyNl+ubgwjd6Wl99x7GymjEGKmrHjGGfC89mEsX9n/FnXf4YCpg4NzR2fE5IqwxCk4TG0tSBhwbj4bJyJO7ZJiTO+ceHMTsF/dMkx2AcFpgNIaAP/UgIJz4BFqRp6Qvx3seBkk3JBH2AQb4AmVGnTsLELXH3Q+OAReVDlcqj6MA4FTPja5ulv/2Xrpi0L+3L+7UgfEoGh35P2D1OnD4n+T/2O6dmnZeroYeEd3zuGt/9u8mJfJnNv7+/P96Q480VRdLYv2IxJjon6zx6f+I2mYNoKmCVaxWf9msXXXUzeXrDp8marVtLwFRgmw26OD6yyk0GhobT8+fPL5ClTlCnjkXkEg7hbVAQnHI2fOFF3XMhgUcKLTtsQy4E0Eq9latTWH4sC/xkKcF7IH+gjedJ628athw0KtiEEm1A2D3xMkIN3SnrEBkMatumFYY0ECL9prPRLhi3Wj6YRe08JE+9UztK2TiYyOxoPJU+eL5EWMd2TSNgn0Xg0IlvO7NO1vbH+WhR49ilAPkBtbDh0KsMLKOiAYppnzps6Ydr1DUMF+qWjX/J5tGVhnvUm9hvTNCCJiZdXx/Cc1x3Da/omMnbq2HwwvIIR4EU1fVOeWL+PDsetFNsaimGZv5gYG9hinuPLLw9x+FO4WPCDcRC00YEE93pF3MzuA+V0yKcpWnxXWxnjSTM2r/ZhbIco2N4wnGOatnqMzRe92dGSdFRn947P9nEYwscXty2w9fdxKJA0wRI0gECc6lEkS6Ck9fEUNzDMrhD5vA2Gv3f5bOIFUUu2EQVEIm/J11tPyA0gaU0KZtKGzt0FIo/rYBTxq8nTpGblCnIZ4kmHjx6Xlk1flUoVyimSx11c/ojqseMQRJmzYLE0fLGeMuVsrNzB5Tf6oeOglQLv9kP3vl2P96UBDBnpe/x5BeG+nPitvAP9QtqioA2CfDhSdva8uVK5YjkJAOpH9QpKpDB/XCRQNIp5YLx8xzx89uUEad/qDUmLY0PZoSgmR2fyyQUD88X8GRSSebTcP0sBDjr2zvHZ/tvD7k0Y1peRbmA9OgIJRKODYGeEIIcL2r/Ocf9j7zoAq6iy9pfee0ICqRBq6B1F6Ygi9oZYsLFid+2KYu+661rWtvb22xvYRboIgii9JBB6Se89//nuy00ez9A0hAecCy8zc+e2+Wbem3u+e8ou3XsaEzXbj+PuU++K4YGtgNnwTPC7wsQXx65JXg5CZHiIZolntYO4IRnY1I+TJWHs9e86hqY/+qv97K1eY+cby9ufK9pdfdd81+Pd9lH3nHp4cdVWVmvlftbIp6mTeWalfXbHPvhxHiNXO+RHypAm8GD4vYYVKNalY26aDJnfrrox87eQ5KBrPsdu+2vyh7OpgdH2FAE3RoDzI/Lvzt/VPw1Xzru+KUwZvhjqvquO4z/V3OW081nnajbfvNLMH5vTsGX5WiFeOI76unUvpvrjhuINZZzydFcROCQQ2Nv3yvmBd96Xi2v0e7zb79SuJxqtWwdYY+dc81yP/4T1rt2ZL7Jr1p/qMMO1kBw7aIyG0q59ux6bknurZ7G027rmG22L5/Z2n1hmb32yTCOp0T6dx+WKCdtwyWu0DRZzbqeRvg+JLPPb73LBzThw9yRLBI+tOfn4PWML2raKRkpsBNbtyENKSCjiwgKws0BMb8gY1laKGYIXzkhriSemrcSZsg0KEFXMOpMFrlSOO/1kXDL+fENCrM3IwPlX3IDXJAoDQ3hu27ZdCI2tSElOQpTYQa1Nz8CM2XMx9NiBJiwnhdnlK1eZ1c02KSmOSX3dzSFJ0b9HZ9wqjoCMMCI3kkLvLf+8Gq2Tk7Fy1SoREoJRLLZl306bji6iYRIoqmT0QZAjYV+pgZKcnGgIlB07s8zKanbuZrHt88P9d96GCFmFzRabY6qgszzV0VvLOCkwkDRZunyFcSLaIibafBG4MquESTN+c/5mV84/XkYIdGrPQaR44vwThuDuL+ehq/zQOXyoOBVqwl2OpUZMHrILi7FJCL74OFm9Mz9M0snf/W2qm3HzOaaWF/1uaDqwCFjtjk4d2mHa3PnYIr9zEWGi+iq/mX/7fnLoRl4SE0Nxxk0fL1HyW8UVJmNySCnMOUnZcobXMMlxju9t+3gx2x7braMsT8jHPj9yskj6429hCxtxyKWr+nq6owgoAub74y3fR36cv29/Dxr50gm5XiNtGvM4MZex39G/167WVgSOZAT0e3Vo3H29TwfjPlFGqaX2soedSzb/KNyTLBE8EqLD0be9kAlhwYgQnyVt4iKxOrcK2yRU1YfLtmKraJSQE2kXEYghraMQKUA2RhbYPKon0Qnh1Redi18kjJOfOMD8z/MvI06iVWzfuROTb7sZU7/5Hpu2bMMb772PM045CdOmz5Bz2VgnxMYZJ5+Ik0YfX6/mxJkI22Q4U67Mexk1dC88/fz/cOM1V4ivCAmJJcLJz78swNp1G/D6O+/jgrFnGrLkX8++gH69euCDTz/HDVJ2ydJleO5/b6KlaBKMPfNUfD9tBsaPOwcbNmzEE8+9hBGDB+Kn2fNwxSUX4LjhQ/H4U88arYQCcTqzZdsOTLr5enRo19YQQs5CePM/TtpjUyBg72H31ATce9IAvP3NdGzalmWESjMzbcrfC/ntZ+JkeqefrPZ7Lsd2ifBzIBLD4fbq3n23fjwORJ9Hapv83fMXAnVgn174WX7vVq1cIZp4osHWFJKNPCsUlOjo1jhgFe243LwFAnVTPpi73jl+J6iV10p8yrST3zomSwrtWlKPFAFFgAjwNyCrRJyVi1KsnQc1BTL8LlZLu56Voq3mLbOwpmNimmJ42oYicEgioN+rQ+O26X1q/vvEuR7nm4HB3nB4dmn+MbgfWULiTnDYmluARaJZ0q5lFJJaRCBzZ54wSxJ5REwSOoqH9vgQOscBYsRBmK9oW9Q5RN8FQU7d7SSBWh9McRIqdvbP8zFWQn0+fM+dZsX+2lsmIWPdepx60misEu2S66683JjKnCHhYqlxMmvOz3j7/Y8NUWG1ALjS/9uylbjr/odBIXDQwKNx3jlnorQueoPpTP4MPuZopCT8H66/6nK0Ej8T1958B5LiW2GomAKtWL0G33z3I1rKSn5Sqzg8/tC9xqzmzfc+NBokpeI1evBRfXHjtVehu5jzTP32e3Tu1BG/LVmOT955FXPnzcdHn3+Jtm1aG20Tfok1HV4IkDDpMnGcwwyMt/fAyaPmi3egBdDdOTw9vO7awb8a/hbwty8sOBCjhhxrXjRNeW/5GPJxtP3Y4wN95Q4znaY3KTrQ49b2FYGDgQAdoNbKapydBzXNGOTb7u0vcy75BZBoN5oUAUWgKRDQ71VToHjg29D7dOAx3rUHapRUMgiFz5+dB+9a8sAduR9ZIs9hubyAj+/VCSN7tDeECP0tjBvsiVd+XocS8U2yNqcE+WWVxplrdY04bg0PrFt13xUoTubpeJDJRoxYtWYt2qWmmMnDu+9/KI7CSpGXT9MAh/Mgmt6wP25pSjN33gIUi9fnwAAJ3yqEi/UzQV8jPTt3wn133W5WOJlP8oZ1HaSF9M7/IrRQ64RRV6iJwsgkSYnxWC1EyaCjBxifJtR0OXpAX+OHpKiouL4NaqYkCLHCxBBJVXLMkKV9e3bFS6++Iau5eTjzlDFmTDQLcvRriuufwwQBTnL5/DAKjiZFYH8QsEQGtzTv06QIKAJHDgJ0Dj64bYxMQhz+qo6cK9crVQQUAUVAEThcETgYsq4bkSWkNiS8XEwEHvpKTFe259SHgfMVu9hVuZVIjk9AmL8P0mKCsKmgzDwHCWH+EvWDoU6FqXBJzCsrLTOr8mVl5Zgxaw7e/WwqPnnzJTz935eQINolF194PlbeeJshMqg1kpuXb7Q7SKrc+9h/8P5rz2PFytV4+Y13diEjTMgnGS99kNBnCYVa+hJhhBLu87zVZik2hEw+oqIikZyQgGCJ8T1q5HBkZWcjWEJpccWXhIwjiaNZtiH/OH7rbZqOPkm2SFGpl2NCUR09oB+6d+1S34/L5evhYYDAwfhROAxg00uoQ0CfH30UFIEjEwHOQ8orxUE4HeLLviZFQBFQBBQBReBQRYAswcGa07oNWUIb+MqKSvTpkIIXggJFA6PUgMKXvJ84cf1tUz7WFgLFFdVYuaMQ28RnCV//tRJNoWVoALzJIrgkOkl996PPkSE+R0qEsPDz98OrTz+OxPh443B15px5qKx6H8GB/qYvanHEx7XArZPvwzlnnIZBA/rg9bffM+dSkuINeSHDNInq4BES69qEcKqfiHiII8VQowng4+Mrpjw+YubjjWGDBuLa2ybjrpuuwxUTLsJ9jzyJueLLZJuENr7jxutMWGMb2pXqKKYNCZPpKyFgbcx0mv3ECNmSm5tnNEkiw8Ow+PclePv/PsbtN16L5KRENcVxuf96qAgoAoqAIqAIHJEIyJyICzEHc4J5ROKuF60IKAKKgCJwWCHgIQ763GrJgS93hpQUhsIBNIkIcaC6KHMn7p+2CpNHdsKOojJjksKBB/lKqEkp+/RPq/DK2b2FePAVzRCa1MBoiNhwu8xgNBqG7a0QDRBqkWRlZRtnk8HBQUZrg/4U6ESwTLQ8woVoofPCfDHRoUaINcGxrBbNXhhdgoSGc6oQwscREpPRemrF0auY30jZoqJCQ3yQ/GB44DzRYKFWCvtmP0w0FWId1zaYz+vw9/fHTzNm4eMvpuKxB+420XKuu+0uPHjnreic1sloodjxOY/JXfaJOaOhcIwhISGG9MnMzER6erq5D86rXyxDnFJTU5GSkoJSiSq0On2d3JcwpAgxxLKu12rzcnJzESLaO9b0yl2uX8ehCCgCioAioAjsDwL7+17b3/L7MxYtqwgoAoqAIqAIHEwEKA8XFhUZ9xT2fben8dgy+fn5RtYPFUUHus7YV/mzUIKpuI1mib3QahGCq8or7KERin3EzCbU3xstQvzw2NdLEe5XN2whRAhCVnk1UmND4S0aKA5QHNWp1eEsMJPwoEddCtncb9Ei2pQn6cFyJEDoWyRASAmzL3b+LcUpK/cdPkkaeCXTtgzD1fzH35+hi2uNRglHUSPmOJ6ijhIhPkfYJ28y22ohUXjssR0jx87k2gbz2R+3/fr2xg4J1/n4U88YPwQ3SzSdDu3baSQcg1zdnzocnbN0XxFQBBQBRUARUAQUAUVAEVAEFAFFQBHYVwTcjiyhPskuGgMkNoRDoBPXJ0d3QZXY4FpSwV4ky5MoIaniLCezXGNlbb1KcRZr+2I57nPr8A3i2Ce5YcvYetyatp0z6vZJlDC59mvbtH3Ydu1xXXWz2VMbJHLOPesMMSsqMaSLv5gWlTuRS87tHKn7jd2vIxULvW5FQBFQBBSBQx8Bzo00KQKKgCKgCCgCikDzIuB2ZAkv32hrOLMedZh4i4aGjzh4dU4UjOW/g7xoUPxwLrLb/d0J1c75zvu7bWgfTri243q8D00Y0sZh/lNdb7JTKo5raYakqYFko6kT1aYiIw9WRG69G4qAIqAIKAKKwN9HgHMFmqRWi2aq1UL9+61qC4qAIqAIKAKKgCKwLwi4HVlCuT9ATGHop2RfUq2YyDB6zJGSLMliNVeUKPnznadvF/qByc7JQaj4RtGkCCgCioAioAgcSghw7YfLIM722YfS+HWsioAioAgoAorA4YCAW5ElnBiUV1Vj7rIMbN6yQ9RFdg+x0aUQh6Ed2iYiLSlOtSt2D9URecY66C0SJ0B7eIyOSGz0ohUBRUARUAQODQS8xcdZTHS0cUp/aIxYR6kIKAKKgCKgCBw+CLgNWULTG3+JgrNqSxYembYY/WLDkBQZikrRHHEEv2sAXTyRiH8SLyzZnIW5O/Jxa0QoWoWHOMqqSUoDUEf4HjVM+NGkCCgCioAioAgoAoqAIqAIKAKKgCKgCOwPAm5DlnDQHqIpkl9cgpTIEPzj+KOQEB0hdroOssRZO4AmKFxtWZixCa/N+h2FpeXwEGIF1ftz6Vr2SEDAmisdCdeq16gIKAKKgCJweCFgTW8Pr6vSq1EEFAFFQBFQBA4NBNyKLBEvrcaJqZ9EtZmxfD0WrZmFjdkFJsqNn1eDfgmJEy8hVnYUFMM/OAC+3l7Gtpf5xjynDnsrKDtPNpzzuG/PUbPF1rV5zrfQuaxrPo8bq+Ncbnf7DB/sKdei6cAg8Ffvy4EZjbaqCCgCioAioAgoAoqAIqAIKAKKgCJwKCDgXmRJHVtB4iIuLAiDOrdGoJjmeHl7Y3tReX04XhIX1CxZuy0bizbvxLbCMiRECengZILDMtZzvA3TyxviK85jGVGGJIWfn694ma80ZIWf9CGMh+mD5XneCtpslvUYapjt2sR9Xx8fE73Hhga25/Zly/YZuYWe7p3b3Ze6WkYRUAQUAUVAEVAEFAFFQBFQBBQBRUARUAQODALuRZYID0EugqRHTnEpNu7Mx8C01tha7oHPMnMQLBokpCpILJBoKC73QY5XOO6Zk4mba7wwNDXGnON5byE/Nm/ZalBr1TIOJDOowbE2Yx3Cw0JNlJRlK1YhtXUKiktKkLlho/E6HxISjOSkJEOC2DrcrlmbgZTkpPqQvbaP9VKPpEtsixamD3ubLNHCYzteu89r4DWSfJk3fwF69ehe365zPZbXpAgoAoqAIqAIKAKKgCKgCCgCioAioAgoAs2LgHvZf4gGh3AIRlMjPNAfnROiUVBehR8yduCMDjG4Z3h73DWkLe4e1s5sHzs+DW+O7YcTU6Mxd0OOOHilNoiDnCBZ8tOMmfjmux8McULCgp+nnnsRS5atkP0a3Dr5AaNZsjY9AxdfeytmzpmH519+HbdMugdZ2dlGe4XkBTU/zp94PabPnF2vmcL28wsKcMZFE7Fw0WLTB8vSoSjPsS+SM59P+QoFhYWGDKG2Cs8F+PmZY2qwPPHMC6gUMsZP8rzE/Ij1NCkCioAioAgoAoqAIqAIKAKKgCKgCCgCisDBQ8AtNUtIOuQUlWJnTgGiY6IRIARDfHggEuVTJYRIvXMR4RU8PD0QE+SHHSWVDrWU+pOivSFkhY+vj0HXR9qgA1lfOSahwkYCRCOE+zTL6ds9DVdffqmQGT6496FHhWiZhXPPPhPl5Q7zn8S4GDz/6lvo17c3wkJDhdjwwrc/TMPimd/C544bTR8kRTYsX4GEVq0QI+Mm4fLdTzPRqUN7BAYEIjAwADt2ZmGLaLy0bp1s/K4ktIxFsTi1pRZMy7hY0/ZfMekxA9A/f0JAyac/QaIZioAioAgoAocMAuKvzcxZDpkB60AVAUVAEVAEFIHDBgH3IktkQmAmBaJdERUSiJhgf1R7+6E2t0A0LgRz0YPxqN114kC3r53jwtAi2E/qSgNOihmeQqQUCOGSm5eH0pJSQ5aUcGvKMQBxQ2E6jLVhZgMC/OtNaliW5EXHdqmIjIzAR59+gSsmXAJqo8xbsBCPPvkfQ7Zs3bYN9z/6L7QSwmP5qjV46O47sGzFSqzJWI/X330f559zpvGD8thT/0XfXt1QNW06LrlwnGidFOGFV143Jjkc50P3TDKECQkcM87D5lE7OBeiGB4c3LVXRUARUAQUAUVAEVAEFAFFQBFQBA5lBNyLLBHig85dq2pqUVBWgfzCYoRHRsJPtDi2FpXhw0UbsSWvxETHIc1hF1t8vT3RPSFCNDXEQavT3fD388fUH6ajqLQMFaIh4int/LZ8NS7wEjMZKUcChh8vT3EWm5GJd9//EGvS12HlmnRccO45hiRxCNs0xanEeUJ4XH/bZJx4/Eh88vkUnDBimCFAqFHSIiYG9066BWFhYXjgkSew+Pc/cNKJJ+DdDz7BP6+aiJjoKFw08VrccPXl6C/aKaxTU+do9rLx5yG+VTwmXPNPLF+5CoMGHu3Ut9MF6e4+I0CNEppPFRUXo1bMnxqeln1uQgsqAoqAIqAIKAIHEQFxIi8mukGBQaIpy4UiO+s5iEPSrhUBRUARUAQUgSMIAbchSzgFqBETm5iwEGSLc9fpf6xFclQoFm/IxqpKH3SLbY8aoTjE2Kae6JC5gyFMvk3PxtqCMtEwCYW302SitLQUZ508GpdddCFKSkuMZklWdk4dEeFwssoGSJz4+/shODgIQwYNxDVXTDDaHfQpQh8jnKAUitBNJ66XnHcOJlx7M1onJeCGa6/EJ599YUxy6I/kq2++R1ZODtZv3IT+fXoZJoYaK34SSYfaKT7ioLZj+7ZmPzQkBAUFhTIJCkBEhBA94q8kOTHBCPhH0PN3QC6VRMla0ejh/aOGjpriHBCYtVFFQBFQBBSBA4wATX6ZWsa1QKTMFfg+U9LkAIOuzSsCioAioAgoAnUIuA9ZQnMXEWwTo8Nx3bDeWLc1y0wKYsNDUJNdhXcWb0JauL8QJkCAsCTclosGCs1wymTykBYTDC9pg8SHTTb8L/2aGNJDiAvm1YhzV6ZyEaZJ0lRXV6FlbAucfOJok08hm5+GCYkY7Eg9+i8ZNmQQvvz6O5x92kmmzdKyMkSJ9sunX0xB5saNmHTLjXjw0SdNWWkARWL2k5efD0bZEbYGCxb+hiGDj8W69esRFBQkfdcY8oQTILa/ywWY0eif/UWAGiW8fwKpuUf7W1/LKwKKgCKgCCgC7oIAncCXlcn8QFLDvMRdRqfjUAQUAUVAEVAEDl8E3IYsIcQkOryF2BjQIQlHd0phlkmDcoqxalsuw+SgrKoGH67YjhYBPjihXYwx2TnB1wud4sLNJMJZi4ARZujUlcnkC+ERFhoiGh50+uqBFlGRZksiJTgoECUSQphOYZk4IbFtcT8yItwc+/j44N+PPWi0RlguMCBAzHs80a5tKqbNmI1X3ngb28SJa39pjytCI4Ycg2tuvQuTb74ed9x4LR54/Cl8N20GIsPDMP78saZdO/mhtgnHoumvIcD7RSxpekONEmJp7+Ffa1FrKQKKgCKgCCgCBxcBaqgWFRWZxR47Rzm4I9LeFQFFQBFQBBSBIwMBj7KyMmdlDLe4alcB10fICC8xYWH+tsIyvLQgEy2DfXFezyQE+ThUVKuERKmmKkFdotBM7QImZwKiQvI48SCRQQ0EXzGRobZJVVW1iZRTV32XDfutrKyqP8+2mefcB4mZbDHxYV6oEDIU1hl5h+MqKipEQF00nGIhZIrEqWu4kCXeMoYy0SbhGJg4Xk6ErNrtLoM4DA54bQUSbpkYhQgxxOvMzMxEenq6wcD5vrMM709qaipSUlLEQW8JVos/GeKWkpRYj78zLPaeZGVJxKFtO0x4Zuc2ncvqviKgCCgCioAicCggwKmNl5cH2suizN7IEvsezMnNRUhwsHkPHgrXqGNUBBQBRUARUAT2hgBl5UJZPNhXs1T7TswXKw+6xAiti2i7r/JnofgYdUs1BgrKzqlSTFUqRavkty35eHFOOjJ3FEKC4mDNtkJMOKoNUsIDjGNY53oEh1ogTM4CM/2H2DxGvyFRQqHdW8iYGumjscR2/f1JqjjO2/ac++ANiDKaKqIAU1MtExofU55O2eiThP1Q+PcXUoXaKCRT6MzWjoH9WtLEtt/YWDRvXxDY9fnZlxpaRhFQBBQBRUARcFcE9K3mrndGx6UIKAKKgCJwOCPglmSJK+CWBOkaG4KnTu7KCMLGZIceS3xFs4QUhi3jXLcx0sE5jwQGE/O4crOnZIkS1zK2PfZPwoTJMZaGBpnPPH7YJ4kSRxkSK44xsJ5ti/ua/g4CDdg31kqtkF78x3tAzPe2UtdYG8559r7Ze+p8rrn2OQZ+7DVx29zjcQccmgtv7UcRUAQUgeZEYM9vteYcifalCCgCioAioAgcOQi4NVliRFqyGHWzBIkQDF9/n12EQIfg6x43bHfCqWu+67F7jP4IGAWfI1me8xONIgdB4niwqPHjTFrtFxLSBE2wLAnGZ5XPbXMmkhTUSqK5GUk9ajPxmkjK/ZXE59MSH/tcX8bA/qml5XCu27wY7PM4taAioAgoAoqAIqAIKAKKgCKgCCgC+4CAW5Ml3h5iHkNTGofPVUOa1IpJTkU1I504VtH34Rq1iCJQr0FCImDpkj+wZs1qiS5QhqTkZHTt2k18ygTUEwTm2SJmUtY1OZ/jPsmBP/74HTNnTDeOg885d5yEoA6WMNhCVDiRDs4Emeuz63osAzF0i63D80z22HVMJEo2iO+XZcuWIi83DzES4rprt26Ijo52aDEJQ2QJnPo22OZuxmc1oazGjev4XI9JFPn6+mH1qpVYuGghTjvtdGMCx3wiyNHX91s3+L1dk+s16rEioAgoAoqAIqAIKAKKgCKgCCgCzYmApSGas8996stDwuxml+VhZvpcfPHrVHz48yf47Lcp+GPbchP6l05a61VO9qlFLXQkI0DBn8L7W2++gSsnTsDOHTuMJgSPX37pRXPOkgAkHzyFBHEW6Cns82PPsS36m1mzZg1uuelGdOnSDSOOO87ksZ7Vq6DfHH5sfW5JsNjkfGzJCfbNOrZ/7jcW2YfnmT99+k8484xTsURIIL8AP8ydOwf33j0ZOTk5pi+Gzua42a9tk30wsT7bt4njI8qz7AAAQABJREFUeeP1V7Fly2ajMcML8fZq4FQbHa9g6+fna/qbJ31To4XXwrKOa/F1kCUWFOmMffr4OPJZTpMioAgoAoqAIqAIKAKKgCKgCCgC7oRAgxTkRqOi8LRk+3K8u+QT/GvtOxImJh1XtrsVCaEt8eHGH3BUXG+clXYCIvzCRPhr8PnhRpegQ3EjBEgQkCyY9uOPeOjBB/DjtOlIad3ajHD0iWOQK6QCnzlvCSldUlKMLZs3I1yc8jJiDwX/colYZImMzXIuMjISgYGBxkfNr78uwKmnnYYhQ4caTRVr+kISgtolmzZuhI9ERYqIiDREBUkWthcUFGTapHYLNTmojVIsIY9p0lNaWioRkwoR17KlIXFIXJBciIlpYcbD67HXtC4jA/+47FK8+dY7OHrgQHMdJ598KrZt3Wra5DjY1ubsbOM5Okj6YX/F4kma+3kSMaFUxhAbG2vqMjzlsmXLcMyxg8w4q6qrxOt0oWmLGNC8h+MnNna8PM6WCETde/RAh44djZYO2yGZxC09ULcQbRdeA6+fpM2O7dtRXlFurkloKBN+W0kTN/rS6FAUAUVAEVAEFAFFQBFQBBSBIxwBtyNLPEWjZHV2Ol794/8Q4xeJF/rcheSIRPRL7oV5y2egZupraJf1GdBnLaqHnALP9l3pJfUIv416+XtCgM8Uhfwvv/gcT/7r32iT2taEc2YdkigtW7UyRMHvi3/DSy++gBZCHGzbugXnjB2HUccfj18XLMCnn3xs8tevX2eIhgcffkQE/h148/XX0LFTJ9x7z92GRGCY6Ntvn4TQsDA89+wz2LlzhyE26Ftn0ODBaBUfj48//BCT774HgRK+as6c2Zg9cyYmTb4b33z9NTZv3oht27ahVat4nDvuPLz+2qt17Rahf//+OOWU00TZw0GWkLxYuPBXnHPOWPQfMAAV5eKnxERi8kR8QoKBZPbsWXj3nbclCpO/aH5kY/I99yExMRHPPfcMQkNCkZeXh5UrV2D4iJEYKyZE7737DtavW4cXX3gBffv2xYABR+G//30W9z/wEMLkmpYuWYK33noDjz3+JL799hts2rABW4SYYYjn3n36GJxY9vvvvjPmSSSVVq5YjnbtO+Dqa641pMvHH30oxNUPiI6JQUlxCZJTUjDuvPMNCWVNgPZ0P/WcIqAIKAKKgCKgCCgCioAioAgoAgcaAbciS7jCXFFdgamrvkeP6DScljbamABszNuCLxZPgf9X7+G8lqPR6tTjULlzMyq+/gA+YiLg1TYNslxufDA0BphdiTcr16JBYPwoyOo80+5Ws1lnT+fNSflj26bgavYlzxoV7K5tW1e3zYMAzVAqhUjYKgRIXFxL0c5wRC3iPaOmA+8TSYP777sHN9x4MwYecwyWL1+GU08+CbPnzjOaIVM//wRTvv3RkBCPPvIwvv7qK/zj8olCqJxrTFnOv+BCbBdtieuuucoc04/J2rVr8PwLL5m2/zHhUtzQ5yYhT3aaYz5d7JeaKCWlJXyQzLim/fADnnnueUOqkLihFsbtd0wS7Yw8Mfe5CR07dkLnLl0MgUJHqunp6cY/CduqES0rXhNTZUUlvCQcNuOJ33rbHWjfvj2e/+9z+GrqFEy84kps2rQJvXr3wS0TrzDjPu3kUUKO9MMFF47Hz3PnYqLkd0pLw1oxM8oXbDg+M14hY6ipwme9uqrakB5PP/tf8f2SgoWiZZObm2P6p3ZMWVkpbrzpZqPJcs6Zp+G440ahTZs2QsQ8j/fe/1C0SmJw2y03oVOnNKN5UiZ1POrGbxrRP4qAIqAIKAKKgCKgCCgCioAioAgcJATchiyh8OUjZhAZuZlIL9qEq9uNQHRQFJZuW4GPVn8Nv1VLcYp3S8SPOQ9VbTvBSwTMmpJCVC/5FV4p7UTy/LP7FbbJRPV/6yeCAiYFVJo70ISnQoRKCoHOifXMeRGkK6S863lbluVo5sAPTRF8pR/rC4Ir5LpKbpE6uFveJwrhPqJFQg0T3k/m8WN9j9BBamRUFPqINgXzOnToiJNOPhnUJPEV3xpjTjsDiUlJYmISiH79+uPXX+ebdvickKBgPp3E0rSlWupHRUYhJDgEG0TzgmY+fAYjxHxnh2iacJ+J/TPx2eSYaJJznpAuNGUhebNKND5i4+Lw9ltvmrJ8TPOENKE/H9Zlv9T2YFkm2x732R6vo2fPXsgQQmXatB9RUFCAKnme+VxyDL169TJjbinmPqPHnGY0WkjEMDFiEK9NGnI4WZa+bft0ukw87XipNcLvEqPwsF32XVlZgQFHHWWczLLc4KHDTf/Bggmdz27atNGYPJFgYv+aFAFFQBFQBBQBRUARUAQUAUVAEXAnBNyHLBHTAgp/W/O3IcQ3GJGB4UjPXofXFv8fMstzcL5HGFq2a4uaWDGZIMERGASP5PaoWbMEteL7wMM/SMxxHBFICLAVJklk0ExgfeZGMUXwQ/t2qbLaHoLf/1hqBMW2qW2MAO18U1jn9yVLESQmBG1ap5jzdsXetk0518fHWzQFsrAucwN69eyODBG4cyUaCYXFhPhWiJFoJBRMrZDJujznesx8JrYpp+v2HYI0D1jHJluXebYt5jmXsWV160CA+NDchpoTM8QZKjVH6E+DZALvK7Hj1vobsbjyvNFDEvhJsvDjqOdwYMp27adGnj36KKHjYRISCWLq4ufvh2+/+Vqeo6B6MxZqfLB9EiR8zvhM0kRHMuUbIIGfWL/umeHzMGTIMPQUUqNUyMGxYhZEbZHy8jJzYayfltYZ990z2ZjiRMnzRtKO+VWi9SFPFN55+23j+HXUqOMdPkSkbZPqxu444PVVSt/UdHGQHp51mNiyJGjYrp9EvTHPW11FTy+Ot1KOGp5RnmL5ChkLr4W4OtquRoh89zp37oKpX36J1qJlcuXV1yCtc2dDvKhWSR2oulEEFAFFQBFQBBQBRUARUAQUgYOOwJ/VMQ7mkETeKqssR7hPiDGvWbjlD/xr5bv4dcOveHvLLGxetxSe27dAJEx4yMq1586t8AiNgIcIcCJxGoGTw6cwZ4Xf519+FdfcfCd++GkGXn/3fVx90+3Izs7FjNlz8eui30w5lucqOgVqJgqyU77+TgiVJWbfR4REJtsuBWZvEVr52bBpM1547S0jED730qv43xvv4KeZc3DZNTdh6jffmZV2Kxj7SftswwjJ0gbzKZAz/8efZiJTtBA4DuZ5yznTj2xZhx8K2f5y7UZolXJr0jMwfdYcU47nNTWOgMWOjlhfFx8j/3v5JeN4lRoZs2fNxLPPPG00OKpFsJ8lxyxPM5qpU6aIf5NUQ0DUkjgR/Jlq5DxJALMv+YZU4Tn50PyE2kXUJlmzerVxnJrcOsUQCjxH57Bff/0VNm7cIM9hNmbPni2aG/J8SZs1QlTQ5wjbp5YK/ZDQtwf7DQoKxrLlS1EoJjBeng5NFJI3vXr3RjdxrErHtTQdovYIQwg/8/RTopmyEh++/384//wLMJKResRvCU1jzHVImzThKRfzpBXiU+TLzz9E27bt5DkW56/iaDZHzGmyxGkrHbnSFGe5OH1l27/8Mk+0RkiOwIyVRAjbk/9m3CSD7DleB0kUnq8kXlKGdX//fbFxXmsIJfnu0qyH3wXDFpna+kcRUAQUAUVAEVAEFAFFQBFQBBSBg4uA22iWGBhEtgrwDUB+ZSHKqyrQIlDMIkLaIit/Mz4O8MRxm2Yh7stwBA84DgXZ21Cybglixlwo7IZchghtRmKrw5MmMf/3xRTMnPsLXnjqMTGLiDCaAWvWphtygUQEiQebVqxcZUiIlOQkI9wFBQUa8mTzlq0SLaQUKWKCwVRSUoKly1dIe5FISkwQIc8T0RHhRgOhsrIKY888FUMHHYtRI4birgceRf8+vY02AAXh7JxcdBDNlp0iJLPdlKREhIeHo0CExZ9mzRaixBfxrVoaQZkaKutFY4XjiYgIE4G81giaK1atFvOOYLSW/OUrVmLDxk0Y0LePjNVh/mCvR7cNCBhhndoeCYn45rsfTGjce+6+C8FCBJAgO/Ossw2pcevtd+DV//3PEBRFhUUSYeZtMRFphdWrV4mJTrS5x2yVZjkh4hyVic8RiTlLyMTGxhnBv0g0QWjKQzJhnZBab7z2GkaMHImzzx6LO++ajDtuuw09evYUR7ChhpAg4RIQ4I8A/wBDnLDeKaeeZkId337rLfCVZyM6OgaXXHqZIR3YN8vQgeqdd07GBx+8j4ceuB9h8jxxLCNHjjKaG6edcYZxWksTIhISdBzLeiRBfvn5Z6xYvlyIow149vlXjD8WjuNscRj7sJAvdPp62YR/4J/ix+Xxxx4RDZAuiBcHtXTmasYrYzXjlbGQF6EZHU2ZmAIEF8c5B4nHaD/EqlAIlzjBiGQQow59J5o3/rJ/8y23me8fx65JEVAEFAFFQBFQBBQBRUARUAQUgYONgNuQJTR3oClDfHhLbCjYjA25QgIk98HN/a/AQ/NfBPLXIuPES1BZm4zCBT9h6rYfETX6aoxulyaOJrlq7Vj1J6AUXhkO9YuvvsO1Ey9DbIsYo+ZPwbJ7N4meI4l+FBglhULfg4//2xAkzEsU85mrJ05AoAhwr7/3IdZt2IRpoilyw1UT0KVzGh5+4ikTgvXX35fgkbvvMKv15VxNl+4p6Bk/D9I+zSsCRfjdLg49n33xFdEsqMZR/XqbFfuXXnsb3bp0wu9Ll+OuW27AzqxszPploVnlp9ZIdFQknnv5NfTu0Q0ffz4Fl182HmHiqPNuIV9iYqLEzKMKfXr1FM2YxdiweSsCxFnm+eeebfpUYdPc3j/9sYRJ69atMXnyvSgqLjL3nkI8CRNqadDRKKPcUNMhUMgy+iEplnL0+9G9ew8T3pbaIccce6wJ01tWWoaTTznV9MV9tvXAgw8ZvyXvvfu2OGLtaiLaUAvFX54F+g6hs1lGfhkz5iQhQOQZkWeSzx3LnH7GmaYtamfQWSvDC19x5VVGo4PPKf2T8DpYllsm7jPM8eWXXwE6maXpS6DUIzFhiY+R4liVzyXHZ7VCciVk8PjxF6NL167GbIjEkW2XJM3w4SOM3xL2M/rEE801k2xhGxwvn7PTTj+dj73BjmOhOc2kjpMNGXPa6Wcwy2jlcMvxkaD5UTRl2Pftk+40uC9YMB+PPfqwqUN/Jw6TJNbQpAgoAoqAIqAIKAKKgCKgCCgCisDBQ8B9yBIRyirFBCAxrBWGxx+NKWt/QJuoFIxscyx2ZizBivlf4RS/HYhISka2rEz7FUWj5bI/UJ4lGiWJKfDu1F2W/On/weGHgoIfP2Gyck+hkfsff/aFhIwtwshhQ43pS2BgAObNXyCRRgrw1GMPigBdjDMumIBhQwYJ4eKB44cNxj8uvQi9unfBK2+9h6elzG03XmfIkudffgULFi4SXyU9zLI6hUd/Wf3/5rsfkbFuPd756HNcdt45UjYca9dvwMv/edz4MbnkyusMgdNftEHe/+gTPP+/1/HQvXeiZ9c0jJfyvaW9K/95MxLE6SXHsXL1WkybPtNossTGRGPSrTfWOcoMFsG4DMminXLFhEscpiK6Kr/Hb5IlTLil0M8tnw36+bDnSAjQESvzSaAwnwQWE+8xP87HFPDtOZalY1SWGX3iGGPuky4RccgosM74iy8x59g2CQ6Wo5YHyRruu7bFc2yTIX7ZBo9Zjnk2cd+QHFKA2hokX+zYWYbno6Oj6/tiHywfHhZuNJ6oIUN/KCRRWJbtM1FDhe3wmB8SNdzubrysQ+z4YTnna+E5kjes261bd/y2aBHuuvMO0aqKMOZKkybdZcZtx8DymhQBRUARUAQUAUVAEVAEFAFFQBE4mAi4DVliQfCEJ8Z0Og4vL3wLzyx8AydF9cCJ2Z44rccDCI9NQqWs9Id5+uPUjmea1ffqghzUfDnL+C3x6twTHhTw5EMBNDg4CFvE3KVLWiejbRIX2wKPf/CpEAxJZqWfTihp7tIlrYMR8ujQtbvs79ix0xzHxEabYbWqi9ZBvwszZs3BWiFDVq1JxyghUyh4UpPFJBE2ab4TKyFRn7jvTnSWfkmctElKQGJCvFmRF0nSmNawfDsxZ2A4WgrlvuK3gmNme0XFJWLiEy/mH2sw5Jij0K5tKr786hshUoQQkkQtAWv6QX8qzsKzKaB/douAxYqCOxOPbR63FPQN+eCUzzzn5HzsvM8ypr5o/rRt2w733Hu/8ftB4iBKzFNIJNi27dbWcd5yn8mOq6ou1LHzWB0lHH9tOZp6CbWxyzWxhOlLyBSWIwHCZ4eaHRwPiRKO2bZh23Uen3MbJG3sNdutreN87LzP8zxmm/TZcu111xtcqBFGp7QkUlz7s23qVhFQBBQBRUARUAQUAUVAEVAEFIGDgYB7OXgVBCjsxYivkgu7nYWEsHh8u/A9VIkj16gxY+F1+vnwO/ti+J45Hl6nngufMy6A37jL4dGqDaq3ZFIio4RpBEI6Tb1o3Nl48N/PGR8jFAb79+uLdm2SDclC4Y0r2S1bxuGTqd+J48wicbiZg/mLlyBRfJFQ22CrRNFhmv/rQnRs1xazxCnsrLnzcOO1V6FXt87GmSfbJYlCM6KiohIMGngURg4fig7t25noKHRyWS5kCNujUCh2GPhl/q+m3UWLFyNFSBH6dyguKTUaIxRgk4RYoebDqJHDMUDGzMg6bdu0FnOg2WbMO3dmIV98P1BbITc/35AtrsKp6UD/7BYB3jdXgsAW3l2+Pb/XrRAKfLZIkiSKn5TY2FjzfDgTAvvTx57GustYpN/G2jV5cs458Vm0GjK7reNUobE2nE7v0y7bIAZMcRISOT4hwWBErDQpAoqAIqAI7B4Bl5/w3RfUM4qAIqAIKAKKgCLQZAi4nWYJr6y6tlrMceJxXvczsLUyAsHz56HGLwCesnIuTIhIhHXXbwQvEXqDQuioxEGWyCmGICVBcfSA/ph807V48pnnERYSLI5Ui9BStEu6pqVJNJJN4Ip9rx7dcdJxwzDpvgfF90k1rrrkfENM/PzLfPw8fyHuefBRExr4vjtvFf8VJfj2x+l4+dU3kLF+I4Yee7QRgsPF1IcpIjzUCMkkLiw5wlCyUTS5kPN0Onv7Ddfg2ZdexVwhTBiu9RrxqUKhetSwIZj88JO46erLMfHSi4xvlLm/LECWRO65asLFGCEEzKLFf+CWO++Vtitw1T8uNv5X3vnoMzz42L9w/VUTjSYNNSYaE36l+yMu8T4cTBKJWhzl1TTlaYD+YI6nYRQOkx7nY9d9gU7SnzVOXMv9lWNiQG0qJvusHmhc2L7t66+MWesoAoqAInCwEODPsfyCHazutV9FQBFQBBQBReCIRcBDnDUascjdEKApjRcjg6xejtIpb8N7zLnwjIptIEsozYmPEo+AIJS/9yI8YlvBd/jJ9YSJvR5qmJSIQ0oTclW0NkLFyaTD/MARQpWmLxSiciWMLM0TwsU3AwkHrnYzn35M6OyVkUrYZZ5octABZ4T4IqEwzDJVUp5ESIXUITnC9m2ikMYoOYxWw0SzGY6HvlPotNWa3vAco+LQxIbmQBQm8/LyjaNR9s/EtnIkog6dhQaLE08eM8wrI+XQ/MfdE/Fl+FliRmefxCkzM9OEsCUOvB6bWIYYMPJKSkoKSiUK0er0deLnIsxEEWJZlnFONi9LHOZuF1Mqb7knzm06l9X9xhEgorwLDF1NzRMT8tfpvjRe6y/kyr0z9+svVN3vKtIXr4fXYr6z0kDDk7bfrWkFRUARUASaDQH7myxu1NA2tbXMUxrmF40Nwr4Hc8SRNiPncTFGkyKgCCgCioAicDggQPm8UGToyDrfj66yoOs12ndivsjv1G4PFdl7f+RP8gduqVnCC+XFU7Cp9vZEdW42ql97RpgGXwcZIkK3SM/w6tEPvmPOhkeohO4V4qSxVCbmLxSUGOqXyRIhFM7tMfuKEIeWTJYksRMM3gyOg4QHy1GLhL5O2A6Ffya2T3Mbfwr8cuwsoLOOv7+vITRYloQKiZWY6Chpg+06SBme4xhYl3m8kS0kig/75sfebEbDITnC/pkYMYWTqWopo8mBAJ3zclLpSsAoPntHgM8Zn72svAIsXyZEZSmjBjU9tVAjzy/JGPbX9K3vep38DkYKydZFQh/TqTO/d5KlSRFQBBQBt0dAfiLlN9nTmAnzt2tvZInbX5AOUBFQBBQBRUAROIQQcFuyxEgzVUIaxCcj4NbHyQa4wCozCCErSJL4jpIwpZR+OKtwSRSUKJBZXwk8tnksyn0m5/M8Zh0m5ts6jmOSFLuautheSZg0lpyFTdu3JV9s/462G/pi/85Eii1n69l+DGnCa7IZujXPAoks5/umsOw7AiTepvw0G6UFeUiICtv3ivtRskh89FC7qoWQhpZ03I/q+1WUdEzmxiLRLJHw3f37GcFjvxrQwoqAIqAIHGQEGHZekyKgCCgCioAioAg0LwJuR5aYleZdSAeZIBitEZeJAg+lHMt7WjXTXertCqQlG3bNbTja3XnXfNfjhhb2b6+xdlzzXI/Zg2ue6/H+jeLwLd04bXX4Xm9TXBm/S3ye8sUkrSI/Cz0kmlOghMNmflMm9lEmJlZr0zMQH99STNMOrLkU+6sQ0nP5ipXo1KG9ichjr7Upr0vbUgQUAUWgqRGo/61q4t/hph6ntqcIKAKKgCKgCByOCLgVWUKRzMfbC14iPO17ElOWCvFFoBOJfYfsCCjpQq0dAVfcdJdIXzH+EsraR1YyqRVVW2udKjcBqoaQYYBw4Trlw/b53aWPImFqmu4iTEvSg/yn2ZwH+5DmrWPZJu5Im1MEFAFF4MAi0OS/jwd2uNq6IqAIKAKKgCJwOCDgNmQJV09IlGzKzsevy9ehXByX7lV4EkEoJi4avdonIdTfT6LoqL/4w+Gh1Gs42AgISSLfJX7/aCLD3SZL0ibJC7bNub+n7HvKTm2d/59d+3ElT+xAXPN3rbXLkQe1ZcTHkDAljlr7UXeXhvRAEVAEFAFFQBFQBBQBRUARUASOJAQcHkrd4IpJllCj5NflGXhy9lIUwAu51bV1H8jWfhx5eXK8tbwa//ziZ2RszRZnkV5Nbi7gBrDoEBSBg4AACQYhMsSpIE1YjGYGtTOa7CMkjLQtjMle2rfn7daOwR7vy9ZxDQ1+USzhchBg1S4VAUVAEVAEFAFFQBFQBBQBReCQQcBtNEssYuXFJRjfsy0uH3OsZFGw2dNKcC2Wb9yO8vIKeDS6Mm1b1a0ioAj8FQRIljDVbf5KE7vUcSisSJt1X2u2z+hFrlY4JE+ZjBaKbI0pkCFXTPY+/7H91V3FPtfTgoqAIqAIKAKKgCKgCCgCioAicGQj4HZkCaUyhsdjlJfsgiKjLUJBx3U9WNaUxQeBB0rKK1FUWiEheav+dCcbBC5HRBxn6sUKgbYSyzqft/uu5Wx53SoChzcCJDG8RAPEi0xF014qCZIaL6NVwvb58RBzGZu4R5M8P3HsXCkRsfhdZ5jhcgkDzkg9PrJvoh3Z6BBSobpGIlTxn+TRtMd8myWf0ayq5LfEg35XNCkCioAioAgoAoqAIqAIKAKKgCKwjwi4HVliVoJF4Jm+LAPP/7AQ5SLseIlw1SBK8crskQdW7sjHlm/mY9n2HEwc0VdMeUiMUL4THyh1UXIYbtfX18cIf6xtBKi6kMA8ZvLz8zPCGyuzdZIkbEMdQhp4Dts/jrDOjigw+0uM1Yjg3mDe8dchMkSdPGvsf3/H8Nd73XNNjsOLZIl8F2VoTZps2yRB2b7RLHHqwUecy1ZLmN8ZM6fjt0W/GYx79eqFvv36ISgwAAsWLMCKFStMPqsVSgjioUOHmig+K1eudJj4yJjLyspMfpvUVFQV7Rru26k73VUEFAFFQBFQBBQBRUARUAQUAUXgTwi4HVkispMRzn5YtBLD28djeI92RmukMSGSQpyvCFZ0Cvuvz2fh0sE95DhAVPqrzUr05i1bTWOtWrVE+rr1yMvLN8JoQnwrxERHG9LEIrJi5SojdPn6+poyJiKIvz/apbapF2DtGCjcmkTh1jag20MSAQrq9TYhssd7a+/z3i7o7xIlti/2t6997m1MTXme10ftEjPOJmqY3xxeq6enI/qN7UOQNz3wfpCkeef/3sFHH36Ic88912iZ3X///Rg/fjwuvuQSbNq0Ge+//z5OHDNGtEx8UFRYKN/5GqxatRpffPEFRo48Ttr3QLE4iaajWi8vaqLoN7WJbqE2owgoAoqAIqAIKAKKgCKgCBwRCLgdWULBzNvTGzVVNUiLj0b7hDhZZa40ETOchVoKVxSvKGyFBQUgzKfBXMC0Iar606bPEDX+Kky4eDyeeu4lQ460bdMaM+b+gn+MH4cTjz/O5LH8vAULsW59JjI3bkZxaSnSOrRDdFQkOrZvJ1opvkbDhAIZBT0es9/KykrzkDBf06GHQFlZOTLWZaBU7ndQUBDatG5t7i2fB5ucSQzm88N7T+2kX36Zj379+hoNJubbsra+PbZtuZax5zMzM7FFiL2kpCTEC5HHZNvgPss5H9s8bm1yPm/btf25blnHlrdlbTvmHP8It+AhTli9xESmKcNyk7Jg9JsqITQdfQiRIWQGPGrMmAICA0VrZDneePUVPPDwIxghxAfHmpCYiPvvvRfDRoxAWFgYkpOTceWVVyJQylNzjL8Gc+fORZcuXXDtddeZcfMeVVRWGFMemvFIt+Y3g5enSRFQBBQBRUARUAQUAUVAEVAEFIE9IeB2ZImvaHP8vHITcnLyMbpPB9SKUFVWQbLkz4F7KCD5iEBXIUJRfmW1EYSc14+95FyN+EZgImky7szTMGTQMTh+xFDcfu9DOOboAaLWH2iEwXPPOh0BAQH48ONPsW3HDlxzxeWGDNm+Yyd27NyJtqltECBjo3C5PnMD8vMLRLhONsc04dF06CBgyYMtWzbjuBNPwZUTLsHOrCxs2LAR//n3k0hISPjTxdg6llyg5tGtt9+Or6dOMWSJzWdFu0+/OyQb5ogQHxgQiJ49e5hnjc8oy5CkeeiRR7F48e/o1aunmJf8inHnnoPzzzuvvg22Z/vmvk3WBGjhwkUoryjH0UcdZU/Vl7fjcN2yoM1rrG1zXpgMLyGFOH5PISuaMrFvr2qJUiP/vE0fjvDBvCZqiuVkZyM6pgXSOnVClRCSJKfS0jobnLPlPtGkLlvKPPfss8aHCb/Dl02YYM5v27YNTz31b1TK/YmOiRHNlHFGy4z3Qq66KS9D21IEFAFFQBFQBBQBRUARUAQUgcMYAbchSyhA1Qih0bl9Mn7fnofXf0/HLXT8KCr5/n6iySHnXZPRLJH8iOBAnH1MVyPYUfirT867NbXil8TXnPIP8DdCFlebLdFB4comOphlmvPzL/j0y68QEhJsNEvuv+t2TJ85G59N+Rrt2rbB3Q8/jovGnYOTRo8yZgC2vm4PDQQonPfq1gU33XiD0Sh55tnn8PY77+K2W28RU49NQojlo2PHjua54vNZJL4xMjIyjFaDn58/EoVUsaTDho0bEduihXme6E8jQMiRlJRkA8SsWbPRunVrdO3axQj+UsnkP//Ci8jNycEnH31gBH2aiWVnZ5lzubm5YJupbdogODgYBQUF8BYfPMUyhuzsHHTo0N6UW7RokXmWB/Tvb8ZLLZCoyEjzvOZIGzHRMWJ+lidtBInm1Hp07NABZeIolb49SApFR0XVkyumQac/vDZ7fU7Zf3vXtlu/JYnB/6Y/R6jfCiFJ+FU2ZI2QJTwwzl7rSFMSoSkpKYKnVx1ZJU5dpQydv7Zp3cY4fA0OCna0KY072v7bQ9cGFAFFQBFQBBQBRUARUAQUAUXgCEHArciSSln9TY2LxF3njMB28UNSJGYSPyxehaXrt8JXhCMmy384xE3HMYmUmPBgce4q/hXqS9g76Kjh7++Hb7770fgueeejz3Hp+WOND5Mvp35tBLIB/fogRVT7KUBTsGLq2rkTevXsbjRMJl53M9ZmrMPsefNx7tmn45ijBmDGnF/Qu2c3qe9p/CrYerZn3bo3AnwyqLVAsyomahbRKej33/+AL7780gjrcXGxuHPSHUIurMLtk+7EUQP6o0h8YUy47FJTj2YgX3zxJWbOno3Jd07CY489gQBxQloofjSGDB6Mli1b4vW33sXRA+h82Aunn3qqeb7Yz0effIp33nzdCPt87sLDw8xnyZKleFq0JlrGxWFtegbeeO0Vo33y+JNPYviwYZg9Zy5GHTcSx8nn088/N6Yo7KdCSJCtollx7TVXY/PmLbjvgQfx7NNP4V7x90FNmEghUc4/bxxefOllo7Xxzjvv4aLxF6Jz5zRDNBgQ6v7wWaY214F4pvl9NZpisjX9yD3g9fNecBsfn4DSkhIxc/oFp59xhvluzZs3z1xnQkI8duzYjqioaJxyyqmCdaAxiaLmSK3UjRHCinXoo6RKnMQygg6TQzPN/mrUXaRuFAFFQBFQBBQBRUARUAQUAUVAEdgNAm5DltjxcTWZQk+NaHdUVtei2ktWlEUrxCwoyznxbGAYEvprpLBLU4EtecV4afpvGNmtLXy9/SW3zoeIkY0cAhL/BgYFIlZU85+47050TusoK+0bDFHCNkRsM0NwFg7zCwrxuZApFDRp6sNzw8SM58uvvsXatRk4fvhgo01AnwnO9UxD+sftEaBwvlE0SN586y1s3boNX079Cm++/ipatWqFIUOGgNodZ58zFldffRVeevllXHbpxThx9GjzPFAI5z1/9733RKhfgP889S8hMebgpdffwtdffCwC/U6cdf5F2Lp+DcaKidfAgQMxcsRwI/gTGJrgRIjvjbCwcIMT27JEXWpqG2nv38Z56fkXjsfSpUuFUPEWIiUc1193LcZfeAFGjjoB544di7OEGPAVjalTTj4JH338sSEO2GCNhMqlzw6G5V0vvniumHg5Tjh+FB586GGTP/qEE0z5Z4SUeeH5/5pr2UUrS9rwEHxYn99HkxxfEcf+X/0rX1q2yw+T3XccQXyMVCK1bVvccOONeOThh/Dzz3Plt6Aas4WMuuvuyUar5/vvvsfqVatQIoSTDNxo1lCjhBo0m0Qbh9h6GgLTQXzyPnvU+Uj5q8PWeoqAIqAIKAKKgCKgCCgCioAicGQh4HZkCeGn4NQxpSWe++k3dI8NRy0FSXIkwqQEyOq8lzAlxUJQiKRkwgrnlJajW3KcWZk26gBsRBLDwlIAZSoQbYBzBx6No/r3NQIrnXsmJSagdZ2pBAkRJiswkoi57Z6HRAPlHPTv2wdz5i80AiXLbduRZfyd9Orezckfgqmufw4xBPzFnCY0JBTJScmYMOEyREZEYM2aNUIkfGIE8fCIcGMCkyc+atLS0szVUROF5AYJk/++8BIuHn+BefZounPO6ScbnxulpSX45P/eMs8HCUCSHUyWVKNpDcm4TZs3icZHhDlHoZ6JWifvf/CBRGcqxs6dWYYUpJZEly6dzfkIGSMJlfyCfNOuNx2k1iUbLttPxkjfHkbbIiZaxt7JlNgu/ng6iSnOmjWrjUnO4EHHmmfejouFyInw2EGWiLaHZDBPKEue/pvJ4SDXkCTSEkkNftiH7YVEz6lCAnUQnyVr5V6w7ISJE41JVLmQKf1EqyuldQr8RFuMTmhJnHJoJ550EoYOHw6vOqwZcpyJuHpW0wG0OdQ/ioAioAgoAoqAIqAIKAKKgCKgCOwVgQYpa69Fm7GASJdjj+mOPq1bolRIDSPsiNwTICvo3y5ahcUbsnDd6KPMinOVaKB4iLSU0CLKCI7OkTv8xfEqw4YyRcqqPKPXkAyhkEtfCDx2JkkoBPPDehSzjht6LKbPmmPMb9okJRiSJUscS7ZPbW0cvN4rPktOHXOCiapjNQ1MZ/rnkECA2kthYvpy6qmn1I+3vLwCY8+7EG+K6UtsbAtMEW0Tmtow/PTcuT+jdUoKtmzdCm95fvisfCr+Rv4x8Ur06NEDnTp2wg8/TsOgQYNMeyQ6SDrQ10ZRYVF9H3wGSWpMvHwCrrv+Brzz1hvGXCc9PR3rJMT11998i27iS+Xyyy8HfZJQQ4T+ddauWWvaWL16NdaIeU4rMb2h/5EyGTMT/ags/v13s0//JNRuYf8kBknAMLVv1848+8PEnKdciL8SMXdhGUsSsgy/Q1VCMrJPshDWXxC/E38/UYdLSE7Bj/06THKkZdl3JNlK/yR5iGn37t3NOZ4t5TWIlgkdv3aVqDfUIOG42Qa3vXv3Nr8VNp/tM7E//oZYkstk6h9FQBFQBBQBRUARUAQUAUVAEVAE9oCAW5IlXACOEx8kCdFhDiFKBKH8kjKJlOGDzKx8FIt5Tu+OKcZUJySAhIisTIsQVSmr70wUjEiCjBl9vDkmkXHvHbeYcsynoMZEYcoKVDzmuePEVKJWVrZJpFwozlsp8AaKDwqGlqVgece9D+PBybehvZgKbNi4yfiIcG6D7Wg6NBDgc9MiOtoQCf4S6YgCNwXqc885y2h2UIOji/jzoJnWlWLGcuvtk7Bw4ULjxHWiHNPxb5Q4SH3umadxzXXXS3SWp01UmvMuuNA4eO3ZozuuuvIKjBo5EjffdgdItNFHiCUmxp071jxnF182AUkJiSgQPydXTPwHhg0dIiTNVCH1KgxR4+vji0qPSkybMQf33Hc/lvyxBE88+rB5dnv16oXr/nkjikVz6jzxRzJVyJ2LLrkMqRIiO61TR9NXdLQQiYb4AM4bNw4PPvwwrrrmWuSLQ9mLLxqP4cOH7XLDqPUSFhGFAnEmGydmazU0YWnC5CE2dUXyXaLWF0kjfqwGGLshxcHfAH4HnROvgefon8QSSLYsyzGPFU2YYDm2iiTsL1c0g+gDJli+x5oUAUVAEVAEFAFFQBFQBBQBRUAR2BsCHrLibGWKvZVt1vMitxq/Cz5CbGwUZ68PfzpDooAUCGFRJivilYiODEGFnLv7zKHoLiY75WKWQ6HWOVkSw6w+i/YJ27SCqnM5533nOsyn4EVBjh+SLAt/W4yvxVEspbZ2IpCeeMIoE36YApyt69ye7jcgQBKLUV2IU0hIiMEzMzMT1KggSeF8b1iG5FVqaipSUlKMw8/V6euMA9SUpERT1hVv1mceo8CEiMBvTVIaRrDrHu8pBWz27ZzYzvbtO0xfdly89yxLvxj0HcLngiQc+7DkHPvmMaPosA2Ws4nXzbZIyjDZsXKfWh/UhiAmDm0OIEtC5DJSU2BgkCH5pkyZinnzf8GkO243JCHJO5sYpYd9M49jJOlCcyLuc9wkHby9OU5SC46UI1F42L5zO/Yct6sz1mP52nWICPKr1yxxPv9397cKvoViRtRW7i+/twfyR4h+VwRwIaTiTQSjvzt2ra8IKAKKQHMhYN8V+/pe29/yzXUd2o8ioAgoAoqAIvB3EaBMUyhyD+Uc+77bU5u2DGUzykWhoaH7JX8yYIdbapbwokX2E38kojEiQk5ceAgeP+84I/BQKOSHgi4FLAqgDPXrSpSwDQJkE/2X7EtyrsPyvCnsj4mESL8+vdG9W1cDeJCYZ1QL8FVKlBh8DrU/1jTDddy834yC45z4XJDIiBZNFCY+WjbsNM9ZwoX7YeK41TXxy+mc2Id91kiguJIoDf04nttW8a3Qp1dvBPgHmGZY1z6X1ARhYh7HyB8QJku82LExz9ZjZBxHYvsNJEpdJtqmJCJItLaWLF8pD744iq0jG+35v7sNFWfLkWGhKBeiyOLwd9v8U31ellxehPidSUlKMlpAfyqjGYqAIqAIKAKKgCKgCCgCioAioAg0goDbkiXOY/UWQc1XTGEcYmPDGcpCJFMOmLAl7VuB1PZqfZPQJIj7TK5lbFndHroIWFLBXoG9xza/jj8zp+05HnDfPo/O+baebc+Wtcf2vK1j2pC27HGvnj0ljHXPPbZty9q2bNvOW+cyrmNwLufp6YV48YnCjyZFQBFQBBQBRUARUAQUAUVAEVAEjjQEDgmyhCQJHbmaZWKXO2SFP5fsA3Zo+9uTQHrAOteGmw0Be59dO9xdvnO5xso0lrenOrsr31i+a57rsXM/dn9fytiyulUEFAFFQBFQBBQBRUARUAQUAUXgSEPAbckSV8MAx0q+a67jdrlqnBxpN1GvVxFQBBQBRUARUAQUAUVAEVAEFAFFQBFQBJoOAbckS7jq7UqA8LhxqsQBBs8Z04Wmw0ZbUgQUAUVAEVAEFAFFQBFQBBQBRUARUAQUgSMQAbchS0iGeApJUlJeiY/m/oE5y9eLg1dx5Cq0ibdsfcVvSYU4aa2SjwejW0iehAVBrRyHBQfggqG90DU5DtU8fwTeSL1kRUARUAQUAUVAEVAEFAFFQBFQBBQBRUARaBoE3IcsEUetvj7eWLphG75etQmnd0tFQpQjgsiardn4+Pd0jOvTHq1jIlDOUKk1VfCQyCAePr748re1+G5JBjoltDAEi9VKsZomzv4ZmtLXiHNbti97W5z7tHm6VQQUAUVAEVAEFAFFQBFQBBQBRUARUAQUAfdHwG3IEgMVNUvKyhETEoDhvTogLsIRgjU2ejtW5hZhYNd2aCORU8un/Ahs3QDvo4bDq+dgbC8uwx8btptwwl4SOlXscUxzPhKxhiQG4ypb8sJPQg1XyrErufFXbpVti3UZntX2wRDDDDnMZPPMgf5RBBQBRUARUAQUAUVAEVAEFAFFQBFQBBQBt0fAvcgSITZILtDsZmNWHnbkFMDLyxNZhSVCcFSjtLwC5WuWoLSiCl79R6J04Wz4xiaiUrgRb09PAdthgEMixEtMdTI3bgIJjdgWMSCBUVNTgxWr10g41DgEBARIXo3010BoGIqljmixJIczqWLzeFeZb9pq1VLMhzyxYtVqVMj4PGW8reLi0EL6ZH/s17me2z8ROkBFQBFQBBQBRUARUAQUAUVAEVAEFAFF4AhHwL3IErkZ5CrEPQnW7czDr6s3IiTAD+0SYoQM8TBUCP2aeFSWw6Mwz/gu8fT1k/wy8Wzi0Cax99NbNEw++PhTpKYk46wzTjOkBTVM7nrgUTxw123o2L4tqITCxHwSGyRYqI3CY354zOTJvoUQsdoinkLMlJeXY9J9j+CRe+8whMxl19+Kk0cOlbKeWLU2HV07dcDll15UR8ooYWKAPAz/OJNph+Hl6SUpAoqAIqAI7AEBXQzZAzh6ShFQBBQBRUAROMQRcC+yxGh5iN9WAbVFaBAGd0qGrzAaNUJW1JBFEaLEq0d/eGRloXr1MjHDGQLPuATUZuRIDYdWifP9INlB8sI5sT0vyWNzvy9ZiqCgQCTEx8NfNFAKxBdKesY6tIyLlU8ccvPyjAYJiZHi4hIkJiaIT9nq+uZ8fb2lVxmbOJVtHd8SN1xzBfz8/FBSUor7Hn4cr7z5Dq678nJD1NRX0p1DHgESJHaCbLeH/EXpBSgCioAioAj8ZQS4XPPnWchfbk4rKgKKgCKgCCgCioAbIOBeZInMNkhikN6g6c3yjC0I8vdFYlyUMXVBRQWqxQEsgkLh1aU3aktLUbN1k5Te/RTFWePETGaEcOH21TffRl5egfhIKcNJJxxnTHUefuI/6NYlDWvT1+GSC8dJdxV47D/PIcDfH4MHHoV2bVPrb1lFhcMnSX2G7FA7pUYi9ISGhmDiZRfh+tsm4+ILxiEoMFDNcZyBOkj7JDl4781DVjcGkh37S3iwPNsqkeevWIix2jpzK5J5mhQBRUAROCIQkB9T/uRRC5N+wPb3d/RQx8hHFl58fH0QHhpqFkn46+9MpB/q16fjVwQUAUVAEVAEFAFx9eFWIMhsg5MvCrQh/n5IaBGBAJmMBIoGR61og1SvW43Kxd+j2jcYiIxGzcYM1K5bidqoLo5wwmRanFJtbY2DZJE8TmLYsI9E3CkrLcPX3/+EKy4dj4FH9TcTnSf/86xE4/HB0MHHoqCwCG+//xFOO2k0dmTl4I0X/oPwsDB8MfVr5ObmonNaJ6R16mjIEdtdvSAuxA01UVg+PDRYtExKEBIUhAZ9FFtDt82NgCFG2OnfJDVycvOM9pCvn68QaX7GdKu5r0X7UwQUAUXAHRAw7z6Xd687jOtAj4E+yirEkfuGzVvMYkiC+C8Llne9EiYHGnltXxFQBBQBRUARaD4E3IssqeM6uEJTLav1laK94S0H1bUSaUZMcWolAo5XYhv4JrYVomQ9PLy9hJoQkwji5SQA28lKsGh0cPWfiT5MuPpVWFyMqOhI47fkmRdfwcdfTDGmMtQQaJ2SiPXrM9GhbRukJCcZ0qRbWkdER0UZfyU06aFpj1lBk7E6r6SZc3KeeYyMs1IcyeYL6RIaEmJMiJzLmgHpn2ZHoFDuR+bGjcjKzpbV0Gpzn+JiY5CUkAB/0R7aW+JztWXrNkOutWoVJ0ScefL2Vk3PKwKKgCKgCBxmCASKk3imFjHRyMvPx+YtW9FKnMeHBAcrYXKY3Wu9HEVAEVAEFIEjFwH3IktE+OQCVUF5FTrFx2B0705yZ2qxOGMzqlZvMqY3XtEhqBShF+JfxDOyBbzap6EyIxeV27J3IUx4S3t2746b7nkIR/Xvi0QRiD/85DNEhocjQrQ+AkU4fu7fj+Hxfz+N+QsWGoev2Tm5GDFsCPLzCwz3QsKDZAsdu5IkGXPCKDZrEgVvCtx1/A5KJeRxaR0xs2HjJjz4xFM47+zTxSdKkNE0UbLEIndwtmsz1mHWz78Yk5l4WQGkCnV+QQHWZqxHcPByY2bFqEl8/nbHgWzdtkNMrEJlMhxkLsKScgfnirRXRUARUAQUgcYQoB8x/o67vnf5m83kmt9YG/uS52jPw6FJKvOK9HXrZb5QhciI8D0SJvbdUSDvoNmzZ6Nv376IiYnZly61jCKgCCgCioAioAg0IwJuQ5ZwjZ5hduNjwuEh26te/hItgvwMGbGjqBTf7SzA+k07ERUsIX8l19PbR2pUASsXYnl2Af45orcIwF5mgkItD5rC9O7VA9dcdiFuv+dBI+D6SJ07brreOH195sX/wVsIkLz8QjG3OREx0dF45Mmn8M9b75S8AlwqPkuCRSgOE/8jjolVrSFDOMlxaJcA0ZERpi224yWaL/c98oSMyUP8oJRi7Omn4MTjjzNES1NNzJrxuTisulqTnoF5Qoh1SG2DTh3bI0IIMybey51Z2Vgsjn5nzp2HQQMHIFYmrHYi6wzClm3bEBISbJ4je17vqzNCuq8IKAKKwMFHgL/PjGDXWLK/2fY3vLEy+5Pn2l5q6xSslmh4AQH+xtfZ7tqy9ajRSHPhzz/7DKedfjqiRIu1qca2u741XxFQBBQBRUARUAT2HQGPsrIyqxyx77UOYEku/GTuzMH2nAJHL3LMiQ8j2JBMMVFxeMaOWuZEfuI7IrVlNEIDOfGwJxyrRzS/KSgsRLlofoSHhxlzHDqkY1uMdkOV2UAx12E9fnJEu4S+KGg+Q42SKilHXyaNJTqA9ZZznJbR4SuduzIx/DCdutKe2Xk85uQR/IckFlfSOFEMEXxJOmVmZiI9Pd2YxDhjxTLENzU1FSkpKSgV3y+rxfEu72FKUqLB1U44LaSsz7wc8StD23GaQ+Xm5ePzr74xRAk1jJhsP7Y++5n67Y9S3gcjhhxrzGxsm9wyulF+QaFESGrRaL/OZXVfEVAEFAFFoPkR4JvfUiQ0p40R8xhqdjLZc2uEyPCXiHWMbGfy694Zdt9kSivyGql/TzjyHPMJ13eHPWfr851SJKa+O3dmo3VK0h7fF/Z9Rb9mP/zwPbLFPPTkk0/5E2Fiy/G9xvkK5xd7Svtbfk9t6TlFQBFQBBQBRcCdEKBsXijWJZEREXt8x9ox23divpjLUv6nhcD+yJ+FwiG4jWaJvShOUtq1ikGHxFib1UCMMMfOhhrOmvNUfa0nUurOESAKwiQuKDyTzCDInNCQRImLjTVOWgkeE/NjYmRlR1R4mUcw+WE7jSWuCjECDhNXkmxi+TLRbLHCuM3XbfMhYO/Z+kzxcyMkTedOHU3nfEacfY2wHEmVHl074/vpM7B9x04kyUTa1reT37CwEFNf72nz3UPtSRFQBBSBfUXATg0+/PgTnH3mWVi5aiU6tG9n3tEOTRMPfPLZ50hOTMTYc87Cx59+hhHDh4n2aGhdGcbhcyT+/jf2W2/zGjvPc8znXGPHziyUy9zDT94tNvEcP86Jx1ysGTZsOL777lt8+eWXOPmkkxBJDRMpaK/JuY7uKwKKgCKgCCgCikDzIdAwO2i+PvfaU4UQH6VlFQ0f8Tpfaj/O+XZfzlW7TEJsJ5zA0FksyQ8WcZ7skDgh2cE8m0/SparakdfY5Ma2y60lSuy+I3RwjZkQ2facy+t+8yNA7aHwsFATzpmzT2eihKOx9ykhvpXRYKIWEpOZqMpzwXvK58Tfr4EMMwX0jyKgCCgCioBbIGBJiI8++RQ/zZiJCy+51GiPcnD8jbfTg4svvACjRo1EcXEJpojG4VZxysrfd2o9ZufkYImYZNL3GOtQC7JYtEQyhXAvklUs9rFs+QrjzNXRJt8SjScSJvR9xmTHxjrsx/XDMsGiMUKtkrjYFvhp+nSHBqZTXZbRpAgoAoqAIqAIKALNj4DbaZYQAk4qmnJFxbQlbbom9uOaGstzLaPHhw4CtUJ2eHs5HnNZ16OCdaOD9xZ/N54eng3aSQ5mzZhhUQtpdzbwjTammYqAIqAIKALNhoB9bx97zECMGX0C7rrnftSICS2TgyhxaIpM+eprtBBH3mHijHXer4vwv9fewMUXno8q0Tp94aX/oX/fPvjgo09w16TbMO+X+Xj6vy/i6AH9TKSb1hIhjz6uMsSJ69P/flzMMuMMEWL7Zl92n5FyckXl1+bR1Gbt2rV1mq2S68Kz8JDvH3+pN+2nnww5c+aZZxozIku2mMb0jyKgCCgCioAioAg0KwJuSZY0KwLa2WGNAFWct2/YJFpKZcbhHieedkLLC7fH9G1SI472/P39HHjUEWlGW8gx264ve1gDphenCCgCisAhiAB/y2NbOPxKFQs5IT/0f7oKapFUi5bpsQOPRlcxzbz1phuMb5OTzzgHJ514AkaOGIEff5qM6aKdwvfE0GMH4sYbrse99z8o5jIBePSh+3HbpLvw68JFUn70bt8Jnl4OH2t2ACRL5s6dA9o+ewgpIhXtKbPlkRmt9LlNnInT/Jd16HPFvqN2qaAHioAioAgoAoqAItAsCLg9WcL5jplcNDLxMcsz4l/E1VdJsyCnnbg3AnXPS0JCPH5bshwbN21G+7apZgLMyadNljhZsWo1ggOD0UKiIjHZaTZX+2yyZe2xbhUBRUARUATcAwHn32dGqGs4bvi9pwmMzfcSQoNOvWmiy+A58S3jsGzZMow963T07dPbECYthHxhShan4nRKzpSSlGQIF3Owmz8k2Rmenonvm2h5r0yceMVuSjdkL168WPyfBWCEkDY2lLAdb0Mp3VMEFAFFQBFQBBSB5kLAbckSTjB8ZMKzJbcQ78/5A5t35tVNcuwajDjmFK/wp/RPQ+/UeDMhaS7QtB/3R8BOMDkB7izhghf+9oc43gs0qtP2HK+CE+WM9euxZPlKHN2vj/g3CdtlJY/mOTXiw6ZGSDk1xXH/+64jVAQUgSMbAfodo3NVapEw8ffeEuQmop4QGUyMWkO/IjTJITFB85w+vXsbnyR8D7C+bYOO4tkmU7k4b9/dAg37YX+MoObts3/Tqz/++AMzZ84wREmHDh1MX/pHEVAEFAFFQBFQBA4uAvv3Nm+msdK3BFOtrPb8vm4zZq3ZhH8M6lbnUNUx8fGWVaFV23PwxHcLcMdoL/Ro3RKVVXTM2kyD1G7cGgH7GHAlcUDf3sY+feq300S7pA0SE1qZCEkMPbV85Rrj2I8rgbRHZxQjhpa0k2vW56RXQmwbNWy3vo9P1sMAAEAASURBVGgdnCKgCCgCRyAClqRYtXoNXnvzLWPu8twLL+K8sedgyOBB9c7Y6UuEPqiYxpxwPC6ZeDUefeAeTBYfJbdNmizvhngTEY3mNnS6WlXl8HtCbY8AiX7HFBwctEuUG5Pp8qdEnMS2FGetTM7kvHMxO2bmLV26BD/++IMQJSPRqVOaczHdVwQUAUVAEVAEFIGDiICHCIENOqoHcSDOXdP0gRMJ2v1+OGcx1mzJxuRzRzkXMfuVohXwwZzf8e2y9bj+uH7olhxXF8nGUZRtyP96AmV3k5Y/NXwAMjgWpoM5hgNwWfvVJIkHRhggBlRp3p8416Viv706fR3Cw8NEDTrRPB+uWNrJZ05uLkJkousjmkc2jyuEGes3YOXqtdietdOoUfsJKdIyNg5dOnWAr58vZs/9RcYVjGOO6gdOqm3d0tIyMKpOK9FSsXn7deFaWBFQBBQBReCAI8DfeWp+8LefWoMkRvg7bxPzmJjP3/KCgkJDgtvyeeKUNVTeTQwnz7b4jmFZ53qcd5CMt6SLaVD+2HcDI+1s37kTbVKS7ak9bpcvX4ZvvvkGw4ePQPfu3aSspfod1Wy7zu+1PTW4v+X31JaeUwQUAUVAEVAE3AkBvpu52B0ZEVH/3t3T+Ow7MV/e73yXh4aG7pf8SV9jbqdZQkohrywffl5+ItBWiymOtwkLvDUnD8Wl5YgIDkRecalokfCcp2iUtMKm3CK8On0RHjl3JPxEC8CqyHIyYyc0BIsgUQ3XVcjeE8hNcY59c/LFfqnOq6n5ECDmfKY4Ge7QLhWprZNNhBveE4YR9vb2kS+Nwy/J8CHH4ofpMzFzzjwce/QA0T5xECYBAf7IL/CUTyHCQkP26cvZfFeoPSkCioAioAgQAf7O88PkTJKYDPlj5wM85rshTMLKM/F9wHPRUVH1x7YdZjjXs75ITMG6P6xv5xWbt24VYr2lOeOc31h5Lh4smL8AgwcPFqKku3MR3VcEFAFFQBFQBBQBN0DArcgSrqdUSwi/n9bNhbenF6rk39ps8V3iGYSZy9djQcYWnDWgC6YsWIH1WXnwEk2FVhEhOLpTMtZt3mFWgvzEYZsjXKyXUafdunWbiXISJFFRqGJLjQZnwoKTGSY70eG+c545W1eG55h2W7aRtkjccHK1Zm26WfFKEw/8dpXKuS3bp+nApQ+bp9u/hoDzOh0nvc4TX9si8Q+XifOo4UPw/U8z8f20GTh59HHip8RBpMSJSvXGzVukrpcx4WE91nF+FmxbulUEFAFFQBE4OAjs6V1qzglJwneC43Xt+A3n77hzPccxx+847zgn9aTirm3sOn9Il7DCfFfQPxbL7e79YPNp3nPimDGIjIw8OGBpr4qAIqAIKAKKgCKwRwTciizhtMNLSJJjkvph2rrZqKytwB87N6BLcC+ktIgQ0sQDUcEB6JPaEu3iIoxmQJCEeo0OCRRyhdMffhyTGW9ZXZrz8zy89OZ7OGH4EOOXIn1dJi67cByGDRkkhEml0SjwE/OLanHgaVVuWd9PtEA4KyKpQkKGiUIzP9RM4YeJEx563eekyIxd9jm5ooM5lv30i6kYfMzRiJXJ06+//SYRWbagc1onU9dZ04T1TTtyhqYpTByPpuZDwE5eab4zcuggrFufaezceR95b/lkJca3wrYdO8Uevggx0VH196r5Rqk9KQKKgCKgCOwJAftb3lgZ53MkPuyc4f/Zuw7Aqoq0e9J7r5AQ0ui9Su9FLCAqVmyoa+9t1d0V17b21dV1f11XXTt2hUWQoiJFiiC9QwIhpPfe/u/Myw2PEBAkCS/hG3i5986dem6bOfMVs2eLqMtmf/7wfLZxhn0eGos9IAszlEyhGs+xiJK6CmSH0iv0lKNBEVAEFAFFQBFQBBwTAYciSyyIIvzCEBcYgw2Zm9Hev41IijghNTsPm5PT0C4sCDv2ZyAtO9+QHX5Cnvj6eBrihESFfSgX3eXLzp+MGVdNN8THzt27ccVNd+M/YaHo1bOH0XnatGWr0XuKatvGTI45KNouUiAkROLjYkX1gvW4gHrItFvBSTL1pJiuWOxoMJ4GQD09PHEwLU3srLggrn0MqF88b+FidBVPLJRkGCtitlTnoCFRlrdz124jYZIQH2cGTNnZOSZdVna2SNdUG31nptXQ/AiQMOnZvVtdxYeGxkCkeEygIdhkcUXs6+NjXE+61aryHH731WXXHUVAEVAEWi0CZrFACP/TLdBLGg25kiihrAolV2kE9niJEguvE01v5dOtIqAIKAKKgCKgCDQ9Ag5HlnDgsHr/r9iQvgW+nr5IKdiDzj5tEBUSCCcZjwX7eKFzu3C0DQkwhIWPp7ukc0eluHa1XyWyoGN5DFR96dq5M2695jIsWbYCse3b44lnXzDGQlMPpmHC2NEYJnYqnn/5VaO+Q33n0cOHGiLk9bfeE5IkGB0T4rF+0xY88sd70UaMfX4w6zMRnxXiRMqfPW8B+vbqge/F3sUdN1xrvKps3LYTn38zB0EBgSJZsg7nnzsJU849B8+/9KqRUPAUqRZKLjzy0P1YuXoNXpN6Rg8bZMq44erLcfaZE0R1p9z003RC/zQLAtY9Y7+aaF8xCbPQkGAUCVlWWloGGoA1xJZtKdI+qe4rAoqAItA6EZBPK195/LYao6en0fuP3wYuelAKlQstRhpVrvLvIT6O9p1pnTeN9koRUAQUAUVAEWhZCDgeWSLSIZnFWTaVl+pKBHj6GUQz84uwOz0HsZEhSMrIRVpuoVGRCRDJEkqXuJjlfxsxYl0CHlkTX0tKI0xEXg9u3op5CxZiv4jNXj39UqxbvwHvfPAxXMQexdr1m/B/Lz1rpDw4GFr8w49mMDjzwfvEpkUA/vzYU/hZiI2J48Zg/vdL8H8vPoNPv/waQwf2xw3XXYM+IrHy3sef4tnHH0GPTom48tKLhZiJwbsffGSIj81bt+HnNWvx1msvSR1uuPy6m7D6l7WmL0MH9ME9t9+C3j274+PPvsK4MaMNDlYfrH7ptmkR+K3BqzUgpmQJfxoUAUVAEVAEFIHf+nYoQoqAIqAIKAKKgCLQshBwOLKEboPHJgzHj3tXICl/n6BpI0A4CKEUhrWlW2Eemzgj23Ek8ORPmI7Bsmy/Q9RfottGGmmAHqIikyaqM34y4b1NpEF27d4j6hdd4CtqGJb7QdofGdC3l3E1xGW0KedMwoeffG4IlCH9+yBc1DIoYdCtcydTT7TYtaAaDVfaWKebqOgw0PYJ7ZSki82LjonxopLjZdo+eEBfUAWHXWBehqDAQJO2WlSBnEWFR4NjIWA/IFYiy7GujbZGEVAEFIHmRMD+e9Cc9WpdioAioAgoAoqAItD0CDjkTLyyqhJF5cVi0NUVBeVFaOtlU7+JCfaDt3i7iRYPOP7uLsJdOMPby0PcBYuRVYOVES+pQ42eaEpFRYLGUqku8cOSpXhr1pdY8Pn7WC3SHXuSkjB65Ahje6RU7JuwvLc/+kxsUmSKwVVX5OXlGxKjtLTUSKiUlZWiuxho9RQVnZnP/QOz/v2KrVYhUdLS083+GlG3CRXVHOou54qrWRoDZWD7WE5Mu2gsWLIct4vdC0+xYTJv8RKMGzUSyfuSUVbrVpguk0nSkJzR4NgI6EDZsa+Ptk4RUAQUAUVAEVAEFAFFQBFQBBSB34OAQ5ElpAYqa6owZ/sCFFWWGK4gyidCiINq9EmIQp/4tqgUaYv2YWK/RIgEEhB0grNFDL4WV1abOHsQKKHxwadfYXdSshAiJfAUAuODf/0d4aKKM1Tsk/y6cRNuufsBIyUyZsRQTJs6BVPFXeyfH/ub0UeeKlIkJD18alUt6DXHW1wQDx00EFk5ueiQmGAMwdL6/TffLhSjnweM4c8H7rrV5Bkx5Azc+sCf8fQjD4pR2EDxyJNjjMbeeu0VePRvz0kdzphy5jgxNttdpFp217mkpcHYwACb+pF9f3T/OBEQkoxEGQO3SjkdJ26aTBFQBBQBRcChELDUPlWK0aEuizZGEVAEFAFF4DRBwEmkHWyzSgfpMCe3Kfmp8HX3QVVNBTJyavDk7OWoEskQznpFEcdMgNloToIpfJFVWoG+MeH467QxcBO7I9YEmR5tKFViBhmS0FtUX6gaQwkPeqhhoNca2iYJ9PcX8qXGqMZkZ+eac0FCcNB9MO2dWGo8VPuZ+cTTGDtquLggHikqN1V45oWXkRAbi7MnTRDypFqIEm9DwLAdBSJd4uPrY9rKdrAc1pebl2fKJaHDeNbDwPNsN0khd9lvTYHY5Yt3IRJdfkIwEYckke7ZtWuXUTuyHwwyDTFJSEhArGBbIqpO23ftQWBggDHKy7T1pTqsOF5TeizSoAgoAoqAIqAItAYE8mTMQPVdqvMeK9h/B+nZzRq7HCuPnlMEFAFFQBFQBFoCApzXFxQWmnme9b07VrutNPyG0iC9v8z3T2T+WVBQAIeSLGFnnWWSHB8cY+x+0M5HoEc5Hj9/OPILKWlCeuTIwPiQAB9RnXE2xIOVioSI/UCBpAdtkXDSTkLC5AsONgXymICS7CBJwsA4i1RhXu5ni0QJXQT279vXTOYJeFexVxIhtksogcLyeSFZNvtCbzmWcVmWSQKlWs4HyMVi4IVjsNrJNrBMV/kxrYYTR4C2XjaI1yLaiyGejReEqJP7wJniTDb6q/GKPuUlsU9yb4pXKT4flq2gU94sbYAioAj8TgT0ffU7gXOAbIdfOzMukO8OpVk1KAKKgCKgCCgCikDzIeBwZAm7Xl5ZYeaitN3hJgRIYptQ2wT1GPNeGlWtFKLDPnCAUX+ybBEu1tYiK3jcUJyVn+dInvj7+eLaq66QcqtN2cw/acI4Uy0lVuzLYSTPW+Xy2BA5UpZ9vYy36rH2j9FVJtFwLAQEX09PDyOZY4/rsbL81jmWQ0Jr5+49CA8LFS843kaqSO6a38rq8OcpUeXi7ILCoiJjrycxPq6O8HP4xmsDFQFF4AgE9H11BCQtJqLha1ctRLZtQafFdEQbqggoAoqAIqAItAIEHJIsqSMXZB5K0qBcjJ3+FnnAKWtdvhO4MA3laSjOKpLnOGixD9aEvKF8DcUx79Hi7cvV/d+HALElqeUuxoApKSGHJx1qpBw3Kc9PyvX397ORJULONUbZJ924kyyAwje0n0PPUSVC+Pn7+6KiXKSjjATNSRau2RUBRaDZEdD3VbND3mgVHnHtxE4axxj0umeNNRqtMi1IEVAEFAFFQBFQBI6JgEOSJfVbzMlvI8x36xerx60VARlYUgqoqkq8JJEJaITAcpyFHKmWn61s27Y1kF4WRuyXrX/SN5HUcqrRp64Rbh0tQhFodgT0fdXskDdahUdcO1mcIelvvacbrSItSBFQBBQBRUARUAR+E4EWQZaYXtCOgrWMLwMHiBqMBkXgVCBgUQitgSghflY/rH6dCky1TkVAEWgaBKzn2nrOm6aW5ivV6ofVr+aruflrsvWRKsLNX7fWqAgoAoqAIqAIKAJwPAOvh10USgWIodOawgJUrluBqq3r4eTtC9f+w+CS2OWwpHqgCCgCioAioAgoAoqAIqAIKAKKgCKgCCgCikBjIEC3F44ZSJSI0cmaokJULJ6NyrXL4NK5F5x8/VDxzbuGONHlFse8dNoqRUARUAQUAcdGgBIalpQGVTwovWAds+VUYKRAgxVnpbe2TMNgHdu2trhT/ddqE9tRX32lISEN9tWGgQ0T+zwsy5Rj/trhIcdWPVYaJrGPs4+vza4bRUARUAQUAUVAEWhBCDisGo4ZuIir3uqDKaje9ivcJ0+Ha9feqCkpRpmo4VQsXQDnzj0N1Mcc/NhdjPqDP7tTJ7XLtvJnc7l6qCjTh1MkP8u6GXSwduh66J4ioAgoAoqAzYV9De0SyT8ad3aTb21pebmBxritl3MuovpK20W0Y0Tjz3Sbbv9dcZZvG78ytHXEcmr/O8Q3p1LaxMA+0NB3pXjWs77HVTTMLcarrXED4/ntdhVX82Vl4olPgqeHu/FYV8k+y499tb7v5RUVcOXYhN99OWd9Yw0eAkh1rac8lsNzjNegCCgCioAioAgoAi0TAYclS1xlcCajDFSXlcDZLxAuMfGoEU8d8PIW0qQXKr/ZAlfjrYMufcV+Sb3xCPO7urqZq2INknhAl7313fmezKVj2Rw48VdWVlZXFAdJdDVbIQOrUxE8PDzM4LBcBsDWYO5UtEPrVAQUAUVAETj1CFiLBZz0f7t0FVZs2g5a/gry8cKFo4cgULx8vfDRV5g8pD+G9OqGg1nZ+Menc3DWoL5Iy87FvDUb0C4kEBVCPKTk5OP2qRPhJaTCv2cvFFLCCXnFpegeG4Wrzhp7Sr45/BaT9EnJyMJ/5y5CmXj0Yl+H9+yMob26yzfaGcWlZfjX53MRFRqMi8aPMAQQ01TIuGDeslVY9OsW890c3q0jJo8ago0792DO8l/wxysuMGle/+JbRIYE4fwxQ/HR/B+wbd8BIUeAYvnO3jh5PHYkpwhOG+twOphXgOvPGo0+nTsYMkqJk1P/HGgLFAFFQBFQBBSBE0HAIckSDigOyGAsKfcgqvZnIVIGau3TU+Ec1wlOQkiUpqZgW1ElnHbuR3xkKAK9hRio7TUHTC5i5yQ7Jxd79yabFTGSFiRIKsQFcUy7KISHhZljZiGRYPJKPitY5ALLsg9WPON4jmc5OMvIyMSepGT07SNqQhLHdMUlJUhNPYi42Pa2OuzKssqxL59xPLa2rMNKx30r7bHjWIasCEr/12/cBC9PTyTExx1G2Fj5rfJYNoMVbzvSv4qAIqAIKAKtFYHUzCyUCpF/3TnjsHj1Ojz638/w5gM3o0dsNF6fsxC9Oyfix1/WY19mNjrHtkOQuEz38/LEh4uXoU98O4zp2x0RQhrsO5iOjftTcacQBcHictxFvofyNTllsPE7RpJk7Z79uHzUIAT5euPJz77FY9L2kf17Y83m7Vi8eSfa+PtgVL8eaBMaYiREvly8FJ8sX4tbhNjgl33H/oPmm1tYVILtKQdBaZtZ3/2An7buwj9uu9pIi2zflypjDy+cObgfSoWECQ3wh0t7Z8HJqw6ncf17IiwoUCR0KH2jQRFQBBQBRUARUARaGgIOZ7OEA4p8GXi8sfgX3Pred7hn2S5sc/JF5fzPUPHLMlQu/Ab5X72D5ZWe+NPclXh/yToUcgXJIj0kP8mCDBkMfj77f/hy9lzcev+f8PFnX+Hzr2ebeFdXm0tZNxG75eCKorrM4+7ubn7WRbRJjLjAU0gHniffYREanp4ehihhWfv2p+C1N98xIrnMy3wkSv70+NOGqCChQlFnSnu4C3HDwHI4AGPZTM/ALdvjKem4b09omLzSPivwHNvLeLafItIfffoZKH5McmjegkX4edUa027mYTqP2vymbtMml8PaZJWtW0VAEVAEFIHWiwC/PSQ/AoQE8ZXJfY+YtuYbOmnoQHjLd+Ljed9j0brNuFHIlCAhQTq2j8aYgX3gJSotnWKiMH5wf4QHkwSogb98C32ENKBkSkJ0GyNlciqRcxYpFzf5LvdIjMWwvj0RINIv+YVFRqVokUjHXD68P+IiwoQ42SHfSlfkFRTim1XrcdOkkTh7xCCMH9Qf1513plHFkc8xfOTb+dX3y7Dg16144pppaBsWaqRMPN1d4c2+C34xbSIQImRJJyGW7HEaN6ifkUShGpAuSJzKu0LrVgQUAUVAEVAEfh8CDidZQl3iHzfvNUTEnyb2w/fb96PbGaPhtH2NECZfwskvAIGJ3TFDCIFhZ3TFq7/sxai0bFntikJlLWlC1ZdEkah4/M8Pori4BHuT7sNtN16HyIhwHEhNRUlJqSERUmVVzF8Gi5Q4Yb3Z2TlmQBUv0iCURMkR6RQSD8n796N9TDv4+fqaAQ/VbTZt2YrAwADEtW8vq2kuCAkKOuIKkBjhACmL5UiaA6lp8JIBanSUDEyF4MjOyZG2JSMmOhoBMtAiwePr64Ot23YgPDwUYSFc9ao2akYbN202xAolVUiMkLxh3sKiItPX3Lw8zFv4PUYNH4pSkWq58rKLpS6vOpWjLVu3GQKG+RmysrOFPPGQNh00bWoXHWV0z4/ohEYoAoqAIqAItCoESLDvTc/Ea1/MRVJ6Fs4f2g9V8q0JkO/P5eOH4aF3v8C0gb3Qp0sHI6nBzlt2P8rle1kk3xgGkgnVQph8vGgpKmV76/lnokO7tqjiN5Unmz3Y7Id5Cwny1v8WIbugCBFC9vTomIBk+f6u3L0P5wkhEiHSHl+v+AWThg1EhSwwUJUm2N8f7FuxqPu6mcURm6RnrowXSBz5e7obcok2Wrhw4i4LDuv37MPG5AMY3CURl04YacYPVFPigoQpS/JyAYPfew2KgCKgCCgCioAi0PIQcDiyhCK8v+5NRZeoMPTvEIOf96Zhd4Ur2p9zCdwmXShiIyJxkZuFyo/fQMc9axDuEozMvEJj38Qefg5W+BMZjlpywRlFQizMfPJZvPTME4Y4eO7lf2LG9EuQJbrZT//jXxg/cigW/7Qct1x7FUaPHI57Hn5EyJAY0O5HTm4enn18pqwoVeC5l15F+3bRSDmQiqmTzzaSIDT6Vj8YUkMGVHO+/RrzF/2IXt27mvIfe/g+tIuKwlMvvISunTpi8Y8/4arLL5FyX4GPj49Ie7hjzbqNePrRhxEtJMazL74MPz8/Q/z06NYFk8+ehLff+wCr1/6KqDaRhgSSYR0OyuD3w08+N6TK0hWrceOM6Rg5fBgee/p5M3AtlUFgOyFqbr3xesyeOw+LflyGnlLej8tX4uF7bsOQQQOFSCqTgd2pGOTWR0+PFQFFQBFQBJoCARpu7SoSIg9dczGWrd2Ixz76BkN6dhVpkSCRyIhDx9Ag9ExsD0+RJCmuXVzgggIlUjjxd3ZyrpN8dJeFgLsvmYJoIfhZLsmCU0OU2JCi6Va2r3v7KJF0aYv2bcIRLQslXy7+CW7S9k8W/YQyIUXSZNywMzkFHUUaJECIkE27k9C3a0ezUENpkzDpO0O4nzf+Ijg9+/7n+K+oKN0z/XzBwVlskFRgVM8uuHTSGDGCKwSJpDVqsHY4GRxOCWlkmq5/FAFFQBFQBBQBReAkEXA4soQDjiIxFOfv6SbiwG4ycHFGoQzWTJABkDAfcAoKg/PEC+CRsheu2cWyckMzdTLBZ+Z683zbAIaDGP5qjPSEjUixrZRxAFhSWoKRgwfgnttvQe8e3fH5N3MwZPAZZgB07VWXiyRIFK6+4Tbs2rMHB4Qg2Z20D1dffinWrd+A1/79Dv5wzRVGnJd12QfWw0FbXn4+xo4YgmuvvlKkSNpi2YqVGNCvLzZs2YF7pc7w8DBUiSTLgbR03Hzd1Rg+ZDBe+dcbWLFyFeIzMvA/Gdy99twTInmSib//8w0kxMVi9rcL8eoLTyEkOFj0pUuRL4O7JUuX4w8zrkKwSLmUl79sVvxWrl6D3Lx8QxBRCuWCK67HmFGyAiaDu1FDB+F6SR/32Rf4btEPGDRwgFkptO9Da9qn94LjDRxw6xj3eNHSdIqAItCSECiRif6aXcl4b/YCrN6+B2eIHRKqk5DgZ9grNsNKSukd5/APakpuvhgyl3iJ5hlKm2zOzMWXoqbiLSR/SKA/JoqKzqkzZCoG36UP60Ra5k6RJuknkjGUgskQ6c53Fi3HhUP6GmmScun/8x9+ia9/Wok/JsTiqokj8djHs5EsxmG9RO2G0jZP3TjdSHWuT80UFRs/3HjeRFz0wptIiFqGySMHo0hw+GHDVlNfkUibju3fCx2EgKqoLIOFk/mG8LNzOIwSoUERUAQUAUVAEVAEWgICDkeWEDQaWONk9bAgE12bpIjECrHg3C4OrrEd4JQ838aEHJZYxia1M12WYu0zCe2H0B4IbY3Q7ghHMXSNSIkLhqDAQLEr4m7Ii0BRjQmWY4osJ8TGiNRFCbJzc9GnexccTDsoajk+Qm5cVUvWHDkesq0qsVQnhIaGcseQG9t27kb/vr1xs0h+3P3QI4a0uHTaBQiS+iLDw026hLj22C0GakmQjBkyAHlSb5mQIo8+eA8ysrKMoVoSJXRd6CvqQYWik812sn8MVj+pStSjayejtuPj7Y1esp+eni79d5O+Bpi0VCcij2BcQLZihsDLjaui5o4w/T7yT+2oVsCokHuCYuUaFAFFQBFoDQhYX1R+R0f27oZO0ZGGDDh7UG/0FGKBnm1INPA78sDUCYiLalOnxskPBAmQW84egyhKkNSqokRHhOKpi84y6qJUO6Eaj1VP82NmI0poY+Vv0qYgaUuBLBDw+0tvN9dPGG76SRstonuKa8UeS9KBg0IKlWKQSNW8JEQPJU0YpgwfCB+xJxbbNgKPSlnlkp94vHnDZciRxQ9Kkl4kBmRz8gsMwVRR6Q0PUbslIW+Pk81WiSlS/ygCioAioAgoAopAC0TA4cgSDrSC/HyQJdIldEWYX1KOYF8vM8klhWKjJGRAAhdx11eJclkI8xBDa6RYjjZKo+oMB4i0P5Iqqipp6RnG3sjGrduNSDHtgpTKyhBDZZV4zZGBEQtjnKWnTVFk5qfay649e0VNZ4SoxRQbd8G79yYZVR1TQO0fTrMtt8EU0a0QVR4G2kJhU1n2pAnjxMbIMFx23S1GBcbFmYZpM9EhMQFLlv2MwQP7o01kJObl/YBhwwYLMVIj6kC5RpJky/ad2JeSgnAhYVLEDgsNuBaJfZYiaRNVebhCWFFRjjbS3pffeBuXXTTNtHflug24SaRXtm7fIee9a9tUJYPkUys6bRrShH/Ie6xMzkVuYa2U0tHqkvuENmjiwv0Q7XfIy9LRkmu8IqAIKAItCQF+C3t0iDMeb8xHU47LZPJPooSBajZjxcip8SAn3yuS/vyecTtajLxWCZFM8oBf40hxwRsTGWGK4QKH7Vtq+9axrOYM5Pn53QsUO2QTRFKUhIatTzVipNYPZ4p9EnrKsVRm48QYbcf27VBivvOVxjhrl/hY0y/aGWG69m0jkRATbb7XHBfQSxDxKSsvw4Dunc0++8i+Mz3tn/F8HU4SZ79Y05x4aF2KgCKgCCgCioAicPIIOBxZQiahW7tI/LA9WUiLajjLoKVD2zBxc1hpjLBxgGaID5nQbtmfhp15RWY1y5w8Ch6hoodNXWKSCBdOORv3/emv6NurO+JFZJaGUkmCeMsqEoObSFwEiH0QDryCReLCst9BKQyKH9MGyIpVv+CWux+QAVM5pkyagPZi1yRAjMPZB67OhYYEmygaWiWZweAqdYWKy8Wk5H3499vvIUxcF547cYyxjcKB3YeffonPvppjjK5SFchf2tK9S0fcfOf9xpNOty6djKrNTSKV8vjTL4phWD+RHBG96Wnng/ZMbr77QfxVbKLQmC3dGfbt3QvnThiDh//6hEjLVOEWyZeYEG+85bBdDO6i7uQr2LTGwEG+i1xMDu7vX7QDa4vEtozom5vRf0Md5g1WXoXrEoLw+MTOQskdPWlD2TVOEVAEFAFHR4CkQU3NIVKDE3r7SX2xSFHWj2OfuGhgH8/FBBIEdUHKOXUqOLZW8DtK1Rv7dpo4WUywj2O7qY5DcoPxNkxstsfk0MSRICEJYqUp5aKHfFQ4LiihOpIQTVawL7s+TlYa3SoCioAioAgoAopAy0LASexdHPraO0DbOVfNF13pf4vr4A/W7ECZDHD6R4WKSkT1YfNbToAzRLLknB7xmD68FwK8PMSav032pH43aKCVJAUJDA5oqJriKV5p6K2GxIv1I2lC8WLjflfUWTiYstwLU0qEAya662V6erIh0RIYEGAkUSolLUkHK3CFiytzTM8BFweQVP9hHM+RPKENEUqnhIeFSV0VuPaWu/DAXbcazztede6KRdJB6mF9rJdqQtwyLk884LBsxrFfHPjRiK2frKyxDgbWb/osEilsP9vLPhITHtu3if1vysD68kWEme2hwVr2ISkpCbt27arD1arf1p9yJCQkIDY2FiWC0/Zde4xEUKx4JiIGTGMfrLgsUVMikcW+UyzaxdilqcAl7/6Cm4bHITrA06jZ1Mtu+DZvdxcs2Z6BT7ZnYfZV/cQgIFdLpRYph/jslDZEiBi6Jb1jX39L3ue14b2TJpJXiQlx5n6sj29L7p+2XRE4nRDgu1DfVy3zijd07RhHNWBKmvKbfaxgfQc5ZqAHv6b+rh+rLXpOEVAEFAFFQBFoTAQ4Xy4oLDT2Oa3v3bHKt9Jwzsw5uL8IN5zI/LOgoADH/uoeq/YmOsd5aYC3B64SAuSsnglm0k8DrodPi22r/XTH2yYkwLj046S4fhqriZ5CPJA8IGD8BRtJE+6TUBApg9rAcwSQP+57ioV8ukVk4MSbgUBzEkl7IQwkHkiEeIq+t70BUU4+rXpJyjCwTGugw/ZQmoOuiynWzFrGjBhqyiX5QaOtLJt18cZgHAPjGBjHC87AONZNYod9Y9nsg3WOZVj5mY/HVn/s28T9Vh1EoqRXW38khPiIpIncU/VuGF5qX09XpOeIOtP2bCNaTTyY7LeQIXbElT9DVMnW3Fn1KrHHmKfqQ26d5/3DwLJYJoO1NQfSovp5bfFN8/fwum33Mmuy7wPTWO23WnG0fNZ53SoCisCpQYDPqv17hg+zedfZvcuYhj/rObZ/3tlq+2P7fatH1rvTym/Fc1v/XWF/7mT3rTZb7yTr2KqzoX6zTiu9Vb/9MftixhnsqAT7/h7RP+JmUukfRUARUAQUAUVAEWjJCDgcWUIwq2TWGubvjcggP4OtbWjSMMwVJApqCY2GU9gmnPbnLMLDFnf4kMYaTPGcfblWvDUoYhkM1rE9UWJOyB8zaZatlZfx9vs8X1VlG4jSJSPdB/M8iRKrXObhfv366seZQankPbxvh9pXP799O+z3WV9rDQbbimqUVIhkzVHIEkqhlPGcGery3jjW3WdDiqloUJfST5RK8hRijQQWRb9Zp4Uvr5m9iDpJQEo7WYHpjIFeqZIi4UzrIWVResjcKyRO2B7b/8PuEauMptqyXwYJzhAksG2852lHh30gBuyzfX+YjvkYrPvZvv/mhP5RBBSBZkeAjzElDiiNyOeY7yy+Y/i8ktznu4vvHb6P+ExTFcV8c7hwIZmt59gsZMgxJT1J+ttIer7zbMQCXwxUWWHZjCOFYL1HrDIau/PmPSoLB9yWi/QpjbmzT5Q2ZF9ok4rvV7aD0qCWXTK2j7a7rHcY8xMHHvMclzTc5Dtt3oXSX/adpAvLsd717AvxMT8eaFAEFAFFQBFQBBSBFo2AQ5IlHHxUColQWSV61Q3Ay/OM51ZGJbYt948zcCBzsqExymAb7Mvh4Kx+nImol+5E445WplXO6bTlpecgnb8jbwNLOkQQaejGawAoXjNKC+07mI4PvvsRSZk5GN41EVNHD8M3S37Gko3bEBVMVa0qHMwrwLWTRmGweF5YvWkb/vPt93I8WowtxhsDghzQp2XlYN6KNVi3OxnuUu7Inp0xUbwh7U5JlfKXmBbQ8HH32ChcddbYw+6fBpp3UlHsGydLKRmZ+O/cxWaCUSh6+uHitem+6VOxct0m/LRxO+6ffj62iTvtjxYuxU1Tz0SY2PfhBKxEbOb8+6t5yBZPTSUyafH39sRdF08W+0BHV5k7qQZrZkVAEfhNBPjNIXmxeNU6zF+13rjAHdw5HpOGDkSgeJLZtmcfZi9dheTMbMRHhuHcoQMQLy7vaa/jn5/9D/07xWN0/94oFLWQlz7+GqPEs87wfj3xgbwjSMpPGz9CyBc3LFm7Hpv27Md0ece9PGs2ssW9fZCvN4rkvcDX6+3TzkGovEss8uE3G34cCcw7S4iSlLRMfCNugTcmiRF0set1nni36Snv2WJZiFj40zp5b20zRAffryOl7X4+3vJO3o7Zy9fgjovOQbBIbS5fvwnzVv6KP155oUgb5uI/4mZ5+sQRSBAsCopK8I9PZuOiMUNN+//++VxECnbuUvdBcbvcr2McLhk/Ulp8nB+S4+ibJlEEFAFFQBFQBBSB5kfg0LJ289d9zBo5keWgzprY2m+teG5PnvY4ZjP0pCJwVAQ4MOd9yQnC61/Ph6+oYt149thaF5LV6JUYi/OH9cfugxkIFQ9P08cORYSoSdHzxE+/bsbinclY8usms4LL1c9cmUw888EX2LrvAC4eNRijenXBXsnL1djikjKs35eK0TIxmXHmSAwWTwy1dOFR29cYJ/iMlQnRsW5vCnoltMcV44djXP8estrqYiYMW6StfAiLxPDjr0kHTF+Yh4HtXr93v7gobYMZQhKdPaivWeXl9EGfWwOR/lEEmhUBvrNcRB1x8apf8cSn32Jotw6YNmIgMvMLTTvoSve+Nz+Cn9j0mj5umFElfOg/s5AiHuRInG5OPmDc8TqJtAjL2izvJHph4xOdV1SMv89bgiW/bBCbXO6iU1yMnQfSzHd8fP+eGN69EzYIecH3wRQhYEiokFS13hcnCwTbQwnNbCGln3rvC6Rl5+LqCSMM4ZMu+5QCef/bxfj0p1U464zeGNe3G95esBSfLfzJ5CsQu1ib5H1GIonSMIVCiGyU/jJQsmadED///vo75An56yoYbpa0eWLnKTQoANPHDEEb2W5POYjzhvZD347xkkuJEgOe/lEEFAFFQBFQBFowAg4pWWKP529NqnQ4Yo+W7jc7AnKDyhjdDPo5WfDwcMO5Iwcb0e3OcTHg70sZnHdqH4WxZ/QVaYtSJAsBskUmGTPPn4hFMrFIEaOqdGG5bN1mJGfl4tU7Zog7znAjyVEmhoM9xEMT2QWSMT7eXrL664fw4ECpw6YK07R9pl0DUQcSMqdtWCgS20WZY064OGHyljYxcCLiK33nxIckCQOpTA9ZafWTNvvIym1bMYzrIRMkir031gTJVKR/FAFF4DcRMOSuPKdlZRX4WiQobhg7GFPHDjfqc4N7dTNkyJffL0PXNmG4ZsoE+Iq3tO6J8dj8j/8YqYvJo4fCW55fZyebWgorNMdSJokBvo/6iue610ViLrFdW/jLM8/3BN8Ng3t1Ne+5j5asRC8hEs7o0QV5Qg6zTY0VWBbtdm3etRdpUvbMGRchOiIM/bp1Mu9jSv/NXbsFD150NkaINIlJLwTQS18vwPljhhnyxkuk+xjYLL73fOSdZoVokRBMyc7Dh9K/K88ZhyAfL6N6REm6doP6oVpUmNaIROAokbphnymJ81vjF6ts3SoCioAioAgoAoqAYyLgwJIlMszgxOs3fpx06YDEMW8ux20Vp/NHDtJPdNzOe492bWho+MYpE+Esq5r3vvERXvrwS+O6khIndGHJQXm5kB7c50rqr9t2Gd330TJgp6rN2m07zaSitKwMwTIAjxAihGo3j/7nQ7wy62vkyMCfevO0CfDxoqV4QUTa9wvBwolIY042jna9WIentPPTxUtx20tvGhUiqgxxBZb9MUE2Zp+HtVE89pHJ1aK1mzDz7U+xSTwJceW39vTRqtN4RUARaCIE+K3k81wk6nRRYcFmv1AkQyghR+mJDJHKiBFSk++bfJGgoFpJtLi6z5J3EG2Y8NnlOUluCAE2k+XxXVgo0mWje3fFOSJF8oqo6+xJTQfJB56nSp7N1S7tMZUbF8T2NsFYTmMEjgZoxDxECNogUYspEAKb72ESH3yPeri5IFhUf+jal3ZLuM9AqRLmZVtJBrF/5p1baw+N7zI3ed/eNHk8lm7dhdmiYkn7JUxXKXZOKFlH/Jifqj7sI7HWoAgoAoqAIqAIKAItGwGHlCzhwOvnHfvx2bL1yMkvqhuUcfBhTc6YhgOTAZ3a44LB3UXNwcvYOeHgRYMicDQEeHtwUMzJQf1bRcbTJs7E1z95lAJ5H5LECBK9+IeuudgQIQ8KMXBOeha6idpKuQzUSRCwPlcXVyPCvmb7bhQLMfKy6PtTf3/N9j2YPLIEEaHB2J2djy17ktElPlbu7QS8t2gZrpJBOFcqScrcc8kURMlkxmaAsXkkNNhHGq+9eOww0yf21xhLlMkDJxAMkgTu0k+qE3F1lzZa2OcCmZRdPXGkrOT2MnlIGjFegyKgCDQ/AvxmkmSNCQ3Cz5t2YED3LvASN/Y5+QXGXknndm3w6dI1uEhIk4iQYOxPy8Avokp3i6jr0AhsoJC5u4UEoRF2EgTZYj+JzzyDecfJe2rqhGHY/c4sfLJsDUaL6o0hIOTlSsLCzdUmacL9I17AJwuHvFeqxcNdoNgb2St2Q7ZJu3vJOzSvoAjlQpTwvUlzrFvl/ZoYE2XaxXetv0jHhQhpkiZSfdmi7piRm4cwUZfk1l36xrcV+1Yi5Eqn9tG4fepEPPbB10JsewqWtedN/2zvQ76rrfHJyXZJ8ysCioAioAgoAorAqUXAIckSrl6RKInw88YlQ7qbyShJEv5cZSDCpWsOYArLKvHk3JXoH99GPOfEoqKKqzlHTsQ4WOOPAxj+fk8wJA3L4EDo9xRwAnlYF+v4vW09gapOq6S8cnQWXSX48lcfXy4i0ncL0zgfh/iDmXjI/UDCY6bo+bcJ8jfkSLe24WgjxIcxXCh1puTmG3KEKig/rd2NhUKO/N9NV6B9m3AkycTjD/98V6Q1tmKQGH69bHBvPCxkywWiU58rq6IkWmgrgKu6G8V47BciJk/Vl5BAf0wc3L8ZiAcbGbQxM9e0w9/Xp9ZGgc1jT7JMShjolWqTtO8DEVGvFCAnDOwpE4sYZIrdgnkr14mkzEF5amswddRQ42ab2GlQBBSB5kOA7zt+WygVdpHYT/rzO58j680P5dsZILZEDuDPV15gSM1lm3fi4Tc+QI/YaKzamYS+su3bpaM0tAbnDO6Hxz7+BjnybjqYk4doeed1iW8v0hwiOSfEaI4QEzTgPOOc8dghZaTn2d4PZEYoibYtK89m14hfOL4CGvFjSkKD3n26Ckl9bp8ueEjeo5Nku33/QfSRuCvPHY8ZE4bjlTmLsHHvPnk/V2ON2CG5V9QhKUETL7ZUzohvhyff/wJdZH+x4HDrWaON/RWSvAfErgsJooFCMF0xKg3XffEdbhZSmJ0gtpRUSeL7sPbV1sjda74bRWtSBBQBRUARUAQUgToEHI4s4diJg4y8gmKcP7ALeiS0Q5YMUvy8PER/2F0s6hfJeVmdkhUfX093JP70q7jaLW9w0GVNyDg4pIoEB2sU0f09wcvT02SrrKwwg6xGHOMd0RzWRTesbGv9Cf0RiTXitxEwo1YnZIuh0ueW7kGol9jNkAl9/WvIZO6y8rkxrRBtvcT1JEuWP2bbQC3W5MNL7ssbRcd/295kIwHSp3MHBAipQLKEK6i3nD1G7H2EiMebcgRK/BOXnIsOsrJJMW9un7z0XPEU421UeqafPQ59OidiX2qalOGN8QN7G91/GoZ97uJzzMopB+4sv377G2jiSUYJUSLPDMXZn77oLFlpDjSTERZKuyNdZZJ0t9gloDh9lNgzeUrSsE0kj/zE3gFXsO86b4KRKKGkCVdpzYrySbZKsysCisDvQ4DvLKqLdBPJtRdvvFykLJLkWa7G2AG9RJoi0KgFPiDerdZv32UMmfYRI9U9RTrDR75JfH/1F/sfz17rjV3JKRggHl96dExAqNjsIJlLI64e8q2lyg2lOP4sHrMyhSyhpAXfI37yjnt82iREh4cZclWa0uiBRDcl8GZMnoh+nROQIYZdO8s7lp5wKuW9OXpAb7FjEordYpyVWFwiRmzp6YdEh4+QPLdceDbWbd1p1HfGSX+6JcQavEJEcvCuyePgK+o9VOs5a9hAfCFxbUWVyXIb3FGkTu6dMt7YcuJXowm61+h4aYGKgCKgCCgCioAicGwEHI4sYXNtk1bxtiEkyIdL1uGztTswtVci+nWKwePfrkLRwTQ4F+bh4aumwFUGcTXimaM+W2JW/WWy5izn9qWkIHl/CiJkkBYbE2MQIXFiBYuQsMgV+3gz4JFB1ao1vyApeR+GDRmE0JAQM2Cy0nHLMqz89uVZ8fW3Vl4rLY+ZnwNL1hUuk8/oqKjDyB0rLdNZ5TGfFc99DYcjwOtHiQZO3M/vEYHlKfnIKj62S2pXIUymdAqDK6+p5LeVcXi59Y86yeprl3jbvUUigZMHXhf+Rg/sY6SjaJOki6xwkiThxMNKM0oG8Bxwc1WU6ft16YD+XTuZKkiakRxpI4Py9m0iTGMoPUVxc5bRlEGaYgjGQD9fTBD3xZxkUR2H9yjbHt8uCh1j25l2RIpYP43SEiz2gSvNTMO+GRzkBK8D22w9J03Zdi1bEVAEGkbAPJ/ybMa2jUCCPMMM/B7y+eYz6yeqNnxnWYFEguXel+lIktLwK0OFLB5Y7zFL+oTvK5bVQYxWd5J3BVX2mI+GnicMlvcIFxzkHcl2NHZgiVQRoqTIsN49+DKSmBrzPuI7Vl4+6CJGt7slxJmqbe9X23uXkibs+1jx2sXA95Tpu7Q1SIxqExO+o9lfEjJjz+hn+k+1REoqxoo0SqIQJrZ3nClC/ygCioAioAgoAopAC0fAIckSa8DjJqvy3dqFG/eFcaH+iHcqw98Hi7rN2oOo+vRNhBzoCJ+CDLgXZstSNyVGmNM2yLFN6Krw5ttv4YdlK9Gja2fsklW0vr2646brrjEDNXfRwebgiQM7DoxcRd3B2nJwR8kODyFjPpz1GZb9vApnTxxnyBdTifxxk1U06iwbaRXJ7yQTcraBA0GuoLM8rkKZcqU8V6mvXAaOPOaP+Vgf4z7/eg4uvuA8E//+x59h0vgxaC/EDtN4ik45xaeZjgNMU54cUz2jSozLcWLaFANPq58tfStQifqWE24dEoebZGB7PIGuIU8kcFBtSaDwLrS/HjQmyGP+ONjmNef9aaWxP886jSFE7kiBHOsznSFg5DrXBYlrLtsfnGTQOK3VB7aB+7w3y8ttfanfPist+3Yo2OwWHDrWPUVAETgVCPD5JKlRI9J2DHJY93xz8l9cWSYRcoLvIHl3Mr0VbO86+d7avZ94zvL+Yj375rsq8dZ7it+w+u8Rq8zG3JpmS120C2WCaSf7YDs07a+xSZha/eYZ7h/Wd4lj29kfvgP5LrPe2/ymFNu9E5mG32G+35lGgyKgCCgCioAioAi0DgQckiyRcYgMUoT/kBFJ0sEsrN2biuqMVPTJ34rQ3DQgSFbYz7ka1ZtX45LkXYj0zUZ5h/ZwDgqV0Y5t8Ocu9iE+/2Q2Vqxeh3+9+AyCggKRX1CAlAOpZvDDCeuWrdsM8RAX295czazsbHFt6oEDqQfh5eWJmHbRSE/PwMdffIN7b7sRZwzoh0LxEMBBoIcQH0yXlp6OeMlP4oWDJw62wkJDUCL7OXliKE6kULJzcsR1qg+Sd+xCgog/5+XnY59IusSKTYcQUa/YuWs3fli6HGNHDpdy3PDgPXfAW1bhuOrFQdr6TZvh5+tr2kPyJTMzS9rnhaR9+0z+iPBwQ8rYD2hbx+3ZuL2g/JFljPBYJVMCgoPhEwlmgnCUDPaDZ5OOo3K7YH+e0dbkopb7MykbymdXRJPusrW01VM/2LfJft8+Xf2+2Z/TfUVAETh1CNie2SPrPyz+8FeVSWzOc6/eubr3Vm2Rdelqj7lpzvdBXXvqtfOw/tm1jbtHO9fQO7B+X2x561VWr3w9VAQUAUVAEVAEFIGWhYBDkiUcbogkrTHmGhcZjHLxIhJdloea5CxUhYjYcGAwnDy8gPIydHIR14TFBUbCgtIcNWJvjYOYElkF+uZbMcB23VUIrSUvfIWw6N61ixAehXjupVcNEVEqbv7aRbXFrTdej9lz52HRj8uMFMoPy37GzD/ebYxZpgph8v2Spfjhp2VYt2EjXnn+b9iScgCvvfkOunfuiEeefA5XX3aRmYjvl/jbbvoDUkVV6MVX/w9PPPIQnn/5n2bVKVgIm1HDh+KrOXPhL2K96RmZ+Msf78Psb+eLqlAq3hcJFqpoLFu5Bg/eezs6JiTgT489iUhRHzogNiyGnNEf0y6Yitff/q+QNJmIEFWdlWvX42+PPIhu0q8yWUnjgE1DwwiQ/yBJpkERUAQUAUVAEVAEFAFFQBFQBBQBRUAROBYCDkmWcDrLOT+lKlLzirFJrNJXbluJ3p1C4dI2BpWb1qBaJCyc3Nzh0qUPqlP2oHLVT3AfP6V2ZYhqC9SbLkeAuBGkhAYD1Qbo1vSnZStEuqMAzz35KAqLinDBFddjzKiRJt2ooYNw/YyrENf+cyxY/APuveNWdE6Mw+UXX2hsnsy4+Q4z4V62YiXOHDMKF54/BavXbRASpjOS9+03Osysi5Ny1kvi5oAQJ1dI/jMnjENubi569ehuJFpuv/8h7N6zF1PPPRvbdu7BzdfPgJtIluw7cIAF4PsflyAyLAwP3Xc3UoSEufrmOzFk8CBDiowfPQLnSb5XXnvd2Djp3q2rqVPJEqJvC4fIkZMnkGwci5QoRVl0i414Ofmyrfaeuq2tR+av6c6JS9acurZrzYqAIlAfAX1f1Uek5RzXv3b8zijJ33Kun7ZUEVAEFAFFoHUh4JBkCSHmnI2uXunFJtClCt0z1sK1y5moEYJEFIPhPnEqyr75CC4+vqgRXeHKz/4PbqPEG4eHGHwVkoVqMT7ePkhJTQWJBJIItPXBknNELaabuEKkvREfsdDfS4xppos6jaurG4LEsj9DUGCg8fJBw3Z030oDoSQ+3KV+DlyGDj4Db7//kVG96SH5OyQmYNuOnUY9h/lZv7EtIm1hmYkJ8aYNJSLJ8vWcb0UlqBC5xq2izVircRErRA63tFFCouhgWrqQMDZDnyEhwYiJamPUfrylzVQrYogUo5rZOblm3zBMtr3T/i+vFaV0ahpJ0obXnPcLt85OtrJbE8jEiv0y/RSjyC4u1eZ+bU191L4oAqcLAtZz3LrfVzaj6nwvt6b3lbl29t+a2n1dCDldnl7tpyKgCCgCioAjIeCwZAkt2peJ/Q9/sd0RI5b3fUOuB/ZuQE1pMcTqKsq/+RDOgSGiglMIJ9G98bjqXjgJQSFMiSEaaNPj8mlT8ZenXxQ1myjEx8Viv3jF2bl7D0g8fPLWe2JQdSqKi0uwUiRDbrruamzdvkOkT7zN9aFkCgkLkjY0hEf3qDJPFuObZYY0KRPSIz0zG17SPkqGkBihi+JNW3cYqZZk8ZyTnZsnE85azyci1cLw0j9fR5dOHXDV5Zdi6z1/NGk5sc8TeypsC22l0EgcJ69xsTH49Ks5mDRxopFaSdp/wKgMFRUVSz6btIwxGEqdJQY2sJHIAVuBLfMv0cgR7El+yVVrnE4IthyU03ZHgditMR4eiHdrCNINqrCxT+xfRla2kYri4LyV9LA1XCXtgyJwXAjwm2VNuPk854vaqc0jjTzNPNkKAt9NdAXMDmXId9hIj7aWb19D3xr5xvNtXGeHpRVcQ+2CIqAIKAKKgCLQEhBwOLKEkzOakuzTMQYvLfgFPUJ8UO3qjg0iDXLBrk3o7OUNl35DxaCJECN5WahO3onq8lK4d+lF653UtbGRGUJqjBw+FPeLms3Mp55DeGiwWOIvxcQxozDlnEnGM87Djz5pBlm3zJhuJD/mLVhkDKfywlEyxFckOBhCggJkokzvJUC4EC004pouRlbjxTUi7YS8JKowgwf2x5njx2Hud4twm5Ag7aLbIkHcqtYIeRMUwPw0LwoMEiOxPy5dYQgRX29Ps3ofLTZT2kaE4f4/P4p7b78FUW0ixf1gGUYMG4ZVv6zDAxJfVFyM+2+/SVSBwo0XHBqYZfD09DDqRdzXlSeiIPePXKiY6Gi4e4gUkEUk2U6dxF9KADmLS+cwgz/vh9bCldhAoVcbF1DyidJNNITbuvp3EpdesyoCLQwBfqtIqPN95SUe3arFa1qrYUqENOC7mEbU+f2Tg0O6kS3sOjXc3MO/NVxM4S8nN8esrWxCAABAAElEQVQs4FDaVoMioAgoAoqAIqAINA8CTmLg1OEWj7n4lV1UajzhlJSK+z8ZHLgX5qDdukUIKCtEjacPxT3ECqz8KsSoaVQs3CdcACfLGw4HTxJIHtC9L+2SFIs0Bj3M+IpXmSqRGuEAK0fsh3AQEihkBlem6JqXx5QSoWQJ3QczP+O5ZXm0e8I0N9/9RzHqOg3DhgzGW+9+gP3iZWfmQ/eLdEix8ZgTKKo3LIMkSYVsbao8IpkgZdCbjSFjfH1MGu6XSj9pbNbPz9fEsQ7Gc4WQakPu4qXHX86xLFsbbBNa7jPYVIzMrsP+YZ/yxRMQMfDz8zPYJCUlYdeuXXV9tRrPNMQ9QYzcxsbGokRw3b5rD4hrbAxJKA4obdfZymPF0fuQv5TfFJhkZ0vZYpy3Kcq2+nEqt629f6cSW61bEWhOBPj9yRfbXMHica01Bqqf0ksc7ZC1xlD/XcxxgI/0lxKsxwr230EbPsdOf6yy9JwioAgoAoqAIuBICHDeWyASs8FBQQ3OBeu31fom5omHWo6L/MWWKefmxzv/LBDND4ccZZC9CfXzQmRQbO1imEyKKytQ3rG9Mexaue5nlM96De6X3gbXnv0NmeLkK7ZGuHpmN4EmQJT8oA0Qrq5ZxwSSE23aJWEg8DwmOcHAdNZkmPtcvaIaDgPTcNJ/z203iO2ReeIhZzmi2kbiFjHOyovAfKEifUJbJyRYTH7JUy3lcJ+/8PBQs6WECtOQqPEQKQiq4HDfagfLY7uCg4NNerosrt9O5mdguRoOIUC87QOPDqdW7M/+9j7xJfbyp1Vi3dr799tXWFMoAq0LAfNN4DtLQt3z3Qq6eHhfDn/Pt4LuHbpW9b41pt+toYPaB0VAEVAEFAFFoAUh4JBkCfGrrKpBRVW5HZRi7DUwVGwqiLTImHPgNnwCxHWMiFQIWSASIIYosUtt7XKCSwkRa4BlJry1J0lGMFhxTGMF+32LKOE5xpPQ6N61Kzp16GCkH2hwlUZlKfXBsqytVUb9iXuF6Frb18l9prXIESuflcaKt46t81Z7rDbr9hAC9sSIRZTkl1ViT1aB6O9XkfM4amD6qEAftPH3VB3xo6KkJxQBRUARUASaDYFjfbSarRFakSKgCCgCioAicHoh4JBkiSEX7IgL2yWpEa0bIUVoclL0lQ1RQpJEJEdIoFhEwtEuX0PnG4o7Wv768ZRYYX5KgVBdhMEqz9rWz2MdH+38icZb5en22AiQXCK2a/dm4Jlf9iFBSJCKo9gy4Xi0Us6JJjweHNUJbf29hMg6dvnWWase61i3J4+AYnryGGoJioAioAgoAoqAIqAIKAKKgCJw4gg4JFni5S7SImJs8viCSKCI/ZL60hvHl/f3p7KIDZ3M/X4Mmy1nrWhJemY+hod44+ohHcSrEVWa2IJDIib0nEPjsGWV1bhz9nrkFZUbssQQdMfRWN4TZYbQE4dNbjRT3DShQtrnKgZm6TGKzXcVsrA5A9XWqG5mPQNNWXdz1NGU7deyFQFFQBFQBBQBRUARUAQUAUWgZSLgcGQJJ0ertidhx54U1IhNj6MGzg9lyT8kLBj9O8chwMsDVZQgOGoGPXG6I0DPONEiKRLpK3Ij/B0lkFsJ8aTb4eMLRvJEbrz3FyXjHz+m4Zoh4bhxQnuTmWQayyEJY9LJEe9xknt1cZLXdjszJaWkzK1ttiadxLEU5qPUy/Wvb8LMaYn4YV06/L1cMXVYlLGpQ/e/TRWoykZbPSRK7r//ftx2222Ij483Kmk0lGSdZ/3WPvvOYPor+bnlz55gtPYNTsRE6rDyU/1s7969iI2NrbMhZArUP4qAIqAIKAKKgCKgCCgCioAioAg0MQJNt/x9gg0300SZ65WIPY9/LfwFS/emo0xWr/PlREGN02E/xhVJXGpJJR5btA67UjPFnStdndomZydYtSY/bRAQezK1BBylMmwTdBsxwVvHkk4qE5ebJCWOJ7Acmf9j9Y4cXDH3ABY80KeOKGF+kgMkRWz7tmPuHxZnztrOMSnbUpvFlk7iWA4D7edsTC810i95BRXifcnmDen4Wltb0QluiBNJDAYaFE5OTjaGk3lsucS2ztuntcgRpuN5qw/WlvHWPrdWGdaW6m3PPf98HVGizzcR06AIKAKKgCKgCCgCioAioAgoAs2BgONIlshsjyvj5bKazFX0GWMHoJ94v6FXGcYfzoPYVuULRJXiwMcLUFhcemh22RyoaR0tFIFDkkcUwrAm6oc6YyMkGG/bOzYFwXvSRQrKKa7Em98mY0qQG+avThPX0eXo0zEIbcJ9MP+XNBQLqZdXXoM/jG+HWYv3YdPBEpzZMxij+0TgjW/34pIRUQjxc8dbC5IxMDEA3WIDsGBtOrzcneHj4YK3f0yFh4sT7jgnFm1CvMw+2+gicZY0ia29h3rSWHskKFjXpk2bMGvWLISFhSEjI6POY9NHH3+MjRs3on+/fjj33HMNebJkyRIsWrRI3DwH4pJLLjHSIakHD2LP7t1GEqV///4YNWqUaeKcOXMQGhqKrKwsUw/zDho0COdOnoyPpexNUvY777yDcePGISoqyhBcR163xuqtlqMIKAKKgCKgCCgCioAioAgoAoqADQHHIUukPRYh4ilSInszcjFv7XYxynkQbiLmz8kiJ7gMnMLaprM1mL8/E9P6dzoqWcLJnjXh00mWgU//NDICvqIKExXsgQKxVxIT5Yc35uxBSm45rpwUh+mv7cDjU6MwaWAk/vLeNjjJfXzTWbG4752t8JZ8m5MLsXJzFsYNaIMZL2zH8zNiDFnyzJx9ePDcdkjLLsW1Y6KwcG0GHv1kF169sTtcLWaED4L10DRyn1ic9dyQHDnvvPPw+uuvixttTzz+xBOGLCGJ8eOPP2LmzJl44sknje/yyMhI3HDDDfjwww+Rnp5ujB+vXLkSjz32GD799FNDft58yy1Ys3q1OffIzEcw6+NZuOaaa3D33XfjoosuwnlTp4LlhIeHGw9RMTEx4lbbqwl6qEUqAoqAIqAIKAKKgCKgCCgCioAi0DACDkWW2OaAYpdBJoA+Hm7olxiNru3CEezng4OFZUaFgmlsZAlQLlInSaWbsD+3BAWlFRCzsIcFTvaoNkBVAbr7tVwFH5ZIDxSB34mACFwYI6tuwuL1au+LGokYEO+PA71DsCOtxFgaGZzojYcv7mhquHJLLi4eEIrlmzLhJEZaq0SF5oJBEVi5IxduIkFyx3mROJBXgU3JBRChEozsGQ5a7Vm5LRvi7BjJOeXG7bG7YQ35FDRtsMiSNWvW4Mwzz8To0aNNhZTyyM3NxcKFCxEdHY3lK1YYFZoDqalGyuSvf/0revXqVde4/IICQ7SMGDHCxI0WqRISKKWlpbho2kXG9kmnTp1w+eWXG1Jk5iOPGGmUkSNHgkSJVa/VnrqCdUcRUAQUAUVAEVAEFAFFQBFQBBSBJkLAocgSWx9tKjblYjdid3ou4iMC4ekfiC827oa3eACxLabbVANoL8I5sA2eX5+BXWUuuH1wvFl1t6aRJEr27U/BXrGxEN++vaxWRxjjkfYSJtYEjFuGunMy8a2pNUrJ+PrnrWP7PFZcXRk8qcEhEeDVtpFzDTTPuoEaOFU/yiqjvLLG5p1GEpSUU3VMdqQcqtHQew3vVS93F1w2si0S2vrJNlrs7DgjVSRHnpm7D9vTSnHnubFYuSUL09/ahtvOCEVBWRX+8OoGTBsYigBfN3iLSAn/UcqKrWcdlhpO/XY19jHJRitUiC0ResPx8PDA2Wefg6FDh+C8KVOMtMnzL7xQZ8/ESu8maS07JIyjFMnDf/oTfH188Mwzz5hnkoZjrTQ5OTnw8/NDUVGRed6tcnSrCCgCioAioAgoAoqAIqAIKAKKQHMh4IBkic1bhruo4nSOCoG3pwdW7s1Et2BPXDMgTmya2CZtnC5yTkvDrruyi/Dvn/eYc27ixaRKJqeenu5YuuxnvPDaG+jbsxv++cbbePCe29GnV0+UlJSYiRlJDU76KHHCiR8D9/mb9fmXuPC8ySaex5aECo1O0lsH85Ec4ZYTPQaWwX1OLJUwMZA41h+KgtSyG7Wbw9pXF8cdc1AXc1g6+wOLVykWYiOrqNKc4n6O7FfJyQUZZaJ6IkSJkCaXCAHyyEe7cMMEkcbYlosz+4ahZ1wAAsXN8Fvb8vGf2/yRlVuKda9txpAZnZCeU4pZ2wvxx/PjsGR9Jn7KkntP7rk52eV4RsrMK66qJU5sz4J9uxpj37qH+/TpA6rOfPjRRygTaRDaLiHJccEFF+DFF18whM26deswQiRBJovdkrHjxiIkJARJSUmgNAmfiQKRLmHgs0ObJYEBAQgRWyUJCQlGwiQzMxPvvfeesV/yghAuy5cvN88T1XWo0kPpEqrm8Jmz2tUYfdQyFAFFQBFQBBQBRUARUAQUAUVAEWgIAQckS2ySJaXiFWdfRg5CA/3g7OKLKHH5GhXkLRMvEhG1XZHJKFfXy8TDCb2XWJIdXG0vL6/AWx98jNv/MAOjRgxDuthdINGxP+UAwmSSxjLKysqRm5eHiPAwbNm6zeSPj4tFjqgYzF/0A0bKinloqBA23t7YLxIqmdnZ6NQh0UzisrJzhKhxNeW2bdvGNGjj5i2IFbUBf38/Q7jopK6hW+4UxtVKD9laYN1EDbfHltSiQhpOw1jLq82gLsHoHONnEg7pFoLeQpgEerti3vR4I0HCE3dOScDclan4VdRuEsI8ERvhbdLPvDAOd5faSMC+HYLw7Zd9EB/pA3chUeZfn4iffs1A7/gAfC4qPm4iVTJ/WiwiA9wxqX8YPEQ6hcFqhzlopD+8f/lMRURE4H9iiPWHH35Aly5dsGzZMvj6+hrVHD4b6zdsMCRHGyEzgoOD8c3X32CFqOZwn2o6Z511lknPZlnPBI21ThXbJAwkF0mE+AuBQtLku+++M/l47q233sL27dvrpE4Yp0ERUAQUAUVAEVAEFAFFQBFQBBSBpkbAocgS29TUyayee7q5oku7CHh6uCMnq0LIEIFC5rckQiyyhOmplhAg0iTndo4UzyQycZRITvAoCdKzWxf898NZItLvi949uqOwqBjX3noXnnrkIXRITMDXc+Yi9WAa2raJxKYt20QaxUMkT3ogIzMLB9My8O//vo9LL5yK1LQ0zJm3AJ0lz7ffLcSdt96EOd/Ox4/LVqBdVFtRFygWAiYYmVnZUkcRnnjkYQT4+6uESVPevbUTeWvyfTxVubu74fPdWfDx3ScuqmkF5MjA8uheOF/INw83lyMT1IvhvUhipWOMvzlDyY/O7QPqUk0YaCPSeK/Sc845g9rWneMO79XOcYEmjuUE+Lhhol2a8f0jMb7/YVnkONJEBCcG1eWznonDU578kUWYdO7cGfzZB7adkiOWLRKeYxztldjbLKFkCgOlSqhqs2XzZuzZu9d4vWG8wVykT84X8sRyRcxyGG9fvhXHPBoUAUVAEVAEFAFFQBFQBBQBRUARaEoEHIossU08Oa2UiZX8kjLzEOLvI6ounoZ4mL9JDEim5sJLVG9quROTVuagaBvEdGLThDNOCZyYTb9kmpAWfpj5t+cRKNsXnvorzhw7EvMWLEJiQjzmfrcYd9x8PV5/610M6t8XF5x3riFZMjIyJc1i3H/XbUZC5PYH/oybZlyJbl06475HHsPgVaulnmqMHTEUV1x2Ca64/hYMOaMfHrz3LrO/WaRURohUCtV3OOHT0HgI1F5e0G5Gfn6+kV6wbF0crRbrEvRMjMAusSeyJaPAkGwytW8gi42su6JnW4T71Xpgsd2YDaS1RVn3LUujhAfvQWu/WkgXQ/DV5uaxFWzEn60+ZuAxz9bU5mG6uvS8jWrTMM6JaUkoSHRT32Ms3/TJAr+2TsbzObMCj+vH8dowDeOt60T1m1dfecU8a8xL9bUXX3zRpGMa1mWltcq3yrbq0q0ioAgoAoqAIqAIKAKKgCKgCCgCTYmAw5AlMpcyEiVesvofIao3n/68GV0ig3EgKw/zD5ZhxqAuqJQ0FTJh5Ho/55ycKJIo2Z9fiq92ZmJkfAjcJD8DJ1khogZw9fTLhDS5CE8//xK+FemQcyZNxEMzn8DsufMQLio23bt2wZ03/wFvvvMe5i38HvfdcTMstRoPd5FqyclFaHAQ/Hx9zGr4rUKadExMxGaRRAkTuwwMHYV4oSQJQ/t2UWYibw70T6MjQEKBgUTJ8ZJRnGgzxIf44q5hHYyxVVuMiW7wj4sYE7bScEsS41jBTOZrE9jvW+218tY/ZrxRoamtjBsSIVY4LH1ttBVn9ctK25Rb06daHO3rsUiNY8XZpyERQpfADIbskTIpTdKxo81jEOPt+2Wfl+c0KAKKgCKgCCgCioAioAgoAoqAItAcCDgMWcLOcuHaU6RGLh3aExt2p4ib1ArQ0KuLTzW+3pmBjj7uqJYJo4dMsMScAwrFA4mL7GeXV6JTmK9Rw+GaPiefZWVlRmWmX59eiBSbC5z50hgr93v36IbJV96FZXP+ayZmtDHy1F//gnc/+AiffPkN7rrlRjECWwq6PA0M8DdpYtvHoFPHDqKek2aMU7J8y0NIqexXiBQJA/d/a2JtEuqfE0ZALquxRUNjoZxgW9IO9pNrq1Ceqx8Yw3vD2XiTqX/2+I+PLPn487aElE3ZP14r69rYXzeSm0qMtIS7Q9vYUhBoyufYUTA4HfroKFhrOxQBRUARUAQUgdMRAYciS3gBaPOhQ2QIukTbVp+FqRCvH2XYkJKNguJyMWjpgpX7crA4OQf3DYkTCRKbSkK7UF8xfkkRfq5My6RYJtPJ+/bji9lzzQSZEh8Txo0x13hAvz64YNIQ9Oze1XjqeP/jT0VSoQCFxcW4+PwpxkArz9145wN45IG78eDdt+GRJ581UiMkUR66906ThnZRGPxF6sTdzd3sB4jLUzdXW7yJ0D+NggAHxS7OLqisKDdECSfalheihipoaOItt8XvDvYTeyMJ8rtLcsyMzdk/+7osNBq6XtY53SoCisCJI2D/nmromTvxEh0jh31f7PvoGK07+VbY90/JoJPHU0tQBBQBRUARUAROBgGHI0vYmUrxjsEfAwcLXiIJMCxByBOZIBeLzYk8cZuaLMRJ//hw+LmL5ImQJNVilJOGOU0eYUzchci49cbrkJubJ5PqSgQGBYhwCVe1q/HzqjW4cPJZ8PHxMW5Lb7ruGmTn5MDL08sYg+Uq99233SSGW4tMGk9PT7zxj+dRUFhopErcRT3nkgvPNyvh9LBzyw3X1u3fdeuNZp+SJzoBNJej0f6QBPMQg7+UKrGkehosXK5/sRBfvE6WFEOD6U4w0jaIrTHSQ64iSdSYZZ9gU5okeWvvX5OApoUqAg6IAJ9l2zdU3lfi7lvfVQ54kY7RJOtdbIzWHyOdnlIEFAFFQBFQBBSBpkXAIckS20DB1nFKA9A+SamQJEXiweTZhVuxfE8WXIXQuHbWGtw2JB5DY0PEW46I8XM2XRtIeJSJ+1Y/cXFKksVMruU0PeK4u3uIO+HhxuYFk5PUiBA7Csxj2cGgyk5QUJCJIyFCwoRuUlkO03AizsBB6NH2TQL906gIUHJIQP/NMnlN3MVwaI1c08YMQSxT6m9tkw8Lo9beP6ufulUEWjsCfAf6yDeL37XWGFr7u4r941iI3xr7MVFrvJbaJ0VAEVAEFAFFwFERcEiypD5YFgfiI65c/zimE+VDzOChSlgUN4mj6o49UWLl5wCj0kib2NIbYkMkTq6/5gqThMSHNRgxKh2S3hqUMK1FnDCOA04rvZXHqsd+4my/b53XbSMjcIgTa7hguV6UPjH3hGwbO1j3SGOX6yjltfb+OQrO2g5FoDkQ4LuwtQZ9V7XWK6v9UgQUAUVAEVAEHAMBhyNLSDYci3Dw8uDAj7NlShfYVl1sew0DKvNmk87+LIkP1mE/0LLft9LWj6t/bKXTrSKgCCgCioAioAgoAoqAIqAIKAKKgCKgCLQeBByKLCHp4UbvNydiIFVskNAmCaVLTiQo8XEiaGlaRUARUAQUAUVAEVAEFAFFQBFQBBQBReD0QcBhyBJKepAo2Z+Vh9Wb96BMjKvWUCzkmBxIDcIjw9C3Ywz8PT1QRWmR0+faaU8VAUVAEVAEFAFFQBFQBBQBRUARUAQUAUWgCRBwboIyf1eRJEsoUbJ68248/9NGFDq5oKDaCQU1Df8KhRbJKK/BPV8vx57ULEO0HEt953c1SjMpAoqAIqAIKAKKgCKgCCgCioAioAgoAorAaYeAw0iWWMiXibeaq/ok4g9ni7eaWgOsRsDESJhYYiZOYrwTqBADr+v2pqK4pExc2qhMiYVhq9/KbaDEWKu/ytpBRUARUAQUAUVAEVAEFAFFQBFQBE4ZAg5HlojVVWN/5JOl6/D5is3wEkv+pUKaeLg413m8KZfjMpE4cRF+5KOt+3DDxDOOqa5jTazt7ZTQyCtdBmtoeQiQMqOHB/vr2fJ6oS1WBBQBRUARUAQUAUVAEVAEFAFFQBFwVAQcjyzhTFh+CZGhGN8zAb6e7gj19UZGYRHKKsTVr5wO8fNGiLN4tJEJc1puoXHxezSAaffVTdwFM9AQLKVU6FLWw8sLZWUikaKhRSFgXb/dSUnw9vZGWFhYi2q/NlYRUAQUAUVAEVAEFAFFQBFQBBQBRcDxEXBM0QohNFJz87FyVwoO5hWibXgQUrILsG53ClbtSYWzGHMdkL0D/cszMPaM7vDy8qReRoPGXV1EIiV5336kHEgVaQRnI41QVFyMJUuXoapWzYeSJ5b0CS+ZtW/F22+t81Ya+2P7OMZraEwE5BpJcU5Ozti5axfWrFmjZFdjwqtlKQKKgCKgCCgCioAioAgoAoqAIqAI1CHgmGSJzIrbBPqjf1wbxAlR4i4kR0JEEHrGRWFMxyh0zE5C/tKFKFg4G9eGVKNTWADKK0XqhGIHdoHHlZWV+PPjf8NTz78k5Eg1XEUaJS8/H8/+41/mHNO4u7vDw8OjLqerq6uo6Ij0icS50pWx5KF0Cn8kRBjvXiutwmOW6enpKWkdT1CnrlMtfUfuCRdRm9q2fbshSnhdVY2qpV9Ubb8ioAgoAoqAIqAIKAKKgCKgCCgCjomAY87uKVmSnYdfdx9AYttQxIQFYffBbOxJTkXkttXoGlgE1wHDUF1cBO9v3oJLzWWo6T1Y9GsOcT+0SeIlqjar16w10gj5BYXYvnMnenbvJlfCCRGhIXCS9CRLdu7ajfKKCnRMTDBkSHpGJnx9fEQaZQ9CQoINWVIoakDkYqLatsWWrdtM2dFRbc2EPTsnB3uTktEuOgrBQUF1kimOeclbbquqhZiKCA8HqquQkpKiOLfcS6ktVwQUAUVAEVAEFAFFQBFQBBQBRcChEXA8skQICSeRIogODcSAju0QHuCLQC8PJMa0QYeqAvQvAvwnXg2XHv2M6k1lQmdUrPweTu0S4NwmmoZJqKthSBBKfcz+dj6uvORClJSW4n/zvqslS1AnVfLeR7OwY+dupGdmY8jAfrhk2vl4+sWXjd2UkJAgDBt0Bv7z3ofo1CEBGUKitI2MQGl5BVavW4+/3H8XYqKj8dQLL6Frp45Y8P2PuGHGVfDz9a1T8XHoq9+SGifXtKamGsHBQYiNaYeVq1a1pNZrWxUBRUARUAQUAUVAEVAEFAFFQBFQBFoQAg5HlpDgqKp2Qlp+ETanZKBMVGdi24Rgr9gscdmyA33c3OHSUaRDRHKEpIhr196omP8FagryRezDJlnCMqgycyA1FWs3bsbN189AqRhzffPdj0ApEDc3V2P/olpslpw76Uz4+voIYbILf336BZw3+WxkZGXj8gun4uxJE7Fi5SqZpAMP3Xc35n+3EK+++V/MnvUuPvn8Syz/eZWQLlXYIO26745bEBoSYozHUqqlvkpQC7onHLapQoEZvH2EjOrXr5/wYhVGukSxdthLpg1TBBQBRUARUAQUAUVAEVAEFAFFoEUi4EBkCe2N1CAgKACvLPoVk0vL4SeGXNNzCvDpD2tR4eWNeHdX+ApZAg8x6EqyhMGFXWDeQ4FkCe2MrPllHXbvO4D/vPuBnKzBlj3J+HXDRnTv2tVIfjDNHlGfmTt/gSFEAvx8pNhqBAUEoIOo5DBQ9SNMVHZoL8NHSJWe3Tqb+KDAQGzauh39+/bGzTOm456HZmLooP64ZvrlYtPE3UziTUL90+gI8BrRRgyvM39KljQ6xFqgIqAIKAKKgCKgCCgCioAioAgoAqc1Ag5DlnDCWymSAn07x+EhMZSaV0AbIVS9ECpE/lTK5Dgs3Qc1RZnm2OYbxe7a1fIlFlFSLB5vPv1qDl549CGjesOyqCrz5TdzER8bCx+xZ5KZlYW7H3oUb7z8rJFSeOSJp02B5eXlxoaJOZC6KZXCQO85JSWlZr9S9lkXz02aMA6jRgzDtKtuwJgRw9GtaxfjqUUn8QaqRv8jl1JIrcM9GDV6JVqgIqAIKAKKgCKgCCgCioAioAgoAorAaYuAA5ElQkbIBDjMzxvnDOh6SFqAbImzC2oyU1HywwaUbPgZxUJmiHVWuWgya64sR9W671Hu4QWvW/9k0tJTzcbNW0S9xhvDhgwy3mtIXIwSImPBD0uMyk1EeCi8vb0xetgZmCUqNVTbiYmOMjdCoEiW0MMNg4tIrgQF+Jt9pgnw97PtC6FDiZOk5H144+33EB4WgimTxiE2tr0hXpQoMTA12R8SJhoUAUVAEVAEFAFFQBFQBBQBRUARUAQUgaZAwKm0tFTYCMcJpjEkSKzAXVGBqSkqQPX+vXASEqPy15WoyTiAqu3r4Tr0LLj2PYMWW+Eixl6ZlkQFpUO4pTtfSoAw8LiiolKObTZF6DKYx9nZ2cZwKM/THW2FlEWyhGo6lCChRAkJGG6pAsJ8dF3LfboRLiwqQklxifGcw/yM13AkAsQmX9w2E2c/Pz+Db1JSEnbt2mUwta4TczINr2FCQgJiRRKIkkL0OET1m+ioNnKuQqR8ShAaGmquGfMwP/PRLg2N7JLc0qAIKAKKgCKgCLRUBE70u3ai6VsqLtpuRUARUAQUgdMPAdqrLCgsrPM+y3nfsYL1TczLyzNzd39//xOafxYUFMBhJEusjpou23fcRMgk2M8fzt37ikCJmPl0cUbZ1x/COa4T3EeOh3NUe9SQoBAAGQgMCQ1r3x5Id3c3M6FmGv5o7LVt2zaGCLHSe0pe2irheZIm/Jl9IV6sNCRhGEiM0M2wv0z+LQLFnNA/ioAioAgoAoqAIqAIKAKKgCKgCCgCioAi0CIRcDiy5KgokgypKjNebJxjEuF5wx9FR0akSFzdUFNaItmEVbEjWUhuNBQYb3+O+2Sp7AkVEiVWqJ+2oXgSJpQ6sS/DSqdbRUARUAQUAUVAEVAEFAFFQBFQBBQBRUARaFkItByyhLhaZIjYEXGiigU5DVGpMUQJz//O0BgkR2OU8Tubf/plO8RlnX591x4rAoqAIqAIKAKKgCKgCCgCioAioAg0OQItiyypg0Nmy1W1dkEsAqXunO60ZgTM5dZr3povsfZNEVAEFAFFQBFQBBQBRUARUAQUgVOOgMOSJfXNtVCY4LC4ehNmFTY45fdSszSgSkgye9WoZqlUK1EEFAFFQBFQBBQBRUARUAQUAUVAETitEHA4soQciJhzNRo29lfit8gQEik6ibZHrPXt07V0ZWWVsTHDa62qT63vGmuPFAFFQBFQBBQBRUARUAQUAUVAEXAEBByGLOHk110802zZn453Fq9FZnaeeL4Rl8ES7yoecDxkv4SuewU1Jydn4yJYXNEYLzguYuh1WPd4XDSkB1yEbfktYsURgNc2nBgCJMNoSNfL28u4cabbKCXHTgxDTa0IKAKKgCKgCCgCioAioAgoAoqAInB8CDgUWeIshls370hCRkERrh7bTyQIKuEhBMqOAxn4+6Jf8fSFI+Dt7oqq0lKgshxw94CrhydScgrx/tINOK9/Z3h7eZpJtb3KjjWpPlFJBE7OnYWkaaxwMuWxDySBnOupHzVW21pSOR6enigrL0dRUVFLara2VRFQBBQBRUARUAQUAUVAEVAEFAFFoIUg4DBkiYVXeWkZBsW1wchenawoRAQHYP6WfRjdrys8C7NRuWg2qvfvgXNcJ7iOOgsZiMHXS9cbKZO6TLU7wjHAjZ5zJNR3EVybpMENiRUvLy+Uy6TcIlsaTHickSRdPDw8fld5rJ99cHFxQVlZ2XHW2LqT+fr5GUxOlABr3aho7xQBRUARUAQUAUVAEVAEFAFFQBFQBBoDgcYTm2iM1kgZnPxWiTvglKwcrNi8C9v3pyG7sBhVYquiuEJ+WzahYO9uVIw7H3nr16BkxzaQPrDJXRzZCKroJO/bj5QDqXB1dalLYE+A1O3biaOQWPnxp6WG3GCmujTcrz0+LI6SH7U/prcFUQmSOPapoKAAPy1bgXIpl8dW2obKsHJzy/Ourq7Ytz8Fq9b88v/snQd8VFXaxp9MS++VhJBA6AjSREQBsbt2xd772ttnw6649rau3cXeu6Kube0FpfcWQkhCCul9WvK975ncOISAsIIO8hx3Zu6ce8655/4n34/ffb7nfV8z1+pff25grLVu8Bp/xWP9qVTMoljyV/x1eU8kQAIkQAIkQAIkQAIkQAIk8OcSCDmxRJUIfQCeubIED382Ex/OXor6Vg9cInpIt+QxCUOYV+SRhjoJSZGwFHFchKl60U3TdXw+H26YeifuuO8haCUVbdpvuU30u4oRLpcTlZXVeP/D/8ixCz7Jj3LPPx+DV+arI8TekT9FxQg9jpBQEJ2n39U1oq4PXTNCxmqfzpkzbz5m/DLTrFdZXY1/PvFvNDc1m+s7ZHxgDbsZr3vSuS5ZQ+frHr746husWl1orrN85Uq88Mob5pzuWcfpeJ1n9iR8rD3otdlIgARIgARIgARIgARIgARIgARIgAT+NwKhJ5bofYj40Sc9CQcPy8Oo3pmIkrwlfhEQNKGrfdDOsA/fDb6ZP8AxegIceRKu0+ZXBWQ9ApofRAWHRYuXyikb6hsasXzFSiNitLS0oKS01IxXoUGP3W4PVuavwoyZs1ElwoZPHCA5PTNNXoyFi5egXhKKBsQIB5qbmzFrzlxUrFtn1tNko/X1DSgrL8e8hYvgl2trWyDHK1bmo1HOx8bE4JF770BcXKysY5Nr1GD23Hmoras3Yog6WebL+NVrisx3XfO/X3+HsrJy1NbWYujgwbjluquMOKL7KBS3zIJFi42Yo/dZJ+vodYpLSrB4yTJzfRVS2EiABEiABEiABEiABEiABEiABEiABLaMQMjlLDHbl2f8ospafL+sEDu1pCOvRwrs4S601VTBX7RCrCDi9Bg4zITD+BbORnt6rtpDfr3zDneKCiHT//MpTjluMlokKeyH//kMQ3caYkJa/vXkNDxw520mGexd9z+Ms087WcSJb7E8vwAvvvoGDvnb/miUBKKP//tZyXXiR2VVNe6/81YjXNz/8GPYafAgEVcKcMYpJ5jQmhum3o0xI3fGkuUrseuo4dhv70n4XMSO5MR4NEselop1lagWgeSBu6aK22QWHn5iGkbuvJOIMj6cceqJeHLa8yL4QASTJbjior8bt8h/f5ghgo8Ti0T8WLRkKYYNGYzzzjlDHCavYebseUhPS8W6yircftMUI5yoc2XcrqPx0y+zcfD+e+Pk4481zhqKJr/+afCIBEiABEiABEiABEiABEiABEiABH6LQJDC8FtD/8DzInYkxkahd0YyMiS5q1PjbaTyjb8wH55n7wLGHSibkT5xcLh//hT+E8VxIWExojB0bDKQEHWtOEbmLFyM888+A62SGPXp518RJ0edhMs4jIhgDVcXR1pqMvaeNEGEDx8uOOcstLQ0yxwPzjr1JGRlZuLMCy7F0mXLMXfeAnPtSRPHG7fKS6+9icMOPlDyZ4TjkvPPQUNjkxl7+iknYv+9JyJS9nX8MZONa+X2ex5As7haHhdh5JLzzsKuu4wWR0idcZKcc8YpSElOxpvvvIePPvkc1111OXYdMRRHHPI37DJqJN6f/hGWrcg3Qs9b73+Epx6+T/aciiuuvUFyq/yA2NgYZIh48n8XX2CElRtvvweTjzjMhOqoy4aNBEiABEiABEiABEiABEiABEiABEhg8wiEnlgiGoj8T8QMv4TGeI1roz3CZaJstD9MQlDgkDwlcqzOkTCb3YSmBMcTBXJ42DFr9lysKlqLaS+8rKOxeFUh5i9YiKysTBOao+EwkvUE4RLGok3L8moSWBVTmpvbERsdhcSEBBN+0yc3x4gjNSJu9O2Tg9WSS2RA3z7Izell+nv26GHCfmKi25GWkmQq79hlb1ZSWb2WCidaXccl6w/o388INnFxcabvFwn/WSDhPmXl60QESZH8Kn44pJSy5kXRpqE3muOkvKICmRnpiJd52sbuMhJl0qfncrN7GhZJiQlISojrtjqQmcQ3EiABEiABEiABEiABEiABEiABEiCBjRIIPbFEzCHNbh/GD8nD2IE5cIpgMD+/CO7mVthy8uA44RL4mhpFNRG5RMQSx4mXwJuWJecLAn1yqyosaF6RN9/7EPffMgXDJPRGQ1EGDeiPdz74CBeee5YIDOtMjg91euSvKTbnlVKd5B5pbm4x4TlauUYTvar40iSJWaOjItGrZ5Zxp+yz154mT4huY+nyFWiS6+k4dXG0SNiNXq9Nqvo0itNEm/Y3SyiQihoyDDNnzcHE8bujVHKSaCLY5197C9MefRAfS9jQzLkLRASymTwqmofEzJdJutdsuf4ScZhobpLsntn4z+df4aRjj5Iks2HmvI7VRLaag4WNBEiABEiABEiABEiABEiABEiABEhgywmEkFiiXpE2pGak4B/v/4h5q0tFbJDKM+LIWNfQgo/WVMLV5oNLBIvOJoJEWFs9qup/RGp8tBhOnEaU0ISnmpQ1JiYKe4wba5Kwqnixl4TOfCghLhqSc/B+e+GiK6dgsAgoOw3oK04Qn3F7NEmeklv+cRfOPv0U9EhPEweL7gvi5IiVtdtxyEEHYuqd9+Kyq683yVnPlJwlMTHRnU4PvU6yODtUHBk+bCiuu+0uEVJacdAB+yJeQmXUxXLJeWfjXsl78skXX0noTIqE/0xEVkYann7mBRFr6uW6qXCKo0TDeK6//T7cdJUXcTJXBZGM9HRcfcl5uPvBR4x407dPLsbvPg5fSr6V+PiA20Sr9SRJrhQjKHXC4gEJkAAJkAAJkAAJkAAJkAAJkAAJkMDmEAhrbW21En1szvhtNkY3YRehoV5cGQWlVeKSaO1wj0h4jIgE6hbRZKjt4taQE0H7kNK9ci4jOQHZKSIQ6FlZR8Nd9NMq76v9uo7H45V+mwm1qa6pEaEjxpQC1vNa+lcdIlqZJiY62ggoGpKj62iffmpZXhVCNFmrS5LOxsXGmnPqQNFyvtr02rqW7lmr5Kjgo44SXUP7dVyTuEQapUJPQkK8nAuXxLF1xhmSnJRkQnB0nDpVVDyJiow099gm19B+vaeGhgZzL4kizOi+3CIAqWNF96vz9FoqGoVS0xLL9XI/ut9Y4aZ8CgsLkZ+fb/aq+7aajlGOeXl5yM3NRYv8Lpp8V3nl9so296hjgpvO1z79XbX6kLJiIwESIAESIIHtlcCW/ru2peO3Vy7cNwmQAAmQwI5HQJ9vNddoUmJit8+CXYlY/yZqjlCfzydVaeO26PlTn7dDxlmij73qJIkT4WB0v2xNIPLr/VrP0EFdv56UIznfJqEnXhETtCkYSyiwIAX6IWKHS84HxqRKQlWrzK+eV4gqTIRFRRnBIkIr8OhgadZ6OkYfyFMlIWy7OE30uz7060uvpU2FERVU9BUfH2uup8cqiqg7RcN7dO2oyFRzHQ2ZUdFGf0C/rGfrEEp0Lf1j0LmmdVxD/1CiRcyJiQkz8/W6ljBg3a+1h8BEvpMACZAACZAACZAACZAACZAACZAACWwugZARS6wN++XB3yfujy1tqqMEOw0s4aLrOipWWM3bIXxY33W+ChOW4GAJJXreWs+6hobtqMNFv1vnrHU6xQ3p0ES11hzr2oHrtIvQEXCr6HdN6KovM7ZDdNH1LHHGWls/A/N/3ad+39QegufymARIgARIgARIgARIgARIgARIgARIYNMEQk4sMaKH7Lnrw7+5DTmpITRbqxlhopvFNtYfPHRzxuj4TY0LPhd8vLnX2dic4Pk8JgESIAESIAESIAESIAESIAESIAES2DICISeW6PZtznDJ0bFhzI0aLvwSgoJ2DbfZ8PyW3TpHkwAJkAAJkAAJkAAJkAAJkAAJkAAJkMCGBEJOLFG3RH3RPNSXLA9yl4gwIoldIxNTEZ8zEvbwGPN9w9thDwmQAAmQAAmQAAmQAAmQAAmQAAmQAAn8PgJbL6bl9+1DZmslExu8rfWoXPQGPHXLxF0iyVTRHHjZ3KhZ+gYaS+fLOB2rIS6bDnP53VviAiRAAiRAAiRAAiRAAiRAAiRAAiRAAjscgdBxlmjeVSkt63c3amkbZIw+FrE9+kvSUzlhVBGgtmAgKua+jLK5byHMFigLG5c9EimD9ocjQsoGMzxnh/sD5g2TAAmQAAmQAAmQAAmQAAmQAAmQwNYmEDpiScedqbtEdRO/t1UqwUjFF58bdhFRbCKYJPUcKuV3z4W3qUbEEgc8TRVoKPoGvobhcEUno80ruUyCUplYSWKDE6FqX/D3rkC1ko1NrqdNx1rjNzUneI3urhl8nsckQAIkQAIkQAIkQAIkQAIkQAIkQAKhTSDkxJIALpVLwkQgscHdBpQ3ueHtKMEbFp6LsMg+InjY4IlYh9KC+XA0tSCyG85Op9OIHcHld8NdLlnLF5QP5deJKpKEh4fD4/GYEsIOhwP60uZ2u38duJEjFUp0frsILh5JRLu5AstGlmM3CZAACZAACZAACZAACZAACZAACZDAn0AgRMUSzWDSrlE5WFJRj1u/XQWvvw1+ESPa5CVKhwnNsUnS18rGATgqAjgrvQXJkXb49JSAVOGjsKgYKo6kp6VKOI/fCCBLlq9AVo8MREZGmu8Wc7vdjsamJixbsRI7DRqIqKgorFtXiR9m/IyM9HSMGrFzp8DSnXtEHSkqrMxbsBDRMjevT28julAwsQjzkwRIgARIgARIgARIgARIgARIgAS2DwIhK5Zo2E2rhOHMLa3DqNRonD8uz4gg6jmxms0WhmWVTZg2pwhVjS1Ii46T0B2/CeNR4eL1t95BXm4Ojj7qCCOWqMPkhql34fYbrsHAAf2NmKHuExVSVFwpL6/A/f96HE88eA+qqqtx1Q23Yvy4McjN6WVcIiqIqPgRHu6SLYSZ+boXFU9cLifsdgc++fy/yO2VjX5980w/xRLr1+InCZAACZAACZAACZAACZAACZAACWwfBEJWLFF8aiDxtbUj2uXAusZWlFU3iSAhOU2MYiLOExEuiutbUdPsDjhOxFKip6y0JeoWsfKPWD+Hy+mQfCc21NTWmsGlZeXiMolAds8s87rt+msQGxuLt9/7ADEx0Thu8pFG9GhpkVAfcaNoW7pshemzBBG9zurCItMXIWE4ERFidWEjARIgARIgARIgARIgARIgARIgARLYLgmEoFgS7B0RQUSwtkoIzty1dfh2xTo4pUMTvqoioufWNXtQ7vaLANKhlHT5GTScJ7i1ifiirpOPPvkMH/znc4wYOgRfff8Tbrn2CvSV0Jl/PvokrrrsIvw4YyYaGhvxzAsv4+fZc7H3xD1w8vHH4uHHnkRLaytc4kj5ZdYcnHrS8Xj3gw/x9gcfY9dRI/DiW+/jtmsuD74kj0mABEiABEiABEiABEiABEiABEiABLYjAqEnloTZDT51f9gcciyuDUeYF2mxEdijXyqG9IjHgpJa1IpIEhfpRGp8JKYvLZNQGskEa1lKOn6AdslpoklitXXmGZFjHVbf0IB9JozDWaefKmEzPfHFV9+iT24uqmtq0DMrE3vtuQeWLFuJi847B6+/+TZq6+uxaMlSPP7Sm3j2obtMvpPLb5yKXXcZhTfe+QA3T7nShN7U1tVtVjJY3RMbCZAACZAACZAACZAACZAACZAACZBA6BEIHbFEjSEibthdUSKSRKH052eB2CxUloTD1nMCfCKG6EudIZrs1S0vr198I/I9YB4JKCX6rsKI5gqJkUSrzRI+o03dJFoFR6vUREVFmnmp6SnmXEJCgiyxBn7JSWJV0NETGvIT+LRLThIXKquqMH7UMDSK46RV3CX33nytcZnExUYbgUXHpqYkrZc41izANxIgARIgARIgARIgARIgARIgARIgge2GQEANCIntqloiYokzCqlDj0Jc7h5wxfWEKzrFaCH1rV5USgnhFq9fKuC4UVbXgoqGVrglCazmLulQTNa7kxE774zHnnsF+atWGQHjjbfeRVxcrFTHSTMiileEE22a+LVNkrxqUzFFm4owfkkWq00r8Kg4kp2VhcbmFuw6ZjQOOnB/9M3rg149e6K4tByFa4qgeU1mSGiOCjNsJEACJEACJEACJEACJEACJEACJEAC2yeB0HuqF+EjOn0QYjN3MmWAU22FKKisQ05iNOIjHEiQ0JthEorTkhSFyHCHiCsOuNVdEhSDo0ld3W43Ro0cjovOOgXX3nw7YiVZq9PpwvVXXmZcJ5qINbwjEatWstFyv+pGSU5MNL+k6YuOMscREeFGPNGErofsvw8uveo6SQIbgwwpSXzZhefhrFNOwHW33oExkrMkLiZGquWEb59/Ddw1CZAACZAACZAACZAACZAACZAACZAAwsQxsX4G1FCAIk4O/U/zjXy/uhI3fbcKQ2LCYRcDSYs4SSIll4nmeFXLydoWL4ZlxuHs0blIjXKJwCIhOB33oOKHujw0P4m71Y2EhHjzXZ0kGpKjjhQ9b5wlEoJjQnXEWaIhN1pOWB0lmsjVOq/9WvmmTvKSeL0+s54KM3odzVWiITyRIsCoYyU4nCcUkIbCHpRVveR+UV5acUhZFhYWIj8/3zC38sroXnWMx+NBXl4ecnNz0dLcjOX5BYa5lma2Qq2C78vq07wzsSJa6W/ARgIkQAIkQALbK4Et/XdtS8dvr1y4bxIgARIggR2PgD5jawGWJDE3WP/ebYqCNUaf3fV5Pi4ubouePxtEQwg9Z4nesTwo63/aRmQl4rEDBqPZreExgV4jpYhQoiNsoqBkxEUhURwn/iChROcqIH3gVtdITHS0hOL4jZChD+IqglhjrLAZHa9lf9s6hJPuzuuPpKD12j4RVDTPiVwICfHx5no6l0KJQcs3EiABEiABEiABEiABEiABEiABEtguCYSmWNKBUi0vUS47BqeLOCECx8aaTwQKvwnF2XCEzlOXiDY9ttZRYcRqwcdaVUcvFdwXfKzzVZnSZtYLHHT06frrzzUD+bYeT+IgARIgARIgARIgARIgARIgARIggVAm8AeIJSJKWLqE0Ts2Lnp0BaUjVdPQyjebar+1oiWQbGoN65yKHb/Vuluvu77fWmdHOm/xsT53pHvnvZIACZAACZAACZAACZAACZAACWxfBBwaNrLNmuQcCbO7xIIhn3IRLQ3c7pdwGvncms3SYrbmmlxr2xBQlw4Fk23DlquSAAmQAAmQAAmQAAmQAAmQAAlsHQKOwqKSrbPSequIfBFmR7unAd7qfPgbqoxQ4ohJhDOlP8JcsR2CyWbYONZbl1+2ZwIqlLikelFKUiApz/Z8L9w7CZAACZAACZAACZAACZAACZDAX5eAw8rnsXVu0fhHxEhiR1tLNVpXfQh/cwls0XkIEzdJS/EsuCtmITx3Pzhie4mAEsglsnWuzVVCmYC6SVQsMU6mzYl1CuWb4d5IgARIgARIgARIgARIgARIgAT+0gQcWzMkwiRClZCbdl8LPMVfA34PYgafBkdMhkCURKtN5WhZ9R+4Cz6BfdDxgDPGOEy25h7+0r/Wdn9zVoJdBk5t9z8lb4AESIAESIAESIAESIAESIAE/sIEbFvz3hw2G5wOJ9qaq+CrXQZHr0lojUxEg7teXnVoiUhAWM89JG9JM/z1RTLWAYd9wy1YDgR1IRgBRrO8bkHrnLcFc7obusE+uhvEvi0gYP2ODL/aAmgcSgIkQAIkQAIkQAIkQAIkQAIk8AcT2GrVcPQxuLJRRBDYESNiid2ZgAUtVXhu3uNwtqsg0g5PWBv2y9oD+8Zkw9dYjnVR/eD3uZEcG2USwFr37nK5YJNQHm2aFFZL9Wq40OY6UKKjo+Hz+uDxejZ7jnVt61OFEqfTCYcIOtq8Xm9nCWJrDD9JgARIgARIgARIgARIgARIgARIgAT+egS2iliiPgG/iAvvz1mFslYfzujrQZzkpfC1+VHtq0d4uyR7lfPt4iKxSZiONp+oK2/NXomahgZcvt8ocZiEoU36bDJvxYrlqKqsktwnYYiJjkGvnBzExMQYwULn6loqnFjiiVlb+mzibFFXyUcffoi8vn3Rp08ePB5351hrXPBcPTZ5NGRdaz29hgola9euRUHBKrPugAEDkZiYaIQbPa9r6fWsY3Ngvmjxn4BzQs93zQmj19C52oKPzXeVjOR/7VqhKOj+zGC+kQAJkAAJkAAJkAAJkAAJkAAJkAAJ/CEEtopYoo/+dnm4P3xkHtptTkS1lkgi1woMi0rFIxPuQZu4R7TZHBFwNVeivfAThCcNwtGj+qJN8prYRFxQ/SAgMQDvvfsunnzicfTt1x8rRTjZbdzumHr7P5CdnR1YR0SIYKeHQ0J/HI6AINPc3IwLLzgP993/IAYMGCDrtsFut8Pjdnc6RbwerwgzgRAfvc5hhx+OXr1yoHNV4NDX9Okf4IrLLjXXs94+/PgTs6aKKzrG4/EY4UOdMNqn19Gm/dr3yisvo1/ffhi3++5mbT3vlXPqVgkce+F0SdiSmevoEIPaER4ZadbVddhIgARIgARIgARIgARIgARIgARIgAT+WAJbRSyxtpwUHSmKiLgpnGnwx/cD1nyJhH6HSzWcNCOE+JvXobnkRxFUIuBM7IMkETkAB/xqKQlq6uro338AXn/zLVSI6LLfPnvhyy//ixNPPAlLFi9GS2uLiBYDoeE26s6oqChHYWEhevbMQlJSslkpPDzcCBr5+StNSM6AgQNRVLQGJcUlxnWSnp6OGTN+woMP3I/sXr0QGRmF2NhYI3LMmzfXCCUXXnQxTj7lVLSIiLJw0UKkpaWhqakJy5YtNQLHoEGDjQCzfNkyJKekoLy8zDhPhgzZCcXFRbjx+uvwf1dehZ4i8rS0tMAtgk2/fv3MPVVVVSIvry9Wyv5SZG5p6Voj2KjIMm/ePISHu8w9dnWfBGHiIQmQAAmQAAmQAAmQAAmQAAmQAAmQwDYgsFXFEp/aQyS/SJgjWsoD74uWZW+hYdEzcKQMN04Jf90yiTHxI6L3QWJFiYBP8pCon0T0js6m4oC6PvzitlDBQwUMbSpS/POhB/HvZ5+Fp7kJRx55FG69bSoWLFyA4489BipcqIhy7333IyMjA1FRUVgswspBBx6Ax554EuUiqFx//RSM2WUM1q1bh6uvmYK33nzTrK0Okqf/PQ17TtpL3B0+zPxlpuk/8aSTkZycDG9cHHJyc1FXV4frplwr6y7Cqvx8XHDhRTjn3L/jzjv/gbLSMsTGxWLO7Nm4R/ag19D28ssvGtGmtq7WrPv6G2+aMZdcfCF+mTkbN990gxlbtGaN7OEZIwoVFq5Ga2sr9t57H5x2+hmGnVmMbyRAAiRAAiRAAiRAAiRAAiRAAiRAAtucwIalaH7HJVXzULFD4m5gi0yCI3Eg2t01aGsoQVtjCRwJAxA18AT57KOJOczYYKFEL635PDREJX/lClx7zVXYbdddzI72AcdMgAAAQABJREFU2msvHDX5aHzx2ed48ulpePvtt7B8xQpMe/pp4/54TUSIZ559HllZPREXH29cI9deczWunXIdxo7dDeecdSYmjJ9o1pjx00+Y8dOPOO44KV8s7e1338Mee0wwAoWG7dTV10oIUD/jXFFHiIb8NDY2mvCZc0UcefmV10SUeQCP/Oth1NTUiBslXK4xFs89/yIuvuQS/PupJ3HooYeZta++eooRVDRsJ7IjvMbKaRImfc0iAk2YMBHf/zjDOE5eevEFHHPscdhnn/1w1513GIeKOm2sPCdmUb6RAAmQAAmQAAmQAAmQAAmQAAmQAAlsMwJb1VkS2KW4S6SSTbunQcoD58OVsQci+h0oKkhACJGnfj3Y9A11nB47dpwRDfpL7pFeEirz2Wef4nN5WdlN1G2ydm0J9t53X8SLQJKQkIAGSRiroSyzZs3CvLlzRLy41CR51QtqrhB1hFx97RQMHz7cOFi0PyZGwm8k7MXd4EZERAR69+4juVJWoLioCDsNHWrCZ6yKPIvEVfKDiCGaT0TznLjdrXBLEtneffpImE46+khozdKlDxk3ia4dFR1lRJI2fyCnibpl9KVNhaWlS5fi4ksvk3l5+OijD01/SYkIS7LXW6feDpczkA/FnOAbCZAACZAACZAACZAACZAACZAACZDANiew9cUSETrC7A5TGrjdWw9n7n5iIpFOqYyzXrzNRm5NBQQt+ZuT2xtHHHmk5ARxych2E1Jz0QXn46GH/2XyhLz37jsibIRjxMhReEqStI4YPgIqMmRlZWHhggV47PEnMVmcKGeefio+++JLCbGZZJKsTtxzElYXFCA9PQOVlZVmFxpWk5SUZEQNrV4zenTAzTJlyjW46OJLZOtt+Pbbb5CSmor7770Hzz7/ghFS/vPxR3JLAcfIypUrsWDBfLwjjpeDDznEiB26+DIRQ3beebhZ/5uvv8L8+fNNGE6q5D+x3CIactMm183NyTX76d+/PzJ7ZGKN5FhJlH1pAljj2DFn+UYCJEACJEACJEACJEACJEACJEACJLAtCWzVMByzUREP2n3N8FUths2VDFtMumgdgVK4m3sjMdGx4tqQpKiSWLVZ8pOomJAqQsXRxxyD5559BjNnzhSRZKRxaJxx5llGxDj33LNNWEyrJFHdddexcDgd+NtBB2HQ4MH49NNPTKJVFVNOPfkknHXm6ZJjpBQ5UpJ4/wMOxKUXX2QEDHWkaNUcFVzefX+6yX1y5umn4eyzzkBcXDzGjRsnax6Mxx97FCqO7COOFi3zq3lV1PWiuU80LOfv511gnC6aIPbee+7GB++/hwkT98TgIUOguUo0+etuu+1mxJKhQ4chMiLSuFd2GTMG10jYkF5z8uSj8O0333RUyOlw5WwuQI4jARIgARIgARIgARIgARIgARIgARL4nwmELVqy7DdiYrZgbQ2vsUspXMlR0rLsRbh67gNn+oiAWLIFy/gkyaomeVXxwjRZ1mYPlOrVMBsNubHcFhrSolVmNCQnJibGzNFjzXui8zXfiIbM6Dk91vlaRUfDbXQNFWK0X/OJaF4Rber4MMKJzNOcJbqWJozV0Jj6+nrTZ+1B1xg+ahguvfBSnHra6cYBYq2tLhXdS6RcK1xeWppYr6XX10/NRaKfur6+bCI0aT4T3aOuGy8CTbv8p8d/haZcw6VUcmpKsuGtPLWKUb6ERilvy2mj92ocRsI/T8KTciW5rgpny/MLJNQqHrkipOnYrm4bq69aBKtY+b2VLxsJkAAJkAAJbK8EtvTftS0dv71y4b5JgARIgAR2PAL63NwgeUSTEhO7fRbsSsT6N1GLtGhKjTgp2qLP3Jv7/KnP5Fs3DEdyu4bJQ2xba60kCEmAI3mgKg9d9/2b353yQK0Pwp0igeaMlVAYffjVMrvarzeqTaHpQ3eiQNN+/W4lUlWxQs/pPAWkczTcxhqn81Vs0fHap0C1WQ/qKp5oPhO5CehauoaOVeFEv+u6+nn9tTdInpPeAUHG4zXjdA2dr3lUdO3gufpdr6vXU2FFP/Wl/aISmXV0vq7NRgIkQAIkQAIkQAIkQAIkQAIkQAIk8McS2LpiiZQBbpfSwI6kvlIJJ0/sIPr/2d9yscQSD9ZDIYKJ9qvooEKC1fQ4uF+/G9FBBljn9Lx1bM3X79r0nN+n+VTM1843a3y7ybUS6NY+XdtaT4+17yQpMax96mDRZq2tx8HXM/tSHEHXsvaqYwP9HfuX9WQh0/3XebPuZ8v/Jv46DHgnJEACJEACJEACJEACJEACJEACoU7AoQ/5v7/pQ7CsI6EzulqYeeoXEcPvMwKA+b4VH/w3tueN9Xe9v27HbQpDN+cCawTuWwWRTbUNrtfNet3O3yq/Tbcr/+GdAQEp4KDpUIX+8D3wgiRAAiRAAiRAAiRAAiRAAiRAAiSwOQQcVjjL5gze6Bh5qA+TXCV2Z4TJubHeOBEG/D4P2rzuLs/IlstgvdH88hcmoKKRyQvzFxKB/sI/F2+NBEiABEiABEiABEiABEiABHZYAo6c7KzfffNhNgfc9aWoXT0DHknEaZlI9OHY7nAiOXsgorMGmFCVzovxgbkTxY5yoEJJoyTl8XeEL+0o9837JAESIAESIAESIAESIAESIAES2L4IOMz/p//37FlCbxzhTqwrnIOG/A+Q0P8wicbRxKTqNnHBXVuAynm/wLXbhXDGpEmAjsagSGBOR4LWDUJUfs9eODekCejfWnA+l5DeLDdHAiRAAiRAAiRAAiRAAiRAAiSwwxL43QleLYOIp6UVMb0mIWvkofB35ORQh4m3pRFl899G0dd3SfnfKHi1Ko0zHHFZw5HYbx84IhO01I3oJwzL+Sv/FVqimH5SMPkr/9K8NxIgARIgARIgARIgARIgARLY/glsIJZs6mF2U+f0Abi9zQefKCV+T4sRP1RIsUtFnJzhR6C0x2g0tbqREx+N1tYGlPz0OCKSByC+V6pUmOm+RK71gL01Hq51LWv/W2O97f+n/2PvgMz/WN68GgmQAAmQAAmQAAmQAAmQAAmQwP9OYAOxxOl0wO8PlMftuqye01K3bW0d1pH1BgT6zENxWCDcwmELQ6PXh/IGPz5d7cTqOj9OGZWBrJQccZnEmqSvaigRGaOjgs6vC6rQ4nRq6WFxp3i9v8uNoCKJw2GXl9MIJrqeJcT8ekUekQAJkAAJkAAJkAAJkAAJkAAJkAAJkADQKZZoEIwm3iwtq0J8fBzCXa4NBIXSsnLERMcgOjpyI4JJAKmupdLJqpomfLysAotrmlFYVouiBjdKWlrQLz4CQyrrMakjb0lg1vrvdrsNa4qKodV6MnukGwFHRwREDusKamARR4sqK0Et2MWg51wiulTV1GDpsuVITk5Gn9ycTvHFmtt1ji5n9emY4OtY/Tqmu/naz0YCJEACJEACJEACJEACJEACJEACJLB9ErB1bltEB5/fj59nzcGsOfPg6eLmWLGqAJ9/9S3qGxqk/Ku9UyTonG8O1COiwgJQWt+KB3+U5K7NHly2ay5OHtEL+/ZNw80T+yM10oVHGoahwBPbkQxWxY9fm4oRPsltcsPUO3HHfQ91CiXaH3CI2BAREWGEFBUrpP6xOVZRJDzc1bmQnlN3yuo1RbjsmhvM/u+8/5/4+NPPTL+eV1EoPDy8UwzRJKS6ts6zhBCHw2HOR8g4PdZ+fel+IiLC1xvbeXEekAAJkAAJkAAJkAAJkAAJkAAJkAAJbJcEOp0lAeHAiV1G7oyvv/9JxABgzKjhRhxYvjIfv8yZi9EjhiMtNdUIGcHuCnPnau6QEsJ2Cb3xwIZPV65DrMuBC3frg/S4CDm2Y2R2IgamRCM3sY8M3hefrm1D356tSIhwwiehPSqZaJhPZGQkZopoEybhPPUNjVi+YiWG7jQEdXX1cHs8IozYUFRcgt45OYiNjUFlVRVcInrU1tZJPpRW5PXpbcQMXUudKV9/+x3Gjh6JC/9+Nurr69HU1Gyuo+f03tRRk5Pd04gkTU1NWLR4KVJSkpGZkW6uV11Ti5iYaHGmrEBaWgpSxJ2i3hm324NFS5YiKTERPbMyDRc5wUYCJEACJEACJEACJEACJEACJEACJLAdE+gUS/QeVCBJT0vDxN13wzc/zMAPM2YiISEOi5YuM0LJgL55G73VMBEwPPUlaK1Zi6Jm4L8Fldg7N8m4VZrcXsxfW4syCcNJj40wITwD0+LwyMxCLC6tw+69U1R7kLiXX8Nqpv/nU5xy3GS0iPjx4SefGbGksroKN069G0MG9jMiSmNjEx64a6oIK7Mx7aXXZd9j8d2PP+OIgw/A0Uce3ile5PTKxi33PIRBA/pj9MgR6NEjQ4QONx598t9YW16BSHGH7DZmFwwTQebmf9wNvc8ly1fgmCMPxZ7j98Dt99yP5KREI8jMnLMA9069EYmJCbhTXC+5snaprLHfXntij3FjzbobCEkbpcYTJEACJEACJEACJEACJEACJEACJEACoUZgPbFEN6cOk/S0VOy5x1h89e2PWFFQgPG77Yp+4tbotonA0SYVcOKy+qKi4kcUfHkHXmkdh9eLE1HV6BbXRjv26JOK679bhdnVLfgiRZwg0v/i/BLMLK3Hy+HFGJWdBKc9zIgoGv6ytrQUcxYuxvlnn4FWETWefuEV1NTWwikJWhsaG3HGySca58dZF16GefMXwiYOlJ0HD8RF4hzZd9JEXHvLP/C3/fcTh0qEES/GihByzcXn4cXX3sTU+/6Jf955q4T2+PHDL3PwzKMPdIbR/OvxpzFuzCicfspJmLdgIW68/W6MGj4cjeJEOfbIwzB+93F45PGn8P1PM5AQH4/VRSU47aQTsGDhItz7rycwSpw3GiakDNlIgARIgARIgARIgARIgARIgARIgAS2TwIbiCV6G/qwn5qagn33moBmSciakZ62QbUa63Y1VKbN50FM+kBE7nMjbO1+/N0dhrKvVmG/vFTs2y8V0RKO89A+A6Qqjhu79kw066dEu/DAz4U4c3QOIp12eHyBCjwaGjNr9lysKlqLaS+8rLvBklVrjCjSv19fCYFJMgloNXfI4AHqMKlHm+y3X18N7QEyM3sgSRLUeiRcJyoq0lwrKioKB+6/r3m9/d4HeOHVN0QUGY1dRgyVhLXRxoFil/UKS0qw6y6jzDoa4pMYF2tEmsSEeKSnp5t+DfFZKKE3Gu4zatgQlJeXIVZCdK686Fw5T5HEQOIbCZAACZAACZAACZAACZAACZAACWzHBH5N8NrlJtrFEZKUkIDsrKyNCiXrTRHRxO6Khi0iHimSR2Sv3smYUVKLBo8PLocNmXGRyE2ORpQII+2SGPXHwmqMTo+TvhjjKFGhQYWS5uZmvPneh7j/lik4/aTjjYvkvhuvwrvTPzYCheYbqa9vMCLGVxIqlCX7U3FHk7hqmzt3Plo9XkRFR5m8JJqw9YsvvzbuDx2nrxgRT/qI6PH9z7OwrrJKnCNNUgWoHAP75uEHcY1oW7BoEerlWpq7RHOlVEleFG1ff/8jBvbvayrqNImQNGniBHmNN3lSrOSvZiDfSIAESIAESIAESIAESIAESIAESIAEtksC3TpLrDvR6jgSr2Kqvlh9m/wUV4nkSpVqOWGYIHlI5lc04O5vVuKUEdmYU1SNpZVNCBex5P1FpVhS04KrxvXuTO6qngyXy4mFi5dIMtUok//DqlKz54Q98MXX32GZJGMNlzEPPvoENOnqofvvjQHiNlku+UW++n6GbPV+k2vk8gvPhVau0bwkKmC0tLbgrgf/hXhxinhESLnq0guNE+WwA/aVHCh3wiGhP/vvNRHHTj4CD/zrcVx5/c0mWew1l12IKEk2q2u88uY7ePPd6Sa/ye5jx5q9auWgCy6/Wq7rwyTJbXLU4YeIS0V5bZIST5IACZAACZAACZAACZAACZAACZAACYQwgTAJJ9lmsSOlDa34ZFk5vpXcJKvK61Hf6sMu4jgZmixhMf3T0Tsp2lTAsfhoYlQNn9HPri4N7cuX/Cm33fUAHrzrNikX7DCVcLQKzgsvvwqv14fjjjkKHhFIYmNjO5O76to6Rt0jWukmLi7OlAvW0sR6jerqGpNYVnOQqAtF+2slP4pW5NF1dM45F/+fCCwXQBPFRnaULBaLCsJkfFV1tXHE6HytvqPOFbbuCShfrUakv6WyVSdRYWEh8vPzzW8UzM76W8jLy0Nubi5axHG0PL9AEg7Hm6S6OlbHBDerr7qmRkKjYkwumuDzPCYBEiABEiCB7YnAlv67tqXjtycW3CsJkAAJkMCOTcDr9Zr8pVqJ1vr3blNErDF1dXXmGV91gC15/mxoaMAmnSWbuvjmnOsZH4njxVWyTz83Pl9ailXiJjltl1xkaCnhcIdJ/hq8jt6QChvarJuzjjXxa6KEBe25x26Ii40zzg4tI6yjs3tmmfK/6gKxywO5ggx+kFaHiTpNokTo0DLB1nn91Ko22jThq750npYG1nEq3OgD/qTx46QaTpK5vuYqscbJgem35puF+EYCJEACJEACJEACJEACJEACJEACJLBdE9imYolPquRESEnhPMlVkj02Dz4RICKdDlNOWM91MQYYkCqSdG0qYKiwoSrS6SefYIQU/a7CiAohu43d1eRWVSFDxwYLJbqWflfXh7/DjWCd1091klhjrH6v9FnHqj6deuJx5prW+mZCx1vw/OB+HpMACZAACZAACZAACZAACZAACZAACWyfBLapWCJahKkP0+L1S3lfCa2Rl1vCZUSJ0P9121QrCQgmG4omXSd0CiuymK5vCRxdx1nfuzu/OX3WdTZnrHUtfpIACZAACZAACZAACZAACZAACZAACWyfBLapWGIhUSFDm8of3QkO5mTHm8MuoopTg2s2oqYED7aO2/zwiAjz2/KKNYGfJEACJEACJEACJEACJEACJEACJEACJNA9gT9ELOn+0uv3qqNEhZKK+mbMWroaDbV16w8I/hakitgkrKd3TiYGZ6ebSjvdRPEEz+QxCZAACZAACZAACZAACZAACZAACZAACWySgG2TZ//AkxrqoiV856xYg8d+WoIaqVpcJ2WIa+Vzg5f2t4ehTtwnq6Xizt2f/IK11fUittg7Qnj+wI3zUiRAAiRAAiRAAiRAAiRAAiRAAiRAAn8pAiHjLOkI0kFddS0OGZCF8w6eIF2iiljJTYItI9rXca6p1YPT/vUWGptbTd4SNZ1sQQDPX+rH5M2QAAmQAAmQAAmQAAmQAAmQAAmQAAn8fgIhJJZ03IyIIqqD6Ftzq9sIIHrGbpMErtpts8M9+yd4PnodNsltYjvqdDgiI+REUGyOTuho6ljRl+ZK+a18KdYcfpIACZAACZAACZAACZAACZAACZAACey4BEJPLLF+C1FGLIHD39aOdY0eeH1+xMZEIrK8BL5XH4Y9VgbvfRja7XIb3YglKpI4JbRHy//6/f7OMsHWJfhJAiRAAiRAAiRAAiRAAiRAAiRAAiRAAl0JhEzOkq4bU/Gjva0NDtnhWslLcv578zD83z/g+VmFkgnWgbBUEUgSenaE6XTvKlGhpKi4BF99+x2KS9Ya8cVymljX0+/arP6u34PHWWOCx1vnu+vb2FrW2OC5PCYBEiABEiABEiABEiABEiABEiABEggNAqErloTZYXdFwu4MR6uvDdOLa9GwphZrq5oCJhK/D/C3dktRRQqXy4kff/oZl193M777cQauuuFWLFi0GBEREbDZbEYc0U+nCC/aHPKpr3CXli2GcaSEh4ebY30z58WhYvXp9wg5r+4XSxRxyVzrvDXHJuFD2qfrBocBqZAT/L3zQjwgARIgARIgARIgARIgARIgARIgARL4UwmEXhiOGj1EgHDXFKKmohjRMXFo8yWjp5QILhabiV2Tu3a27h0lNhnj8XjxzMuv4eJzzsCeE/ZAWXm5CBbhWLeuEm0ipqQkJ6GhoRFNzc1ITEhAjZQq1pVr6+vRt09v40RpaGxE/755aBOHy7rKKrhkDxUyv29eH/leaY77ybEKH7rmyvxV8Hi9Zo5uUcdER0ejuLjAhAJlZWaIiBMQY0rLyiWkKBqRkZGdYkvnbfGABEiABEiABEiABEiABEiABEiABEjgTyMQcmJJQCtpR9msV7Hi82uQ1m8/eMbeLeE4slXJXdK9PLI+PxUuVMAYNmQQnn/ldcTFxmLwoAHGVTLtuRcRJQlhjztmMhYuXoLpn3yGKVdcgqtvuAW5vbJRWV2DtJQkU8Z47oLFOHi/vXDs5CNx6533Sn+yiCkNSIyPM6LH8pWrMHhAX1x+8QV48eVXsWr1GlSIqDJ29AiccsJxmPb8y1i9pgg9MtJRW1cn/SNxwrFHS2hQMa6/7S7cM/VGI6b4fD66TNb/CfmNBEiABEiABEiABEiABEiABEiABP40AiEnllgk/D6RRcTq0ebTkJk2qYpjnQn6DNt4FJG6QU467mjEx8XiJhE64mNj8OBdUyUkxgWfJHvVpmP0pQKMx+PBeWefjlapwHPEKWfji3dfRXnFOtx4+9049OC/oaW1FUcc8jfjKhl/0GS8/OQ/kZaagtP/fjHOOKVOzh2MqOgorFyZj5vuuBfHHHWEcavsMXYXnHrSCVgoIUBTbr0Tk488HN9LWNDo4UNlfqpcr5VCifk1+EYCJEACJEACJEACJEACJEACJEACoUEg5MQSE2Vj7CNa8jcASXOCBGQR7VB3iXwa8WTD7Wu35gJRESQ5KQmniVBx0nHH4M57H8QXX35t8oyok0Ob5jWxSyliXT9OxJToqCiTW2T0ToMQKblNEuPjkSQuEl0rSsJlYmJizJxROw00bhUdr+E8er60vAzTP/7MrBsfG23W1PX79e1r+gb072dcKB9+/AnmzFuAM089yYwxJ/lGAiRAAiRAAiRAAiRAAiRAAiRAAiQQMgQ2bs34s7YoOojmHHE4JcGr7MHh8EuuECfqHPotTBK+OszLJnqHDaWwSX9Yh6iiW9ZDFUvUKfLe9I8k90iJdsMvgoaG42jOkBWSW0Rb4Zpi4xhRgaXV7TZjdFyj5DFRAUTLDbtlHW26njpS2iQUqKm5xZzT87rXdVVVuPKGqTj2qMNx5KEHSS6UJjNHx3slh4mKMQ7Zp54749rbjCOlT+9cuOWaTPJqUPGNBEiABEiABEiABEiABEiABEiABEKGwIbWjD95a2F2GyqlVHDUiMPQL2NXuCKjgfhMvHFQCprdfZCZGIO2sATY//kdbDK2JrEH/L5iI6AEb90mlWvWFBXjnekfG0GjZ1YPjN99N1RWVeO1dz7AZVdfb9wkvXpmmuSsSZLkVYUPfaUkJRoRQ9dPSogXiSZMksDGwyFraktOkuvLORU6YsWREiuOkwm77YLX3nrXOE9ysrOMaqP9VtUbt4T3DB0yGBOGDsAE2YdW01EhhWJJ8K/GYxIgARIgARIgARIgARIgARIgARL48wmESc6MIF/Gn7chTcoaKWErPy0txAP/nQ2X+EbCpHywOj3CfG7EOsVVIjlK3D4/6vWcKcULcXm0YmTPFJyz92ikxUWL+0PGi1VEywKrm6NWqtx4vT4kJiaYm1NxoqWlRV6tiJcQGw3JsYsIosKFuk7UBbL+sU8EDxU2Ap86X10mlgiix1oa2CvrVIsQk2QJLXJ9XVtFGxVgtMzw7Hnz8dSzL+L+O24119Rr7UhNf5N6qTYUEJlizW+0du1aLF++3PAM5qFj9Hfo378/srKy0Cq/2fL8AiSIaKWJeHWsjgluVl91TY0RsPQ3YiMBEiABEiCB7ZXAlv67tqXjt1cu3DcJkAAJkMCOR0CfDbVabVJiYrfPgl2JWP8m1kmhFX0uj4uLM8/ghYWFyM/P73z2t+ZZz/l5eXnIzc2VaJEGhIyzRAUFj9zEkJwMTD1iPOobmw0Es3k5p7qCCbGRDhM71CE0hIkYkZ4Uh6ToyICw0vH8rGE0brffPDSreqIhMwpMW0REuCnZq336QK392qchNgopQvKV6PzAscv0R0hiWBV0AvMD54OPneIUycwUl4usqU3XtMoE61raysoqcPzkI8y1d/TErspWuWgeGHXZWH/MwZ/ar+cNPxnPRgIkQAIkQAIkQAIkQAIkQAIkQAJ/BIGQEUv0ZlWLCJdcJXnpybD1SNns+1c3iTpQujZ9INdzKrPosb60qSjS3h4o16sP51afOTDnf11Lx5rzHePMcdC1LCFE11G1y7qGjrPW1j7NfbL3XhMloay4Y5irRPEYESRW8sioc6SgoMCIJspKmar617t3bwlzijXfKZUYZHwjARIgARIgARIgARIgARIgARL4AwiElFii9+sXccLnl/AVeToOyBSbphB4iFYhpPtxgf4NTwaLGt3P3PLe31xTBBUVAX5z3JZferudocJIr169jAunoqLCCE7q9klLS0NGRoYRSrbbm+PGSYAESIAESIAESIAESIAESIAEtksCISWWqBMjXPKDqLTh9mqlme2S6SY3TaHkVzzBLDIzM5Gent4ZjqN5ZFRI0b+JMHHjsJEACZAACZAACZAACZAACZAACZDAH0UgZJ5CLaFkcWE55hdWwOmwbZaz5I8CxetsWwKa60XFExVJ9NPK/WIElc2xGG3b7XF1EiABEiABEiABEiABEiABEiCBHYhAyDhLNHlqmN2Bn5cWoU68JTv3zoBH3CXB9pK/oNFkB/pT2/StWi6T4Dwvm57BsyRAAiRAAiRAAiRAAiRAAiRAAiSwbQiEjFgiWUfMHUaKo8TTLsfyP4fE4ZiHaDkWLaWzGs22QcFVSYAESIAESIAESIAESIAESIAESIAESED0iFCDoKKIRl20+tpQ1yrJUM0GpQyv3YZIqZQTaFZcRuBsR+dGP9StYHJfSHiH5WDQfBi2PzgXhrWHrhv9X9wU5p5kIS25zEYCJEACJEACJEACJEACJEACJEACJLD1CIScWKJSSXuYDc/9lI9/zypCn8QoNMv9TspJwjljcuEUt0l7mCSBVbdJm4TpWE1Vli7CgSVCuKS6iq0jYaiW91WBITwy0pTwtaZv608VaXQfHrl+cNM9ulwuSWbqlzwdv5YsDh7T9Vhv1eFwmJeWIWYjARIgARIgARIgARIgARIgARIgARLYegRCJsFr8C2pZLCmvAG/1LZgSI84XD8hD0cN6WG0ED3na6mGt6lqPXEkzOEKXsI4SeziRtEytEUlJfj2hx+xMn8VHCKaNDY349vvfzBJRI1DQ9WHjtbddz3VXX/Xvu7GaZ9NBJ7mlhYsWb7CrKN92nS+JjTNX1WAqupaOZakttJnvQKjAuOs8XrO4bCjqqoav8yabcZabhk9Z7VNrWGN4ScJkAAJkAAJkAAJkAAJkAAJkAAJkMCGBEJOLNGgEn3ZRDi4b3we2iVUpkhEk5SYcESJAwMtVSid+QxKf5kGd12JlJW1i8PEJ90FHU4TcZ6IaKAhNl6fH48++TSuuO4W/Pfr73DrXffh6WdfEGGiGvc8/LihERERYcZaQoPL5UREeHhnuI46OHQt7XNKWWNLhFCRQ+c6O85baMPDXQiXsVbT8XZJXFtRsQ4Tjz4N8xYsNOe12os6SkrLyjDqsBOxeMkSEUGcgT3JfD1n7Sl4D3pd/b5q9Wo8+OiTZq258xdgxi8zzX40vEjFE93vhmuIo0b6/+jwI4sFP0mABEiABEiABEiABEiABEiABEhgeyAQgmE4AbGkTnKW7Jkei8zkGPzju3y4RfjYJScdNYX5SI9Mgd/bgop5ryJj5MmwOSJQ/N3DyN33JjgjnWj3aWiLE2+/MR0/zZyLxx+4G4mJCairrzeODP1hsntkoKa2FqsKVqNXdk9ESliOtsI1xaiXcf369TUulHWVVYiSc4VFRUhOSkR6WppxuNTVNSC/oABZmZmIiYk2oomKGEuXBdwj/fqK0CNCSVtbh9tDFKCclAT8+/mXMGTwIDNez7/17gdoWLyuU8Dw+XyYvzIfsTExZl/6vVL2oPvTPSQlJiJT9j5wQH/cfO2V5hoLFi6S67Rh5IjhZl2ds1RcLMFr6H1ER0ehuHgVemRkmD3rHDYSIAESIAESIAESIAESIAESIAESIIH1CYScWKLSgtpd9uyXhrS4CAxMjcXFu+TgqVlr8NqKShzauwdG7DIW3tZ6lM97C+VzX0Ni3p7wSTJYkxlW54v7oqWlFR/85zOcf9apSElJlu8tiImONmLD6sI1yC8swlPPvoiamlpxYbhw241T8PGnn0u4zk9G4MhIT8Ul55+Lp597AWXl65CemoIfZ87Bg3fcgvj4eNw49U4M6JeHRUuWoUd6Gq64+AK88sZbRpAJd4Vj5py5OOGYySbUR50yXo8Xe++xmxE3PpHrHHXEYZg5ew5WrCrALXecBxU4GpuaMOXm26HXXltajnG7jsbRRx2BJ599HuUVlWYPP/wyGw/fPRU+caY899KrOPn4Y/Dltz+KY8SFiMgo7L3nBNz/8KNITEgQ10rHGkcejmkvvITikrXG5XLFRechLi42sLcueV5kq2wkQAIkQAIkQAIkQAIkQAIkQAIksEMTCDmxRH0l6sY4cudstLa64RFHybAe8Th3dC8sLqvH/gMzJNymDY6IBPQYeRzWLZqOysXvw9tcIyE5mvNDxBJRJ1R88Hg9iI+LM6KA/soa+qIJXtVRESdukAvPOUMEhkicfPYFEtZSiEkTx2PvSRNRW1uHi6+cglPr6tDU1Iz99pqIww7+Gx7812MSLrNUXCqJxmWiAskjTzwlbpNUrKusxD1PvYBXH73PCCJn/991mDRhvLg40o2Goy4SzTVyygnH4Lpb7sD4Pcbh5dffwglHH4Uly5aZEJwvv/5W1krBlCsvR4kIG6edfynG7TbWJKLdd9IEHH7IQXjokccxe+48jBIXSZmE9gweOAB7iggTFRWJE449Gs+/9ApSk5Nw9RWXdq6xu6zR1NiE3XYZhZOOPxYej8fwsXKd7ND/F8CbJwESIAESIAESIAESIAESIAESIIEuBEIuZ0nn/lT1sJocD8uIx/EjspEQLvqOVMupWzMDxT8+jeZ1K1C1ZBq8jcukWz0ckiBVxBbN1xEdFY2S0lKTRFWFAU32qi9tcbExEpYSbUJt1Bni8/okRKcKDz/2JF587Q3j1PCIGyRc1lGXhraszAzUNzRgpyGDJISnDi+8/Jq4TiqhYkRRcQn2HTtSRIlGVEtOlH/edh0iJaeJFeqiQo6GAfXt0weHHLAPjjrlHON0GTd2DBoaGs248vIK7DR4oLlWsggevbJ6iKOkQoSQKBNGpCdUfNG9qviiOVS06b1ppR1tJaVlGDJowzX0XvPk2pqvROeykQAJkAAJkAAJkAAJkAAJkAAJkAAJdE8gJMUSkTtkt1oVRivBBF5+cYP4pLRum3Tof/bwOITH90Jk2jBkT3oMvfe/W8QSEQ9kvI7VRKYnHn0Ebr77IeMG0dsvlqo4H33yqXFq+MSxok4TFQ7UyaLVaq679Q4csO/eOOW4Y+R7qyGmSWK9vkC5XxVPdLyW+K2orEarlO09/JADTQ6QdBFcdM6YMaNx0IH7YUD//p15QYyDo2OeOl4OPnB/ZGWk4qjDDjbiha6jiVtzc3rhw0++EPeLD2uKilFYvBbZWZnG3aL71aaukAADPfYaoaS9vU1EnEZzvm+fXHz8+ZfrrdFT15AKQOqqYSMBEiABEiABEiABEiABEiABEiABEtg0gRAMwwEc4n5Q94hDKuIYs4ipj6MCiraAeyQhcwgSe+4U6JJ30QtEDHDrkREg3CJATBy/O66SPCA333Ev0lKSJCdIMw792wEIjwhHQnysERo0W2tsbLRUkgnHhHG74r3pH8u5ePTtnWPOx0q4jssZKEuseUHUwaHOkUzJK6LVcKZ//Cneff9DXH/N/+HQA/fFJVddh3hxrfRIT8cF555pKteowKJ5VJIkyawKNHESGvTMow+ZfarzRK+nQobu9+eZs3H1DbcYceOqi88zCWW14o46XLTpNXWOXRglieNF1xu+8zDccuf9qBdXyykSZrNa8rFcdcPNaG5uQfAaLtk/GwmQAAmQAAmQAAmQAAmQAAmQAAmQwKYJhLW2tloqxKZHbuOz6u6IjIzAy5/MQEGzD+fuO0KcG56AoNHNtdcLJZE7sIuqkhgVodpHZ7NCbzRxarMIJZrXI1aEDLesqw4NDdXRpsdWeI7mHtE8J9Z3FSM0dEUr3eg4DYl5ctpzxp1y4d/PFnFjFu7952N47omHTVhPdXWNyQeSkBgvsk6gjLFeQwUOTcpqhcvo3qx7ULeJNnXDaF9NTY3sLdyECnnlnAopNimRrDlPLHeIftd5WvVH99cg4UFhIjDp/W10DRFsVGT5s5ruUysN6b2rYGSFKP32fsLgF3fPspWrkJAQj9xe2eYejWMnaLLet/ZVCz+tBGT9hkFDeEgCJEACJEAC2w2BLf13bUvHbzcguFESIAESIIEdnoA+BzeIOUCrw1r/3m0KijWmTvKQ6nOzPn9qNEdhYSHy8/ONFqBjrKbPkfq8n5eXh9zcXPN8HWLOknbERUfg8a/mYHlJpZQL/u3StqqNeOUmsxJjMfXo3REueTysm9ZPdZhEiAih+UP0uyaNVRCWQ0PhBB9n9uhhHuJ1rL4UqDY91odv/TxEwmje+eBD3PKPu01VmX/cNMWsIcKTVMqJM94XFUY0XMhqKhSEy1o6X5v1qcfWQ73+iLq3pKQkc94jfxD63RJ1rD1Y87WKj4bkqOgQFxtrrrY5a+h8NhIgARIgARIgARIgARIgARIgARIgge4JhIxYYhNniEccH3uN7I8FQ/vIbn8VGrrfelCvDhVRwSnOi2ARQkeo2KBigvbrsb60Bbsago9VsbLG6Liu6+n5DEmyet7ZZ5g8JyrEqKCiKpQKIipWaAtew3TIW9e1uvZbcyzBw/oePC/4WIUSq6k4o+OtOZtaw5rDTxIgARIgARIgARIgARIgARIgARIggQ0JhIxYolvTR38NNbGqvFjbVYFA/9OwFksMsM4FfwaLHsH9erypecFjf2ucnrdCYSIkjEevqaE61jzrM3jNLT3+X9boOqfr9y3dA8eTAAmQAAmQAAmQAAmQAAmQAAmQwI5KIKTEEv0RVBgJiB7qAAm4QdQxoglS/eLa0Oo0gRZwiGjMS8dRR/+2/7CECMvZYX3f9lfmFUiABEiABEiABEiABEiABEiABEiABLY1gZATS/SGVXxQASRMwlok7ysWrSnH6rUVGJibhd7pktBFOk0+EDn3ayDKtkbF9UmABEiABEiABEiABEiABEiABEiABHYEAiEnlqj4oWJJg+QvKSirxs8rivD58mLUeKXk7s/LMHlEXwzNyUC6lP6Nj5J8ITJWU3fIBxsJkAAJkAAJkAAJkAAJkAAJkAAJkAAJ/G4CISOWmNLBES58M3cZHv1spqlqUy3FcDLjo3HmuCEY3CsDS9eU4bv8tfh+RQl8La3iPmnHpYeOxxART9xuLxWT3/3nwAVIgARIgARIgARIgARIgARIgARIgARCRiwxATVhNhSXVCDa5cQ5+48xDpP0xDgkxUUb98iYQXnIykjFurpGNLd6cNPb32CZlBjO7ZEmSVbbEC65TaymDhXNfxJsODGulY5+rVyzLZtVtaZrPpON9f/WXv7Xeb+1Ls+TAAmQAAmQAAmQAAmQAAmQAAmQAAmsTyCExJKOjYm6sfvAbOw6SMoHt/nR6PbhjQXFmL5inVSh8SPWaUeEiCIOuw2u9Fw8OK8S76+dh10z43DqyF7Sr6WC201VHYfDaRY1oklHnI7f75NSvw5T6tcSINZHsnW+uZxOybfSbkoJW4KJXk/LDOvLqqizuVfTEsVadccrSW6t9TZ3LseRAAmQAAmQAAmQAAmQAAmQAAmQAAlsPoHQE0tk7y0erwgefvi8PlQ2teI/q6pwxrAs9EmKgk9L9RrbCBC+ex+oP6SgpglPzijACUOz4LQ7RYywobqmFqtXr5EqOjYpRew0ooVfKun06JGBoqJiDN1pMFxS+tcSUroKJypIWH3B4kR3fYrbWkeP1bVSULgGkZGRSEtNMdfWfhVJGhobUVGxDr1zc7Rrk9fQ83ptfc2ZtwApKUnIzMiAT0ST4Ot1tyerz1pDP9lIgARIgARIgARIgARIgARIgARIgAR+m8C2jUX57et3O0Jr4dhEILDbwkx4TbO4S4ZnxWNQZgKG9kyC02GDXV6DkiMxIDVaziUiXMJwVCDQ/1SUWFdZhbenf4R3p3+MC6+6Hq++9S7ekeOC1avx1LMviLPDh3Bxa+hYnecQt4oeq4DicDhMn57XlzYdo6KFftcxWt5Yj3+eOQvzFixCRESE6dNxKpa88c57mHrXfcYNovMC13Dg5dfexPVT74Jf5mtzOh1mrs6x5uo+VODR9a250158BUuXrZD7duCl194w6zo69q5j9fobruEwezUX4hsJkAAJkAAJkAAJkAAJkAAJkAAJkMBmEQhJZ8n6O9c0rhBHSTtaPR60yX//XV4Bt3xPK6hGeI8eaEvLNCEvOk/FBY84U/r26Y2pN1yL5uYWrC68EhedexZ6ZfdEbW0dosTx0dzSgrWLy9AjPR2JiQmoFHFFRZCq6mpzPj09DUuWLpcV29G3b55xsGgYzOKlyyTUx44+vXNNKM1Pv8xCdlYWhgwaKGJFwAWiQkp8XCwee+hpHHPkYZg4fncjpKxYmY+Hpr2E/cfvKuWP2+AUMWTt2lJUyjX75OYiNiYaNXV1pjRyq7sVlVXV6CfX1pCeyy/8O+JiY1FeXoEvvvoWe00YL06TZERFRWFtqawhY9dbQ0Qbt9uNpqZm5PTKNkKM8mEjARIgARIgARIgARIgARIgARIgARLYNIHQFEuCs7KKWOFvb4NLwmuK60qQX1MAp62XSCbtqPjiSyRPnABbVo4RGKxbFb3EiAPq1FCxI/hTxZTK6ho8Me05I6pUrFuHRx64G7PmzMVTz7+MVBEgTj52Mj7+7HMRIcoQKY6NtDnzcNzRR+KRJ55Go4gvy1bk4/QTj0EPCYmZ/tmX2GlAX+NKOeRv+1tbkNAbP26/50a8+d4HGDZ0CBITEsQR8ibOOeEo1NbVm/GffP4F3nz3Qwzsn4dlK1fhdhF3yioqcPMd92KXETubvp0G9sflF5+Pl19/E2N3GS1iTg3Wlq/D08+/hONlT2Xl5Xjh1TcxRMaZNW6UNcrKce/Dj5m9T9h9LHJzhJeIM3rvbCRAAiRAAiRAAiRAAiRAAiRAAiRAApsmEHphOCJw+H3t4hT5deOao8Rhc2BtTSk+X/mVEUraZUC7ODlEAfh1YDdH1jJGNzHnNUwmDGeecgKm3jgFbnGhLF+x0vRlpKXg8QfvEYeJEw88+Tz2mbQnxo0dg3sen4bSsjKcfsqJmPJ/l+LsU0+QsJ730K9fX+y1x1gccuD+OFocJAFRJpCzpF5yk+y5xzgMHtAfn//3K8ydv8A4SA496AC0trpRJ4LJtBdexbVXXIwrL70IwwYPwHsSNqR3ow6XS84/F3fdej2+m/EL6usbTDiS5l/Zb59J4oZJxVWXXYRMyb/y8BPTcP2Vl3Wu8e4HH0meFruILpW45bqrcOxRR1Ao6ebvgl0kQAIkQAIkQAIkQAIkQAIkQAIksDECIeQsCYge0RK+8u3ytSivbUCPhBgRIEQPMbtvR1R4JLLiMpAQGQ6PiCVRyclwaq4QGdTVNWF917l6bGkqKmjESLiLOj00EWzvnGwTTuOTKjO77TLKjNVQl91HDpUQlkYjbDx46xRER0Vj8ZJl+Pq7H9DS2mpCdTSURvOEOCWPSNem19U1j518BM668Aoz546brjVhM+p20XCbuNgYcaekm6mDBw7Etz/OkHFu9MrKNIJNTHQ0UpOT4PF6TU4VzeWi92KXa4aLoKKukji5FxVNtFlraOjR8KGDkSJ8LAHHDOAbCZAACZAACZAACZAACZAACZAACZDAbxIIGWeJihl+nxc7D8g1bpGnvpiJ6sYWyddhN9+rRADISemDvw08COP6pGBCXipSDjgA0ZLTo665FWFmXPf3q2LDr84SSC4PT2dFmVbJ66FNRQW35ETRli25TTTcZoyEvRy4/74SRrMTSiS3yE133o9zzjgF++21J2rr6xEmooXmMWlsauqseGMWkDe9XnNLK5KTknD0YQdhzIihGLHzMLRIrpRWuX6ahPtUScWeBYsWmyk/zvhZ8qzkSlJXFxpkPd2Phs7o/gLCi19EoUAoTZPsrb6hAfHx8agWh8r8hYs2WKNRcpWoWKPCDBsJkAAJkAAJkAAJkAAJkAAJkAAJkMDmE9jQErH5c7fqSHVM+KSiTWZiLC7ceyT+/c08XPfqZ5g8bhjGSSWc279aikQpIKPuilaUGzHCK86QsLZyVHv9yEuNNe6L7pwUyYmJJszGbFiuk5QYb6rt6Pd4SZpqVZ+JlmSp2gYPHICD9tsbl0oVnZjoKORKgtTJRxyK0TsPwXMvvWrGZIv7Qyv2aKjNnQ8+KqWKa3DCMZPNOd1DdFQkIkT40HbEoQfJ+0EmqateKyoyAtHRMbhWQmk098hb738Il7hTDj3oQKxaVSCul3gzT5kky7F+qhvGFmYTJ0kMRgzbCedddjVuuOoy3CahNg8//u8N1xAhRecpMQomBiffSIAESIAESIAESIAESIAESIAESGCzCIS1traGnPVAw0xKJQznmS9nY8aaCuw5KBcuCcF5/LuFiJVzl+83GlkaoiPOC1EERCSxSciOhKPERXR70x5xjGh53YB4AEns6jEVZnSuV1wnKmCowKEvLRusGoPd7pC8InWmxHCCCBba3ySOD80fkiyhMer6CIwNMy4PrVgTER6h6WTNHnRdDdHRtYObXsMrjg8dr3tqbGwybhO9ho7Vvenaek6btXd1iZiQHyk1rGWP1c0SI4JLRES4rNEoa7RiY2sEX//PPNb916sjRwDHxcWZ+9y8/UgJaXEdaQJbvUcVr5Sj9Xtaa1h9KlzFiqhkMbTO85MESIAESIAEticCW/rv2paO355YcK8kQAIkQAI7NgF9vm6Q594kMUJY/95tiog1Rp/p9Vlanz/1ebuwsBD5+fkmT6iOsZo+W+qzd15eHnJzc9EgkRwh4yyxNqmfPgltUYfJ+fvvijH5xfhifr6Uxq3FacOycMjoQeibkSRig2xdb05uSj/94krR8sLdtQjNa6LCSkcL/q7JVIObAtNl9cdQoNo01Ea/RxpHSLT5HiywJIiLQ+cFX8NaN/gH0LX0R4iQa2qeFf0xzJriQtF71h9RBRht1jxrr9Z6bXKPOkb/SPR6gTUixckStdE1zIJ8IwESIAESIAESIAESIAESIAESIAES2CwCISmWqKDgldK78ZLIdZ+hfbF7/14iJPhN0tMIl8OE67S4vevdYCD56XpdnV+CRQztDP5uiRKdgzsOdA+BnB8BgUO/q1Dh93s3cDToOD0f3Da2ro5RoURbYM02KY0ccEno967zrL0G9+uxdc3NWcNcjG8kQAIkQAIkQAIkQAIkQAIkQAIkQAKbRSAkxRLduYoAPnWDiDDglOStLhFJNOzGLSEomitEX9u66R66ts3t6zpvU9+7W3NT4/Vc1zldv//WfJ4nARIgARIgARIgARIgARIgARIgARLonkDIiiW6XafkDXHIy+QotXQLv4TIiLtDK8OwkQAJkAAJkAAJkAAJkAAJkAAJkAAJkMDWJhCyYolWfilvqsTKdfmSaLUWHp8HYVL9pkdSD/RP64v48FgJX5FSulubCNcjARIgARIgARIgARIgARIgARIgARLYoQmEpFiiQsncsoV4Zu5reKzgJcmwWoyz+1yB3PhsfFj6NXJWZ+L4oUeiT0I2fO1+EUwomezQf8W8eRIgARIgARIgARIgARIgARIgARLYigRCTixRoWSOCCUvLnobPWN74JHRt6BfSh5G9xqOotoSXPzxdXhmxXTUuRtwwZjTkRPfU3KbSIJVCiZb8c+CS5EACZAACZAACZAACZAACZAACZDAjksgZMQSrfCi+UkqJPTm9SXvY2TqEBw26ECTm6SgphAfLfkMX676Dl9XLUUuYvDAkpfQLzEXxw87EpGOCFNFJjjJqdab0TWDPSfap9+132azbdNfXa+hLXhP+n1j/XqOjQRIgARIgARIgARIgARIgARIgARI4M8nsG0Vgy24v3YExJJl5SvgbvNiYu44JEbEobS+HK8uehfTV/0Xn639CX0csYiLjEN2ezTeWvERKporEB4eDrstWBaBCC82REZEIEJeel4/9bvT6UBkZOQGIsYWbHWzhrqcTjgcUsGnQzTRSXpst2tlH9dmrcFBJEACJEACJEACJEACJEACJEACJEACfzyBkHGWmFsX6aayrhI5URnoEZeG+WVL8OCMJ9HgbcJuPUcjAg58VzoTOTEjEWOvxRdVMzFrZQGc3mQ4nEBqbLSIIDCukeqaWqxevQY2EU2cIlz4fD74fX706JGBoqJiDN1psBEtVMBQ90ewqKF7Ce4LdodY44L7dLy1jh6ra6WgcI0RZdJSU8y1tV+FkobGRlRUrEPv3Bzt6ryutZ61zsauYybxjQRIgARIgARIgARIgARIgARIgARIYJsRCB2xJBC1IoKGDwnOeIRLaM0Hyz/BM6veQj9HFlZXF4oI4UJvVz/0tPXG3wYMxOT2/fHd4kp8Ou9bcaHYccvRk+ASN4eKEusqq/D29I/EYWLH1z/+jLGjhpswnwP3nYRnXngF991xG2JjY+H1euH3+8UFYhfhIiBotLW1GYFDHSnaPB6PETVUBFFXiAoZbrfbiCHffv+DOFciMGb0SLS0tBiRRce98c57WFNUggfummr6dE11mrz82pv46vuf8PyT/4JTrukQlUevq/vQpmN0bLhcxyf7UpHHElLMAL6RAAmQAAmQAAmQAAmQAAmQAAmQAAlsUwKhI5Z0RNE4nS7UNFWg2duM/kl5GJs4HGtqirGieQ6O6nk4jhpwBrJiUjE6TyrhtPkxL2Mtyuqa8fJnPxvniE1EBhU3+vbpjak3XIvm5hasLrwSF517Fnpl90RtbR2iJAynWYSNtf/P3nUAVlVk7S+k90BCEkpIIPReFKmC2Ovae1nrupa1re6u3bWuZdVVd+276rrW9V97Q+zSQXpNSOgQSO8F/u+b9254PEIEBA14Rh/v3rkzZ2a+mZt3z3fPOTN/LdqlpaF16yRsILkiImRjYaG7npaWigULFxP8zejaNRvyVxKpMn/hIkfAdOmc5QiOSVOnI6NDB/Tp1ZNkDsPM0kpFZEdiQjz+8eizOPXEX2HM6JEub8nSHDz6/Ms4fNQBMilh3mbMX0B5dA3qkpXl5IvkiYuLxcJFS9A2NQWpKSmuHSNM9uh9YMINAUPAEDAEDAFDwBAwBAwBQ8AQMAQMgUYEWg5Zoi41AO3btMc7qz/Hso3LcUzPw5w1yAOT/oHVa75H96QO6NK6HV74eq4jGsqravHpvDycNLQnUuMZ5JXkg0t+txqfKwujoch0g6SHvkU6bCgswlPPv0BSpQ7rCwrwxMP3Y/rM7/HMi/9B25RknHPayfjw0/Fsc62Lc5I6cxZOP+VEPPHUsygn+bJoSQ7OP+tUtEtPx3uffo6+Pbo6a5Zjjzrc1z7/rafLz90P3Io3334X/fv1QeukJLxMq5KLzzwJ5WXl7vrT7ENJaRmWLsvDqScch8MOPgh33/9XJCe3dsTNjNnzcM+tf0S37GxHABlh0givHRgChoAhYAgYAoaAIWAIGAKGgCFgCBgCewyBFhPgVURAXUMduqdmo0dCFj5aOgEVtZU4uMtoHNllLLAJKKuoQ++MVIzrmYH7PpyMv3/5PU4Z2gtd0tqgpLqORMi2OPnpE+fq4ruqnXBCcOG5Z+KuW7F/vhQAAEAASURBVG9EDQmTxUuWurx0WnI8+cgDJCrC8fDTL+KQg8ZixLCheODJ57Fm7Vqcf+5ZuPH3V+Pi887Eq/99G926dcW4UcNw7JGH4xRakPhIGV/MklLGJhk7agR69+iO8RO+wPez55CkKcTxRx+J4tJS19ezTj8FN95wLc4/+3S8++GnqKUrTnFZGQ4ZOwY3XX8tDj1wJMZ/9gX71mKmaVuALccQMAQMAUPAEDAEDAFDwBAwBAwBQ8AQ2McQaDGWJXRgcdsEJ0TG45Q+x+GlOW/iscnP4Yjsg3Bw19HIX3cTasrbkGRoxZ1vWjnyg4eNri/B8+JZYYg/0bFHpIjQkJuLLD1CGfy1c2aGc3NRbJDh+w9xZdetW4+Rg/uhoqIc1dU1eOTPNyI2Jta5zHz5zXeoqq52rjqb6W4jIiOccUaCk9qVzNNOPgEXXXGdq3PvbX9CTEwM453UOksUudp8/d0kVNAlKCYmysVrSYiLQzpdgJQ6d87E5KkznHuONx53wf4xBAwBQ8AQMAQMAUPAEDAEDAFDwBAwBAyBPYZAizNZaNjcgM5JGfh1f7q5xLbFfxb8D2/MfReLSnNR36oSX8/Pw2cL8nHdYfvjwpH98NrkeZiWs5pbAzPwqh+mYAMTWWw4Txz/dZEVCp4q4qSagVqVdFzDWCdKGYxtInebofvvhyMPP5RuNH2xavUa3HbfX3HJBefisHFjfdYhJEoUx6S8osIRI66y/x+1V1lVjeQ2bXDKr47G0EH9MGhAf1RUViAhPg4LFy/BnQ/+DReffw7ljXHuOCJeFEtlw8aNTso3301m7JUsR6woDoolQ8AQMAQMAUPAEDAEDAFDwBAwBAwBQ8AQ2PMIbGsSsefbbLYFWZjUkzDplNQRZww4kcFdV6GosghHdKrFpCUb8PLEuThvVH+M6ZXFAK+b0UBW4tmvZmFstwzuShNJ0mNbUiG5dWtngeIapolJm9aJaOU3NUnkjjjaPUfbC8fS6kOpd88eOPqwg3H1DTcjLjYGWZ0ycDJjiuw3oA9eePlVVyajQ3snQ6429z3ydxQWFeHMU09210S8xMZEIyoywp2fcNzR/D6aMVW4Iw7bioqKYmyUFAzu14vyXnN9zuzYwQWBjWXw2f+88X9483/v0XolCocferAFeHUo2j+GgCFgCBgChoAhYAgYAoaAIWAIGAKGwE+DQEh1dbVnkPHTtLiDrTAcK8kIuri0CkMILS5kNpK7vhCvTZxF8qQaY3pmopZBVD+bvww90pJxwtDeSE2MdRYiwU1odxyRIZ4ri84jeC7fHG3ZK7JEBIc+2rpXPEpoaBhKSkp4nVsZJyW6/ApakJQyIGtychtHbPjKhqCUcUYkL4pbCKvfSpIrSxHJDkxqQ9ei/TvylJaUOnkqI7ed31x1PW64+nJkkqCJJqmiNvaV7YOFR6mL1xKChIQEh2EgNts/DqGLUh0WLc11cyHySjh68+nV8/JEXMXTnUlzbskQMAQMAUPAENhbEdjZ37WdLb+34mL9NgQMAUPAEPjlISAduoxxQdvQEML7vWsOBa+MdHrp09I/pZvn5+cjJyfHbaiiMl6SbimeIJubq2RlZaGMOn6Lsyxp7KyLYULXmPraRgIiIyUOZ48egLenLcQz46eToAjFqcP7YFzfbMTTDWdTwGA9OfqWJUegG0vgubYLDkwCTGI0GQJUSa42PoIjCrGxse48kGBJSkx0ExbYhic3cAIkS5Og9jVhUbSEiW2X7o5FJKjsQaNHONcdxVQhkbXPECUa+0+Ztiz7n7JVa8sQMAQMAUPAENgDCGzn+WYPtGQiDQFDwBAwBAwBQ8CPQIslS9Q/F3uE5IL+U2qg2016YhwuGjcE5zBeiSMe6Oqiq7rGok2mQBJDBQLPg8kMT4Bki9BQ0rE+m+T2wx17dByYmrL82J5c1VP7kqEyImF8sjc5puu8s053+SJKgtsJbNOOm0fAc7NqvpRdNQQMAUPAEDAEWi4C3nOAe2Zoud20nhkChoAhYAgYAvskAi2aLAlG3JEiJBgUlVbxPOSbIwJDUUqC+Ivgqrt07j2kBFbe0bzAOs0dB8vzSJbg/OZk2LUgBLhGRDZFRDQdwyaotJ0aAoaAIWAIGAItEgFZSWoHwDq+vNn6NU2L7K51yhAwBAwBQ8AQ2KcQ2KvIEiGvhwUXwrXBF8hVJIk9QOxTa/JHD0aEU0FhkYtZ4pFPP1qoCTAEDAFDwBAwBH4GBGRdW1dX41x0f4bmrUlDwBAwBAwBQ+AXi0CLJ0uaIkJcnv+Cxab4xa7d7Q5cAYHbMxZMJAO8brs30pZqIlKC14+W1V5h1cO+b5UCb4qtLtiJIWAIGAKGwN6LgKxpQ7CRgcvlwhscNH7vHZf13BAwBAwBQ8AQaPkItFiyRAqr1EHnYhOEo/L9XIm7omOzIAgC6Zd8SiJBcWS8oLlNQaGYJtrGOTiJPpG5c0tOIoPcDlEBnXTEz6YG3QgBuXZoCBgChoAhsLcjoN+ywFhre/t4rP+GgCFgCBgChsDegkCLJEtElLw7bQHGz1iEMCp/1Qqs6lcC9YZFim79ZgZJJcrh4WEY278rDh/YDXEM9qpygUTK3jIR1s/di4DWUFMWIqISwvjgWVZdg8WrVmN9YQlqampd2bjYaGSlpyAztbVbYy2SgOO4GiorUcctrDfV1DiSMISkT1hMNMK5e1OItks2wmT3LiaTZggYAobAz4SAfoea+i37mbpjzRoChoAhYAgYAr8oBFocWSIiZGbeGny+aCViYqLwfd46XHXEUG4NTCWQSSRJ3aZ6RIdG8mwzymvr8dr0xchMScQB3TqhQVYBlKHkKbuBDxpN5bnCe+gfb+ebwD4ENrW9B6Fd7afa01soS00joKWxdO0GvDdjMTZW1aBjQiziI+muQ9xyVm3E+MUrMbBjCg4b2B2JDCLszUPT0prPbW5ut7cempO4mX2sWb8edcUlCAkLQysSI5Kzub4ONRsq+dmIqPQ0R5o0J8euGQKGgCFgCBgChoAhYAgYAoaAIWAINI9AiyNLRHR8OS/XKayjemXhn1/PQru2bbB/tww3ki9zv8KCtXNxVp9TkRyTIr4EyzaW4LslVHI7t0eolEeWlKIqqxO9ZA/c2jecCqau1Tc0/CQWKNHR0Y7AcZHspakHpciICOf24ZEquuz6TmVYWHjbFwdVa/JUirPa03bEDQyA20RzTdb7pWQKnwUr1+Pf381B73bJOH7/XkhvnYAYrROCUFxRhSVrNuD975egrGouTh3Rz1kr6drOJrWlHQwaSHAEpu3lB5Zp6lhESdXKlbQqqUJkaluEJcSjFXf7kbzNXMsNVVWo2ViIqhWrgA5c+0mJTYnZKk/3xg+tESdfBZtJOyKnmep2yRAwBAwBQ8AQMAQMAUPAEDAEDIEWh0CLMkEQldBAl5u8tYXo2jYRmW2TkBoXg09mz0VOQR5mrJiNNxd8honrluK1We9hyfplWFuyDn0y2mNVUblvaz0pj9Tewkg2rFqzFhsLC92uKJuYJ4uL5StWYiOVSsWrUDnvEzgzylPyvps69tTH4PreuVd38tRpWM1+iKQRIeLlezIXLFqMKiq6Ctommboezr6vXrcOK1auYn6rxj4G19W595FSK5Jk0pRpKK+o8NfbdgzNyVCf9sWkMYcRx9WFpXhl4lwMyEjFicP6oEtqG0S0CkE53XCqa+uQGBOJoV0zcM6oAVhTWomPZi52c9IUJoE4Bl/XXNTW1qK4pGSrS9vL36pQUyeUV712HRoqKhHdsQMiUlJoVRLBgD5cT/74KqExMYjp0B4RbVqjas0a1LNsMBPirRV9+2K2/PDtrzWlddtc0hq1ZAgYAoaAIWAIGAKGgCFgCBgChsC+hECL0XKov7m35BWMw1DNk0i+7Y/iJy02Cu/mTMNd3z6Aa768Cz1iW+OCzGGYtGYGLh9/E56a/i/klS7AhuJC0EOHQnwEgciS7yZOxh9vvdMprnrL34qExBv/ewczZs1yZIomMioq0hEZZB0cmfL2ex+itKwMsviQDC+JwPDesitf8qR0RrBcVKT/DT/PRXqIlIkgOSKC5LmXXsHS3GUuX/X0ccoqlfQGWgRc+Ydb8Nbb77mysh5Q3Roq2jfc/Gd8PH4C67EP/nYi2Y6S6ovsUVtqX22pXnl5BR5+4ikUFRWjpKQU77z/oZNLXdvV0Zi2khG2RYbXL2+8+9K35q2eljYTl6yga00kjhrcg9Yk4agmESCC6q1Jc7Fk9QY3v1UkTbLTk3H0gK6YuaIAS9ZudPmBeKjOY0/8A/97+91G0k3XNS+aU8VEWZqTi789/vdGoqGpfPXrh5ICuSpGST2Jl8jUVITFx5NRZCBXERhszyV965zyItNSaXESjjpunSyLE5XQWi3kmliwaIlbi0tzlvE7DxtYJrAPW8T55bJu/vKVbi05Ms8r4GvV/buJ5KbWmr69JByUvG8v374NAUPAEDAEDAFDwBAwBAwBQ8AQ2FsQaDFkiQCT7ijLEk/tkqLYqtVmDErOxrkDz8MxmePQp2QVOi77Giem9cXJPY5Hp9Zd8O6Sj7GxQkrt1sOJoUvKv556HC+98rqP+KASJ8XRa0BvzWfOmoOVq1YhnESCLAE+mfAF1q8vcMrlGlp3eMrkWubJWkCkgqxVVFbEQ17+csyZN99ZtYi4UH4FldtVfLu/gm4T6am0AlCbTGvXrUfBhg1+BdunTHZqn46//+tlLMvLd8SGiI+vv5uIV//1NGIZtFNJJI+U7wULF7lzkTBFjFshciR3WR6W5C5zimliYgL+fPMf0JEWBvMWLMTUGd87Kxq55KjfS4JkFBYWo4IWCGp7HWNh7IuEidaSrChq6uoxjy44I3t0YowSWmUwRRHHcGKbQ0smWZYwJKwj6aTkd6WbThfGwZmVt6ZxDYgQUPlly5bhm+8m4YOPPnHbOXq4aW1FcQ0oiZiqZhBZyQrOr6qudmV+8B/W1U2hYK4K3BqWGO92wVG8kiY/ul94LTI5BfWVFS4ArNavPlq7rUjQderY0a2PBLrxrGSAW61JrU/XT1qI6FhEnLfuN5GB9N2RPjJRY1EZT+5mXl9Nq5cwEm/eOhceTo76ybYtGQKGgCFgCBgChoAhYAgYAoaAIbC3IbDFdOLn7rmzfqCSSQUrnAqWLAHq6xtQUbcJ7UmY9Odb8u7x7VG0fj5aRSaib2UREtP7ISIqHj2GD8ZLX8+lwsc37tgyJLmjPPnM8/h+zjx8+Ml4HH3EYXRVqScxEo4yWo/ccd8D6JKZiTVU9o489GCUMG/h0mV45c3/w4Ejh+HdDz/Fn667Cgl8m3/6hZfhL7f9ESOGHYD7H34cZ5xyAr7+diLGf/E1OrRLJwmyEXffdiPmkjj558uvQUTN8UcfQWWxFeLj4rBkaQ5uuO0u/PXu233bvnI8sjZIZ/yJQf374d+vvo5b/ng91hcU4L0PP8Ed99xPBbfOzcrjTz4LETeyYJESetuNN2DKtOn4xz//jYNGDcPn30zE5Reeh7EHjsKjTzyJ6353GT4l6SMS5SXKPf3kE/H2e+8jN285oqOiGmVMnT4Dz7OvKXTdOPeMU9ChfXvnyrNPKbg+tgSbuJ7KK6oZCDiJ4w9BQWkFVm0oJr4hKCyrxOLVBYhhoNcQXsuie04SiarM5AQsWFXAOfTdHN73Z8T2zNNPwdq1azFlylQcdfhhjhSoplXUp7QGKi4pZpyaBpJpEQ5r5X/y6XhHpClfc7CjVhdqWrveKJirYpTUldKKg8SH5sgjFX298/0bFhtL65M4bCYBuIkuOorh4xK/wsLCGTQ52lm7JMTFuvWUQ6KsNeObRDOYraxPimkl0oprNrVtisvzZGsXqmLeH0XFxIwNpyS3cbLWrF3PdVxPYnA15SQglu2LgKkkYSjyMFXxVUi+7Oh4vfbs2xAwBAwBQ8AQMAQMAUPAEDAEDIGfE4EtzMLP2Qu27ZRCvkmXwtqGu+BsZLDNIiq3+QXr0LpiNgpmfYvydd+h/fDbEZveG6snPYk1396LyIRMLKzsiaToLOeWEqhB6m16BmM8HH3k4Rhz/Jno07sniY84Z8Hx1TffIX/Falx4ztmYNWcuHvnHs3jy0fvRIzsLv7ngXHTKyMC3E6c4i442rZOwjDuoLCPZ0DkrC1XVVU7RfPWtt/H4A/c6hfC6P92CL7/5FkmJiSijxcdjD9xDF59ofDt5Kr6ZNJkWKCtw1803sH6mi1Git+9SeEvLy3HZsUfhNpIjc+cvwPezZmPwgP6u38tpmSKrlSm0EHnuiYedsnvWRb/FtBkznbXCyP0HkRi5HAP79cVb77yPEcMPcG0nt2mDQ8aNcUFsdV3EyjeTpuGZxx5qlCGiRAFwO6Sn4v67SOCwLzVSyknG7JtpsyMJwmkBIQsSxS95bdJ8576SywDBVSTR5qwsQEdak5zJoK+xJDoiiEUdyQ0lKfuas41FRZgydToeuv9eEgQr8NLLr+KQg8chgtf++Z9XsWr1apx26sn47LPPIZIklO29+NLLLlbO6acp/wuH884QUnLPkpWV6tTSdaZOhIVHggRMlq5Hc92G02rEkRPBbArHoPgj+tTxODY2xhEZ6qeIuVWr1iCzUwb7zftuxQp07dKF0rlVN9suZ2DZ/OUraJnSwclezng6XbI6OeJJHjiyLBE+is9TTmsllVtPKyqfzI4BvbRDQ8AQMAQMAUPAEDAEDAFDwBAwBFo+Ai2GLAmEqlenNMxivIhYBq0sKCnHcaOPp/VGCqpKTkV8u34Ii05C+tALsKm6FJUMzvnFy+/joDED6frgC6LqyQptFerij8gt5a+33UBrjQdpPZGOvr17MV5DIQb17cW34GtJoMTi6ssucsqo3AzCFCeEadTwoZhCUkGWJU/feysWLVmCT2g5MHTIINTShad1UhLk+qI0bP/BdGUpcFYDw3mcSNKkmu4Wcqv53wefYuigfujRrZtzh2hUlB1BUYt4yhdB8/tb/oz4mFg8+8RfnZuH3G3kEtQtu7Pb5UZKq2QXUmGmDuvcKdS2+iE3IllPiABxCi5lK86EklxsgmUorolMBA6gvChaOijI7L5LlIhbCHHYlFZWIyU+Br0z0nDnaWmOhLjztfE4nDFKRvTqjBpaY8htp5ZWPyVcW3GMcSICTuSDaKTpJK7SuT2vLDHat2vn3JzkxiSS4VvGyLnnztudpRGL49XX30ApLTUmM+ju7bfeyPx2TtZLL/9H07JDSXyHXG60PbBikMRkkHjQp5kkS5QQrn1ZybDjGvxWpRvXH3NFHG0m21FcXuKIHcXLkbuRiMZqkoKywlH5klJuV8zvOlqRCA9Zk8jNKJlWSaVl5cQi3VlKaW3GkZCsrKp066+olFY27Pf2Yp5s1TE7MQQMAUPAEDAEDAFDwBAwBAwBQ6CFINDiyBK9RR/Xtwse+3Qqrnl9AuYVV1DZikBMxHqn9G1q+NKnuJLQkFJbWb8JoZ0OxNDuXXhOJU7KoT9t2sTtgUN8MSTkgqMYDVdcejFOPO57tKfCm8MglweNOdARBQrqKneBUlqFyH1HW/YOGjgADz3xDFJTkmmVcTpdYdbi2r/8DeP//ZSz/JizYLGTmcE4EB+N/wJnn3aSIxwq+Rbe7SDC/hUytshdN12P6TO/p4vMU7jmyt86RdR1kV2VEi6iYuh+QzC4b28M7N8XiQkJjmippbIuJXzCXx7GlXxLH0XXno8//xqHjB1DS4XlLhCs5NRTca2nZYSSz3XHh4GUWJ91TUeO41lsoKtQFJX8rWSwjX06Ob6AcUNo+ZCaFI95K9ahS1prcU0u6Xsz58nL0HzISmJNURkWrSvCQO6c44gSElW1tDL5buIk52Ly6GNPOAJAVhnTpk1DehoJFJJOIlGUJDeca1Tkg4IIa0tnl9hWKxIZO5PC6DpTW1DptgfWrjeOANmeAMqv5ZpTkFe57myVNExed2PkWnfrnGtHfS7yx+DR2JWyMjs5Es0XuDXEESguGDKJG7nHac3HcaeqinLuusMkQkRlJd8LeCw8kihHbj1q05IhYAgYAoaAIWAIGAKGgCFgCBgCewsCLY8sIXLpSXG4ZOxgHNEr0ymGcoVwQSalb0kLdf/whP/r7XmntGRkprZ2cU48ZVClIqmkeru/SJk776wzMJ9b9Sow6tgDR2PyNO6oc+0fHDEyjvE+Tj7hOIwdNRzX3Hg7fn/lb3AQy4w+YD/31lzWF7169MC4Qdxylq40CpB5y3VX4oFHn2B8kii6LGRh9MgR+PzLrxutTdTVeMaG0E46l158Aa66/k/4ji45I4cPQx2VaOqVLl6ExiBy5dY/Xd+oVCrmSSFdPrp1zcZlF5zN+CoPUTlvhV8dcQgGkFDJyc11ljcaZzhjUag/kqdYEorL0rN7d0fC/PHWP+P6q6/AFRedi9vp6hNGy5OmZEjOvpg0B1LUtbvSsK4d8f6speiXmY7OXC8KfCty7qjB3dGBrjfaXlqWRTVcb1O4c46sUAZ1ac+gw5ucm838hYtcQN2HH7yP8TpiHFmSu2wZ7rnvQZ8rDgmK2bPnutgxs+naVUYXKxFfdSTedD529CjMmT3HEWE7hLWIDbYdThm13O66ltZQIiDcRDclgOUbqqpRS2Itom1bxvaJdPXJzrh7RWtMRIeCsooo0U43ilcSy7UmuaUMJKv+Ci8FKd5yL9E9joSNYprExcY5MqmcY5NViqyRdG8pWLLWoci4ep53oCuYiCJ9fPdsUx22PEPAEDAEDAFDwBAwBAwBQ8AQMARaJgIhdBURBdGikjoUTmJA1gC+JJV3+2mTlDUqgYFJip4UOCmWIiukKMoVQBYjOhaJIqVQhITyFWtE57ouRTCayrBcaHQuWSqjelIMFZtBSXJlkSJrjtaMa6JyivtBMX53GLg+SKGUS41kydJDVgZqS0l15TqjuoHJe1MfQQVcbWuXHbUvlxvVlRwlyVVZKahSVp3SSnnqoxRenSvArM6bk+H1J7APu/tYOJQyQKnGmkClXOPZsUQSgG4oi5bmIonKfRatbdTfYMy8vEKSClGaP7omKU9Qh5KQqqipw/9NmYfcgiKcM3ogCZM2vMZ1wX6JKBH5VksC5ev5y/DxvFycsl9P7N8tw5EqiknyAt1n5KJ11umn0h2lwREF7ATuve8BWiiN5hpojYceeQzZ2Z1JWiW7IMJXXXk5ZjEOzdPP/ROZtLJQfgXX128vvcTNyQ7hzjbq6M5TtXIlIthGJK2iFMPEDcwDkGVElFStWEG3nVBEd8xw1iUiWzT3csVavWad26XHw0lYpjEAq3AUIbRixUoSbNyph+eyDulEd5+85csdoaJ+i1wRAaR5lAVKJq9rbeYsy3MuOYpTIlJFgYSFq9rRfdWO/d2hcXpjsW9DwBAwBAwBh4D+durvrH7Xkvi7qd/85pL3913PNvrt/6Hyzcmya4aAIWAIGAKGQEtCQHqtdJE21Ie837vm+ueVKaEeLT1c+qd+U/Pz85GTk9OoK3oypBNJx87OzkZWVpbT5VokWaIOa3A+OsHr/va/RTMEK84q7eVJlpK+pegpSVHXdQGmJMLBS8rTdQ9g5XsyVMc71rfKKk/1de7J98p4fZA8XdN5IEkgVyKnqHuN+7+9epKjjxReJU20UmA7gWUVY0LuEKoT3LfmZDihe/gf9fnnIEs0LK0AYV1Ca5G3p87HzBXrcUivLAzs3N7FMBHZlFdQjG8X5SOvsAzHD+qO/WiJEkhh1dBlSeSV8PbNr+J5eC4om5x1RjkJKpF3ikMj4kxzIFItON+bi52BvI7uNVXc5UYWIxFtU6Cdb0SabOIfDl2T9UkoyYro9u1cGXayUbz663Op8eVpLrx1rkLeGtIfIZUV0aSkda1r+qiOyD0RIXoA93BQeeEnNzaV0bnk6Fjj1LklQ8AQMAQMgZ1HQH8/9bfayJKdx85qGAKGgCFgCOxbCPwcZEmLc8PxptQpaN7JLn4HK2mecidxOlbyyAfv3MvzzoNlBJ6rTCCpovPA65LlnXvXvHNdU2qKKFF+YDnVDe5n4PXAY59C7BtfcN+ak6E29+Wk2RbWSdxp6aQD+qJL6mpMy1uDSbmr0VDnIwQiIsPQmbvhXDB6ALqkJ29FlAgbxfbwiC7NiZc84kPuNnKfUhLJIEJBc7O9fK/+jn6H0xIkhFZDdQyiWsPtrqtFnDkWiCQcSZyItsmIJNMaQgsjNryVWPU3LMxHFOqC+uWNxTvXt/cW0ltTsrrxJKm8L4Cwr75XRrJlhaVzL88jW7xzybZkCBgChoAhYAgYAoaAIWAIGAKGwN6CQIslSzwAnQKmk62UP98b/UCF1Su/s99NyWgqrzm5O1u+OVnbu7arbQTWCzzeXjv7cr7ojQZa3cRHR2AUrUp6dmzr4pLIhYt0A11PuG01g5YmxES6+DfBWASSC4HXPEJA+AaW+aH8QBk7ehxGi5VQEjLa8WYzyRLdFop5o2CusjghCxh0r2yR7PVnS862R8FlPKLEKxl8fXv52yvnlbdvQ8AQMAQMAUPAEDAEDAFDwBAwBFoyAi2eLAmn+amLXcIdNbYkvsHmm3vtTmLJENgZBMQl1Dco3gmQmhCH9MT4raordofIkxZLLLF/cr2RC05gcuSEmJOtSMXAEnZsCBgChoAhYAgYAoaAIWAIGAKGgCGwowi0aLJECuuKolLkrd2I0iIGZqmuQR31wZj4OGR1SEU2XSXkWUBjgW1cJnYUACv3y0NARIlSPYO5kl1wx43/8GKLJUoaO8lekzRxSd33jyfgsh0aAoaAIWAIGAKGgCFgCBgChoAhYAj8CARaLFlSR0V24uLleOGLmXh54Upg/mqgfwfcf/BgvDX1e2wmcXLmiD44aVhfWgfEtmxrgB8xQVZ1zyHgI032cqZhL+/+nptdk2wIGAKGgCFgCBgChoAhYAgYAobAriPQIskSESWvfzsLj387D/F0OegZH4UTLjoYxxzQB2XVdfh8Xh4+nJ+HySsLMCdvLa49dhS6tmvDoJo+94pdh8NqGgKGgCFgCBgChoAhYAgYAoaAIWAIGAKGwC8dgRZHlmjr20kLV2D8klW4/Yih6JfVDmtLyjF56Sq8PGG6y1+8oRipcVHYXFePZyfMQpuEWFx99AhuARvdSJjIO0FxHAJfvHseCz/kZuEFp/TKeUE7tRXqD6XguoHlXX88H5DAC3a8mxHYO1xpdvOgTZwhYAgYAobAPoqA9zyyjw7PhmUIGAKGgCFgCLRIBFoMWaK4lGGhISisqMYHs5bi6D5ZOHJIT0d4rC+twDp+shmnJCE2Gvd9Nh213EK1f6d0RK8uwP2fzcCgzu1w4tDe/s1ANnOb1FB+uIUqUyBJoe1z9dneg4fKhjKorLZQra2tdfWj/dvB1nAHkh9KqqtPbV3dVkSN6mk7VW0p65EvPyTLru8cAt6chnFtNHCOI7k7jLdd8s5JstKGgCFgCBgChsDPh4Be9LgXPHzB4p5h/M8mP1+PrGVDwBAwBAwBQ+CXh0DLIUv4WCByY27ealTRDWd4907czhX4etEK3PzGBCxZvQGju7RDUptE9Expg7iIMBw5sCsKOqXinTk5+GZhPo4Z3AMRoa3QimRFYVEx8vKW87iVIz6kNNfREqVTRge0TUlxSrQsRfQQoiRFW8dhYWEoLinBkqW56N2zu6v75dffMiZKHcaOHu1IGJXz6jXW5UEo5aluYWERunTO2ooUkfzFS5YiNbUt4uPiHGni1dW35Hl9CMzXsaWdQyCOO8Vs2LDBkVYR2k7XkiFgCBgChoAhsBcioGeDkuJi9yyyI9ate+EQrcuGgCFgCBgChkCLRaDFkCVkC8hYtELhxhK0j41CalIc6rjjx7rScnybvx4oLsN/C8vRLSsd+3eLx5CsDjioe2ekt47H8cN64y9vf4V6WnNEhEU5Jblgw0a89d4HtFYJxZcTp2D4kEGchM0489ST0L5dO0ds1JFAkQWJLEFkNSKipLSsDLfd9Rf07d0T3bp2wWNPPgu5Bo0cNtR9ayb18KKy+qhNbTer3UnCqZgvzcnFiHMvx6L3XmH9bFRVVSGGlilz5s3HAaddgO9eeRYD+vV1C8KzXpGliWRJrvqiVFtXS8uUQCcil23/7AACeqBs3bo1SktLUVlZyd2SfITYDlS1IoaAIWAIGAKGQItAQC9QQvj7pWeFhISEFtEn64QhYAgYAoaAIfBLQqDlkCV+1Gurq5EcFY64qEgSGHUYSHLk2jH98PDURTgktQ0OH94e5RGLcUDn3hiUleG2TU2KicMJA3uTzGjl3HDkAtO1S2fcdcufqCxXIS//elx56UVIT0ulxcFGFNHqZPWaNY7MWLtuHdatL0A2yyfyYWTKtBmoo6vMWaedguUrVmDi1Bl45m8PUvlOQhX7Fh0VRXeacBQUbMQqysjMyEA8tzL2knvzw4eb/7z+X9x4w7WO/KimO8+Lr7yOtpERznpED0BqV4RO1+wujkzZuLEQcvdZu34diZxQZHbKaLQ+8WTb944joIfL5ORkWhPV7XglK2kIGAKGgCFgCLQgBPQCxSxKWtCEWFcMAUPAEDAEflEItDiyJISER30943qQcNB/2amt8ceTDsLovt1QtakE3xd+hPz1q9EtsQMKywqdVQdfvSAjK5bWGXSr2eT4E2elIUsNWZPIckMEhRTnG++4G1EkPLI7Z2HN2nX44JPxPI+mDcdmXPe7yzFx8lSsL9iAZ194iYTGesoMxX/e+C/Wrl1PV5x6PHjPHZg8dToee+p5DBnYD9XcwvgKEjFRfncPnd/261OxYeNGfDdxMsYeOAqffDYB1bRcOf2YQ10/pkyb7siTpMRE1JFIuYOkzgeffIovv52Egf364MvvJuOKi36NcWMPdBYv6rulXUNApIklQ8AQMAQMAUPAEDAEDAFDwBAwBAwBQ2BnEGhBZIkvnFlsQhymL1uLAgZ0bUN3nHrGL4mnpcmvhvRATmEeXluWj7KqMizcsJQWGGGIaBWO+s31aB2diJGd9vczJVsg2OKA4YsJspZWJHfe9AcMGTTAxTU5YP8hLpbJ+Zdd7eKNHH3EoSgtr8DVl1+K+QsX4a+PP0mrlIsZwyQHj/7jGedW84/nXsBVv70IB+y/H4qLSxBBhdxHzMBZg7ROSsBxRx1OF57n0LdPL7z8+lu45vLf4P2PxztypW/vXrj71ptYth4XXXEdLVhWumCyw/YbhEsvugCDB/TD8y+9ihF0/dFbJU/2llHZkSFgCBgChoAhYAgYAoaAIWAIGAKGgCFgCOwpBFoOWUKuZDPdXzLSUzBn0kIsWrEOo3p3dmQJDUdQQ6uQjgntcdPI3+F/Sz7G0d0OxQEdh+CznK+QHp+GHildHfngEQueNYYoGN9xiLMw6dguDd26ZSvTxSd5m3FNamrrnBWLbwebEGfyKrNXxSrRtwgLfbS7Sg0tQSK420qP7t3cjiuJiQm0hKlz1jCaJJUvLinDoAH90bdXdxx12nk4+6Rj0a9Pb/z7tTfpe8y4KKVlePm1Nzi2Bteugs+K1OnYvr1EoAO/FQdFliyKZSIrG7MtcdDYP4aAIWAIGAKGgCFgCBgChoAhYAgYAobAHkdAG860iOTcZGhF0iUtGQdz15t3vs/BmqJyRNINxjMXIXWBfum9cVqv45AQGY/6TfWorKvCi7PfwOw189CKAWKbSiJBvFRFN5kGuvnIJedPd9yDXtzx5jcXnOcui2jRx7fdrNx3NjurE+XJlUcxS+TCw1NMmz7TES45ucuctYhIEiWvvsZz4nHHkPxJxa+OPsp3jf+KbLnrgYfRu1cP165IErWjvq9dz0C2TDO+n4WU5NYuPopzIXK59o8hYAgYAoaAIWAIGAKGgCFgCBgChoAhYAj8FAi0GMsSWU7IgiKGWwKfOqI/7nzrSzz92VScP3Yw0hJjER0eicUbcvDY5OcQsZk7x/C/qoZqhisJwUdrvqXbTgH+dvQ93Dp4i0uMB2Ayd0Zp5Y/7kcxArToMJQlz6NjR+OKrb7E0Nw+ZHdu7HXIUoyQxId4RItpJp01SohMjC4/4uFhnXXLVZRfjoceexKeff+m2Ab78kgsZ9NXXmixHVF9kTMcO7fHS0084axKdJzIQrGKbjB4+FJ+z3Vy6FGWyjCxYYmOi8dr/vYtVq9di+apV+MPVVzprlgZan3hWMt547NsQMAQMAUPAEDAEDAFDwBAwBAwBQ8AQMAT2HAIh1dXVMm5oMUmd4Z42WL6hGK9OmoecgmKM6dERAzPbIz42BOvLV9FFhQSCytEaY0nRMvx3yQc4LvswnDXwJOZv67BSS2sOBfoU6eAde5YgBQzmGhMb47PiIFmj2iIoVF5WHbIyiSAT4o6VT9JE1yq5JXB5WTmSSKaISGmgVQw5D+dao7IusKjk0eJE1iZKsnBRfbWtILKxbFfkico++Ojj6JLZCUcfebiTpWsiWPYlokTj1na+GpO2QRROO5ZCaA1Uh0VLcx3eWdwpSJjuS9jsGA5WyhAwBAwBQ8AQ2D4C3m9jYVGRe5njnkW2X9yuGAKGgCFgCBgCew0C0o3LysvRhoYQ3u9dc533ypSUlDidXvqnQmvk5+cjJyfH6fgq4yWPK8jOzkZWVhbKysrQYixLGjvJg020GumS1gYXjxuMmbmrMX7eMrw7fRHG9czC5UeN8oo675ycGfk4lW45R3Y/2JEnTcX3kOuMp5h7xx4w6elp7tpmKu4egeIFVdV5FLcwdm4yOia4kq+JiuI2wDHRbR2xItnU/13cEREnSk4+M712lBdJ0kXn+rTzt6u6oZTdq0d3pKW2JYES63bA2deIEo3/p0zC2MiUnxJxa8sQMAQMAUNgTyBgv2d7AlWTaQgYAoaAIWAI/DACLY4sUZdl3VFLi47kuGgc0r8rRvXMdAFURUhU1Vbz6hYG6NgehyEiLIKEg2/XGNUNTh5RovzAY51vRUpQwQ5OIkq8JKJESUq48hsatrX80EPN9lLgtcB2ZXFy5GGHuGq09HHyTdHfHoo7lu/hFzzfO1bbShkChoAhYAgYAj8/AnLT9X7Pfv7eWA8MAUPAEDAEDIFfFgJ7nCwRd6D4Ij5+w08kkGzQj39TxIYHv67XN8g6YDMiGQckMiKcl3xBV310iq9kTEQMLTVoi9IMSeHJbOr7xzyE7M66Xv9/jMymxvdLzBOWRUXFqK6pQTlNtTxro+3TWL9ElGzMhoAhYAgYAi0VAT0f6TdLrroxMTGIY8y0mOjoltpd65chYAgYAoaAIbBPIrDHyZLQ0BDG6SDREbhTDcmNurp6xh4RGbJ9XL1rzqJjO2TIJsqyZAgEIiBrkjXr1rvYL6Gh2qWomUUWWNGODQFDwBAwBAyBFoRARWUVCotKGDC+nSNL9DLAXqq0oAmyrhgChoAhYAjs0wjsUbJEP+hFFdVYuHwtCjYWo4Y/+qEMZtouPQX9u3RAHON+1DMwqkeK7NNI2+D2OALeQ2RFZaVrSzsTeRY7e7xxa8AQMAQMAUPAENjNCITwRVMkn5Uq3e+aESW7GV4TZwgYAoaAIWAINIvAHiNLRIDkFRThmc+mYWZBCUa0T0FyZBhKy2vxyfKNSJuTizNG9kMP5m/HaKTZjttFQ2B7CNTS/UY7GnkBe7dXzvINAUPAEDAEDIGWjICP8A9xbqW+YPNmKdmS58v6ZggYAoaAIbBvIbDbyRIRH2F0vSksr8bfP5mKWiqt9/9qFLLbpSA+OhI1dQ1YThLlX1/MxH3vfYdbfjUaXdOT3Za7Zlq6by2un2809jD582FvLRsChoAhYAjsbgTsV213I2ryDAFDwBAwBAyBH0ZAAR12a5JFiQKzTl66EjWMSXLVEcMwmC430WGhbkebwoL1+PLdN3FwVhLaxsfirSnzUCcrgCBfHL1NUeyJH+tGofo/Robrh1/Gj5GzW0E2YT+AQPOhXH/smghs3NZEIBp2bAgYAoaAIbAnEGj+V21PtGgyDQFDwBAwBAwBQ2C3WpZIcdQ2dxU1dfhsXi4O7pWJzLZJqK6tcy4Ra9euwz//9U9HXhzfrTM2xyfjhS9numCvYVER2OzfpldywhnbJDQ01LlT1HMb4V1N8vWVXG3PuyuWK2HsQxhjXyhIqPqlLX9F4uyKrF0dg9XbPQho/jRvYWG+ZS9XHbfdQDOv7FRHyZtvzb3n3uPJkhyv3O7pqUkxBAwBQ8AQMAQMAUPAEDAEDAFDwBD4ORHYrWSJBhIRRnJicx1y1xfjvFH9Ec7dSGhogoL16/HSSy9yZ5wwnHPOOUhOSUZWfQjqyisd+eDICGqu0ltFlKxYuQp5y5ejS2Ym0tPTnDIaqJB6yuuWPG1H7O1Q7FNwpRTPW7DIbb3XOSvTER0e2NvW910JzBdZs5Fb0K5ctcqRNtHctq9zZidER0WhTgSOa3CLMu31JVBG4LFa0Lmr4Vfcg+uoTHCed+7V17elnUNAGGo9iOzYuHEj11gYEhOT3PkmBhlucsMcTlRERCTnQ7s3+cg2rYHa2lo3RyLx1q5Zg5S2bZ3swHnaud5ZaUPAEDAEDAFDwBAwBAwBQ8AQMAQMgZaEwG5zwyFVQRJgM3I2LkNRVQliSXjUcHtgKadhoWHIz8/H+PHjMXToUJIf6ZCCKisUH3Hgg2Qzy0ZEhGPipCm49qbb8c3Eyfj9LX/G3HnzXb6IhigSFVJ6pZh6CrAvL9Sdh7Zq5cpIGVb59z78GJOnTnNWKmolMjISkRERrkGvvkgR5Uewz17SNZE202fOxGXX34JvJ03Fs//6N67+w81uW1pZrMh1SGX08cqrL44Q8df3jtVntaNy6qPOlVx/2LZXTt9RUZGNMnWusvp4/fb6aN87hoA3zxs3bMB999yNm278I35/3bV4/LG/obKigrtah7h1qnLeRwtT+fPnz8XKlSt8Vk4kR6ZNnYrS0lKuxwjk5CzFuIPGIG/ZMjc/noWJk+G3klIPPZn61v2gT3C+Z1XlLtg/hoAhYAgYAoaAIWAIGAKGgCFgCBgCPysCu82yhCogZq2dj0/zvsBJPU7A4MwMzF+9Ef2z2nGAdejZsxfOPvtsvP3OO+jYsSN6dO+OBas2IKF1AlrR+oQapXNvqKXLzj//8xp+d8kFGHvgKKyjRUpoq1DKCEFVdTXmzl+A9iRbUlNTXN669QVYvXoNsrI6oXVSEsrKy7F0aS7S0lK5RXEazj79FMoNbVRQFyxc5BRbWZoobSwsJAkRidVr1iI6OgoZHTs4KxJ3kf/UkfA5+uADcc0Vl2ITLQzOu+QKki9TcdQRh7ut/CoqKunmswmZtDiRNYysFrK7dHaEjc5TaEETRWKlsKiIpFEokpISUVJSxsj21WibkoL57I9SVqcMR5JUV9fQGmYh2rRu7fpSQWW+sqrakSmF7KvXb1fJ/tlhBEQ6vfnm64iOicFfH34URZyP2bNm+cg6ShFp5bnXiMyQ9UhMdAze5Xo95JBD0bdvPwj/Z599GnfedQ9iKKd79x74v7ffRQeuZy5fzl+0jwDkidqTDEcW+skuHasN75pHhIlEUX4117clQ8AQMAQMAUPAEDAEDAFDwBAwBAyBnx+BH02WbKKiFxUWiVlr5uLmr+7H4OTemLd2HuYV52Le3FAM6twOAzLTER8fhxNPPNG5sFRXVmBVUTnenbEYh/Tt4sgEyZHSKCuN/n164cVXXkdCfDx69+7p3GhycpfhsSefRZ9ePfB67ts4/+wz3Nv+x59+Dr26d8NEWo+ccsJxeJxlOrRvh/UFG3DFby7ChC++RlxcDI4/9hjcdf9fnaIqpTSjQ3tccenFzvJkwlffuTa/mjgFN113JUYMG4qKiio3O7IeKSchIuV6zbr1JGQSMbB/P0ybPgNP09JESvaZJ5+AnGV5ePHVN9C7R3cs++eLuPH3V+NfL7+CMSOH46AxB+LOvzyEAX1746Jfn4t33v+AcVDCERcbi+9nz3Uyhu0/BAP698U9DzzsXH1Wkbw57qjD0bFDB/zh1jupuEdx7D1xyQXnbhMM9+dfRi27ByIl5DKzLDcXY8YeRAIrBa1JRmVlZTmCQkTF4sWLMXnSRLcGR40ejS5dsvHN11+ReFuC1m1ao7i4mGuiHLU1tZjw2XgkJCQ6y5M2bdo4YiwvL5euZgWOHJk5Yzp69uqFYcOGI4puOwUFBfjyiy8oowg9evZ0a1xEi8iT8Z9+4vogMmbgoEEtG0jrnSFgCBgChoAhYAgYAoaAIWAIGAK/EAR2gxuO7y16eU0Fvq9cgbXl67Fg4yL06hiK4R3b4G8fT8VXC5ahpLIacSRMDj/ueJRHtcZtb4xHZHgrjGYQ2FAqsyJKlKRAyhrkwJHDcNu9D+I3V16HNQwM+/5HH7uwEgeNGU2LjGS8+b93nVVGcXEJTj7+OFx+yYW0EinCB59/i3FjR+OGa65EcnIbZ2kiCwG54hSXlOD2G2/AzX+4Du98PIH1FzsrkrFs6w/X/g7nnX4SPp3wJfugMflWgMibb6ZMx9PPv4jb7r4fVVVVaN+unbMakMXHw/feiUED+uGxp57Hzddf49rt2a0r5XyBYfsNwey587Fhw0ZayGzAjFlzUU7Ll5mz56Fv7174hG1ld87C7357sbOi+eiT8Vi1Zh0OOnA0r/fE45RZVV3lrFKuv+pyjvECh4GvZ/bvjiLgkXDHHHscrrn6Kjxw/1+cO01ZWRmJuCi62szDnXfchm60duratRsefeRhut6sJBkXBrnuOJccLgiRbFVVtCRiw2Hc3WkDSZAzTz+N+VVYv24dzj7rDCxZshjde/TAby65GJNIvoioefSRv9LiaAP69euHJx57jCTM167rjz36iLsuoiQvb1ljXJQdHZeVMwQMAUPAEDAEDAFDwBAwBAwBQ8AQ2DMIhN588823/xjRUgZFcKTEJWNAYheUb67GRYPOxJhuI7CuPg+hm8MwK78UX81fhu+4Q86EBXn4ZNEKdE2Ox0Xj9kN7uuE0kCiRHH2k2MbTokTWG6fSUmTJkiVYvnwFSY8KpKW2dQFi27ROxIB+fTBk0ABHJjz0+JOoocI6ZvRIZGd2JHHxHBYuWoT9Bg/CAgZ4lUuL3FkUC2T/IYOdO8ycufPQoV0aSsvKkUzLgV60CFnFYJ0rVq7GqBEHNFq5zF+4ENF0o7mBZMppJx3P2CvLkcsYFYmJtCxgX8eNPdC58EwiGXPGKSc6qwG1NW3mLBxx6MH44qtvHWHTp2cP9iMRy1eswga66px8/LHoS0uRj8ZPwMuv/xfdu2YzBsYyWtPEIimRrkkhrWiRMsq5CMlV59QTf9XoJvJj5uvnrKv5rampcfMsixyPIPvhPnFdcI2JDFNMmCRiryR5wUl5lZWVbr0oRoyS8rRGMzI6OZea/Pw8xiy5xuXJmuO/b77hSJMDhg1DbFwsvv3ma7cGjzzqaHz++QQcf8JJOPzwI9CWgVy/+PxzXPrbyxh7ZxjapqZiyeJFOOLIo0iIbXBju+73N2DAwIHOemXp0qXo178//vncs7jm2t9jxMiRLv5J7969XZmH//oghh4wDLJkGTx4iMNjxzEJHrmdGwKGgCFgCOyrCCjGWzItGZv63Qses8rIbVlxzrzfQV8Z30upLeW3/Q3dci34yKu7M3WCZezqudr22v0p+/FTtrWr2PzU9QIx+bnm5acac+BYg9ts7lpw2ebO94Sc3SWzuX5v71pg24HH2ytv+YbAziEgfU5hDrThhtKO/iZK/1Rd6Z/yKCihAYW8Rrb+jfTJUwxKeQ4kMbyH2toNliV68b4ZkdwF56DOI3FUl4MQxhghDexQaHgFolNW4sjB7TCmewZ6tU/B6K4dcO0hQ3DlEcORlZLkFETvJ1ADVqfefu8DtwONQNCuM+3bpSMzoyMH1AqHjBuLUSNHILNTJ13G6aechEfuuxPP/+dNaGviUcOH4clHH8TsBYsxj/FNpFzXMD5IO8Y5eeu9T1BGcmTjxkJM+X4OOlGmrAW004lSfX0D+92wFfBu22HGUakncOpbOUmbBganVYDaagIv5VZxSTZw15zZJGCUJk2Zik6MfZLFOCYKWPv48y9hNK1X5EZzOgmV/UjyKF+uSff9+VYcSkuYDz7+lC437VHDNuS2IwuaLp2zXHyVisoqFzvFmTi4FuyfnUVAays8PMKRF1dc+Tt8/sVX+PijDzBn9mxnXaQdbXJzcjB3zlwcQZKkd58+LpCr2qkS+VJW6gg3zbesg3Su4LC6+fQQp3USQflaS1pTIvzkthMXF4cTTjyJwWQfxd+feNwFhe3Wrbu7Ye/9ywOY+O03OIbuVq+/9prL29lxWXlDwBAwBAwBQ2DHENDTVuCHp/xN27Hk1fuB0pK3wzJ/QFbjZe8pURk72I/Guj/mYBfbcuPfUVx/TP/8dX/S9gIx+Znm5Scbb+BYg+epuWvBZQPO1XfXfy9vF+V41d231lqgnMDjrQr+BCeBbQce/wRNWxOGwB5CYDfELNmE6IhofL10Ip6Z9TLaR7VFZX0Vw71uRml1GV5a/yX+PjQSvx1xvm8I/COh+CT1JBucRUnQwFrRGmD5ipX4v/c+dLE5FFtkzOhRqK2rxUOPPoFruBtNcUkpLjjnDEc4vPzaf2mxkYSLzz3dESu33HUvUmhJMpBxT/ryDf7iJTmO3Bg0cACOPXwcbvrz3WggKXL5BWeja3YXfDx+QiM7JQJDcUQCUxwtDaaSWLn97r/QHaYYqW1TcBItXhSzJIFkh1gq1bn5uqvw/Euv4L/vvE9LlEiccNzRTszQ/QajgJYk6Wlpjr064cxfoyetWEJoOfLSK284xVsxUU4/+XhHpsycPQeXX/sHjrcOR9MyZfCg/mhDZktvlSztGgIiSkRiaPeazMwsF29E5EhqWjpiYmMceyh3q9NOP5OEWZ1ztVKME5FjYhejY6JZLtYxkTpXcFcxmmImtbWwktpwgYr9xyJVRJ6ovGKVKAaKXHwULDYtvZ1z3elDQubhvz2ORbReOo1xb/bff390zMhwfZU8S4aAIWAIGAKGwG5BYBOJ/fpy/ljxHZl0q1Z8/AuL04/XDohnhdpi1uGOgarTXNohec0JCLrWwPhxDZVAeBL7SmvR2qId60eQmF06ra9gNY79h8YcLHx3YxAsP/j8p2yvhq7Jes8angDoWN9hMZyXQmZH7DxWwWPZkfOfarxad7pvwrT2Au4Tbvbgxt6Kz38RPkvnHem2KxMoR2urrsy3nkP1llw3ZkA7OyTUX2cTNwio4b0Rkcw+87iBn6jUHZKw+wqxL4F/J+o5tk317FPr3deESTIEfgYEQvgWXHfaLicphdoaeE3JWuQVreCfUJ87TQP/mExeNQPfrpmOK4acj1GZQx1JoobcnwL+wWjqT4IUUMWDUCwS7UTTmkSIl9RWIV0xIugWo+CvIioUd0LEQkpyslNY5QIj6482dK2RAqy3/FI8tdWrvosYqFNtyJVDiqwzr3FthrkgoJKpel5SGfVjs/44sscxVJxlsiO5Ai6cO50oqY7aVUwT7XijMqoreeq3ztW++qo6OtY17ZITzV1UZGWicrzgdl1RefVRSrsUffV/b0/CXdvuauwJCQlu/Ds2phASXHVYtDTXYaudg4SV5AQmL08uMavXrndzIoyFZXl5GW65+SbnPjVs+Ai600xALAmQm26+FatWrcJll16C00mWpDMezYQJ43HOuecxxsgA3HP3nS5OiYK17r//UNzB2CbZXbIxeL/90DmrMw4dNxZT6XI16/vv8czTT+KpZ55zY3vj9ddcwFhZjzzCmCXfz5hJqxbfjjpjGWR2yH77498vvoC+jGNSWlqG72hhctMtt7o+beK60TqwZAgYAoaAIWAI6NEgNDTEuevqd7S55P0O6tkinpaNjc8zK74Ept9BxYzPVA2ciNfVAABAAElEQVSl/KaSm9AF6HUqkD6UIv2Pgvryfn/03CNypY4ky/hLgNT9gSHXsKi/bGM5nutY5ddMpHwqmB3H+ur6n2u29Nk1sOXUOwout1m/gyRHcj4CZv8BGPd/QHxH4KOzgbThvn54dQO/A+Vs71jlt3fNy99Mi+NJ91L5KwEOvN/Xl8Cue+W8tr1zjT3/U/Y1A2g7wLsa8B0opJl+uBo7UHab9oLqBLS81aHXX2Vuc6zMJp5Blr7LNcS5yDgF6MnPB/2AkROAzmN4zHWUNrL59RHcVlPnylMK7FPg+Tbjbaas6nkpUN42xyqk8RI7B59/7LOeBVa+Dxz8HImHNrzmvx9qef+8fxTvm0OA4bersq+/+vbuCZ8g5WxJjfcHiYyMg/331aVAO+I28Le+cq5vOmyiP4H9dqX9c125lmv1L0DBK8DY/wErJrPfvF+O4zoUwemK+ct69QLHuY1cV6iZfwJlsZiHi/s7cTH/ThzAdfA7YMqDQNEC4NBn2I8f/W6+mf7YpV8SAtKJtfOtQmx4v3fNjd8rI7cb6dTSP6UX5ufn8yV6jtOvVcZLTlfny/Ls7GxkZWU5nuFHr14JrSdz2D6xHTLa8IdM7fG3tbSqDNPXz8EV+52PEZ34A6vsxj8i7rTJf6Tc1tQ0uB95/dER4eANQm21bZvsXB6Ur+Rih6gPBEDl9NZfrg+6rjyPZNC56mt7YSWBrXPvuuqG+YkPrz2VU17jwwbP1T/V9fK8siJdtPVwLMkUueyobcnXhCipnD4RJFW8Yz30pDHuhWSqvJLqyC9ZyeuzXIlUxtLOIyA8hWNcXDxuv+NOR2qsW7sWR9HVZj+SH5qDzMxMPP3s85g+barb9eaUU09zliCak/N+fb6LYRJBa6EEkldXXX0Npk6Z4tZYItfSU889T/IrHJm8oRTLRPK0FuTG05mkSm5uLgrp9nX/gw/STy4KeYx3c/bpJ+KDT77AIYcehtmzZ5H8i8TV117nZHrrZudHajUMAUPAEDAEDIHtIFBFpX/550CXc4Hk/kBlAbDsISpW/BxDhaZNT19Fpyfq+YrPLiJKlPR2eO0nfEOcxhM+5PF31Ze8cv7zEJab+ShQsQw4dZKvSHBZTwkMVsYby+lZh+2KKFGqYL9XzKZVTKVPKVv7BhDZgRf0sOn1QwX9qVEOz5s89uQH1G0sx2vemDdzLBuIS9UaNsVxqj9eFT7LbZEdhIHe6I8/Fuj3Zx9ZslU3A09+oB/CoLHBwLEF1QtuL7iOv+o2X27M/v40jt8/TlfY66v/exPxn/UIUE1rkowxPouKzKuA2BQ+rNZyffyX85LBmiwfKM+tIw84Xm68VscTKvKN567RLf805geVCx5v4FxsZj9CtiPTyfOPpVF2wHg9Oa6rfoxLN5J0IPmw6R9b+qUjKf7tDgWSum3Jb5Tpb2OrefDa9d8f5UuA02b61vPKl4GYLL+c7fWH+cE4qobX5zXTgLmcm0F/IgGaScWIa3bT4cTCf/+6MXlz4K0fCdiOXF1qNgXK4rHXjvs78R7Xhu5PjrUon+uCfaOvgS952PhP7csQ2EsQ+NFkicYpG5G6TXWo1R9M/3kYf1jOH3A6osIj3Z8M3SI7mqTgyk1Hf3R1rI+XZOXhWvRnBZIMKidSwSMZdO6RGZ6MwPKS6V0PPta5kkds+M58/wbK9fIb2+YfLx177QXKV9nAcx2LeGHhxvIqE9xHI0qEyq4nb24UqOfQww7zz4Hi4/iC/Wi9dOAWzVlZWa4R4S3CQy45aXSfOu30M1x+TXWNc6Xp2bOXjzRjLJtx4w5mcOEadOzY0bn4KD6O6mZnd3Pk2by5c10Q2NmzZiOVxNj8BfNwzq8vRjK3LxbBIssS9U/rwCPwdn2kVtMQMAQMAUPAEGgCgVApkczvex6QNY4HfCrL/xXwHpWqRW/zDTnJEpnxLyQZsZpERwzN+bufSKWQVhxK4enU1yhDQmRqv+B1X7lolutxEssNA5ZQUSqaS9FRJE0ep/JGZbosj4rcS0BxLtA6G+h9FhW6zpTjKU7+78L5wPxXWH4lFXC21f0En8ULX0DAGdb6Fb/wLPYjkvX9yVMY8yZQMfvO14+ltAYIZx96nsy33EN8BYPl9+DY0vQij+3L6kZ1aivY5gBa25zONmPZDhsOpYuJ3Es2zmP/XuD1/YButKIoXQbMo6JbnEOluQtxPReI60grmKdZpxuwiv3JJSnVhRgref2sWufDroDjjUriOI/bgvFy1pH1Rk0pyavuxIrPHrKmmfWM3jaSjEihzI95je31OZtzRPLKa2/lJ5xPjic+C5jzd479Ao5vIFCyFPj+bzy/kFj0BSbewTGwnMgzEQ/9LyJuU9in19gu89rxmht/4pY+b+KzvfpQmutT7KsKOJcco9xvvBTemeNuYn1oHWl9pHN9KG2c61sP5ct9ePXiekhlP4PXQ2C52A4cL/FN6b1lvA7ffsT3eK65hZwLrp0SzklMW7bHtdN+FN+KVgDTHiQOg39gvKdxvjkXsiJa9CbnjpYZHYiDLLAcMUfsg5PGKqsNEQHzX/bV1brO/Yiy4rkezuE89dqCoeovfY99ncc8Em+znuTcn8w1MIgiKjlnz5KY4frVnPVh3cjWlFnEeQm4Hxtx5Jrl/46k2DCLY+fcxHbkeEnuaA2Hce3rvhHBV7TIt24zD+H9OpW4jOHY2Oas52kFxvPA+zfnQ+Z9Dgy+jvdPHDD1ARIvWezPr7lGZhAb1hlwNetwHc55zkcmhnMNdD6M83A02yNOYZwr3Tf6O6H7VG5ajakJHBuv2YEh0HIR4N20e5IIE+3gom+RADxDVFikz2qCyqcU0KY+geRBYE90z3mEw9b5Iha25KhMcLng8y2lfTKbux5YdleOd1a2ygcMxzXp8gIHuSsdsTrbICASSm5aCthaWalAvQ2NeIuo0DV9qulK5dYw50B1tLuOPgpkLCLElaEb1iaaHnr5qq9thZU0fyJa5HLUhWZcd/z5LqxbtxYzZ86gG1FrXHLpb2llEtkoV/KMKHHQ2T+GgCFgCBgCewIBKetSsKjb+RKfPNoNpTJE5WwdlabN1XSxeAKY/BsqQ6lAIZXsj0dQuZ3vU74aqIi5pxX+bk6l8u2VK2K5T0iobJjDy1TOGqi4bi7ndx0VVBIDE35HJfElnzKX8zrPL6NSvsEnS+b7kiml8FMq1HlvUwknSbCKCttnp1AG5YioaOwzi8s9ZusMnjMVLKMrwi1Ujm+i/PVs8z726wCSLyv4BooK5CdHBcmnglxHZVgK44cHsf/TWK4E+OJSug88TIEcp/oXSqWxlArnZ5eQjKDy2JaKt5Tqz1hu6b/943rVN87K1eya6hX7+l5PTJU8okSxJL67m/gRE5CAWE4l+11iXEwMpdR+cDD7u8anoM7+o68fUqTzxwPfcl7m/dXX52m89s1tvn64l5Rl7Dvb1Jv98lWU/xhlsi9KFZwDd85vWcvMu5OyOAdTzqEs4ruR8/YRcdI8RlEJnqrxP8iKXCyNz6E8VuwY4a44HiIhKilv4r2sT3xlQd3AOWxqfWgdfcT1oXWkmDmf/ppzRaxFZoiU+5SKu9aJ6nrroZprTfh65eTa9elYjo1tqcxmtlXPDwPro5Lj/eRsumtxzAlU1AumcD5H83sWZfL6vNt/eLyTH/KVnf0i8CXJoxq2n/s6La8oM7ydv18s4iW5As3iOsv/ijmax685r1eS2PgHy3J9ziMuE+/hcb0PQ82/Uj3rbeKa073mxcMJTaScF0hGfMNrrPvNVSQ32LbSlEe33GfufhzOcc3mBQ8rHmrOtUZkpSMSs4Fzk/cdyUquEaXyNSSY2J+vLmC/mFdXwvv8ad4rXAO6zzXvmp/iJewX5U7kGpdFSCk/0+4gKfIMhWiMnKu5T3CuqTZOZb+m/p7EXCbxLyT+x/JvyCzf34lNPHd/aNS45or3gyVDYC9HIGx39z+cfzRDA2J+/JD8zQ0MpMmAq5YMgT2NQCAJxZ+ErVLgtcALwfnB557/eHC+d65gwt2790CPXrRGITkjty7toCMSxqsb2J4dGwKGgCFgCBgCew4Bv+LmFDj+Erq3wBF8K09FdMHDQKfz+Wb51yQPFtHq5H/A4g+B/S9hd6iMhUb5FNYFt21d7n2WW8RyI69l+XOpoOcD+1GZyhtPJetdWq1Qbu/jqZy1Ab5mmZUzgOzDKNPrC/vR+2oqX+1ppZHNvqxk3b9Tzlrf23t/sWYx0dv0UJYYdDvfch/JsVCB++gMEi8z+Qb/cMq/gcp0xhb5+ZQvS4mcCT6xRzxPS4d0KogDqXBSOZRiK6sSESVfUWYllcVjSSwkdfVZD8iSI3BcX3Fc/a8hVvye9Scgk9/dT/MPUQPgGDdS1iIq4EOIxwEc75rJVEZ5XlNG0qUtMOx+WmAMZ1FinfcWy1ORFekU3ppEBrE56AW2n8X+9GI9zsGQq9gecZ5zM9ujst75GOL9BcuyOS9GhAiswPOI/rR8SACOeIeWGj2pkD/HsbH86F/TwqM33WyKqBTf5bOUkZuJyAkFMh14Oef2VZYZTUsDKt4ix5jts67gN4qJV3TT60PraOmntG45gvWms5/nkiwZRMuLLOLM8bngppLhTyJiCr4Fss4LKMc5iU5jP6jki0jqRKy7nkAC4A0q6pR5HOcj61CSfPOBN/vQQuptYkxMIkbwQ+y3N96qjVwrHG+3I32WUR2J4TH/IqlAUD64kOPJYadYf6vE80hiFxbry9W3sBj9uG+N8fkO6yeSYyhnftKWmj1PJAHDflas5NxxfciCqIG4xQ1hXJR/sDzP13/AMSwmaZbLMdyx7X22+H0SdpxDub5obmQ51YOYfE7ZQ7hm2gxg/stsl99KztqH322J1cjrfGttwvHE6vyt7/OFlNuPMuJZtjif9Tmm5Na+oW+Yyz7xo/mI68A12o9r51nODdeC7vtctldGHFPVp1q1askQ2KcQCNudo+GfD6wsKsX3i/JQXlK+hZRuqhH+dkRER6Jndid0a5fcVAnLMwT2fgR4U9TQ3cdLIkpEkohMsWQIGAKGgCFgCOwIArvvF8MvSb9BUtbKp1CRGkkluYCKTgOVnmW0rqBSBCpL7agMOSsRKkAh1AaleEuRVfLKhbBc+oHMoGK4ib91IXys9N6kV1AR1FOmgmSuepGKNcmIdlTI66okgcnfFyl0emk2/U6W58NhLZ8JVU/K4I4mWYpGsXAaFUmltn185xUcF3U41FNuo/w2fAAlOSHLCimlieOoBGayOyy4//WuuttRRPWKp3Jo/ERn80QZTBUkFNjlrcbVvhvboIItyxINq6muV6xnGV5LGch/mNod4PvouGI1iZkNJBUuZd+opMpqQlhKmKw5Wg8jUdLFd542iK41POSOk45vYtFGzJWh88BnDPXFI8fqZpNY+T3xoQx1UsSW2pv/d5IkVHhDOrJ/7Fc1584lCWOidbhL/lMnzx17Gbza1Ppw6+hAjptji+8EjFA7fyKh8SLHxLnqeTH7w3Xlkn89iJAa/jiJkNtY7gVfuR4XUlkn/nzBSgaA4/GXLSWm0cxK7u4ToZgdSWNJuC31EU2yeEk7evvjBddk6lGcZxIUugeyTqF4Mgb6KGBtEdduIJa+Vtg+SR4PU1maxIzi+DJ4lX2Lac9rJfxwLQQmP4Q+jpC4Sa76l3I4lxYHEcqxRbRjDY5TFkGI2XKfCcf0sZTJNSurJ2Ht3Wfet9aMks4bSQu2Icg6HUpxHYnLFF6r5prOD7jPOT/qh4LYpp1Ii58JPE4DOvNeKOZ64WYdKJ7jc+XS3wG5ES16g2vmfvaZuOte8Det5i0ZAvsaAvpLvPsSb/y3Js/D9Pz1OCAjBWH0sfTu4eBGpCwuzC/Ah4tW4ZFzj0AUt+3VlsKWDIHdhYBcabbn5rW72thZOVr3La1POzsGK28IGAKGgCHw0yGgJyM5N/+oJMWMOhha+Z+z5Lax+H9UypjXYbjvjbFM9NuP871xrubxRmrkCVSGAoNmKpaClK/AcoWzyK1ksxwfKeV64GI5sEwEFUDpiz3PpxJKuaV5VNYWUnHtxUwlf18UI+Lry6lIP8G34+eQ1PgPzfw/9imEKqZ+e0nK2lYZ/gsiOsjpQISEYlyUrqTyy3NZq6zhOL66AhgVIH/GJyRkyK5oS+LqRSROitlfKovzX6Qckjn9zmL3iFn8/uzTZXRP4BimPwoc9hQVyQQfBoHjKl5ARZPWBs69l4qtYkYEJ8V3oEhUrPJdUayN+f9mjJAzaREynQQIlc/jOO72A+jacDXLkQzRvAnXyhXsF+dEsTWKl/kg0Nt/PTdLZmN7/nbrOQalCpIUUtKFj8ophbH/LjFPW83KrWXoHT4yQ32qIoaJWf4yXiWeBq4D1y/l+a+HUI7S9tZHXFfizPEkZwGH/B/7xLbncZ6/uZLWEL1960PkmEgAWbckd6G1BRXyxnJX+QiPDkOZx0WlGC5K0Ykk/fgtdxO5hciFp+ILlr2BZYgbSGqEkfhwqanxzieu7Fe81i8FydpI61KEguKLhGut8jw4bYUF5TryQv3nsYo7cjG4kuTy4/rFckqq58XgceNXn1lG8WxEvm11n5G4iM3kddYJTILCL85lu3tdDIYSL+qaZ2ESSSx0/7Ybu+U+1/0bQ7lyOcs4jGQWCbu4/lwTXO/aNnnRP7mu1/LvxH4+fL84nrtdXQiMe9EXy2T5e2yDfXL94JpsXGhs2BF+zLJkCOzFCOiu3C1J9whvb8zPXY1zR/bDYfv14UsB3w40jX9MvZbcH/dWWLZuI37/9P9IFPPO5XbALk6EV8a+DYFdRoC7EPHBQTsRGTGxyyBaRUPAEDAEDIGfGQHv2cqnG+opaxeT3n6LuJjON/ZL3qFyuZiKzkd8qz+OiupYKp0kCjJJVCx9mG/mO5PUoEK/6I/AWJZJ5qNizRJ+ikmedGK5Cyjj3q3LHfg+FSMSGVL8Nozn9bdJHvSjVUA7ujm8xYapvOV/SQKGhMURVFCVNBwNUH1TktVA7ufsw999Cr7ypRhTb220MqmhMusRAa6S/58QCqOuisl3Uqk7kDLYH+p+zpKlaJmvUKB8KYzqb9YYKu0PMK4FxxPLt+mTr6erx80ch8ZMokGBYnsRl+J1jEtBPLqeTEVxMMkE1g8e11HEVKRFGBvO/x/f5g+nsjuafdcgmVJ60DpgJONJ3Mi8Uo71Y7qQEKc+Z/nGpGKy9ln4LgmeV9kfzo36LFep0qkkfG5gu93odsPvDoeTZOCxXIbCOSf5xLjzwZyf9j5Lizn/IGnAOVvO+dNYFQ+DEDliwcUf0QkbzBxB5ZiH89mmgtvOe571o5l/DDODUi1xrGcZJW9enKUHz2tJUihA8DbrYyXH8ycSH+OJCxXud48CelxHt6hfkahJdMsCkZqogFS23Lc1b7egcgq6q0GEJ3O8/+V4iU/WUOLJ7G9uo8wzON5vSPbwvOvRvrVYtZQYuQXEzKbG+xzHSwLh0Gcpi32az3UwqSvrlHEOXmafO3KsWliBiX2oXUgsSCyoP4o/UkuCyUtqT+tUuk5gEqGgoLgbOCdLuD4yuDbqWM7FL/EXrMtnXWLpcLyQ5e4Ous/e9RUMlK05cEP091P3R81slmP73jzpWykxk3P7623v89Fch0ppJIcm8buB9dv2JJblxPQ7YkOsZb1TzjlUM7p3FKdEwW1reK74POpTzWrW1QTwWGRPLcs3JuZpDiwZAnsZAvw12L2pgfdCDIkPpRruXCNlNVhh1f0UziBB+mzljuC/j3x1eEv576mtyuze7pq0fRCBVnyq7Jrd2W0LHbz29sHh2pAMAUPAEDAE9lEE9LwUymeljdyCvoG7BLaSwrUrSTExulMpD6FiKqU2OoNxRe6n1ccpPOY1pdF3ATPSqTBTYQyjQjqECmTmQVSOqIx1vsynLIVE0ULjNpbj9cZyVDgzxzoRbieV6lU+Jb3bsbQioHI342HGmbiJ7VARG06CQLuEKHnWEB2G8S33LVSAn6ZyRqWsz1Ws/z4VSWph8WxH8SQi2G+9tc/6LZW43qwcpHRJoaUeivZU/ld+zjfz0XSp+dBnbaAYHfsFyV/Ba7Ig6UrSYfSjjCXxBpVYtrc/MRh8OQVRGdSuMSIv9Ca/7xkkkBZQQaTi2IV9PGwqx/XI1uNyMT6I1ZB7aLXzAuNPUJkUWaKHWU2kdrMZ8zfWY3uLnmR/uwFHT6AyTDyy2caGsynvTmJ5GvvwOIklKqxSnFkVbcZS0aUSr7f4nS5kG1ezWxxwK5Iggzkfi/9F8ot9UmyRUa9RPttfN41zfo7PpSKGGAi/7PM5jz0okH1SyhhFIoNEyzz2p4AKfBL7O/h3fEhneTXsPYjLGqITZSV2cdUgC4Xux5CQSuI55Xb+zfbXx37PkWDivCg2yaGvU8F+iuTUm5zT7sTjReI82CfTWw9pQ3xWJfPZp8ZyHE/aAF+5Iff78F0zhTFqrqDMrxgn5u8cw0PEuBPrso2MAzm/VPSzL/7h8Q66kn1pwzXyW8rnGshnnzqexHO2v2EmseCad8mPmSynMi8j+dWbucQllf2K4dw6TFkmhePadClhidhSTfMva5Sep3KN59O15UviOQbIYv+TOf9KDuPzuWY78DjWf5+13vo+yzrYV5bNNJJw8am8R47j2DVnTHJBa8V1oP64HZeOIPHG8SlpzYy6g2uQ93zg/Zt1iO96277sI/GQrOh0jqULycKT2dejfeNR30ZwPhf+gyTbWvb/eOZzXkX+iZDR34kUjUe4UFYE23OmLRKvTlsyBPY+BEKqq6t5B//45O5b/qG78vHXcGifTjiwXzdal4Vx949EhIfxR8CfXDn9zQgNQVFZFR5463PccPyBiI2JdrvlqJgsAhQIU0nKrnYK0U46Rpo4SPbafxSrQzvEaB4TEhIa5/uHBxTClyt1WLQ0162nrE4Zbl0ErwetFeUVFhUhPi4O4TsRaPiH+2AlDAFDwBAwBAyBnweBHf1d2/7voB71SChspbC08g/GewzUExrLyJVB1gzhiQHXVVflPYWnqXL+4tr1RS4FUsyUNlMBVQwMKWBSrJpKigEhy5UokiOuHZIOm9meU9bVtvccSYUssB9OCWWfpr9EBfBc4KxVVPKouMoqpdH9glW2K9+PQW2hr88iNBqT2lXycOK52tO5+tXcuLQriVwQFBw1OLl6RVQkiYeHkcqojt7QRwoDJbant/QfXMJD4vOrV0kglXNclKk3+45F8c9HcHvaSci1H8VygZgFHqsNf9JONbIEUNwKFzDGuxD4HYxHoKzAY9Vh2W3WkV9WPRVrERnhJAQa11hgOztQLni8ipcjElCkmtxJGlNwvzzZQeP11pHMcLQOI4WD5l31vbXnr+u+lC/sVSYYF51rnTRVT8UD74/g/jUhaxscJds/7zzytaV6XnvB7Qe24dVlme3KDe5DExgovou2SG7lX19OrNoPxqUZHNR1S4bATiIgTqCsvBxtWrduUhcMFuf9JpaUlLjNNaR/imfIz89HTk7ONi/WpUdq59Ps7GxkZWWhrKxsu38Rg9v6wXPdDsvZcGXOTPzrm/fxcZt4dO3WDSNHH4iktPao4xuRwKTbXDmHDO7hlFoNRp8wEivrCwqwavUa/tZuRlx8HDpndnLkSYMIE9ZROaVgZVl57or/enCZ7dVTflOyVN/S3omAb4XsnX23XhsChoAhYAgYAkKg8fkk4Llm15DR05OnTAVIkFwp/krumMpfFN86N57rIKhus+X+n72vANCrOLs+6+4az8bdlUCQBIJDCRKCU6BQrEApFGgLfKUtH/0/aGmR4u4UC04IECXurhvf3WQl6/afM+/O5u6b3WQ3LjPJvu99546eOzN3njPPPMPgRoBSPDoTloK9TjKp/V2Tn8+HnyoDV91tvmYmR6KhNpi33N7r2gQ4oaSwTDkXFWWMR6InmH+1ddtd+potMCNpFtS6Gr9aksTeEElSc72negWRCKjP1cbjqr2ct4yKY+MZf+XHvyqSVyIzZDDUaHx445lUdsYzP1n+WsJAdfFi5r2uiau8tHVIf3K1ZfL93PnJstRx3rQ817bs9nma34oo8JQXSaJauyl1EvT82EM4i5NiKH2RUtKEsL9tm65Td99tE77e+jIdiUV1CDNPvWqi+768/v64+P+uE7Fu/9ilfJ64u8XRm6Zw3V15vPcYdo/pespgsvHGr8m3zrPlfdsvdlsOb5ndtUPgyEHAp76xD+XVi1xaIFu2bMGrr7+BjJR43HXdlUZT5KdJU/DrB/+GmC4D0btrF9NBLSmhrpiZV8ithKV4884xCCVJ4ksrBBMnT8ELr7+Hs049GfMXLUZCfCzuves3iI7yvXzCwsKojlppjmCNjIzET5MmIywsHIMG9DNsUAA1GKTFoD+xQ3JKW5oGYpN0Iokp89atmDR1Oi449yyTnsI4d3QgUDtuHx3VcbVwCDgEHAIOgWMZgVrhbz+D4E239rpmLlT72y/PWv+Gwtm5FN/EJqz9zXRq43rTtG9shdO1/e0N08C1DdpxBLdz/MDtEPWRMjZQfel77ykP/bZ+DeRpginM7upl8/JLo0E8vOnx2uIkDZKhf2VWXF6sNZbJtO392uS9+fmlVRumgYs6ZfLk3UDwPXrXlq0Gn9rfillTttri6nd9bk/hahOowaImLyVVJ7960m6wvrYsnrTrib7vXrasNr8GUqytR0342t8NhG+sd206+5LuvsRtbEFdOIfA4YHAfiNLFpLUKKVazJ133Ib05i1QSa2Q5mmpPKq+ENMWrsSZvTuQIKdqC+2YaLCUsbIFG3OwbFM2x7W6A0YpCZSxF56Lqy67FMXFJTjrkiswc/YcnHrKycjNzcOixUuRnJyIZunphgyZNn0mWrZojp7du1I1p9Bs+8mn2syOHUXGdoXSFzmyYeNGZHPfb6cO7UmuhGHpshX4ecYsnHj8UJI7kSbM4fFYXCkcAg4Bh4BDwCHgEHAIHAoE6s7JGi5BQ+H8/f1/N5RiY8N549fEkVFa/VnnN6/0ee8u/d3ds4n6f+8uzt7cqyeONEtS+/plXE+4XQie+sL4JVPnZ1PD14ncwI+G0qR/Q7fqpLS7cP4J+P+uk1A9P3YXfnf36kmqyV5NTb+p4RtboH1Jd1/iNrZ8LpxD4PBAYJ/JEluNgrxc7IhMwsICqmPlFiIyJBALt5MYScnAklXj8Y/PpyCTNkpO7dTSaHmIkI+KCsd1IwYiNCS4zrHB0gjJ3c70SL4sWbYcXTu0Q9fOnbF+w0Y89NfH0LljeyxYtBRXX3YJkpIS8dk3E9C5XRvEx8UhkIbQ/vPyGxjcvy+mkgg569RTcO1Vl+PTz7/EDxOnoEO7tvju+x9xxaUX46tvx2PF6jV47a13MebCC5CWmmL2M/mTN7aO7tsh4BBwCDgEHAIOAYfAEYWAtBKOesdJpd1eoLoasuQoEejs8xNx4pxDwCHgEHAIHFQE9htZEkyDrU/P3IKnYxdj9sW90DopGrdMWIFZE5fifwZ1Q7eRgzF3zWY8dNnp1DqpNFbdte1FrzL/7S/h4eH49OvxKOZ2mW9/mIQBfXoiNSUZTz7zHIYO7G/Ij7nzF+D3D/0Fb7/0LEYMH4r+vXvh9NNGYtwXX6EZNVruuv1mSNvlr//vnzhj1Eg8/cKruObyS9Cja1fc+cBDGDJoAM4/5yx8NO4L3PKr61UKsxXHESUHtf25zBwCDgGHgEPAIeAQOCAIWFX5Y0TIPkq4kV2agiNJdoHEeTgEHAIOgYOFwH4jSyp5ZvC5neJx2YgO2Lx6ObavqcSf+rbCtPIW+HbcFEwPnoPluTsQHPgVjRsFYsywXmifnoiyispdtuEUFxfjkvPPxi+vvgK3//pX+Mtjj+OjT8ehsLAIA/r2MdhktG2DBFq0zePpKqG0RWJPz5ER2NbckhPIVYXEhHikJCVgO7VUkhPjERsdhTVr1+DW667iVpx2PF2FVnAZN4SaLbKu65xDwCHgEHAIOAQcAg6BIx4BLkZVy0BpWQGwfdWe7Tgc8RWuqYDhh1h3bcnR6TvOFt3R8mRdPRwCDoFjHAEpNBgFi4M8ru83siQxJQWJ+evQN7oUb302HvMXLsSDD9yHFflr0ad7Nxw3rIchRUppsySQRlbDQrX1pv6nXkWVQ5EXPiOuZYYQiYyIMKfiTJwyFSeeMAzzFyxCPrfpJCcmooQaKDsKeeQaXTXJkuJSHstFV8UTeAoKCpFCrRTh2rZNG3Tu1BGbNm9GIuNVViwzxw8VFRUZw6/a/uOcQ8Ah4BBwCDgEHAIOgSMbARrf50IQctYB35zKwzLasTqadBl93prvI7uGO0vvV6/K1Qg4/TuSJT2OHZJoJxjuyiHgEHAIHLUIGOWIem1SHbgq7zNZIpZHxEaf3r3xTkQkNTfW4corrkBhUSFKeRLNzDnz8cjDD6JtRgaJjJ1aJBUVFdyOw6OA66lwQnwC3vrwVaxZl4lNW7PQvUsnnDj8eJTQ2OsTTz2L3z3wIHLz8nHfnbchgiTK8UMG45HH/2UIkeioSMRE+44/08k3UVER5hSd2266Dg8/+n9o2TwdRUzn3jtvRfduXfDGux/gj39+FHfddhPSU1NRznLVV6YD9whcyoccAa3ANcRScl4Z4FRgD/kjcgVwCDgEHAIOgcYjoHfauo1bEZefg4TgjtTojecKko6f1WKSFoYaWK1qfBaHUUjVR6fFhLNqnP8FBGFbVjaKqrYjsFL1PVr35xxGj8AVxSHgEHAIHGAEJJ+XkXOIjow4wDnVTX6/kCUiPWJiYtC2dWusX78RAwYMQAK3wPw8fTri4+ORTK0TESdVPO7XEhH221scaXboWN8RJ5+I4ccfZwRYhYvikcF68UeEh+GP9/6WJ+LkIoKn14gYUfgThg3Fuz17IDQ0lNtxgjBs6GDjn5iYgL88+IDJsz+37zzzxP8aTRIZglVYpfn//vqwIXt0LHGFp3zecrnroxkBThjZxuprj0dzrV3dHAIOAYeAQ+DoRUD0QCy3KkdWRpIXqTRESXXv21GV1AU8ptC8946a2muxIzgMgTlLEDD3H6xvFSI5pwuJi0VABed69SzKHTV1dxVxCAgB9YED7Vw/OtAIu/T3gIBMbIhPqKa8fjDdPpMlKqxeytoy069fX7z3/oeY8MMEI3yq64445RRzrTCN3eYiFZsQ2hKxTmnblX8JtclJSeb0nLKycl8+HCTi4+NMGBtO3worY7FVJHPKCK6uI0myKD1ptui+tvcE1PjZ/Nz3MYKAXi7qePmbkbNqFsqpcVR3Aaoa0cktkdhuAI+95ilPzjkEHAIOAYeAQ+BIQIDvtoiIcIQVhflKS40SESWVqd3Ma86KVlbnwn5bf31bvyOhurbcQUZzJoBbvbl4FhaEgBBqmzjt0CPhEboy7g0CknW40CzdqgPtdKaWTB1o3uycQ+DgIyC5PpBmMwJRtMNneuNglWG/kCUqrMiJE44/HoMHDTLkhPxERoj00HYYS2LIf09OYf3DKy3r7FYZr58lP2wY+y2iRE5hdS2iRNc2rvyUl/1t47nvox8B+9xFlOQsfBUJHc/zbRWjenJAYAhKCjZi68ZvEUbDwNHp3PvsnEPAIeAQcAg4BI4EBMgeVNEwXDX/fLMnflKjxFyXl3LxitO/QM6LpPVLW3LV5nhazo04EQ0KCUUgF62qKyuOhJqaVfUAltlozNTUtorzOs3+Aoxwd2RUw5XSIdAUBDSH1SJ0Me0ubs/Na0rUvQqbwEVpswBdI0ftVSIukkNgHxAICKgy77V9SGKvou43skS5i3CQDRFLPKgjmz8REtofW7NU4bu/k/xoaslt+t549fl579vr+sLV52fDu++jHwFplIgoaTno0l0qm7XwMyz/4l6Ex3fnPU08qxDbojvSep+PkIgE48eWXycem73xN+1KE1bGk+rYoXaaPNpyeK/rK5fqYIssQ8ycUzvnEHAIOAQcAkcSAv7jNgd1vZ6kKVnFfd/5y5Yjd9YclNA2XCVJkwAO9CHUtI1sl4GEfn0Q0azZEVJb36JY7UurptT+1T9CKuOKeQQgINlGcz87TzoURRZRogXgrKwcpCYn0qAzNfJ9E9D9WxxWsoLjxVbm05x2H5u6AL4vhfHhrPmo6837gqOLu28I7FeyREWxmhw7i8VVjaBgBHGVQm1d/Vgvad8qxs5Q7sohcMgQULuk8eESts2vF67HN0s3o3NqDE7r1gpRaUOQcUpzVFX4jpaurizFhp+fQUzLAYhrmWDIQO8gvpNk4IodKySSIZAvVL1WyyuqEBp84JQlRYBUktkI4cpgGfPSt32/qFyWKFFZ7HVDmNt4uu+IkoZQcv4OAYeAQ+AIQoAvAokclVyJzpo4GQULFyOmezek0IB+CO3LVXN7cvGmzcidMxfr334faWecitgutHGy88VmKlt3nucTGL3vwfoQcUJPfag4v6YioHZm21JT4+7P8CGUaYz2kjSXDpETFjJHEBYWamw7HshiaFtbWMEOk19kJLXONCYcBCdiRvPVSs7RD1KWDdbqcGl7DRbQ3ThgCOx3smSXknJ/UdmOLORlzud3HsJiEhDXupdZla+W0TG/Vfld4jsPh8DBQICD8edLsvD1qiwsyS1GBQfo2d8vQuu4SNx1Sj9Ee0yWbJn3EQk/Gsjzc3p5aDDdvL0Eb3yXiakbi5EWEYQrj09Dq/QY/P61JXj2pp4ICwk0amSBZCGshofvJeCLb9NR8rrPqWgt6WGzLKuoxv2vL8FFQ9IwqEui8Z67Oh8vTNiIRy/rhDueXYBHr+2KhOjQ2jzmrMjF419mglFxfq8EjB7e0hAhUtX2lqW4tBLrckrQqRnt+3AesGxTITqmR5p9guf93xzcdlIznNo/jQaRqxDElQ1NvqU5prrb+ogdqmTZfaSMrZev9AzmnEPAIeAQcAgcTAS4zSaA77Wq8mpsnfAjdixbiea/OA9Rbdto2daM3ypOaHISYjp1QNakKdjyxde0+RGK2I4djFalLW6Yx6ac/CQuNrQV2saR0BPEfMq5Eu6cQ2BvEVA707xCdjoOhdM8R9ocazZsRExsHOJionYphuZwXjJBcfR3QJyZgPmIC+/ccW/yEglaX1lr09VEdS+qYcnV+uxW7i5PjRnbtm83J5imJCcjlEehe3HdmzrubRzlq+euMtXnbB3tPS+Oiqu/+upvw9f3bevalLazt3k1lP/elNumtbuy7K5uDbUJm+6h+D6Ao40EpCBUFOciZ8H7KMochyBsR/7yt5A1712Ul+SZ+xKznHMIHEoE1AkKyyrx48osnNYmCWe1T8Gq7YWYvCkfi0mcTMvcBhTvQOWmTKqHlKJaE0W/AdO8Q/gy3ESipNlDs1DE9O45szVGdI3H1/O2Ia+oHOuzS2v32omckLMaHnqP2gHRftv73nesiA256Uu34e9vr8dr328wE1X5FTPP5dklZo965tZio2Uif+WRXVCGC59djMuGpODmEc1J6JSitNw3afUvy7rsYvzjq3WmPMFBAbjnjWUIoUaMivy701qgUwvf5CDYaq7UlN0Mqraw9AtihLr1MnPyQ746IEyccwg4BBwCxw4CvveG3i3aelMwbz6an38OorndxjhtlaYgYE4Y4HVgWBhSTxiGmG5dkfXteFQUFNRCpYnsLGqe/DBxEr7/8SdMmzET2dnZ1Jqsu/ZmJ8r6Dub7csPGjfhuwg+16ey8X+tlBAr5e50N5/Vz18cuAsXFXMyqOaBBKFTyWr+tk42ecmqv+wuv9n5D30rDm05D4eSvtJevXIXs3Pxdgqm9qi+IULR/OrTCv13vEvEQe6h8EuY1RuzPsio9i4N/FZWP7gmv+vIUuZqTk4OVazI5X+WhHEzAb3jwT9I8w8Y+RxtZJIji2DLoW79tG1IdFKakRMeQ7+q8dbR1leaR0tGfbQ+7xty9j+I1RM7UF3Nf8vJPT3VXu1V99sYpfkP1tuW0GHnT173dtQlv2IN5Xffttj9z5vtOhsKKslejOGcp2o18AKHR6SjcMgTrJj1Jv6EIbd2fqxy+U2n2Z9YuLYdAUxGoYMcWcSfiJCEyDKd3SkO72DDMWbIKhWtWonTJWhS9829EXnsPQvI5YPL4arTeSXD4SL8AvPLVWtzTIxZ/GEvVZboBHeLxC36vzylGFUf6kOAAFFFz4/Vv12LJlhKM6J6AswY3wwYSFO/8uAEL6Hc5CY1T+qbh27lZyN1Rjikr8nD58ObomxFn0tTH6z9swPN3dMIns3OweG0+ureJNfciqbWiN0o4v0lV1IbPIVmysrgK/TsnIikmFMd1SzL3dhRX4K3xmVi0pRijeibipH5pePv7TMxfXUDtmHUoJMmzhSTPC1+sRgTTjAoPQs928VjAPBesyUNOQQUWbyrCbWe0RqeWMYyXh+fHb0BqdDC3MoVjQNcksyXo+W/XIyIsEFed3BLt0nUUuI84qS2gu3AIOAQcAg6BA4QAB9ygMFSWliJv7nLE9e1jNErMyRbKkcKA18lfhEk8TzgsXpeJPG7XSRwyCAEcuCVEPP7Pf6Nb185o2bIFcrK34T/Pv4TRvzgXp486zQgVmvBqoq33qTRJlPqWLVvw6Wef8yCAYUYgs5om0kCUcBtONf8JP000du8GD+hP4ch32qEm1IrvNFK8T+jYvTYttaa9qi2WUoDVNn9LSJSWlRoCJZz2E027Zvvak1P7K2PfkM0PpdMYp60vWjDyOtvulyxbhqVLlhhN25iYGPTt2xdJCQmcC+0kdRRPQrZ1iivn9dNasrR2d/E3Pvv3Q/kuXLQYETw1tB1JVJWnTlkakZ23DrpWHy8lrp9/841Ja9Tpp3PRjZrV0nJjfhKmZ86ebU4l7crtfsLHP0+lERoastN/J2T1lsgQH3ye1Ry/vKeq1hu4xlNlFRESyjFIf/qtE1SVlQzaSiOvIaf6FBUXYdrUqZwvFxmCJZ5bGrt164a0lBTz9FauXo2FCxdi1KhRBhMvCaN0lZ/qrW85kVZq2++/9x6G8eCUVi1bcoxk26mpuzesxUtxNVYuXLwYmZmZGDFihEnLpqkfNqyud/r7FjXlZ53KJ8Jiy9atWMT0jjvuOFPunXFsyPq/FU7xFy9diqLCQvTt18+8FxRa9/Tcp/78s8G2T69edZ57Y9pE/bkeWN+6Pb2mIg1l2VigdsanNfJyCpbVNBoWEW+8Q2PS+M7mMb+VtAHRQKNXPvXlpWYkNX97X9/2t83T+JFZtmGsf1O/bWNuajwX/shDQO0qPiIUkdSEyMwrRgQJjWCeFBBcmIeMqe+j93cvoGL1UoQMOQPls6Ygfs5aBE6biuq87YzpG+A0CIlu+WTFDozsl2JAKOc2FdkQkWNTNRNHDon4n7eWYuHmEtx4Vls8NX4Tpi7OQXZeKTpy28utp7bEiBdXYEt+OeYs3Y6L3lmN4V0S0CyBxx/SSQtkzZZCTN9Qgl+OaoPR/RLx8ZRN5p4+arIz+dV6Mu9OzaPx52HJSL5jGu59aRFWbNxhbv/xDZWlGDed2RZPj9+IyQuykZ4YjkpOAlo1i0YkCaMS9tMWqZFIT4/G+W+sxeLMAmRtK8alL6xC7/ZxaB0filtfXYbi8ipc/swijDkuDX3bxeKiV9eguLIalz/Fl0SfZPxiSHotHrVlcxcOAYeAQ8AhcGAR0GsogDYWaHurJCsbMZ07mW0Mem9pO4P/X6CEA760wpMSEZnRFoVrqWmoJPTHODE8Ie6i0RfgikvH4PZbf40/3HcP/vPCy5hFwSeEcSVw5vJ0Dq2+S1iSC6LtuoQE2kVhugpTyEn0spUrzbfsIZRzgr6Iwpq0VAzBwnw0+d9EkmU181fuTVVjNxm7j6MSAQmTJVbLhDVUu1Jb05+ujXjB7z05ESUSlJWeibOnCDX3pcGyS/L0kFD15Zdf4uorr8SG9dT+ffVVDBk8GMtWrDBCohH+2a71beUU9SkJifozfZK/dS+Q8zD5WSKokUXbq2DffjcePWi/aPqMGSa+8m+KU3hvHfRbmiEvv/wynn/uOcTJJhL99E91lLbZp+PGYQAF6Z8pOMvVmyeLUa9/A4XTMzRtg89Uz7YxTnGqajRHFEflU55qSyX8k5xZn1MYzcnz8vJw6siR+GHCBEOSvfXmmxjQvz8+Y/2U9qpVq/DwQw+ZcikdL04Gi5rnbp+1woj0+fWvf21IZqXh3xY0NqoNGVdTPIVbMH8+nnnmGeMtjDVmKl2Ftzjq25ZBx/B6x1XdE9GxavVqnHbqqbh0zBhf3zCY+LLb3adNe+LkyehGAuzDDz+sDa57yquIz+Z/Hn7YkCW6KX+5RrcJE/rgfuxCoYZwT1glhTxbeG9xdE8kgt0K4L1nr3fGM10CYbFpbITF2LLgQyS2GYbs5eOZNlmr2FRjVNO7+q00FF/56MVoG61NWyxucLBPJUjh1Mjk1DHUsOQ0qFhmWGHsPRvWBNrDh8LqVB/l70iTPYB1FNzW895WVIYCsh0jaNh1eKdmeHP+Jnw5aymuC61ESvM2QFIqAqOiubxVhiju4a7iGd86VtHXAn0g6Dqc21ZkyNU49f+aAPoK41aWHdTUmLAoD2f0TcQUEhNRAdXYsrkQ553cmqsaQYbEaB8ZhM25JRwcA/DO+a1w3uB0k5y1LfLtzK3YTBJiMsmUrUWVuH9yNn53SWeEsn/UN6ib03hYkPsv7YxfDGuGd75fj9OeWIDv7uqF2SvzcRI1SqYuzGZHog2Ssgr075SAn9YUYni3RGTlReGlCZtwOm2UyF1KrRkZqS1m3W4/KQXHd01Ex+ZR+HrBXFpLr8SgZhFGAyWHE4lfDkxA1xbROLFdNJ6jZsmtp7dEnwwfkVTTdU2a7sMh4BBwCDgEDjACHHSlMVLJiWoY9/8Xb9qEDR9+bISEujkrXCWi2rRGS9o0CY6LRSG1Szjh0gTNBK1kOlrBlyvlCmzb1q1w5WVj8NXX32EAV9EnT5mKL7/6Bm3ov5H53HbLzWZeJ8EjlBPxBYsW4c133kP7jLZYszYTN1x/LU/0yML4H35CBvPdTILkMhIx777/ASftaxEZGWFWfK+56oqDIjiairmPwxYBzesl3OpbRJ/m+tIEkJaJr4U2rugVIg8ZR1t59s4Gil9uNRMbzSn/ROH4lptvNuV5mILh66+9ZgTm7bTBsZFb0tq0aQNpndiyLyaZEhcXh2T2TflFUQbZQU0FCdrp6ek87SZ5v2tXKR+V9fMvvsTb732A3/7u3sYB5xdKaUjQzdywATt27KBmSjsjcOeSRJB2xB//9CcMp4aEtMWUpwT19ylEv/zii7jxxhv3Enu/Qnh/sjx6pnq2vKyVG71BvNfmKSqOCBMScGHSJuFv+UvjSNe1xIQ3Ys217g8ZOhR3/+53aJaWZuL9PH06hgwaZMa64cOHG9IgjNouIgukaSL5sm3bthxTgYIdBebZL16+HImJiUYjRaPrYMYXrnLCNXPdOp5G1BxJDLNx82Zj1DcqitviWcey0jJs37YNp1F7ZfiJJxqcs7mFSW1sOfNT21I7kkyruqxhWkrTlIHpS6NGTqTKWt677LLLIE2g1YyrZyYXwHysk99Of2mncMGYaYto+fGnn/D73/8ev7njjtp0FU/hg1n/ScSmFzVKunTqVKttJQL9gLYJW/C9/K4lS4SBXoCbNucQ1FiI6bdA2LQ3bd6CaAqMUVERuxAmgpIEmwFaoKnRlVeUITKxNYK6XIjPf3oIbWe9h/TUzkjreRnC4pobYdOLvgGSD2rDxs3mpdy8eTMzGMpfD3fbtlzzgNXYpF6lgVKqSW1at0Rykm9bwRYegbeJ1tyl5hUVGUn1pRamsWggtc7WS+X0XddVQ5J16Vlz5qEzjZxFsyFaIkbxFUfOm4bxaMDP3nPfhy8CsunxzUJutckYhE5pccgpLMMXC9fi+rIN6JjRBgGpLVC1YS2qc8NQXVaC4A7duK9mDUqn/YiI0y+oGSR8DPMlPePxEjU0zhjUjH3Bp7hVSo2LcpIbkSG+dhYWGojLuK2mfYsYXHZiSw7kgXj845XYnl+Gk3qnIDKUbDDh0jGO1p5IBePLfkgprbO+PyMbt/aJx7wV25FIA7LdwwMxg9opsdQCsTZQQqkdY538ylgGpdetdSweuqobPrr/Z6zLKkZSdAjGsiwduYVmDA2+hnKrzadTNyG8Jr7soNSMkyY5aY/IqRvYPlBJkiWSZQsLC+ZWnCj8/YtMnNI5Do9e6duK9Nh1PTCP23N++8pSXL25CGNHtjHjh62bSdB9OAQcAg4Bh8ABRoADN+dPOpEwODoGicOGmnF859vCl73G9hBqj8i/uoLbaDRh974I6G/nQrbAqamp+HnGLORQGHz2uRepcXIT+pM4efHlV40w1o9HEQdTu0SEyb+feQ7nn3s2Ro0cgc8oqL362pv4/T2/5SpzX67I9sXIk0/CrLnz8NEn4/D43//Gd1ss/vzXR7kCPYNC13FG6PKuhtoyuO9jAwH/tqcJiX8bbhwSexfLpm3nQPa3/RaRY+diykEEyGYKt9//8AMefvBBpHB7RgE1q1566SUSgZG4k0KlZJQikiMrSJr8+6mn0IzHdt/5m9+gV+/emDd3Lu6h8DmUGir1bVWx+e7td8+ePbht4xR88OF/IZswe+P+9a9/GY2aNJIFSuPxJ57A1ClT8P348UaDYDq1R2697TZDFmgW2adPH7z59tv44H3atCQWu3Uae+z4I2GzSY+tSYFNMfxj7NLe6imsiBmj1cR75ZRNBw8caJ7ZpIkTDTHyxz/+ER988IEhzb7++mtDdPSjVs0Fo0fjl9dcg44kDkSk/fjjj3if4Xr06GHstYi4WcAtPCKVRLDNpvbeV4w/adIk/MSw/3zySaPB89Tzz5tF/nbt2+OTjz/GX/76V0PWJVE2zsvPx/hvv8UH//0vjhsyBC9T20lEVafOnTGXbeucc87Bb+++28jZWnCNJsHyNp+NthXdJDJLE36PU7sX4WWdnqchLhlOj6dN27ZGq2YKtUtUV8VWHJvO59S4OfOss0x069/kNmFiH7yPnbVlJSvYwX+eORuJVJUcwBebVgDsYLB81WrMmDUHp/CIuZiYaBIIPlUlFVXgBFMQK+Kq9JatuSgh2ZAUF40UWokOCQ1HEYmRXxZvxB+an4JbhvwK0dGpjCFxUDF3OuUlrZDvf/iRqxXluOHaq0wjE+MlskQs2Qd8eeohTZjyM4bypSotlUtGn2+YOKmOTuKKxn9efQtnjDgJOWTZVnJV4rorx+KUk4abtPSwxO4pLw1OYtHUOMSIyS+c9/JpzOyJp/6Dh+67G3HtfcyvyqDGIOJE4fRbaSkN/da14iothZOfc0cIAiQAJ2dV4LyhMWyzEfhoYSbKV09Ci1l3I+CcfwAxVB8M2YSoS6/Djhf5OzLaHLFY8u5TCB9xDgJMW/DV9dKRrfHfOdtw8aOzMHZoCtZklWDm+iLcfnZbzMwqRXRkCC4YlIw/vr0CvxrVCtOX5eLkvin4itomF/ZPQhTteszfUIwyambkFlYggWSInK89BeDrGZuxrLASX47p7MuQn/FRIXj0k7X4zbltsZo2RBgV87PLTFu0gabSIOxd767GvSPTaW+EbDKP9xnWPQlzV+biwXdW4EaWZeISbvsZ1hxtaVPkhTdX46xJG9CrfTzyadfkP+NWYcTAdOSWckWRhElxWRU25Pv23yq/H5mfNNKW0/ZJDrVdNheU48fZm3Fcz1R8PX0zetJ2S8e0iFryx5bLfTsEHAIOAYfAQUCAcyWpcodwAagocz3iabckmX+7c+WcLJdSyyOMJ+T4OzNnoqe+5XJpxyuZK546vUKq3fPmL8BsGoItKNBKc1uu+peaI06lsl7BRa611Fb5z4svaZ5MNwAAQABJREFUcw5Vau7rHSetYitkysaJVk2//PobsyiWSJsP0SRwnHMISB7QgqmZu3NOrvl3COdh+i2BtbFO8oZsUkjQFcHRVKdpvmb6dUVJn52L8d99hy60W7GYWlR3kPSYTaFUgqtWz2W/5JxzzzWCqojABQsWGGJhPr/Hjh2L3iRIfnnttRh52mm4mVsxvmVav/3tXfjuu/H7VbNKuKnfySaGXAFlH9ksaayzmgRTpk3D3b/9rdFISCNp+qeHHsQzTz+DB/7wAEZyK8cdd96JkbShUUaSVk4ykrRPJAXmU5CXJv/unMV5d2Hq3GME2bHRs7U7Derc9/thnp/ikEiWrRu1L5VV/pIXJe95F839otf+FJ6KY8Iy/74khLTFqDuJD/mJRLrqyivxBbdpnU4NEGnaaDzU1qff33+/IcP+wy1LTzz+OJ559llDpElDJpnk2rvU0GlOzZD7HngAXzH+hRddhEsvuQR3EXdpjDzyyCOYMXOmaW87CndwrA/C/Hnz8LdHH8W5JEOUnrSbZD/n5ltvxVySLh34DKT1cjy1fmQzSuWRkxaK2qjabB1Z1rR3jtOs26o1a7CctnmEb/fu3ZFKkkzPVURRS7YnbcGSLC0sjWNcnWYkjZa1a9diwIABVGb3bcvR/aa2CV+iB++zliwRIGE0ojOwX2/8MIn2GFixQf25EkAglq1Yiemz51C9sg9S+dBUKTUKOQ0UAiW3qBTjZi/DDys2cPW7Em3iI3F2vzZ8uVVi4ppp1BFaR9WhtkiIa2HUo/iKZcy6Gh1KT04N1q46C+iVq1abPNu3z8BfH3zAqA6tXvs73HLjL9GSKklSZ5IqqDqcVKbGXnAurr3qckNkrFi1CpffdCdeYrl79+pBQzzFZOkWmU7ULqOtUfeUBopeysJA2jMahB/54++RlsotA6ybXvZraTCnebN0o/6kuq9avcawwJ06djAYVbDOczk5UBmkzeJWPcyjPLw/atpwcUJnBLevQi9uwdEWk/E8Pvj8YYOR2vd1VHEwCEzhFhRqlOx44R88RpFdprgQAVUViPzlvYYoUSV9Lx0gNjwYH/yuH76bThXnrUVIjAnB3y7vZI7wffritpwIArec0x7tpm7EvOW5aJMUzq0qMXjq6k4YR9sjG2no9cc7uqJFfBi336SRPPENNDpZRq5ZXCg+ut5HlFRS2ySIGh0jaJQ1JjSAcULxT27bkXHXf43NQDTLYp0Muj5+cTXzpB2W1AjceG47SHnk1+e0Q7ufN2Euy9KJ/unMNyoiGB9f0oZbcMqQzN//uqoT7apsMy+2/zmrFdoyXHlCGH5DkkYuLjIYn17TgbZUirCDRMq/rurM1Y8qdHtiPt5jX+7cKhrfz9qK03on4XRq3MjZ/m1+uA+HgEPAIeAQOHAI6F1XVYbAUI7v1JbMmzefdks60wgiNYglJJp3od4xmtHpi5NYTp61/aZozTo0O/sMMz/yvYV8252lZazfkRRIckiUvPn2e7jlphtolyTBpHLB+echnoKgDLhqjjibeeo9qZV0zY9GnTYSbTipVo7SatY9LT4Zw5xKl+HS01Jx9eWX8RfDMB0JZ7Jn4uZXBpJj8kPtRXN1S3Rozq92q/YjwVZOAmZNSza/d/dhjYBarYDdhfW/xyxNH/D3l6C6msKkSBBpp2vbWfeuXc22mm9p7FRaJutpz0SyS6eOHY1w+l9qA8yisHvFFVeY9r2OQqWMxP7hD38w4UacMsII3I0R/v3Ls7vfwk2CvGQtXVvyc3dxau/VgKytGrfdfjukXSY3csRI/PnPfzb9WbKVnosdO3S/tq9zjDF58nnu1nkj7zagbwQTUaI87bPdQxTTVlR/EW6GhKsZj6TVoXQ03gijOsSBf6I145PGKavntJI2mdq2bVtLyIm80XO++uqrcfbZ5+Dee+9BPMfLnj17ojPHY7levXobrQ61R+WtfLW1Z9wXX+Bzbt9aQZlEOyk0tv7+vvvwHTVG2nfogNNIrLVq0cK0oTCO87KpIxKlA9uXnLQ9JtCmioif33O70HvvvmvuxcTGGK0WPQE9CznTHlhnW1+1CXPN20pXoTZyy9XHrEskn286taDSWUY5paF2HcR8dK2tn4bUJFkvp/Z/Kgk0bTMTOWPHcoU1439NPMU5nNxOaYqlUtnECp5I1cwfJ0/D5GkzEB8fi4VLlhqipHOH9ruUXcCFRIRg9vwVeGnGUtxxcj+0TI7HyxNm4vJ336BWyffYUjSJCLbCvM0LsHjrEnRL7ciXZ5ABsIKr0f7OZ+3E99CefOY5EhpZ1NrwNeLf/uYWX+divqaFs9D2gdp07G+ROjIwc+s1Y42V9S5dOuHvTzxJ42QxEPN2/NAhyMrOZvpbcduvf8VtPtvxp788hjtuvgHPvvgKHrjnLrMH738efRz9+/Q0Bstuvel6jJ/wIxYsXkptlmQenzfZaMA8T1VTETbFZKhPPfkkqmD1J4tIuxM1Qq4tm/s+fBAwgwOLsyY3GGlJzdEyKRKz12+jwF+N4QOHIbG4A/ImfY9gDgYhvQeTxaOmVV42KpcvRFVpMUK69/VVRh2HHZ3/TR+K4jabc4e12KWiowY3r/U7e+jOa3m2ozHVWy/wDWo2kIgLOSWvdqRvnS5j/USUqA4iK04d5EuvAw25yo2o+W1+8EOaX8f3oI0R/lmn9OR/9pC6ZdF9b/mHkGjRn1wGDb1a16bmVJsYasucwNN7Mkn0bC6qwrQFWYZ0uoa2Sobw9J2WyREY1GXXlUmbjvt2CDgEHAIOgQOJAF9OVZyY0uZbAhfENr61ANmTpyDlhGHm1BtzbDBfCGaSz0myJrDF3M6czaOBw1u1MEcMm3mVeQ9VmznTp5+NQ/v27cy86adJk3HayFMwcOAAI3QdN3gQ/vGvp3AqVfvnkiQZOmSwSTNzw0bOv6JpOPAU/OPJpzD6/HOxYqVsMqSZLTmacH827nMzWe/evRvtnnyNFzi30qKUNFXOOH0U2rVtc0C2IhxI9F3a+w8BCbVWwJJgq2t7qpMELgmYFQyj68Y6pdOU8HtKV7ZTRHrczm0n1kkwvIdCqjQqxtIehLbbSDiUsClicBMF4UHcZnPGGWeYskhYlPbAiSecYJaW7SK1lW9suvv6rfSEqZzKoR0Fco3CowZi9ellFOIt4jpFRdoQInbMs9Jk0+OUpyUytFgdShJBrqE8la5Ne+eFibLLh+qiv6aQSspXxIjFQYmKVFDZfTZxfGXz3vfPOIoYSEtIxHAQ5dXlJEruJ5kxj4SZyAdLwpxPjaIzzzwTr1HLQ9pDb7z1lrlv08vKzjLkmcqv05mUp7Y06YSb391zj9FOkXFsObWjC7mNR1ufHnr4YeMnbBVXzV/xy9nG5IwWkOrEGyrnChE5GRl4+pln0YJkh3d7l/AQ3rJ3ojYRwzYqpzDCRIT1UJ6Qc9ywYcZfbdUa5ZaHeeb8FlEWwfjCROS7bPB8Q7Lk0f/9XxPP+7yb2iZMAgfxow5ZonxVaWlUnHT8EHz/0xRjGOaEoYPRsV1GA8VSJwjEtpztOK8zjVH299kpCBsxCN8+tQDDMwaja4+LsDRnNV5c8w+EBMZiaLMLOLhFo21KFPq1SuDpI2TtPH1JhiyjoiJ5BNIS/DxrLl789xNsaMG4+sbbMHXadJxAMqeCxjXFlnii7VI+gS+Xwv2CW7JyMJGTg+8mTsMTf3nQWFz/+5NP4//+8hDe/ehvuO7qK6gZMh/N0lPQlgbGcvPyjTbLy6+/jbEX/QJnnzHKaKVkZq7HE8++hEfuv5vblRJw+/0PoT+3LE2c+jO3+1yG448bol5lVAEdUbLLIzm8PNQ8OCKI4Jq6ORdzNuTi2+Vb0IcaJolhvFHKwap9DxIkOahYuYT2SqiiVsFVjJIiBDVvoxFhl/rw0fs4PJF5Nc4MPPS3BlrlrWvrLBFi2ivDKQHF8ZGGvmuFVdqWbbWqyjXBfWyv4rDNKz1vXjYfb562TLrn9bdt1vrJzokply0T07cDnM1LaUjLpRVJkfdv64nJ1EKhFjaeuKYrYqmlohOBVE45m77vl/t0CDgEHAIOgYOCQABtlXDeFNEsCSkkNjZ//pU5Sjixfz+E8tSboBohqZwT8R3rNyD7p0kIjKB2x6kjdJQNtSm1MKXLINx2841m2422LyQmJuDO229Fx44dzKRfk/KrrrwcUzknWrNmLdpltEV7zh81wb9iLE9W4ET7vHPPMYYKdV/2HPr07mUgOPvsM7ln/yczf0qIj8fdd92BSZOnYj0FyX60Z9KM2r0VNau+BwUzl8lhh4A5yrVmrqPCGQHWMxfT/MQK4k0pvATMJrmaSY1mcnZ+YzoIf8tGhAgTuWJqCCht9YvJtOEwiEY7V1Pj/f/9/e8YSqOgIkw+oi2J1q1bG22T1atX4+qrr8Z9FLRvveUW/PmRP2M95Q7F/xXtR+xPpzmc8MrJ2cYtc3Pw3fcTjF0hbakYPGjgHrfkKK6WuyU4P0GB/n8fewwdqOUgw7baNmJMJtBOi051sU55Cg9p10ynoc/PqTGh39KW0DG5ErBV11oncGsBrvVt8KLJz5EpmTbkSVHCvhX4fd4+Qkltrz4npQHZJnmZNmiaU7tjDbWK7rv3XmhLTU9uUfmeGh3SMtF4+czTT5ttK7LTMoB2TUTKaFuK9R/D02eksSHS74vPP8dDNBQsIkr2SjZQm0Mky3nnnWeK0YXKAGfR9odwHMi05KSRsnHTRjNv/4b2Qipou0ROeasMcsJeW3RkKHYR7aHIboq2fnkJOdnXmTRpotny8/Irr2AYiZGOfLaWVKnzjEyqWtj14aStVd/RXs2nn3xijlTuw60/p9NY7KxZs8wWnbZs6zYdRW1ym6jJ72B+7TI6qE2q4Npuc9opw412hFQh2SfoX1/RfK1YDXT6yo3YuqMYqdERyMzJQ8/mGbhj+Gh0Tm+JZdmrmEA0PlvL4+PCypEcWYUZi7Ygv6QCo7qkGRV/u2NQD0GNdyuto7dt1ZIqTGHmd79e3Y3BG+2HNWdOswf59yEJkzLuKmcb+yJqxrSn6qnU9fr37GqM6Kjh3PnrG8yLvHePrvieL+jZc+dj1IiTTV7CoJTWhbfl5nFfV4bZzxhJtSENgi2bpRk1o42bNuH3t91oLMHff/dv8Mzzr+Ct9/+Lu2+/2ayEaBC0gmV9yB2LfocTHrYs/dqn42ra4Hhz1lpk5hfjsTN6IoZ7VKrjEhFxwZVkEypRNnsaSt56EhGX/4ZaJoPYuMiU0paJceocHqdfIhn8nZco8F4rnJKw5bGNetfWrWx3Tdebn03DP33lUZ9fQ/7esCbNmmxt+ornvTZaLhwfEmkw9uyBPnU8hdGYYbcQ6bdzDgGHgEPAIXAoEPAN4prGxXbtwpOEQ7CF9kBKKIhFUFtDp96Q7UAptyIXr/P5pZ18IkKoXVwtDWC+e+xk+MTjfSuK3lrYya+d+J5E+3bWSTVdQlA6NZe1AqkwQymM6U9OZVJ8Td5Hc/uOnMJp7/w5Z55ufutDRIniOnfsIuCdd9SiUM+8qPbeAbow2xGYb50ZmfoI85N2iOQYSSKSZdRmJfy+SS0C2ZuQPZ4fKVyLIPmBQukjf/kLbiYxspUaGaOlKcB+csnFF1OzP94cBSvtk+HUMJFMIy2FejHYh3qqrLLxKE0vLZTpVJU69WogbZVDArZsFb3+xhv4lltCdJLVOAr5/SggS5vmLdZZW0GEiy230laeubRvJO0Ic03bHbXO08VNf/dFrr19qC5s+W3+evqSObWV5ZNPPzX2RyT3ZWRkcLF/MbqSzJCT0dUnaYhVZhpElslIawy1O+6jnRLVTwSTMNpEmfJral4cR/JJuH5GHNsyrftpp+Sjjz4y27JESknbQ2OhTpaJpg3Rm266yWxrUXsTMaHtN2p32roj8kZOW33+8re/Qdu7ROY8R4OwGl9ff/113M4tVHp2al92fC2grJuR0Q4fs15ZbJeyRdIUJ2O1I3mcsk7U0ak7stcyg6TOhRdeaJJRPl48G9UmGtMom1LIJoQNtsD4x9GDiieQMvYqexzqQN6K2fBa/a5kh+jSriVClqzH3z8cj7S4KCzZmoexA7uhfSIfFDHuktQep7QcjYTgYtx2Ym+kRIViKm1DfDB7DbVPEhEZ5jPWpHStYVntv5LaplgqDTQraKx16OCBhihJ4Atcr1h1MtXB1kOGZ+y1yitNlB8m/4zLL72Y7F0m1Y9iIGOvCrOd+2xF8pzOVZbH//UsWrdsjl60Ci0iJYaGxMKoStWBJMuyFSvRpXNHY2A2iaso6dx+M4jbbKRZkkcNFGm9CKt/P/6/ePb5FzGFeXbp3MmUzRI2Fq9j9ds+E33X144OBS5sHsa1iIvATUPao5Q2duQnI0RyOgEgID7RXIePOAthw0+jzRLf8VrG033UQUDY8fH6+h+v9ZwtxnUCuh8OAYeAQ8AhcOgQ4EAdyzlKZPNmyF24GEVc2SymDYWAwCBqmSQh7azTzdYbvQMtUeItrDUEaP18Y33NC5Wees97w9hJuPztnMh738bXvNPOFRROgmGFXio1zsa1v923Q+BQIaB5v+wrep3asYTKATzlRM4SiLqupBzVlXYp9Od1slMizQCdblJIobIbjcJK4JXTFhz9Wefd6mD99uVb5VV/S6FMc8lFPiG2qekpDdVTW+iuIPFhnfzUX0fRPoV6sHBRWDldt6C9SRk79ToRAJLpDFNT0+2FseS6mqje4If+mtVReaO5Beecs8/epTzCQK51q1Zowz89v+OoTaQ/6zaRXFpMYkVbc6JJgsgpnLA7S6Qbfwu1WzzaOQojt3jpUjz6t0eRybHbYExZvDNJF/0pjTNJVCi+yiGtkE78W7c+02gw6SSdFtKCoSbTDTfcYLSAFE7PSHnLKKy/s/f9/e1vxRUe2uYz9tJLrbf5FmEuzShp59j62QCK16g2YSPsx2/7vvFP0t8/gOd973wT+Yfmb0WwDbye27VeWokuK+cZ1dTGUBwJnGEkQMwTZCg9bN42DT6EthbklG4xtzaEBlMo5W8VxIDGBy4nVToRF/qWv2yC6MQZObF38tdDtZXyjyt/qX4qnBg9qX8WFxVT7ckXT0ZoRMKYcpD1klEgS9QofWsBWS9w84AZXuSKz9p2gElHZbJxlI9OBKmiJoLC2XKZArsPg7M6klaYxIw2Hh8aoKoox9IVq8i0xxlNHsXVc/M66ydr/NpDqeexz475GOfNqz6/fc7IJeAQcAg4BBwCDoG6CDT1vVYbnqcHhlE7MjKbhlW/v8EkWnnSM6hqxhNw+D4lM2ImZOY9yvebnYPxxayJXxPez3XLe0h+SZs4mPO6TXMQNOHG+ut6SArmMj1aETAaHpQ/6tP2NQI/Ky75xOvUN/VnnfqewmjFfQmNuUoe0VaU1jR8LMHUP6z/nFdxdWhFARdtdQCF7fs2/cZ+K57Z4m2K5ptbe8tu091IO0Yx1ECTlr2to81DYfRnnY2vcCq3f9n9wyuejWPT0LfiK1md5FV3xu8Ndeiv/fHw1tnWVfXzhpP2h2TcmTwNp1///ub5K6zFwWKn2nmx1bVOr9EBJtLg6M+4klOVp39ethzyV3qKty4zExMnTqIcXYouNDwsbRfd8+bhLaf8VSb/Z7g71L3xFU7x/evvH9+W3etvsbB+KoPk8xLaP0mkRpPi7KlcNow5iY04GdsyxF5aNrIdJFlfYayzeUjjR9ufdEpUsDKT8wa0EZr6rUFD2w/0z2yHIfhex9vGecqEeIZX3l4/FVRBlYaAsmWTvy/sTn97z+bjjSs/7YdVGD043QtMFvPl69TeB6cjvbzhFNbG8V6L0TFbLJSmKZ/K5Mtd8RVWzr9cvhDHzqfFoaEaHzH41DzPOvWoz69OAPfDIeAQcAg4BBwChzkCJBnEM2jCxdkLL+xkRn6+ucxhXgNXPIfAIUFgdwui/gKeLaDmxf5zY82Fh9Cwq/7k1APtCr5/WBPA/0MRavpqo8L7xzfRaZR0N/29Nl2FqRki/JNRmNpwnptNwcITrfZS8ZXu4S4zNFRPVcSLjTec6qSF+BN5fK/dYujF0BvW66801UZ09K+9tvcbykv+ImcUrxW1XMZeOsbE1Yc0PfydN2//e435XV98fwLFPx1v2f3v7e/fFvv6yqm85K9nY9tdcH0A72uhfH3X92Aak5b6X33OZ5/Z19DsfVte/fZe2/v228a14dRIrPPaY/D6Kz3v74auTToKW5NgQ+W3+R2L37aBHYt1d3V2CDgEHAIOAYfA4YiAmZ8ZYkSl4+Srzvyr5kcdv8OxFv5lojDl7+V+OwQOIAL7c45b35a0xhRdZZCmvOwrSotep5/Urt42JoHGhqGQU0HNeuWTlMRTIZnvwXQHO7+DXTc9/4aE9obKInnVah81Ja7iacuLF9OmxG+oPEeSvzCQZphsAmkLlTRHvDsRtOtE2iey6WIJHmOcQUAJOEX2AngkVd6V9fBBQO1JRJNtZIdPyVxJHAIOAYeAQ8AhcIwgUEem8WnsGh4kQOokdbcIHNGIsD6q1xHH8RzRoLvC7y8E9lZYlbymubZsjmyjDcYD7ZSP8nNy4v5Fem+fv4R+/TXV7W28puZzOIdXG5Z2WEfad9FpQzJCa51MRWgLjggUhRNeRrNEjKTOcFZg7XtyziGwtwio02v/Vyqtecsis3MOAYeAQ8Ah4BBwCBwCBCyDoAl1YDwCF76OwJVfcI8z53l7Mck+BDVoXJac0CKQa38lOTx+JIH185ys0bgUXCiHwBGJgIQ5nRjagsaaD7TTAqgjSg40yi79g4GACBApiMTExJiTgnJJNkqjRASJNE6szVJLZAWLKJk/f74xmOLddnIwCuvyODoRkAFcNTwdFdWOe+rc4Hp0PmdXK4eAQ8Ah4BA4PBHw2Y9j2WhwHqVLSCJ0AjZ8yN/Z9JTx8zpqJ4dnJRpdKrFCNFobmMx6prCOK1k9Cnb0bfq6a6MzdQEdAocFAppjH4yF7r3RYjgsAHKFOKoQMGsA+4Hst4SJCJI0nuak3+pLIgWNAWdPHsHSKLEnyzih9qhqT4esMmLi9Kczw1NSUszeL/+Gd6ALdzRNAw80Vi59h4BDwCHgEDjMEZD2RCOcFWgiwiOoLVzAkyvigYzbSCTo2PtjgTogTlVlCAiP82004lzk2Kh3IxqHC3LUImD7/VFbQVcxhwARkGwpJY9obpWR29d2bwkSL9koP/90g3WUzu6sOpvSuA+HQBMQEOmmhqbGp61dUmkSWXIw3bEwJTyYeLq8HAIOAYeAQ+DQIWAmdU3IPpzHe5ZQyzO7MhZRg+/lilkTIh8VQTkL4LGczjkEHAIOAYfAkY+A5DpjyJh2c3RSzf50/uSIf9rBYmkk1O4poH9E99sh0BgEDma7snkFsyPZvWdOW6oxT8mFcQg4BBwCDoHDEQH7XpNqsN5tTXFaqCghYVBcVHIMboc95tihpjQNF9Yh4BBwCBxRCOhdKI2S/U2UNAaEYB2Ns3nzZmPMxJ1e0hjIXJg9IaAGLZJCGks6lkntyk749hR3f9xXnlnZ2SZ/GelxziHgEHAIOAQcAkcqAtu2bzeG57S41VSnieWhmFw2tZwuvEPAIeAQcAg4BA5HBIJbt25da4xTwq1zDoF9RUDkiLSVMjIyjKXhg22vRBPKxIQE5OXnI4jXbn1pX5+oi+8QcAg4BBwCBxWBmu2sep/KAF1sbOxeZ+80LPcaOhfRIeAQcAg4BA4TBA7mwru3ysER3Nfao0cPd3SwFxV3vdcIqCGHhYXVHh28f7RKmk53aHKZnJRktuPsdWVcRIeAQ8Ah4BBwCBwiBPTm09abvdEo8Rb5UE0wvWVw1w4Bh4BDwCHgEDgSEQjWqn9kZCQ6d+5sjHC6FYgj8TEeXmXWxE7HUIso2Ven9qiJno8uqa41UqffuzPiatuxSBPnHAIOAYeAQ8AhcKQiYN+DR2r5XbkdAg4Bh4BDwCFwuCBgZETKlrt1Vv6UWQkJtvZFLAHXrUDsFjp3sxEIqD3tH42SncdCBQYGcHVt5wpb4B4auWvHjXhQLohDwCHgEHAIHPYIuPfZYf+IXAEdAg4Bh4BD4DBEwL4/xXfYP8t77Km4iqs4wVu3bt1TWHffIXDIEQgODkJZWamx7F9VVcnrckfsHfKn4grgEHAIOAQcAg4Bh4BDwCHgEHAIOAQOPwREjEgZpLi42Oyg0cEfjd35ILJEJ8oFDBg8tOkGIQ4/LFyJjmoEqhEYEIjS8nLT4CPCw1BdxWa7Bw2qoxoSVzmHgEPAIeAQcAg4BBwCDgGHgEPAIeAQqB+BGrsNFRWVvO8jTsifNMppE4PZKWFiNiqKC+QQcAg4BBwCDgGHgEPAIeAQcAg4BBwCDgGHgEPg6EcgOCat+dFfS1fDowKBSlKBAfwXbOyV1FCFR0XNXCUcAg4Bh4BDwCHgEHAIOASODQQ0hw3kn1SkG7nMXQuM4ugAhabOg2145ctrJhMYGMzLalRWVZj5dW0Wu1zYcipfXTvnEDiyEKiq6WdNbb3qNcEF5RVHTG1pjdZUtXI/nLJyICst46NBLGsFTxoSyM45BI5FBFw/OBafuqvzgUbgSHkPHmgcXPoOAYeAQ+DIRUAiWzb/yvgXyz9tEdiTUxyFK+ZfCv92in2Nn29JKslizCguPJajPEf5A0FJcaisbogwEbmST3kmjN/x/Dv8JJvG15/FP0acWoeenLdl1ed3IOGIor1J2f0o5BYY2Q7ZV6f5T5Tsj1C+LjuIXEAAElP3vfT7WvvGxBfI23M4NoQhMDEWVfsB9MZku1dhSsqBou1AQorn2Nu9SslFcggcuQi4fnDkPjtX8sMTgSPpPXh4IuhK5RBwCDgEDjECEmG3UZ7pi6CASNrky6UgKb/dO0ONBAShoiqW4ZcysEiTmniNmm9JKyQCYcFdEFCdi5LSIPTs0RPVlSVYMHMOIhLDWB6jaOJXkCrqscShrLKIhMos3kvin9I6jFyj6n8YlfcAF0WtIop/osL0pCiVGhfNT/2W/4FWlVB7rd5Wc4hMXDIZuT23cUZp0Cl2VV4J2Z98XoUbgk8npUaSPNlBxQ/tPjhQjvpXh7czYBOAiLAwtB00BBVlZVg+ZwGCkuOpNubrrGYAYTUOHExNwIhlbdGyGZJSemPNqpXIp/XdgBqNGKVid5Ds77Kao5GY996mq/jCsTEkVJCpRF1MlK89iqkxadSN3bhfYo71p+furafKLU0e5Vtf3iqv/BVnT2EbwlH5ytn0g9lBmeQundNgw6CVMkDrcbVlr2bZPbfk70vZ135t+p6o5tKEYVh/ZtY+i4YGCW/6SsiGU3q2TvK3+Oja65S+ql7RUH38nkVtXFZyd/1A4WoxaSiN2sT2fKG0BKs/PnuOWTeExdP6Ks2GnokN4/+tsjQ1jjAOrG0JO1PUCKdnpXp5ms3OAPvhytbZtg3/JNUn6sNV8Wyc+p6lTdebng1v/RTGtj3loy12CuOPn/qbmqC/v+Lz/y7t05u3Td/m6f027aYebIW5Eq6v3uYWP3Y35pj4DLO7Z+bfTlR/71TCi5VtA7t7D6pczjkEHAIOAYfA4Y6ARvQyzoEiUFkRiMqiIr4sQvSCa7jgiqIXRFAwAiIjeCHxTTOEIMatQotWlDuS65c7GMg4zZJo3hKlWxW3AMPOGIqOnbpi5syZfN9VoHirdBAojO4yF5FoTdE7KhSB4eW1xdQ7y77rGKDW+b+na294LhRP8RsT1hOt/kvNNxtR//ojH32+aiYiRfLVPPgjiM0qnICH82eumhivpSMUyj+2vAPi9Hw1f+o7cDCCSWYsW5uJPJ0qo3nVXuSo9KrYP1q3a4ZWzfpiS1Y2VmzYzNNtqpBXSOWEsHgERoc1qT2pLCxko8qzX8gSVaIpjd6AxQI2xpmwVLcJDwlBcnozlJJ8UGfW5JkYGRdCQVnuYKrkRAQHo6Siol6Qo+PikdqiBTatz2Rr3cEWqsHMV98QnupSHVCN8t0NiqY2u36ozhFsdAU8NlcTea9jDqjyPXevd6Ov1RAqGvNMGKaylHykyh/OWIpTygE2mIJOaIhpqCpZ455uI4vHPKKZtvLasXU7EpslYwexL6NaVyhVvKL5LLZt2oTgpGTE8kio3NJSHz4sRAiZzPJS4cXihoUiguG3M2xocgoiQoKRV8qXQA2WBt9A4ku/AMazdTD1Yd7VZK4DI0IRz3S2bckFIkOQGBOFbcXMj6ETwsOxnYMBCsuQmByL7SyHTu2JYZlE8BRlbUE823AJG67ajoQtsfhlRSoDkxDryvL5Owl+saz/Dj53yw4rTCJPBdq2vYBXVBBLiMa2EpVjp1OS6hkVqr+ekyoUThzpwphXSRmfYzmfnQKG8ln6tSmTfn4hFy/KkZgWz7qxPkwnnvmqLBXZ2Uhs3sy0x3J1RqXjcQ32A6VB8rOQpxuVZ29DQrNUaDtgRT1peJLb/SXTFE77wpQbgZ+5lBdrYkAnvELqfybmfgMfwlxR9dcYJ9iqWffKMt+zCAgLRrWeSwVTCKMKI5+VqZue4X525hkX8BnTmbbsbUPKnu0xnONOnt92TfUV067YhhMiw00bqNseKlkfPg1PmQPCQkwTMbXgRyjrVab+R9+oiDBDlORt2YiY1GYcI2HaWDDDqE9v27QNIYnRpi/l1fRvU/Zcjq/lVUhMifW1f1NmnZzFvGvw5CBQh7A2lWW5wjluqB94xwDda6i/2Xg7x5xsRKcmmH6j/uDtP7F8X5XwvVXKfl+f0ztLqyF57APWcQhFudLRc1ej8PTJxrwHbTru2yHgEHAIOAQOZwQ0X4niXLoAbTokIzmhFV8fwTULWOYNuUvh5VtNUqSsvBoLV1PDI5/zVL6f7SvWzLea1y93KDHzDinfgaS45uh7Yn/ExbVBerN0LFj4I+Yv+cS8R8+85HK0adOOBA7fn3oH1biAAM5fi+OwYO5KzJ74E8JSQjjt53xQpgb0jqNcw8JrldAXg+9V7/vQpmO/lbTiaX4cwPezrYO9vzffe6q/0jT57k3iR1AczT+l95PFecQ1qeFoHxGMBzayvfDZkKrARUlh6BcVglezi7G4sILzkIAGCZOkiHA+m2rkc16ieb9dXMrnvK2Uz15O8zjJONLw0D/JOqVsP2pDxduy8NorPyI2NgZX/vpWTPjkE8SkpZm2Ecb5l9qkyDKlV1aTnvziKO+E8r6lMTSfk4y6bfMGXHffPbjvzt/gpdffwPVXX4UOvfshNWUQtm7ejO3bt5vyWlkokmlESXasefBFnG8V1sxlQzkH05yrSHNtXu/JKf99cqYMrGw1J8YBnNzV3813ZqHwATU9Y09hFcsXxrfCJ/CrKn3iUE0SlGUCUJYtlZwKhCQn7BUJoXya5Jh58daN3LqX7BOq/SpSVUVBgWU1q5IeAdRXVqreBVIwSIhsHDlRUzAjnFD9qKA8D+EpFLiZvh2MjCBVQEGZpEwgCYCmMrVazS3PodBNEiCQzHH903tfQXRWdQKFliB2kC0FOxDI3ynxEdCRTDkbtU2KTzg2zHQCP1iaBHFtYGIdw8ZeQCFKrkO3HlixaAGvghGbnob8zZuozFiFzj37YOn8Zchlt49Na8HOXUbegURJQQmSSVwEsjNszVxjOPMuDLtk/hzfTlEaONZAoPqoDgW5WxDXrJVhQC2+5h1QUYW0lARsyS/Ato2ZaNOpC9nMImzbsA4RfB4SfrZvIjkWn0KGOxUbVi5HaFIaIVXZN5iyd+3VF4vnzTbXUanNUVhYgsrCAqS2aWWemY6n2lYkMrDGse4S6DSIbN+0nlWORUhcBNt4FaL4nFWO9LbtTTvbsnYVBbfmRhXNDAxMQvhXbCtEYotk8jBagQ9A9o5CI5SWZG1GEMMnxYebvAspgBZbgY/5RlPYU/pJLdsiqlk41i1fwu1vqWZQzFVZyEt37tEdSxfM5XUE+16cKRd/1Lp6+wHTNoTWZqURiI7de2D5wnnmOiQ5dZc0ahPbzYWGuSoSTlUlHFCToprUr2yyZpVf40teKdLacDA36LFfcLyp80xshIa+Wb+KbXlsBzHsG9J2aijgTn+NE5Ekj6LYb5RvVl4BEuNiKOMH85mUIn9Lnm/9iGOGV9tgZwp7ccU840T68RnHN29tXiZqy3HpLXzkAZP09butKOXYGsi2bMcVM96QUIpnGfWiVL/i4FOnPYSlxCMmmmsb5gVBAoLhtmSRYCRRHETSRC/WsrxiJKTGkbAIwuZ1q00luvZmH5nr6yOmLHnsY9lb0LZzN6xZugRCQkbJpemksqe0zkAY+8J69rew5HTuza1GaRbHoeQkpMZJVZm/+YLMJwlkJovKhX4i63LZBrWGFsL+W67xlK7e/sbwxvFb90u4orGNtOXOsYhYsUyWxI4TCWv6fCBJ2dRdSHwRNKUcl/JKchGcnGZIQo0f5dk7ENs8ydRH5c4rLvGVi/3WV4KG34O+ArpPh4BDwCHgEDjcEQjmolwFFylatG+PU04cjIR4asyvXIliapgEaEG1ZsRXPfQK1WcViZLWrVohKTEdiTOzMeGblQgMLuYiKcPzBVHFeWJ9coeJbj+Cw5FTUIyw8Cg0ax6FhYtm4odPvuccNh3F4cVYvy4TJZyDKi07/1VRAgJI/JcnYFsO5ReqJ1RU+wTlaC4QavGglHPnQgq8CTHRpuxacLSa/zZr77febzEUviUwa07q1b73hmvK9Z7qr3m8EeYF1lHs0ljPTWXVuKFZBB5qGU3FAhIa/PvLpmIMiwrGH1pEIYOLcIlkCv65uQiLSqiMQDw0F/I6zatzOCeUS+D8Jnv9WnOtj+DEFMogXBDic68i+ZBDecLrEjmPrOazlTQTzjYSER5BGUQLwdwlQploS+bOtBQvhCYrtCAuuybxnD8ZeUc3PC69ZRvzK4T5Sg4NI0Ej97s7bseJxx+PW++6G19//KHxkwkMM8fbsg1F1V7dmWAkt2jOBXWSM9lZlAErEUl5r4hzLUP2+WLX+xlcr28TPNXotUIfw06ylVoUAWyRDTVFPkOzglpdxIkpH1qTOogiSxCvGTpURK2255NpumDs5QQuDG+9/ALim7U0QCikwJLAbJmrcg4AIQRZQoKcyinSQUxTDOsQxocgJxargMK2BgFpcpiVR/orXinZOaXRc8RpWLt6NTblyeiRTmnxpaf4mpTrn8/50EhgXDWAq264EdkccMZ98C6i2QC1z0pO2gpKVwOM0UhgtAQOJjJmI79tG7PRtVdnsr5t8OWnX5AQSEE+hQCb7rU33YKly5Zi0nffkPWlBg7rqrgqswTBCqahBiI2N5L1jGR95dTwNq1Zietvvg0RkZH452N/QzqZ5WKGVf1N3hQ0fJP5HLTv0wvnn3ueqZ3YwkrmU8L7WWx4YvXasnx/f+RhJLNhS1NA+BdSCBdRJKZQRm+3M205aXmow8npOWh1ViygkLMrtZYoGTz8ZIwYMcInsFVehLfffZvC02JkUIVwzKVjKEIFIGxMKGZOn45xH31ADY6WXNmltkJpLq666hZ8/dVXfC6B+OW11xjBM+SSMZg2ZTK+HveJERCFV2VuNu78/QP48aefMGPiDwgljmoXORTKriMrumXrVnz6/ju48fY7kZiUhJDgELaBVXj5uWfMoHDpldegQ6dOBrMshn3uX/8whMywk0fgpFNGGKwuvOgivP/B+1g8ZxZatuuIq6+52wh0InPWrF2L1557GlFcWdegoWdUtHWTwee+B/8Hm6kR8+KzTyG1VVsjoF57481Ia9bMEEEbMjPx8n+eRhyJIvVBYaj2duPtd6EZw5RQ46WMbfrdd99B5oqlGHvVtejaowcK+aKS+/yrLzFv6iQktWhtGGgJkldd/yu0aZthMN+6ZQv+8+QTNPEFnHfhxejVpy9XOMoRcMEFeP2N17F+fRaCY8LqbIeorx9YIfXsCy5Ev/4DjDBYXTka7334IVYuWI4ECovSuNHbX4SXtIc0iEqzrNaP7cr2jWC2KbXfW397D7UUSvEsy5hCfNTOlb/iSxNBfUsEk5yuve1Q/USkUpsOLXDd/ddz4CwmcUbylXlmrl+P1154HUnpCcjhJELPSX1VZYti3hqP1E/ksvgy6d5vAC69byz+8+yzWJedQ62LCNMPS4hVMcutuCyYqXce23sM8xCZNvy8C9B/wEAz2YmPj0M+Sbkgpj9/wQK04QRp69bNHN9eRBrJAQn26tMSzlUn4VVSM2YpbTuWaNzT2KW+H8cXSyHj6VrOPocr+Yxbt25r/NatXYNXn3+WfYcvOvrkcWwdMOwEnHbqKPzj6adRyBdKKImOMr4Ye/YfhBEjR+KJR/+C8y66BL169zHtIXD0BXjp5VdMm7nqqqtMH9E7Qn+xsbH4+JOPMe2H8agkqdiMJN7YsZfhpVdeRheuDlw4erQhgy686GJ88cXnmDHpJ47nrXDVrTciMirK1HP2rJkY998PTHmvvuEmtOJ4I7d540Y89+9/muvTzj0fJxw/nGRkoXmpTpw8CT98OQ6RHG81FsXVECUtO3bGjdffgE/HjTNlMu8OQwQC3v6WwDIUEzu957ZvXI+2JErHjBljViMCA8Zg/PjvMPWH79lvm5sw2RvW4Ta2x60cA95+9SW2aZKhxF3PW22tlN9hMRG49w/34r8ffYR585egnMSJ+nNGu3Ysd5EJ/y7HiTWLV5EA5DhL/IxTx+YzVrtzziHgEHAIOASOPAQCORflKgTiKDcFBHBuwrm35pMT5sxGWFWlmcPVLk7wnaG5e5eMdujJxSXNQcLDI6nZLI1lhg3wyTNmvmXeDcKj5n3hgUbv4ICAEL6LizFx8ngsWpiP1WuWUZCiUFtQhODocMyb8oMnhv8lF1VCYxEUE881D84j8ktxyoWncjHSZ5sxgvLKDr5z5WbMmIEFS5YikQsm0vTW+09yhxZXNF+REN531Jlo2bw53nzpeSRw3lnOuVoB50maE5nFYS6I6Hdj3e7qzykxhXoSPJXV3Ebk04BvbLpHUrgWrOcGEiXXpIXjoVbRSJdmNN1VyRHYSk2TM2JD0ZNaJZyg4Qr6FfIx3rm2AAkMtp1NRoSJWTjkXLWK8x3JAHkF+fjo7bcou/6K5jDCjXzzxqefo3DdSgpxNPabnIgx55/Lthxj8srNy8M7n3zB/T5bzG89e7VTHwFYbYiSgSeNQK9uXdjmufjEtv3W199ix+rlXIOlBnvpFpxy9rno1C7DaB4p3ox58zFrim8RTdpVckpXblD/fujUvh2OHzoELakppTY47rvxyKXc1qnfQJxIfy3OSZadNH0mFv88hUJAHAaffDLacb41Y/ZsLJ81nwu+8btdrPVJDybLhj+05USrYXIS7iUEK3MJ4ts3b0eXgT3Rg5Pl1yisaWIolXw1dlmr1ZQunMKJJnjbWfh+xw2nkNQfz7/+OlfpgqiKRlUYtWQ6Tf5rJ4XGx37s2vF1R+ysXHpammGudK29UXK1K/3mFz+CYhBDDYOCLdm0P113u4JIC2kuaEODdZogS1NAYr00OeQkPMhFsI79KehN/u5r89toCYj08FXD+O388HlKqJNrboRbXxk1cTYNk9s7cq0RHIYJ5iqu8BVeXhcbG4eu3bqRLPmYa/JcoWUYI1gyUFpqKjZTDUlOcArzEq7K5pTtZPwCqBkgcqKQWjFerk1xNLhJOJPbvHaV+bYfVngn/Y2Nmzbjy3GfYt7M2fjjww9hI4Xo9z/4gGqECQihEJJJoZ2juBEcbXz/b2liSM2+mESAR4+CWzpamdVihRemaj8FuUVc6c/Aeeedh2lTp+Lj997GrXfejaspiD143724+JJLyMYX4wmSPGedfwGGnTAcU6bPQG4J2fGcrRh1znnmJTR/5nQjAO0oKMA//9//4tzRF+PkESMwgWH1HPRsJeCEsw4iSrRSrPxzuKrfmsJRi5Yt8fxTT0LCZSqxfvjRv6NnxwwSMVej18AhiOVAMXDQILz6yitYQXb+jltuNsLPi8/8G2edcy6JmSm+spP9PP+88w1Z0rFjBy0H4JE/PYA+AwajoJBbCmISjVCt9luUW4x2Xbtj7KVjka7tO2YLGgxRcskVV1PIbY2nKZRHkLm97rpf4gwK3F9YZhUhaJbRAckpyfjkow+Rm0uNJIYTaSLXigL4dOL548RJaNOyBdZR2ERUYi2TPOrcX6Br12548cUXuJOsELf8+tc44/zRmMG9rccPPxGfUp3ux2+/wj1/eBCjSZj847FHqWjVGtliaOt1AYYwy91CQo14HjfseHz7zTeYv3ABhpMVjozgHlwjjHrbPLWY2F9E+hCZWqdn4983Jk+ebMgoBEUjK3NNbVhdaEzavjGLWkd1y+bTxKFWEdtiRVUB0pKTDUZvvvmG0X4TmVus+lQWEBe+UDgm6MUvjQZp+eRViDryOA7AW6nV8BWJuUI9K5Jv26lMUetCYpFdvrM/Gm0ETQZikzBv3lysJ1lWwPxu+tUNmDltCpatXIVy3t+wPhPFNZOQLTUaGDZN70gWQZKNG07g0/ypCcE8Q+Mj2b7X0yOEL4QkRHLcFRk2esxl6N6tuyF29EL61a9+hdGXXo4P3nrdEIgIiuWzHY3IyCgkREWiMDsPcbHElykN5QsoL5eVY9mPZ5/ztodLLr7ItIcvx33GFxo1O0pLTPs97xe/MIQfjYpTn3IrTjj7TNaPeG5Yh9tvuw1raePpxWefxtXsY+ewz4gsuebKKwzh8Vf2keEjTzP+CxYuYtvsis5duuDZZ54xmiO33XILzr3wEnxCMrNb5y5YvHgR3nz7A/Tp3oljFA2MxSWhiJMxEZDCYtjJI3HaqFFI4JgWFxdnwMol6Vtff5N2mN4FtvVcyTKJGH7y/z1G4vASnEvyePWatXzpl0JEyUVjr0DvPn0wlW1Sbru0xdgWVG+psmZnb8a1v7kLLTmmiKAGiRK5dLb1H0i8LFy8hIoxidhADRbw2Yng0kSwvgmwieg+HAIOAYeAQ+CIQcAnOPrm6hu5CLZy5TK0y+iE4wcOxBeffMqhnoIgFyakxVm5PQsd+g9Bv779sXr1Ss4TRT5kmG2cRSTx+dL3uTpikt4XuzoRJoF8/+dRKzxvE4VTys1x1JiO4mLKRsoPkVxsCzUylBLzpiE7JSl8h+qUT2ppShchJhSzZkw3i3B6H3fie/eNDz5EG767ViyabzLflk9NFM5pw/jeK/KTOyQTWbloGxcI9I4Mp4aL1cQ2CXBRZXcL8HVq2ED9zXZfLvAMOvEUIyt+8u5bnN+3qCVivPKtyBnZG9T2DTnFFWb55dwpQH8tjGn+xOkSF12rzaJmiHk3a8FX2ji0FcI5RjGvRXZpsddo4jKuJX6ktS2Zl7epocPtTQwrpLUw61vY3hnWFKKRH4YoKSUJkh6OP7eOMUQJs1VRsYLaI4uopNCdGiVlJIxCmeFyamIv5RZ7uU0MxKZAfXFWQbLjDs52KNM89IcH6FONUaeeil9y3iNyQ6TDsGHH4erbf4sWqUn449134dILRyOGC1py2zgvPOnE4fjnv57C4tkzJPqzfj57k9JCH/PLy3DL9ddjyMD+Rn7VvGnYO+/hMYbfkbsdl425HddecRm6dOxo0tPHdz/+hIf++ih+4qKXby4kX6HG3WN8NnJ/uOdu871o6TK8+9oraNWzL/7vr4/gzNNONSFV7h8nTca7bKPP/ONxdGL6nbt0xjTZ66FEvTNdk8wuH74WsYv3Tg9VVFtOaoVaCgmhCVGmg2zP8TFHRZzIB6sB0RlBYmd0c1Ubl9tWNm7aiMrpPq0HCct1XGQCgmgTon7ChCE1gKiF1TrfdSUbW0UNYGoZoSx0GSekV11/o+kcEhD/ywFo3bJF6NijF84840yEssHm5ZNZXbcO33zyX4w6+zz06tXL4L9w4UJ8TgFzwHEnUO2tJT585y2T4/kXXYKttNOQkJBomKwbbr0dS5csxQ/ffGmEe63cGscy+tgvT1lryq1yVlLjQU4PR6pjiQkxOGfsRWhBljWLq9HPPfsKe1GeKb/8pNHwwnOvYeDgQWjOPYmXUCtg7rx5yJ2zGAEtOGjRaSVc2x7kpNYugalF+84YfT7ZQO4725qVhZdeeosrq1sx7JSROG7IUMPM5XDSP4/1VYePo6ZIy4z2GDL0OBInQWhPJlvP6+X/PGO0HdSpd5AFnE/BgDmaFfgCkg+5JBr013PAICRzVVzbeX5BwUhq+CKHpKnRgqpPXTiYrlq1Cm9QA0juuJNH4LihQw1TPo/1+fKTj3AmBX5tX/jsw/epLtWGWjhb2PF+YQQzESUJXPV+8v8ewyOP/R/6DR5qhPfJM9TYQY2SD3ECBfnUJKoLrvMx3N179MBCCuRyc+bO5XP9gleR+ISaPapnr/YZmDFlEomGXyCNpNv9d99pwoqIi6awnFu5havUF0OaFXK527bh7Wk/k1UvhAiYzaNOZ3tIQN/evUxZ5kyfasJ98fnnOJekSCuuXk+ZNBGffvCe8Z8wYQKxucBcpzdrTkGS2z6ohTNnxjTjZ7dBSJOivCwXHdoPx9KlSzB3/nx0yMgwYfTRvn07rkjPh7bfyC3lANG5UyeodmKDX/noE2SQBNGWtzw+o+3827ZkITVPmvPlGodQkhMlxUXUFAjF3JmsDwX9tGaJOHXMaHz2+RfIJ5v87vvvY9mCeSZ9CcaJiQlGK+e7b78xRIluzCamA/r2NWF2GWz8+oExYFpdiAQKp1KhG8+BT+6Dt9aaLUsozzcCfAeSSOonX379NRbOmo6RZ56DASRYy8rLMJGD3c8/TcDV1NBq/v/bOw/wqqqs7y8IJCShh95DLwIK0hQVEAUp9jKKbew6jmMbHUfHrjP2GevYwN4VaYJIL9KRXkMKhB5CSYEU4Pv9170HLiGg847v98x83908JDfnnrPP3mu3Vf5rLeineS0lVg2EXqGhbH+uCYXU85RTfE9KSVlnX3/2sXVgbrZu1Yr+VrDGKJnSM9Lt42HvOhJnb3jdqC15wGCF+oksF/3mCv/z688+QfNSy667+TabM2eOJTdvRqyNBEdT5eXn2VsffuIxPmrVrGnTJ3xv54BwqICiQe9dyvxeuGSpXX7p7115t2btWvuGdsllLIe1tylrp21KQwmDenYv+1U26zJt9Qp/r+ZWKoq0ZrigdYOZqsghVpG1NXrs99bn9NNwi6tu82BaJqDEVBFqqHHjRpaPkD5i1CgQWCvsN6Celi5bCj0XWmyDhn5faxicSRMn2jrmhcqkiZPsZBR+KlIe3vvnv1hqWqqVj42zJOZ4ZmoK8Xk4EBH6a9WqbR9+9CHWrsb2A+MkxZlK5HxYQUAvHVAGszdg4CD2ypWWsWal1QW5thllSbNmzUzrwRKq22wUd2OHf+V1jEeJdmuLltasXQdXTL70j39wPZ53jLeOHTvawAHnuJJPStp06lPZtHEjCpk6/lkolNx1KVa/TlJ4XcWAEqsJkwAqkDWtIkWj5nF79gcpG72IKT21x1HrbUvGZlfUSFmdkZ7mc0iKEu1FI1DOiI59+/RhPr1jPbCYaM+ZAF0VjFWlU5tW9HWAjZ0w0aGsmj9xrLuFC+Yfssa0O7GTI5lycnPdurF04Xx3K3JOw2uJ+HHUORjxXfRjlAJRCkQpEKXAfwcFkK9kIV+1egkuLrusW/dTbMC554L0HWtxHFUFO/ZYyy6nIJyebrt2ZtuI8WOtW8euIC2RHUrp4VFyR4l7JLS6RZ54JzIC1W3Wxnr16mNbUdhsQj7Kx/6D2uIYBXExtoqVrRQKoil+L3PbDnjhHSj+G7ohrgiUbEreXpOxLUA0T+KM3waf2rv/QGvSpAlGhX024vvxoGiFioEAlBOaN0VZ1NdGwuMPwgAhHmoHvPaoyVNAhIBg5tyW0uLnSmn9l0FeRcjWJDTQFbEAADuLSURBVHglFSHeFQBQrz9CvqV/RpBQKXZUDtECpY3cfQu2b3YDun/pPwjQG5aOy+MGLAVJrkIGVOQ9xQdsD3xOUGL5XiXXXXSDq/zGkHOQhuwOy9P6pjzuub8krqWoJ6oEiBIpSv6KoqQefjdSlKjMyS2yBzbk2rTcYhtUJdbd1FeiPHlsY64Nzyq0q2vGWTPiTz6yDUmd+G8yHckwpJhw4rlbNG1q58JzffTp5x7jpkeXk+0a0PwpGPPGTplmfXv3sjVrU1xGERq7R9cudvN1v7VloKJDyhJoTUNz0BOcfV5/e+RP91nr5s1t1tx5tmzlSrvw3MF2w9VXYqiMs6tuv8e6ndwZF+8q9sXwby0XpV4TeFldu+/OO1xZ4h1Wx8IlmEOjx30PInuPZWzYYG2697S/P/W4nd2nt81dsNCW0JauyBC9T+tpDZGLRtLu6fCci1essOzsnYxBKLxBUGdpv4+pLNEgSMu1H9/qMxFW6vMCadamz5hh6TDXgkefNXiQawwV60EWRJVeLAhZiWsheK6CEOWYYK0QFgRJHvXl5xZfqybCUmUrZmKcAQwrlu9r12aSsWFMmTrVNmEBjkmMO0phEkyK0jYIDYQmvYqsgIUbM+xWXCUqQ3BZPM84/XS7Ccv7Q/fd45bSXQgiYpSvufa3lodg0vmU0+xMNGfjcUVQO845ZyDWvyyrRKBWMcJBUT8SK1VmkqzzhatovNKisYNYkRjYiKK/SlvaPrDhxgpOJ21qm84nQcd4+/TzL+yaq6+2y4dchNCWZw2w/r83dKj1QItXA8h6HsKPhOtMNjZHCKBYCkpowoSIECaF3XLTjW7JHTlqtA1mA77ttuvt9b+/YP36nWPz5sxG2ZFv52M5XrVqlQsuQuiMnz7DBg4cwDjPtNHA04cMGWJXXHudfYILQODiVBNrqPZIoVrkOxaURo2bWAfiWIwZMdz6AtFfBLxpHgLBZUDWpSQZO3YsLjOXo4DZbGv5+6yzzrbJkyZazp4ck9V5xao1vhjjETBVYhXgkKKNU5ZcFcEV9WkXGki5oIxFQSJ96MALL7HeZ/SyhT8ttFVLFgGtqerKmwrQddTX37rG+juEMbkxyDp/6ZCrUfgVuKJEAvB5CLZSDP3xoYedZh+++zY0b6RXIlg1BgUx3j+PlNIDfzi2WGtFDBKhTKaOn2TdunVzBIDfxPdbmO+iTaK//0tr1LyVrcf9pS993rED4lGEgqqGO8+VV1/jbmwzUSr98N2oQ3EjhBQYP1oC8EFHtPhD4R8ZoBA6otxbsawjdIq1zigsZrH4VZo1b2FNQZTkYimvgDAvy3d1hN2UlLWu+KqP+4/e3Yko1d1OOdX2AJv7B8icChXqWguE1Pr1FtusyRO9rhNAvJw3eLALch8P+5im7LdxG9JxIWruwnOXk09GgEz3e+XmVrJErgMFYJaLx0/z5tgpPU+zl177pyMApkybZmsYswtRSnRAGBY65wQEzsG890BxEe5XfW0Ec6pqVaJdo5G/eMhVVq9+A3t/2DCQRD39lW1PaI/yc7dNmzv/EApp27atrpiS+1GK5tvZ/WwiQuykyZPs4osvsa0gDiZAb81rWAd3I5Ei55KrrmWvA4bIwfcNG3DG+g12GfP267Hj7YYrLoOW1W35ogV2y2232Zo1a1AujbHBgwbbLddcZR9/+ilKzW6OzujUqZPVQbkpV4vdzNfrf3utLQZmuwJkxJArr7Tc3HMZ35GuaC1Ark5IqEF8kk3eR2nwgYTQqF3u4rKfAz+dPvTq3ce+xmWpJvPmj3ff5f2Rq9BAlBFSllx53Q1Om3feHWrn9O9nl116qT3zxKPuHrYZy5HsIXuhhyUmIfTH2Y6s7YeGbMf2bYcUB0J36OB7+9WX7f6HH3fluIFS2c++fcFlV5iUpBlrVoGCq2WrFsul7Oj5UA0lrfxc5bJTF6Xv355/ntgntWyzGCf2IJ0Zs3DJEcJGipL6IKE2pqX4uGdn7wjF1mF/3sZ6rYlCUW5OmRs3WUsO2mUoFxUI1irDlMSU871S7m0qxQf2W4eTOlm7Dic6XPjd994jXspOiwG2LLckve/T94f6vT26d/c9X38IgVT6etuLsrc+Gc5qoUTMCSFquP/wXrTrEBN23nnn2qeffmbJyclWGYWWSlJSDTIOtLIvP/rAuvQ8w1pwjjxw9x/s7vseCCmT/C7Gn7V6GnvYAJi6TA58ufE5+glFeFC0t+tc0bqKligFohSIUiBKgf9+CsTHxtnSmZM9BmK3rj1sYP8BuOqPslZdO4cVJTtt+LjvsEZnuXHxyB4HkoayyHE+6M9ACDjiRtAMB4qtMi48dTq2tJjyFUFDd3FeZ5niAJZNsBN7dPXzyhUqEc8qwGtBYTXbuCHL0teRjbRSPc6uYlf6C90qftLlGT63bNYE2amKTZ4y2Xr16u0ogylTUYjAr45GHmuAAboO/KjEIMkzsciSp3Of0Nd9B53rhpjRuOu2hxesh6yYuX6LlUGBEfQyolklPh6r/6En1SeFDQiKo3YOybcNnA5T4UV3ElqhE/SPxS2qHkbeXJDVw8f/4IqSjt0wsNIP8YcyQq5es5a4f1Wch5gzbTKEqGJnDz7Pjej78JQ45ZRB8K0gjpEHxkh2oAihLcOslEYyji9fsdJkJBlw5TVuBJN8MPLLL1GY1PhZhYl6phglG0GU/AbXGylK6qMoATziU2B2XpE9JEUJgVyfa5hoV9SMt7TCA/bUJvqUXWi/QVFyH7FrGsTGWGUg1k8Qw0TPanDyoFXIod9s7A8TUGhcpeb75/59z7Q+vUCYc/2xp/9m40k7LdRsz86drHXLlv5uyUZBkaIrHdT1kH5nuqJk8bLl9ocHHrR5k36w1Q/+xR594H4UGafZye3b2HMv/d2+gV/6cekya4CB9iZQJkLFnyBZvEyNUDydoGJ+a97JNf3F1/9pk0d969/cfvc9rijZiXz+5rD3bOhrr1i/iy61d1/5u9VHbrz1yivsLyBiHN1dCH/F/P05ZRzSeulFwvd+4F71GtSymnRallTBZfpgQVM5H6Ywjg5MmzrNhcK4sBWtPRPJLZ3EjuiOdbdduxPw6Z5kTZok25kDeQZlRuu27bwOCUbyOZ8+c6Yz7mcyAIIkC7pUWtH61//jlXyY66oIuQ0bNrKvv/rSViDUvPHySy4IdTntDH904cIFtuynBa4QyVyfYT26d7MVaJgmfDcaa/d3WOwXc62H7UaIPIRY4UnFaBCCY86seSAedtgILMNLQRJUqJXkVsvIdv1cO3WvlExCEijOiOJBHECI2Y6lXGiMXQxyNYRDbRhfffyhZWWsc6F0x44sm4l2eTf4fmVmKW2A5bYgyLom0GsoR1YizHzx+WcusPQ4rRfvLbJR33xpE8eOITDPdsvEWqp+FSBcN6qZ5HEahr7xqi1BIFmxcgWauAbeNcV6UAneqTUVWRRcSpufihb8GJQtE6GpFE9LFi9CMTHD3XS0AZ1+6qlsDIm+MbZgcWnCn8p8GfrP1+21F19xq6p8+1UUHFI+byqBH6cOBMUg8YICRc8XoPyoTdBXBd7VPOretRuxDDZzSxHxUcp5LBYpSoQY6gBM/tsRI/zx2665ks0qx75B2JrOrt4e9JEEd0Hq+6NEEW3mzZyOG0YDj4dhO1G/MxOvv+46rMNCtRQ4isGDYqlG2hZSHBAQMi6WQLS4uaAoueYGXHjYAF976XlXuHw1erQ99Myz9sLTj9sCkAFyCzJcsHYzDurz3qJiYr80Uo1HCFVS+AgVsRFr+oDB59pFl17mLlSff/ieydXq4fvvtdTMTbYaBNCLf/87ULQn7ZNPPkEB0d66Mf4bU9faP1591f722LP2xEMPWBXm2dW0TcLvI3/6oy1PSYWGKIRkRWDM1X9p9tuf3FEtsYbNWrii5Obf3+mHz0dD33aEhvxqS5bIdaD5sosxTUDIFQ2GD/8GbX8Vu+XmW6xZ+47Wkg2ygDXQGQWM0AFC7Cg2TBHa7RMZryVssIoNofZI86y1Ibidig5BaZWHXHSBZTGnhUKaxb06sKXwFFpp3bp1HkNC19NR8CQ3berPBq57OgCFqJILRI0aSbhiVrPk2rVs/o/TbQaH6Mt/e9oaIDQ/++RjVrdJMzTS2fYlh9pyUAAjR3xL2r4aVoe9MnCXUjsXoRyZhEJGVpYqHPzaMzuhJRfiohVIKxXFwhCTE8QT0TXRygql3w8xFFL4JCTE29qUFPseJNwMlNY5oH9G4/IzBkXDTtrSuUdPFGXNPXaL79OMmQT1VtD2ScZ56ozZBBzFp1PrKiEchNk5K3+Nj7Ho2OecQezRbe3t94ZZ9UZNWGdkukJxgg+L39iS9boMlIpKBRgKKTmEOomcD5WFYAqXs88+21LXpdhu3JfE/Ki0b9/B1q5dHb6jjNULFCUXXYKioZm99MZbKCCqHVr3wZ4jhif4rKC4mG7sUQ69NatX27wZ03yNvvXOu/bkCy/aXx99yOl86cUXYyLa6XFa1Be5e9Zj/FRcyR+epApSV9p6U4ygT9//yF59/hlnZkLWq8P7oALvqV133f+Az6vFc2eh/KwUHkSzybPn2NMPP2gNWDcXohSeMGGCv1tujwGDmbZpiyuTFO/p5VdeBdWXbAMuuIjsX5sc1usPhH+ouZHrKvK76OcoBaIUiFIgSoH/Lgr4mYYBY8m0WTZv7mw3eFx983V2OihZGVq+gY8uh/wBY3QcpQGibXA4OANxJA1k/DYFuyTGSfuO3TFWDtAhZh9hZNmGoYQo+W7caQYaOpmzqmnzlv4/md/JGOAaJ7ewqhgWFcUgpkxIFpArikrk69YsT7Gv4EWL4GO3kIAhHiPAtt25fkaKr1i4ZJmlLl/iZ3Mt0KBDLrzA+asFM6c5b6f4l4r9N3HMSMsksUBc5fhDfP+RPSr51/H7r7udPvrN/yPkWwyNgXwrN6DuyH9JGGmnIA9I/r2o/9l6HMP1qSZ06Zo1q60tfRFCpREybH0M217wCEhu1hxDSjzxMJr4pQkoFJokN7VuZ/QGTd/XZd5pAANEtNa4Em9JXYMHwHkeR+9j0NwVkGfOu+xSAr5v9bicoYpL/ylFyda9B+zu+vH2QuMjFSVClPxlfa5N5vezDRLtBhQlmYUhRMmXWQV2afU4+xOKknZky6mCouRavr+qWpztRluShGglfkhuUgIE/IgRUl4HKtuR51TqIWvJINShbRv74NmnbThygPjMkzq09+8FVgiKUERVkPeaw5+qzJo71xUlbdAFvPDUE+4CVjExwVo15x3wrZedP9i+JX7je6+9bJdAG/HoklvxPfN55JVoEClyaRNf14D2KAmFisAHKvN+WmTjZ/wIX9zSvsebYAcoEiGJTz5RskyI91bG1F9SQqb7Uu6UUFoObd6mDQSpw22iTqOmtpWJXxUBpj5W8kSI9Nrzgkfvs4VMjO6nnOq17MVX/6f5820FAnoXIONCEaStXG7pCGpCLqxB+JYfvoru/RFregZIlblYIWVtVpGgKTpELsDIz35T5A99GV4Feq4+k1sMrAI1SrDbsG6tyVVIQWAzMtLtwosu9vgSumfq+HEuVG8kFkdQFFyxFkKGGFndE5QANlandnVXEDVq0drWb97mMVqCe4Lfakd4LINL/jsYWP1RkT5vXL/Vgyie2fcsolDnOwIgF8F92g/f4wOG5hfoUM+ePe2Fl192gTzw8fNMGwTyOVzwRcTqHhTFGcjLzfU/GzVr6TEU9P3atAw7Dbo8/MTTrs1My8BamwG0vDx+XTyuwFMuQBBxmzxNuAQUHPIJi3xb8J4jfvN8oImUDFYDQXcTwTclPGoyq0iAFB1llZVlf826dR5vZQxuKwpwqlgQOAqC1CFFMQKIyk7ibQgZoRIPikJF8y8fOhluDLZtF4FXv/Hgqw8/+Vfr3a2LTQbGqI1YChAVvV+xWDr1ONUuIMaGAkgumvOjf1cFgf1bNN5SoKk0YPOTy5CKIPWrcB9Q0XzweBgxVe3Z558DObXCPvvwPf9OfUqqIcSJykGrjnVY9MrYstWDEF913Y12Qvv29jTKEQVFUtBSwfUSid9ShZgsctPpxgbdrXVLm4Niphy+m/tpswKRqmhcAhqKLhVROLyF5VnlyedetK9xSVCRonEPKemE6BJksKAsG1Sbdq403LC+rzVo1NDk8KPUx42b17MMlDirETSTgbqpKEDsboJ9NW3SwFJXLLUNKBWETLjqhpttAEgFKQe1nm763R2uRHvo/j/RhzquhfYKSvzQqIdGHqowph6LZdtmv2va1DnuWnE9wXPPHTAAt5F8d3PbsHEjioEE+/yLL2whior0zEygeufZnXfcATJjkcmNqwClaJfOJ9tpaKMfvO/hsABdxp9TPSraOHeiVNR7hb4JhGx9J6VAIPTqbxUpfAXJe+PvL4Yu8FNIGHlzTvzxR3cty6RtKpU50FWHkChbiJNCZX5dMW+Con1OVgmVihUruQJx+arVBDWrixJniq3HBVBwTaVkPqKUWGga92DsneHhZgnjsoDURamzlnm0lxg9sWj2lR5uXeo6XzOxzIXFi5dY6uatrCuEd1ISa11VZ9/JRqFaJAUMSqmgaE0pOJaCXqk7F5x/vlXk++Qmjeysc/rb9i++ssbt27niSYpWuRDpoBEapOR80KwVqqRj1+5WE6bjxbffdUVeZmqmu0I66u+DD5hwNbyOTdQx4PwLPZbNUJQ0tjvL54MYLbmICYGooj0lUJxu3ZBuDz3+lMdqepfYQLUbNQFBspuDZacrQzaB2pvOuJ3RM3Q2iXYh0oaCfak+Lvm6Dj6Xtt40b8qguDmYvc32gHBLZCxVKgR7EW3cBy3rgTzZmrXdbrnrXmuCm49gpQMvvdzGjBrn9wtpJH9gxVppia+s0DYVmT86YybCsObjhtqsdVvcolZwTmXgAtrYn5MPuQI+q4Ta7x+jP6IUiFIgSoEoBf4foIDzzQiplWtXs0Wz57mh82T4m82bNtroyRMtdj+x1TDkFHOP81McBKWdBfrOvy+FJpLpYuCv9+zYCc+3CJkIoXXBTDuIUdizwGGoG/flx6U8GVxqCu9aEXRoFYzDRxvGDt3VsjFKnjOcv9AZ6EagXdtw851gnTp1tutJ9zp39iyX/4SgjS0fa1lCjpdJsCkYq2W0bQtCXXG/ZHBdn7YRsYCMm2F5IHhPab+P1//I+8XfKKDtIfkWHlyuSK3bYcgnXqKM1VJyZGWm21KQMM2aNvOYivKukGymcmInxgcEaNs2rUOCvF9FdsG4F4e7d4DOroNxU7ES5UEhmVfKr1RkXilh3AgVX815gWxcRXqd0sPHrwa8hEqZ0gbZvwn98FGILWMriUeyvmC/u9/E8NUcECWPZObapJwie6ZRot1cK942gSh5fGOefbl9n11co4L9maw4HVGUSMqS6LiQZybtpkYq2OOil5QQzDP6rBh8me4mfvjlym4jhMxVoK4V6uGf7wy1VSiRzh040M4bOOAIoIE6Jbky4MEDcIXcbFSkDFF8QCUNeeW5Z6wLvNKEKVNt6LD34ZEq25233eo8vOVlH25ABG1Ubw689gF4NJVixkBF4TZkeN6InK6i/qgUymBI8TaVupL86yN+HFOlIsayGHhKUu2qdtWNt1rffmcTP6G5a3UUwbnIXwZFCfAndwMpAVTE1ItwKkIaBIoRWYwlUOreoMFqd+AvrkwpwfKXlbXUFe+viKAQt6lIiJUQriIhYNlP8yFWkXVFWSPBrmmbE0Ac1LEZE6dgaU1yi/AmBLBJYQufYoK0gXkNSlss0dtBRuzNy/VIz8F1TW4VZdiQskLpVOH0g69/0W8JvbISq0jIkN9gP9wD0tatc1eI1LQ0+hOqU1ldnsAiKcGwD0KhYhAEaApPm6QVHy66nsv3QZlLbAL1WSl1169bQzCdrk7/rMw0t44qe01qylqbiuVdRciBQwIZn4ma6Nc1XoH10y9E/IgU4nRZG/7hOsK+kVwPjXlolup7Ca6rcF9QTJMlKCx+ADqlIJaiS+Pkuta0UV1PBesBk3h+PiglWeaVMWMd8RcuuOxyDzQ0Ze4Ce/q+P4IU6cRdRZ5eVEJkWlq6W2WlLFIaUiExFEunXeeuuCOdZ1+iWJgx8QeeCRW5I3ViYw5Kc2IpSCiOQZERcuMZ6248O9COl8My//hTD9pPCO0KRhmUVATUzii2vCCk9evfHx/UHbYTgVFZcloxp/74h9sJNLoeYW6X5e4tsPadulgeCo1NGWneXi34OcTkUIBf+Sv6GgwfEHK7CtaShPQgc9O9QNiEpJgC2khuQ/v4rm2Hlr52FQehdsPaloKyMrl1O3dVWEtskyRiwbRs1dgVJWqv3MsUoFIluXFDt8KfO2iQ3XbnPbYTQVxFis7csPJNWTsUb+UhECxsS/Rhi+8LfuNxfkjoKyKW0IndT8Wn9XyGDMGWIgSVUBp+oCBYz5o8wa0KORxYjdAIkzeLYJrPEjh1HO4MLZhoFQlkO/zQ2jj3ooGOpoiLi3XkhVwmVLRxdiMGh9LxFTO3IuexPgdryW/mh2aokDSRRbF4NLfuR1EzAvSI1t2Q315PmurFlogiQcyA4qScBBOgdZq2IdO18apDe4Tmvko667oSQvYK0FrjR37r0EvXSDDOfi75XaEfQTaj4JKvM/7w31qbFM0VKU6Dw0efRb88/teonmQzJnwPomU0DFEoBkbL1k1NbjEHmR9U5HVsxu1MMX6CoqC78ot+B23+u++8YzMnT7Hx48bZ+g0bbR4Q2S1rVzrqJy01zR+Jh97KFKWsNCXng5BcKv2J6SP3r4NZm8Ookn2O2hMstQilWW3SD2tt9jlnoHVFWfjAs8/hkvWTP7to/lwfu+tvuAqla6ojxlq2amk/YS1QuffBhy2TwMT/BDmosnV9OtaOJFP6YSlpVXrCfCi4sYoCt+mYkoLHA8pxTedGEME/FIgtNBqR601uSw2qVSVVcHubMWUi7knl7EJckbQXteJd9UDeTUfp/+d7H7JJwHU/++RTd21MWZtiYwgmV5c2KVbWyJHf2wsvvmgzQSm98Y+3iIO0hQB5811R0hr0T5MGdVxRopnYEOXlWuimEuyD/od+0IfgrNSnaIlSIEqBKAWiFPjvo4BOYglse0FF275s27NLwuNBW/7jFHv/ledt9CfDMAZmWeGevbaXjH1I2mEDWlhpEjoMwh33gyH8ubRfGCC5pWylGNxYl9vYL4ZZHjyW7cyyffBwaksshi8ZQeSeEPqvz/pfE0RwFUIkKJOMZIMQDxG8RX8F/NXpyCq58B0fD30LZDpxFcP8htIOf/zuW26cE4pYcs6mjZk2c/o0u4RMeDUb1wVh2sxmcca+i/tvUQFKE9AbVrib1LfHFFWDJvD75/qvW0PtlvFFHEoNshxeRWzLvshgzYVqgK/ypBlUpWD2KuK7xWeJT5Hr/g23/8GuuO4mE/+0Ex5GWYz4OlwUkuKA3yfD7HW/I61t717O+4kO0+fNx6W3gcedFMpGcT1aN2/kmfsUP3MXBrC16+AbxmJgqVbTdoeBBUHtJX8rg00NUCFjdxVZj5TdNhcUyZK9xfYwrjc/5BTb07je3FIzwbagKHkQ5ckXIEouSIqzP4MokaJEzZaiZAoxbM5M3WNLUbrUpJ0yqsnwqr4L4Xvbb6+x2iBGzhh0np3YoYM3Y9S470Fo4EkCb5SKzKUUvmtS05EhGoeaGZ4ioocUK3rbSkI+SGmnGCg33H4HngYZ9smXX1nTJk1Al5DwA169E4hxZdQZPuY7knE8Z+2QT+R2HlJwVKKWELED3rd8TDmXBzu0P8GadT3Frr75Vlzyczz236ndutrNQ66wfXm77HUQx61atPBstKOJs6ciBZzWxC8pIY62lDsV0XfPjq12OhoiaWbew3KnAJ7KNrIifQOZBOKJ2dDOVsPYNm7SBwE4ZFHVhAjercUTLCAXTsLIh2DxSFgJOqwmHLoe0R7RO6hPAr2UDSWLGFsF/rvr/j+7b5NQJFOnTUW72cuSmyQDp6pBgMXFPFbowQplcVU8kPYnnkRAw272Jsz2A488bn96+DFfLBJSPxg+HF+SbZZ3/gWOwtgFxF+wab1LCplcBuPxvz7rAQ2H446jVLW7wkoQOhLud2TrQ60Wc34yGsk6BEiMJ7aLhIZMNowT0GjWRDitg7VxK9rk0/r2s969eqOwyXHLoyykiVitFdhRGUgmYpmWNTamUrJXLBeCc4C7dz7pRPd9V4yGn1CYXE0MlO3b+ltVAhtNIE6LVcQyi/VZigpBw7ogoCh+iWIQKJqxrJyyOKsPKlI6BUJ6sCME4yFYVKCk0r2y+AZ/a2IHlns9r3eq6LM05DMn/eBj9sjTz0DLPRYHkkBQ9ZsQ/ssxl5QhplJSY4uv28CWo/xaxAK9+qqrbAeLrErVah5PRdZnufdcBFLoVIK1ylKr+CsK+qhYK7MQ8FQUu0Ob5I3XXef9Uk7uAWTCkFuVgph+xmK9/dZboesjzPWQAKoUqrf84S40+ygLDuZY9cRatokD5e47H/FgtXKX0pzRnF0Inb/8+EM0xbXtkaf+5q5IGtvHXnjJ2p50smfdSM9IJy3xgygH492969UXnwNJdbVdhIuA3CmE2ArFRSFjB/NMwYL35xda1Xo17NrL7wGWWd8F89/debeNIwDmuuVLbRBxWuRmofgHldCGZ23cbK1OaGN33PEHe+qZZ9zNYwgKw61bt3rwy+XLlrprVTfWxcABg2gHLm8ol6SokAuPBLabcYl5Bfcf0eV30ORPzDUpEKShfe6px61P/4HWp3dvPwQVAFS+hIqZ8T6ZsOJQJBWyER5a0yXWQWhGxfom1oPxOpEMWlImSMnxFvFHRMu7yWqid2r+FeDW8wWudEMIJrUfTXFlYgjNA77X95ze1gOXrX0cyNp4FRTsljvu8sN3yvffebwTIQ7kEqb18shzL1jPju1dGaf5oKJ5GMzroL25bNRKf6b1JYWU9gkpkWT9UMyc4Z9/ahkoeoRMatquvbf3HOjYp8+ZVoXxk0tOdQ5YtdvfwRoI3jF72mRr266tBybOAvKaCPJo4oSJnsa5QkWl+j6sMpEiWgeM5qyK1pTQRLqm9aiiz1qnQdu13rSmP2PcbrvlFrsPRUI52p+FT+zaV96wGx99xMah+Jj43SgrjKtnMSjk3nn9Dfr6F3vwsSfZY2GkUAK//dqbjgBJSd3grmw6sM+GLuvXb7DGrdq4NeRr9sayPC+XtjNx2el75plHzgf2s/dRJJ7YrYcjwJ57M1TnJhgBBYdt3KQJbksjvB9bd+dYFeKRXEIMGVlz7rrmat8XpTh9Z+hQ4jh97pmv7iOWUBXGf+3atR4Y+BZcwNrBbCxevNjHqzxKrOVLl9rwyVPsxhtvtL2Dz/WYK6LPh5997kp9pZBWBrZ9KCi1Brp1udoD01WtVt0a1atvw0DONKhe1a5lHw7W2+133WuvvvS8XcaYNwAt8tif77fRo0YTsHYgblycLbheLf5poQci1hpcuholDdYP7aeh0TOyGJzkCKg/Pfq4bd+SbTvyQD7t3xOyMsEUqDRt1sxRNXKLFPxXMZ40VmJclSL+MCqGWXGMc9Ariv6IUiBKgSgFohT4r6BAEZJaPdKdVijfw9bXbuIWdvHXOjvED+lzcMb7H8QOaU02wR3ZBOgvKEbSLR++2x84ptzBt4eKeKa4qrEWa408XuAZgy/02HDTx44A0VzXM54eutk/qDVkg+HdIRWN/g5LAeFf4k8C3n8T8ktzYt9dQgwOyR15uSDA6za0gcR1KwQBm4CxfRbyTCUQ3YqLtmzBXM8Md/7gwR7D7pyBg/w+cUAyShqIywIZeX6ulOA3S94uZP0hVCrhF+CirP/lVzoPGinfKsGIZ+CRcYXisit1qwg5vB2ZbTvx8BTgVEXhDoR4VanfvDWfiT3HGd8fQ9QS3LDnTJtiQ1CuCD1RN6m6u5rrnJcxd9HsmY6c7X0W/aOPc4nhxhvJGNlSVhLCyMQ6j+uVl/JDrcqimTVBl2zft99uS8vxTDezig7Yk/UT7HpcayqXL2uTcwrtm91FdgmKkvvrJdhJCSFFibo1GUXJwHXwZiBTapQrY3vCY4o5UZPQ39oCRdKEzz9ypUUS/NJW2q/4LnnIVldecgnya1tbg4u45lY9MneqaGxVZBxXNqQGtWrYdxMm2WnfjrQLBg+0vz3+qN3z+9s9Bt1mvAxGjBlro6YQt3HyVDurTy97+L577forh7g7vuqRnMBCQYbnN0X8uUpqejoptdva3b+71W5GqZOWsd56XnI5bv1v2O9vvsluue63dukF5+NCX8/58e8nTcbF/BOLJ4iuELuH1pfXduwfMRaf+GjpXzOx8nOJn5fk8T+aMXhNmjbzly2aPtmSatXx7CxNWBRyP1B6yMUL5lvHk7vYZpjlLVIAYHVTxpn0lDWWjCYxDrhVZiZMN0L6onlzufdkEAWZrhyoVbc+ioK6fr1cYiU0PuER02DxWRZdITskoG/GyhjDPZ59Ji4BV4E03FkyLIsJvD4jnQCdm2zqhPG2CsseGCJSzs6xH4A59yBmiWJVPEbK2bmzSDVKx7t1624TcNmYQRyDMgjKGzast4+Gvcs3DEh5MjBgKSxbPsbWAi/6aOg7lgXDn7+nwFbjo5+Xu4dYJ8sJGnjQitDhhFts1bGUK8DRts0bcQUizRYM+l4W1MHyFUiPmQL0az0uTVtoa4YHEx09/GvWRbHD9Ie9+bqtw5KroIkK6CoN23fjxtr29elkYsknuOsGt/7+tHylFcexYarechWAqqXaNjRzm0FEbKDerVgtFTxSk1puMPKTXzJ/rgdbVdabvz3xmM35caY1YkybNW2KkPSyZWXvssydu7FuroJBL2B2xttW6lu1erXlHiSGRnhMZOlUX9bD0K9dt87ytWFXSES3tN19+XIshkweqywTQa24XBz3rbP11FNwsDwBojJc4MkrU87mTZmA8onUoVizJyA45uzKti1Z2bZs+XKytxRaAUOfj+BepUo10ohOs424tOxlE1Jmo7XLFnnQx7nTp9oGgj5qo/6R2DfjRn3rqWm1yL8nnk4Z5kkh31VnHgtJI4XBTuK+pDNnMtHkKhCrAkhO5v2xWN6F8PkkHPyxYeMmpFReYNnbGfMYDi76uJX5K+FoN8JzRlqoDqVL3gGEbd70SWRkKXB3tffe/ifuoblMoQTc0uaF5jkwP/k7ao5l5u61BWwMhcxnIVBGIICtJL6OYtjsCZRuKCkPHgDFxBxWKlRlVNG96cyPfbmMQZn9HmypkHeXTajAfIgFLrfP1jJ+2bifLJw9A3jjLndnmMbGNgHXCcVdSVm+xDIYj0LaunzpMrI9feJWewU71rMBTSb9MMlpIlq9/85bvk2UQYs+GwjlNvqiQ3E9G5XcSbbQn4NShgaLgLtLroP9fB9fKdG2gHSaMnEqwnyMr4H3337TCvIJIJazl+vfWQxrfQN1fv7NSNLIZTLnt/i+s4D9ZTqIoNS16zxrjdbGGIIG5+/ZZZuwvijDTD5zby7zSugvHWrDUOIwaTxOx2r6lsNBhFOox+mR4K15uI+Dnn3QtoNAyFyXAlIHBSZjupH/yrIiwXX0pClWiXWdwVpYxXOJzBWlypvEPqP3jBwzmsDXK8hNH0cA16UcOCDPeG4d//PLlLcE9gMdhNm8Qwid6YyHYgIpLbnQQCJbMQeN2pbKO9Yz1wt1GADnVD2K8L0Vy0wK+1DOASKno8BYi9VmE2tW71xPu7XWfS5Pm8t+WdZSaOe3X0hRUNk2MFfl5pZfRi5uEriZz6zbmRPGOrIlg3H89INh+LdV5jAqb2UJrlw2IdEZBdW9AcYguVlTXN9ymVczXWG57wComQNFntL7qPmwPdfn52z23rztOaTIjbOiHdutLcggZQNTBjEFLy1kfiud+Rr2UcU1EROiNaJYUjtQnmxkrkyeOAsylCOuz3zPUuYWF/r6E7GntJa15+t+KZ23cX9KarpbdtZxeH+Cy1bhPrZyILeiLyNNv4nXcnC/W64UvypDeydjmMn+pYxiR6w3As1uys23zZxTUsTmQvuMlcuIor6S+xTwfLq7/Ml9LYdxFOrkAGO4nVhJQpvl7ieVM3UopsoOFCjlOOw9sBx7ayZjsoH7DrJHrFo4zzbTBgV9m49CUNnYlGL9UIa145yDx8we5ys2+iNKgSgFohSIUuA/iQI67y0u17L31SCDZHnORxDXnPVyhU1MrIh7rP4n+n/9HfxXJjwpLFJStlrWptXIJtR0UAIt7rVY+KWAiJQ7ju6zDn8yjhYmWGF2mp113kD4mLa4faYhV6XZ/vg40Kf7qA254mDE/wMgUEgdjJBElTv4j3xEkXAsnkXozfWcZ/vgRVLgY2WgzMfPZxyCr87hwm274Um3u4FShuvVBPTPBb2uOHIHkOF0/skgvXhNCsBrkNe4VMxEoZK1YRNeuMiDes/PlGP1vxzGhWIMa3VxaxWKuinKps4E4W+DcVBeBXVRVjXnmuRbGdiEem8Pb5dK23bBs9Rr1MRj5C0lS2In5EVRW6jijid1IkFDDRs9ZZqdSqDctqBHG2JQkaF0xfJlnmCkKbJuizZt/T4hSYVqrV+/AbQ9QIKKetb11J62KHWtxR4oBlnbHffcttb99NMRX8pa2orFKJaqgDIX13L8gvnFqiGjpBYcsEyUHrejJLmrboLVKhcSTGshw+r784hJcmolFDDcL3Z9EoqSwSBK9kpRwvdSvMRBryLGpgAFx703Xe+89hPPv8Q8rUqyjRo2Gz78iWdBPf0w0VIWzkcOa0gsxiSQOAT1ReaaMGWKNaSP30+cZLPhjwaRFVSBVj8bPsJWp6yzr5CvKiXVRO5Mds8Syel/evQxe+v9j23vhlRSLO/3LLQy/onvfejJpz0WoDJVDsMgeWK71i6zzgGlMwG0+eqNWxzNopiAkidnc33WnDk2+tOPLB8hv0mjhh4vMBXD57CPP7MXMBLm5+UQ5gCe+8DPzytRXimky2DpO+bdgj4pBW+LEzp62tA1Kal0Og+iVPDUki25Lsv0goXLECQSPY90rYr8RuhSGs+aCOWFCLu7EdarJiSgWSMVK8JcUiLxKkBm1Ob73fy9D8tZPAxzJQSQbfgwBRpVNTIoupYIEy/IWn4E8sG3CQQjpa+KLIkw4nkIX/JfV6leryEwqm128x9uQztWw2OYxDPhFyH4jkFZIRcGBfRUSSQeRIGIyAIVcZQBQiUB5jWffkmjVSjrcQ7+UwTBjKlUASjPYTIqEGoCTHMO9/hm4k9rcuKaAlogaFP4cqherJ0qnjKqsNgSKsSSvip0LchTrrqKUCYIISOBIaBTENVZcLXIUr0ufUa54iWxupUhZkFDJvUV+Jipb1I8lUX4HT1qpK1QvA4FRmXM2cVAoIQDQBajvQbCVVLD6X0hALDii5Shr04rWccJIFSGQJAHc/guMdaFrQO6D2FHKIL9+2g70y4GoUHoJaUo9VKhKnJaguVt03jhYoBf5KENkrZWY+HuRPmk7xTnoXJivO1hY5NrwU4Ed0bJq/Fx3gNcMTfbrd+imc8RbTi4xxxVcCNLoG5proNx1twRTfds5X2Mb+Av6fUgnDr9j6gojnGr5vnXg/7EAWdUHfnKV05wyaMKFvby7FYK4uSF8alSCdSJ5hXPqfj7aL9Srx5RGCehHYqyaEtlXEFQkkhp5vMhuJ9YEJW4nhNOgabnpSjZifJOAUX3blc/Qm5bisuRwzr1GDF6F88m8Kwr+LJDvn5aE5rh+VlYCQ6E/AxVZ1CENIic67pe6jqgfe4fy3gcCK8rCYUaa/VXG7ggoSoKVusomx28E3c1FVnaNVYF7EtemAuJKIp8rbPZ+7xC6blbY0eRS5M2unw2fyJWoTzTIY+iQH/zrrLaU0SzoIT7G/wZ+s0z1aq4RT+BOZwHTWuT/vbKK6+0Lz77DEXCGqdZJdas1jwaPqCuFezAXj5zWJWF3npHVWiqlN6hEg+staorA4Px1nUfc60/tZN5cGidsX78vr3UTbYwR57kUX/kGmN9V6QNHsA1PGcU0NWVBKI1cz1oi94lJiIe2uSEXa0Eu93LGi7WOlZDgsKeJf/e4iytn2KH5+ZAPyEO9+9iDoGSKFnKobUv3geNIW0c1hEFC9N8KNrJ2mQsNeaaX660KeZ9oMSOKsxD7w9z08LjosxFCtC6nzSLDOhRj3j2mN2wDgX6nmFhvuxlvhTyP6Cz75eicfieoBLNN7cylFxv7LVEW2Zi0nYgqZU5q/bk0W/2GBVfVxzSQf2+DtVmzpCYuPIwpjybwx5QnXrC5dBZEAfzyTgkCk1Wcq1qLpUoxzoHS9wW/TNKgSgFohSIUuA/lgISvvagmMDNJLaMJVXezfkYR2sjeJGj2u7cATwciRT2wKvHZHCHeDh4dkqp/JZ/E/rhSP6iHZZUpY2d1PVS3J+zQSZXBb0x3+ZMncV5mG/9QAk0atzEQyhEMgHKhrN3b1WMa2tt8cy3cNdpyJkaOn+9VeKhJIfB61TgnBd604vOTr6Tm3DxLs7lYniFsiiCalR2WUpnJA0nAQMGZRQqZapXJDaYeAF4As5/ucsUluRHQjUf9fPn+i/3mpb16zq6O4R6L4NL7woUJY09PMOaFGK97c7DbhZrlUCAZyOcKwlHNfjLnZs2WN/B51ujBg1MyS9UBhOPrCbI0qGvv2J1k5u7gK/MiVvSN2P0rIZsk20n9ehE9pYDIGBXOr8hFx4pi4Q2UbkV5KrQsT9O+oEA8MpEWQ8Ze6etwc1bvJsySP4rpTqDkQ1J21eIsTeTK1sPFCOSTadhfP5zZp5dUS3Wbq1DTEMY7cm7CfKKoiQLREoSvPOO8NQTz50vHorYnKnTJoPOTvTMNZ++/SYBHZPhb5Fpshlfxkeu2HuRVwkWKLg20V/FdzOPmzYGYQu/BB9UBiSRpof+jqN9ikljeVyoXTn0DHwkGj6cHmpablgmIH4AftVh2dUJUIWfYfm2MnNfc17vxXXt6AKvDJ96qMRUg+eUDHa4jgRom/8LaVsePryIuXNcZYkzukzigu1qEB0Us83fYvxDASolSNEomEy4dxcmDgoahgAt6NIBMYkQQjD+A1pIohjPS2gpi7B8QMy0hG0a40wqGqUyWDRF11JL0DnqjixiPCV4RhbB2jUhyqGh02TR/wMS/HfvsJO7n+JKHmm55MqizA17GNQ42qkiTV4gQKluKY2COvS9vhPDrWCVmszBvfrOi/qptobrCy7rt56TkBJsirpV71M8BxV9Vk/0Pr1X79c1/a2id+qamP9IOpUL1xtS76CU4X49p/v1Tn0WPQrCgmjPXn28nmlT5tCUXE9fKqFCz+m+QOOmdwXt8QZE/FC9akPQf/5kCoNIKlGH7tM9ujfyGdUrTaueCfqod2uTLi2YU2RfAnpw86E+6h0aD7W5EpvsHuZfJI1C2kE9cbhoIw7apfr1WW2RMFqFjSCfeVsUsVmrfaG87YdrFq3UnqA/opjXoWtcLOlvyWVvp+a9vtNz6u8h5dDh5vmnOG0mESWyzao/GKvgFvVTbVYLgzmk9qlNQdEc1JzRqAT16bvIZzVWR9CEOkTbI9fa4bkW1H3otzqqd5ayDkL1hPoV0ErPlXZdNNc6DsZX9wX90rPqW8l5pX5oHgV1i8aqO5g3kfervqAcOUdC92tvEi2Dea72yM9RClEFo/b5i6VAMTH0nhi+15iU9o6g3Rrr0ua42uH187zeqaJ6fDS5ENkH3ReMvd8Tbqc+h8YttB647H/rnSUhh6E5qFZrTh79va6rPtFNdSawf0cq9ELjFXpe94rmopPoHkmL0Hf0jboSodtunQ0RpeQc11eBa1LQn8jxP3K/01tDe4b6GMwX0U/7Qck+q+6S7abrh9ZHybaoHWqDnlG/VII2lVxX/iU/dK+K2qzPuj941r/gh65pXLnFi+jr17hwXCYp3AZXbAeVRX9HKRClQJQCUQr8l1BA/P5mZKa+oBzJ9lKI8LlfQl74MCi1F5wpOixQwMeUIwHAAQycLkCWDz2n73Q2lMJvqTpOMB6XsqKR9ep5J7G0QCKQBnjOhLkYLzCgYehsnlzHrfAK6nlEAcVcVJwE8nMLAdW/tLJx9TnbDp/hOu3ESxzmkUJ8bcBv6brONp2F+qzrJZ8Jzj7xT/qne4L6jmjLsf7g/uP132lHfJZIGssdef8OCeEoAKog30I7fye0IHew8+9OCYw8dZPrWb9+/XwMhI6VJ8L0qVNx+5BRlfGUMRaXoRiylCrsQDkMZcVhY6gQ4zKknn5Wf2uF+/DeXFDnhBsQqn7EZ1+jXEkiHA3KBbJ4wiWBOK7piONjdfV416vy5S4Y1JaJ5ezDppVdbXBbRo4tJoaJGNehzStZM+KVXJeeY+tIKZyE602gKFG9brhRW+rWtE1zZrisfA/hEd4i8UFVjMDiTeRiIwOreKsExkseAAdx/amIIU9jvCdvX0iW5zMaJ29uGZQwoqXkbJksczDcakzKQ+dE5vQujH99z0A2B8QwfOQPdnrPzp6GWEH3Fy5Zat06nYg+hmy0C0Dgg9SW50Wz5CY2e9Fi69r+BDKr1vRsskuWr7TTT+nhGWvTNmxwl6juxFZJ35BpzUGzZOE9MX7qDKkmfKxLzHRva/BD/G7+th2k1O7CjDwOsiR4QMxnMHlVccB8SuDShI9cECKUvtd9/jnMDGoh6V5NxGDBRN5bcuFw61FFdFfFx+vcUQ9FXFAbqsCoh4I28gVohqrVKtquCKtgxO3/1ke9K6DTv1XRr/kwtI9j8LUpBaiVkOWdCSGtoBP413xhtK7/3ynwH7kOfq1BkRKthCLr16o6Wk+UAseigG/T/8Y5eKx6o9ejFIhSIEqBKAX+b1FAkkwF2G4J5TIm/9L3SuEgYxDW/xIP/Ry/5SIUcgAWblx1y4PQzbby1UB8wsq4XCYUr8kKf4ySkGRl4kno8Yvbeox6/pcuH6//6rsHb+V3WJR0g1Vp8m0gowbNlAGlQJn2UKqcSLIMxQ37ackq9xII0LuSqyJlYb1DMrJIJcNYSPDebHVAJTesX8+zka7CHSnwEtA7XSbmicAIFrz/X/1dhZfvLiZ+CGN1EoqRMTuJf8iUUZt2ytJHu+LLIovzEbXIEUUG7CKhoqtWto9eeBawUHl79Z13bfqkGcSgIQupG5APG+ul3AoZfTHi00/JvVKIyL1c8r4+6736OyiHn5HYiSEULwe98h/PPWmndu+GC/5wa9ywofXr28dmzJptX4wYZY/88R7CEayC7kvsmiFXWEpamnUmBfBfnvqr3Xj1Ve7ipXfr2Xde+YfNJxHAY7gPDaSOntT51xdetMFk9KyBIurt9z6wr3E7F2Je/SltOquNlWm7klz85dFHUWH9ghIauKOrK80yGqkJjPwcKFD0uuB68FvXVPvPKRf+3QWq+mXR1OQWw6l+7Ypwe1A7fq3yc335td7zL9VDp2Ul1YKUm4iKsq7kS/MngkRLlAK/MgX+I9fBr9RHBSoODsdfqcpoNVEK/CwF/t1z8GdfEL0hSoEoBaIUiFLgf5kC4rmJ9QYq9aArP37p61xa4uajxbef47f0ZEihkIk7BO61VRUTI/RegUliaiimVkg2KNkamcAlM/0nnz/H67/6XprMWpp8Gymbig7uqVCDkAu4ciyaBxqfItfz8grOH5afSj6j90WiSYW+qIgXw5asnbYlI1U1+N95QmXwl3jJX4uf3E2FlXGt2UUIhTHIuJVRlAizIhWbgrgKU65ArnLiKlkcSQ/ag6AzduVll4a/jqe/lUPycokHhKjeS6y3yOIyZfhCacF5I5+JQWOzn7ANjVs0tjkLfwKRE+OxUZasWOHBXVNS0zyOzLsffWJjJk+xjsmNLZt4hUo1LNepqrgJTZ423RTPpzzPKgmLFCXTiGGprLY5xMJZRPD/dGJbLlu52s5BCZOYEO+tkyxcWtFl1JiuKLn2xpvspA4d+OsXIEtKqyx6LUqBKAWiFIhSIEqBKAWiFIhSIEqBKAWiFIhS4H9CAQlsEpf/lfI/eeZw/XLJkUAYEvB/6bv/vXcefvt/7yfRLOSGH1JuHE85c6xeSkAXCiVQPh3rvl/jegUqkZNWKOJfqEY5gGkkQ84xoWvH+lmb2JBSrWSjmDiua/CxKvgF10XTg6A7kgjQqqySqSQGqY8ST65MfXp0I91vcxsx+juPVVhMvNLVq1KtRbsWHgumYd3atoesnguXr7W7bvqtLScIvwK51iP2y7RxY+yErj1s2dxZdnq/AY48ad28GeFVEuz1tz/AdYpVAMKmpJJLtIkHUZIPsOKai8+3QaBRqhLc9v8AIz542/0P9x4AAAAASUVORK5CYII=\"><br><br>2. Select <b>Yes</b> when prompted by the confirmation dialog.<p><b>Using the PAN-OS CLI:</b></p>1. Enter the following operational command:<br><p><tt>&gt; delete debug-filter file *&nbsp;</tt></p>2. A confirmation prints to the terminal and indicates that all packet capture files were successfully deleted from the firewall:<br><p><tt>successfully removed *&nbsp;</tt></p>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-07-10T20:55:00.000Z","lang":"en","value":"Updated fix availability for PAN-OS 11.1"},{"time":"2025-04-09T16:00:00.000Z","lang":"en","value":"Initial Publication"},{"time":"2025-07-11T16:30:00.000Z","lang":"en","value":"Updated the solutions table"}],"credits":[{"lang":"en","value":"Saurabh Tripathi of Palo Alto Networks","type":"finder"}],"source":{"defect":["PAN-257442"],"discovery":"INTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.5","PAN-OS 11.2.4-h9","PAN-OS 11.2.4-h8","PAN-OS 11.2.4-h7","PAN-OS 11.2.4-h6","PAN-OS 11.2.4-h5","PAN-OS 11.2.4-h4","PAN-OS 11.2.4-h3","PAN-OS 11.2.4-h2","PAN-OS 11.2.4-h1","PAN-OS 11.2.4","PAN-OS 11.2.3-h5","PAN-OS 11.2.3-h4","PAN-OS 11.2.3-h3","PAN-OS 11.2.3-h2","PAN-OS 11.2.3-h1","PAN-OS 11.2.3","PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.6-h7","PAN-OS 11.1.6-h6","PAN-OS 11.1.6-h4","PAN-OS 11.1.6-h3","PAN-OS 11.1.6-h2","PAN-OS 11.1.6-h1","PAN-OS 11.1.6","PAN-OS 11.1.5-h1","PAN-OS 11.1.5","PAN-OS 11.1.4-h18","PAN-OS 11.1.4-h17","PAN-OS 11.1.4-h15","PAN-OS 11.1.4-h13","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 10.2.14-h1","PAN-OS 10.2.14","PAN-OS 10.2.13-h10","PAN-OS 10.2.13-h7","PAN-OS 10.2.13-h5","PAN-OS 10.2.13-h4","PAN-OS 10.2.13-h3","PAN-OS 10.2.13-h2","PAN-OS 10.2.13-h1","PAN-OS 10.2.13","PAN-OS 10.2.12-h6","PAN-OS 10.2.12-h5","PAN-OS 10.2.12-h4","PAN-OS 10.2.12-h3","PAN-OS 10.2.12-h2","PAN-OS 10.2.12-h1","PAN-OS 10.2.12","PAN-OS 10.2.11-h13","PAN-OS 10.2.11-h12","PAN-OS 10.2.11-h11","PAN-OS 10.2.11-h10","PAN-OS 10.2.11-h9","PAN-OS 10.2.11-h8","PAN-OS 10.2.11-h7","PAN-OS 10.2.11-h6","PAN-OS 10.2.11-h5","PAN-OS 10.2.11-h4","PAN-OS 10.2.11-h3","PAN-OS 10.2.11-h2","PAN-OS 10.2.11-h1","PAN-OS 10.2.11","PAN-OS 10.2.10-h18","PAN-OS 10.2.10-h17","PAN-OS 10.2.10-h14","PAN-OS 10.2.10-h13","PAN-OS 10.2.10-h12","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h21","PAN-OS 10.2.9-h20","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h21","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h24","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.14-h11","PAN-OS 10.1.14-h10","PAN-OS 10.1.14-h9","PAN-OS 10.1.14-h8","PAN-OS 10.1.14-h7","PAN-OS 10.1.14-h6","PAN-OS 10.1.14-h5","PAN-OS 10.1.14-h4","PAN-OS 10.1.14-h3","PAN-OS 10.1.14-h2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-0114","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Denial of Service (DoS) in GlobalProtect","datePublic":"2025-03-12T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-400","description":"CWE-400 Uncontrolled Resource Consumption","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-125","descriptions":[{"lang":"en","value":"CAPEC-125 Flooding"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"unaffected","version":"11.2.0","versionType":"custom"},{"status":"unaffected","version":"11.1.0","versionType":"custom"},{"status":"affected","version":"11.0.0","lessThan":"11.0.2","changes":[{"at":"11.0.2","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.5","changes":[{"at":"10.2.5","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","lessThan":"10.1.14-h11","changes":[{"at":"10.1.14-h11","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect portal and the GlobalProtect gateway.\n\nThis issue does not apply to Cloud NGFWs or Prisma Access software.","supportingMedia":[{"type":"text/html","base64":false,"value":"A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect portal and the GlobalProtect gateway.<br><br>This issue does not apply to Cloud NGFWs or Prisma Access software."}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2025-0114","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"HIGH","baseScore":8.2,"threatSeverity":"MEDIUM","threatScore":4.6,"vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"This issue is applicable only to PAN-OS firewall configurations with an enabled GlobalProtect portal or gateway. You can verify whether you have a GlobalProtect portal or gateway configured on your firewall by checking entries in the firewall web interface (Network > GlobalProtect > Portals and Network > GlobalProtect > Gateways).","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue is applicable only to PAN-OS firewall configurations with an enabled GlobalProtect portal or gateway. You can verify whether you have a GlobalProtect portal or gateway configured on your firewall by checking entries in the firewall web interface (<b>Network</b> &gt; <b>GlobalProtect</b> &gt; <b>Portals</b> and <b>Network</b> &gt; <b>GlobalProtect</b> &gt; <b>Gateways</b>)."}]}],"workarounds":[{"lang":"en","value":"No workaround or mitigation is available.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"No workaround or mitigation is available."}]}],"solutions":[{"lang":"eng","value":"VERSION           MINOR VERSION            SUGGESTED SOLUTION\nPAN-OS 11.0       11.0.0 through 11.0.1    Upgrade to 11.0.2 or later\nPAN-OS 10.2       10.2.0 through 10.2.4    Upgrade to 10.2.5 or later\nPAN-OS 10.1       10.1.0 through 10.1.14   Upgrade to 10.1.14-h11 or later\nAll other older                            Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>PAN-OS 11.0</td><td>11.0.0 through 11.0.1</td><td>Upgrade to 11.0.2 or later</td></tr><tr><td>PAN-OS 10.2</td><td>10.2.0 through 10.2.4<br></td><td>Upgrade to 10.2.5 or later</td></tr><tr><td>PAN-OS 10.1<br></td><td>10.1.0 through 10.1.14<br></td><td>Upgrade to 10.1.14-h11 or later<br></td></tr><tr><td>All other older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr></tbody></table>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-03-12T16:00:00.000Z","lang":"en","value":"Initial Publication"}],"credits":[{"lang":"en","value":"an external reporter","type":"finder"}],"source":{"defect":["PAN-209208"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.0.1-h5","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h4","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.14-h10","PAN-OS 10.1.14-h9","PAN-OS 10.1.14-h8","PAN-OS 10.1.14-h7","PAN-OS 10.1.14-h6","PAN-OS 10.1.14-h5","PAN-OS 10.1.14-h4","PAN-OS 10.1.14-h3","PAN-OS 10.1.14-h2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-0115","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI","datePublic":"2025-03-12T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-41","description":"CWE-41: Improper Resolution of Path Equivalence","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-126","descriptions":[{"lang":"en","value":"CAPEC-126 Path Traversal"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.0.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.0.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.0.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.0.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.0.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.0.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"affected","version":"11.2.0","lessThan":"11.2.3","changes":[{"at":"11.2.3","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.4-h17","changes":[{"at":"11.1.4-h17","status":"unaffected"},{"at":"11.1.5","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.0.0","lessThan":"11.0.6","changes":[{"at":"11.0.6","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.10-h18","changes":[{"at":"10.2.11","status":"unaffected"},{"at":"10.2.10-h18","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","lessThan":"10.1.14-h11","changes":[{"at":"10.1.14-h11","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.4","versionEndExcluding":"11.1.4-h17"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.0","versionEndExcluding":"11.1.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndExcluding":"11.0.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.10","versionEndExcluding":"10.2.10-h18"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.14","versionEndExcluding":"10.1.14-h11"}]}]}],"descriptions":[{"lang":"en","value":"A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files.\n\nThe attacker must have network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. You can greatly reduce the risk of this issue by restricting access to the management interface to only trusted users and internal IP addresses according to our recommended critical deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431).\n\nThis issue does not affect Cloud NGFW or Prisma Access.","supportingMedia":[{"type":"text/html","base64":false,"value":"A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files.<br><br>The attacker must have network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. You can greatly reduce the risk of this issue by restricting access to the management interface to only trusted users and internal IP addresses according to our recommended <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">critical deployment guidelines</a>.<br><br>This issue does not affect Cloud NGFW or Prisma Access."}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2025-0115","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"The risk is highest when you allow access to the management interface from external IP addresses on the internet. Our recommendation is to remediate as soon as possible."}],"cvssV4_0":{"version":"4.0","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"MEDIUM","baseScore":6.8,"threatSeverity":"MEDIUM","threatScore":4.3,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"You can greatly reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface. This will ensure that attacks can succeed only if they obtain privileged access through those specified IP addresses. We recommend remediating this vulnerability in your next scheduled maintenance cycle."}],"cvssV4_0":{"version":"4.0","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"GREEN","exploitMaturity":"UNREPORTED","baseSeverity":"MEDIUM","baseScore":5.6,"threatSeverity":"LOW","threatScore":1.6,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Green"}}],"configurations":[{"lang":"en","value":"The risk is greatest if you enabled access to the management interface (HTTP, HTTPS, SSH, or telnet) from the internet or any untrusted network either:\n\n 1. Directly; or\n 2. Through a dataplane interface that includes a management interface profile.\n\nYou greatly reduce the risk if you ensure that you allow only trusted users and internal IP addresses to access the management interface.","supportingMedia":[{"type":"text/html","base64":false,"value":"The risk is greatest if you enabled access to the management interface (HTTP, HTTPS, SSH, or telnet) from the internet or any untrusted network either:<br><ol><li>Directly; or</li><li>Through a dataplane interface that includes a management interface profile.</li></ol>You greatly reduce the risk if you ensure that you allow only trusted users and internal IP addresses to access the management interface."}]}],"workarounds":[{"lang":"en","value":"Recommended mitigation—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our critical deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n * Palo Alto Networks LIVEcommunity article: https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-ac... (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431)\n * Palo Alto Networks official and detailed technical documentation:https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administr... (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices)","supportingMedia":[{"type":"text/html","base64":false,"value":"Recommended mitigation—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">critical deployment guidelines</a>. Specifically, you should restrict management interface access to only trusted internal IP addresses.<br><br>Review information about how to secure management access to your Palo Alto Networks firewalls:<br><ul><li>Palo Alto Networks LIVEcommunity article:&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-ac...</a></li><li>Palo Alto Networks official and detailed technical documentation:<a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\">https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administr...</a></li></ul>"}]}],"solutions":[{"lang":"eng","value":"This issue is fixed in PAN-OS 10.1.14-h11, PAN-OS 10.2.10-h18, PAN-OS 10.2.11, PAN-OS 11.0.6, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions.\n\n\nVERSION           MINOR VERSION            SUGGESTED SOLUTION\nPAN-OS 11.2       11.2.0 through 11.2.2    Upgrade to 11.2.3 or later\nPAN-OS 11.1       11.1.0 through 11.1.4    Upgrade to 11.1.4-h17 or 11.1.5 or later\nPAN-OS 11.0       11.0.0 through 11.0.5    Upgrade to 11.0.6 or later\nPAN-OS 10.2       10.2.0 through 10.2.10   Upgrade to 10.2.10-h18 or 10.2.11 or later\nPAN-OS 10.1       10.1.0 through 10.1.14   Upgrade to 10.1.14-h11 or later\nAll other older                            Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue is fixed in PAN-OS 10.1.14-h11, PAN-OS 10.2.10-h18, PAN-OS 10.2.11, PAN-OS 11.0.6, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions.<br><table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>PAN-OS 11.2<br></td><td>11.2.0 through 11.2.2</td><td>Upgrade to 11.2.3 or later<br></td></tr><tr><td>PAN-OS 11.1</td><td>11.1.0 through 11.1.4<br></td><td>Upgrade to 11.1.4-h17 or 11.1.5 or later</td></tr><tr><td>PAN-OS 11.0<br></td><td>11.0.0 through 11.0.5<br></td><td>Upgrade to 11.0.6 or later<br></td></tr><tr><td>PAN-OS 10.2<br></td><td>10.2.0 through 10.2.10</td><td>Upgrade to 10.2.10-h18 or 10.2.11 or later</td></tr><tr><td>PAN-OS 10.1<br></td><td>10.1.0 through 10.1.14<br></td><td>Upgrade to 10.1.14-h11 or later<br></td></tr><tr><td>All other older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr></tbody></table>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-04-02T20:00:00.000Z","lang":"en","value":"Updated unaffected software versions"},{"time":"2025-03-14T23:40:00.000Z","lang":"en","value":"Added recommended mitigation measures"},{"time":"2025-03-12T16:00:00.000Z","lang":"en","value":"Initial Publication"},{"time":"2025-06-12T16:25:00.000Z","lang":"en","value":"Updated fix versions for PAN-OS 10.2"}],"credits":[{"lang":"en","value":"Stephen Kelly and James Loose of Visa Cybersecurity team","type":"finder"},{"lang":"en","value":"Deloitte Romania, represented by Razvan Ilisanu and Matei “Mal” Badanoiu","type":"finder"}],"source":{"defect":["PAN-254174","PAN-259758"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.4-h15","PAN-OS 11.1.4-h13","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 11.0.5-h2","PAN-OS 11.0.5-h1","PAN-OS 11.0.5","PAN-OS 11.0.4-h6","PAN-OS 11.0.4-h5","PAN-OS 11.0.4-h4","PAN-OS 11.0.4-h3","PAN-OS 11.0.4-h2","PAN-OS 11.0.4-h1","PAN-OS 11.0.4","PAN-OS 11.0.3-h13","PAN-OS 11.0.3-h12","PAN-OS 11.0.3-h11","PAN-OS 11.0.3-h10","PAN-OS 11.0.3-h9","PAN-OS 11.0.3-h8","PAN-OS 11.0.3-h7","PAN-OS 11.0.3-h6","PAN-OS 11.0.3-h5","PAN-OS 11.0.3-h4","PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h5","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h5","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h4","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 10.2.10-h17","PAN-OS 10.2.10-h14","PAN-OS 10.2.10-h13","PAN-OS 10.2.10-h12","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h21","PAN-OS 10.2.9-h20","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h21","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h24","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.14-h10","PAN-OS 10.1.14-h9","PAN-OS 10.1.14-h8","PAN-OS 10.1.14-h7","PAN-OS 10.1.14-h6","PAN-OS 10.1.14-h5","PAN-OS 10.1.14-h4","PAN-OS 10.1.14-h3","PAN-OS 10.1.14-h2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-0116","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted LLDP Frame","datePublic":"2025-03-12T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-754","description":"CWE-754 Improper Check for Unusual or Exceptional Conditions","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-153","descriptions":[{"lang":"en","value":"CAPEC-153 Input Data Manipulation"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"affected","version":"11.2.0","lessThan":"11.2.5","changes":[{"at":"11.2.5","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.6-h6","changes":[{"at":"11.1.8","status":"unaffected"},{"at":"11.1.6-h6","status":"unaffected"},{"at":"11.1.4-h17","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.10-h17","changes":[{"at":"10.2.14","status":"unaffected"},{"at":"10.2.13-h5","status":"unaffected"},{"at":"10.2.10-h17","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","lessThan":"10.1.14-h11","changes":[{"at":"10.1.14-h11","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this condition causes the firewall to enter maintenance mode.\n\nThis issue does not apply to Cloud NGFWs or Prisma Access software.","supportingMedia":[{"type":"text/html","base64":false,"value":"A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this condition causes the firewall to enter maintenance mode.<br><br>This issue does not apply to Cloud NGFWs or Prisma Access software."}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2025-0116","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"MEDIUM","baseScore":6.8,"threatSeverity":"MEDIUM","threatScore":4.3,"vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"To be vulnerable, all of the following conditions must be true:\n\n 1. You must have enabled LLDP in your PAN-OS software to be vulnerable to this issue. You can verify whether you have LLDP enabled by following these steps in your web interface:\n    1. Select Network > LLDP.\n       \n    2. In the LLDP General settings, verify whether LLDP is enabled (checked).\n 2. LLDP must be enabled on at least one network interface. You can verify whether you have LLDP enabled on an interface by following these steps in your web interface:\n     1. Select Network > LLDP.\n        \n     2. Verify if any interfaces are listed\n     3. Verify if for any listed interface LLDP is enabled (checked) \n\n 3. The LLDP profile associated with the an interface must have the \"Mode\" configured to \"transmit-receive\" or \"receive-only\". You can verify the \"Mode\" in your LLDP profile by following these steps in your web interface:\n     1. Select Network > LLDP.\n        \n     2. For any interfaces where LLDP is enabled, find the profile associated with it.\n        \n     3. Select Network > Network Profiles > LLDP Profile\n     4. Select the profile used with the interface\n     5. Verify if the \"Mode\" is set to \"transmit-receive\" or \"receive-only\".\n\n\n\n \n\n","supportingMedia":[{"type":"text/html","base64":false,"value":"To be vulnerable, all of the following conditions must be true:<br><ol><li>You must have enabled LLDP in your PAN-OS software to be vulnerable to this issue. You can verify whether you have LLDP enabled by following these steps in your web interface:<ol><li>Select <b>Network</b> &gt; <b>LLDP</b>.<br></li><li>In the LLDP General settings, verify whether LLDP is enabled (checked).</li></ol></li><li>LLDP must be enabled on at least one network interface. You&nbsp;can verify whether you have LLDP enabled on an interface by following these steps in your web interface:</li><ol><li>Select <b>Network &gt; LLDP.<br></b></li><li>Verify if any interfaces are listed</li><li>Verify if for any listed interface LLDP is enabled (checked)&nbsp;</li></ol><li>The LLDP profile associated with the an interface must have the \"Mode\" configured to \"transmit-receive\" or \"receive-only\". You can verify the \"Mode\" in your LLDP profile&nbsp;by following these steps in your web interface:</li><ol><li>Select <b>Network &gt; LLDP.</b><br></li><li> For any interfaces where LLDP is enabled, find the profile associated with it.<br></li><li>Select&nbsp;<span><b>Network &gt; Network Profiles &gt; LLDP Profile</b></span></li><li><span>Select the profile used with the interface</span></li><li><span>Verify if the \"Mode\" is set to&nbsp;\"transmit-receive\" or \"receive-only\".</span></li></ol></ol><img alt=\"\" src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA9gAAAE6CAYAAADtOfrRAAABXmlDQ1BJQ0MgUHJvZmlsZQAAKJFtkM1LAlEUxc+UIdgsEqKVgatWFpNK1KKF2QeBC7Gkj934NDVmptdzItoF/QVFq6AW0aI/QCgionWrIAjatYr2gQRlr/u0Gq3ucLk/Dvc+zhygQzc5t3wAbMcVmZmJ8OLSctj/DA3dCJAcMVmFJ9LpFDG+Z3vV7mmb6m5QvTVafQrerO6Wzz6Mvekjy/93v60C+UKF0XynjjIuXEAziNObLle8TdwryBTxvuJik08V55p82diZzySJb4l7WMnMEz8q/7kWvdjCtrXBvjwo93rByc7R7KMOYRJTSNEXRhYxxDGMMSxQRv/fxBs3SayBYwsCZRRRgkvXCVI4LBSIZ+GAYQgR4igM6rjK+neGnmYdAyMqix1PYwfAeYh+1/a0AdKCVeBqnJvC/ElWq/kqK7Fok3UBdL1K+dIP+C+AupDy7VDK+gnQ+QBcr38CiuJihBLO6q4AAABEZVhJZk1NACoAAAAIAAIBEgADAAAAAQABAACHaQAEAAAAAQAAACYAAAAAAAKgAgAEAAAAAQAAA9igAwAEAAAAAQAAAToAAAAAVVQ8vAAAAVlpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDYuMC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8iPgogICAgICAgICA8dGlmZjpPcmllbnRhdGlvbj4xPC90aWZmOk9yaWVudGF0aW9uPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KGV7hBwAAQABJREFUeAHs3QV4XMfVh/EjsmRmZoqZHYeZGR3mJg000EDD1GDzBRpomJlsp8EGGmg4McUcU8zMLFng7/zHvvJKlmShbUnv9JF398LM3N+qsc89M3Pjpk6bscEoCCCAAAIIIIAAAggggAACCCBQIoH4Ep3NyQgggAACCCCAAAIIIIAAAgggEAQS4+OJsfldQAABBBBAAAEEEEAAAQQQQKCkAnGZmZkMES+pIucjgAACCCCAAAIIIIAAAghUeoG4DV4qvQIACCCAAAIIIIAAAggggAACCJRQgPHhJQTkdAQQQAABBBBAAAEEEEAAAQQkQIDN7wECCCCAAAIIIIAAAggggAACpSBAgF0KiFSBAAIIIIAAAggggAACCCCAAAE2vwMIIIAAAggggAACCCCAAAIIlIIAAXYpIFIFAggggAACCCCAAAIIIIAAAgTY/A4ggAACCCCAAAIIIIAAAgggUAoCBNilgEgVCCCAAAIIIIAAAggggAACCCQWhSAjI8Oih2bHxZwYbYvZxNtCCGw3NzUc+wVGfd1uHYo6UPjXctTVwl9UKR4Z6xP7VcduL8XmKkRVspFVZBS55d5eIS62DC4iciuDqnfMKqNfjNy92xpE7C+Zn5t9ePQLl7u+6HNse7Hvo/35vfqx2VXnaju/U8L27JP8U1HaK7DS8rczlqH89b7sexzro1+TqMRuj7bxulkg1ge3zS5bexfrtrVjd4j9sR3ezv8dje3KDmFTjjoR2UX/X9XnxMSCQ+iC98ZcfGZmpo0cPc7SM9ItIT7BsjZ4M/rxEjUYc3je23Wg92qL47fYkMcxmyrP49C829LWTe1tOnVzu7kqyfUxOnzz8dlbNr7J7/jYw/I6ZoNfvL6U3PvEGFcIl9znRe3lvX2Dt6PW8ig6YVN7OfqzqaJNu7fs58bTttieu4Ut+hNV6Afm2BfzIeZtjury2x57UH7HFHV76NwmshznxnyIeRvbhZzXlWPP5g9bnKsNm76HzUf5u00HbnH8poPy2x5bR97HxG2sWjs3XWc4xz/nfXxsjfkfk/e5Bfz+bao26kbu8/P7/0P28blPyNnNfK8lv9Oyt0cNxPQvvM0+IGdD0eG5d+e3PTo7+/jowGhH9Orbs4+Jtm16Ler22NPDf65jv/eoznwqzWdzbJVF7Oem378cNWz8kKMtfShxP7f++6eWQ7t5tJe9fWP3wp/RYWFfzPbcb/Pbn709qmjTiTm2567MP0eHZx+X65g8qHIe4QdkHxNVtumI7O05z9h8fK7tsR/zPTd2R0x7sZtj69l8hTH9zHlAgf3R353ZJaa9aFvs7mibXjdvzym7eXvs0bHH59ye+1O+58fuiOln7Obcdelzfvvz2559TuwBMe1FbcTujrZlnxu7YdP7/I7PPtQPyD4mV3vZ27MP3vimqNtjT8/xvUc7vN08t/v+/Noqye9f/nVGHYppN/bgHP0U1uYSe9jmrVu+y++47O3Zb/zcHO3lrCv2sJx7Nn7Kb/8W2zdtCC+6pC0OyFl7fruLuj2qNb/ztD/HvpgPcfn0M+aQqPotXvM7ZovtmzaElzzb27xxi3M3tVqk7bEHe9Vb//+D2t9cYk/fvDXnu/yOKdJ2Pzj7+M0EORvyT9nH5NpT1O05KiqUS84Go/bi4+MtMyvLkjy47turuyUkJOQ8MOZToQPs9enpVqdWdUtJqWrrPZOdui7N4+usmKq2zdvYX4XogtVy7PZt05Py00r0u4tR8b6zMnOLvpjc3SqzBnM3VLafK8hllClS9CsQvUaNYRdJ5P0a68PfA3kblfet+X2vsdvL+zWWVf9jjfL7/0pZtV2e6411K8/XEfoeezG5/4Ipg4uLba4Mqq+wVeJW8Fcb67Mj/LesSlKSVamSZOnp601xcdUCAuy4DV4KvjwPXv2QOXPn+mFxlpa23lLT0vyuSOxlb60G9ldkAf0mbIP/fldkQq4NAQQQQAABBBBAYAcS2GqAtAP1la6UvYB+H5S9TvYgOyEh3po3a5ZvPFyoDLYC7NTUVK8sieC67L+/ctdC9B+g6LXcXQAdRgABBBBAAAEEEEAAAQTyEVBCMd0z15rwG2dZIQGdX8K50AG25mCnZ2TmG6nn0xc2I4AAAggggAACCCCAAAIIILDDCMQGx4UY0B36rXM0RDwhwdeVKWAQeKEC7EhiQ5bnKBkaHnHwigACCCCAAAIIIIAAAgggsIML5A6o03zKs4q2J/n86tz7S3I5RQqwS9IQ5yKAAAIIIIAAAggggAACCCCwLQWUbVZArRHZmke9YuVKGzZ8hCX5fOp4H/vdq1cvq1Gtuo/WzgirgycnJ+cIuIvaVwLsooqVwvEbBwEUPLSgFJqhCgQQQAABBBBAAAEEEECgEgvE+Vpi62zipEm2bt1aq16thq1Zu8Zq165lzZs3txkzZti0adND4L16zWpLSU6xzp07W/Xq1QscBl4QaKkF2FWqVLEsfzZYhkf+sUXPDFPaff369Vt0Ug/pDg/q3jSGXXcX9Hwx3V2IHdeuOw0J/uMbw2rVakfH6DWvohS/nk0Wnk+muv2zjs/0vu0IC3FtvNwdoSd56bENAQQQQAABBBBAAAEEEKgIAhts1arVNn/ePGvUuJGt84W7FYV1aNfe6tevb8pWz5o1K2Svq/rjqBctWmxr1qy1atWqFfviSxxgK5hVUP3Jfz6zpk0bW6+ePbODbAXXCxYstF9+HWp77bmH1a1bJzsoVmA9bvwEGz1mrMfNG1diq1WrtrVu1dI6duxgVVNSQj3xnrcf6in8yZOnWJYfl5RUxVo0b2Y9une3GjWqeeCcM8hWUK1getSYMTZlyh+2dOlSq1WrpvXu1dPat2tXbKjSOlEmslq/Ps2OOfqoUG3szYTSaod6EEAAAQQQQAABBBBAAIHKLKDYS8+vjvPXhg0bWf169UJMqbXA165VRruadfGMtY5bsmSJzZs/3xPACeFzfsncrXmWOMBWAwpoBw15z3bfbRfr26dPdoCtYHfW7Dn2+ltvW/duXf2C6vqi5htLou8bPmKkvTNoiA3YuX+4kNWrf/d6hvhzxZrbn88/19q0bh0y2d//8JP9+PPPXnfvsDz6p59/bvXq1rOrr7zcmjRuHNpXrYJZtmy5Pf/Sy2FcfXMPxOvVrWtjxo2zwe+9b6ecNNCOO+ao7OOjyeyxAa626XNe+zZ1Pc990Xk6Jvd7bYvaUB8nT5nid0bWZAfY2k9BAAEEEEAAAQQQQAABBBAoPQEFyRpJHedJ2yyPWTXqevHiJTZnzhwfMr7GM9gp1qJlS2vUsGF2DKjjixtcq+elEmCrIg0DD8O99SGmKAOtC4kC1phdYVuzZk1DoFytaooHzxk2Z+48e+Rfj9vDjz5ud9x+i9WuVcuPM+u0U0e75sorwrDv6T5W/rY77rL/fPq5/encs0PAHAW1r7z2uo0Y+Ztdefml1qd3r9AnIWlbjRobx9LrWPU1Wj0uObmK3xTYOCxdgbD26aaBnnWmYQPaJuTovAhd+3Sc9utHDx338Dp8ibq5IBPVoQx/qGfTkHbty8sq1ob3CCCAAAIIIIAAAggggAACxRNQfDZ37lybMXOmL2YWZ7Xr1AlJznHjx1md2rWtVavWIWs9fvx4q96/v8/Lrh3itz+mTQvxW7NmzfKMYbfWm1ILsLfWUEH79eBuFQWeHdq3s0suvMCuv+lW+/HHn+zoo47cuNP/FJJKu7ZtrWOHDjZ/wfxw8Qp8lRme+sc0z3T/YmeefmoYkp7qY+xVFNxqiLqC5Chw/uDDj2ysD1FXnf369rVDDjogBMNvvTPIsVvYmDHjbMHCRbZTx/Z2wnHHheBc5/7ns89DdlwBefduXezIww8LwbIy+I0aNbKJEyfa3Hnz7bJLL7Exo8fYzz48ftWqVdata1c7/rhjrIZPmKcggAACCCCAAAIIIIAAAgiUjYDiQyVFhw0fbvV8WHjP7j1DHDbP52JrCHhbjye1vUaNGrZ8xXJbtXqVNWnS1Pr36+fTjKd6cnakDylvmJ1sLUovlXLd7kVBbvQjiFaeptfw7mnTZ3hQnBn6FwXRev3DA+lJPie7WdNmIbjVuQrOdXciwQPtvr19KLnXo+0qOkf16LMCcQ1Z//y/X9mBB+xv+++3j3308Sf21Tf/C/t++uVXe+Otd6x161a291572Kdf/NeP/a+vKJdsn3z6mb3z7mDbY7dd7cgjDrXv/QbA+x985OfF2dhxE+y5F17yoQapIWBf7BPkv/n2uzBXfPdddw3nfvnV12GFutAp/kAAAQQQQAABBBBAAAEEECgzASVylSTVWl4qYah4Vs7FpuPi4n34uO/3WFEjjzXKOYojw0lF/GOHyGDn7rOCYGV6165bFy5Ww6kVbD/y2OOW5oGzguumTZrY4YceHLLSOl94mteskpKS7Igbg25NVB80+D1fnTzT2rZpY3vuvpt98823tru/av62x96+vbX9+NMvIXBWgH7oQYfaaSefZOt9ePcoz0JP9rsYel7a51986Rn29j43vJWfF+93QrqbAvIjjzgstNu1S2e78orLwtACZc9vv+Umq+pD39evT/ds+XhfHn6yZfgXrICfggACCCCAAAIIIIAAAgggUPoCCpA1XXdXT3TOmj07PKZLj96qWbNWiB/1eK7VHjsuXLjQnzSV6Yti1wqx5JixY/0RXdVslwEDwvnFCbR3uABb4+PXpq334d8Lw4puiUmJ4Q6CgDRuPsXnSytI7u3zq2v4qm+6I6GigLqpp/X1qqHdDRo0CPuq+HmNGjX0BdV+8zH488JQbUEtWrTIPvTM9QbNrfbsd7eunf34jfOsNaRcwbWGlGt8/qLFi/35aam20od61/bno33kq4BrkryC5R7du21s3wP4lv4sNfVTdz0URGsRN62Avs5XqNNQAwXgxfmSQgP8gQACCCCAAAIIIIAAAgggUCgBxWONPaGqVOzQoUNt9erVHhc29pisq832oFtBth7H1a1bNx8qXtOffjXfRyOvs64+tVeJ2OLGbaUaYCvzHC0QpqvW56ho1fCwsNem7G2UxdWrtuvH494wxPvLr7+2lZ4x7utBdJan8BVEt2zR3M73Bc00FDwKbvXM7KjomA7t21qdOrXDkG8tiqbnZzds2MAu+vP59sqrr9u33/8Y5lJrmfb9993H9t1n7xAM6ziPiEObgozFjN5robaaPka/f7++dvLAE0PArT6r/wq+dZyCe71q+2c+tPzdwUPCHPJePbrbu4Pe8+erpUfd5RUBBBBAAAEEEEAAAQQQQKAMBTbGmopDE0Lcpkcl69HReoyz4rb4eG03j+d85LQSr/5BI5pLUko1wNYzrzWkOj1dS5tvMK0Qrk5mZmbYRH801WrP5CoQVuDdudNOod+6SzDJh04n+7DuFStWhqzvF19+Zcf6M6K7de8axsHr4nWeMsMKsPU5dxGIJqqfdfpp9ujjT9o/7n/QDj34IGvgDxBfvmJFGAKu7Lge26WA9x0Pfpv4MPO6HpBrIbK6nh3XquOqJ7Z+vdc23d3YZUD/sHK5Flhr4dnqkaNGhQz43nvtGc6JPW/C7xND2wf7PO8FPvRg2vTp1rJli9BtHRd7bO5r4TMCCCCAAAIIIIAAAggggEDJBBRDao2veI8h58ydY7NmzQoLm2kBM8WOSupO9zhNU42rVEnelPQtWaxWagF2HQ9cf/PgetyE311hg633Yd5aNVuBdEpK1bBwmAJrBZYatn3LTdeHbHKaH/fwv54IclpITEO7L//LxbaHDwPXZHOdk5KS4nOZq4VgvSBiPRJrd1+ArI4Hy+/9+wN75vkXwsrgqqNlixZ2jK9IruHfZ591hr38ymt2nwfhmrxdu1ZtO8Wz0roZoEd5KVsdFc3nruZtq98nHHesP5A8NQTwukZtP+aoI8J5CsBVt4qO3XfvveyZ55636268JQTarVu1tOqeAVdJqVrVg/aNQ9vDBv5AAAEEEEAAAQQQQAABBBAoVQHFd3r8VnN/5JaStVVrVAvJ14WLF4UnU82ePSfEboofFYg3b9bc52nXLFEf4jwY3DIdnKtKRf5Tpk71LLIf6p3MqygTreOiolr1fGllnKMh1NqnxlSDAtKNWWlf7Tts9Ydy+7EKphXgagW3qGvRSm7aV5iiIdo6X3ci1qxZGxYa0xLsCuzTfbueV60M+7Llyy3Dg/Latev4MckejGeEVcCTfN635lKr6AbABl91Tm0rUFdRRjwtNS0MLdBkebWl1cNVbxSc61g9nmvlqtWeNa8Tgm9dh4LwjXVu8Do3BuShUv5AAAEEEEAAAQQQQAABBBAoVQHFlErEalSyYlNlrceMG2uZ6XrKVJb18idQad0txaaK4RQHKjDPs3hdCQlxYeFr1ZVXKbUAOwo+YxvRxegnr326QHU8d+ejc2LriY7RvsKWqG69RnXGnr95vy+Q5sF2tE99jY5XW7nb3nyeHv21eTi5HtWl7kX16FzVpeN1XFS0P3ed0T5eEUAAAQQQQAABBBBAAAEESlcgir9UqwJpTW3WCuINffS0pg0n+BztqMTGc9G27FeP5bYWYJfaEPHYIDK7A5ve5LcvNpDNfU7s5wIvMvbAmPdbqzu//bn7mrvt/M/bMvjPXVfUvdx1Rtt5RQABBBBAAAEEEEAAAQQQKF2B2PhLSdCmTZv4CuONshPBsftL2nLJlkgraeucjwACCCCAAAIIIIAAAggggMA2FshviHdJu0GAXVJBzkcAAQQQQAABBBBAAAEEEChXAqWZtY69cALsWA3eI4AAAggggAACCCCAAAIIIFBMAQLsYsJxGgIIIIAAAggggAACCCCAAAKxAkVc5MxXw95yLa/Y+niPAAIIIIAAAggggAACCCCAQAUV2LzieF4XWMQA28Kznjc+yTqv6tiGAAIIIIDADiCQ3/Mrd4CuVaguFOHxmRXqurkYBBBAAIFKKLDBH/G1+fHL+QEUOsDWJHAtad62TdvwgO78KmQ7AggggAAC211gg0Zc6S/BuO3elYrZAQ1nc1v/dwHGFfMb5qoQQAABBHIK6PnZf0ybZltbHK3QAXZUvZYzL6slzaM2eEUAAQQQQKDYAgqsH73fbNRIs8Qi/zVX7GYr1YnKXCd4cH3pNWbd+1aqS+diEUAAAQQQKEiAf3kUpMM+BBBAAIHyJ6AAe9QIsy+HeoDt3c8of5ewQ/dYSWtNP9PPKWft0F2lcwgggAACCGxrAQLsbS1OewgggAACZS+QmLQxuG5Sy6xrNx/FzFDxUkGX49LFZuMnbjQNQ8RLpWYqQQABBBBAoEIIEGBXiK+Ri0AAAQQQ2EJAmWsF10++5HOF+etuC59ibfAA+9vPzf5ykc9x57EixSLkJAQQQACBCi3Avzgq9NfLxSGAAAKVXEAZ1wTPZscV/EiNSq5UtMtP4J8ORQPjaAQQQACByiSgmVQUBBBAAAEEKq4AmdbS/W7xLF1PakMAAQQQqFACBNgV6uvkYhBAAAEEEEAAAQQQQAABBLaXAAH29pKnXQQQQAABBBBAAAEEEEAAgQolQIBdob5OLgYBBBBAAAEEEEAAAQQQQGB7CRBgby952kUAAQQQQAABBBBAAAEEEKhQAgTYFerr5GIQQAABBBBAAAEEEEAAAQS2lwDP2the8rSLAAIIIIBAKQhkZG2wOWsybPaqdEvP8ieSbaVOPb06yW+vN6ueaG1qVTE9yYyCAAIIIIAAAqUjQIBdOo7UggACCCBQwQSG/vqrffDRR5aRkWHmj6Zav369HXjggXbYYYcV+krXrVtnt99+u51zzjnWpUuXHOc98cQT1qBBAzvppJNybC/qh7UZG+yXeets0rI0yyhkgJ3oAXZrD65b1EiypAQi7KKaczwCCCCAAAL5CTBEPD8ZtiOAAAIIVGqBb7//3l588cVgEB8fb/qJK2K6Nz093T774gtbunTpFpa//PKLjR07dovtRd2Q7hnsBWszQvY63mNldTG/H6W3tU+B+Nw16ZapdDYFAQQQQAABBEpNgAx2qVFSEQIIIIBAhRLwSLRfv3527z335LisefPn24asLFu5cqVNnz7d+vTta40bNQrHzJ0713777Tdr0qSJ9fXtCsqrpqSYMtk//PCDJSYl2YCddw6BepK/T0zc+Ndwltf369ChtmL5chswYIDVrVs3R5tb++Ax81aHhquOWlXirVG1RJvlw8mN4HprrOxHAAEEEECgyAIE2EUm4wQEEEAAgcogEO8B9po1a2zOnDmWkJBgCojr169vH374oT3++OPWuXNnW+4B8apVq+xjH0quYPva664LwfWIESPsmquvtjPOOCMMMf/HffdZ69atbfjw4XbSwIF24403hiA7zgPwzMxMu+SSS2zxkiXWyAP1Rx97zJ595hlr1qxZqTLXTo637vVTwpDweT5nO9Mz3xQEEEAAAQQQKF0BhoiXrie1IYAAAghUEIEqHlArID7u+OPt8COOsOtvuCFcmYZ916lTJwTB777zjqV6dvqbb76xdu3a2SuvvGKv+s/5559vg4cMCZlrZafPOvNMe+7ZZ+3++++3F196yVasWBGy21WqVLH/ffutffnll3brLbfY332+drJnvF944YVSU/Tp45bs86y71Eu2uikJNmNluqX6GHENFacggAACCCCAQOkKkMEuXU9qQwABBBCoIAJa1GxnH8795htvhAx2NJxbGeeWLVpYrVq1wpW2ads2DBevWbNmyG6P8XnVY8aMCQujaYG05ORk69SpU8hY9+rZM2xf4tlqZa+VGZ/4++9h6LiCagXjNWvUsPbt25eKonLUSQnmq4UnWcOqifa7L4Q2c9X6MAe7im+nIIAAAggggEDpChBgl64ntSGAAAIIVBABBadVq1YNw8JjL0nbFQir6HWDp4g1fPzBhx4K86yVidbw8UGDBoV9OkZBucqMGTNCYF2vXr0wj1v7mvpQcM3ZfvDBB7PnZKvO4hadqeS0XhN91TMF1+3rVLHpnrmeviK9UCuNF7dtzkMAAQQQQKCyCxBgV/bfAK4fAQQQQCBPAQW5GiJ+g8+X1nxsZbT1iC4Fr6lpadnnpKamhnnW8+bNswTPSiuI/uCDD2zt2rUha63h4P98+GEbMXKkvfnmm3bMMceEIebav2b1ajvwgAPsYd9/0cUXW98+fcJxZ5x+uu27777ZbRTmjfqb7M/fauqP3lqammFr/KHYLWskWmcfGr54XYZNXbHe1vu86yj4LkydHIMAAggggAACRRMgwC6aF0cjgAACCFQSgX323jsM/c7wOddRUVZ4rz33tObNm4dNemyXnnHdrWtXO+igg+xpX5xs3Lhxdtmll9oyXwAtxedT33D99WE4uVYJP/uss+zss88O5w70xc5q165tNXxIuIahv/baazbNF0rbe6+9rH///lGTRXrVvOp6Ps+6efVEW+JBdvvaVWx5WqaNX5pmaz3gVnBNQQABBBBAAIGyE4jzO97690KBRUPbJk+ZEo7p2KFDmDNW4AnsRAABBBBAYHsJZGWYXXSm2Wc/mh2yu9lTr5rFV9z7yUtSM+3N31d4ljrTF07zADs5wbo3SLaGHmgvX59lwxausxWpG4e0R1+J/uavmhRnl/eubymJRQy7v/3c7OILNlb15LNmex8cVcsrAggggAACFVagsDFxxf0XR4X9arkwBBBAAAEE8hHwwHmpB9xjFqdZy5pJNnd1uq3MFVzncyabEUAAAQQQQKAUBAiwSwGRKhBAAAEEENiRBJZ5kK1AW6WI+ekd6TLoCwIIIIAAAuVOgAC73H1ldBgBBBBAAIHNAkk+LLxB1QRb5EPE12duddZXOFGrizeqluiLt22uh3cIIIAAAgggUHIBAuySG1IDAggggAAC202gmq8cvlvTamFIuK9jttWMtULwKh6UN6meZElE2Nvte6NhBBBAAIGKKUCAXTG/V64KAQQQQKCSCCgb3dqfda0fCgIIIIAAAghsXwG/h01BAAEEEEAAAQQQQAABBBBAAIGSChBgl1SQ8xFAAAEEEEAAAQQQQAABBBBwAQJsfg0QQAABBCqugB4MXYGfgb1dvrgkhqJvF3caRQABBBAoFwLMwS4XXxOdRAABBBAosoBuIS9ZZPa/Tz3ITjDbULgVtovcTmU6Ic5RxwzfeMWsQF6ZvnmuFQEEEECgkAIE2IWE4jAEEEAAgXIkoGDaY2obN9Hskgs3Lq1NfF3yL1BBtRx9tfLgW/IaqQEBBBBAAIEKJcAQ8Qr1dXIxCCCAAAJBQEPDFWBHf8uVVnCtAFOPtsore5vgjZX0sVeqIy6vygvxveq0/E4taF8hqs4+RI6qS7Yl6Wt2hbxBAAEEEECgYgmQwa5Y3ydXgwACCCCgOdeXXW126lke8EYRdmmzKMqMido9KF61cqUlJiZa1apVi93YsmXLrWatmpaYoAi2CMXbtSpVNg6DV7fSUje+15DulGTfsCny1vYspZ9LoehGQLc+pVARVSCAAAIIIFBxBAiwK853yZUggAAChRb45ZdfbPCQIZ6EjA8BYXpGhqWlpVnTJk3s0ksvtaRtuJDVlClT7NnnnrOrr7rKGjVqZGvWrLFq1ap5IndTULjpqj799FNbl5pqxx17bL7XmZmZGa6jWvd++R5Tkh2r0tbbDTfeaDf6T7P69bKrUsh61aWX2dFHHWVH7X1w9vaivrn7pputa9cudt7ppxfp1DmLFgfDJYsX2957720Djzk6nJ/pf77x9js2bNgw22mnnexPf/qTpZQ0y16knnEwAggggAAClUugrG7tVy5FrhYBBBAopwIKrJ986ikbMWKEJ3vjLcEzp/rZlmXlqlU2fvz4EBiv8vfnnneepXqwn7t8+OGH9u677+benOPz999/b3fceWeObaX5IW3VSvtoyGBbtdgXT4spI4cPt6E/fG/9e/aI2Vr0t7v26W0vPv20rVu3rtAnL/ag+tjDD7PxI0dY/Zo17OrLLrUXXnghnH/rTTfZ/911Z9j+2gvP28V/Os90E4KCAAIIIIAAAmUjQAa7bFypFQEEENihBXbZZRfTj8pwDw7PPvtsO2ngQFu0aJEpYJs/f75lePDdu3dvGzt2rM2aNct69+ljzZs1CxnmhQsX+ojkKjZq9Gjr0KGD7dSxY6hL5w71bGn9+vWtd69ettaz0StXrw4B4yI/Z4/dd7fpM2bY+AkTrI/X3czr69K5s91+223WtGlT+84D5EkTJ9rYMWOsbdu21qBBg1Cv/khOTvbRzhrubDZ16lSrW69eOE43BnbdddcQOCozP2nSJJvodbRo0cKqV69u06ZNCwG8+tmpUydbv369/fHHHyFb/ttvv1nNmjXDsWpfZcWKFTZnzhzr0qVLqGvy5MmeVe5q7dq1C1l19SN3dv2DDz6wvfbaK1zDSh8qrn5oqHjfvn1DNj7Lh2X/OnSorVi+3AYMGGB169YNbaV5X4b5dt1Q6Ou+hx52mD38yCM2atSocE3hoK38of716NHDnn/++dCv1e791Vdf2aGHHmqvvPKKDRo0KHzXZ511VuijstnRd7+VqtmNAAIIIIAAAkUUIMAuIhiHI4AAAhVJQMPCFfzpVeXxxx+3jz/5xKqmpNgRRxxh//v2W9PQ7Jo1atiMv//dhviwcgWJp/kQ5g7t24ds92gPhl/0jGlHD7JPPfVU6+CvClLPO/fckBW/6uqrrVu3bjZ79uwQUCuDunbtWlOQ/sH774f3519wgQ0ZPNie9mz6/AUL7P777w91HXfccTm44zbNqb7RM7O6CdCqVSsb6dn3E088MfwM8jqWLVsWzr/mmmts3Lhx9sijj9rO/fvbQ//8p11y8cW233772cCTTrIWzZuHmwRNPchf7tf0xuuvh/7quGVLl9rufjPgmWeftSaNG9sYv8nw0osvhmHWOTrkHzb4iuUa5n7QwQeHmw+yaeg3BnSdBxxwgJ122mlh2P3iJUtCUP/oY4/Zc15vDTc9+5xzfLp0qjVo2DDY/sv36WbFiJEjCx1gK2BXwKwbBxqJMNLPPdftf//993Cjo2fPnqHLrVu3ts5+M4MAO/c3yGcEEEAAAQRKT4AAu/QsqQkBBBAo9wLR0GxlPet5hliZXAWlyhIfdvjh9vlnn4XAU0O577rrrpARVmb0Ax++faQH5LM8iH7yySetnQffeu70xx9/HOZzP+GB+8yZM21/Dzjffecd232PPWzfffax//3vf7bbbruZsq4KMi+77DL7wzPOT/sw6dq1a+frqQBeGdpr//a30Mb1N9xgN998sx1//PEhqNb5CuJP8MD7zx68n+5B7yd+4+CJJ56wfh5sL/Vg9yqf832a3xCYO3duuDYFpMqaf/TRR/bAAw+EDLZuMijDffIpp4Q567d4G7mLMv2aN96mTZsQ9CvAfe+996yfZ68VfP/Hb1B8+eWXNtiDf2XJL77kEnvjjTdCsK2bDOqXbmDompQZV2Z+nvepsCUa0q92//znP4fTdBPhW785UqtWrewh/6pbGX21SUEAAQQQQACBshEgwC4bV2pFAAEEyqVApgeLytxqsTEVZYz/+fDDpuHdykCnerZVpU6dOiF7rOBOQamGhms4uYLmY445JgTQt916awjMG/pwcQV6LT3brKHjyjon+/Dy1h6Qaji1Aj8F8CpahVvvtchatC3syPWH9kcZdA39Tk9PD0Pak/z8aB65MtnKTCvDPuWOO8L+/jvvbFmeWa7lwbuyyxrurf7v5kPMFQD39GHtCuw1lF1901xm3WSYqODb+6tsf1yuvkQfM70PyhKf7TccNOS+l9eloe9TPbud6P1VXTpfmWsNN9d88Z29P7U8gFeRqcoGP6YoRXXKSpnsH374IdxouPvuu+1YXwxO1xDNuVawrxsB0XdblDY4FgEEEEAAAQQKJ8AiZ4Vz4igEEECg0ggoYFNRllqZ3yoeHGpl8Z4+zzdj0wJZCtZiA7cs/6zAUZnj//znPyEo1dBsBczapzqjeqNX1ZF7LrP2qd4UH6K+tRK1r3OieqJtOlcBqwJ7DVV/zPvypGev773nnlB31E7UhrLw7/twdWXaB3rWWwG8ssHz5s2zCy+80HbzgFtBfF5F16hr19xyvb/H2/jfN99YDc8W3/uPf4SAVnPNH3zwQXvMh4C//NJLpqHvCuRn+jlRiVyW+PD0Zj58vbDl1Vdftdtvvz0E2bpeDdXXkHXdeFjqdWk+t8r06dNtgs99V1BPQQABBBBAAIGyESDALhtXakUAAQTKjYBWrNYwZxXN443mY6/3gFLznJXl/doDxmG+GJqGfSsQ1PBrBcjROcq6aojy9ddfHxb40uf2nqVVwButiK3jdV4USCobrqA1e7sfq0BUC63d4EO+v/SFumKLFgSL+qZzoz5H/VFbCio1x1griSu4PPPMM+0aH0b+uAfXGkau+dXZ7W3qv9rYc889Lcmz6pprPdAXe1O/FvhccAX6qu87H26tkn2uX19UFNzrEVijfcG3GR4wX3vddfaNe+mRYi19oTUtXCaPi3yovYaoa765stfqmxZj+9u114bg+2/eT7WpBdg0vLywRYuxPetzui/wem/yueka3q456cqSn+NzvLVdAbhulhxyyCHWr1/ZPMKssP3lOAQQQAABBCqyQIL/pXv71i5Q/6DQP1RU6vvcsIKG7W2tLvYjgAACCOw4AgoOFUAroGvsi3kpA9vJg0VlQav5KthdPXgb7gtnaWi3Ak+t+K3VuWt7dliZUB2vHx2vIeIzfbVxzWXex4eK65nLql+LhGnotf7u0POtteK3VthWllirXyuo1jxnDXHWquEaZq3h6OqT9kVF7XT2VcC1EriGgmsItoY7axi75ov397nVCrA1RFyrl2vhr8N8nrayusrc1vU+n3DCCdbQ53pXVz98f5Qp1zlqdx9/hrT6oc9aHGyMDy9XP7V4W1dfqK2NDxPXOapb1xIVZaO1+vdxPgc8w4NznaeF3S7x+dbKpCuwnetDzef43OoB7qY50vLWyuOTfBXwdX7j4XjvmxY300JlWqBN11uY0tyz3fvvv39Y8Vw3Hi6//PLQX52r70ErlmvV9YMOOig8v1urv1MQQAABBBBAoGgChY2J4/zAjSmIAupXVmCyDzdT6bjpHy8FHM4uBBBAAAEEKpWAsuiXX3FFWHhNi70Vt1zr2eweHtifecYZxa2C8xBAAAEEEECgDAQKGxMTYJcBPlUigAACCFQ+AQ2FV5ZeIwKKWzTvXSt9M1KsuIKchwACCCCAQNkIFDbALtz4s7LpI7UigAACCCBQYQQ07L2kRUPlKQgggAACCCBQfgVY5Kz8fnf0HAEEEEAAAQQQQAABBBBAYAcSIMDegb4MuoIAAggggAACCCCAAAIIIFB+BQiwy+93R88RQAABBBBAAAEEEEAAAQR2IAEC7B3oy6ArCCCAAAIIIIAAAggggAAC5VeAALv8fnf0HAEEEEAAAQQQQAABBBBAYAcSIMDegb4MuoIAAggggAACCCCAAAIIIFB+BQiwy+93R88RQAABBBBAAAEEEEAAAQR2IAEC7B3oy6ArCCCAAAIIIIAAAggggAAC5VeAALv8fnf0HAEEEEAAAQQQQAABBBBAYAcSIMDegb4MuoIAAgggUH4FVq1aZevWrSvRBSxbtswyMjJKVAcnI4AAAggggMD2E0jcfk3TMgIIIIDAjiww5L337Mcff7TkKlUspWpVS/XgMW39ettt113thBNO2KZd//TTT234iBF23bXXWlxcnKWlpVm1atW26MP7779vv/z6q2VlZVlKSop169bNDjrwQKtTp84Wx0YbVNcdd9xhp556qnXv3j3aXKRXtXfV1Vfb0UcdZUf5T3HL3ffcY127dLHzzjuvSFXMmDHDnn/+eVu+fLntt99+dtxxxxXpfA5GAAEEEEAAgdIRIINdOo7UggACCFQ4gQ0eNMb5VS1evNjuu+8+W+Sv+pyQuO3vzS5YsMAmTZwYgusfPOi/48478/R+/fXX7bPPPrP4+PiQTX722Wft8COOsAkTJuR5vDZmZmbal19+aWqjuGXkyJE2dOhQ69+/f3GrCOftussu9uJLLxUpEz5//nw79thjberUqVa3bl27/PLL7eWXXy5RPzgZAQQQQAABBIonsO3/lVS8fnIWAggggMA2FlCWWj9z5861L7/6ym695RZr0aKFzZs3z5YuXWqTp0yxmjVrWqeddrIRnl1WID5gwACrX79+2L9mzZow3HnC779bd88kt2rVKlzB7NmzbdSoUaEuZZh1noZFq87U1NRQx7hx42zmrFm2i9dXr149O/TQQ20XDz7T09Pt559/tkmTJtlED7jVn+rVq2fLKLt99NFH22233hq2qb5L/vIX++tf/2offPCBJScnh+v57bffrHnz5tarV68QtFfxLL2CchVdr/Y3adLE+vbtawpgNXS7i2eWVRSQjxkzxjp16mRVPbOvorr32msva9q0qa1cudJ++eWXsE/nK9OuDPevHoCv8AyzjBQIq2hEwDDfnupZ9L59+tihhx1mDz/ySPDZ1UcKFKbo5oHqfOqpp8K1KIv94Ycf2tlnn12Y0zkGAQQQQAABBEpRgAC7FDGpCgEEEKiIAppXvGHDhhD86vruvfdeG+EZWwWzp59+ur355ps2ygPSLD/m/+6/397/979DNvfa666zjh07WoYHxX9Mm2ZDBg8OAfJFF19sPXv2tAUeuN50002m7O8/H37YevToYVM8aG/fvn1oa8WKFZblwexHH31k//3vf+1Tz0xfdeWVNnjQIFvqAe/93tYVV1wRzovc1af1HrRGRcPE//a3v9nBBx9sCuznzJljN/uNAgWzCkyV+Q3Dsf28pKQkGz16tF19zTUhuNZNg+v8GjRs/OyzzrKPP/443CRQtvuuu++2jzyIVYAtG/X7IG9DNxVOc5OGDRqEQPyAAw6w0047zS699FJbvGSJNWrUyB597DF7zjPrNWrUsLPPOcfS/CZAg4YNbciQIfYv37eTm8m3sAG2Avt99tknfB+67ll+Y6Jdu3YRAa8IIIAAAgggsA0FCLC3ITZNIYAAAhVBYLkHvprT/Pprr4XssTLNbVq3Ni3ypfm/w4cPD5cZ70Hro56NbejB4+GHH26ff/55yNyuXbvWbrrxRmvk2z0qtG+/+y4c84LPIVbwevqZZ9rPPgxcmfDd99jDxno2W2X16tXWxwPjY31+8fjx4+1pz9jGJySEfQX90aRx4xA8T/3jD3vE+6Os+LU+l1tZ6ss9QNecaWWvlZlu7dfxyiuvWFPPXivof+edd+zUU06xFi1b2ptvvRXmgL/66qt2iAfTtWrVCs0q+67Auk2bNiHbrRsG7/n89X6evVbw/R+fP67rGuw3GJThvviSS+yNN94IwfbChQvtk08+sZoebOuGgm4Q1PWM/TzPohe2JMYM2X/Jh5frxsGDDz5Y2NM5DgEEEEAAAQRKUYAAuxQxqQoBBBCoLAL77L231a5dO1yuFj+70+dEK0OrIFgBtII+DbFu7MFtggfBGh6uOc4nnXSSaSEyZXsP9OzuLZ5NVnCrIFjDtBXgKvvb2M+t4UO/W3pgu8qHXOsYBZ8qqlt1FnYu+HxvV5nw2h4Qz5o5Mwxrv/Ouu0JAva9nfqOiYFhD3jW8eszYsWEYuIJuZbaV5VbQevBBB9l4D2Dv9gx27pLpmXr1X9luDc/W8PPbb7vNpnp2O9HreOGFF8JQcWWulWH+/vvvbeedd7Za3qZKtBCb5r4Xp7z77rt2jy+Spnbatm1bnCo4BwEEEEAAAQRKKECAXUJATkcAAQQqo4DmFKvM9ID1HB/mfIlnZc/0zLPmRkf79KoAVcGwgld9buDB81ueCf7d508rCH1NWXAPOGPPiY6NtkWBdeSsOvMrOleBelQ0vP3/fIG2Ll27Wlf/qedZ8WOOOSZkpXWM2tA8bb0qcNew8598jrfmm3fu3NneefvtMD/8CF8o7TEfvq1Ae599982eT646dJ6C5um+kvcB/l5BruZ83+hZ+nv/8Y+Q7W7WrFkI0HVsVDSPW3PRo6I+6EbCEp+L3tHntRelaHi5bnIo+17YoeVFqZ9jEUAAAQQQQKBwApv/pi/c8RyFAAIIIFDJBBT4KSutVxUFpNE8Zw2NVuZagaPmKGvotoJcBcGxz4TWo7A0HPyb//3P/vvFF2EOtuZHK9OqOcOqUyVqS3WoqA7VpWHY0TEdOnQIgXn0aC3N846KztOCY2pPc781DHyd1/3sM8+E7PTpPh9aQfRCz2prqLvq1KO/9Kp2tIBbgge5euyV6omuu5rPtVb2/Rqfn62VyWOLbgDs5AGx5m/rvMefeML69+sX2m3rw8a1cJnO0dxzzf3W/Opz/OaCbkhoCPrfvH1l8LW4moau/+FD2f/iNywKW+Q+cODAMFf8bb8hoBXEtQDbZZddFm5uFLYejkMAAQQQQACBkgsk3O5la9XoHyxa3VWlvs8N0x12CgIIIIBA5RDQf/M131iZUS3qpeHOWvhLw76VkW7hq3FrQTAFy1o0TJlfLeal4eFazEzna5i1VhLv5llkZbn1SCkdGz2vWUOrlWHWsVo1XPOkdY6y0X169w7zsZt5O6pD7SgrruBXK4tHc6H1bShojxYeq+ZDzDX3+5abbw4rhmt/Pw98Nex8rA8BV90nHH98WIlcq4trxe89fcGw2b4Q2hJf2fxEX0Fd/Y/6pWHjugGghdVy/z2o4fJa/fs4r0+BvbLTWiFdmX0N/T7kkENsrtc7x4PoAT4sXHPV5aMFyiZNnmzr/FqO9/YUfMtSgXxstlt9z69Mnz7d2nggryBff1/rujR/XY8My93P/OpgOwIIIIAAAggULFDYmDjOD9yYJiigPt3V1+NYVDp65kD/sKEggAACCCBQWQQUzB9x5JF28UUXhUx27utW4K0F0/Q4sSN9OHlxizLYPTyoP/OMM4pbBechgAACCCCAQBkIFDYmJsAuA3yqRAABBBCoWAJa4VuPCtNcbGXJ8yoazq6MsbLhxS1aiV3P9SbzXFxBzkMAAQQQQKBsBAobYDMHu2z8qRUBBBBAoAIJaAj4CT6Eu6CioeklLVrFnIIAAggggAAC5VeAydTl97uj5wgggAACCCCAAAIIIIAAAjuQAAH2DvRl0BUEEEAAAQQQQAABBBBAAIHyK0CAXX6/O3qOAAIIIIAAAggggAACCCCwAwkQYO9AXwZdQQABBBBAAAEEEEAAAQQQKL8CBNjl97uj5wgggAACCCCAAAIIIIAAAjuQAAH2DvRl0BUEEEAAAQQQQAABBBBAAIHyK0CAXX6/O3qOAAIIIIAAAggggAACCCCwAwkQYO9AXwZdQQABBBBAAAEEEEAAAQQQKL8CBNjl97uj5wgggAACCCCAAAIIIIAAAjuQAAH2DvRl0BUEEEAAAQQQQAABBBBAAIHyK5BYfrtOzxFAAAEEtqXAu+++a/Xq1bMDDjggu9nffvvNRo4caWeddZYlJCRkb4998/obb9jqVavswgsvjN1svw4dav/5z3/sxhtusKSkJEtPT7d//etfNm/+fEtOTrakxERbt26dZWVl2THHHGM//vijdevWzQ477LAc9RT3w4Tff7fPPv3Uzr/gAqtRvXqOaiZOnGgffvSRXXLxxVatWrUc+6IPuu733nvPbr755tD/tWvXWvVN9bz11ls2Y8YM+9vf/mbx8Xnfy37iiSesQYMGdtJJJ0VVlvh17Nix9vnnn9tf/vKXYFjiCqkAAQQQQAABBIokkPff+kWqgoMRQAABBCqDwOuvv26ffvZZjksdNmyYPf3005aRkZFje+yH0aNH26+//hq7KbyfN3euffP11yGAjnZu2LAhBKQKXp986qkQdMfFxYVjJk6aZAsWLIgOLfHrhAkT7Morr7SXXnwxR10K6G/yoPmWW26xNWvW5NgX+2Gu9/8r778C6KlTp9qVV12VvXuV31BYtHix6XryK7/88ospIC6tsmzZMjv77LPtrrvusrS0tNKqlnoQQAABBBBAoAgCZLCLgMWhCCCAQGUWSElJ2SIrWqVKFatatWo2i7K248ePtxYtWliPHj3C9kTPRCtDHZVRo0bZgoULbaH/JHudUdExV20KUgcPHmyrV6+2Bx54INpt9evXDz/Kas/3LLd54D1j+nTbbbfdTMHl8OHDrUuXLtauXbtwjgJlZclXLF9uAwYMsLp162bXpTcJHhg3a97cnvJA/vjjj7dmzZqF/coA//zzz9aoUaOQlZ83b54pO92+ffsQMP/umW+dp/4q057uNxeGejtTpkyxMWPGhO377LOPnXDCCaE+3Rho1rSpjfCbBlX8nF133dW7HheOk01UNBpAQXvfvn2tSZMm0eZCvSqQv+6668I16H1BgX2hKuQgBBBAAAEEECiWwOa/2Yt1OichgAACCFQWAQWFyuguWrQo+5JXrFgR3ivYVFB87733Wu8+fUzZ4UMOOcRu9SywzlMwrPLoo4/aSy+/bLvusov99NNPYYh02B/2bv5DGVgFyKmpqabAXgHjnZ6ZPfzww23n/v1t4MCB1qVrV1uyZInVqFEjBLrr1683De1+8803rZvv0zDpxb5fgfKjjz1mzz7zTHYQrZYUGO+xxx4hiH7ooYdCMK/27r///pAJ/vjjj003EJ597jmb6sHzM36+MvXXeiB7ySWXhH5pWPysmTPDNf3hWewHHnwwBM6jPFhWkH333XfbBT4Evb4Pra/jAf6IESPsZB8SfuONNwaX6Npvve0202iAjh062D8fftge8nqiGxSbVfJ/p+HmCvz1quH6BNj5W7EHAQQQQACBshRgiHhZ6lI3AgggUIEEFOgOGjTITj7lFDvp5JPD678ef9wSPbhWoH3vP/4Rhkk/9+yz9owPG3/llVds6h9/mLK0yhYv9iHTOv5BDx4VCGp4dlGKAmgFuJkeeK/xjPJ93t5rr70WssdHHHGEDfI54u3atg1zkL/99lv78ssvQ4D/99tvD5nyF154IUdzCkLVtxuuv94+/uSTEJxrnnlmZqadd+65luFzwlU0N1w/UVE/dIyK+tOxY0c7x4dmd+/e3Z72bLh+dCNguWfOVVauXBnmkL/w/PN2///9XwjG5aWh5bJTYPzySy/ZdddeG+Zzd/Ag+yn3K2zRUPNn3VzX16pVqxBc5zdvvLB1chwCCCCAAAIIFE+ADHbx3DgLAQQQqHQCyu6e7IH1bbfeGoI4ZV8V4A4ZMiRktRU07rP33sGlU6dO1qplS5vsw6OV5VWAPWvWrBBUKgOtogXTFGQWNtuq9kLG1wPjWrVqWcOGDUO2uE2bNtbaA0u109rfr/Pg+3fPZCt4VdCpTHhNz3JriHfuomC5Z8+eduyxx9pfPeBXdv42zyZrOLkC+ahEC5Wpfb0P/di0U+8VqGu7Mvnqhz7Hbbo2DaHX0HUd17t373C9yrxrv479Qzch/Lx3/eaFjknzPg3Yeeeo6QJf1X/dqNANgDd8MTn1f86cOXbHHXfYFVdcEYwKrICdCCCAAAIIIFCqAgTYpcpJZQgggEDFFVAgrCx2zZo1sy9SmVJt1zBtBZWzZs8O8681f1rzrDU8WwGulvrSeQoeldHV8TpG+4pT1KbOjc6PXsN236c5z5rHrGy5+qWiffmVv3owuseee4ZVyo/w7HPsYmoaJr7C+6yiIFrD1zcOeN9cmzLaql8Bs0psW+pblPGe6cPJtU8BvF61r7H3UzcM7vSgOJonHl3P5hbyfqf2FEhr7rva0PejIF2vUV/yPpOtCCCAAAIIIFAWAgTYZaFKnQgggEAFFFAGO/fq1Mqcal62Amllt7XQ1sATT7QffvjBNNS5V69e9vbbb4ch3W08u9zNM7kX+aOv9vRgVnOcN3iAqYAwd9HQay1mFlvUvrYr+NSiY1EQq+OiAFb9U+B+wIEH2sOPPBLa6utzwrXA2Bmnn2777rtvdpWqS3Xq3MaNG9s73s8oqx61oevTfHE9PkyZba0OroXMvNPhvKjttj40fdLkyXazzzk/xR0UyqsvUUCuOd6af/2Wt3HccceFQFrXILvebiSbC/78Zztg//1Ni8Ad6P0/0R23VhREyz0qujHw4YcfhseDaQE2CgIIIIAAAghsW4GE271srUn9I2bp0qXhMC3Uon8wUBBAAAEEKpeAhjH39JXBFUxGRX8ftPSh4Br6vLcPD6/uGe3JviCY5iNrKLky3PEeBGrxrs6dO4eFvxZ6EKjA8Pw//Sls07Otc/+9os/NfSXyPl6v3isI13OxtfBXU89O16lTx3b2YdSqR9nafv36hW06RsPTu3hbhx56aBguPcdX5taQaz2/W9noqOhc1aUF0VR/VK/267Oy7KpXc6xb+DVqPrkWRdMzuTt5/Q39GdaNfJi6hpg391XFlaFf7EO0taq5hq9rPngbD5zf8EXXdENhpQfn+3mA/9e//jVk1RO9/a5+w0Geh/qCcMqST/dMtIaTH+lzyoszj1o3C9RvfR9R5j66Xl4RQAABBBBAoPgChY2J4/zA/MfMbWpff2HrH0wq+keS/lFCQQABBBBAAIGCBZTx3tez0k/64m56VBgFAQQQQAABBMqnQGFjYlLR5fP7pdcIIIAAAuVAQNl1ZfJbt25dDnpLFxFAAAEEEECgpALMwS6pIOcjgAACCCCQj4BWFT/6qKPy2ctmBBBAAAEEEKhoAmSwK9o3yvUggAACCCCAAAIIIIAAAghsFwEC7O3CTqMIIIAAAggggAACCCCAAAIVTYAAu6J9o1wPAggggAACCCCAAAIIIIDAdhEgwN4u7DSKAAIIIIAAAggggAACCCBQ0QQIsCvaN8r1IIAAAggggAACCCCAAAIIbBcBAuztwk6jCCCAAAIIIIAAAggggAACFU2AALuifaNcDwIIIIAAAggggAACCCCAwOam5wAAAEAASURBVHYRIMDeLuw0igACCCCAAAIIIIAAAgggUNEECLAr2jfK9SCAAAIIIIAAAggggAACCGwXAQLs7cJOowgggAACGzZsAAEBBBBAAAEEEKhQAgTYFerr5GIQQACB0hP49LPP7ONPPslR4eLFi+3JJ5+01NTUHNtzf1i7dq1lZWWFzSNHjrQr/vpXW758efg8wj9ffvnl4Wf2nDm5T93q5w1e75o1a7KPe+utt+y+++7Lbi97RxHf/PjTT/ba669bQYF/7raL2MRWD09LS7ObbrrJxo4du9VjYw/48ccf7frrr7err746/HzzzTexu3mPAAIIIIAAAttIgAB7G0HTDAIIIFDeBD73APu0004zBchRWbhwof3z4Ydt3bp10aYtXtevX29/Ov98W7JkSdinoHHBggXh/aJFi+x839e0aVM777zzrEnjxlucv7UNk6dMsSuvuir7sFWrVtkiD/wLCoyzDy7gzXfffWcvvvhigYF67rYLqK5YuzIzM+3LL7/M9ipsJW+88Yb98MMPFhcXZ6qjWrVqhT2V4xBAAAEEEECgFAUSS7EuqkIAAQQQqEACySkplhAfH7LP7w0ZYvXr17d4/6zgTYGcyrKlS23Y8OFWrXp1G7DzzpaUlGQTJ02yESNG2Pjx461JkyZWr149e+jBB8N5r776qiUmJtqxxx5rycnJNscz2Aq2q1SpYgqUh3tdcd5Gv759rUaNGrbYg/QRvk3vd9111xA8Dh061KZ4kD1mzJjQ3j777GPHH3+8JSQkhD5NnDgx7O/QsaN12mmnsG3GjBlW3fs4ZepUW+fZddVVtWrVsC/6Q31P8WvWteV1fJL3O2p79OjR1qpVK6tTp47NnTvXfvvtN2vevLn16tUrBOiT3EDXNWrUqNDHZs2aWevWrUNTujmh/T169LCZM2eGbHW7du2sa9euYb8s5FzYooBaffj73/9u+++/f2FP4zgEEEAAAQQQKAMBAuwyQKVKBBBAoCIIpPkw8HPOOcemT58eMsavvPxyduCnYPT3CRPsggsvtNYeaC7z4d+1a9Wyxx57zJ5++mlTpvrJp56yGh7Uzps3zzI8CHzKP3/w4Ye20LPZGtKdnp5uv3qw/MH774dA9ayzzrJatWtbsgeY3bp1s9NPP93+cumlVrdu3RBMn3bqqXbGGWfYy96PPzxQfsCDdvVjlAe3e+21lz300EOhjRc8C61AV9svuOCC8PPAAw+EtnbygHuCB/49eva0Z595JgT7ub8rBbcPel2//PKLRcf36dMnDN1+5ZVXQtv/d//9dskll1iWX9eNPqS7r++f4B66caDM/IUXXWQKyHUToUOHDjbO2/zwgw9CUK+bDN/4EO5T/Xo0GqC5B9+6SfGg9/Hggw82j/Bzd6nAzxqOr4D/iSeesHfeecf2228/O/nkkws8h50IIIAAAgggUDYCBNhl40qtCCCAQLkX0BzqOh7cPv7447b/AQfYEz73+vDDDrN4DwC17wEPQhXIPvboo7Z69Wo77PDD7UMPoG+84Qb7/PPP7QEPQpXF/frrr+22226zVi1b2nnnnhsCQQXbCgz32nvvMLT7GQ92a9asaW/6UGdlojXHWoHuU95mSz9viGfQ77n33jC/+Fyv43WfK/2016EA+4477ggZXA1ff+if/7Rnn33W9vF6v/J2L/ZA95hjjgn96+tZcfVVWeXjTzghBP6qO6+ywm8Y5D7+7nvuCcGzAuQXnn8+9O9Q99hlwAC79tprQxb7iiuusKOOOsqWLVtmJ554ol37t7/ZWs9YH+CZ5e++/94OPugge3fQIDvzzDNt9913Dz8aGXCVz50ePHiwHXjggXl1p8Btynhfc801IZjXjQ3Nw9Yc+bPPPrvA89iJAAIIIIAAAqUvQIBd+qbUiAACCFQYgXSfT60g+WEPXJWVVW41ybOyGuY8c9Ysu9AzxBpSreC4T+/eNsYX51KgreBYQ8EVLCsIjoY861XHa5t+dIzmbE+aPNl232OPMFRceLU8G67y5VdfhcB+2h9/mDLqmmcd1adX1R/a8Xo0rFsZ45379w/nasi6ssGzvJ86rr0Pw9axbdu2DUPBYxdKCyfE/KE+5j5eQ8ujtsOQdr+poCHuDRo0sDvvuisMX9dwdd180HB0BdMacq6fI4480ga9+67V9SHlCr6P9iBcfdGNgql+bb/++qt19Ey3hnsXLX9t4Zov8u8mKkt92P4Hni0nwI5EeEUAAQQQQGDbCRBgbztrWkIAAQTKrcAhhxxil/7lL3bzLbdYY1+YTIFsTZ8XrTnNUZk1e7bttttu4aMCRQWhKrGLj0Xv9Rr9KGjVMHAF0VFRkPrcc8/ZW2+/bXfdeaetXLnSbrzxxnCOhmXrXAXNKqFO/6xMsLLiyuJqvrMy2ukZGWG7HgimPqmobhUF0QWV3Mfr2Khtva/uc9EbNmwYMuSnnnKKNoW6Fbirjeh8bT/dF4s71X/m+/D4ww49NAyJ1/D3VL9RoYxzLb9BMdlvMhSnRG3JUWX+/Plh3ntx6uIcBBBAAAEEECiZAAF2yfw4GwEEEKiwAlr9OwradJEa/jzcFy/TKtcKsM/yYc4KuLUQ2gIPZrVglzLdWgRNP7f4Pg2X1rHrNj3WS0FntAK5AmMNn9a2M3y+9Vk+pPl2X6grcVPWO9Xb1zEKlD/6+OMQZCuYbN2mTch4q+1TfK6xgmcFtW18+4E+lP2iiy8OQ9k/9nMO8SyyFiPTfmXKVUK7HohHgXbY6H9oTnj0+DFde+7jMzxYb+3Zb2Xbb775Zhs4cKCd63PU7/eh8JpXvnzFipBl13Bt1RMbYHfu3DksuPbev/9t9/3jH6HJBR4IN2rUKMzd/vyLL6yFL5KmIp/Yc8PGAv743oee3+k3ITTkXPPdtZr4235jgoIAAggggAAC214g4XYvW2tW/xjRkDOV+r4abDTUb2vnsR8BBBBAoPwKKLjeqVMna+dBpYoyxnv6MO4mPmRci3ppIbJuvvK1FvBSNvt2n2fdvn37sEiZVu/WkO3u3bubVsjWMGotFKY6tLJ4T19kTH+XKBDv16+fKQDt66/jxo0LAbYWC9N8ZGWuVc+RPsR6Zx/yrTY1b1pD0hd7ploZc2WRNexbdegcLag2wxdm08Jn1/gc6CqbhpKrLwq2lblW9lkriav9qCiwVz1a3VvDt3MfP8DnWmvYeGjbHwum/qg99UfPrVbGXnO7W7RoEYaF9/eh6rV90TYVtam6+286R5/VjrLWCsZP8Qx4d/+sBdE0pFzzv7VCeWGKrl8roqsuZfHv9bnq8qUggAACCCCAQOkJFDYmjvMDdfO/wKI76Xr2p4rmiEXD8go8iZ0IIIAAAggggAACCCCAAAIIVACBwsbEhX/QZgVA4RIQQAABBBBAAAEEEEAAAQQQKCsBAuyykqVeBBBAAAEEEEAAAQQQQACBSiVAgF2pvm4uFgEEEEAAAQQQQAABBBBAoKwECLDLSpZ6EUAAAQQQQAABBBBAAAEEKpUAAXal+rq5WAQQQAABBBBAAAEEEEAAgbISIMAuK1nqRQABBBBAAAEEEEAAAQQQqFQCBNiV6uvmYhFAAAEEEEAAAQQQQAABBMpKgAC7rGSpFwEEEEAAAQQQQAABBBBAoFIJEGBXqq+bi0UAAQQQQAABBBBAAAEEECgrAQLsspKlXgQQQAABBBBAAAEEEEAAgUolUKQAOz6+SIdXKkguFgEEEEAAAQQQQAABBBBAoOIKFCYeLlTEHBcXZ4mJiVa1atWKq8WVIYAAAggggAACCCCAAAIIIJCPgOJhxcWKj/MrifntiN2uClJSUizeX+M8i52ZmRm7m/cIIIAAAggggAACCCCAAAIIVFgBxcEJ/qO4uKAAO26Dl8IopKal2dy5cy0lOdkys7Js3bp1luWvFAQQQAABBBBAAAEEEEAAAQQqooCGhStzreBaMXGzZs1CTJzftRY6wFYFqamptnjJkvCqLHYhY/P82mY7AggggAACCCCAAAIIIIAAAjusgLLVCQkJIXPdoH798FpQZ4sUYEcVMUQ8kuAVAQQQQAABBBBAAAEEEECgogsoyC5MKVaAXZiKOQYBBBBAAAEEEEAAAQQQQACByiRQqFXEKxMI14oAAggggAACCCCAAAIIIIBAcQQIsIujxjkIIIAAAggggAACCCCAAAII5BIgwM4FwkcEEEAAAQQQQAABBBBAAAEEiiNAgF0cNc5BAAEEEEAAAQQQQAABBBBAIJcAAXYuED4igAACCCCAAAIIIIAAAgggUBwBAuziqHEOAggggAACCCCAAAIIIIAAArkECLBzgfARAQQQQAABBBBAAAEEEEAAgeIIEGAXR41zEEAAAQQQQAABBBBAAAEEEMglQICdC4SPCCCAAAIIIIAAAggggAACCBRHgAC7OGqcgwACCCCAAAIIIIAAAggggEAuAQLsXCB8RAABBBBAAAEEEEAAAQQQQKA4AgTYhVRbtmKV6YeCAAIIIIAAAggggAACCCCAQF4CiXltZNuWAkuWrwgb69auueVOtiCAAAIIIIAAAggggAACCFR6gR0mg52enr5DfxnxcXGmn6KUzMxM2/iTVZTTOBYBBBBAAAEEEEAAAQQQQKAcCmz3DPaw4cPt0UcesYWLFlnTpk3twgsvtF132cWWLVtmq1atslatWhXIqsB82rRp1qFDB4uP32HuF9iMWbPt48/+a5kZmRbngXndOrWtX59e1nmnDgVeDzsRQAABBBBAAAEEEEAAAQTKp8B2jUjnzp1r55xzjiUnJ9vZZ51lSYmJ9v6//x0khwwZYg974L21MmnSJLvmmmtCpnhrx27L/StXrrLp02dah3ZtrXu3zrbebwS88OqbNv73SduyG7SFAAIIIIAAAggggAACCCCwjQS2awZ71KhRtmTJEnvooYesZs2aduqpp5oy0qtWr7ahQ4faUs9iT5w4MWS2a9WqZaNHj7apU6da586drUuXLpaWlmbDhg2z+QsW2JgxY6xly5a2Zs0aW5eaal38GJU/PLudvn69derUKQThP/30ky1ZutT69O4djld2uSyK6q1SpYrtOqBfyF7vs8du9uBjT9noseOta+edbLX3c/KUPyzOs+6dO3awlJTk0I30jAybPPUPW716rXVs18bq1q0T+j195mxr1qSxTfljmtWuVdNatmhuU6dNt8VLllqrli2sSaOGO1QGvyxMqRMBBBBAAAEEEEAAAQQQ2JEFtmuA3aZNG8vKyrIrr7zSLrvsMuvRo4clJSXZoMGD7dPPPrPEhAS78cYb7YorrrCff/7ZBntWu2GDBjbag+nnnnsuBN5PPf10GCJ+08032xmnn24TPaOtIeOvvvJKcH/mmWdswfz59vzzz9t1110X6tnJg+1nn33WnvOfJk2alOn3s2FT7Rs2bDD9KEs/Z+58e+3tQVarZg2/oZBh3/34s513xinmY8nt1TcH2dp1a61mjZr25Tff2iknHmvNmjaxNwe9Z9WrVrXFS5fZvnvuZhMmTbZhI0ZZ40aN7PuffrWTjj/aWnnQTUEAAQQQQAABBBBAAAEEENg+Ats1wFYW+rHHHrN77r7bDjroIOvXv7/de889dtLAgfb111/bBg++//Wvf1miB6XVqlWz8847zxp4gH3hRRfZCx4wv/nmm/bnCy4wBdFvvfGG1fAs+A0ekGd4Fjgqeq+FxtauXWtvv/NOqP+MM84Ime6UlJTosFJ/VQY70/s/4rfRVtWHwE/yrLSyzUcedrD954svPbiuaWeecmLo2zMvvmbD/DjzaHz23Hl2+UV/sho1qtv7H31qX/3vBztt4HEedK+zFs2a2gXnnhEy1Q888oT16tHdjjz0oFBHQsJ2He1f6n5UiAACCCCAAAIIIIAAAgiUN4HtGmALS8H00UcdZRq6ffMtt9gll1xi3333nVXxTLYCY83PVunbt699/sUXNn78+JChrurZ3DAM2/cneKa7qgfgetW22MXO9FlZZAXoauuWW28N9Vxw/vm21157hbrL6g/1f9iI38Lw73p16th5Z55qbVu3tLcH/dsz9Yn20utvh6bXpaVaamqaD5df5lnuLHtnyAdhu4aRa4i4ho0nJiRan57drUb16iET3rd3T/vh56GeDZ9nu+3S33r36FZWl0G9CCCAAAIIIIAAAggggAAChRDYrgG2hkwrAFYmeb/99rPbb7/dzj33XFvn2dpon65B2eezfTE032gHHXywNfVh3ctXbHwutYaY5w6qYx/5paA7y89T0P3ggw/aCSeeaK+++qqdceaZYUG13j4XuyyK+q+bBGeeepI1blg/ZOHVTprPB1e2eUC/Prbn7ruE69Sw8fj4BHvLh4G3a9smZKw3ZG3wcxLCTQOdE1t0vcpcd+vSyYaPHG1vvvtesOnTq0fsYbxHAAEEEEAAAQQQQAABBBDYhgLbdVzxCy++aOd7JlkLlE2ZMiXMi1bAq2xzsgfdc+fNs5kzZ9qIESPs22+/tVs9+3ymD+9WwBwNA6/uGd2FCxfa5MmTw2vr1q3tF5+vPX7CBBs3bpx94VlvBbBaEO2rr76y3r162Y3XX28JHnCvXLmyzKgVYIcgu0pSdnCtxhR061FdI0aNsZWrVof29X6BX4MWP5s8ZarN8AXN4uLjbJIvgjZx8tTw/O2oPp2gzPiYcROsQf16dsiB+1pVt1q1ek2oiz8QQAABBBBAAAEEEEAAAQS2j8B2zWAP2Hln+/ijj+ykk0+29Z6l1ergDz7wQMg2a9j4nzz4PtJf7/Y52oceemj4rABaGe9mzZoFsT332MPq1K1rh/j+a6+91k72uj7++GM74sgjPWDtbB07drT69er5EOxUe9ED+ltvuy0E58cdf7wNGDCgzNQ3zhvfOIw9thFlnw85cD8b/P7H9vTzr4Rstoa7n3DMEaYM9Jx5832I+PubhrvH2yEH7BNWGtcCZxpWrqKs/cjRY+yjT78I+7SKeD8fMk5BAAEEEEAAAQQQQAABBBDYfgJxnhmNFrreLr1Q84sWLQqP59KK3hrSHRVlprW/ka+UraztrFmzTI/rql+/fhg2rky3ygofLr5q1apwnB6NpSHi833l8HoeWOsYDTnXq+rQdgW5UYAetbW11ykzZodDOrRusbVDw361pWdfp/gccbWXu+i6VnqfMzOzwmriCsijsmbN2vCoMS10pvP1BekGgbLfkY+CbGXAVY8e2xU77zyqh1cEEEAAAQQQQAABBBBAAIFtJ7DdA+xtd6kla2nZilWhgrq1a5asIs5GAAEEEEAAAQQQQAABBBCokAIE2BXya+WiEEAAAQQQQAABBBBAAAEEtrXAdl3kbFtfLO0hgAACCCCAAAIIIIAAAgggUFYCBNhlJUu9CCCAAAIIIIAAAggggAAClUqAALtSfd1cLAIIIIAAAggggAACCCCAQFkJEGCXlSz1IoAAAggggAACCCCAAAIIVCqBzc+GKqXLnrk6016euNqy/NlSeTydqpRa2XbVZPmF9G2YbEe3qbrtGqUlBBBAAAEEEEAAAQQQQACBcidQ6gH2E+NX230/LqsY0bW+Tg+w69RJshEDm1rbGiT8y91vOB1GAAEEEEAAAQQQQAABBLaRQKEC7KysLFuydJnptaDiSWurm7bGLuqYYfEVKBbNzMqwSbPmWbX6VQq6fPYhgAACCCCAAAIIIIAAAghUYIF4D3Tr16vr8W7eAW+hnoNd2ABbjlUT4yyhIowNz/VLkZq5wTI07p2CAAIIIIAAAggggAACCCBQKQVKJcCulHJcNAIIIIAAAggggAACCCCAAAJFEMg7r12ECjgUAQQQQAABBBBAAAEEEEAAAQTMCLD5LUAAAQQQQAABBBBAAAEEEECgFAQIsEsBkSoQQAABBBBAAAEEEEAAAQQQIMDmdwABBBBAAAEEEEAAAQQQQACBUhAgwC4FRKpAAAEEEEAAAQQQQAABBBBAgACb3wEEEEAAAQQQQAABBBBAAAEESkEgsTB16DnYc+bOt/T0dLO4wpzBMQgggAACCCCAAAIIIIAAAghUIIENZklJSda8WRPT87DzKnlvzXVkZmaWzZw9xzI90KYggAACCCCAAAIIIIAAAgggUNkEFA+HuNjj4/xKoTLYOjkpKdHat22db6SeXwNsRwABBBBAAAEEEEAAAQQQQKC8C2hk97Llywu8jEJlsKMalMmmIIAAAggggAACCCCAAAIIIFDZBAoTDxc6g72t8XR3YO3adbZq9eow9zsjI5P539v6S6A9BBBAAAEEEEAAAQQQQKAoAj5POSExwVKSk616tWpWrVrVSjUKeocLsBVYz1+wyBYuXmzmX07VqilheDqLqxXlt5pjEUAAAQQQQAABBBBAAIHtIOCLYmdmZtqKlats7vwFtiFrgzVp3MgaN2pgCQkJ26FD27bJEgfYWRs22JIlS2z6zNm2ePESW+8rjVfxldUaNKhnbVq1tPr161t8XOGWHl+zdq1NnjIt3PFo1aK51a5dyxLyWZ1t2zLRGgIIIIAAAggggAACCCCAQFEEtCjYihUrbc68+TZvwQLr3LGDVa9erShVlLtjSxRgp6dn2MTJk238xEmWmppmyVWSTbH0Wg+Ul65YbtNmzrKuO3W0Th07bsxCF8Cj4Hri5KnW0APyli2aFXAkuxBAAAEEEEAAAQQQQAABBHZ0ASVL69WtE35mzZ5rE6dM9diwfRg6vqP3vbj9K3aArWdi/z5pik3w4LpmzRrWt1cva9m8mSUnV7F161Jt/sKFvn+qjf99Uhjq3WmnDuGZYXl1dO26dV7PZGvRrGkYPpDXMWxDAAEEEEAAAQQQQAABBBAonwJKourJVIohu3fpHOLG8nklBfe62AH27LnzbNSYsdaubRvr3aN7mLweNaV5021bt7LGDRvab2PG2Ug/rmbNmtaqZXPPcG85XHzmrDlWp3ZtgusIkFcEEEAAAQQQQAABBBBAoIIJaC726jVrfXrxTM9kdyj01U2cONFHTKdap06dLCUlpdDn6cBJPuJ6nSd0O/u5yb7wWn4lLS3Nfvd2qlatajv5COziliI9pitqJCMjI2Smq1atZp09M62V4fIq2q4hAFWqVAnDAZTZzl1WrV5ja9asCcF37n18RgABBBBAAAEEEEAAAQQQKL7ABl8z651BQ+ynn3/Ns5LX33rHPvj4k7Bv/fp0W79+fZ7HldZGJV1XewyoQLuwRcH1sGHDbPjw4aZAuCgl1WPQESNG2nD/ye9cbdd+HafjS1KKFWALftr0mda+bWurVbNWge3XqlUzHDd7zhxbs25LRC2MVqdO7bAwWoEVsRMBBBBAAAEEEEAAAQQQQKDQAqv9kcd33vt/du0Nt9ivHqDmLgq+Z82eY/PnLwy7Xn/rbfv3Bx/nPqxUP2tB7Lp16vgC2f7UqEKWzp07WxcfVj5u3Dgb7teRX6CcV3WdOu3k2eudbPx4P3fEiC3O3Rhcj7Bxvl/H6qckpVhDxDOzMm3VqlVWt25dS/RnnBVUkhITrWGD+p6lXmsZvihabNEXqvnXTZs0jt3MewQQQAABBBBAAAEEEEAAgRIKPP/yqzbXV/A+8ID9vKYtp+pq+u4pA08IQ6e16PRon96r2GzmrNm+8HTz0Pqo0WND7NezZ3erXatWWBVci1qvS0u1pUuXWb8+vW32nLk2Zeof1tWD4MaNGm6110qwql+KB/OaQpy7Ag3t7tevf9g8duy48Nqvf/8Ch3xHdejcvn37ho/jxo/feK5/1vbNwfV469a1q/XbtD06tzivxQqwo4bymE4d7cr1uuWXqQP0zGstllbN52xTEEAAAQQQQAABBBBAAAEESk/glBNP8NHCdeyOe/5hSpLmVV585bWwFpbmKA8bPsIaeYCc5sPEL7vkQnvo4cdsiQfR9evXs5dee8Puu/vvNsEXsb7v/oeso08F1qO3GjdsFJ57rWHci5cusScf+ac1bdokr6aytyn+UxyoeLCwz8ZWQNy//86hjnHjNgXKxQqyJ4SgXgH1WA+4x42fUGrBtTpXrAA7IT7BataoaYsWLbamjRsX+AiujIxMW7ZsmdWoUc2z3Tmby/KHjqf7fO6EhJzbs+V5gwACCCCAAAIIIIAAAgggUCyBxr6omEpmZt7BtfYp0NVaWfvuvaf16d3Lf3ra2WecZl//71v7/sef7fFHH7JGDRrYLXfcZe+9/5FnqTuFuO7vt9xkc+fPszPOOd/+9fCD1tcz2aeeea79MnSYHXv0kao636L4L8P7pHgwoeAB0Tnq0NpeO+88IATIxQ6yPUs8wYPq8RN+96ddbbDu3bp63/sUKhueozP5fChWZFulSpK1adPSpkybbm1at7T69erlU73ZypWrbOq0mdaieXN/3lnOxdDi4+Ms0UUzMzMKDNLzrZwdCCCAAAIIIIAAAggggAACxRbQEO3oJ96fW62Msl6nTZ8R3r87+D3b4Jnm6tWq+cLULUwLXmuqsB7V3MyahAx5s6ZNw5paivk073trJcR/nnxVPBiVCRMm2G+//RYC/mhbXq/qa6pPM9acaq0unuKrfkdDwPM6PnabsuDKXE/w4Pqrr76y/fffP3zW9tIqxQqwlYnu5ncuvv/xF1/2fKr16lE1z5XE167151tPmmyrHLl/n15hyfPYjuuLS/JJ7mv9jklRl1uPrYf3CCCAAAIIIIAAAggggAACeQsoaN7a2lk6U0O2FaOpNPJHLjds2MBuuvYaS4hZd+u/X33tid+scGyWZ4BVdJ5KYedUK/5THBi1FU7eBn9ozvVYH16ufh7gwbUy2MqE9+27nTPYuvYWzZqG518rgF6+YpWvzNYhTGivllLVx+yn2Syf6D7ZJ7rrVRPq9aXknsCuzzWqV7Ply1dYvbp1tgEpTSCAAAIIIIAAAggggAAClUNg1uzZ9v0PP4Xh0Hqq0+D33rcjDjskR3JTj+WKHs2l+dcffPSJZfo0Xy2M9s7gIXbz3+/0LG+XMFf5pBOOt/i4+OyVuBWoani5XlU0d1sZ7q2VZcuX+zpcVXPEh126dPGVwrts7dSQ4R42bKjF+Y2Art6vbt26bfUcHbB5QbMJYVh492gOtgJu/19pLHCmdhJu96I3BRXdkZi/YGGYb52QsPGOhu6C/H97ZwFgV6308am7t7TUaGlLqVOkxd3t4a4P9w8v7lbc3Snw4OH2cHcoUqDuBUqNum3lm9/cZvfs3XPP3rWyMoHtOfckJyf5ZzKZyUyS5uoaoDqyLm6flto5btx4GTVmrP6Nl4mTpphPfae1OlojTNPjuJo0aWwKdfRbNXXmgl3nWupO49kucI++7/eOgCPgCDgCjoAj4Ag4Ao6AI+AIOAIFEeBI5J+G/SJd1u4sbddsa4p0n969zHocUmPZ7rr22rZreNcuXez0J7yLNxk4QNdlb6F64F/y11/TpW+f3rLpJgNt/TW6W491u5uSW0/TrtevjynttTSv7ut0U8Nrau13+Eb0ulTXfE9SXbGDupvX0TXVRQlMBKBcY3XupWun2Vk8G/fuPOU6b7fw+g0amJV+uU4I/KabnTExsIaWO33fsGj54vTiaDz31XS2ITXdkB4T+Z2jx2v98PMw6d+3T4G10rw+Y+YsmTBpsp5lNlMAjLPNAL1TR9ZnN7P4r7//wXIcsEF/aa2L5KO7xI8cPUaV65rasJ0iX/VbR8ARcAQcAUfAEXAEHAFHwBFwBByByoTAmHETTJldd52uRaqWKcnffycc09VbJwlKolxHlXLyHarnY3OEV0+1aidZspP04lCZYq3BDi9zxc2bc675yxTWUN99FOtvVMnmb8D66+U7H61Tx47yiy40x0reZtVOd5ny8ueOgCPgCDgCjoAj4Ag4Ao6AI+AIOAIVDwH0vdlz5kjPddcpUuGLq1zzkREjR+lmaKOkd89esWutUbZTm6RV07QjpUGDhtJPDcvFDSl/7+K+XYT3WpuSvZ4uJBf58uvvzNIdXq9Tp7Ywg/HH1L9k8hTWbHtwBBwBR8ARcAQcAUfAEXAEHAFHwBGoLAig56Hv9ejezdZfF6VeI0aMEP6KYrkO+dfTM7c30E3MkjYySynZ/S0d6UsSSmzBLsrHUbI3GbCBbfmetyF7Kge2fe/etYuMUHfx2XPnSjs9nJw12zVW7WJXlO94WkfAEXAEHAFHwBFwBBwBR8ARcAQcgX8WgeW6l9ecOXPl9z+n2sZp3bt1seO+iloq1oTjEr6urvuOundnk8863bplk8zy7du3b1ZpkxKtVgWbhdctWzS3v7hCNdAdxdfr00v+mjZDJkycrIvmq1kDZLOlfFx+/swRcAQcAUfAEXAEHAFHwBFwBBwBR2D1I8B6ZXYYZ++tNXQPrjatWxX7WK7u3buv/goU84urWcEuvJTsJN52zdbWAJyjvWDhQlmsC8/ZKj66MVrhOXkKR8ARcAQcAUfAEXAEHAFHwBFwBByB1YqALgnGQMru4ngl169fr9iK9Wotdyl9rNwp2KFeHDresGED+wvP/OoIOAKOgCPgCDgCjoAj4Ag4Ao6AI+AIlFcEVtsmZ+UVAC+XI+AIOAKOgCPgCDgCjoAj4Ag4Ao6AI1AaCLiCXRooeh6OgCPgCDgCjoAj4Ag4Ao6AI+AIOAJVHoEiKdg1a5Zbj/Iq35AOgCPgCDgCjoAj4Ag4Ao6AI+AIOAKOQNkhkI0+nJXGXK1aNdtk7Ovvhkp1vS+zoFmzydny5bqhmS6O95CGgOOTBkjaT8cnDZC0n45PGiBpPx2fNEDSfjo+aYCk/XR80gBJ++n4pAGS9tPxSQMk7afjkwZI2k/HJw2QtJ+OTxogaT8dnzRA0n6m4bNi5UpZqUePoR9nClkp2OzerVnJooULdCfvzJll+kg2z8l1mSrWEydNkbU6tpeaqmi7jp2HnOOTh0XcneMTh0reM8cnD4u4O8cnDpW8Z3H4NB35ozQb+VNeoip8N7t7P5netY+PXxloII5+fHzPA8vxycMi7s7xiUMl75njk4dF3J3jE4dK3jPHJw+LuLtYfFTB5kzupNOtslKwV2pGWJb79uohNXTL9bIIzAIsXrxEZkyfKX16rqsFryN810MKAccnmRIcH8cnGYHkWKefouNT76s3pc5b7yS/WEVil+i5nm167u/jV4b29v6VAZhVjx0fxycZgeRYpx/HJxmB5Finn6Ljs0zP9h47YVKinpqVgh0+jYW5rFReGhjXcPLnukzPvXYFOyCP44Djk4dGwTvHpyAm0SeOTxSNgveOT0FMok/i8Fmh7lEeUgisWLHSx68EYoijHx/f8wBzfPKwiLtzfOJQyXvm+ORhEXfn+MShkvfM8cnDIu4uDh/04cJCkRTswjLzeEfAEXAEHIGqh8CyPl0kZ70BVaritX78RmoOG1ul6uyVdQQcAUfAEXAEHIHCEXAFu3CMPIUj4Ag4Ao5AAgIo1/OPPSchReWLavjQTa5gV75m9Ro5Ao6AI+AIOAIlRqBIx3SV+GuegSPgCDgCjoAj4Ag4Ao6AI+AIOAKOgCNQSRFwBbuSNqxXyxFwBBwBR8ARcAQcAUfAEXAEHAFHYPUi4C7iqxdv/5ojUC4R4JSAWrVqyZIlS3I3F6xTp7aweVNOTk5umWvWrGnplmq65TGbXLEZRJ06dWxTPjYxWqEbQeQsW2Z51qhRXWrXrq15VbPfy/Q5f4SaejpBrVrEsc1hKj5aFtJ4cAQqKgL0ierVmc8O24RWM9oPfauW9qsa+kdYsUL7jO5QSv/J3y+I1QND9PniVf2UPOmn7GhKPwuBvkwcfagihHTeAAbUibNGCenxUd5BPHwn1Jnf6fG5+Gt+8C1wB9+kfGsrhqk2SfEkNl9dunRpgXfSy8r3Szvklt/pJxba9HZMb5P0+HT6qOz0EwuaP3QEHIEyRcAV7DKF1zN3BMo/AijXEyZOkk8//0J232Vnada0iZ1J/8prb0rjxo1ki8020R2SV5iwP2LkKPn8i69k5x23l7Zt17Sdk0MNEegXLFwoTz/7vMybP18F3prSs8e6stEG65tiPWHiRHn/w4/tOL7GjRrJwI02kK5du5gi8NvwEfLZF1+mTg9QAbhevXpywH5729V3Gw4I+7WiIYDgjjL3/AsvycxZf0tdVbRXrFxhfaBvn96y1RabWZV+GvarfPv997JQ+896ffvIxgMH2ETVTz8Pk48/+UxqqrKHEr5k6RLth7Vkn732kJYtWsjMmTPl5VffkPX795P+6/UzxZJJsC+/+lr++HOq7L7rznbEZnnuQ/CfiZMmGW9Yokd1okzCFzZcv7/Ur19P8Vmp8ZNjeQc72cN3Fi9eLB8obxk5eow0qF9fttx8U+nSZW3jT+D/ymtvyLRp0y1tN81744EbSYMG9WX8hBRP4rsNGzaQDfSbPdftbmrsh598KvAlsFu+bIV07txRdt15J5k0aYq89+FHEldWlPDSDE4/haPp9FM4Rp7CEXAEVj8C7iK++jH3LzoC5QoBBBQEzUcee0LmzJljQiiWo5defd2EewRYBD19JP95/kUZfMvt8ubb75jgHq0IaVAQHtZ8fvjxJxVEJ8tV1w623wj9EyZOlocffUImqjL/yWefy+lnny/fff+DKtF15edhv8iDDz8mk6dMkb+mTZOpf00zpZ48PTgCFRUB6BclEGWXSaynnn5W3n73fZny++/y999/Wx/6z/MvyFnnXSBDh/4oY8eOlyuuuV5uuf1uUw7nz1+gaf8whfnBRx6TUaPHyh9//GEW7tq1a8mHH38qN99+lzz25BBVrnOsn9Kfv/jqG3lW8y1tha8s2iHFfybJQ8obxowbL+PGT5Db77pXBl10qczQCYTa6tkyXs8bjeMdKOPz5s2Tiy69Uu64+z7lOZMMk9POPNeueMzgDfD4U88oz/lCpipvufWOu+XGW+4wrHJ50uTJyrN+lrPOvSD1nk5ovPf+R/LCS6/K1KnKj6b9ZRMkWEJpx0xlpS6lGZx+CkfT6adwjDyFI+AIrH4E3IK9+jH3LzoC5Q4BBMe6devqXx27qpYt9fQ3bpcE4idP+V0V4WGyy47by0effCYH7revWX3Sz0NG6MX6vN/ee8l1N94sb739rhx95OFSQ/PEIn72madJk8aNZb+Dj5Cvv/1Ott1mS1PqmzdrJpdddIE0VQs6LuhL1fKE9QgFn5D+HXvo/zgC5RgBaBYl78zTT1VFb6kcf/LpsqF6dJx1xqlmbR6lFleUtYMP3E+OPuIwo/V3VAG/6robNV1/2XH7bc0a+/pb/5NbVem+8LyzpXXrNUxxnqfKNx4h22+7lSl9KN+9evYwNOi39MOKEqpXr6Y8oZGcedrJ0qnTWjJm7Fg5Qyfghjz7nJx31hmKS7VY3rH1VpvLS6+8Lr/8Nlxuu/l66a31X7hwsVxz/WC58577ZAO17NeoUVNqKv/C6+b/NP+HH3tS7rr3fpk+Y6ZNcMCT/u/Uk9Ujp42cfPpZ8sFHH8t2225t31y//3py/TWXmzK+WK3c1aopL9I5v0xlJZ/SDE4/2aHp9JMdTp7KEXAEVh8CbsFefVj7lxyBcosAlhIsPQifg2+5TYX5u0xoDxYZhNSP1FrWoEEDVRZOMavRd0OHqrtq/BzdnDlzZcyYsTJq1Bhp0aK5ubdSeQRGLEVv/u8dW2vas0d3Xae9wgTYRermeesdd8nV1w2WH3762ZR71jxiVSe/imCNK7cN7AX7hxFYaZNFFIJJI/6YtPpVFUN8NHDlZiJppbqPb6lu423XbCO4h1tac1hOrUXOe7eGuS/jJXLKicfLWh07yDvvfWD96B+uaIk+z54NrJ/t1rWrTixsJkN/+EkWLVps2KTzDiYTiINXDBywofTu0UN5xApppK7eu++6i/EMXMvBGf62YMECGa/LVH4dPlwnBhvaBCKFBdMZM2coniPl9z/+VH7VwiYDWX89atRoufaGm+XGm2+X6dNnWDlCBePLuihfmpC25Fenn2wwjG8Tp59ssPM0joAjULoIxEvHpfsNz80RcAQqCAIo1DVVmRZZroIioj8bCOnaahVO3/vgI1ljjVby9+w5grX53fc/kK233MLShH8QZFEUHlFFfcgzz0mzZk3lVFUAcANXEdHWWD/zn/+qq+toOfzQg9X6to1ZqlPfwVJew/74Ji6w7773tdz7wINmVb/04kHSvVs3s/yF7/nVEagICATFOJSV36nelXpSbdUvfZwbokszwvOQD/3svfc+lDrqcbJgwUJbj/3xp5/LUYcfqn20ZW4epOOP9ypCiJaScmvBVxWbTeGWSz7esc1WyjuWrkqjaUmvgTe45Y9N4gi11IuAJS/wMDx1zjj1RGnSpIm9u2TJUrn48qvtxXXW6SYH7r9vagNH/TZlCDwpX4NpnqFk5J+/rDwp3RDaPeTq9BOQyH/N3CZVm37yo+S/HAFHYHUg4Ar26kDZv+EIlHMEENjYlOxoFdDXXruzLNbNlEaq9QarMVbqYb/8Zi7iWH6eeuZZ23Tpxx+HyeTJU8x6tmzV5j4pQXCFHHbIQbLTDttLfd1IqL5uWIZwTBzushcOOlueGvKsfKPu4YccuL+0VqWduLp16pqrJi7i7H68aNEi3XSon1x39RWmtGPVcyt2OSckL17WCNBn2AQQ2n/jf2+rcnyI0Tmb/U39a6qs16+PKYDpGaJ4T5s+Xb785hu11jbUTQWfs0mq2bNnyzfffS977bnbqldSyjUTZStXVgwlOyizY8eNs30amMCzyTm1aqfzjlnKO1q1aiH9FCfWmw8fMVJ66AZlTDi8oR4yzXQSsEP79sYzctQTZpeddpAjDztYJyXqSkP1xIGXsNeE5auu913WXluV7sbmOUMc7bNOt64y6NyzTIFmIzWs6CHElxVel7ebe0hbFlenn4KoxreJTu46/RQEy584Ao5AmSLgCnaZwuuZOwIVAwEESgRI3LRRbBerQIr7JTvw4nb38quvSWddGzn42itNAMVt++jjTzFX71NOOl4N3qndc1EWeK9p06bm5kp+CJwIsalvLFKFu76cdPyxcuyJp8m99z8ol1w0yATXWbrp05XXXm+7JCNUn3T8MbYeG0FZNQSzKpG/B0egoiLAxBF9ikB/6NplbTnqyMPk0cefsk3OWDs97NffzMV5s002NsWZ46JC/8QLhN3E3//gY3OBvnXw9bZ2GNfoiy+/Utcjv2Zrjekn41RJvfzq62wJxuabbSx77LbralP+ito+HAc4d+48uUPXTTPRhrLcds015dCD9rcJCJTJxYsL8o7zVTHeZ689bdnJuRdcbBMW06bN0AmIaXLe2f9nVurZ6nEDT2rUsJG0a9tWFip/y+NJy/TorSWyZpvW5p1D24A1FumUS/pPcuEll9uzddRt/fDDDoIVJZa1qHUvSnqnn3i0nH7icfGnjoAj8M8hUONyDYV9noHmz6l/SVOd3WX2PD3gilVd/2FQyuYv3dWK/HiPgW3ipCnSqWP7jGs7079dVX47Pskt7fiUDB/6MGsP+/bubUcJIaBjuV63+zq2qdIsPWIIi3TnTh2tr7IWu03r1rYmG8WbQB4Ejtjq17eX8osm+Sw+4Ru9e/WQNm3WMOsQgi8Wc9w2W7Vqqfk1NIt3Iz3Gq3evXqZMcG5tOA839YXS/9fpJxnTOHxqD/1Cav38i724TK2IS9ffNDmTShabXv9F/QZmHL/Aj4ACjdUaRS9YQ/v27iX9+vQ2iykbbh24/z6y3z57mWty3oRSNe0frSwdVrppuhv2RhtuYMdzMSYzgdW+XVsdh6tL93W62tnYLVu21I3BGpu1tpP2244dOpiy+k80Qxz9RMsBOk11OQkWeSbUdtxhW9v0jYm6oPDCnwrwjs5rGZ9hvTbLV5aqu/e66uZ9wrH/lvVXHVvGlFyd2nX03Z7mLUN+IeTyJG0DMATvvLaqKS1btrAJwXp6XBiby3XrurZhjJdNprKGvItyLRQfp59E+dDpx+XnpP5WWP9KercqxDk+ya0chw/j9xydFGZylg1840I1HVAKNQnlqAVqqG5MtFaHdjbop2eUs3yl5OjHCs8pJYTXqVldaqwaMEJeVIDZ2Y8/+0q22nxj2wE1i6KF1yv91fFJbmLHp2T4ILQj/NMHQ7+rU6e2KgHat9Wqw/m9KLrB+sbXEEgJbEQWAu3A7sXBEhSec03/Bt/j2ZIli1fFkR/sKOXOGi0L75dlcPpJRjcOnwYP3ij1nnzGXlx0+MEy/9hzkjOpZLENH7opr/5HHCKzDj+t0PGLvsHAHO1HwJLqC6lBOvS50A+JT+87WLWr6aBOHwmBCTH+8ETBys3Z2aE/YbFN/2Z4b3Vc4+gnvX7suUDfR5CA11DmMAmRXv883pHiV0wyUOdqq/aNYEkK74fABB6/o8+IS883pOcKxmx0FjBEMYfXsWlaivfFlzWaR7b3heET8nH6iZcPaUenH5efQz9Jv2bbv9Lfqyq/HZ/klo7Dh7Fk4uTfdSK3r409cTmUyEUcHXlxzgq57YuJMnLmAsmx3YDjPpN6hgJeWwenDds3kYN6t5EW9WupZSpzeo9xBByB1YMAwmPUssNX2fwnhMURQT48iyrW4RlCMwJ+XEj/BgJ/EPpTAvGiuNf8mSNQaRCIKsTRSqX6QvRJ/vv0vsMRdukhqkAyKc5fRQnUb9GiPMtyernT6x/lHaRFEV8SmehLfz9bnhR9zzCOwRl3fDxv/ong9BOPutNPPC7+1BFwBP45BOLt2lmWRw+/kMXLVsjLI2fI/CXLpUGtGlJXd+3M9Ef8XE332A9/yvjZarXKYFbP8vOezBFwBBwBR8ARcAQcAUfAEXAEHAFHwBEoNwiUyIJNLVgbuWTZSjmw75qyiVqmcRXPFGqpQv3VlDly2QfjZJFavlk348ERcAQcAUfAEXAEHAFHwBFwBBwBR8ARqAwIlFjBBgSWPbVtVEe6tqgvS9V9KlPAPXzSnCW2IVqmNJme4wPPX1iTxT0huo6LdVgrV6bWgsdtxkZa/tLj4p6HZ6E8md4hPr1s4Z1oHPfRPJPyi76f7X16fuF7XKO48Zu0oSzR98Iz0hCicfxOj+dZRQmZ2ijT88LqHo2vyLiE9ovDgWcE6keI1pnf0XqH93mDSbfwDukIIZ776HvpeRKvCSyP1Du4f+atIwn5RPPglbh80tOQrrgh03czPQ+bPlLywLPCt6NljStjNJ534tKEvMrNVWklWu5omQNGVtZVbZtebt6FdtglO669o+kDnrwTvhO+EeJC+miZeBbSh/jVdU0vR7Qs0bhM5YvWNZSZOod8wrP0dKSBFqN0mAmr9Ofpv8M3yuIaxSDkH7CIxoVnIU24pteb55SfwDshpKcjTWngE7AK3wnXdHoMz4t6Tc8/ikN6HHlHvxuNX6kGkIBGFFfeCXlGMYrek4YQfZYpj+g3eSfkzX1ZhPRy8I3wzWh5eR7KFodR9BlpK0sIdY7WJ9Q1il3ALKRLiiNNNN+ivhvyTn8vfHt1XkM9AiZ8O0o32caHMkfrFN4NcVyj34nGR/sn6fLFJchVsDrYXDRf3i/tEMoT950QF1eW0NahPAGf/M/zj/0hbfqVd5JkhWjZom2Y/1upXEM50r9RWr9LRcGmMMu1dZepIMxfplC9mm5eEhnsMqWLe56Ts8zWdtbX3TwBiqOEatasZRtbAChAzZs3X3cjrmNEOXfePKU4JVA7A1RvNL6eHg9UU13YOQ5khSriRpH6MXY9ZtOUBQt0HfmqdWuc3VtPN0bhNzWaP3++7fLKO/xm0yc2TiGwHmzx4iXSsGED+x3+YeMNyjVn7lxZrpuusEMs32G9UO63VuXHpil8rziB8lBfjlNi4xvKiJLDhih0WATWRo0aWucDu4ULF2oZVuiOzfXtzNCcZan1fHy/fv36thEMZaTOKWGXL1TTuHq2iU5xyvhPv5NOP6E8rM2jrtQ7GqLtQ9uwazaBtITceL0PuIX1xJaggv2TWtO4zGgiMKiwzpAjs5LoATrnHeg8Z2mO0Rp9KmwoBM3TX+mfnLXdRHcXp1/wjvUr7WPVdPdjAv2SzYV4n3c0md7n9QveWaD0S/8MDJOyxff3epYX1FvSYH1c16Fzfm40GN/RfgINgAODDBtNQR/z9Q8+wU7OlJs/0hv/0XtGiRTt1DP+ECYm4vgTNMi75TVQN9offlOjRk2jAdqHtoGOluak1vODR+Ax1IU0KDhzFcMl2hfpZ/xBO9QX/mt0YOOK1l/ThjaYP3+B0UbY2ItvJfVj0CsJny0u9nw3lj9rmzKGcG5z4MHRcSf6PWiCsY2+FOgA3gV+YeMr0oMJmz2BCfTIPgm0C/2pofI4+hfP+ONM+5AXdAt+CxfqUVjK53k3E2+Mlqs07isDPmDFPhXQMjS6UukV2QNaBduShrx+oP1L25YdzMmXfkdbIn+k2pJd0KubLEI8/Ja4wHsDL6KtC4zvKg/U1Hafp30ROmPTuDlz5tqYAD2QP3lCI3wXOikoF9U1Os3t8/oOedGnWRLIcWulHQqjH/gw/QTeQ4A3Ux/6XqgT/Aa5iHKStrKFPPoBLf3Tdgy0GcYj6o1MCM2wJwptHGiEjf3gF+AG7RCgD/Y94P3qGp86ZSgvPiojRfkaNMS3OOqT73D2PL8DL7LMV/M/S1VuYX8D6k/5KMs8lakZL/ijj4EHfJQrAb4NLvDfPHxLp3/y/SS5ie/TFlrQ2LGT+NIO4JKk68SVZbn2KzasDHRktIcusYrX5PIPLSwnPYA/+AaMo3WARpJkhaQ2ZDyE3hSu1EaYeoO8BQ+AL5QV7ZWagh0ForTvERi++fZ7ueWOu+TWwdfJWmt1kJtvu1M4OuiKSy80kP7+e7ac9n/nyLl29mVjOe+CS+xMX5ROOj+DzllnnCL9+/WT4046TQfDxSaEwCxOPekE2XH7beW6wbfIDz/9pPnVk5YtmsthhxwoW22xuTHkcwZdLL///od1JgbSww4+QI447GATjO994CF59fU35eYbrpW+fXobEUL8M2bOlAcfeVy+++57I7JOa3W0b63duVPqWz/+ZB12iZ7DufOOO2jc8UZYRWlsiA4B9OJLr5QJkyYboVTXgR2Fft+9/yV88+77HpRrr7xMevfuIb//8aecdd6FVt/DDzlIrrvxZj1D9CcTTDlWaf999pZdd9lRxo4bL+dfeKkyUwRm3fVd/wadd7ZstEF/rV/F2TwHWozSzy2Dr5UO7dvbIAFjfOTxJ+0M1VuUrlK7kKaUaGhhKLgoQ0WY6aPHuByhOyWvoUflwGwDrSDQB9w4WiaOMZR2fyjt/Kj3199+J3fec79ccsF5Vlfqce+D95hQxHmyvw0fEUsPmwzYSMZNmCgPPvyo/PLbcKP95nrMzpGHHyrbbr2l0eOHH30iQ559zo4Woh9uufmmcszRR5gwc/Ntd8n3Q39QrketEExXyGabbiKDzj1T7rr3AVOmL9NzsmHuKN5vv/e+XHvDzXaONscZUc7x+v2LlP45czva38849STZYbttrL1Kghn4fPvdULnquhvk9FNOlF133snyZOB97Y235B7tX5ddfIEMHLChKYYvv/q6vPjyq8afaum7u2jfhpdAS9NmzJCTTzvLysou7c30GKKtlcfst+9exsemr4qP8qdTTjxedtlphxLXoyQYFPYuxzgeefRxxlMZsHr17GFHJXG00e133SNvv/uBCXRMMnJu8W677GRtCu96csiz8uHHn2hbL7Jzzw8+YF/DGJ7z7ZdD5ZrrblSlQicv9D+UzMHXXmUK+6CLL5eLB52ruG8kDz/2RMZ+DH9DMCoJny2s/pniM/FnBMt/7bGrHH/M0XK98mB4TXTc4dgpxiaErKE//CjnKS/eV3E76YRjrY/Buzg7+9vvv5cbrrlSmjdvbhM6F+iZzXvutovsrn9jx42TW26/y3g5ytAxRx2pZ2HvLG8pG2kfAABAAElEQVS89bLc9+AjcuWlF+lRX+tbfgjLTz3zH/nviy/LrTdeb0eJ5WJ6o/JGLUdRxqVMeKQ/rwz43H37zfKC9vdn/vO80f8Kxkyl16aNm8idt99k40dJxgXjP/SD67UfqFwB3xmwwfpy7L+P0qPJWspbb7+rvPJ+O06MNqKP3XbzDSrDtJCvvv5WHn3iKflDx/3aym82V9564vHHyCSVFZCRouP7heefY/32tDPPkZ22386Oijvz3EGy9VZb2JFpKaV8gZx+9rmy5WabGU8rKBcdKEcdfojcdid9/j3j8Sit3broee9HHCZrdexgPDKdDor7Oxv6ufLq66VDh/byf6edbJ95WseioT/8LLfceK3JPWAKRl9++bXiNtgmDsqC1otbx5K+l0s/aXz0hmuusMnf4085Qyc3lxh9dF5rLTn+2KPteE7OoofvQLuMVT3X7W5xnE/PePy98qVHlAdNnjJFeYNIf91N+cTj/q3HFrXJJyOl8zXye+6Fl+S55180WuDYwvPPOdPotiT9pLg4Ubf33v9IHnz0cXnwnjuUlzbTSYO5ctLpZ8p+e+8th+vYjfzywkuvyrVXXaanKbW3iYXrBt8k3buvIycdd4y8/9HHpdY/j/v3kUaXcXLTv4863NoMcWnmrFk2BiC7MTnAhMlBB+wnu++6s0FR2jTM5FsmXSdTWfbec3cZO2p0Adkx8Br4xxTVq+qrEaWR8q0BG24ohx60v03Qw5tCCP08k6yA4TRTGx64374mi56i+uF8NfLAx6prXZapHnOkyvTIZkxClkWoEAo2gjcWEIie2RD7rUrOW++8K5zBe4oqpsyMzJ4zx2bdObv38ksuMGXy+htvkSNVEd5wgw3svDKUI9IdcuD+ss3WW9is8xotWxpDmPX337rl+nqa/hDtbI/JTbfeoUyjnykZ06ZNl80328TeW7h4kTRv2syYw4wZM+XjTz83IeXd9z7Q8397G/NhRvTGW26X0WPGyiknHmeC9BdffaPlT83+/T17tqzXr48cpwIWu5U2Uus3zKWonYL0CGGnqeDPbBD17aEM66D995UmajlroRMFzz7/gjz65BC56fqr5b8vvCwLdeZt1513tO8xScF5oQzWL7z0itx6593Sr19vi5u/YL6W/QSdNOhl9ePcYwTDihfy6AfhJxroWGb9NL+EVAyY0j605XGKCwPIAw89KpP0OvjaK03ISdFKftx69VpXz6JtZx04+o3yf5+akBk/foLccNOtcutN10trnUhYqDP9zPzpWGq0nk4PDLR/z54jV15zvdEeyifK9edffGX9iZnwL5Xmr9D4nXfc3iaQJk/5Xe65/yG1kiyQiwado0LXIapw7WHPEADBmwkNApZqLHIEykDfffe9D23y6AMd0FAWEDYZ0OP6O8Jn6XgVpGZuZ878W55QZXDTjQfarDs08NTTzwrXnOU5NkGDsMvk38HKXzbfdGObmHjgocfMcgMfoI/Df+ifW225mQl6D+vAPk+xjsZH+VMrFZRLpx4GZZn8w6BFX7ri0rONX16tygCWibNOP1VnjudJFz3rHAGXiYfb77pXJzr76kRpR7lf+9U7774vJ6hgRpr3P/xYafA2UxaYVGAneyY0LznrPGnbdk3jjyjtKI+MB/BOhL2kflwafLa4oCXxZ6yJjBMzjQfnH3fW69tHhYxG9tl3dFyh/T/65DM5YL999JzopvYcq8nnqhTcdd+D2pfO1VFSLeVqTcKqhNLwn/++KDNnzrJJ6d9GjLSJQCYpEMZ+/+MPeVJpt6/yuDrahyZpv/yPCrxYnaDRXEw1P+pA3ti+SjtUBnzgS0zkbaRK70uvvC6ffv6FXDboPLMil451hDZLWamvuORC47X0L/jv8ccdbZZXrDfXXzPIhGwwhbZGjhotl115jfTvv55Odh2tE5zTbTKStoTu4vg5k+ezlafDdzmPvJ/S4Wuvv2WTYvD2b7/7RCZMmCTnn32m0Ql5brH5pim5SCfLmittggdeE2t17Chn/99pNtHIRPYll19lYwuTiqWlSGVDP1jkmcgLYRPl388qraMgbrfN1oIM98ab/5PttA2bNGmk5S+4Q394t2JeV9GP9vtLzz5f2rZbUyeiV+i57q1N9pmtXgookUyK3nDjraq0PSnXXX2F0QgywBmnnaS4NJGrrh1sV5RhlO9LLr/aDEpMgGMdZFxnEujmG65R/lHDxsV0eXoDpUVkBsY8xnqU659+/kXljJSHxD+Db4onMp5ATwSu9APoBl4I//152C9yk8r0N6gMiMyN3IgVm/jS7J9MdmJ0iJOb8PS69MLzbGIM/WL48JE2YdZRlf5v1ZBHv6Y8oR6lhSfjCZP/sbqO8oyksuCdlYnXGP/QSb8DdVIdmrr/oUeMT110gY5nq+rBlb8kWQGjIONaXBvOn7/QxlIm4xkfL77sSp3g31l22mk708vKsr9XEAUbATttjZ9SztqdO5tS2LVLF9lk441yXXtwKcXiCFNAyO/cqZMqyn2McU796y9L10AtjyigTTVfBEFA5htNmzaxmbi+vXvLsGG/mkWMmRskDCyVHTq0M2EOCwKukJ9+/qW6VdWUY48+Ul585TU5YtoMZVyt5NffRlgnGXTO2daYDDob6gDMwMI9AfcEvg2zY9asOJ2Cd5jdYVKBfJktxsq6vjKyRYtwYalhs4oXqoVviFoo/qfC7PHHHGVKCcIUdW6hAjxKNh3ozf+9o8xyruVZvXoNU/zBCYaC+0ZxymiV/Yf/SaefUJxMz4nHAtBDZ2179VzXlL5zL7xEfv7lV9lw/fUz4taxvVrHQ+YV7NqieXObWLj1jrvl6ssvWaVcK+GvCun0QF/58ONPbRLpVrVyYUmEPrDkMiDRp15/823tp53kzNNPMSsicTBCvCqOOOwg6da1iynM9K06ap3srwIdk2hByIe2CfS1kWNHya/Dh9uA/+gTQ6wtBm60oeYb399xUywtQY4yIDzOVWXxjbfeln8fdYRenzNBlP6B4oKShyfLphsPkJNPONZoZEP1+EABf/3Nt0wIpT78MRHTu2dP+2Pwef6/L+ns876qnNYowJ+wSEXXJVOW8hgQDNbp1lXatW0rnZ99Xv76a5q1pbIYUzZ69+opkydPkfc++MieT5s+3fgNFq+DD9jP3OwQ8piUfP0tFXi33VqxwOW+hk2OdmjfzjA1104FABzpv4SkflwafNY+Uox/kvjzYp2oRTCj7OnjTsqyWEOmKoZff/OdnHDM0fLya6/LF199rZbv3awk5E3f+viTz6SrTk7st89e2k8CJijF1aw/T5w82RRAlgktW55yvW/frq2MGj1GPv3sc/Mm+O8LL5l7MBO9gccnYVoMKGJfqQz44Gq4piorXTp3traC3vr07mljMWNywDMWgCwfQub0g06dOkpjnXiBXvDYoY1pJ8Z5nvPHUjUU+3ff/1DwoDn/7DPMw8GWi2lZSZ/CPf/4znso1qFfkYaJUbx0UEZ33HYbYbKHiefu63QzxR43+NC/kD2Y/AEPAvIXcgkW1LZrtpGjjz9ZvtDJ173+tbvRfZZVT0yWDf2E+pARCghKHX/vqFcNEyPffT9UlaX5ZrWvCHw2EZAMkdrkxhsaKw9o0qixWelZnsRECG63rddYQzYZuJFgsFrIEXS0ob6D9yf8HM9MJjhZxoOr///eec/kg0GqbLdo2dzG51q1asvFl18lv/w6wmToWL7G5J2WEZzHjB2nHjQbyOGHHmTyQmmO1RlgyPg4jtdF6QY6wwtixKjR8oB665128gnW53iPwKU0+ic9h3762hv/yyg3/f7HVFmsbYRXHRNde6onFBPcKW+k1FJaK1Qp/oOhJZOuQ3tnKgsu4oR02THwGoihVauWJmPjIUHA6+rQiQcYPzVrs9Ibiji6SSZZYfvttpFqNfLriOSVasNU2yB/oGBjlGH8Y7KHCZKypLsKo2ADVjQgwG+1xWaCoozVtUmTQdbhSUNnoGFgpgTumZmNCu2PPTVE3T6elwEbrW/uKXQUlHHcLU487f9MyDtWXTWaNm1qM8Z169S1geYzHSBw9bz+mitskGPAQTndbded5XkVUr746ivBJWHa9BnGdBgQUSjCzJIVSP+hkZkN+klnxVjbcuctg22WpbiNTf78UXfyAB+EtOXLV8oG6/eXHXRwxLK2pWK20w7bWTxloePgQnn51depNeQrGzixLE2cOMlwu1VdvWDAO6s16SR1LVuhFnh4b1UI4AimXJmNR4GYqq6wKaE/HreUh0XFQ4e1mQhEWFGvvPYGc9uFOUFPBPoH/ShKD2eefrL8NW2aTb50UtcyhMm33n5Hhv3ym3k9bLvVVtoPptlAgRsW8WCJpZJJK5Z1rFD6xBLHd/gL92HgCkhSlvc++FhatWyp7tI7qmLwhbytg/wAHaB5L9A/6aP9Pbxf0iv44Ia76847yMuvvmGWnVdfe9OU4lfVwkMZqN+ff06V9fruYP2K2W/6DvVF+caSgoszwcpoex9Uk65d1lYL+HKdMZ9tk37UNcqfcNGPtkVJ61IW72s1zZr84MOP2RrN4bqk4FwV7BH8WTPKTPv/qfVk5OjRyh/3saUrzFiDD5MsYIc1Gr64tuI1TPkiz6g32F18+dVW7K233EJOPfl4HZdTgk1hdSltPlvY9zLFB/qETqL8mfTx404Txa66fKbWUHrgbuqtMWHSJLP2o/Sg1JBnPxV8++gfHjZ4cjARGr5xwL57G7+6+vqbpKXS7tn/d6q5+0J7uIKuqwLNs8+9YH0K6zhLnvjN+6s7VHR8QptyBb9Qn9LCEX7IhOXNt96pPHW6LnNqZxMj9Bn6COuHzxl0kX3u5BOOMw81hFJcslF86UuUi3zok3H8HN5PPw4B4Zi+ibHifZ0UYxLnx59+1snSU83rAeEUQ8Ob/3vbJnlQzq658lKbSCWPgAPXNdZoZdb13//8U79R+mucA958K7RF1MU01Il4eDDeMXff94CMGz9R3vvwI/MmZLKKvlEZQ3XFnMm8y66+3up4qC5xxFMzTNAgu76sBqJZOiafe9YZKVla2QDGH5Y5MpZBD/spT8EiOV1psJPKiQ10UoZ8q1dfZh5J8FsMNdBkHF9rrLIursy4kj/19HM6CfSB4EWAdxM8jfb5J0L4bpA7wjU8hy7oS7hfD775VuOfyM4hkL40+ie4oasgV0GPcXLT7DmzbU8Fvt+lS2el9+XygXp+ffn1N/bOnrvvau0Xyh7KWNwrdWOPiUy6znSV8TKVZZ+999QxPrUXS1R2jPIa+iv9l3pTZ/jT9GkzdFmJGl8Ud74/6+9ZibIC+k5wsQptF64Bh8AjwAE5nXf4dlmGPAopy6+UQd6Axh9K8G8jRuia2JtTM7o6o5oUeAdQj1OLM2tmCRA1DQkzaaczG1jT+I3wTmPT53FR30QtU3v/aw9z98RqNWrUaHNrYPC6/c57TRD84KNPZM/dd1OhpYURzfiJE4WZkzBwhRlS3kFYxK0Wt3GU7LJpbAZVFdCUMeBSv5uuH2XmkoE5BAgbYsMystP229qkBWWi7mefcaq5yTM7R/nAoiIH6hFljNSFjsgz/qJtAF3wDCVg0uQptmYD99TQYeNwi75foXDSdoUBbaAW15OOP9bW9OGqvZm6OROoczo9sFygjeLBe7jRr9mmtVr6G5kQhqK50w7b28w4a6QZfMImTfxGYWXmkmthgQkNlE8sdcvVAnfTrbfrADRdRusMOFZShLdMITXQ1zIBkwkSrCsMSMy2B6Ez07v5nhs+ObZ3wWc6EXX+RZdKxw4dZAftL7g9ExAuWEYxfuIEKye/WYs5btwE63PwDNZWE1K0VcvURPY7qKm0ZnxH+xg0lM6fAs3Zy+Xyn5RVbKEKYrQHgjbWiTCI8ayN0sf3P/xgHg6s6cXllPYYo/Vnrwv6IelZqgCOCO9sFoUF7N9HHqaeQWvYJBAnRcSFuH68+vhsXImyexY37sCn2EyK8QThBq+Siapgj1eFYJzi01eVHgKbRqFIj9W+cKMuaQID+injVydVeG7WPSfob1fppBku4OxvQBriWdP9lQplF1xyhU0SD9hoA5tYiys1PLCW0jN4UjbMW/R7aDy0cdx7pfGsIuBTGvUsLA/Goh491pVRY8ZY32rfvp3xMviFGRoGX2/rWFlvD79ooV5xWJ6xSrOnDEIlz2l/+G46Pycfjc4NbOeKgM8eEnff/4A88dQz0kQt5xsPVA8lbXsCxoPd1d2StaHQA302jIGhP9J/J02ebHsE4Naeqf/mfrgMbsJYTv1RvDfdZKA89uTT8rj+/frrcFPwKCfKYmUMtDdtc9VlF5n3FGOxjX+rtJJ1unZVo9IY5a+Nc/dgAQcs2Hjx4enSpcvaNuHCBAkT3T/+PMwsgHhfwhNoY2gAPg8NxPVb1r6uVN5z8IGsFd5JvcDesSVDWCA3Vg84eMlqD0oT9erXtTIzPuP9MVNlYmjBvDZXYbRMy8ZeTVN+/13u1P1hoBc8NEIorf5Zp04tlZtaGd+Ok5taNm+hZdSNZxXrCcrbWcZBOZEjhqmHJXvEUAfajveZdIXfQ/vcF0nu0cpRr19/Gx6r6+yx26621CBTWYK3VRKvCX0TK/eEiSnDnsmGSkMEyt28WfNEWQF5Ak9G6C6uDYPybRmuxn9KbSqxhjLtmioIF/ZHuuIEQA6Mm/cRzBC2URax8GAlYa0fTD0aeId3o4Fn83X2lbUnCOr47fMegwYuvqwxwT34FhVqEG4Q8I1xqNCHEML6QdaLorDSEQ7QzZZYb3mgrqv8RZk1G0J179bVrHj33vegutO8a0z8zrvvl290nQRETiBv3LFZBz19+owCZY+WOdv7uPpSfwZKiJxyR/Ggs63fv59crGseWKuOlS7gjCLC4Mz6GlwVWRObjm+25fqn00ECKISjRo81JoSQGnBgJh4GAnP6c+rUVXVcaa69rGN794MP1W3lTnMrQ7CFFpJw+6frWpzvgwXtnqP0wJpoZvjHjBuX8n1alWE6PUC7eG/gLsganE+/+FK6desiWDLIC8YJsycf1t3++NMwW6PI5klb6eQSwlaw+JM+uBaG8qeU4RXK4FObHDIzfvBBB9hE1yG6EQaD8UeffGoDQO47mk9oV77P5j7sLYC7OBtp4a0xa9Zs28yJXUKzpWfyhH6YCGMjkUWq/Byk/Z7ZeJ5Tfmbg99h9F12D/rVtIgU9PTVEN47S7zOrzC6rVk9NO/WvqTZgPf2f581qyKZULNVgICRNHH8KdSyPV4RmhKyTjvu3WUA2HjjA2iGF2zJp2bKFCbHr9e1rnjTTdd1jmzZrmDcNG5dgQfn5l190PfEDykN/M+GL/MKeFb179TClAtqiLyu1GE6hreHwmfpxWfDZ4rYBbRvKHPKIG3egqREjR6lL4ihzn998Ex1f1PLPMo533nvfdkIlHzazhIbZqLNd2zbqQfGnTQiC0WNPDtH+9prxKixVjZX+GAPoV3yTCQs2oUFwZGMZ4gLelI38KS/K9SwdA9gADZdSNhzFXRCr6X9ffMU2L6SvlUaoiPhE6x0wiz4rjXtwIcBHsFDD01B6gscCfIO2Yd0oG5kyPm237dbWRuwlgzL08aefmfsl4zlWpXR+Hsb3aBswiYxCjQLPROJ2W29ly9lCeXBnhbeyrwReeyyHMZ6qtAN/HW3LEL7Utbk3qfFiTVNsybOsQrTs0W+w4Sz8+JffflPPqb91GV1LNXBsZjTN5kqpycCyK1e0LP/EPfwAGsFFlnH7D50AZ3KEGV6es5TpYt3gdPyECbo3wzM2djPBAp7bbLWF8fTPtM+/8tob1r47qhfkUlVAB+u4zyaMWDfv0DEeb4ceqnQiI8XyNeU1uIbfeMsd5j0ArTBJx2R+Ol9cXTgxSdl9nXXMQ/GhR5/QJQM/yMOPP2n1ZMkS8cZrVR6GLx91+KEq9/S1yc4gP4T+UBr9k36DpTyT3ATfxgNpwEYb2rp3XKdxXwd32oxxc/TYsbZcDT7AkjaWXbFJM8tY2aMjlLswjIM2xZKAOF0HzzR0nUxlCfln4jWM2/RNxrpXX3/D1mCjS+EdETDlisKN520mWYGlKut065a5DbXdQiC/1UVrpWLBZsD+Y94SGTNTjxvRwmcKtRB45y22yYTQcJnS5n+emnlhLWIYyBvoLG1dddVeqh2ZXaHPVyV78M232cAR3iUtm33U0pmmVFArnD7DUvTCy6/Iq2+8YQIKO7PidoewzGwNa9XOOPVkm/VnHdN222xlrpvMAEKwMCSOvUBhwFr9LxWOl+msKJuM4Wb9hf6xTgnFnx2Gb1NFnZk7XEx22nE7a1xcz9mx/MzzBhmjwtqH62PJGr+auZkj6KcHOhT4Ub+8kDqqgXoxWxdmD8Gtlio1DRs0tJ0VcVUEt/PPPUut+uw6W9EGIp1gUCbOrN7td9+r7bdCevXorm7+V9oacwSOK9R1Cgz22XsPOUZn45vpJna0zznnX6Szm/Vs4DjqiEPN/Y100Eo6bnm4VrS7VP+C7lNhpW2KM0G9L2rrsgmYEXQTRw+bqCJ16YXny0PqRsYGaezMiMByiM5Q5w7cuuHPkGf/YxbomprftiqkYZGEJgOjw42RSaBooI/DJ6BL3J9Yb43VjQEEJsJEFsI+XiUM0un9nTJjHWVjMtbbvK4DDbyCZRJYY3rr4Ek/RBhIDnn4UBaUnccfecCs9/R5NqOivzA5wSCASzP8hbWL0BwTb7jk0bfz+M9rOqC8pRaDRjabj/KEkpoXn8ef2PWXXbfhPeU1MPscjgBCoaXtwyCOcM49ywJO1bVr7HT9iq4nZlfhE3UHViZJHx/yjAl8bKzEDvJYWsEaBSKVryqF+pt8adea1WumeDv8TOmzoc7gJ/Xj0uWzxW2FOP6c4sHUKYw7V183WJdDfGg7PXdde21bhsBpBfBhlqjgzo2QjKWSfgMmTZvqyRm6Hu/SK64xRRlMsCo8/uQzKugu1bGnoxx56MFWcHgha+DAcw9V2Nj0ifWVWKBYw4uizfuMI5SJ3+wS/5jue8BkGlZ1Nilsp+tqnxzytHmurKmTZdB3yULFxAcehaAIL4OWGWcD7ZcMj/B2nvwDD0BWQQlA2Fy/f3/bcbim9pMrrr5OJ09WmLJyu+6GjefcpRedb+1Gn6uvx5QivMKT4vj5Beedbe/gacOu+9SHNsVCiYUR5WxblYWCFx51bKmC7ye6jOGb775TD8IlNlFDv2a5EXsHnHfRpfq9urYMBp6P4aJwfhvqXdRrPP3A43/88ScZdPFl1lDsB4LnEXV663/v2tpr+g/WvsoZ8uSfm267Q6uYOo3huqsuN4u17fGhdEPfZi+h/zz/ginVHJsE70VR3njgRjaOPa+TbBiZeqy7jlxx2UXyyGNsXne1ybf9+/WxzSqDXBQrT3/wkX2H/R/gcYybLE1h7w742D8R+G7Hju3lnDNP09MonlLvtMuM75152slGt8g01InJdcbo2rXr2TIJJinoR/ST1DjFBnkl75/sN8N66oszyE1gxFhw7lmn6+73Q0zH4ISMenr6ESdTMFb88OPPNrnKrtzPPvdfkx/oe0+q3IPMVrdFdkdTVVO5n0k7lobE6jq6JJaNMjOVBVwYP9Jlx8Br8PRlU0gMj9ALuhZr8pGDgvEFfOE1LCvIJCsgc7HRW8Y2VGMs8iH5wJuQNTXbMg/VtPCFfoYONlQbbK0O7VKD76piYY2etUjdJp74QTo2ri0t6qkLZkKRmeOetXiZ/D4vR+7evbts1K6Jrj1MvUHFmVH7+LOvZKvNNzaCjhYNpgyICBUAhRDHOxA+gWecd4igbZuS6TMGB9zscIehIxDI0xa2a0cBYSoPYeLugXsj+Zh7hV5RopHwERB5hzUlMJ0ws8cmYQg4EBD5Up7UUUGpMyJ5ThkgUK64V+GmSodmTQu4hjLUVpdVXBwyhcLwCe9hVeC7AZfwPA4L4qJ1Dmm5ptKzAQAIpUiEjhtwjKYtD/eF4QP90Da4nNosnzIx3GpgiOxSTBV5boq4CknR9oFJwFwJYRDIhFt5wCKuDNngw8QB/Yu09ANmOhHSEbaoN7QVRw+B/hH66cMNVSiHWQZBCvx4FwENxoYbGlwHGgsBK4h+1oT68Iw+Tjr6L9YV3ICg69DXUBBoU75FmeNonBnnhQsXmNALL6Be8AgUY9qU34Si4MM7/PG90E8oF32DfLiSP94f9OmgeJI2l/9Y3VNKDP0q5JUbn48/1c2td8BmdV/j8Gnw4I1STxU4woJDD5Rph5ySy5+j5QvtCBbgRltieUXJ4zd5QxtL1D2PNoGnQjtgkc73Q74p3BcZvuBNHzaLTEI/1iiloWQ+G/LP5trwoZty67/oiENk1uGnZRy/Qn5x/DnKS8CDtfoErM4IUii6geah5wVKz1h84F30xzBuIJSALf0xTDgx6cC4yaZY0Cj9mOVBCI3Rvs5zw1THJfYYIQ/aDesN4x9xjIcI49aeWj6EHZ7BR0mfFOLohzqlh4qKj9VD6Xip0iF8iT5NnbMNheET7QfQO7/BngkQ2o42TuGZkkPoR+SJzALfwypG+zOBYv1K38nEz9NlHfKhTvSxRto381pNZSnNm+9rpvxvvBp6hZ+zrI5vUV54NDRCuYsTCsMn5BlHP9GxnHSMZywRYsRHZoSOKWMcPYZ8y/u1MHzAPcg/Juxom8Jn8U6hvcPyLdpw3ry5RitgAu3AX7hP8YB5hh/yMs+gOzxA8SBlYgb+ZfSggBXga8jTGuAh8C5OaoFPNVPeBB8rS/wLw4dyUR9keiYPmbClD4EbvXhJhGeSlnqCJ0QPvVv/WKWfkE9J+icGS7AoTG4KPBf8wZr2pH+Dv8m1Wh74AzSOXEuZ6R/hdArqEUISPrR7NroOecWVhfJk5DXIAqv4R23VrcA9eC6GsoUr5aecmWQF0mVqw5AHuFIW6A4a1p9ZhTh8aOOJk383bwb0urgQ/zQuZcwzFJJ6tarLof1ay89/zpUFOVgtYhKuekRlGtSuIfv1airtG+saAlPeMqePxkBsgEJjE2CShNApeQ4T53d4RoPQmaPPAIpn0RDio++TH8QZ4qL3vEvezISEeJ5xj3ASnkE4fC8cq8JzIyZNS2eIhvBO9Flx7mEKcXnFYUH+0TpHv5dK3zj6KDbffAnK8Y9AP9Ei0sYIHTDIEAJ26e1DWuJCyIRbiK9o14AP9SRwRaFVLm/1TqKHQOcoztA7OMF8QmDwoe9ybBYQxg2mDRrQb/L6M+/Sx8mPsgTBMLQB1/Qyx9E4AiYWDPKI9o3wLJSxsGv0W3w79GPKx4DFs/BHfSk7Cgx1imJB+vz8Jz9WBeNTmJB3eQ546FCvQD/RsqbaMdXuxKOwAUwYSBky4K+NGyvv0jEB/EKI4h6ecU1vayZFEZRDCG2R3o/D85BudV+jNBi+HeUl4BN1lwz0T1rKjvcGHlikg28pOel9ijaY8UexC3WERpncadIk1YcCzQZvHvIgbXhumCoth+ep/FPvEmc7RK/6RigXinv4XqhPSa4VFR+rs2IZxhMwLM0Q7QfkjXAd2oN7vhsN4ft4m8F7cbHU4pmFm2uq/8SP7+myDu0b/X7ed5T3qbwRDYEWUMrgfyHwPMoHw/PSvsbRTxIPSB9XSrs85SW/0H7R8gQaicrI9OuoXBuNg2YYN1kWAA1BWyg0LG0i0MaBl/C7AF9bJU+ThvfYuTz1Tun2Fb5dnAB9psbtFA8N9Ap3jfJM8gY7xptA7wFfnvNX0v7JNwqTm8CR9kL+gM9H+xh9Hp5AWQKNkydty7OiBNo9ShO8y7fidJ24siTymjT+wYRupkC5k2QF3svUhiHPgFdot/C8rK4lUrAZ12vrDPspAzrIkmWpTldYQREIeIe12ghY2YZ0QPidHuIIJ9tn5JWeNvo7eh++m82z9HInvRviSnKNK1PILy4u7llS+hBX0a6Z2iHT8yRcqHth8ZUBn/Q+llTnTDgGHIhnR/tMISgJ0fhonnHfjsaH99LTRdNE46L34d2kazSf9HRxecU9C+8lxZGmsPiQT7m6avtmKncKu7zSpqeDKhDa4kK2uGdKl/6tuG+szmdx5Ul/Fv1NvaIhWs/UfTS2IO1E8wopo3mEZ+EaTZ+eLsRFn4dn4f2SXuPyS38W/U1ZoiFattR9NLZs8eFL0e/n/3LJfqXnG/0dvY/7CvFxvDeKY/S9uOeZvhGXlrwypY9+pyzu48oT9yx8OykupKkM16T2iGKQni4pDlzS00exir7L8+hv3osq49H3/sn7aBmj5YirZzRtenz0d/Q+mme4Jz6ufxKfFBfiSZMeot9ML2d62mx+R/MI6dOfRb8Z0oRretrCnof49GuSrBDSZvpWtvEhXWlcs1OwdbZphbrUrNRZkZU6W5oe9NAHaZBnPEiPLvA70AMW8Nygm24YMemaDPsOrti4SXpIIeD4JFNClcfHTFlSzY5+SobKYx0BR8ARcAQcAUfAEXAEHAFHoGwQKFzBVm24+s/fSfNvvpG6E1qp60Pp7BZasDq67lOVg/a6cVG96gts8wOdvymYrMo+cXySm76K46MWwBXNWkrOun3w/2PqMxkuj3UEHAFHwBFwBBwBR8ARcAQcgVJHIAsFW89DvudW6f7h5+rbrd8vY7l9m1KvYuXK0PFJbs8qiY8ar0WXreZsupHMvuEu/VFWk2DJ2HusI+AIOAKOgCPgCDgCjoAjUNURKFzBBiHWx+GtjXKNMF+WYXV8oyzLX9Z5Oz7JCFdFfKgze0OwCQSbHPCXFnhucfo8ep+WrMr+jGISva+ygKRVPIpJ7n2UziL0lfZq5f0ZqT89DlwIufjYL/8nHRPHpyBNRDGJ3hdMWTWfRDGJ3ldNNArWOopJ9L5gyqr5JIpJ9L5qolGw1lFMovcFU1bNJ1FMwj3XwkJ2CjYZqQCf07WzzD78GD2ETV8rZRdUjiTJURfx4SPH6IHpXc1FPN8a7cJqUsnjHZ/kBq6S+Fi/XCZNn3xYag0bb5sGclTRyhqqaKf3T027VI/hYgMIjuNCJy/tPpzcQuU81vFJbqAYfOpEdornODc7Jis5l0oVWzdSf3Y/pV95/8rQxDH04/wngpXjEwEj5tbxiQEl8sjxiYARc+v4xIASeeT4RMCIuY3Bh6NGCwvZKdircplRraZ8VFO3ea+u572mC/CFfSmbeN0/bem6jWWqnk/mIQYBxycGlMijKobPSu301astk621X66pc2Cz9Lz1T7/4JrF/spHgV98OjYDmt1EEHJ8oGgXvo/j00TMge69KMkHvh33+dcEXKvGTfPWfNEWGab+K4lOJq17sqjk+ydA5Po5PMgLJsU4/jk8yAsmxTj/Z41NNT8Lq0LZtruda3JvZK9jqIt66ZQvZe6ftdIln9q/FfTTpGeegUnAP8Qg4PvG4hKdVDp8Ves7p60P0AMDReq5kK9lrj10S+2eVwycQRpZXxycZqCg+tab8KPKp7s2hoUf3btJ1z12TX65ksXH1j+JTyapbKtVxfJJhdHwcn2QEkmOdfhyfZASSY51+ssdnWc5y+W3ESD1iVP1B1bgXF4qkKXNgeF09XF2qZcgt7gtFeIZ73SS1BHTs2F43QvaNmtKhc3zSEcn/u0ris1K78Kq+Ulj/rJL45CeRxF+OTyI85v6cjz9Hjmysofc16tRJzqCyxabVv1qtWj5+JbSx968EcDTK8XF8khFIjnX6cXySEUiOdfopGj7LaqiLeCG24KJrsWXhGr6qXrgnsJaNq4eCCDg+BTGJPqmS+KT3lfTfEYCqJD6R+hd26/gkI+T4OD7JCCTHOv04PskIJMc6/Tg+yQgkxzr9OD7JCCTHptMPvwsLRbJgZ8pshX4oZ7luSZbFB9l5rbaepa0XD46AI+AIOAKOgCPgCDgCjoAj4Ag4Ao5ApUGgxAo2ivXrw/+Q8TMXqJLNWV6ZA/p+HVWu+7RtKpt2aiH1a5WNq3nmEnhMVUWAuZ/FSp+Ll620E+eywQH3jro1q0m9mkV39Mgm//KUhr65THdFzsnRA7ULn5hLFV1nyWrVrCG11DXWgyPgCDgCjoAj4Ag4Ao6AI+AIiJRYwV6Ys0ye/H6SrN+uqTSvV0uPCsoMK3uXTV+wVB77dqJ0adFQOjevnzmxxzgCpYjAYp0I+n7aYvlt5hJZoveFOVBAxnVqVJNuTWvLlu0biN5W6oBy/eefU2XevPlF0K+rSf16dWWtjh18z4RKTR1eOUfAEXAEHAFHwBFwBByBbBEosYK9VK2CU+culh22aS3dWzWys3gzfby6WryGT5sn304eoZbEws8Qy5RPZXiOO302B5VXhrqWhzpgvf5Vles/5i/LSrmmfaDXhWrx3rRtfalRyTXsZWq5njd/gbRp01rqqdJcqJatEw6LFi+RyZOnyHLdN8E3JSwPVO5lcAQcAUfAEXAEHAFHwBH4pxEosYJNBVAUm9WrLU3Vgl1YaF6/ttQsxWO4UIQWLlwo9evXt3I8/vjj5uZ67LHHFlaUUolfqTufL1y0SBo0aJAvv2effdbKtOeee+Z7zo/nn39elZh6svvuu1vc8OHD5fXXX5dTTz3Vnhd4oZAHS5Yskfvvv1923HFHWXfddXNTo/g8+uij0qt3b/n8s8+kV69esssueoxTWli8eLEpSLVr106LKfznPffcIy1btpQDDjjAElOWe++7T7bfbjvprd8lkP+jjz0m/1Is2uq5cYRp06bJM888IzvttJM8/sQT8u+jj5Zu3bpZXFn8g2fF0lWW68LID126rro+L8xZodbuFbq3QFmUqHzlSR3pS/WVLk3BzqJ49Hv2X6gqAT5TR3fKZsdsD/kR+Orrr+XF8883fGrVrCmLlCcuV9647z77yMCBA/MnjvmVzsdjklSKR5OnTDG+d7Tyu1bKNz3kIfDHH3/IYzp+z5wxQxg3t9pqq7xIvxPHJ5kIHB/HJxmB5FinH8cnGYGix5ba4tJsBe1s02VbldmzZ8vR//63oNgRfvjhB/l+6NBsXy9xutFjxsiZZ52Vmw/luOaaa+Swww+Xt956K/d5uFmwYIE88OCD0r5DB1NoPvr4Y9lrr73kmmuvNUU0pCvKtaYKtB988IHcdPPN+V778ccf5eJLLjFL7MhRo+Svv/7KFx9+XHfddfL++++Hn0W6fq2C9S+//JL7DsrHSy+/bEp2ePjNN9/IySedJM//97/hkbz66qvy4EMP2bpfJhjmzp2bG1dWN9l4ebPcumPjWtKvVV3dI0B/VB390WBH0ck2FCVttnmW53TnDxokv/76a3ku4j9XNqUbvBjgv0yw2Vp+LU22ng2Bjy9excf/uYqU3Zd//vln2UcnHC6//HKZNXNm2X2oAuY8a9YsOfjgg4WxoGHDhnLCCSfYGFEBq1ImRXZ8kmF1fByfZASSY51+HJ9kBIoXWyoW7OJ9uuhvobyirC1dulQ22XRTqadncqNEjho5UoYNGybrrLOOWVA46ouB+nedEd9wgw2kadOm9rF58+bZ+1hqN9lkE0ExnTBhgjRu3FjGqKLMwN6oUSOzIo8ZO1YWqcVq4403zrUqz1Sh6LvvvpNmzZrJgAEDTIj89ttv7d2f9ftrd+4sTz31lHzy6adywP77Y9ovUMkPP/xQ3XDbyHr9+slY/caFF15oCvarr72W1S7sBTLUByi1J554opx22mm6jvZPWXPNNS3ZkKeflk21npSVOrZo0cIsS6TB4o5ijNV4qE5INNc4LM6ccw6zAUsslAEXyjxD6z/0++8NJ3BBeGaDK3AMgft9dMIAizWWa/JjooEJhY8++khOPeUUK+97770n2227rX3z4osukj59+sjUqVPtLND58+fL9OnTZbPNNrP6ILS3a9dO+ilmZRVQK7Fcd2hUS3q3qCtTFy6XHDV7F2zBsiqB51teEWAiYeLEifK90v7mSpPNmzeXWX//LS21zwSPDGh0rbXWsrhQDzxIRo8ebf0RPgV/gfdA64RJkyZZf+zevXt4pcJe4Qcbn36pvPDCC0L/vemmm3LrgnV7jk6EwofgnQR43/ARI6Rr167GN3/86Sfj478oH+2sfBSvmMoUZqhV9lTlz3j2MA55yI8AY1UNHTse13GDcYUx+/Y77jCPK99EUcTxyU8v6b8cn3RE8v92fPLjkf7L8UlHJP9vxyc/Htn+KjULdrYfLG46lL7DDjtMHlTr79M6GB9zzDG6/nOy3Keu0VPVMnvjjTfKl19+aUIsCt21apW98oor5CCdFUfRm6Kuefur0vuMum7fpxaW0884wxTkW2+9Vfb817/k7HPOkS/0/dtuu01232MPufvuu+Xcc8+Vk1UhJAxTZfSAAw+U11QRxuJ75ZVXmvKHe/M4FRYHDx4sQ1XI3m+//eRFFTK7q6s2G0dFA4L6Sy+9ZK7SPEc4f+6556wuCOMlCbjTNVXh9YUXX7RswAscjjjySFOUr1ar+jvvvmuKAvUAy7u0jk88+aSV+5VXXrH71994Qy659NJcZf+qq6+WFzVPlPIjjzjC0px08sly/fXX23fi1pHjqo6CzCQHkyKf6oTDDZoeoRqFfY5aq1FIwBmLPh4If2j+lJe2wL0fl/l33nnH2o/reeedZ21SEowKe7d53RrSo3kdmbVkuYyctWozNNewC4Ot0sevUFdnJs6g5ye0v9NX3tcJokO1D0HfL6vHxhnKT9L7MG7SJ+jE17777mv8iImsI7U/fvLJJzJnzhw55JBD5DfNszIF8ACvJToJyj2WSHjzy4oZXj0sDWGiDb70nvKjq5SPMvnwwAMP5PJx+EVlC02aNJEnlXbOVzd6QlXz/iisPRkPwqQtaRlDGN/xbPCQ8sxzfDJTgtNPZmyIcXwcn2QEkmOdfpLxyRSbZ3rMlKKcPEepxqr8groZ11Er0JG6hu2rr76Ss88+W8aPH28CGkIMFmIsnQ+pIo4wt41aSUeqhfu/qvQi+CHQYUFA2MMavkCt1MyWD1EBGgvTUZpv//795U6dPf9JrSr7qsLM2oxbbrlF2qpl+FJVPrE8Harvs47uWFX0Ebr5Htap4BIZXCSj8KFcsgYP4YHAOuz2apktDbdT8jpQFWcUdqzEKKhYj3fYYQf7FsJuUPgRXK6+6irZdpttBGv/xyrwnqQu3LiqPzVkSK67PS9SD4RlrHa4fnZUSzQK93WqMJ+jkxJxCjZWcSxTH2q+89SahYV97733Ntfx/739tlnwsEpsrGszyR9FBIGTsqB4PK91YPJhN12jPmCjjUy5RgjHAoRSEqxgVrFi/qOfUw8D+9+8wJvWqS7rqnK9SDc1Y6fxOUuXa5mKmbm/VqkQgH5P1kml53TvhMvVvXcD9Yph0g5ec5byH/gEfKGu9kFmeulrXbp0Me8ZLJf0y/N0so7+SB+8VPPA22X99dfPnWyrVIBpZWpr/37zzTdt6QlWbbxqTlQM4S9hz4wrdAIUngsPOUknIpiAYy8J+HhlC/A7PBz+Vs8HV64Lti5eD81WeZoRiycZ+5swVrdq1argC1XsieOT3OCOj+OTjEByrNOP45OMQPFiK4yCPXbcOBNM7rjzThNS27dvb26ENdSdLLgqI6ihRHfs2NFcxRmYEeyw5k5RpRJl+ga1NKPU9e3b1zYhQ9jZasstc4U68uiy9trm9oyrIkIxQvKfqmTjwsZaaYRk3kHw5i98PyjXmZoCQXMzdW3HXbssAm7pCKgfq4UMSzYbDDXQzd+oI/UK+IDJFltsIbV1wyb1t7fy49odys+VtAS71yubOzGLde+998p4bQsUDLPYrUpniVf9Q17bqSsk67pH6drvzTff3CYTmFjA+oclcKC6lCJE0Tbhu+CKQg3uMLzff//d2hgrOt/aeuuto58p9j27g9etVc2O61qmbuCNa1c3t/BGev1Bj/L6e/FydG8PjkAuAqF/hCubKp6n1sgtlLbxjNlRJ7L+0gk9+gi0C42trxN10Dhx8BHC8ccfL4/oxoNsgjj8t99yaT/3Q5XkBv7BxGZNVSwfeeQR48uNVJnuoHybCYovv/hCttL+vLdO6uGdEiYnUUQDP6gkUOSrhivX+eDI/dFQlyz9HbFWo1hX03GI/uNBxPFJpgLHx/FJRiA51unH8UlGoHixFUbBZk1eV7UK3aYu3YSgNH6mu2OjfAUBlrjgqomyTUB4w+q53nrr5b5PHIIcynZIZ4n1n/T3US5Zo8y6aYRBQnif9eCUBUU7GhDEo89whf5ILbo3p21ExjuUHYEUK3RJAhMLKKG4IeJad3NkHWR6vsGaTdmpC+UlIODyblCwscZRPlxkUQywfLMh2YW6bjpJWNxVdyu/6667TIlgt3DCLjvvbO71uMreoR4CcSHkSTmYIPmXuowffNBBljRgHvdets/Iv67uZIYr+Gx1BZ+5aLlarmsL7uHDZi6WaQuXmUXbFexsEa0a6UI/gS4J/ObEAk4CYKNDvGFYY3yTukOHgJJAusBPeP6GLsGAL7Cz9sOqeLKMpbIGJvLYuwGeF/gLeMBbwMFc5o86SnrrmvROat1N5+OVERd4PPWPjleVsZ5FrVN/9eZ4UZdPBR7/tno6MZ6F/VOKml9lS+/4JLeo4+P4JCOQHOv04/gkI1C82FJTsLHYZBOyTZeeF0oWrsmslca9EksR7uEMwqz3HaQ7/OKGzACNUhgC7ogok6x9PELXELO+GGWdDb4QbolDSQ4By2z4jTCIYoxweIS6hJ+jbp5BQByvm6MhOK6t1u5RupHRxRdfbDvEdurUyQSFzz//3NydH3r4Ydlf3czZLbylKow9evQIn7Kyvqau3OzEjTs7m7pso27bA1VQL26gjluqdfpwLS9u2iFQL+oKPmBCPQgoDAjBuH9jMUZJwOWe9ef11ErHpMD2229vGPMu5WSdNko2giJYB7zCt7iyYVrr1q1NmWBig8BGZdzjWksZCZSD8pA3kx2Uk8CkxuG6xpX1m9N0jf1sdR0nHS7+TJgUN1iZl6805bpb09rSqZFasNU9/KcZi2XyPJ1sUViyo+TilsDfq4gIoBC1XmMN23uAI4TY5GyY7gqNIsBu+KzBZlkGGwlGgx1XpROABFygL1I+wX4EbCK4o044baKeHHFH50XzqEj38BjqDE/YWet3v66tPlGXn2DNZ4+Ko1Sh/ks3MxyhG5zhRo+LOEtv4BXw8QsuuEB21sk5NkCsbAGPnu90ozxOc+AkCTwbmBD1IHKoLv3Bw4ulW9AFy4Tg/WFCq6pj5PgkU4Dj4/gkI5Ac6/Tj+CQjULzYGpdrSHx1pVqBX39JpcPJIl07iOy+j2og1XNfWZizXIYMnSxbd2klDevU1LODl8uiDH9Llq2QKbMXySfjZsiO67SWlg3URTkSULZmz56ja7GaFHATxAK9rQpdbCg2TQWxrXVTLzb9YG0wa9vYxAzXQ3ar7qaKZThTmXWRrMnmfGjSj1C3Rdb57rbbbqYEMoCjDKKoE3BpDL9RxnAF3UjdlnEpx9LCeumlqgjuo8o8rsysFcblGzdy8kcZx6pOfuwOvFiFTd7l7GssuNFzqlEqv9FdyOepsorCiQKJEkq+cSEJn5AeYXUNFVZZ94niTKAenE3L7sVYlbAKUCfKSlyPnj1lqm4yhpCLG3cfxYPdj3vrudkH6vnWYMlabnBjN2WsdhttuKHlh5t5T5006KQTC9FA3u0UG3bN7an5E/gWeOEezu7m/OYPIZtJBXY2B7eQnvbsoO3JZAhKNS7v4MM7cSEJH9ZW/zJjiSzUK2GBnnG9UrNZs0FNGTM7R8bPzRElzwKhlm4tPrBN/VI9u73AR0ryoJD+Gc06CZ+cnGXqoknfa5q1UJujytSMmbOkdauW+bw1ot+sSPdJ+EDP9BOWmkCT9F2URSbYmDRCoYQ2owo2dIpivqH2FdYV4zINT8Cl3PiW0jrvBXov71gVwOfrj0W+/yFV7A3XFxm4lfHtduoGjrcP/Zlz7v/QiTtOdGD5B0tHcPtlmQh7WRylE58omfDQXD6u1kz4RLkPafVfOWDLjOMXdWGt/iSlH5YXcVwlNBAdD8p9fUtYwAL0E8kPyz60wkkSC3SJBft7hP1DIskq9a3jk9y8jo/jk4xAcqzTj+OTjEBybDr9IANO/WuarKl6U40aeTpxNJdq+lLyVk4rdCfsEw8XefsLkZ02FbnvSV2Ym2f4nr04Rw4d8o0M7NhMWtavbRbA6Aei99VVoZm5cKmM/3uhXLZDT1mrWf1otLkIjp8wSTp36lgpBPZo5ViXiSJZkoALZWXFpyS4hHeT8Jmp66qfHjHHXMKhQ4i+lt7U17XYKN85atVOD/QM1mqfsV4LdSvXl8pjKKR/RouchM/ChYtk3ISJ0qVzJ12qkFovHH037n6RehsMHzla+vRcN2ulPC6f8vIsCZ/yUsZ/shwF8LnjSpH7H04V6YRjRPSYrioV0uq//JSLnD8nEEAB+klIWxWjHJ/kVnd8HJ9kBJJjnX4cn2QEkmPT6Qej1A8/D5P+ffuo/JunE0dziX8aTVHIfcPaNeXUzbrIiGlzZe6SZYW619bX9Pv2bafW6+K7+RZSpHIZXVLlulxWqgIVCqW6Dgddawhu4EtVqV6yfIXSbOp5VIVG3eZ3XZ2ZymAwJ6tKE6gjFtdFi3VHd6tVwQmH/JWtZu78xV3ykT8v/1XhEfj2MxEUzqoUqLMHR8ARcAQcAUfAEXAE0hAosYJdUzWXnbu3kW27rpG7rjftG/l+IsTjduuCeT5Y/EcZI1BXaY4114vUD3xJPmt1VK3OX4g6qlxzdBc0XtkDLtD11XI9afLv1o8LV69TCnnDhg0qnbdJZW/rMqnf0JEi/HlwBBwBR8ARcAQcAUegiiNQYgUb/LB+1dGdmT04AuUVgXpKn1u2qy+btNVlCYVpj6ESStd4hq8yfIenlfLKXgRrdeygyzRYiJ49QKw9qczHKlXKxvZKOQKOgCPgCDgCjoAj4AiUGQKlomCXWek8Y0egFBGooZboGqWYX2XLCkXZleXK1qplWJ+BW5Zh5hUsa8eigjWYF9cRcAQcAUfAESg7BIqsYLNzmlRTC1che6MVp8jst4YLOVf7TnEyqcTvOD7JjVvl8MF1RPtj1HckqX9WOXySyaVArONTAJJ8Dwrgs5Eq2Px5MARWal/08SszMRSgn8xJq2SM45Pc7I6P45OMQHKs04/jk4xAcmygn+RU+WOLpGAv0+Op5upRTVKjVpko2CjtjRs3tDOWze88f1n9l+OTTANVDR8U7OU50lj7Ja7shfbPqoZPMrUUjHV8CmISfeL4RNEoeO/4FMQk+sTxiaJR8N7xKYhJ9InjE0Wj4L3jUxCT6BPHJ4pGwXvHpyAm0SeKT5MmjYrk5VkkBZszopvqea5lpmBrZYIFIFovv89DwPHJwyLurkrhs0rBrq79kmXT2fTPKoVPHIEU8szxSQbI8XF8khFIjnX6cXySEUiOdfpxfJIRSI51+nF8khFIjoV++Ms2FEnBJtPqutuwqsGpnc2y/UoR0xWlAkXMulIkd3ySm7FK4WP9MQ8PW0MNA0hgAlUKnzxosr5zfJKhcnwcn2QEkmOdfhyfZASSY51+HJ9kBJJjnX4cn2QESi+2aAq2mshl2VK07NIrgefkCDgCxUdgxbKyWa5R/BL5m46AI+AIOAKOgCPgCDgCjkCVRSB7TZmUv/0qctJRidaxKoukV9wR+CcQYNKLfpl9T/4nSunfdAQcAUfAEXAEHAFHwBFwBKoEAtmJ5ctydDMlxWPqXJEpX1YJYLySjkCFQYBerIZs3eWswhTZC+oIOAKOgCPgCDgCjoAj4AhURgQKV7CrVZeVfdfT3cPnSePmzYq0wLsyAuZ1cgTKJQIo1/36q3dJ9NCucllSL5Qj4Ag4Ao6AI+AIOAKOgCNQaRHISsFedtJ5MmqznWW9+l3kqgAAAQVJREFUvr2lVq3CX6m0aHnFHIHyioB6ipty7Qp2eW0hL5cj4Ag4Ao6AI+AIOAKOQBVAIDttuUYNWVlDk3L+dfUaVQAWr6Ij4Ag4Ao6AI+AIOAKOgCPgCDgCjoAjUDQEsvMnZSOl8Fe0/D21I+AIOAKOgCPgCDgCjoAj4Ag4Ao6AI1AlEMhOwa4SUHglHQFHwBFwBBwBR8ARcAQcAUfAEXAEHIHiI+AKdvGx8zcdAUfAEXAEHAFHwBFwBBwBR8ARcAQcgVwEXMHOhcJvHAFHwBFwBBwBR8ARcAQcAUfAEXAEHIHiI+AKdvGx8zcdAUfAEXAEHAFHwBFwBBwBR8ARcAQcgVwE/h/3up1KEpvz2AAAAABJRU5ErkJggg==\"><br><br><img alt=\"\" src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZEAAAEoCAYAAACZ5MzqAAAKs2lDQ1BJQ0MgUHJvZmlsZQAAeJyVlwdQU+kWx797bzoJBBKQTugd6QSQEnoAAelgIyQBQgkhEBRERWVxBdeCiggogq4KKLgWQNaKBduiYMG+IIuAsi4WREXlXWAI7r557807mS/nNyfnnu98Z+438w8AFAZHJEqFqQCkCbPEob4ejOiYWAZ+CCAAD4hADZhxuJkiVkhIIEBtxv/dPtwH0KS/Yz5Z699//68mz+NncgGAQlCO52Vy01A+ga7PXJE4CwDkKBrXXZYlmuS7KNPFaIMoD05y4jR/meT4KcZQp3LCQz1R1gOAQOZwxIkAkC3ROCObm4jWIU/uZSnkCYQo56PsmpaWzkP5PMpGaI4I5cn6zPjv6iT+rWa8tCaHkyjl6bNMGcFLkClK5eT8n+P435aWKpnZwxBd5CSxXyjqldCZ/ZGSHiBlYXxQ8AwLeFP5U5wk8YuYYW6mZ+wMZ6aGsWeYx/EKkNZJDQqc4QSBjzRHkMUOn2F+pnfYDIvTQ6X7Jog9WTPMEc/2IEmJkMaT+Gxp/dyk8KgZzhZEBkl7SwkLmM3xlMbFklDpWfhCX4/ZfX2kc0jL/O7sArb02aykcD/pHDiz/fOFrNmamdHS3nh8L+/ZnAhpvijLQ7qXKDVEms9P9ZXGM7PDpM9moS/n7LMh0hkmc/xDZhh4AW8QiH4YIALYAFtgBRwAOpks/vKsycN4potyxILEpCwGC71xfAZbyLUwY1hbWtsBMHl/p1+Pd7em7iWkHD8bS4sBwH41CmdnY1wBAC2m6LXZPRszoKNXMxKAM11ciTh7OoaZ/MICEpADdKACNIEuMALmwBrYA2fgjnbsD4JBOIgBSwAXJIE0IAbLQB5YAwpBMdgCdoByUAX2gUPgCDgGmsFpcAFcATfAbXAPPAY9oB+8AiPgAxiHIAgPUSAapAJpQfqQKWQNMSFXyBsKhEKhGCgOSoSEkATKg9ZBxVAJVA5VQ7XQL9Ap6AJ0DeqEHkK90BD0FvoMIzAZpsMasAE8F2bCLDgADocXw4lwBpwLF8Cb4DK4Bj4MN8EX4BvwPbgHfgWPIgCRQZQQbcQcYSKeSDASiyQgYmQVUoSUIjVIA9KKtCN3kB5kGPmEwWFoGAbGHOOM8cNEYLiYDMwqzEZMOeYQpglzCXMH04sZwXzDUrDqWFOsE5aNjcYmYpdhC7Gl2APYk9jL2HvYfuwHHA6nhDPEOeD8cDG4ZNwK3Ebcblwj7jyuE9eHG8Xj8Sp4U7wLPhjPwWfhC/G78Ifx5/Bd+H78R4IMQYtgTfAhxBKEhLWEUkId4SyhizBAGCdSifpEJ2IwkUfMIW4m7ie2Em8R+4njJHmSIcmFFE5KJq0hlZEaSJdJT0jvZGRkdGQcZRbICGTyZcpkjspclemV+URWIJuQPcmLyBLyJvJB8nnyQ/I7CoViQHGnxFKyKJsotZSLlGeUj7I0WQtZtixPdrVshWyTbJfsazminL4cS26JXK5cqdxxuVtyw1Qi1YDqSeVQV1ErqKeo3dRReZq8lXywfJr8Rvk6+Wvygwp4BQMFbwWeQoHCPoWLCn00hKZL86Rxaeto+2mXaf10HN2QzqYn04vpR+gd9BFFBUVbxUjF5YoVimcUe5QQJQMltlKq0malY0r3lT7P0ZjDmsOfs2FOw5yuOWPKasruynzlIuVG5XvKn1UYKt4qKSpbVZpVnqpiVE1UF6guU92jell1WI2u5qzGVStSO6b2SB1WN1EPVV+hvk/9pvqohqaGr4ZIY5fGRY1hTSVNd81kze2aZzWHtGharloCre1a57ReMhQZLEYqo4xxiTGira7tpy3Rrtbu0B7XMdSJ0Fmr06jzVJeky9RN0N2u26Y7oqelN18vT69e75E+UZ+pn6S/U79df8zA0CDKYL1Bs8GgobIh2zDXsN7wiRHFyM0ow6jG6K4xzphpnGK82/i2CWxiZ5JkUmFyyxQ2tTcVmO427TTDmjmaCc1qzLrNyeYs82zzevNeCyWLQIu1Fs0Wr+fqzY2du3Vu+9xvlnaWqZb7LR9bKVj5W621arV6a21izbWusL5rQ7HxsVlt02LzxtbUlm+7x/aBHc1uvt16uza7r/YO9mL7BvshBz2HOIdKh24mnRnC3Mi86oh19HBc7Xja8ZOTvVOW0zGnv5zNnVOc65wH5xnO48/bP6/PRceF41Lt0uPKcI1z3eva46btxnGrcXvuruvOcz/gPsAyZiWzDrNee1h6iD1Oeox5Onmu9DzvhXj5ehV5dXgreEd4l3s/89HxSfSp9xnxtfNd4XveD+sX4LfVr5utweaya9kj/g7+K/0vBZADwgLKA54HmgSKA1vnw/P952+b/yRIP0gY1BwMgtnB24KfhhiGZIT8ugC3IGRBxYIXoVaheaHtYbSwpWF1YR/CPcI3hz+OMIqQRLRFykUuiqyNHIvyiiqJ6omeG70y+kaMaowgpiUWHxsZeyB2dKH3wh0L+xfZLSpcdH+x4eLli68tUV2SuuTMUrmlnKXH47BxUXF1cV84wZwazmg8O74yfoTryd3JfcVz523nDfFd+CX8gQSXhJKEwUSXxG2JQ0luSaVJwwJPQbngTbJfclXyWEpwysGUidSo1MY0Qlpc2imhgjBFeCldM315eqfIVFQo6slwytiRMSIOEB/IhDIXZ7Zk0VGhdFNiJPlB0pvtml2R/XFZ5LLjy+WXC5ffzDHJ2ZAzkOuT+/MKzAruirY87bw1eb0rWSurV0Gr4le1rdZdXbC6P983/9Aa0pqUNb+ttVxbsvb9uqh1rQUaBfkFfT/4/lBfKFsoLuxe77y+6kfMj4IfOzbYbNi14VsRr+h6sWVxafGXjdyN13+y+qnsp4lNCZs6Nttv3rMFt0W45f5Wt62HSuRLckv6ts3f1rSdsb1o+/sdS3dcK7UtrdpJ2inZ2VMWWNayS2/Xll1fypPK71V4VDRWqlduqBzbzdvdtcd9T0OVRlVx1ee9gr0Pqn2rm2oMakr34fZl73uxP3J/+8/Mn2sPqB4oPvD1oPBgz6HQQ5dqHWpr69TrNtfD9ZL6ocOLDt8+4nWkpcG8obpRqbH4KDgqOfryl7hf7h8LONZ2nHm84YT+icqTtJNFTVBTTtNIc1JzT0tMS+cp/1Ntrc6tJ3+1+PXgae3TFWcUz2w+SzpbcHbiXO650fOi88MXEi/0tS1te3wx+uLdSwsudVwOuHz1is+Vi+2s9nNXXa6evuZ07dR15vXmG/Y3mm7a3Tz5m91vJzvsO5puOdxque14u7VzXufZLreuC3e87ly5y757417Qvc77EfcfdC/q7nnAezD4MPXhm0fZj8Yf5z/BPil6Sn1a+kz9Wc3vxr839tj3nOn16r35POz54z5u36s/Mv/40l/wgvKidEBroHbQevD0kM/Q7ZcLX/a/Er0aHy78U/7PytdGr0/85f7XzZHokf434jcTbze+U3l38L3t+7bRkNFnH9I+jI8VfVT5eOgT81P756jPA+PLvuC/lH01/tr6LeDbk4m0iQkRR8yZkgIIuuCEBADeHgSAgmoK2m0ASAun9fWUQdP/CaYI/Cee1uBTZg9ALeompVdQPgCV7qgGQRcVXZOyCJVJsI2NdM1o4SndPmnUwwDs/d0yMDzwLisf/NOmNf13ff/TA2nVv/l/ARw8CK238QffAACPhElEQVR42uydd3wVxfqHn909/Zz03kgjtNB7r9LEjr33ir1df3bv9Xq9eu29NxQLiBVQEUWq9BYIAQKkJ6Qnp275/ZFwTCBIQFSUeT4fFM7Z3TO7MzvfmfedeV/phhtvNGJiYjnxpJNxOl0Yho5AIBAIBAdClmXqamt5/Y03kGVJol+/foSGhgoBEQgEAsFB0XWdsPBwJkyYgGyxWklISkTXhYAIBAKBoP1C0ikrCxnDQJEVDMMQT0UgEAgE7cIwDExmM7KuGyD0QyAQCASHISSyYehCQwQCgUBwWMjCjCUQCASCwxYRXYiIQCAQCA4Tk5iJCAQCwd8TSZKQJIm2fBlHqu//TSIiSdKvFqQ937d1c+09vr1lb3ne7yWaLStr3wqSZfmIVppAIBC0pz/y+/14vV5UVUXXdWRZwmQyY7PZsFgsR6RfMh3u/hBFUQAJXVPbdMzLsowsy2ia1mYh937f1OuCgYEsyyiKgqbpqGpgv/MURfllJZkEJpMJwzAIBAIH3OeiKEpT5978GyaTCVmW8fv9aJp2RCrMbDajaRputxtVVbHb7c3Pp0lQamtrsVgsWK1W0boFAsHvLiCBQICiokKWL1/Ohg3rKS4uxuf1YbfbSUhIoGevXvTv35/k5BTMZvNvEpLmmYhxSAWUZZnZn37KypUruPHGm4iOiWnViZvNZlas+JlPPv6YM848k379BqCqgVYd+7Zt23jn7bdadeZms5nYuDiGDx9O/wEDwTDQNA1ZlnE3NvLUU09SX1+PpmlIkkRERAQ9evZk7NhxOByOVqKwdxb07jtvs3HjxmD5XCEhZGZmMn78BOLj41FV9bepsMnEunXrePON19m8OYdAIMC9997P2OOOQ1NVKioqOOP00zht6lRuueU2fD6faOUCgeB3w+fzsX79er777htkWWH0qDEkJSVhtVkxDCgsLGD9+vW8+847TJo4iV59+mCxWA6/D+QwZiKSLLFs2VI++eQjLr30MmLj4lqJiKIo5OXl8dGHMxgwcCADBw7eT0SKi4uY/t67JCQlkZaWhq5pVFVVUbC7gJdfepHzzjufadOuJzwiIvhgPvzoQ8wmE9179EBTVZYuXcJrr7/KiOEj+d//niAqOrqVkBiGwYIFC/jxhwUMHjoURVFYv34d7737Du+8/TaPPf44ffr0JRAIHLaA5OVt5Zqrr8RsNnPOOeeSnJJCp86dUQMBJElC0zTKy8upq6sXrVsgEPzuM5C1a9bww48/0K1bNn369MXpdFJdVUVDfT12h4PsbtlkZGSwdMkSfvjxByRFoXfv3oc9IzEZcFibDc3mJrtaW36NvUIhK0rQrNOWOQtJ4vTTz+C2227H7XajqSrlFRW89NILvPnG69TV1/Hoo48hyzKSJKHIMoMGDebpZ55FkiQ8Hg8vvfQiL73wPO+99y633Hobuq63ehAmk0JUdAzPPvs8YWFhBAIB5s2dy5133s6TTz7Bq6++HjQzqZqGxWxGkiR8Ph+GYaA034Msy+i6HrQtAtjtdr766ivKy8uZNWs2Q4cNw+/3EwioaJra+lnsNd21EKC9pjZVVX/zjEggEAgRKSwsZN68uXTu0oVRo0YTEhLCzz8v552336asvAyL2cIJU6ZwymlTmTBxEj8s+J7vvvuW6OhoMjIyDlNE/uTNhoqiYDKZMJlMmM1m0tPT+fe/H6G+rp7PZs9mwoSJHH/8lFYPam/nGxYWxuWXX8GHMz5g7dq1eL3eA4rWXjFQFIWTTzmFL7/6gpUrVlBbW0tVZSVut5tOnTszd87X1NfXM2nSJKKioiktLWXD+nWUV1SQnJxMz569CAsLw+fzsXHjBjbn5BAZFYWm66xcsQLd0AEJp9NBcnLKfiK7t/w7tm9nw8b1+P0BevToSefOnfcTQIFAIGivgPj9flauXElkVCTDhg0nIiICv9+PLMmkdOhAVqdOLF60iG++/YbRY8eRnp5Ov379yc3N5eefl5OcnHxYsxHTL8dL/BnxT/auDtj7R9d1LBYLF118Md98M4958+YyYcJEJFk64PlNJjb50H5Xb3Lkm81mPvr4IxYvXkSP7t2ZPXs2ISEhDBk8hNzcrdxz911UVFTgdDqpq6ujS5euPPKfR0lOTubee+5h3bp1gMF1114dFIy6ujoGDR7Miy++3EpE9vqT3njjdV54/jlCQkORgNraWq6bdj2XXHLpEXP2CwSCY0tEvF4v69etZey444iJiQkOnnv07EnHrCzKSkvZtWsnFeXlaJqKYRjExMbSt28/fvzxB6ZMmRJcscUhbTbUj76Rr6ZppKWl4XK5KCwobHZG77O8F6irq+XVV16muqqKvn37YrPZDnptv9/Pp5/OYtFPP9G3Xz8iIiKQJImtW7awbds2XnnlNd56+10Uk4m77roTWZZ5973pzPvmO5597nny83fw0IP3A/D8Cy8yYsQIQkJCePmVV5n+/ge88cZbdOjQgYaGhjZNgIsW/cSj/3mEU0+bypdffs3Xc+ZxwYUX8dRTT7B+/TrMZrN4IwQCwSGjBgKUlBSTkpKM3W5H13UkScLpdCLLMgt/WkhZaRkDBw0mLCwMTdOw2WwkJiVSXFx8+L5h/tyJyK84rc0oioKqqkFlNJvNrFmzhmnXXYuqBti6dSsFu3czaswYzjvv/DaXE8uyTF1dLbffdiuKSaGosJCcnBw6duzIzTffisViQdd1TCYT/7jrbkaNGoUkSXzwwfvszM/nySefYsCAgXg8HiZOnMTKFSt45ZWXycvbSr9+/XG5XJhMJtLSMggPD8Pj8eBwONo0YxmGwby5c5FlmbFjx1JSUgKGwZDBQ3j5pRdZvnw5/fsPOOzKFAgEHNPBED0eD7KsBPufvT7Xrbm5/LBgAd17dGfq1KmEhYUF+z27zY7P58U4zAmFyTgKwy/Kskxl5R7cbjeRUZGtRueyLKEbOharlTFjx9KrZ28mTpqE3W7/VVOQYehImOjRoyennXY6xx9/PPEJCQQCTftRrDYbmZkZeDweLBYrO/PzMZvNZGV1wufzoWkamqbRqXNnAAp2F9CvX/+gaGmaGnSQtzUdlGhaYVZaWoKhGzz4wP2tvg8PD8dkEiH5BQLBYZq0ZAmr1YbH49lvlaqu64SHhzNg4CDi4xOQpF82QOuGjt1uP+Aiqb9c2JMmP4WFeXPn4vV4GDhwIDabjZrqagKBAAMGDOSZ555HliTMzSupfm3joK7rhIaG8djjTxAeHo4sy5hMpuZVVIFW66N/WaZsYLFaoXkj4y+mtKbfwjCwWA/NdmgAimLC7nAQFx/HW2+/g81mD/6moihYrRa8Xq94GwQCAYezYjYxMZGi4iIyMzOx2WxNodplmcSkJCZMnEiXzp1RlKbB6t4VrgUFhSQkJGI6TFO6/FsLbrPZcTgcwT/7KprFYmn1vcPhaLWCymw2B8+z2+0AfPbZp7zyyst0y+7Oaaedvp95R2qxqcbr9bYrK+PeMgVUdT+lpg2fTNeuXVE1jaXLlmC1WpsrRGfp0iWYLRbS0zMOyQluGAZWq4WsrE4UFRWxMz+fpKQk4uLiiIuLw2KxYDIJf4hAIDg8U5bVaqNHz56sWbWKioqKYOgTXdepq62luLiY+rq6oK8EoKKigk2bNtCrV++g6By2T+RwXCI+r49XX32ZiMiIpuWpepNZ6LLLLg8W/ssvPmfH9u2omhr8gVNOPRVFbto7sXzZMp588gkCfj+1dXVszc3l++/n07FjRx586CGiW2wg1HX9kJfBtjzHMAxo49y9x+xFVVUGDx7CyJEjef6555Blha5du7F48SJmf/opF1x4ERkZGeiavt+5bV1v7++rqsppp03l01kzuf3227hu2vUkJyezetUq5s79mvsfeIghQ4Y2zXYEAoHgEETEYrEwcOAgdmzfzqpVK3G5XERGRmIYBpWVe8jP30H37Ozg7KSyspLFixdRWVnFlCknBv3Dh+9YP0QcTicul4tZs2YGf7jJdBTKmWeehc1mIzIyiiVLlvDTTz/9kgVLlundpy+hISHExsayYcMG1q5dEzRlJSUlcc0113LBhReRkJCA3+8P7gsJDw/H5XIdUjldLhdhYWG/au9zOp2Eh4cHj9F1HZvNxiP/+S9PP/Ukb77xBgHVj8Pu5Nprr+PKq64O3o/LFUJoaOvrh4SEYG42k+0tt91uJxAIkJKSwrPPPc8T/3ucxx/7L9C0aXHKCSfQsWOW2HQoEAgOW0iSk5M5bvx4vv/+e3w+H8OGDScmJoa+ffuTlJxCbEwMqqpSWlrK6lWr2LVrJ5MmTiI5Ofmw/bHS5Zdfbky74SZcLtchqZDX68Xv80Ebq5BcLhdqs9moTQFqXr3U2NjYymsgSTJWqwWns6ks+zqH6uvrMZlMOByOdpfT7XajaRoul6tNIdlrF/T7/YSEhLQ6Zq/tsLq6mob6esLDwwkNC8cwfplpeDweVFVtdf299+V0OoPltlgswSXIZrMZv99PZfMmx8jICCIiItE0jcMNiCkQCATQtI1h7Zo1zJs3l8ioKLKzu5OSkoIsSXh9PgoLC1m9ehWGoXPccRPo2bPnb4qdddgiIkkysiy1tg5JQPNKgL0b6/YXt19CDzd1utI+7mcOWI69oUMOpZztOael7fBA3zWtZtDbDPO+7/X3/aytUPB7n8/e3xXiIRAIOIIxtAoLC1i1ciXr1q2jpKQYj8eD1WYjMTGRHj16MmjQIJKSkn97FF8Oc1mXYej8ml/ZaI7Ae7Dp16FwOB1te875tZj6v3ynt/v6bflIDuf5CAQCweGYtcxmMxkZmSQnpzBx0mRUNYDeHKXDZDId2Xwi9fX1Ym+CQCAQ/M2EZK+YtGWq2rt35EhgKmoIIPKsCwQCwd9XTH5P5JDQMCRJFk9bIBAIBIcuInEOE7IkHoRAIBAIDkNEdGHJEggEAsHhioh4BAKBQCAQIiIQCASCPxwTtNxQJ5wjAoFAIDhEEQkEAvgDAbFrWiAQCASHJiK6rpO3Pf+wwwALBAKB4BgWEbPZzPgxI3CFhIinIRAIBIJDN2dZrVasvyGKo0AgEAg4dldnCTOWQCAQCMQSX4FAIBAIEREIBAKBEBGBQCAQCBERCAQCgUCIiEAgEAiEiAgEAoGAo2mfiODvhapqTSFsRCg0gUBwMAyac68rQkQEUFJaSt6Onei6jiRURCAQHFRDDGRZJisjjYT4eCEix/oMJG/7Trp07kh4WJh4IAKBoF3U1NayJXcbMdExhzwjESLyN0I3dAzDICI8HLNJVK1AIGgfEeHhGIaBbuiAIhzrx/z0VISxEQgEf1CfIUREIBAIBIjVWUeBkjc0NOJw2FGUX6aDPp8PfyBAiMv1p5WrpqYGVVWD2St1XccAQlwu7Hb7IV/T4/Ggqioh+6QPqK+vR1EUHA5H8DNd16mtrUVVVQAsVithoaGtzmtsbMTj8aDrOjabjdB9vhcIBIh9In93/IEAz736Bh98MrvV1HDhkuW88uZ7wU70j8br9XL+BRcwZOhQBg4aRM9evRg2fDhDhg7l888/b/c1PpgxA5/PB8Drr7/OpZddtl8mzGnXX8//nnii1WdlZWUMGjyYwUOGMGLECMaNG8fZ55zD6jVrgsfcdvvt9Onbl/ETJjB6zBhuvOkmqqurRaMSCISIHHtC8tOSZSxcsiz4WSAQwNvc+RJcRaW2aYvUNK3NY1rS8pj2YLPZePedd1i2dCm33nILCfHxzP/uO5YtWcLpp58enC3si9rid6qrq3niiSeCx3k8Hurq6vY7p76+nsbGxv3u1e128+abb7J48WKmv/ceHTp0YOrUqWzctAmA8vJypk6dyg8LFvDaa68xf/58nn/hBdGgBAKEOeuYQpFlIiMj+OyreSTExdKpYyaSJCHLEiCxdv1Glvy8kvqGBnp068rk8WPJzdvGqrUbMAyDktIyRg4dRGnFHrbk5pGR1oEpk8bjsNvZtDmXhYuX4fP7ye7aibEjh7cymx0ISZKIjIwEICIiApvNRnx8PGazmcVLlvDmG2/g8XgYM3Ysl192GVVVVfzvf/9jR34+aampXHrppbzw4osUFhZy++23c/bZZ2O12ZDl/ccfsiy3+bmiKERGRhIVFUVUVBT/ffRR8rZu5amnnuK1V19FlmVcLhcRERFERERw/OTJrF27VjQogUDMRI4tVE1n9PChdO6YwXsfzqS+oTHY0auaytbt+WSmp9K/dy/mzf+B3Lzt1NY1sGjZckJCXKQkJ/LOjE8oKS2jf99e/Lh4GWvWb6SkrIy33/+QhPhYRo8Yyk9LlrNs5epDLp+uNy0BliSJvLw8Lr/sMsaPH8/tt9/Oe+++y7fffstbb7/NkqVLuffee+nbty8Wi4UOKSk4nU6GDx9OUlIS+iHOhtqa7Rw3fjybN29GVVVkWcbj8VBbW8vatWv54ssv6d+/v2hQAoEQkWMLQ9ex22ycc8ap6LrBjJmz8Xp9SJKE2WzijFNOoG+vnkREhKMoCqXl5SiKTIjLxQkTj2PiuDHYbTaGDx7AuFEjSEyIp6amjs25ebg9XjRNp6i4BEVR2Lmr4PCnnyYT382fT2NjI/n5+SxYsAAkiaXLlhEfF0dRURFff/01I0aMIDU1laFDhxIREcFpp51Genr6IZvUDobdZmP69OkcN348519wARMnTODaa64RDUogQJizjsHZiEZoSAjnnzWVV956j7ztO4iLjcHj9fLJ7C8pK99Dh+SkJrOPsb+fRFYU9ga9spjNTaN4rUmckpLiUWSFk6dMIi4m+jeV0+f1kpaWxqBBg1BVlf79+5ORkUFSUhIhISG8+957vP7663w4Y0arMlosFmg2kx3IpNXmaGWfz7/79lu6de2KyWTC4/UydepU7rn7bux2O+Hh4aIhCQRiJsIxuGPcCDrKu3TqyImTx1NTW4csSezaXcja9Zs49YTJDB88AF03gsfrutHC7PPLNXRdR9M0MtJTUTUNWVLo3q0LmqYd1mqvpt/S0XWdYcOGUVZeTnh4OKNHj8bVvAR5165dDB06lHfefpvo6Gg2bdqEw+GgurqakpIS3G43AG63m+KSEsrKyigrLw+Wp7a2lsrKSkpLS6mqqgreQ1VlJZWVlWzevJnbb7+dtevWcdNNNwFNiw/CwsJISEgQAiIQiJnIsYvTYcfcPHsAGDVsCIXFJdTU1pEYH09ahxSmfzSTqMgI4mOjMZtNmEwmnM6mvRqyJOFy2jE1hyyx22woikJGWipTJozj86/n8sWcb7BazEw9+YRDLp/NZiMsPJxAIMCAAQO4fto0Lr/iClxOJxarlccfe4zc3FxefPFFQkJCSE5KYsKECTgcDjp36sSJJ53EQw89RExsLDk5OYwdOxZd13E4HMyYMYPkpCQ+/PBDvvvuOwKBAJ07d+aZp5/G5XJxyaWXYjabCQ0NJTMzk1kzZ5KdnQ1AaGjoYe1XEQgEfz7SJVdeYzz9+KP7bRwTcFh7MkwmU1AE9s4m/IEANqsVfyBAXV09IS4XiknBMAxkScLvD2Cz28Aw8Hp9WCxmFEXB6/OhyHJQmNxuDx6vlxCXM2hWYp8lxkuXr2TIoP5BU1ir7/1+fD4fLpcLSZKCy3fr6uqIjY0NduQVe/bQ2NBAcnJy8F68Xi9VVVXExMQ0b6xs+GV5siQRHhaGz+fD6/ViNM+wTCYToaGh1NfXo6oqhmFgsVj220zY2NiILMtCSAQC/rztCb/Wd4iZyB+EzWajLV+AzWoFmnwc0VGR+x1jtyvBzthu/+Uae8/bi8Nhx+E4/I7WYrHsJz57l9W2JCY6mpjo6P3uLTExMfjvvcuGW5fP0Wq3+l7CDhJR2Ol0isYjECB8IgKBQCAQIiL4q7PXVCUQCAS/d58hzFl/pxGBJCNJEtU1NSIplUAg4FCSUkmShCzJQkSOZUwmhazMNLZs3SbS4woEAg4pPW5m2mHlWRci8jcjIT6emOiYpjAjQkMEAsHBVQRZlg9LQISI/I1nJIea4lIgEAgQjnWBQCAQiB3rgt+E2hzaRCDgTzSRtAoOJzjC5icJk8nUtIn3iCzKaYqFdzirtEyysJsfbsheMI6+l6S0rIxtO3aiajpipa/gz0MCSRg6fi9HuNlkpkNKEo3uplTV0m9KoQ2KIhMRHkZcbMwhC4mppMGPLgYMhy4gLz8Ba1YddaMte20tPSRJhBAR/LkC0qcfXHkLyEJIfg8CzSGUUpISDhg5u73omk51TS1VNbXEREe1K9ldKxGxmGTEkPUwpHvNKlizoullkeSjYlayNypweFiYqFPBn6IdwXfDYm76I2YjvwsWsxlnGyGGfgs1dXXohnHIS3JMHUJtKKK/OTzDZJ9+8MK7IJuOChFRAwHW/7yKwQP7HXIQNYHgCGx7Bl2Fay9oeh8MQywz/4sgK/JhV5VJN4Qt6zcNvWRT02jraHhZFANDVkAxgSyW+Ar+jN7IhFAOscRXcKimrWbcbg/1DQ1tHubz+6mrq/8lfHo7Ekht37GT4pLSQyvL3j9HGZqmkZ+fj9/v/1N+v7CwkNraWtFe/8D3QSBERHCIfDnvWx5+7GlKyspbfa6qGq+9PZ0nnn8Fn8/X7hWSs7+ay9KfVx2Zsn35JcXFxX/as8nLy2PsuHEsWbIEgI8++oi6ujr+qDwvp59+Os8//7xopAKBEJGjFzWgUlpewbfzf2i1amvtho2s37QZf8C/Xz524wCjdl3XkSQJY58jNE07rLK9+NJLbYpIy+sd6NoHmj0dbFbV8nodOnTguWefpXfv3vh8Pv7z6KPBVLvtvcaB9r60Ve6Wn1mtVh555BFOP+OMg46eD/f5CgR/9ky/rr6BwAHSZgdUlbr6ht+lfYvNhkd4f1VCXCzrNm1h246ddMxIx+vz8e2ChYSFhmBSTEiyjNvj4ZvvfyR/526sVgsjhg6iR7euACxetoJlK1fjsNup2FNJRloHADZtzmXh4mX4/H6yu3Zi7Mjh7VqKp2kar732GmvWrOGJJ55gypQpZGVlsXjJEupqaykoLOSO22/nnXfeYfPmzSQmJXHvPfcQERHBI488QnR0NIuXLEFRFP7vrrvo0qULc+fOZfr77yNJEqdPncqoUaN49NFHiYqOZuWKFZx88skEAgFmz55NUnIy9917Ly6Xi58WLaJ79+48//zz7Nq5k/vuv59JkyZx2qmntirzypUr+emnn6irq2P37t089dRTvDd9OosXLcJut3PtddfRp3dvKioqeOLJJ9m5cyfR0dHccvPNxMfH8/TTT7N+wwbCw8O59ZZbyMzMJCcnB8Vk4pt584iPj+f0008H4MMPP6S2tpYLLriAp595hvXr17c6TyD4K9DodrN85RoS4uPIykzH2iL5nM/vJ297PiWlZQzq34fQI5zFVsxEjuRMRNPonJVJ56xMvpo3H4Cly1fidrsZOWxwk8wYBp99NY9Va9YxZGA/YqKieGv6RxQWl7Bl6zY+/vRzumRl0rN7V/yBAIqiUFJaxtvvf0RCfCyjRwzlpyXLWbZydfsqWJbJzMxEliT6DxhA127dKCkp4d5776WqqoqpU6eyefNmbHY7N9x4I+vWruXZ555DkiSmv/ceixYt4vzzzqOqqoqH/vlPampquOHGG5k0aRJXX3UVdrsdt8fDSy+/TH1dHaeeeio33nQTM2fN4rLLL+fHH37g1VdfRdd13nvvPerq6sjKysJitTJkyBAyMzNRVRWPx4PH40HTNIqLi7n3vvuoqq5m6tSpvPjii8yYMYM77riDkSNHcv3111NVXc1tt99OzqZNTJs2jV69euF2u3nwoYdYsmQJ995zD5mZmdx8yy34fD7mffMN27dvx2a38+RTT6GqKn6/nyefeorw8HAefvhhFi9eHDzvpptvbrfpUSD4s7HbbCTGx7Fl6za2btsR9D36/X62btvBlrxtJMbHYW8j+6qYiRxlTkVFUTh+9EieeuEVvl+4iIWLljF6xFDCQkPRdYNGt4d1GzZx3OgRDB7Qj/59erF2wyZyNufi9nqJi41hysTjAFj+8yokJDbn5uH2eNA0naLiEhRFYeeuAoYNGkB7ks0MHTqUyMhIxh93HD169KBg9266dOnCf//7X6zNKXgnTJjAtm3byMrKYseOHfh8PkLCwrj++usZMmQIAVXl8ccfR1VVoqOi+Gz2bK644grGjx9PSWkpERERXHHFFSQlJfHyK69w4gkncPzkySxevJjc3FxUVcVmtWKxWBg1ahQup5MTTzyR6Kgopk+fzuuvv47FYuH+++/HbDbTpUsXHn/sMcxmM08+9RR2u53533+Pu7GRmpoaVvz8M0uXLuXTTz8lu1s3hg0ditfr5fPPP6d3r17MnTuX2poaNm3aRFVVFVarFV3XOfvss3nyySdZs2YNbrcbQ9cZNWoU//zXv+jRvXur86qrq4mPjxftWnDUYzab6ZiZjm4Y5OZtB6BDchK7C4vI3baNzh070jEzHfPvsPRfiMiRno2oGslJCQzo15sZn8wmOTGR4UMGsXb9RqDJrq/pOjabNThTsFjM+AMBAoEAthY51vduGNR0DbvNRlJSPIqscPKUScTFRHMou1t1XQ/aQw3DIDw8HKl5p+vnX3zBc88+S69evdhTWUl4eDiGYSBJUvAcs9kMhkFoaCgzZ87klVde4fbbb2f0mDHccccdyLJMIBAAmnKmm0ymYF53SZJa+U/8fj+GYQSvPX78eLr36IEEZGRkMH/+/KbyNf++YRj07duXXj17ous6kydPxuFwEAgEcLXIz67rOrIsM3DQIHp07w7AqaeeSlRUVPD+XU4nxx13HG+9/TY+n48TTzqJyMhIDMNodd4pp5xCVFSUaNCCvwxWi4VOHTOQkMjJ3UpBYRENbjfdOmeRlZnRysQlzFlH7UTECHaW48eMJCMtlYnHjcZqsTQ7yzUcdjtpHZJZvnINlVVVrF63karqGrIy0omLjWHX7kLyduSzOTePopISdEMnMy0NVdOQJYXu3bqgaRrqARxoBzJpSZJEYVERdXV1wQ5cau54n376aaZMmcLDDz9MWlpa0Iyj63rwfvb+vaGhgZqaGu6//35uv+MOVqxYgdfjaeX03rswoK2/G4aB2WwmEAhQWFhITU0NsbGx9OrZk549e+JyuYIdvqZpKIpC37592bJ5M/3792fQoEG43W6Sk5NJSkzkrbffpqGhgbVr11JcXEzfvn3ZunUrw4cPDzrxZVlGa3EvF190EZ9//jnz58/nnHPOwWw206tXr/3PU8ReG8FfUUjS6do5C7fXS9fOWXT6HQVEzESOMDarFa25w4yMiODW66/BbDY1j+RN2G12zGYTU0+awgefzOaJ519BAiaOG03nTh1JSkxgw8bNvPb2+yQlxJGUkICiKGSkpzJlwjg+/3ouX8z5BqvFzNSTT2h3uVwuFyedfDI33ngj5513HgMHDgzONmRZZvLkybz/wQesWr0av89HfEICkiQRHh4enP5arVYiIiNxu9089M9/0tjQQH1DAzdcfz2hYWGEh4cHY/iEhYVha7a9ulwuQkJDkWWZ6OhoJEkiJiaG48aP59xzz+XKK6/k1ltuaVVei8VCWGho8N+33nILN99yCxMnTUKSJPr07s2AAQN47LHHuOXWW/l+/nwUk4mH//Uv/vXPfzLt+usZO3YsOjDhuOPo168fYaGh2JpNd7169aJ/v36EhYeTmZEBwEMPPsjNt9wSPO+4cePo378/ioj9JPiLYbFY6NKpIx2Sk3A47JhNv283L02bNs145JFHcLlc4unT7ohlcM15TX9/cXpwd/heZ5alDdVXVY2AGsBmtQbNNPUNDZhNZpxOR6tRfH1DI06HPTiC3hvCxO324PF6CXE52/wNfyDA0uUrGTKo/35hTzRNo6ysLCgMXp8Pl9MZjNhZUFCAyWQiLi4On8+HzWajoaEBu92OyWQiEAjg9XoJCQnB5/NRUlJCSEgIUVFRGIZBXV0dISEhyLJMQ0MDFosFi8WC1+tF13Xsdjv19fU4nU4URSEQCFBRUUFkZGRQcFqa37w+HyEt2qRhGBSXlCABCc0i1/RM3MHrhDSvOlFVlZKSEixWK3GxsQA0NjZiMpmCPiCv14skScF/H+g8wZF5NwRHNx6vlx35u+iUlXnIoiNmIkd4BPBr2QZbpp9UFKUpUOI+NH0e2urfe3E47DgchxedV1EUEhMTaemIa0lKSkrw73sjAIe0WApoNptbzUrS0tJaOe/DWtxLywFJS4EIbTG7MJvNrcrDPk7CfcsnSRJJbRzvcDhITU3d51mbWt0PNPlpWs0a21il0tZ5AoEA4RMRCAQCgRARjtrIpUdRWQxJCq66Egj++B5F/iUAo0hH8JdBU7XDDnsmzFn8xj3qunrUhIJXDB2TZFBeUkpcbLSoHgF/hk9E0TVAIuD3C58Iv9dWApXa2jpCXK5DTiLV1ibp6poaZFlCPpz0uKI6fkMY+DUrm3InHCVJqRRJonddPT6fl0aTqFrBn/BOGDqu7Vupy+zEhp9XNaUmEJF9j3x6XLOZtJRkyioqUFXtN29NkBWFqKjIw8qSKHqawzVh9en3y2zkaHlJDANXWCguQkUdCf6k6HESRA4mrFcfBg/sL9Lj/k6PWZYlTCYTXq+v3eklfjUtktR0vUPNry5E5LAfugxX3SJGWALBAZAlGYskfCK/N3sjX/yZCBH5LUIi3hGBQCBWZwkEAoFAIEREIBAIBEJEBAKBQPBXQfhE+PtFEnZ7PDQ0NuXKoF3uHRmX04HDbj+s1RkCgUCIiOBvgtvjYdHSn9ldUITWvOnrYOsFFVmhQ0oSw4cMxOlwiIcoEAiEiByrNDa62V1QxNBB/YmOijzoGnJJkthTWcWS5Stp7OkWIiIQCISIHMvszZwYEx1FbDuzH0qShKbrrRJLtaSqqhp/IEB0VCQmkwld13F7PK2yCgJ4PB4kWcZmteJ2uzGZTG1GNvb5fGiajsNhx+/343Z70A0dk6K0ivS7r5muvKICk2IiKirykJ5JYVExmqaS2qHDb3quB7xnST6k9frFxSXY7XYiIsKDIf7ztm/HZrPROasjv9WcWVBYRGREBC6XU7wQAoRjXXDYnd5vPVZVVZ5/+VUuvPxqrrz2Rq676TYKCouorqnhvIuvYPHSZa2Of/aFV/jwo5kAPPrEM9x0+/+hBlpnYPT7/Uy7+Q6eeu5FAL74ei6nnHkul19zAxdfeR23/eMe8nftai1i1dXccff9XHbN9Vxy9TTu++cjuN2edt/frM++4O33Zvym57mnsvKA9zzjo09+9dy8bdv5eeXq4DO956GHeef9pvLsLizk2htv5dU33mHd+g2Htft43fqNbNiUExSka2+8jS/nzBMvgUCIiODPZdXqtcz9Zj5PPPow77zxEpMnjsdsNmPoBmXlFTz86BMUFZfQ0h/jbU6tGwj4+f6HH/n2+x9aXXPet9/z40+Lggm86hsayMxI542Xn+PZJ/6Lpus88fTzwfzrAB/NnE1lVRVvvfICLzz5GH169kCWf93X0/L8val2W31/AOHc97gWEWUOes8HuvaiJUv58afFwZwld956E6efejIAMz6aRWJiPM89+V/OnHrqfgsb2hL4fcv4zfwFrFqzDgCn08F//nkf48aM2m+G8lsHGwKBMGcJDom6hgY0TcfucBAeFsYpJ04BoKS0jOioSJKTknjw4Ud55olHgxkb93aCZpOZIYMGMv3Djxg2dBChISHU1tXx4SezGDSgfzDy6N7sguFhYYSHhXHaySfy3yefwevzBf0zNTW1mE1mHHYH0VFRJCcn8cPCReTmbePKSy9CkiTytm1nzjffce5Zp/PBRzMpKCwiIT6Oyy66AEVRguXaviOf6R9+Qn1dPampKVxwzpmEhYWRs3kLH3w0E4/HS2JiPNFRUZwx9RTszcmrDEM/6D3ve+1LLjiXnbsL+Gb+AkDimRdeRlVVZEliyuSJrFi1mp8WLyE+Lo7nXnoVt9tDeloHzjjtFKpranhn+gyKiksIDwvjogvOQVM1PvhoJiUlpWRmpHHlZRezbv1GFi9dRlRUFHV1daiqitlk5pSTjgdg4eIlzP1mPqoaoF/fPpx52ik0NDTwxjvTiY6KYvXadYSGhnDVZRcTHxcnGr1AzEQER46B/fqSnJzIpVdey30P/Zv1Gzf9sqJLUfjHbTdRV1/Pi6+8HhSEvQRUlUkTxhEVGclHn8xqmlF88ikxMdEcN3Y0ATXQKh1ufX0DpWVlzJz9ORlpqcF86ACnnHg8JWVlnHvx5TzzwsuUlJaRnJTIhx/PYtv2HU0j+o9n4fP5+HLOPNau28DVl11Mty6dgyPwprS9jdz9wL+ICA/jnLOmkrdtO0888wJer5fHn3qO1A4pnH/umXz/w0KqqqtbpRg2jAPfs6zIuN1u7r7/n62u/diTzxIdFUV4WDjxsbH06dWTfn16s3T5Stau30hqhxSio6OIjYmhd88eqKrKvO++R1VVHnviGbZvz+ecM6fSuVMWXo+XLVvziI+L5dyzT+eHnxbz+VdziIuLxel00CE5iT69etIjO5tv5n9PQVExOZtz+c9jTzF4YH9OOfEEPpk5m08+/QxdN/jwk08pLCri1JNOIDdvG++894Fo8AIhIoIjS1hYKM/+77/847abaWhs5IZb72T1mnWYzRY0TSM2JpoH7/kHX349j+8W/NjKiW7oOjarlSsuvYgvv57H8hWr+GrON1xxyYVYrRYMvalzt5jNrN+Yw5XTbuLaG29DkmRuueG6VjkSunTuxFsvP8/555zJzytWccOtdxIdFcXAAf344qu51NXVs3rNOs447VQiwyMoKy9n4ZKl9Ovbm7CwUHRdx2QysTEnB8MwuPryS+jbuxfXXXU5K1etbsqloMh06tSRzPR0EuLj6N+3z355Gg50zybFxKbNuRjQ6trLV6wkNMRFeloHUpKTGDFsCKNGDCM5OQkMg9iYGBLi4+mYmc7woYPp16cXdquNyqpq1qzbwI3TrqZPr55MPeVEMjPSmTBuDKefejKhIaEkxMexI38nqR1SSE5KolNWR0YMG8JxY0YSExON2WRiwY8L6d2rBydNmczQwQM57ZQT+fGnxXh9XsLDwrjwvHMYPnQwJ0yaSGFxqWjwAmHOEhx5rFYL48aMYtyYUVx30+0sWrqMCzPSgCYneedOWdxw3VU8+czzRESEM3bUyOC5/oBK925d6d27J9fddBsnHD+Jbl27sHL1ulYzlm5dO/Ov++/B6XAQFhba5obHyMgITj/1ZCaNP46zzr+EvO07OPv0U3n40f+BBJmZ6aR2SCYtNYXQ0BC+nDOPWZ99yVOP/Ruz2YwkefB4vNjtNuRmcXA47AQ0DZvVxrAhg3juhVdIS01lQL++DBzQr83n0dY9Jycdh8frxW5rfW1N1/H5/Wiajkk22vRD6Loe9HGoqgpS08zMMPRgrvu9fPrZl8z7bj7ZXbvS0NAYzP2g63pwxuUPBDAMA8MAj9eHo8U1XE4nqqqia3rTirzm3zWbzciyjGEYYrOpQMxEBEeOr+bO453pM6iprWXbjnxKSkrp0ikLXWtaDry3Wzz5hOMZPXI4S5f9jKy06NiaO8tLLjiPYUMGc9H55wT9C3rzTETXdawWC0mJCYSHh+3XiWmazqtvvsN33/9AXV09q9asQTd04mJj6NWzB9FRkbz7/oecetIJSJJEYVExvXv14OEH7iUiLIztO3YiSRKBgEqXzp0oKSlj2fIVuN1uPv9yLslJibhCXGzfnk9SUiIDB/SjX78+aG0k+jnQPRuGQZdOHSkpLW197cREQkNCkGWZ6tpaamprmwXCCHb6LQXAMAw0TSMqMpLY2Fg++/Jr3B4PuXl5bN6ylfdmfMQZp53C1VdcQmRkRKtkRBV79lBXX4+mac3X1Onbpyer166joLCIuvp65n47ny6dOmGz2dA0tdV9CQe7QMxEBEec+Lg4Zs3+kk8+/QyAMaNGMHb0SKqqawgNDWnV4V931eVszduGqTmjotPlxGJtMm+ldkjhqcf+HTzeZrXidDqa/27D5XKi60abK65kWSIyIpzX3nqHZ198BVmWueaKy+iQkgzAkMGDqK6tY0D/vgCsXb+BWZ99gcNuJy42lsED+5O/cxdWq4WE+Diuv/ZKXnj5NUwmE2azmdtuuh5VVXG73dhtdnbu3MXX874lIiyM/zz8AObm+5Fl+YD3LEkSsTExXH/tVftcexqyLDNm1HAeeexJ7rj7fu7/vzsJCw3B2uzzcTqdQf+PxWrB6XRgs9u49cbreOyJZ1j280rMJoVrrriMUcOH8s70Gfzw02L8AT8R4WFN9TJyOM+//Br5O3dx9523EhYaimEYjBk5gk2bNvOPex5AVhQSE+K58LyzAQgNDQnOZGxWq9hTIjh8pk2bZtTX1xuCvwclpWXGi6+/Y5SVV7T7nLLyCuPF198xSkrL9vsuEAgYZWXlRlV1dfAzTdOM+voGQ9f1Vsf6/X7D6/UZhmEYbo/H8Pn8bf6ez+cz3B5P8O+NbvdBy+j2eIyS0jKjvr6hVdluuPVO470ZH7U6tqq62igqLjZUVTUMwzA8Xm/w9wzDMBoaGozSsjLD528qX86WXOPUM883iktKDJ/PZ3zy6efGBZdeFbwXwzAMTdcPes9tXXsv1TU1RlV1jaHruuF2u4Pfu90ew+vzBa/V8ll4PF6jqLjEaGxsDD73oqJio6qq2tA0zfB6vcFjKyurjNraWkPXdaOxsdEIBAKtnkd5RUWw7LrWdC+apgV/192OOhAI2kLMRP5u9klZRpZlKvZUtjKbcJCwJ3vP22+qajIRGxuz32+0NXI1t1jNtHdpbFu0dMBbLBYs7bgvu8223zWLSkqRJInjJ4xv9XlEeDgR4eHBf7dc6bV39O9ssfM8PbUDY0eP5O77/4XVasVut3LbTddjtVpaZOqTDnrPbV17L+FhYb/cSws/hd1ua3Wtltez2awkJsS3eu6JiQkt/FXWVj6jvTj2CV3T8lk0BdxsfS/7/q5AIMxZxzAOR9Nyz8XLV6K3MwCjLCt0SE7cr/M52klKiOexfz/0mztAm83GtGuuoL6+gYCqEhriCprlBAKBEJFjS0TsdkYMGUij291uZ6ksyzgdjv1WAx31jfcId/QhIS7RgAQCISIc4+YsCafTEXRcCwQCgVjiKxAIBAIhIgKBQCAQIiIQCAQCgRARgUAgEAgREQgEAoEQEX6XrH3tJaCqqAdISCQQCAQC/vwlvuu35LF+cx7VtXVERYTRt3tXumSmHfQ8fyAABlgsZurqG3n+3Q/JTE3hjOOPOyJRR71+P/975V2SE2K5aOqJAGzI3cain9dgMilNO7kNUDUNu83KccMH8c3CpaQmJTBm6ADqGxr5ZM58YiIjOH7M8GAMqLqGRj77ZgER4WGMGdyfBctWsmNXIS6ng77du9CzS1abu8QFAoFAiMg+zJzzHR9/NR+TohAe6qKqto6vvl/E+acez+TRw3713Ofe/pDE2BjOPmkiqqZRUFyGw2Y9YqGrdV1nx+5CJFkKXrOmrp6cbflgGJTuqcRqMRMVHk6Iy0G/Ht2Y++NSBvbKZszQAdisVrbtLGDuj0vo0aUjqUlNoSmWrl7PjC+/5dyTJvHep1/z7aLlJCfEUt/oZm1OLg/fNo0Ql9jPIRAIhIj8Khu2bOOjr74js0My1154JtER4ZSUV/DsWzN4f/YcumSmYzIp1DU0EuZysmnrdlIS4+naMZ2cvB1s2LINvz/AinWbMAw48biRpKckIssymqaxKW8H5XuqSEmIo3PzzGZj7jZcDjuNHi+lFXvI7tSR+JgoNF0nf3cRO3YXEh4WSr/uXZAkCUVRUFrMCob168WgXt2pqK7mrkefIzsrnZsuPQ9JlqiorMZkUjCZlObYQybGDRtITt4Olq/dSGpSApqus2zNBmIiwujfoyv/ffltumSmct+NV+Lz+dlTXSMERCAQHNsiUlffQF1dPZqhgwGKLJOYELefiWbd5q0EAionjR9FcnwsAOkpSUwePYzn3/mInLztuD0+Zs6ZT1REGA2NbnRD57KzTmX52g14vF627txNcXkFmqZTWV3L5DHD6JjagRfe/YgV63OwWSx4fT4mjxnOmVOO46Mvv2F3cRlWq4W6+gbiY6J54OarWL5mA9Nnz8FkUmj0eJkyehhnTBm/34xGlmUsFhlrc7BAWZaDAfnamv3079mN+Ngolq/ewNRJYykoKSN3204G9skmLSWREKeTHbuLeOvjzxnctyc9u2S1+Uxr6+qprqltMyy6QCAQHCkMQJGaUhyE/oaQP4dlkDcMg10FRezcXYCqqQcN8VdTV4/NaiE2snU00ejICMxmE3UNjeiGjqbrXHz6iTx8xzQUWWHZmg2ce9JkzGYzw/r15j933sDd0y7DbFKQJIl1W7ay8OfVHD9mOE/dfxsDemXz1fyF5BcUgyRhs1l56JarOfOECRQUl5KTt4OeXbO49coLePQfN9AlI5WfVqyhweM5oFmsZRTcX4uIG+pyMqh3D3YVl7B5+05Wrt+ML+BnWL/eWC0WLjr9BBLjYvh20XL+9exrPPPmB/j9AdGSBQLBn4IEqJrKzt0F7CooOmjE7yM6Eyktr6Ch0U2XrI5YLAePoBoVEYbH66OwtJyM1JTg58Vl5QQCKhGhodQ1NGCzWuiYlkJEWCjRkeHBEbkEWMwmHHYbgUCgyfwkyxSVliNJMt07Z+J02OnaMZ2fVqyhuKwCSZIIC3ESFx1FcnwsiqLg8/uRJZnVGzbzaXEJxWUVGBz+aq99hWfEgD58s3Ap3y5cRkFJGalJCfRonnH0ye5Cz66d2LItnxlfzGPxqnWMHzGYrh3TW10jLDSEsNAQ0cIFAsEfgt8fIG/HTkrLK0iIi/39ZyK6rlNZWU1KUkK7BASgX49uOOw2Pp33A5vz8ml0e1i7KZcv5/9EZHgYvbM7ozWn6HR7vFTV1FJVU0tEeCiKSUE3DPyBAJqmYTQnKDV0g6jwcHRdo7CkDE3TKCnfgyzLRIaHgt4yBWmTs9znD/DCux+zYn0OE0cMIb1D8m9aLhxQVRo9HhrdHrw+P2kpiWR3ymDZ2g0UFJcyfEAfbFYLbo+X2d8sIL+giE7pqSTGxYBhBLPmCQQCwZ+FxWImJSmBysrqw+oPTYcjIqqm4bDb2n1Op/QOXHT6CUz/dA4PPP0yVosFn8+Hy+ng0jNPCjq8vT4/T74+nUBAxe31MXpwfyJCQwhxOpi/+Gcqqqo57+TJ+AMBPD4vfbp3pltWJu/PnsPiFWvZvruQQb270zG9A26vj4DaZC7SdB2f34+qqgRUFa/Pz4r1OWzfVYCqNeW49vn9+ANqm+Ysr89PoMV3hmGg6wZLV29g/eatBFSN3l07cfvVFzF8QB9+XruJsBAXQ/r2aJ5xVTBr7gJmfPENDpuN+sZGBvfpQWpygmjBAoGAPz+FhA1V09B1/ZC3HfxhQ+EJI4bQKT2V9ZvzqK1vIDIslN7ZnUlqdrQbuoHVYqZv9y7omkG3Thn07d4FgKvPP521ObnERUUS4nJy9kmTSE2Kx2GzcftVF/LTz6vZU1XDqMH9GDmwL1aLmUmjh6IbTaqamhTPeadMpkeXLLKzMlm4Yg12q4XhA86ipLwCl9PB6ZPHEb5PDm0Al8PBOSdNJC46MvhdaIiLs06cQCAQCJrD4mOiABjYK5tLzjiJsNAQ4mOiAchMTebBm69i9cYtNLo9JMbFMHxAbzETEQgEf3mkadOmGY888gguV/u886qqsnHzVrp37XREkwK9M/NL5v64hOf+eSeRLVKJCgQCgeD35bf060fNUHhY/96kpSTisNlEjQoEAgFis+EhkZmaTGZqsqgRgUAgQARgFAgEAoEQEYFAIBAIhIgIBAKBQIiIQCAQCISICAQCgUCIiEAgEAiEiAgEAoFAIEREIBAIBEJEBAKBQCBERCAQCASIsCd/HIFAgB07d7Frd1FzGHfpoAkezSYzqR2SyEhLxWw2ixoViPYsEByrM5GGhkZWrF5HQ2PjAdPVsk9mwYbG5nMaGkVtChDtWSA4hmciPr+fhkY348eMJC42pl3nlJVX8OmXc/H5/aI2BYj2LBAcwyLSMnPgbz22sbGRGZ/Mor6+ETDISEtj3JiROJ1ODiWLo9/vx9ZGePrvf1jI+o2b0HUdq8VKx8x0hg4ZREg787IcCh6vl5dfe4Oxo0fRs3v2gTstnw9ZljGbzdTU1vHCy68x9dQT6ZyVJVr6X7w9A+zctZvPv5qD2+1hQL8+jBw+9JBMXl6vD7PZhKIoR+ze1qxbT3l5BRPHj2vVDmfO/oITJk8kNDRENACEOesvSV19A6+9+S719fXIssLM2Z9z0+3/R0NDQ7uvsWrNWl545Y02v/vi67ksXrIMWZbx+rx8/OlnXDXtZrbv2HnkOyFdZ/uOndTW1v3qca++8TbLfl4Z/HdlVRVer0+08r8BJSWl3HH3fZSVleOw23l7+gds3bb9kK7xv6efY9v2/CNarvUbN3H7XfexeOmy4Gduj4fX33qXmtpaUXFiJvLXJiTExcXnn0tKShKVlVWce/HlrN+wiaFDBrFz12527S4gtUMKaakdANhdUEhERDhb87YRER7Oxpwt7Ny1i/ydu4iLi8Vht/+ivpLEmFEjuPaqywHw+/089O//8shjT/DC049jsVgor6hgc24e8bExdO6UFZwhrduwCZvNStcunbHbbOi6zqbNW6irq6dLpywiIsLZuWs3sTHR5GzJJbVDB2647moS4uLwer1UVlVhtzvI2byFhPg4MjPSqaquYdPmLYSFhdMhOQndMLj5+muJj48DIBBQ2bgpB4/XS3a3LoSFhuJ2e6iqqcZsMrN1ax4dUpJJbX4WgqOLNevWI0kyDz94b/No30+ju5HcvG106pgZ9LlszdtOUmICATXAho05hIeH0TmrIxWVlWzavJm+vXsSHh5GXGwMjY1u1m/chNlspnfPHphMCqVlZSiKQll5BWaTic6dsti0eQu1tXX07tkDh8Peqlxmkwmny8FjTzxDhydTSElOQpIkbDZrsExFxcVs255PclIimRnpBAIBioqLcTgc5O/cRffsbmiaxtp1G0hKTCAzIz14/e07dlJQVESnjpkkJsSLhiBE5E8wJbQ0E0gSisnEzNlf8NEns+jcKYvcrXmcftrJnHHaKTzz/EvsqapCkiT69enFsp9XUVlZyRtvv8cF551Np46ZtF59owb/brFYuPSi87ns6hsoK6+grLycp59/iW5durAjP59xY0Zx4vGTuO2u+4iICEfXNQYNHMCJkyfyz0ceY9fuAlJSkvlyzjxuvXEaD/77vyiyBJLM5Refz7vvf8SlF51PZEQ4t//ffWSkpWIymVi3YSP/uO1mKquq2JizBb8/QN62PDxeH5tytvDC048TEx3N3Q/8E5/PR4jLxYuvvM7DD9yDPxDgtrvuJSU5CUVR2Jq3jYfuu5v+fXuLN+MoI7VDCsUlpTz+9HOceuIUMjPSqays5NY77+HRhx8gu2sXtuZt556H/sU9d9zGsy++TFJiIo1uN8dPPI4dO3ezY8dOZn/5NZVV1YwdPZIH/vUf4uJi8Xq9fD33G+75x23MnP0F333/A107Z7EjfxepqR3weX2UVZSTEBfPow8/0MqE5vcHGD92DAAPPvwozz31GIqsNL8TZhYtWcZrb75DXFwMmzZt4Y5bb6R3rx5cd/MddOqYidfrQ9NUnE4XhqGzJTePe++6nWFDBjF9xkd8890CunXtzDvvfcDVl1/CwAH9RGMQIvLHIEkSqqry4SczcbmcLFn6Mx0z0omPi+Whfz/KA/fcxYB+fVi+YiUPPvwoI4cNpa6+nrTUDtx5601YLRYsZgs78nfxwD3/QJYPbvmLjorCZFYoKCzknekf0rN7NpdffCFbcrfyyONP0imrSbSe/t9/yO7aBcMwWLx0OevWb+SVF54mNiaa+oYGJEmiqqqayROP47KLLkA3dF569U10XccwDOrq6rnysovplNWRZ198hZmffs5///0gX8/9lrPPOI0xo0dSV1vH+ZdehSzLzP32Oyqrqnj52Sex2+08+O9HefPd9zn7jKk0ut3cNO0a0tNSufOeB/ju+wVCRI5Csrt15b677mD6jA/58qu5DB82mLtuv4WePbKZNfsLsrt24fOv59CnZw+8Ph9FxSXc84/bSUlOwjAM+vbpzZdfzWHa1VeQ3bUrTz77PJquccO1V+FubOT2u+8nZ0suAVUlPS2Vh+67m1mzv+DF197g0xnvUV1dw+XXXk9xSSmpHVJa+XDMZjM3Tbuay6+9kRdfeZ0rL7s4+P517dKJpx5/hPCwMB7931N8O38B3bO74vP5uPSi8+nUMZPTz72IyRN6cPUVl3LfP//Ngh8X0rlTR956931uu+l6Bg7ox8ezZvPBxzMZ0L9vu1a6CYSIHAERAQyD6ppaFEXhtJNPYNLE8eRt247JZKJ7dlcAemRnI0kSxSWl2Gw2Bg8cgL3ZkS7LMrIst9sRuaeyEl3XcTpdlJSW4nQ6eOHV19E1nX59epPWIYWTTzyeu+59kM6dsrjuqsvZtn0HWVmZxMZEN5ngXC4a3W4cDjtDBw/CarXg9fmCL45hGISGhpCcnNRc/m6sWLWGgKoGy6rIMiaTCUWRAYO8bTvo1qULDocDgIH9+vHFV3Pwer2EhYaQkBCHLMskJyVSWVkl3oqjlPHjRjN29Ag25Wzhznse4Iuv5nDhuWdxx933k5u3jRUrV3Pf/91BRloqA/r35bqbbqNPr55cfcWlREaEI0kSZpMJWZYoKS3H6/Hy2pvvoGoqnbM6YrNaMXSdmOhoTCYTiYkJpHXoQEiIC7PFjMPhwO3x7lcuVVUJCQnhwXvv4oZb7iAuNgaTyQRIOB0OPvtyDgWFRazfmENahxR0XcdisRATHYXVaiUtNZXk5KSmNpiYSHFJKaWl5aiazrIVK1m5eg1+f4CuXTphGIYQESEifwy6bmAym7nqsotbjZxCQ0LweLxUV9dgT4inqroKVVUJCwvFMAx0XW/3qhqz2dRqRcrrb71LZno6HTPTCQ8PY9zoURw/aXxwpZcsy9x43dVccM6ZPPnsi7z65tsMHjiAsvLy4PeGYQRtcC3Lsu+qsb2v0a6CAlxOB2azGV3XgoK39zqSJBMZGUFOzpbg+YVFRTidTsxmE7puoGl68Bzxgh6dlJWXYzFbiIgIp2ePbLI6ZlBbW0eXzp1IS0vlrnseJDMznS6dO6HIMg/ecxfFJaU88PB/eGf6B9xy4zR0w0AxNbXZsNAQwsJCuOv2m1vVvaqqwXZnGEbwndj72a81jy6dsrjh2qv4z/+exmRSkCSJJ555HrfHw8Xnn4vL6WBXQSHGPu275XtnGAYGEBERjtVq4dILzyelecC09x0RCBHhj1pW6fF68flar7dPSU5iyKABPPDwfxg5bCg//rSYYUMGkZKchNvjQdO04LEdUpL54ut5vPDK60yZNKGVGOmGwYIff8LvD6BqKptz8/D7fDx47104HQ5OmDyR199+lz1VVdTX16OqKlMmT2D2F1/TvWsXfD4/SUkJjBw2lBkfz+Khf/+XrI6ZbNuxncsuvIBAINBKRHw+H1qzSFRVVfPsS68SFxvDJ7M+4+orLsVmtRIVGcmMj2dSXl7O6FEj8fp8+Px+pkyawLfffc8TTz9PeEQYX875httvmoaiKHg8nqBYBgIB/GJ/wlHJvO++5/Mv5zBy+FAq9lRSUFDIzddfC8DJUyZz0+3/x7Rrr0SRZdZv2MS33/9AdtcuYBgkJydhNpmIiozk1TfeZszI4Zx8wvHc/69HeOaFl4kID2frtu3ceuN1aJqO3x8AQNM0fD5fiyXC3v0GNqqqtmozJxw/ic25W/nwk1lomkZlZTVhYSHsyN/J4mXLiY+LAwy8Xm+w3fn8ftTm9y6gqng9XhIT4hk2eBAPPvwo48aMJH/XbrIyMzjjtFNEYzjKUAYOHPjAcccdh8ViaffeifI9lcTGRB3xUUFDYyNb8rbTpVNHXC7nbzpHkpum0r17dsfeclWVLDNk8EA0TaO4pJR+fXpz6cUXYLFYUBSFLp07ERUZAUByUiKKIuPxeunZozuuFntMrBYLVpsVwzCw2+2MHD6Ua668lLjY2CYbdtcuJMTHNZnPzGbGjxtDakoKVdU15OVtp2NmBueeOZXQ0FCGDBpASXEp1bU1jB4xnI4dM7FZrGR369K070SSsFgsdOvSGa/Xx8JFixk6eCAVFXs447RTGD92NACZGelU7KkkOiqKrp2zcDjsZHfrSlxsDAP792VXQSFut4cLzjmTIYMHNpvGQumR3a3JDKYopKV2CK5WExw97blr507EREdTUFhERHg40665goy0NABKy8opKCjkmisvw2w2Y7fbKCsrZ/vOnQzo14epJ5+EyaSQmZ5GSWkZyUmJDBk0gF49u5O/cxf1DQ2MGj6MzIx0zCYTaWkdSO2QgizLREVF0rVzJ2RJwm630aN7dqsVWoqikJyU2KrN9OnVg5joaHr16E52ty7s3LUbvz/A8ZPGk9Uxk9SUDtgddnp2747VasFsUujcKYvoqCgUxUSHlCQy0tMYPGgAhqGza3chCXGxjBszqtU7KDiSlpvf0K9PmzbNqK+vN9pLIBAw1qzfZAQCAeNIU1JaZrz4+jtGaVl5u88pLSs3Xnz9HaOktMw4FtiwKcc4cerZhtfnMwRHN39Eew6oqnHT7XcZb74zXTxwwWHzW/r1o8qcZbFYcDodLFq2ArvNysE2+koSeLw+nE57u2dSf3WSEhK44dqrkIXv4qjnj2jPuq5z/MTxDBrQXzxwAcf8jnWXy8mAPr1wOZ3tChVhGAYup4MBfXq321zwVyciIpzjxo4WEV7/AvwR7dnSbCoV4UUECMd60wvRpVNHunTqKGpG8NefiYj2LBAzEYFAIBAIhIgIBAKBQIiIQCAQCISICAQCgUCIiEAgEAgQq7OOFnQD6gI61T4NTW/fOYoMEVaFULOMLLZOCDi6Qu+4PR4aGt0YevsatCTLuJwOHHa7iGMmECJyqNT6dV7fXMus/AYaAvpBRUE3wGWWOS09hMu6hhBhVUSNCo4a3B4Pi5b+zO6CIjRdA6SDZr9RZIUOKUkMHzIQZ3PUZYFAiEg7qfFpfJpfz6pyH0i//soZzSIiNb+aUzOcQkQERxWNjW52FxQxdFB/oqMiD7rhUJIk9lRWsWT5Shp7uoWICISIHCqaAfUBA0kC00GmIWZZIswis8erUR/Q0Q7wflZVVeMPBIiOimzOcfDn4vf7cbubI+dKYLfZsdmsv58w19SiairRUVHtPqesogIZiZjmHCcCDjuonabrxERHBfPF0I5kalqL0OtHe3sOvruaRlV1DQCREeHtzsFz0PZbW0tZWTlZHTsit+gTNE2jtKyc+LhYqqqrqaurJzMjnbLyCpwOOy6Xa5/y6ewuLCQhPg6b1SoaJ39jx3p7/BpWRWJonI3zO4UQZVNoSz9UVeX5l1/lwsuv5sprb+S6m25jd0HhIZXlx58WU16x54je3+dfzeXkM87lwiuu4aLLr+GqaTfx3EuvUN/Q8Ls8zxdeeZ1//uexXx0Fl5SUsmjxsuC/n3r2BZ554WXxdhxBMfmtxx6t7Rlg5eo1XH39LVx8xbVccuW1XH39Laxes/aIXHvN2vU88ewLqKra6vPdBYVcdvX1bMrZzLJlK3j5tTfx+fzceufdfPDRTACW/7ySHfk7g/lYrrn+FpavWCka5LGcT8QwwCTD4DgbZ2WGsq7Sh0c1CGsjVt2q1WuZ+818nnj0YWJjY/hh4SJMJuWgL/DeMMgG8NEns7j2qitajSLbm7jpQMc1NDSQmZHO//7zL5Bg+458nnruJfLzd/Off90fjIl1oPPbSsxzoGQ9uq5z+qkn4fF6f7XMG3I2s3DREoYPGwzA1Zddgma07sw0XUcRCYH+NI7W9pyzZQu333Ufp592Eg/eexdms4l5335PbV39QdvngWc1enNWzqZ2p2lacwK1X66TEB/H/915Cx0zM9m6bTsBVcVsMXPjtKuD6Ri++Houo0YMJyM9jcSEeP7zrwfISE896D2J5Gx/UxHZO47uGGrh5HQX2+v8fLmrgTq/ToJz/5eprqEBTdOxOxyEh4VxyolTKCgs5JHHnuS6qy8nNCSEhsZGXnzldc45YypLV6xkxcrVuFxOzjj1ZDbnbmVzbh5vT/+A4UMGcdIJx/PFV3NZvOxnTIrMySccz4D+fZn77XwKi4qpqKjAMOD4ieP5au43lJWXc/IJxzNuzKj9zBVWq5WIiHAA+vftwyMP3celV01j1Zp1DB7Yn8+/msOSZSta/c6O/J2898FHNLrddM/uynlnn0ldbS1vT59BUXEJ4WFhXHLheWzYuInKqiq2bc8nPa0DCfHxNDQ0kN21C6+/9R7x8bHBdKNXXnoRFouFWZ99QVlZOU8++wIgoWoqI4cNJSMtje078pn+4SfU19WTmprCBeeeRVhoKO998BGKSSEnZwter5cLzj2Lnj26izfqd+Jobc/TP/iYvn16ct1VVwQ/O/+cMwGora3lw5mzyd2ah9Pp5MpLLyI+LpbX3nqXhPi4YDu87KLz6ZTVkU05W5j12Rfs2VNJr17dueSC8zApSjCNb+7WPNLT07jsovORJIlVq9fSq0d3ZElGkiQkYPuOnSiywvYd+axas476hgY2b9mCqmlYrVZSU5KbLQL7v2MbNm7io5mzUVWVgQP6cepJU9qxGEJwVA8t9eZMsXsFJDXExElpTqp9OrN2NFDYqGJgtFnNA/v1JTk5kUuvvJb7Hvo36zduIjoqmhWrVvPNdwsAWPDjInI251JQVMS70z/kvLPPYMzIESBJzTmfJbp360rHzAzmfPMtb0//gPPOPp1JE8bx9PMvsaeyipwtuXz2xdcMHTyQuro6rr/1Trp360rP7tk89uQzVFdXtznSaWm2SE5KpENKMlu35vHDwkW8PX1G8HeeeeFlioqLeem1N7FYzFxxyYXERkejqxr/feIZtm/P55wzp9K5UxYer4fNW7byzAuvkJgQT9/evVi/YSPLV67GMAy++HoOi5csZ8qkiTgdDh7+7/9wOhxERkQQER5Ovz696denF5tytrB0+c+43W7uvv+fRISHcc5ZU8nbtp3/Pf0cqqqyYOFPfL9gIRPHj8PucPDEMy8QCATEG/U7cTS2Z7/fT/7OXQwZPKjNMu8uLMLv83PumadTV1fHK2+8haZpfPn13Fbt8JHHn8TvD7B5Sy5dOmdxxtSTmTn7C35esQqr1UpBURE2m41TTzmRb+cv4JNPP0fXdb78eh51dfVIzTZwwzBYvGQZ2/PzSUpMwGq10DEzgz69e9GlUyc+mvkptXV1fPf9D/u9Y/k7d/Hkcy+SkZ7GBeeeTVhoKIdghRQicjTOOkyyRIxdwaY0NZAkp4kzMkNIdCp8kd/AzoamDutA44SwsFCe/d9/+cdtN9PQ2MgNt97Jtu3bOfuMqXw1Zx4+v5+5337HSSdMJiE+Hk1T+ea7BcTFxdK1cyd6ZHcjrDnrYLeuXfhp8VIsFjNr129ga952fH4/+fk7mzIlDhrAqBHDmTThOJIS4znphMmcc+ZUJEmifE8l7XWoqrrOT4uXYm3xO16fj527CoiJimLDxk1syc1j7OiR1Dc0sHrtOm6cdjV9evVk6iknkpGWhj8QYPSI4Vx28QV069oFWVEwmUwYhoHT6eScs05n8MD+XH7JhRQUFiErCl07Z5EQH8/I4UMZOXwomelpmM1mcjbnYgBXX34JfXv34rqrLmflqjVUVddgs9o47ZQTGT50MOeddTpl5eW43R7xRv1OHNXt+QD+th7Z3bjq8kuIiAgnMz2N0tIyvF4fLlfrdlhYVMyeykpOP+1kJowbS3hYOFGRkWzP34lhGHTMzOC8c85k2OBBHD9pAqvXrCMQULFarfuZnUxmE7Is0ymrI3GxMfTq0Z0Rw4YwZtQIwkPD0HWdhYuWtHrHfH4/u3Y3vWNLf15BSVkZo0cOb+XIF/zVRMSAMIvMqelORiTYSQ8xc1q6k45hZmbvbGRTtS+4vPfXsFotjBsziicefZjsrl1ZsHARJxw/kbr6et557wNqqmsZO2okaakd+O+/H8Lr9XLTbf/gsy++RpakVjMGNaCRkZZG56wsunbtzL3/uJ3sbl1RA4Gg09pkMmG32VFVFb353205tCVJamUjLigqYndBAT2yu+Lz+fb7nV49u3PjtKs5+cQpzPr8C6694VYqKveAJLVK/btXgkNCXAdYtCAFV82YFAUJCVUNoKpaq3Lquo4sSXi8Xuw2G3LzOQ6HHU3XUdVA8PkAR2wljuCv1Z4tFgupqR1YsuznNsu7dv0Grr/ldj6a+SklZeUoioKBgSy3boey1GRCfWf6DO66/yF++GkRPp8vKBCKomDoTb9rNpmaZx5GuxYp7L3fQCCAgYFhGKiq2ure77nzNgb068s9d93O0MGDeP2td7nlzrtb5Y4X/NXMWRI0BHR21geYlOLgks4h9Im2MnNHPcvKvPj1gwvIV3Pn8c70GdTU1rJtRz4lJaVkZWbisNsZO3okTz7zAiNGDCEsLJSq6mrCw8K45x+3MbB/P9Zu2NDUyUsSZeUVNDQ20rNHNoXFxWRmpNOvdy80TcNkbnqp9r5YerMTcK8S6rq+X1M3DAOfz0d1dQ1V1TX8vHI1/3fvQ/Tonk3/vn3o1qVz69/RNSQkiopLOO3kE3ng7n+Qv2sXsiyTEBfHZ19+jdvjYUvuVoqKi5EkqZWpzDAM9GZHoT8QIG/bNtxuN1/OmUdUVCQR4eGYTCbq6uuoqqpuetkMg4Cq0rlTR0pKS1m2fAVut5vPv5xLcmIiERERqNovwrOveU5w5Dla2/M5Z05l5ao1PPfiKxSXlFJZWcX7H37CzE8/Z8ZHM8lIT+fWG6fRpVMWgUCgqR361VbtMCYmGpNi4u33PuC6Ky/nkgvPw+l0oOs6kiRRUlJKUXER1dXV/PjTYrK7dcVstgTL1rL96breol1CxZ491NfXo+tNx5hMJnr17L7fO6bpGuXlFVx8/jncduM0NuduxevziYbHX9SxLgNezWBZmRebIjG5g5M5BW6Wlnnxaka7XF3xcXHMmv0ln3z6GQBjRo1g3JiRAIwaPpRZs79g0vhxABSXlPLM8y9jtVrxej3ccuM0zGYzo0cO5z+PP8nE48Zx+SUXsrugkGk334bZZCYpMYG7MtNxOhzIctOoymw2B2cBkiQRFhaKaZ9RekhICNt35HPRFdcAEpER4QwZNJCLzj8HSZI45aQTyN+1O/g7yUmJ3Hz9tXz59Tw25mxG0zROPmEKmenp3DjtGh5/8hmW/bwSk6Jwyw3X4nK5kKRfxgZOhwOv14vRPKL74qu5fDX3G3xeH7fdNA1FURgyeABfzpnHDbfeyf1330loaAhms5nYmBiuv/YqXnj5NUwmE2azmVtvmobNasXh+CWFq6IohIeHixUtvyNHa3vu2T2bRx9+kFffeJs5387HYm5qs9dccSlWm5V33/+Qex78F4qsEBUVhYSELO/bDq8nPi6WgQP68tRzLxIfF4vFbMHhsGM2m4kID+eJZ16grKyc1A4pnH7KSWiaRnh4GLIsY7VacLmcSJKEy+XE0rzCccyoEbzx9nQ2btrMDddd3ezn0DnlxCls257/yzuWnMh1V13Bex98RFl5OV6fjwvPPYsQl0s0vPaM+adNm2Y88sgj+23OORCqqrJx81a6d+10xDc7basNcNq8YrbW+DHJEgZgVySibArVPh23uv9oV9UNOoVbmDUxkY5h5v3KWlVVjdnS1BD38srrb5O/ayf/fvC+YMfX2NhIdU0tkZEROJpNRE0bqKpxOV3Y7TYA9lRWoWkq0VHRKIqM1+sDDGw2G6qq4vP7cTocGIZBo9uN3W5vtTTW7w/g8XqapucS2G02rG1sftr3d3RdZ0+zPTo2NiZ4nNfrax55huJwOJpGT0ZTeQB8Pj+G0bTp7aLLr+H2m28gIz0Nl9MZvCeA+vp6/IEAEeER+P2+4Cqyvc+mobGRiIiI4Avqdnswm5uERdd13B4PTodDCEkLSsvKmf3VPE47cXK7NxuWV+xh1hdzOGXKROLjYo/69tyybNU1tSiyHOzcoWkmoGk6cbEx+Hw+VE3j4iuubbMdqqpKaVk5oaEhOB0ONE1DlpvafiAQoLHRTUxMNFKzaa7R7cZht6NpGqqqYrfb8Xg8KIoJi8WMYRjsqazCYbfhcDiaym+zB5cP/3LvUSiKgqpqVOzZg8ViJioy8phqq7+lXz+qZiKKBCFmGcOAgN4046jXDWr9OpK0v+3NaP5PiFlCaaPvMplMrTrcpk7VR/7OXZxx2smtOjyn04nT2TqvtaIoxES3fvmjo1o3rpa7zU0mU7ACJEnC5dw/T7bFYsZiOXh+9H1/R5bl/e5l7+8nJsT/8u99BMlqbZoteLxeMtLTCAsNJSZ6/93rISEhLa5pa/VdW8/G4bC3Kltb93rM24plGVmWqdhT2cpMdLCwJ3vP+yu055bHttWuWv6ezWbD+yvt0GQykZyU2Kq8Lf0vLe+nZXlkWQ7ur2rpI5QkqdVv7Fv+fe/dZFJIiI8TDfevbM4Kt8qcmu7CgEMKwHhquovwdsbNslgs3H/3nb9rqJGjEbvNxr/uv/uoCpXxd8fhcNAhOYnFy1eitzMAoywrdEhOxNHOuFl/tfZsE+1QiMjvSZhF4fKuoUzNdB1aKHiLQqhFbvdS2mNNQFp2OII/UETsdkYMGUij293uhQeyLON0ONpYdff3ac+iHQoR+V3jZoVblXbPKgQCjmpzloTT6cDpFNF4BWKJr0AgEAgEQkQEAoFAIEREIBAIBEJEBAKBQCBERCAQCARCRAQCgUAgECIiEAgEAo6ZfSIG4NcMvJqBYdDOTVZNcbXMiiRyjwkEAsGxLCLVXo1nN9bwfl499e0MdxJqVjg3K4Tru4cTYRMTKoFAIDhmRaTWr/P1Ljc765uSHbUn23qVV2NeQSMXdAoRIiIQCATHsoh4VNhd0zQDUaRflw9dk1EMCVXSqQ/oaIaoRIFAIOBYdqwbBqgHyVZoAA6TREenDUt9CIYmtzJ7+Xx+CkvKqK1v2O9cTdMpLiunqqb2mKvg8j1VFJdVHDAAoN8f4Kef17BtZ8F+323els+SVet+yW4nEAgER+vqLOkgImOSYEicjbM6hmKzgrHPCXm7Crjnfy/y3xffwu3xtvru20XLufXhp5j+2Zy/VeVpms68hUvZXVza5vd7qmp48OlXuOu/z7Fu89Y2j2lwu3lp+ics/Hn1ft/N/WExr7w/E6/INS0QCP6qS3z3Wquywi1MSnExe7OPKqURWWk9st6b/Sw3f3erDrGuoZE5PyzC6/URCKjBz1VNw9eic9RbJA3y+QP7JRAKqCo+f2C/8jVlDjTaHOG3HP3vHc1rmobW/Lmm6/gD+1/THwi0Gv23/Lu/RRnK9uzh7U++YGv+rjZnGj+v20jZnkoa3W4Wr1y3f9n9/mD2uJYJjVRVwx8IIMtSMNXu3jLouo6qqq2use/9+wOBVsfsLbeY0QgECJ/IH4FuNC3hlZpVJC3ExAkpThZs19jU2IBiU9F0o81cDIoiM/eHxQzt14tQl5PvF/9MUWkFZrMJWZbxBwJ8s3AZi1eupcHtYVCf7pxz4kSWrdnIwp9XExMZzobcbXRIjOeC06YQ4nTw+bc/snLDZtSAypihAzhp/CjK9lTx4Rfz2L6rkMT4GMJDQujeOZPsTpl88vV35OTtIDw0hNMmjaVLZhrPvDUDp91OQXEpoSFOhvbrzXeLl1NX38CYoQM4cdxIGt0eZn+zgDWbcrFbrUwZN4JBvbvz5sefoWk6NXUNlFbsYcTAvgwf0JtXPvgUwzD4bN6PFJaUc8FpU4KpS1VVY9GKtaQlJ5IQG82qDTlUVFYTExWBx+vlkznzWbk+h1CXE1XVgiKydPUGPv/uB9SAhtfnw2I24fP5efm9mcTHRrFjdxGZqSmMHtyPmV9/x7bdhSTERHPmCRNIS07gy/kL+WnFWiRg1OB+jBnSn9nf/MCqDZuxmM1MGjWUkYP6ijdPIBAi0j7q6huoq6tHM3QwQJFlEhPi2kz/aQBmWSLUIlPj0/HrBikuE2d2DGF3ucJXu+qQ7Wrbpq+mlOUM7JXN2k1b+WHZKsYM7sfcH5fQo0tHyvdUYugGXq+PDbnb6JKZRm19A7PnLaBTeiq1dfUsXbWOAb2607NLFl8vWERsVAQTRw5ly/Zd9OvRlfyCYj74fC6d0lNZtHItK9Zt4rxTJ7NgyUrWbMqlf8+uvPnR56zZtIWpx49jY+52Xnj3Y+6edhm523cSUDVGDe7HkpXrWJuzlRED++IPBJjx+Tx6d+vMgiUr+GrBIk4//jhKyip4efpMYiLC2VVYytadu5k4cgiNHg8fffUtqYnxxEVHsmVbPukdEslK69BqZdvW/F1s21XAeaccT2aHJJav2cjP6zYyZewI5i1cxqfzFjB++GAsZjO523ehKDIl5Xt48b2PSYiJYkjfHny3+GeQJHRdZ2v+Lpav20hWWgfCXE5eePdj9lRVc8K4ESxeuY6X35/J2SdO5P3P5tInuzNdMtMwKSZWrM9h5pz5jB06gLjoKHRj/xmTrusUl5Sh6U1pkAUCwZGz5CiSTGhoCKEhrr+WOcswDHYVFLFzdwGqprZrQ6ABhFpkTk13MiLBTnqImTMznZhVE7N2NIDN/6udjKpp9M7uzIBe3Zj34xKmfzaHhkYPp0wYhcVsRtM1QkNcXH/RWfTv2Y246ChAorRiD7IiY7NZOWPKcVx65slEhodRXLaH2OhIbrjkHLplZRAdGYaqaRSWlmG1mLBaLYS6XMiyTGaHJNKSE9mQm4fT6WBPVQ2qqlJVU8fu4lIURaFbVgYXTT2B7M6ZmE0mrjr3NEYP7o+qauwsKGb1pi04bDaqa2rx+vw0NLrZunM3JpNCh8Q4Lj3zZCaPHoamafgCAQb2ysYwDIb07cmw/r1amaSWrGoyXzkdNiRJwmm3s3T1erw+P+s2byUmIpzLzzqFs04Yj9VqQZEUNuZuo9Hj4eQJozlt8jg6Z6Siqb+YoDqld+D+m66kc8c0duwqxGG3UVFZjWEYFJWWUVtfj9lkpqhsD7KsMLhvD+xWKxISu4uaZmADemaLN1sg4I/zNauays7dBewqKGrT9H7UzkRKyytoaHTTJasjFou53Tdc5dXZWh3g5HQnblXHZJh4fGU9HrMPk3zwVV4mReHkCaO557HnmbdwKccNG0TXjhmoqoaiKBSVlfPc2x/i8/mJi45qsvvvnclIEoZhoGoaiiyjmBS2bMvnxekzsVnNuByOoP9gcN+efPvTcmZ8Po+khFjOPnEiZpMZVdOJCwkhITaa5PhYhg/oQ0pCXNAPAmA2mZp+SzdQJAlZbvpdQzcIcTpIio+lQ1ICfbI70ykjlcUr1wUFQpEVZElG1w0CzR38vg2jpq6B1Ru3YDaZ+Pir7wDQdI1dRSXk7tiJrutYzGZMZhNeny/48P2BJrG3t5Fu1TAMwkNDMJtMYICBQURYGHExUSTERmOxmBnYqzshTidzfljEu7O+YuX6HO6+/jJuvPRcvlm4hJenz2JzXj7TLjqr1UxUlmWSkxLEGy8Q/E74/QHyduyktLyChLjYo38mous6lZXVpCQltFtA9oqIjsFPJV7mFbgJMSu8ut5NacCLSTEOKiB7nb6pSQkMH9CH2KhITjxuJLIko+kGiiyzesMWtmzbyXHDB9OjS0cCARXDaOokWzqndd1AliR+XreJotIyTh4/mswOyQQCKrIskV9QjNfnIz42mrioSHYWFGMyKXRMTaGiqgqH3YareUZis1rQNS3Y2eu6jq7rTfteDANV03HYbXTvnMme6hoURSEyPJQ91TXYrNam44PnNpXTMAzMioKmG6zZtIXc7TuDZV+xfiPF5RVMGTuc+264gvtuuILLzz4Vr8/PinU5pCTEUbaniq/m/8Rn3/5Io9uDbuikJscjSRLfL1nB/MU/k5OXj9S8jnrv7wIkxsUQFx1FRVV1k7CYzdTWNVBVU0tldQ2nHz+eThkdKKusZPuuAnx+P+ecNJn4mEjK9lQG70UgEPAH5bU3k5KUQGVl9QGX+x9VMxFd11E1DYfd1m67ndFSSCSD+YUeVpb72ePRMJuNAwpH8EbMCqEuJyal6ZYuPuNEzjpxAuGhIfh8flxOOxazme6dM0lPSeLTed+TkhBHWnIiZrMJi9lMiMsZdEy7nHZsVgs9u2SxbO1G3pn5JanJCSTFxyJJElU1tcRERWK3Wdm8LZ/Pv1vINeefzmVnn8KrH8zizY8+R1ZkenbJQjfA5XQER/g2q5UQp7Opcs1mQpwOLBYzUyePo7q2ng8+n9tsIktm1KB+OB12zAGleRYjB8vZMT2VzhkdWLp6A4YBWRmpGIbB+s3bSIqLZezQgcTHRAEQFx3F/CU/k7tjJxefcRLbdxXy0Vff0DE1hbSURGRJomvHDMYPH8SilesoKi2nQ2IclTW1SJKEy2kPlt9us3Lluafx5sef8fL0mciyzPABvamoquaL+Qvx+f2YTWbOP+V46hvcfPTVt03nWa2cNmkcJkURb7VA8AfjsNtQNQ1d19v0SR+2yWzatGnGI488gsvVPqeLqqps3LyV7l07YTKZDvuYluRWBxg9s4RKzYdJodlcAjotdrC3UBnDAE2H/rFWpo9LID3UjKbreL0+rBbzfr9pAB6PF1mWsVktuD1eGt0ewsNCMHSjyVQkNU35bDYriizjbnF8Q6Mbr89HRFgYAVVFVVX+8eizhIe6OHXiGLbvLuSTr77j6vPPYOzQAWiaRm19A7IsEx4aAtDqej6/H1XTcNrtBFQVvz+A1WrBpCgYhkFNfT2GDuGhTf4Wj9cX7LxVTcPn82O1WDCZFHw+Pw0eDy6HA6vFjGEYwd/a1yzlDwTw+wO4nA58/gANjW7CQ11omo6BgdViwTAMqmvrsVkt2KwWvD4/dpsVj9cXLP9eAgGVuoZGTCaFsGanncfno76hEZfDjsNuB6DR46HR7SWkhZAKBII/ll/rlw+1zz7qlvjGOWTOynTx4XZQDaO1E95ow+8hQ0qExKnpIURYlWZfgYzTYT+gmazlrMhht7U5SzK3eHgtv3c5HbicjqbfUSxgtXDeKZP47NsfeXXGbFx2G+ecNIkRA/o0H6MQGR623yhgL1aLBWuL32z5u5IkEREa2urclh2vSVEwtbhPq9WCtUXHLknSAZ+DxWzGYjY3l8GM1RIWLG/L8yPDQ/crd5vPy2wiKqL1fdqtVuzW1kLhtNtx2u3iLRYIEEt8fxdCLQoPDA3jmt4hqHr7wsDbTBBpVQi1/Dn7JYf07UX/ntn4/AHMJgWrxSJak0AgECLyZyBLEG5VCLf+tWzl+84iBAKBABH2RCAQCAQCISICgUAgECIiEAgEAiEiAoFAIBAiIhAIBAKBEBGBQCAQCBERCAQCAcfOPhHdMCgtLW/KfCdyRwgEAgFHMoGIyWQiPj62VX6hv9VMRNc0ikvLWoVGFwgEAsFvR9N1ikvL0P/AVNR/ynZrk8lEakrSEY0kKRAIBMc6uq5TW1d/bIQ9OdLhiA/2Wx6Plwa3GzWgomqaSMMqOGYwDPB6Pa1SJxzrNh+TyYTNZiM0xIXT4WgVhPSvLiLHZOys362p6Able/ZQWVUNgM1mxWQyCVeMQMCxnTRWVTWqq2soKCxCNwxSEhNJSoz/24jJMSsihmFQWVVNQVExlZVV+AMBLGYzUVGRpCQlEhUZ0SqP+K/h8XjZsWs3iiyTmBBPaIhLmM8EAkErNE2jqqaGXbsKKSgspGePbELamVtJcJSJiKqq5G3PJ3fbdnw+H1azBSQJj8dLTV0tuwsK6dQxk6zM9IMmTfF4vGzP30VkZDiJ8XGilgUCQZsoikJMVBQxUVHs2Lmb9Zs20zO7qxCSv5qIBAIB8rbns3XbDlwuJ726dyMpMQGL2YzX66W8Yg95O/LJzdsOhkHHzHTM5rZzt3u8PvJ27CQ+LobY6ChRwwKBoF1kpHXAbDaxbkMO/fv0wiaycPKX2WxYXFrOxpwtJCbEMWxQf9JTOwQz8NlsNjqkJDN04AASE+JZn5NLaVkFxgG8hMXFpYSGuISACAR/ITweDx6Pp83v9lRWUlNT+4eUIyUpkaiIcLZu235I523NzWXdunV4vd5D/s2teXmsX78Bn8/3q8f5fD7Wr9/A1rw8ISK0MmNpbN22DbvdRqfMDOwHSKNqt9vomJGGxWJiW/7OYN7xljQ2umn0uElKFCYsgeCvQs7mLZx1waW8/+EntOUnffjR//H8y68BsG7DRjZsyvldy5OZkUZdfT119Q3tF0Gvl1UrV7J61aqDisG+eL1eVq1Zw+o1a/D5/AcQED+r16xh1Zo1hyVU/J3NWYFAgN0FRQzs35eQkF+3Q4aGuEhLTSFnSy4ej3u/vN+V1TWEhYZiNpnFmykQ/AX44adFPPnsi9TU1OL3+9tIhS1x8QXnYrM2vevfzl9AdHQ0PbK7cahbBtq7rcBisRAdFUVpWRmhIe3zjXTp0oXGxgY2bdwEEvTr1x+rtX3msM6dOtHY0EhOzmYA+vbpi9Vq2UdAVrMpZzPZXbvSuVMnISK02mGpUVffQHh46EGX15lMJmIiI2lsdBNQ1f1GLF6vl9iYaPFmCgR/Eaqqarhp2jX88ONP+73Te8nfuYvwsDAa3Y0sWrKcyMhw/D4fl1x4Hps2b+HTz77E6/MxsH8/pp5yIjmbc1m8bDler5eiomJOO+Uk1m/YyLr1G+nXtzfnn3sWpoP0NVGREewqKEQ3jHaFD7FarfTr1x+gSUhov5BYrVb69u0LEvsJSSsB6dZ1P4FBmLNartyW2r9zqs1RhkFAVYUzTCD4C3HayScwZuRwNE2DA2yGXLFyNWvXbyAmOgqn006H5GR69shm567d3P/PRxgyeCCXXHgeX82Zy+Kly6iqqea9Dz6iQ0oyGelp3HLn3Xg8Hk6cMpl33/+QVWvWHrRcTqcDvz9wSJv3rFYr/fsPoHv3bHI25bBq1cp2m7asVgt9+/SlW7eu5ORsZs2aNdTV1bF6zZqjWkCOipmIIiuEuFzsqawiPjbmV5fvappGdW0dLqcT8z7HGYaOqqoHHWEIBIK/FiaTCVmWSUlOJikxkc6dshg8cAAzPpmF2+2mqKiY8ooKdN1g/cYcevXIJqtjBiefcDw1tbV88unnnHTC8aR2SOHzr+ewM38Xg/r3O+hvqqraJCKH0KdYLBb6DRgIkkROs++m/TOSJiGRJImczVvYvCUXA4Ps7G707d3nqBSQo0JEzBYzHVKSyN+1mw7JSURGhB/w2Pr6BnbuLiApIR673bGP7VRGURRUTTvoPhKBQHB0IUlSuzYS67oeXJnp9/tJTEygR/duaJpOdtcupHZIYcPGnOCgU5YkTCYleG2rxXLAlZ3ss2/NbDa38qFs3ryZtWvXEggEft1uIkn4vB425eSwJTcXm83eZK5q54ykW7dubN6Sy/ff/8DYsaPJ7tbtqBUQOArMWSZFoXNWR/z+ANt35B9wmZ/H42Hr9h00NLrJSEvFvo/ZSpYlzCYTXq9PvJECAX+dHeMejwe/34/P58fj9e7XyeuG0eqzij17qKuvp0d2N6qqqgkJCaF/vz447A4M3WgVQ8owjFbCo2lau0SksdGNxWJG+Y1RLg41xJLP52dTTg6GYTB2zGgMw2BTTs4BV22JmUgzifGx9OjWha3bdlBb30CnzHRioqOx26z4AgGKSkrZkb+L4pJSABSTab9RiyRJOBx26urqCQ8LFW+nQPAXYP2GTbz0+psUF5diMm2nqKSYB++5i9DQkOAxToc9aA4aO2oEz7/8Gjvyd/LwA/dw/jln8sC/HsFmt2M1W7j95uuxWq24mnecS5JEaGhocEbhcrmwtsNvuqeyCqfT0aqf6dq1K127dj3ouX5/gFWrViDJMt26dSU7O7vdAvKLE70b2c3+kU2bcsAwhE/k1zCbzWR1zAAktuXns2rdBmRZxqSYMDDwen1YzGY6dcyksqqaDTlbMJtMxERHttL6qIgItuXvIkENiGW+AsFfgOzsrjzy0H0osoJB04zD5XK2OuamadcEO/PjJ01g8KCBmBQFl8vFWaefxuSJ42loaCQyMgKb1UpaWiq9e3ZHURRCQkJ446XncDia9p/dfcctKAcxd/v9fiqrqvZbRtwe/H4/q1atYNOmnCZfRt/2+UP2X4XV5APp06cPBsYBl/8KEWkpJCYTXTt3JDYmioKiYvZUVhNQA1hMFpLi40lJTiQyIpzKqmpWrdvAqnUb6NerBzEtdqY7HHacDjtFxWWkdUgWb6hAcJRjMZuJjIj41WNsttb7wfb1m4aGhBAaEtKqL9m78EaSpFaidKDNzC3ZtmMnIS4XYS1mQ+2bSfhYtWolmzZtIjs7+xAExMfq1WvYtHn/VVh7ne3QvPzXgL59+7R7D8oxF8VXkiSioyKJjoo84DEx0ZH069WD1es2sHrdRvr0yiY2OrpV2ILcvO2U76kUoU8EAsEhUVBUTFV1NX169vhNAnIomw1zt24ld+vWAy7jbSkkublbcbqc9OzRA+FY/w2uqpjoSPr26oFhGKxYtZZAQG2xxM5Mx4w0ysv3UFxaJt4KgUDQLnbs3MXuwiJ69cjG6XQc0rlbtmxhy5YthywgAHabjb59+gRNWBxw+W/TMfvOzMRM5DCFJDo6kgF9e7GroJB9dynZ7TYy01PZtmMn9fUNxMfGECLyiQgEAtrIJ1Jdw67dhaiaSs/sboTs45NprxD069efLl06H7KpKSsri/ZuZuzZswfCsX4Ed7hHRUYQFRlxwICN2V07sWdPFQVFxUiSjN1uw2RSmjRHpDcUINLjHsv4AwHcbjcSEgnxcSQnJRz2QLNT586IfCJ/Q2RZJjY2mujoSDxeH263G7/fj6rpQkMEgmM8x7rDYSc1JZkQl1NYKf6KIvJHVposyzibV24JBALB33ng/PcXEUlC13V2Fxb/5t2gB9sqqsgKmn7gwG4C/mybpKgjUUeCI1hHmqY37dZvRwiZv/ZMxDDweDy/n2pKTQ6zgsISUpITmkLMixfgqGv4oo5EHQmObB3JksQf7fwy/RkCIskSsTGRKIrpd9tv4vX52JK7jajmXayG8CoedQH3RB2JOhIcuTqKiYxAMSnsKij+Q4XkT/OJ6LqBJOltWbsOyeltGPsPjiRJwjCM4P9bBmATHD2NX9SRqCPBkasj3TCQdEOszvJrBgFNRz/IKlyDpp2SVpOMIom1VgKBQMCxvMRXksCr6jz5czFbqxrx68ZBRcQiSwxMDOGsrjFE2S3oYpQkEAgEHJNhT2QkvKrO53l7qPfrOM0yNtOB/zjNCnV+jbfWl5Ff40MRkxGBQCA4ts1ZugE+zeDsbjEMSQohoB14ZmFWZJYV1fHAot14VB1h0RIIBAKxYx1ZgkSXlY4Rdvy/IiIWRWJ3rQ/5MMRDURTMJhM+vz/oKLSYzRhAIBBokWdZwWw24/f50fRfFgFYLU1B0nx+/35B0gyjKaeAJElYrdZW4ub3B9A0TbS6dtWRjNlswefzYRgGFosZjKZQFUDz87Xg9wcwDOOXZ90ipI3fH0DX9QPWg8ViQVFkMEDTddRAIGgStVqtyLLUfD2JQCCAqqrBUOOm5vaj6/p+ublNJgWQ0DQNVVWby//LbyFJqKraqq39HerIbDY3paY2DHRDJxBQ93s+e+vOZDI1PQ9AVZue0953JhD45T3Zm6LW5/O1fsaKEtxzFggEgu+xyaRgMpnx+bzBBUrHUp0IEWlGMwxUvenPr4mNdhg+EEVR2LlrN6vXrOP4SeODwdIWLFyEJEmMGDYYTdMxmRS2bN3GkqXLmTh+LIkJCcHUmp9/PReTojB+3JjgSyJJEl9+PQ+ACceNxePx8MFHM2lsbAyuahk9cjjdunZGVYWQHKyOdu3azaIly5gyeQLh4eHMX7AQi8XCsCGD0DQNr8/HJ7M+Y8TwIZjNFmZ//iWapmOxmAmoKrqmMXb0KDqkJLVRDyPo2jmLr+d9y86du5Fkicy0NAYPGoDDYcfv9/P5V3OoqKhE13U0TWXggH4M7N8PgFVr17Fu/UZOOfF4wsLCgm3AZDKRuzWPpctX4PF66dWjO31798SkKHw971t27dqNbhhoqkp2t66MGjEMw9D/kjGt2qqjH39aTM6WXCQgMSGeIYMHEhUZ2WrgJMsyuq6zdPkK1q3fgMViYdCA/nTOysTt9vD+h58weGB/OmZmIEkSy35eQXFxKcdPGt8sPAp527azfMUqampq6dIpi2FDBzUPFCQ25WxpqpuTTsBqtaAoyjFTJyIU/B84etq9u4DHn3qO6TM+xqQoKIrCgh8W8sPCRciy3LxsDj6eOZvHn3qOud/MR1GUpmV0us5Xc+bxyGNPsm37DkzNCXDytm3nP48/xZx53wHg9nh4853prFi1mj2VVZSWldPQ6EaSRIye9tTRzl0FvPnOdGpq61AUmQULF3H/Px9hU85mrFYrXq+Xt9/7gKLiEnRNo7ikhM25W3nj7fdYuWo1hcUluN2NeDze/eqh0e3GAD7/4mu++34BhYVFPPX8Szz6xNPouo6qarz3/of8sPAn9lRWUlJaRl1dPYos4/f7eeud93nq2Rf5afFSzGZT84jZxJx533LzHf/HsuUryM/fyRNPP8eadetRFIXPv/iaud/Mp6JiD6Vl5dTU1v7t6ui773/k8y/mULGnkhkff8o/7nmQPZWVwU3Fe9+fl159k/se+jdb87axeu06/vPYk+yprMLna6qr3K15TTMKRWHZ8pXM+HgWmqZhNpuZ9+333HzH/7Fw0RJ2FRTw5HMv8NAjj+F2u7FaLWzYlMOrb76Dz+/DYrEcU3UiZiJ/8CjKZrPy3gcfkZGeyuQJ45umzYrS9L0sU1BUzPqNm5g0YRw/LlrMGaedQkiIKxj22e12M+PjWdz3f3egGwYzPp6Fx+MJxvqXaJqan3Pm6Zxy4hQ8Xg8+n19Ml9s7ulFkbDZbMC2qzWqlrr6ex558licefRizyYy1efNbfHwcD9xzF7t3F3D19bdwwTlnM3bMCFRVpbx8z3714PcHCAQCSLLEsKGDuf//7uSVN97m1Tfepra2DrvdBpLExPHjuOHaq/D5fHi8XnRdJ3drHgVFRYwZNZz5CxYyecJxmMxmyiv28MrrbzNm1AhumnYNsixTWlZGeHg4AVVFkiVGDh/KPXfdRsAfwOvztWnq+SvXkSxL9OyRzUP33cWmnFyuveEWNuVsZuyokfh1HZPJxPIVK5n12RfccsO1TJk8Eb/fT3lFBVFRkVRVVWOz2YJ/JCTsdltwRlFRsYeXXnuDkcOHcdO0q7FYLKxcs5Y77rqPr+Z+yyUXntv0blutKLJMRUXFMVcnYibCH+XA14mPi2Xi+LE8/dzL5OblNdnc94qMycSPPy3C5XRy43VXU1/XwKo1a4MpNzVd57ixo9mwcRMbNm5i/cZNbMrZwtjRI3+ZuktNI68vvp7Lg/9+lI9nzg5uChIcOoFAgOPGjAIJnnj2eQJqkwgQ3HTawv5gNOXqNgzjV+uhqVMp54eFi1ixajXdunbG5XIF7ftr163n1Tfe5t0PPsTtdiMrMt98t4CM9DSuuvxSduzcRW7eNqxWC/k7d+H2eDh+4i8m0sSEBOw2W9P1TCZWrVnLv/7zOE89/yIej+dv2BYkfD4fxSWlrFu/AQMIDwsP+pkUWWb9hk2EhYYwZtSIoAkwOSmpyTfRXFdz5n3HY088w3+feJqfV6zCbDajKArb8/Nxuz2cMHkCNpsNXdfp27MHPbtns37DRgIBFanZIaYoCjtEnQgR4XeLvNLUiVxx6YVkpKfy8KNPULGnadotIdPY2Mj3CxYSGx1NTW0tERHhfPf9DwRUNeiA65HdjWFDB/PG29N5853pjBw+lG5duwSdr0FBkmUURQnOcgQcZvIgncT4eO667WZWrV7Hu9M/RJKkYKcRFI1m3/q+O6vbqgeTYiIvbxv/evRxtu/I546bb8Rms6IbRtNIdk8lGzblsCU3D03X2VNZzeKly4iKjMDj8WA2m5j/w8LgruEDhDZq5Q8wKQqK/PdsC2azibXrN3DN9bcy4+NZXHDuWWR369JqYNWyjvZ1tu/9UFGa6sqkmJBkuXUIj2ahablfTJLA1Gxu3vc9P9brRIjI7xp2Rcdhc3D7rTdS39DAjz8tblpdYlbYuGkzBUVFeLxepn/wcdOodP1GCgoLMTXbdw3gnDNPZ0tuHrlbt3H2GaftMxpuasRTJk/k3n/czumnnowsyyJsBL8tiVDvnj245opLmPXZF9TW1rWajRxoV+qB6sEf8DNsyGDu/cft+Lw+Vq9d1xRkkKaVd6NHDue/Dz/I3XfeSmREOEuXLaeuvoGKikpmfDyLkBAXS5f9THnFHjLS07BaLXw97zv8fj+KLFNUXEJNbS2SJBFQVfr27sn/3XErN1x3FQ6H42/XFlRVpXt2N57478O8/tIzXHje2a3avK7rZHfrSnVNLT/8+BOyJGHo+v+3d+bRVVX3Hv+cc88dMt2EDDfk3kyEDBDJREgC+BSqCGIRRVALFvsEtK2gxQIm1MckCIrSR59WX4X2VVAmLUiXjS04tA5YRJEQwiQqkARISIRAcsdzz31/5OZWSAhhKsTsz1p3ZSXnrHNPznef/dv7t3+/3+bgocM4na6AkRk25CamTZ3MtKlTKMjPw6OqeL1eUnokE2wKovSvmwPPeOeuCsor9pCd1QdF0eHzWyKv10tyUmKX14SuuiaikyQUWaK9MjCKLF10uZOW6B63x0NSfDzTHp3ML4ufwO12o3k1Nr5VSnJSIgvnz8ag19PQcIpJDz/KXze9y4MTfoLb7cbpdJKUEM/kn01CAhISbDidzkDYrw8fLpeLNev+xCdbt+HxeBgxfBgF/fqKdZGOauR0Bl7qlnUMt8fDyBG38c2hw6x9fQNer3bGyNPpdDaXLQ/YkNY63H7breTlZuNyuXF73PQv6sfIEcN58XfLyUhPJSkxAafLFYiikyQJu8PJxrfepqigH7N/9TiyLFFZVc1Dk6fy/t8/4J4xdzHh/vv47f8u55tvDhIdFcW+/V/y0KT/5KZBN6BpGh98/Akls+bidrnp2zeP228bdsYMqrNr5HK5UXQ64m3WwPEzXZIqBfl5/PDWofzPb3/HBx9twefzceRoDQufnEVISDBOpxOH04nD4URCwuFw4nK58Hq9WGJieGjiT3j+pWUc+OprwsPNVOzZS2G/vtw69GZUj4qqenE6XXg1je4WS5fT5Kr014WFhXOHDBmCwWDo8Ai+tq4eS0zUOUu5t3eOpmnUHq/DfNae57IkYVc1/lheS15sCCF6HXV2DyecapufBpfKnno7fz/cwIjUSJIjTLSklUhSczx4VfVREuKtzTHl391YV4KoyEh692re0tJms9IjOYnkpERiLTGcOHGSoTffRI/kRCRJIiQkmFiLhZCQYJISE9Dr9aSnphITE016WirpaamBDifeZm0OTwSCgoKIjo7CZDISHBRMz549sMTEiMW7DmgEzRpl9cn052zIpKQkY7PGAXBd715ER0WS2TuDsLDQwEsfEhJMdlYfws1m/9+k1jqkJGOxxKCTZTLSU4m3WclIT8cUZCI4OJh4mxWDXk9WViaxFguapuFwOrHb7fzw1lvo3t0CSISHm4mOisQcbibeZqVXRho52X2aZ7khwdw58ocMKCoI5CRER0VhMgVhCjI1t7mkxO+ZRhI9U5JJbuf/0ul0FPbrS3JyEk6XC2tcHPfdO4aUlGQ0n48gk4mcrD5ERjSvpUgSJCTE0yu9eR/y9LRU8vNy8fnAZDQwYvit/HjcPZhMJrxac9Kx1RpH1nW9kWWJjPR0cr9HmpxPI1mWOXW6kdiY6Lb73vb65fP06+e8hylTpvgWLVpEaGhoh6esu/bsp0/v9ObEogs8R1VVynfvJd7aPeA6aJl9fOtUGbqmnESzgcggfbu1sGQJvnV4Odro5oVhqRR0D8Xjn7pIkoTL7eaTrZ8zoCgfo8FwxsjiX8mGroC71eA/x+PxYDQaA0lMLbQYWbfbjdFgaE5OO2v9Q1EUdLKM6+xkQ38CnMftQRXJhh3XSK8/I9nQ5/tXMqgsSRj8yYbfzdU5O1mtPR2MRgOa1qx5y3mqqqKqKiaTMZAE993rqKrnjDyfs9uKXq8E9t1oaSOdNbHtYjQCCfdZSbhtXbcliRB850k2VJBlXdvJhoDmf2f/lWzoTwT139P3TZP2NBpYlI9Op6Oy+ihZmb3a7Hvb65fP169f8+4sHz6CFJkf94lhR00jTR7veQswhhpkRveKIiHMiNd3YdPws6fa3234322wbR4/x0uiqirqWa4VwcW7Sr6rkdvtOSvCztfsRz9rIfXsZ96eDi6X+5zndeTabbUVj0fF41HbbT9dRaP2Alvaeh5tPePmZ6m2fs9U9dzv4FnHupImXXpNRPM1lzJ5uK8Vl9qxUvASYNTJ/vUT4cMUCASCLr+wrkgSeoPuAmYwiBIFAoFAIIyIMAoCgUCAyBMRCAQCgTAiAoFAIBBwjbqzruS+Gs2x01rgZ0sJdwHXWHy70EhoJLicGnUNIyJJaF6NI0drz1+ygktbXLFZ46itrWs/zEvA1VwAExoJjQSXR6Oa2jp8+PBpPv6dW70qV6H6ITpFoVdaT/9uY1e+0KLg2i+GKRAaCS5dI1X1svfLr/6t0UnK1az4qbuClW01TaP66DFscd0vOI1fwL+tCKbQSGgkuDwaxVvjroqxl6+m5bzS1xc+3Gt/9CQ0EhoJLp9GV0Mm5drbMMqHx+vD16EtcMCgkxEzbYFAIEAkG3o0jb/sO843J+x4zlPp1kdzyZOs2DAGJHQjWC82lREIBAK6cp6I3aPx6s5q7KpKmEFHSDufMKOO0y6VV3ZUUdskCqkJBAKBmIl4NWobXdySkkJ6dEi7m1LJEuyta+SzDxpwqqK8ukAgEHT5mUjLfsndggxEmPREBp37E2HS0y3IgE6SuNC1pFOnTrH42Wf58sCBVscaGhpYsmRJm8egudT0U089RWlpqWg9Ai5X4q3dbu909/3pp59SMnMmTU1NF30Nl8vF8y+8wO7du0VDEEaEy7q4fjnPa8uIzJw5kyeeeKJV1MnLy5Yxffp09u/ff85wun379nHs2DHRegSXhQ8//JB58+Z1uvuur69n9+7d59zboyM8t2QJjz7yCBXCiCDcWZ2M2NhYPv74YzZv3szQoUMBqKys5OWXXyY2NjaQw3LkyBF27NhBbGws+fn5GAwGSkpKiI6Oxm63U1NTg95goKysjLTUVNLT00Wrugx8++23nG5sxOlwUFtby39cfz3fHDzI7j17yMvLw2a1tqkPwIEDB4iMjKS8vBxZp6N/URF6vR5N09hZXk5lZSV98/Kw2WwAnDhxgi1btmA2m8ns3RtFryc8PJz6+nq2bdtGt27dKCwsRJIkDnz1FeFmMxUVFaSkpGCz2fjHP/6ByWSiqKgo0G6qjxxhxxdfYLPZyM3NRdM09u/fj8ViYfsXX2AOC6OwsBCn08k/t25l77597N27l4SEBEJCQjqFRgMGDMBms2E2mzl06BBms5lvDh6kvq6O66+/Ho/Hw+HDh+nTpw+SJOHz+SgvLyc5ORmz2UxpaSlvvfUWtwwdKkp3CyNCp0vOiYqK4s477mDhokUMGjQIo9HIkiVL6Nu3Lw67HQnYuXMnUx97jLi4OD777DNmzJjBpIkTeXL+fG677TYKCwoYPWYMPXv2RFEUysrK+MMf/sCgG28ULesS+eSTTyguKaHPdddRWVWF1WrF6/XidDg4euwYb5eWcvToUaZNnx7Q5/EZM5g4cSIlJSUcq6khMTGR7du3M2rUKBY+9RT/vXQppaWlmMPCmHPoEBs2bCA4OJi777mHhPh4ao8fZ3dFBQsWLKBfv35MnjKFzN69qaqqIic3lzmzZ1NSXEx9fT1R0dFUVlaSkZ6Ow+mkrKyMCRMmUFJczLvvvcfsWbPIz89n95493DVqFBMnTmTChAmEhIYSFRnJp9u2MWPGDAbdeCPr1q3j5MmTPPPMMzz22GNkZ2d3Co22b98ecO0++9xz7Nixg9TUVA4cOECsxcKTTz7JvT/6EW+8/jqZmZmUlZXxwAMPsGnTJg4fPsx/zZrFs4sX86f168W20cKd1fnweDw8+OCDuFwu1q5bx959+yh9+21+NXMmOkXB4/GQlJTEa6++ymuvvspDDz3EG2+8gaqquN1uVFVF0zROnz7NooULeX3dOgoKCli/fr1oVZcBVVXRKwovvfQSL734Ips3b2bK5Mls2LABRVF45513SElJaaWPy+Xi1OnTDB8+nJUrVvD000+zfv16GhsbGTN6NKV/+Qvr1q0jPCKCd959l88//xyfz8fKlSv5zdKlhISGcucdd/DM4sVY4+KYM2cOs2fPZu3atXz55Zc02e3cPnIka1avJi0tjdrjx1mzejUlxcVs3LiRxsZGFi5cSP/+/Zk1axaPz5jB0t/8htqaGuwOB/ePH8+qVav4xS9+wZo1a8jMzGT06NEM6N+f5cuWkZWV1akGY07/9sANJ0/SKyOD5cuWsXbNGsp37eJ4XR398vNZvXo1AK++9hpFRUVEREQwdepUfnzffdx88814vV6MRqNo9GIm0vlmI5FRUZQUFzNn7lwsFgujRo0iJycHt9uNT5IICwtj45//THl5OTvLytD8maGyJAWm5+Hh4SQlJaHT6Ujp0YOa2lrRqrg8WbjRMTGEh4cDEBUVRWJiIkajkeTkZBpOnTqnPnq9nrTUVHQ6HWlpabjd7mbdZJklv/41tbW1VFVV0djYSF5eHqqqsmjRIg5XVnLDDTdgCgqisrISo8HAggULUFWVQYMGIcsyekUh3mZDURQSEhIIDg4OfI/P56OhoYHq6moiIyOZN28eXq+XHwwe3JzXZDCQmpqKLMtkZGSg+UffeqW5BJBOUTplFdmWnxkZGSiKgtVqpUePHhw5coQHHniAx4uLmTRpEu+99x6/X76cFStX8re//Y3emZk8OX8+27Zto6amhuioKG4Us3hhRDoTbpeL22+/neW//z07y8pY8corgYV2vaKwePFiPt6yhblz5tC7Vy/WrlvXaiG+peSAKFR3ZQx9y6fldwK11/Q899xzfPjRR23q06KJpmkoisLJkycZf//9jBw5kkcfeYTKykpUVSUoKAhFp8NutzNw4EDuuftujEYj3SIiKCwspKSkJHAdr9eLqqpn6N3yfS33ZjKZsMTEMGrUKMaNHRs41tTUhNd/jZa/tbQV7/fElePxL7A3NTVRXV1NdFQUN9xwAyEhIUybPh2bzUZeXh5As3H2evH59TEYDBgMBtHohRG5TD62DnbE8kV22D6fD7vdHhidvvD889TV1dG9e3c8Hg8upxNVVTl69Cg6nY6Dhw7x5saNNDU1IUkSTqcTj9+dZbfbAx2J2+3G5Z/eCy7dneVwOM7Qq6WjdjqdeNzuVvq0hMk6/fq1dNYOhwO3282xY8cwmUy8//77bPvsM64fOBC3x0NlVRX/3LqVr7/+mk+3bmXq1KlMmjSJX06bhubzIcsyhw4dYsH8+bj8rsyz9fZ6vdibmggLC2P8+PE88/TT1NTUcPLkSVxOJzNmzMDpcAQMhtfrxeFwoGkaaWlprFi5krnz5jFu7NhOE5zR8j8AKHo9a9euxRwWxsdbthATE8PAgQNRFIU777yTx6ZO5f/++EcA8vLyAsYEYFdFBSNGjKB///6i4XdCdIWFhXOHDBnS4VGApmnU1tVjiYk6Z1XP9s5p75jd42XVziPcmBxJqEGH3aPhUNv+uLwaVaecfHT4BEN6RhMdbGhlKE6dPk24OazV98iyTGhYGEX+qJ2IiAis/mgfAIPRSE5ODoMHD6a6qoq6+nrGjBlDTk4OmZmZGIxGsrOysFqtRPhHrIqioCgKaenpZGRkiJbVQWPenkZxcXHk5OQgyzLBwcEMGDCAoKAg9IpCdk4Ow4YNo6qyspU+JqOR3NxcLBYLsiTRLTKSm266iazsbLZ//jmRkZHce++9XJeZyaZNmwgKCuLXS5aQn5/PKytWUFNTw8M//zlZ2dlUVFTgdrkYfdddpKWlodfrA9fWKQrpaWlkZGQgyzIxFgu5ubkUFBSQmJhIeXk5eoOBu8eMISEhAZPJRL9+/QgPD0cny3Tv3p3s7Gx69uyJrNNhb2piwIABmM3mTqGRTqcjxmKhb14eG998k1iLhfDwcCwWCwsWLCAqMhKA5ORk4qxWxo0di8lkaj0Y1OnIyMjAYrGIl+KSNDLj83FRfW9H+vVzujSnTJniW7RoEaGhoR0eIe7as58+vdNRzuHDbe+c9o41OFXG/2kHhfHhRAbr2436k4F6h4eDJx3MGpxGUnhQq1FSZfUREmzWK1pyXnBpI9mrrdFvX3yRVatWMW7cOFSPhzc3bmTmzJkMveUWIdAFaPSjsWPJy82luLhYPLSrpFFivA1N87Frz74L7ns70q93CndWiEHm4aJE9h1v4rTLe96N1IL1CqMz41rNQgSCjvLzn/2MlB49+HTbNoKDg1m6dCk5nSTE9lripz/9KZHduokHgVgTubo3I8sMS7Xwg2Stw6Xg9TrpotdGBAJZlhk+fDjDhw8XD+MS+MHgweIhCCNybSABRkXsoCYQCAQi2VAgEAgEYibCFYoouJJbbrbkbFzp7xEIjYRGgmtBoy5lRHw+jVOnT1/xiJyw0BAaL6FMteDKIzQSGgkuHXNYqN+QaF3DiEiSjDks7IJDyQQCgUDQfgmaLuPOkvz1pwQCgUCAWFgXCAQCgTAiAoFAIBAIIyIQCAQCYUQEAoFAIIyIQCAQCIQREQgEAoFAGBGBQCAQCCMiEAgEAmFEBAKBQCCMiEAgEAi6GP8Pp9FeqUty2bsAAAAASUVORK5CYII=\">&nbsp;"}]}],"workarounds":[{"lang":"en","value":"Option 1:\nIf you are not using LLDP, you should disable it to mitigate this issue by performing the following steps in your web interface:\n\n 1. Select Network > LLDP.\n 2. Open LLDP General settings.\n    \n 3. Disable (uncheck) LLDP.\n    \n\n\nOption 2:\nYou can disable LLDP for your network interfaces by performing the following steps in your web interface:\n\n 1. Select Network > Interfaces and select the interface you wish to disable LLDP for.\n 2. Select Advanced > LLDP.\n 3. Disable (uncheck) LLDP. \n\n\n\nOption 3:\nIf you are using LLDP only to advertise information about your PAN-OS device to other neighboring devices, you should set the LLDP mode to transmit-only for the profile used on your network interfaces by performing the following steps in your web interface:\n\n 1. Select Network > Network Profiles > LLDP Profile\n 2. Select the profile used with the interface\n 3. Set the \"Mode\" to \"transmit-only\".\n\n \n\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<b>Option 1:</b><br>If you are not using LLDP, you should disable it to mitigate this issue by performing the following steps in your web interface:<br><ol><li>Select <b>Network</b> &gt; <b>LLDP</b>.</li><li>Open LLDP General settings.<br></li><li>Disable (uncheck) LLDP.<br></li></ol><img alt=\"\" src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAvgAAACwCAYAAAB6thrLAAABXmlDQ1BJQ0MgUHJvZmlsZQAAeJxtkM1LAlEUxc+UIdgsEqKVgatWFpNK1KKF2QeBC7Gkj934NDVmptdzItoF/QVFq6AW0aI/QCgionWrIAjatYr2gQRlr/u0Gq3ucLk/Dvc+zhygQzc5t3wAbMcVmZmJ8OLSctj/DA3dCJAcMVmFJ9LpFDG+Z3vV7mmb6m5QvTVafQrerO6Wzz6Mvekjy/93v60C+UKF0XynjjIuXEAziNObLle8TdwryBTxvuJik08V55p82diZzySJb4l7WMnMEz8q/7kWvdjCtrXBvjwo93rByc7R7KMOYRJTSNEXRhYxxDGMMSxQRv/fxBs3SayBYwsCZRRRgkvXCVI4LBSIZ+GAYQgR4igM6rjK+neGnmYdAyMqix1PYwfAeYh+1/a0AdKCVeBqnJvC/ElWq/kqK7Fok3UBdL1K+dIP+C+AupDy7VDK+gnQ+QBcr38CiuJihLFSZPYAAEJcSURBVHja7d15fBTl4cfxz8zsZDf3RUISznBDuG9RRIsHSlUUUZEK1koraEVF8USpWq0/xLPiQYtHFU9sBbFqi7VWbBFIgHBfEiBAQjiSkOxudnfm90fIFuQweJXj+3698koyO+czszPfefaZZ431XxW5iIiIiIjIcc3AwI6xMVUUIiIiIiInChePaZrgukQcB8uyVCYiIiIiIscp0zAx/H6/GwqHWbV6HZ07dsC2PSoZEREREZHjlMc0TUzDwHVdTNPENNVqR0RERETkuA34Xx8QDoepe+rW2Pf7ZHwK1/0xF2T8Lxb8P97uY2D7Tqbj2z2Jt/m434ijOD+4xmEO8qNcnvFNhWccYR2PY8YJ/p4wjnBOOBm2+2Tc5mPiQDP0/v2xj2/LsvYL+IZBxImwbMUqakIhLMvCcVxw3UNeUw477DAXJLe+0x/mguMeYrh7iE2sz3KO9Pqh18utvXLWY7uOatsA9xDldTTTH3Z5X5uv634P8/w26/UN6/Htt8s4eDn1Ke9vGuYChotbN3/325XDtz7u9isv9wgzOur9c4T30dG/Hw5/8q7P/q3XPv96ORz0vjO+07HrHuIkU6/zj/st3+f1nO93fU+633BD4H7TBXHfDYJh1O8CatT3Ymvs98v92v9HccE+1PoaRwgQxiHShfG9bpd7yO06qnkcbj8cZr713YYjzTe66sbRl4NxhA2qbzkcTdkc1f4xXIz9TxzG0e/fQ45vfO0CbXxP2/W196phfMf3w9Guw/7b8S3L60fdLuPgazX/3ePfb9kc4qpg1PN99K3fp/UotyNNb5omEcchxuOhW5eO/w34hgGhmhqSE+Px+WKpCYUJBIK4rvODVUwd7u7jRKZPQ76HmRnHfsGebMfyyfIePlnPW8daDVV9QtqJuN2qeT4GVuoHqJE+2Wuedd76fsTYNjExNuFwiFAo9N+A7zouZTt3EhcXRyBQQyAYxDAMDENt8vXmEBERkZOZKjOObaFIBEIGsT4vu/fsqQv4tc1zgsEghmFGw73ozSYiIiIixzYDCIVCmKaJE4kc+JBtOBxRuBcRERER+V8G9v2yuOu69Z4mFKrBNOyDe9FxHNULi4iIiIj8rwJ9MBiMDrdt+6gDv77VSkRERETkf6Qu0EciEWyPh/KKChYuyseOsTEN6NKlCwlx8YTCYSzLwuv1HrG1jauA/8PfidX3YxUREREROekSI4GAn9Vr1uD3VxMfl0BVdRXJyUk0atSIoqIivvpqI7bHw96qvfi8Ptq1a0d8fPwRM+ZRBfyYGC+OEyEcDh8w3DRNbNumpqbmoIV5PB48Hs8BdymRSIRIJHLAuLZtY1lWdBzHcYhEIjiOc9gAbVkeLOu/vfzUzjfMsZCpFexFRERE5BsSI5WVe9m+bRuZDTPxBwK4QKsWLUlPT8fr9bJ582ZC4TCxvlh27CijqqqauLi4I9wy1DPgG4ZBOBzmgw/eJzs7my5dukZDvmmalJRsZ/5//kP/0weQmpoaDeUej4fly5ezdOkSXMfBBZKTkmjarBmtW7chNjaWcDiMaZosWPAla9eswXEcYmJiaNS4MZ06dSYhIYFIJHLA+liWRSQSZumSxaxbt5adO3eSnJxMly5dadmqNf/r/mVMy+KD92dTU1PDRUMuVuAXERERkYMzo2kSE2NjmCYZGZmkp6XhuA4GBtXV1cTHxdG+XTtM02Tnzp1s274dj8eq7S3nMJXgR9FExyASCTPz7Tc5pd9pdO/eIxrwLcti86bNzHjtT3Ts1In09PQDAn7+ooW89eYb9O7TB4/lYe/evbzz9ls0atyY0b+8jua5ubiOw+f/+hf//mIe3Xv0IFQT4sO/fkBaejrjx99Gw6ysaMg3LYvdu3fxxz/8gUULF9CocWPSUtNYtqyQme+8zRXDr2TIxZdExz9UUxnDMHBd94jNaI403aH+3n9c0zBYt3Yte6uqogFfRERERGR/juNQU1ODYRo4kQgxMTGUle2kuLgYv78Kr9dH4yZNyMzIiGbXmpqaw4b7um/3PaomOrYdc0BzmwPvPg7f4D8npxHjb72N2Ng4QqEQxcXFPPXE4zzx+GM88MCDJCUnYxgGbdq2ZfytE7Asi40bNzLp3nv4618/4JpfXEskEqkN1Y7DKy+/TEF+PjffMp6u3brj8Xioqakhf9FCEhISowXg8XiiTyF7vV7C4TCu6+K6Lh6PTSQSJhQK4fV6o82C6qarKzyv1xttTuS6brQZUU1NDZZlYds2oVCIcDiMz+cjsq/ALcs6ZFmJiIiIiLiuy9atWynatAnTMEhOSaGqqorlK5aTkpxM06bN2LlzJytWrCC+Z0+Sk5OxbZsNX31FOBwmJyfnsNn7R0ygRjT4tmrVirHX38Adt9/GvHnzuPCiiw7YWIAWLVrQunUbtm3bSjgcxjAMTNNk/fp1/PuLeVx11ShO6386gUAgGuD7nz5gX9t9h1AoxKz3/sKyZctwXYeePXtzzrnnEgqFePONGTRp0ozCwqWUlpTQuk0bhl46LNoc6MO/fsDChQsIh8Pk5XXkpxdciMfjYeY7b5OZ2ZBVq1aybetWfn3jOJYWLmX+f/5NRUUFHfM6ccnQocQnJOioFREREZFDp+J9NfELFy0iLS2Nzh07kxAfz7Zt2/B4LHJzc0lLSyMhIYE95Xuo3FtJVlY2PXv0YN269eQXFJCRkRGtpN7vtgEXMH/Mu5S6n5qaGpo0bUrjRo356qsN0Y8Z6kK8YRhsWL+eNWtWk5PTCI/HE609LyoqwrIsuvXoTigUOqCZjOM4uK6LaRrMeO1VPv74I84++xwGDjyL92e/xz8+mYtpmvz7i3/z+ozXaNa8OacPGMBHH/6Vjz/6EJ/Px1/nzOGtN9+gX7/TGPzTC5g373Pe+8ufMQyDZYWF/GHa8/j9fnr07MmOsh388x//oFOnzvTrdyoffPA+f//737FtW0euiIiIiBw56FPbSYzj7svCpnHQd1IZhokTccB1CYfDBIPBIz7bedRNdL5PpmkSn5BAdXU1EcfB4/Gw8auvePKJx6kJBlmzdg3Z2Tmcf/7g/7YzMgyqqqoA8Hl9OPtC/7ZtW3nn7bdxIhFyW7Tg1NNO49N/fEK/fqeSlZUFBuTmtmDevHn0O/U0TMvk3EGDuPLKEdTU1LBk38O65eXl/O3jj2jVqjXNc5tjGAadOnXmP//+N4N/egEAHTp04OZbxmPbNoFAgPt+cz+xsbHU1NSwfNky1qxeVft8gr4NWEREREQOwXVdbNumb9++bN6yhdVr1hAfH09iYhKO41BUVMTeqipKS0uJhCMkJSVRVVVF4bJlxMfH0ad3b2zbPmTQd133fxPwTdOkurqa7du30b5DB+x9NfS2bZOSkoLP5+PU006ja7fuB/Si4zoOOdnZOI5DSWkJDTIziYTDxNgxZGY2ZNGiBRRvLaZDXkdc12XHjlJmz34P13ExTZO8jnnRtvxerzfazj45OYWysh0EAn4qKspJSk5izvuzcSIOkUiYjp07YxgGESdC4yZNsW2bYDCIYRgsWrSQhQu+pLraz7p1a2nfIU895oiIiIjIERmGQcOGDQGDBQsWsHfvXjIzG9KhfQe2bNlCUVERcXFx5OXlkZCQSEnJdvx+Px06dCCrYcPD5k3DMI4+4Jumicfj2Re6a5vU1Pl6n/d1Df/rHlz9b1Mbk7l//xsVFRV07dY92ud94yZN+MW1o7EsT7S//f27yIxEIrRs1ZqUlBTenz2btm3bYds2GZmZXDdmLK+8/CL/+uwzEhMSMAyDMweexRlnnEkwGMRj2xhARUUF7GsqtP+dDtT28x+fmEiPXr24/PLhBAIBPB4PhmEQCASiD+LWPqTr4eOPPuTtt97kwouG0LlLV955601C4ZCOWBERERGpV8j3eCw8Hmtfu/wgqakpJCUl7mt2bmEYEAj4o53BWOaRW9h/q2+yLSnZzpIlSwiFamu/c3IaYZgGkUiE1atXU7W3inCktm/7du3aYxgGfr+fNatX4/V5KS8vJ3/RQv728cdcNORiOnbsFO3dpq5dkWWFD3lX4jgOaWlpjBx1NU89+SSP/O4hzh10Hg3SG1BevocvvvgCwzRITUujc5euvP3mG2RnZZOSmsr8//yblJRUunXvHg3p+wf8SMQhLi6ePn378uEHH9C6dVsaN27M4oJ8HMfh9AFnRJ8hqHtgeOXKFTRo0ICzzzmXkpLtfPXVVzRp2iQ6T9Xki4iIiMjhRCIRampqMC2L4q3FbN68mYSEBDIyMkhLS6OiooKNGzdSVVVFTIw3Wln+TRnzqAJ+SmoqSwoWs2L5CsClpibIxZdcSrv2HfD5fLz+2muYZm3/8DExMdxz730kJCQQrAny5BOPA+D1ecnIyOTX427i1FNPw3EimKaJz+cjPj7+sN391AmFQpzS71RSUlJ59913mPb884RCtQXTpEkTLrxoCF6vl1E//zkvvzid3/3uIQzDIDk5mcsvH45hGCQkJBATExOdp8/nIy4uDtd1GDr0Uqqrqnn6yccBg7i4OC68aAiGUfu31+sFagt2wBlnMu3557jj9ttIT29A02bNSEiIByDWF3uEPkpFRERE5GRXl1Eb5eQQDAaJTYhjT3k5pWU7aJGby5YtxbiuS0pKCjU1NTTKaURiYuKR5wkYwWDQDYXCLF2+gsT4OEzr8Jnf7/fXNpnZd9fgAl5vDJbliTZhqXuNfYE4EonU9kXv1nbb4/F48Pl8xMTERGvugX1PBDv4fLH1KhCPx0M4HKaqqoqqqr3ExsZFg3soFMKyLBzHYffu3YTDIZKTU4iNjSUUCuH3+7FtO9rbTd3TyD6fL9rkaM+ePQQDAZKSk4mPjyccDuP3+7EsK3pzYFomlRWVVFZUkJqWhtfrJRgMRn/XzVNERERE5FBc1yUUCuE4DpZlUVFRQeHyZURCEVzXoUvXrqQkJxOJ1FaK27Z92ApxwwBvjH10Ad88RJufuo8JDvVaXVuhr6/EoT5aqB3HwHXrX+tdN++6b5X9+nz3f33/ZjmmaR4w7te/iba+09UNqxtv/+070rfkioiIiIgcmINrRSIRSkpKKS0tJaNBA7KysrA81gE58/DzqQ34R9VE50hNTg73Wn3boteOc3Rh+JvmfbjXv76uXx+nvtN903aLiIiIiNQvB9cyTZPs7CwaNsyMVqAfba40VaQiIiIiIscWy7K+3c2CAr6IiIiIyLHnu7QGUcAXERERETlBGAr4IiIiIiInjkN80ZULbkQlIyJS5xu+m0P+V1cwdWQgInKIixYGh/miK8syqfu2VhGRk5oTUZg8FpmWbr5ERA7g4ji11yvPweHeIrd582/95K6IyIlzrnTgqYdhSQF4bJXHMbFPXLBMuOFW6Nhd5SEisk8kEuGrjRtxXfdwNfiWAr6IiOPCskL49DOwbQiFVCb/S6YJllUb8H/289q/RUTkIB4VgYjIkc6SntqfhhnQIU/NQv5XDAN2lcGKVWCYtT8iInKQw9bgi4jIfsLh2nD/7Etg6rT5P0r48NnHcP11eiZCRORIZ0vDUMAXEannGRMsGww1C/mfsXTJEhH5xssV6gdfRKT+VHOs8hcROdZPlQr4IiIiIiInFgV8EREREREFfBERERERUcAXEREREZEfjB6yFRERERE5geghWxERERGRE4w6FRYROck5jkNFRSUVlZU4Tv26ojQtk4T4OFJTUjD07b4iIgr4IiIngwVffsms998nHA6D61JTU8NZZ53FeeedV+95+P1+Jk2axNVXX0379u0PeG3q1Kk0aNCAyy677DutZ00oRMmOHXgsD5bHqv1890gMCIVCbNteQnJSEpalL/8SEVHAFxE5CXz2+ee8+OKLXHXVVZimiWmaR13bHQqF+Ohvf+PCCy886LX58+fTrFmz7xzwnYhDKBSmSaNGxMXF1muaar+fVWvW4TiOAr6IyDHCUMAXEfmhz7QGPXr04OGHHjpg8Lbt23Edh4qKCjZu3Ei37t1pmJkJwNatW1m8eDFZWVl0794d0zSJ9fnw+/3MmzcPj23Tu1cvDMPAtm08ntrTuOM4fLlgAeV79tC7d29SU1NV/iIiJykFfBGRH4hpGFRVVVFcXIxlWdi2TXp6OrNnz+aZZ56hXbt27Nmzh8rKSua8/z4bN25kwu23k5WVRX5+PreOH8/PfvYzwuEwv3vkEZo1a8aiRYu4bNgw7rrrLgzDwDBNIpEIY8eOpWznTjIzM3nq6aeZ9sIL5OTkaCeIiJxE6lpYqhcdEZEfSIxts2jRIi6+5BLOHzyYO+68E6htdpOSksK0F17g7bfeIuD38+mnn9KiRQteeeUV/vTKK1x77bXMfPdd/H4/juMw8qqr+MO0aUyePJkXX3qJ8vJyTNMkJiaGf372GXPnzuXeiRP5zaRJeH0+pk+frh0gInKSUg2+iMgPpKamhl69evH6jBlYlhVtThOJRGjSuDFJSUkANM/NpaKigsTERGbPnk3hsmUUFhaC6xIOh/F6vbRt2xbDMOjSuTO4Ljt37sQwTSzLYvWqVXhsm+nTp+M4DokJCbRs2VI7QETkJOS6rgK+iMgPdpIFYmNjSU9PP2i44ziw77fruti2zZTHHmPevHncO3Ei7dq145133sF1XRzHIRKJAFBUVIRhmqSlpeE6Do7jkJ2TQ1ZWFlOmTIneRLiuqx0gInISMgxDAV9E5AcL+K7LokWLuPOuuzANg5qaGs477zwMIBAMRscLBAKEw2G2bduGZZoUFRUxa9YsqqurMQyD8vJyHn/iCfILCnj99de56KKLSElJobq6mqq9ezlr4ECeeOIJrhszhu7dupFfUMDPRozgjDPO0E4QETnZAj5qoiMi8oMZcPrpVFRUEA6F/hv6gf6nnUajRo1qT8SGwdVXX01ehw6cffbZPP/CCyxfvpxf33ADu/fswefzcecdd5CUlMSXCxYwauRIRo0aBcCwYcNITk4mISGB12fM4NVXX+WrjRs5vX9/evbsqR0gInISchXwRUR+OD179jxs0O7WrVs04F++Xz/2k+6776BxR44cCcCQIUMOGL5/3/jZ2dncdtttKnQREVEvOiIiIiIiCvgiInLiMVQEIiInAjXRERE5yZlWbXebW4q31vbC800d8BgQDkewPR4MQ3cFIiLHEj1kKyJS7xRsgnlinjJjvF6ymjShsrISp57da/pMkwbxcVieH7FMbFvHoYjIN9BDtiIi9Q33O3fAPz8E04ITrI95E4NU0yD1aGvjXRccl2+u8v8eGCYULtr3tw5JEZEjUcAXEfmmEGtZsHwVjP0lGMaPkmfl6wF/vxsKS4+PiYgcic6SIiJHPEuatYHSNGpTpr4h9n93o2UYtfvCMmv/FhGRQ1INvojI4RgW/Ho8DB9ZG/TlGNkvBuR1UzmIiHz99KiALyJSjyDZsYfKQUREjiuqkhIREREROQG4CvgiIiIiIiceBXwRkWNEZWUlfr//O81j9+7dhMNhFaaIyEnKdV21wReRb2f+/PnMfPddLNMkNjaWUDhMMBgkOyuLG264AftH/FKidevWMe0Pf2D8LbeQmZlJVVUVcXFxB33L6ocffog/EODiIUMOO69IJEIwGCQuLu4HC/F33nUXd915Jzk5OdHhjuNwy/jxXHjBBVxwwQXfev6/feghOrRvzzXXXHNU0xUXFzNt2jR27tzJ6aefzrBhw6LlMWPGDBYuXEibNm34xS9+gc/n0xtAROQYZRiGavBF5LsJhcM8+9xz5OfnY5omlmVhWdaPug4VlZWsWLGCYDBIZWUlP7/mGgLB4EHjzZ49m7fffvuI8/r888+5/4EHfrB1DQaDvP/++1RWVh4wvKCggAULFtCzZ8/vNP++ffrw4ksvHdUnAWVlZQwZMoQVK1aQnp7O+PHjmT59OgD33nsv//d//0d6ejqvvvoqY8aMIRKJ6MAXETlWAz7qRUdEvqU+ffrQp08fABYtWsSoUaO4bNgwduzYQVlZGdu3byccDtO1a1eWLVvG5s2b6dqtG41ycqiqqqK0tJSYmBiWLF1Kq1ataNO6dTRsLli4kPT0dLp26UJ1VRUVe/fi9/vZUVrKqf36sbGoiBUrV9Kta1dycnJo364dk+67j+zsbP71+eesWb2aZYWF5Obm0qBBg+g6e71efF4vAOvXryc1LY1lhYWYpknfvn2JRCLMnz+fNWvWsHr1aho3bkx8fDxfffUVK1asoFWrVrRt25aamho2bNhAZmYmixcvJjExkcaNG5OdnQ1AeXk5xcXFtG/fnjVr1rB27Vo6dOhAixYtMAwDr9d70KcLs2bNon///mRnZ1NRUcH8+fOJjY2le/fuxMXF4TgOXy5YQPmePfTu3ZvU1NTaG4aaGhYuWEAgGKR7t24MOu88nnjySZYsWULfvn3rtS/Xrl1Lp06d+OMf/4hhGOzdu5dPPvmEQYMG8corr/DOO+/Qp08fRo4cSf/+/Vm4cGF034uIyLHFVcAXke8qGAziOA7BfTXmzzzzDHM++IBYn4/Bgwfzz88+48MPPyQxIYGi3/yGd999l/I9e7hyxAhatWyJZVksLSzkxenTad26NcOHD6dV69aUl5dzzc9/jmma3DJ+PHl5eWzZsoWcnBwikQjV1dWUlpYy6733qK6u5trRo3l35kyef+45tpeUMHnyZIYPH87FF198YM3Gvv7s77r7brZv307Tpk0pyM/n0ksv5dJLL+WdmTPZvXs3kydP5tZbb2X58uU8+dRT9OrZk8cef5yxY8Zw5plnMuyyy2jcqBExMTFk5+SwZ88eZrz2GqZp8tjjj7N71y769evHC9OmkdWwIYXLlvHSiy/Spk2bg0/Grsu6des4+5xzqKqq4soRI8ho0IBIJMLAgQO58sorueGGGyjbuZPMzEyeevpp/jBtGgkJCYy6+mqCgQANMjJ49913+f3TT9OmdWvyCwrqHfB79+5Nnz59qKmpIT8/n4KCAn7+85+zatUq0tPT6dy5MwDNmjWjXbt2CvgiIsc4BXwR+V7VNY155513SEtLo7i4mLFjxmCaJuedfz4ff/QR/fr1o7KykgcffJC2bdsycuRIZs2ezU8HD2bzli08++yztGjZElyXOXPmYNs2U595hk2bNvGTgQN5+6236HfqqZwxYAD//Oc/OeWUU9i7dy8NMjL49a9/zYavvuL5558nOTn5sOtZXl7OoEGDmHDbbcyZM4c77ryTe+65h0suuYTly5fz/PPPU11dzdBLL+WXo0czYsQIPvjgA6ZOnUqPnj3ZtXMnt9xyC1cOH87WrVs57/zzWbVqFbm5ubz//vs8+uijtG/fnsGDB5OYmMjlV1zBzHffZeI99xy0LuFwmKqqKpo3b8727dspKCjgz3/+Mz26d8d1Xf764YfMnTuXmTNnkp2dzZixY5kxYwaZmZmUlpbywQcfkJiQQHl5OYZhkJqWxratW+u9z+qaVBUUFPDLX/4SgDPPPJPPPvuMpKSk6OuGYRAfH09paakOdBERBXwROVlEwmH69etHZmZmbSg0TR5/4gl2lJayZcsWAoEAACkpKTRt2hTLssjNzaWsrIyuXbtyxoABXHTRRfQ79VTuu/deTNMkIz2dpKQkmjRtSnp6Ok2bNsUbE0Oz5s2pqKiofaBoX828x+PBNE1s244OOxTbtqOfILRq1YpQKEQ4HMb2eKLPEezevZs9e/awtLCQdfffTzgcpmevXjiRCEnJyQwcOBCv10tubi6n9O3LzJkz6dylC8nJyZzarx8VFRVMnz6d4uJiVq9aRW7z5jiOg3G4sguFaNasGaNGjmTUqFF06dKFSffdx/p16/DYNtOnT8dxHBISEmjRogWff/45vXr1IikxMVqmAK7jHNU+cxwH0zTp3bs38+bN45577uG3v/0tQ4YMoaKiItrm3nVdqqqqovtWRESOTXrIVkS+d86+gFlZWcmIESOIsW1uuOEGOnfqRHi/sLh/cHRcl4SEBJ5//nn++te/UlxczJNPPYXH48FxXRzHic637rfruge1ZXcch0gkUq+eXuqW7zhOdD77P0CakpJCUlIS1/z85zz91FM8O3UqDz/0ED6fL7qcOiNHjuS9995j6jPPMOzSS7Ftm1/+8pds27aNX/3qV5zSrx+hUOjQNS0eDwkJCWwsKsLj8fDQQw/xz08/JSE+nod/9zsyMzPJyclhypQpPP3007z80ktcfPHFJCcns6mo6KBy37lrFzmNGtV7f/3pT39i0qRJmKZJUlISrVu3Zt26dbRq1Ypdu3axZMkSADZu3MjKlSvp1auXDnIRkWOUoYAvIt8Hv98f7Xu9pqYm2h6/JhRi+/bteL1e/vHppyxctAj2hfXq6mpc141O4zoOBQUF3HHHHcyfPx/XcWjZogWRSCTaI4zrulRXV0eDbCAQIBQK/Xd4JEJOTg47duzgzjvvZO4nnxywnsH91i0QCETXuW59IpEIrVq1YuHChdz/wAPs2rWLq666iltvu41npk7ljjvv5LHHH//v8lw3Ou/TTjsNOyaGwmXLGDZsGKFQiJKSEnw+HwsXLuRfn312yG2A2qYvbdq0YenSpRQVFTHh9tv59NNP8QcCNGncmEHnnYfrOFw3ZgxTp07l2tGj+fzzz7nqqqtYvXo1t02YwJQpU7jtttsoKSlhw4YN9Ojevd77r3379kybNo3Ro0dz99138+ijj3LppZfSokULrr76akaPHs2kSZMYMWIE5557Lj169NBBLyJyjHIBa+LEiZMcx6Fkxw68MTaWZZGWlnbEj7ZFRPYPp16vlx7du9OwYUM8Hg9t27ShdevWxMXG0qF9exbl55Oens6wYcNo364djRs3JjklhV69euHxePB4PLRu3ZquXbuyafNmVq1axYABA/jFL36BYRhkNWxI5y5dME2TuLg4+vbtS2xsLLZt06lTJ3JyckhMTKR37940aNCAZs2asWXLFnp0735AX/Mej4d2bdvStm1bbI+HLl26kJmZiWGapKWl0bNnT1q1aoVlWVRXVdGnTx/OGzSIpKQkVq5cSWpKCkOHDiUjI4P4uDj69ukT/aTAsiyaNWvGgNNPp3fv3liWRefOnSksLMS2bYYPH06HvDyaN2+Oz+ejT58+B/S1n5yczBNPPsnFl1xCOBSisLCQvLw8xo4dS0pKCueeey5bi4sp3rqV3r16ceaZZ9KwYUP69+/PmrVr8VdXc8nQoeQXFJCfn8+tt96Kx1O/VpiNGjXiJz/5CWvWrCEQCHDjjTcyfPhwAAYMGEBqairr16/n7LPP5q677iImJkYHvojIsRbsXZddu3djmiZGMBh0Q6EwS5evIDE+9oB2qSIi8uNwHIcbx41j0KBB/HTw4G89nwkTJtCpc2eu+tnPVKgiIieRSCTCuvXr8Xg8CvgiIscKv9+PaZp49/XV/21UVlYSHx+vT2FFRE7igK9edEREjhGxsbHfeR6J+3rUERGRk09dtxOq4hEREREROYEo4IuIiIiInABcBXwRERERkROPAr6IiIiIyAnCdV0FfBERERGRE4VhGAr4IiIiIiInTMBHTXRERERERE4YrgK+iIiIiMiJRQFfREREREQBX0REvm+VlZX4/f7vNI/du3cTDodVmCIiJzGPikBEfijv/vnPfPHFF3hjYvDFxhLw+wnW1HBK374MHTr0R12XDz/8kEX5+dw+YQKGYRAMBomLiztovPfee4/5X36J4zj4fD7y8vI4+6yzSElJOey8g8Eg999/P8OHD6djx47fav0cx+GW8eO58IILuOCCC771dv72oYfo0L4911xzzVFNV1RUxB//+Ef27NnDmWeeycUXX6wDWETkOKSHbEXkB+U6DgZQVlbGI488wo6yMgzA8vz4dQslJSWsWb0awzCY98UX3P/AA4cc77XXXuOjjz7CNE38fj/Tpk3j/MGDWbly5WHnHYlEmDt3LiUlJd96/QoKCliwYAE9e/b8TtvZt08fXnzppaP6JGD79u0MGTKE9evXk5qayo033sjLL7+sA1hE5Hi89qIafBH5AQ0dOpShQ4eydetW5n7yCfdOnEjjxo3Ztm0bu3btYu26dSQmJtK2TRvy8/MpKyujd+/epKens2vXLqqqqgiHw6xctYqOeXk0bdoUgC1btrBkyRIaN25MXl4eZWVlhMNhdu3aRSAQoHfv3ixfvpxNmzfTp3dv0tLSGDRoEH369CEUCvGf//yHNWvWsHr1aho3bkx8fPx/az4MgwsvvJD77r0XgEAgwNjrr+emm25i1qxZeL1etm7dyuLFi2nUqBFdunTBMAxiYmIwzdo6k7rXs7Ky6N69O9u3b2f37t20b98+ekNQWFhI27ZtiY2NBWDWrFn079+f7OxsKioqmD9/PrGxsXTv3p24uDgcx+HLBQso37OH3r17k5qaCkCwpoaFCxYQCAbp3q0bg847jyeefJIlS5bQt2/feu2nlStX0rt3b5577jkMw2DPnj3Mnj2bUaNG6SAWETkOKeCLyA/O7/fjui6BQACAhx9+mPyCAgzDYMSIEbz++ussWbwYx3X5v8mTee8vf2HBggVMuP12WrduTTgUYsNXX/HuzJmEQiGuGzOGzp07U7J9O3fffTcFBQU8/sQTdOrUiXXr1tGyZUsCgQDl5eU4kQjvv/8+f//73/nwo4+45eabmfnOO+zavZvJkyczbtw4OnXqdEDAr6mpif7v8/m47bbbOOecc9iyZQvFxcXcM3Ei3bt1Y+XKlQwZMqS2OYxhYNs2S5cuZfytt5KVlUV+fj633347HTt2ZNTIkcyZM4emTZsyd+5cHvztb3l/9mxiY2NxXZd169Zx9jnnUFVVxZUjRpDRoAGRSISBAwdy5ZVXcsMNN1C2cyeZmZk89fTT/GHaNBISEhh19dUEAwEaZGTw7rvv8vunn6ZN69bkFxTUO+D379+fAQMGYBgGAJs3b6ZFixY6cEVEFPBFROpnT3k5KSkpvPbqq8THx7Np82aaN2tGZWUlZ555JosWLQLANAyeevJJMjIyOP/88/n4449JTU2lurqau++6i8yMDDAMPvvXv8jIyGD6H//I3LlzGXHVVfzniy9IT0+n36mnsmz5cgD27t1Lt27dGHLxxaxYsYLnn3sO07K+cX2zGjbEtm3Wb9jAk08+SZ/evZkwYQKLFy/mxnHjuOCCCzBNk0gkQrNmzXjllVfIzsri8See4K233mL4FVfQuEkTXn/jDW6fMIE//elPnHvOOSQlJQEQDoepqqqiefPmbN++nYKCAv785z/To3t3XNflrx9+yNy5c5k5cybZ2dmMGTuWGTNmkJmZSWlpKR988AGJCQmUl5djGAapaWls27q1/heC/ZpMvfTSS6xcuZIpU6boQBURUcAXEam/AaefTnJyMgABv58HHniAsp072bt3L9XV1Xg8HrKysmjYsCGWZdG0aVNKSkq47LLLeO+99zj7nHM4a+BAJk6ciGmaZDVsSExMDM2aNSOjQQMaZmWREB9PkyZNqKyowDTNaA21x+PBsqx6PwuwvaQEJxIhOSmJzZs2kZiYyAMPPkgkEuGMAQOi47muS2JiIrNnz6Zw2TIKCwuJRCLYts0111zDlClTOOfss1mxciW//e1vD1pOJBSiWbNmjBo5klGjRtGlSxcm3Xcf69etw2PbTJ8+HcdxSEhIoEWLFnz++ef06tWLpMREgOiDwK7jfKt98vbbb/PQQw8xffp0cnNzdZCKiBxnDAV8EflfcvaF0E2bNnH11VczduxYrrrqKtasWRN9zXEcIpEIlmXhui6O49CgQQPeeOMNVq1ezahRo3j11VeJT0g4YJq6ceuG1QX7aJCORA67Xq7rEhMTE/3f7/fzf488QvsOHejQoQNp6elcdNFFDL/iiujyAoEAjuPg8XiYPHky//7Pf7h34kTatWvHW2++STgcZvDgwTz99NNcc801DDjjjOjzBHU3HAkJCWwsKmKgx8NDDz3ETTfdxF133cXDv/sd555zDjk5OUyZMuWA2vbCwkKWLFlyQJmapsnOXbto3abNUe2Pd999lwceeIBXXnml3k17RETk2KSALyI/Spivrq6OBu5AIBBt515VVUXZzp14PB7mzJnDihUrcF2XSCRyQE8wwWAQDINP//lP/v63v9G5c2d8Ph+5ubls3rw52r6/blmu60YDeiQSIRwOR8dp1aoVr776arRry9atWx8Q8GfNmkUwGCQcCrF48WL8gQDTXniBxMRERlx5JZMnT6a0pIQ95eUEAgFunzCBQCBAJBJh27ZtWKZJUVERs2bNim53XGwsl112GbfeeivTpk07sMbFMGjTpg1Lly6lqKiIZ6ZOpWePHvgDAXKbN2fQeecxbdo0rhszhu7dupFfUMDVo0Zx1VVX8dZbb3HbhAlkNWzI1q1bmTBhAhs2bOD6sWPrvX/mzJnDsGHD6NixI2+++SYvv/wybdu25de//jVWPZowiYjIscHd99uaOHHiJMdxKNmxA2+MjWVZpKWlRXuDEBH5rkzTJCkpib59+xIbG4vHtunYsSNNmzalQYMGNG7UiPz8fHJzcxkyZAjt2rUjMzOThg0b0rlzZ0zTxLZtOublkdehA2vWrGH9+vUMGTIk2l97s2bN6NChA6ZpkpaWRp/evbFtm5iYGLp17Up6ejo5jRrRMS+P3NxcLMuiurqaPn36RNvCQ+1DtXUPvsbFx3P++ecz8Z57aNSoEQA9evSgSZMmLFu2jJiYGIZecgmNGzfG6/XSvXt3Tuvfny3FxewsK+PSoUPp3LlzdL0Kly3DcRzGjRt30Dk2OTmZJ558kosvuYRwKERhYSF5eXmMHTuWlJQUzj33XLYWF1O8dSu9e/XizDPPpGHDhvTv3581a9fir67mkqFDyS8oID8/n1tvvfWA2v4j2bhxI82bN6dNmzbRTzDS09Pp2bOnrgUiIsdLuHdddu3eXdskNRgMuqFQmKXLV5AYH4tt27Rq2VK1NiIi36Pq6moG//SnjLnuOi677LKDXncchxvHjWPQoEH8dPDgb72cCRMm0KlzZ6762c9U6CIiJ5FIJMK69euxLEsBX0Tkx1BeXs7f//53Bg8ejM/nO+Q4fr8f0zTxer3fejmVlZXEx8er5l1E5CQN+B6PR23wRUR+DMnJyQwdOvSI49R96dV3kbivRx0RETk5GYCqeEREREREThCuAr6IiIiIyIlFAV9ERERERAFfREREREQU8EVERERE5Aejh2xFRERERE4geshWREREROQEo4AvIiIiIqKALyIiIiIiCvgiIiIiIvKDMPb99qgoROTH8vbbb5OWlsbAgQOjwxYvXkxBQQEjR47EsqxDTvfajBnsrazkV7/61QHDv1ywgL/+9a/cdeed2LZNKBTi97//Pdu2b8fr9WJ7PPj9fhzH4aKLLuKLL74gLy+P884773vZnpWrVvHRhx9y7ejRJMTHH/Da6tWrmf3++4wdM4a4uLhDTl9QUMCf//xn7rnnHmzbprq6mvh983njjTcoKiritttuwzQPXRczdepUGjRowGWXXfa97aNly5bx8ccfc/311+P1enXQiogch1SDLyI/mtdee40PP/rogGELFy7k+eefJxwOH3a6pUuX8uWXXx40fNvWrXz6j3/gOE50mOu6mKZJQUEBzz73HKFQCMMwcByH1WvWUFJS8r1tz8qVK7n55pt56cUXDxjuOA5333MPEydOpKqq6rDTb926lU/+8Q9M02T9+vXcfMst0dcqKyvZUVaG67qHnX7+/PksW7bse9ue3bt3M2rUKB588EGCwaAOWBGR40zdFUM1+CLyo/H5fAfVCsfExBAbGxv9v6ioiBUrVtC4cWM6depUe6LyeLBtOzrOkiVLKCktpbS0FK/PFx1u2za37AvJM2fOZO/evTz66KPR19PT00lPT8fv97N9+3YwDIo2buSUU05h9+7dLFq0iPbt29OiRYtoUP9ywQLK9+yhd+/epKamHrDulmmS06gRzz33HJdccgk5OTkAfPzxx/znP/8hMzMTy7LYtm0b1dXVtGzZEtd1WbVqFTmNGmHbNl6vl1A4zIIFC1i3bh2FhYXYts2AAQMYOnQoAKvXrCEnO5v8ggJibJu+fftiGAa2bePx/Pc0vnjxYrZu3Ur37t3Jyso6uouC63L77beTk5OD67pHvLEQEZFjmwK+iPxoDMOgqqqKHTt2RIeVl5dHw/nMmTN5+OGH6dqtGytXruTcc8/l3okTMQwDjNqWhU899RQvvfwyffv04d///jcNGjSoff1rgsEgjuMQCATw+Xy4rssDDz7I+eefT6+ePRk2bBjtO3Rg586dJCQk4PV6qampYfXq1bz++uvkdejA9ddfT9nOnWRmZvLU008z7YUXoiEeIBQOc+qpp2JZFo899hiPPvoogUCAyZMnM2rUKObMmUNMTAzT/vAH1q9bxwsvvEA4HGbC7bczduxYfD4flmWxedMmXnr5ZTasX8+jU6Zg2zZLFi9mwIAB/Pa3v2X06NGkp6WRkppKfn4+l192GXfddReGYUS3/d777mPhwoW0btWKx594gsemTIneINXH1KlTWbVqFVOnTmXkyJEK+CIixynXddVER0R+PD6fj3feeYfLr7iCyy6/nMuvuILfP/MMHtumvLych3/3O26+5Rb+MG0aLzz/PK+88grrN2zA4/FgmSZlZWX8/plnmDJlClOnTuXmm28+quXX1NQQDoeJOA5V1dU88rvf8eqrr7JgwQIGDx7MO2+/TYvcXD7++GM+++wz5s6dy70TJ/KbSZPw+nxMnz79oJOox+PhzjvuYM4HH7B69WrefvttIpEI1/z854RDodobgVCI0L6/69YjEokAEA6Had26NVePGkXHjh15/rnneP655zj//PPZs2cPABUVFVx00UVM/+Mfmfx//8dLL79MeXk5pmnisW1WrVrFyy+9xO0TJnDPPffQqlUrnnv++XqXy/z585k2bRrTp0+nadOmuK572OcGRETk2GYYhmrwReTHEwgEuPzyy7nv3ntxXRfDMHj11Vd599132bFjB+Xl5Qw4/XQA2rZtS9MmTVi7Zg2WZWGZJps3b8Y0TXr17AlAWloapmnWu7Y5WuPtuiQlJZGRkYFt2zRv3pxmTZtiWRbNmjfHX13NqtWr8dg206dPx3EcEhMSaNmy5SFvGjp37syQIUO46eab2bFjB/fddx+pqalE9ns2oO5BWcMwME3zgE8dDMPA4/Fgmia2bWNZFh6PB2PftsXGxtK+fXsMw6Br1664rsvOnTsxTBPLstiwYQMe2+btd97BMAyCNTX07tWr3jc9N998M6FQiBkzZrBjxw6Ki4u5//77GTduHBkZGTpwRUSOp4CPmuiIyI/IdV18Ph+JiYnRYXFxcbiuS0JCAh6Ph81bttC4cWP27t1LSWkpmZmZOI6DCyQmJhKsqaGiooKEhAT27t17wAO2R7sujuNEp6/77boujuuSk51NVlYWU6ZMibZzP9KNxE3jxnHqaaeRl5fH4PPPP+Bh3piYGMorKqJBPxgM8vVGRZFIBNd1oz0J7b8sx3GiNf6bNm3CdV1SU1Oj29AwK4ukpCQeuP/+6HMC9S0Xy7IYN24cRUVFRCIRfD4fhmFEmw+JiMhxdq1VwBeRH1MgEDiod5ZQKERVVRWZmZlcfvnl3H777Qy79FLmzZtHq1at6NKlC2+++SZV1dU0b96cvPbtuW7MGE477TTmzJmD6ziHbIMfDofx+/0HLT8cDuM4DtXV1dEQ7ff7owE6GAyyd+9eBp51Fk88+STXjRlD927dyC8o4GcjRnDGGWccsIxAIEAkEqFhw4a89eab0U8V6pYRCoXo26cPv//977nvvvuorKyksLAQDINIJBJddm5uLmvWruWeiRO54vLLcfetS90NwWOPPUZ+fj5vvPkmF198MampqVRXV1NVVUXXLl1o3rw5o3/5Swb+5CcsWbKEs846i0svvbReAf/yyy+P/l9SUsLs2bO57bbb1E2miMhxypo4ceIkx3Eo2bEDb0ztR8N1FygRke+Tx7bp3KkTubm50WGmadKkSRO6du3K6aefTnxcHGvXraNjx47cd++9xMXFYVoWrVu1ol27dgwYMIDSkhIsy+LaX/yCdu3akZeXd9A5yzRNGjVuTLeuXaNNYmyPh06dOpGdnU1KSgq9evXCsix8Ph89evQgJSUF2+Ohbdu2tG/XjkGDBlFcXEzx1q307tWLgQMHEhMTc0A4zs7OJq9DBwzDiM4XapvdJCQk0KNHD1q3bk3jJk1Yv2EDp556KhdddBFt27Ujo0EDMjMy6Ny5M40aNSIxMZGyHTs45ZRTyMjIoEVuLs2bN2fG669z2mmnUVFZyZlnnMFNN92Ex+PBY1l0aN+e3NxcBp17LuUVFWwsKqJ9+/b8dPDgb9WOPhKJkJCQQNeuXQ/ooUdERI5truuya/fu2mteMBh0Q6EwS5evIDE+Ftu2adWypT6aFRE5BlRWVnLGT37Cs888Q+/evVUgIiJySJFIhHXr19c+06XiEBE5dvl8Pu67916aNWumwhARkW+kh2xFRI5xtm1z4QUXqCBERKReXFANvoiIiIjIiUQBX0REREREAV9ERERERBTwRURERETkB2Eo4IuIiIiInHgU8EVERERETgCuAr6IiIiIyIlHAV9ERERE5AThuq4CvoiIiIjIicIwDAV8ETl+ua6rQhAREdk/4KMmOiLyA/rwo4+Y88EHBwwrKyvj2WefJRAIHHHa6upqHMcBoKCggHE33cSePXsAyC8o4MYbb+TGG29kS3Hx0d8YOA5VVVXR/9944w0eeeSR6PK+rS/+/W9efe21I954fH3Z37dgMMjdd9/NsmXLjm7dv/iCO+64g/HjxzN+/Hg+/fRTHcAiIschVwFfRH5IH3/0EVdeeSUFBQXRYaWlpTz+xBP4/f7DTldTU8Mvrr2WnTt3RkNrSUkJADt27ODaa68lOzuba665hqyGDY96vdauW8fNt9wS/b+yspIdZWXf+ROBf/3rX7z44otHvFH4+rK/b5FIhLlz50bLq75mzJjBvHnzMAyDSCRCXFycDmARkeOUR0UgIj8Ur8+HZZqMu+km/vzuu6Snp2OaJnFxcRhG7ddx7N61i4WLFhEXH0/vXr2wbZvVa9aQn5/PihUryMrKIi0tjcemTCEuLo4//elPeDwehgwZgtfrpbi4mOzsbGJiYqisrGTRokUYpkmP7t1JSEigbOdO8hctIiEhgb59+xKJRFiwYAHr1q2jsLAQ27YZMGAAl1xyCZZlAbB69WrWrVtHq9atadumDQBFRUXEx8ezbv16/NXV9O3bl9jY2AO217ZtfD4fhmEccnzb44kue+nSpTRt2pSUlBS2bt3K4sWLadSoEV26dMFxHNasWUN2djZLlizBtm1ycnJo1qwZAH6/nzVr1tCpUyc2bdrEsmXLaNGiBR06dAAgJiYG06x//U0kEmHr1q385je/4Sc/+YkOXBERBXwRkUMLBgJcffXVbNy4kZtvuYVXXn45Gjxt22bVypWM/tWvaNa0Kbv37CE5KYmnn36a559/nh07dvDsc8+REB/Ptm3bCEciPPfcc8yaPZvSkhIeeeQRQqEQXy5YwKz33iMlJYWRI0eSlJyMNyaGvLw8RowYwfU33EBqaiqFhYVcOXw4P/vZz3j55ZfZsH49j06Zgm3bLFm8mP79+/PYY4/x3HPPMf3FF+nSpQtLFi9m9OjRjB49mkcffZQvFyygTZs2rFyxgk6dOzPthRfweA4+jZqmyZTHHmP+/PnR8bt168bdd9/NK6+8wob16/m/yZMZO3YsTiTCXXffTfdu3Vi5ciVDhgzhmmuu4VfXXYft8eD1emnVqhXLV6xg9qxZxMbG8qc//YlPP/2U4cOH8/gTT9AoJ4eFixYx5dFHOeecc8Awjmo/VVdXs3TpUqZOncpbb73FmWeeyeWXX64DWETkuL0AB4Pu3r1V7hfzF7iFy5a5q1avdsPhsCsi8l2NGzfOvW/SJHfr1q1uu/bt3WemTnW/+uort1u3bm5FRYX7i2uvda+/4QbXcRy3oqLCPfW009wXX3zRLS4udlu3aeNu3rzZDYfD7t/+9je3X79+bjgcdv/yl7+455xzjuv3+92dO3e6HfLy3OXLl7uTJk1yL774YjcYDLrhcNgtLy93Kysr3U2bNrmu67ozZ850e/Ts6YZCIXfGjBnu4MGDXb/f74bDYffee+91r732WrekpMRt3aaN++k//+m6ruvO/eQTt02bNm5JSYl79dVXu9eNGeOGQiF34cKFbtNmzaLzrjPlscfc8wcPdl3XdUeOHHnQ+CWlpe4bb7zhDh482A0Gg24oFHIHnnWWe+utt7qlpaXuxx9/7LZv397dvHmz26lzZ/c3999fu527drldu3Z1P/r4Y9d1Xfess892X37lFbesrMwtKytzXdd1b77lFveaa65xg8Gg2//0091PPvmk3vspEAi4zz77rDt9+nT3kUcecRs1auS+9NJLOoBFRI4j4XDYXbV6tbt+/XpXNfgi8oMK1dSQnZ3NE48/zq+uuw4DsL1e/H4/mzZv5lejR2MYBomJiXTr2pXCZcs47/zzMU0Tj8eDZVnYth2t+TdNE8MwsG0b27bxeDzU1NSwZu1a+p16KjExMQAkJSUBMPeTT5j67LN8tWEDwUAA13Wj87NtG8uyapfj8VBUVITX66VXz54A9O7VCwyDzZs3Y1kWLVu0wOPxkJubi8/nO+LDsoZhHDS+v7o6uuyYmBgq9+6luLiYBg0a8MCDDxKJRBgwYACO4xAfH885Z5+Nz+fD5/Mx+Kc/5Z233yY1JYXdu3dz4QUX4PF4eO2111i/YQNffvklrVu1IhKJYBzlPvJ6vVx33XXR/3ft2sWsWbMYNWqUDmARkeOMi5roiMiP5Nxzz+WG66/nnokTadiwIV6vl8SEBNatXx8dZ/OWLZxyyilAbbvwurC+/8OvdX+7rhv9sW2b1NRUvtqwITqe4zj84Q9/4I033+TBBx6goqKCu+66C9d1cSIRXNeNtrl3XRdcl/T0dKqrq9mxYwfNmjWjtLSUUDhMeno67r51qpt3XYg/kq+PD0SXDRAfF0dGRgYXXXQRw6+4IjpuVVUVjuNEpwcYceWVDL/ySraXlHDeoEGkpKRw/Q03EPD7GT9+PEmJiaxdu/Zb7Zu6Zdm2DcD27dtJS0vTQSsicpxSwBeRH0wwGIyGRoBx48axKD+fuXPn4vV6GXnVVdwzcSKWaVJSWsqmTZt44vHHiYuLIy4ujokTJ3LBBRfg9Xrx7+tWMxKJRHvgcV2Xar+fSCTCz0aMYOSoUUz6zW/w7Kv1DwSDuK5LaWkp78+ZQ0VFBY7j0Kx5c9asXcs9EydyxeWX4wJVVVU0b96cswYO5LoxYzj/vPOYM2cO5559Nk2bNqWqqoqampr/Lne/bjzrhEKhaPefwWDwoPHD4TDNcnNrl33PPQwbNoyfX301kydPprSkhD3l5QQDAW699VYCgcABAb9du3a0bdOGP//lLzzyu98BULJ9O5mZmaxcuZKP//Y3GjdqBNQ+hLv/tN/k888/54EHHqBfv35s27aNefPm8eabb+oAFhE5TlkTJ06c5DgOJTt24I2p/bg6LS3tqHpgEBE5FNu2adO2LS1yc2tPOJbFaaeeSlZ2Nt27dSMvL4+8Dh1YvmIFiQkJTLrvPlq2bIk3Joa2bdpQVFREx44dadGiBQ0aNKBbt25YlkVWVhadO3eO9sjTo0cP2rVrR/cePVi+fDkey2LIkCGcddZZVFRUUFRUxE9/+lN69epFXl4eTZo0ITExkbIdOzjllFPIyMggNzeXdu3acdZZZxGORCjauJH+/ftz6223EbOvKU/Hjh1p2rQphmEQHxdH3759D+hO0mNZ5Obm0qlTJzwez0Hj9+7dm5YtWtQuu6yMXr16cdZZZ9GkSROWLVtGTEwMlwwdSuPGjfH5fPTs2ZPk5GSg9tOC3Nxceu6bxjAMOnXqxNq1awkEAlxxxRV07NSJVq1a4fP56N69OykpKfXaTxkZGcTGxrJ27VrS09N5+OGH6dy5sw5gEZHjiOu67Nq9u7Ypa+2DXmGWLl9BYnwstm3TqmXL6EfXIiIiIiJybItEIqxfvx7L49EXXYmIiIiInEgU8EVERERETgCuAr6IiIiIyIlHAV9ERERE5AThuq4CvoiIiIjIicIwDAV8EREREZETJuCjJjoiIiIiIicMVwFfREREROTEooAvIiIiIqKALyIiIiIix0XANwxDpSIiIiIicrwFe9P82kO2LlgeD7GxsSodEREREZHjTKzPh2VZeOrSveWx8Hl9eCwLwzSJRCIqJRERERGR44BhGFgeD5bHUxfwawdmNEhnR1kZ27dtI+I4+P1+HMdRiYmIiIiIHINM0yQ2NhbLNAnW1JCTnf3fJjqu4xIbG0tOdjaO6xIMBnFdV6UmIiIiInKMcvfldsd1yc7Oxuv1/rcGH8BxXLxeL40bNVITHRERERGR44RlWdG/PfUZSUREREREjn2u66offBERERGRE4VhGAr4IiIiIiInEgV8EREREZEThJroiIiIiIicQNRER0RERETkBKOALyIiIiKigC8iIiIiIgr4IiIiIiKigC8iIiIiIgr4IiIiIiIK+CIiIiIiooAvIiIiIiIK+CIiIiIiooAvIiIiIiKH9P94V9cxrDkydAAAAABJRU5ErkJggg==\"><br><b>Option 2:</b><br>You can disable LLDP for your network interfaces by performing the following steps in your web interface:<br><ol><li>Select <b>Network &gt; Interfaces</b>&nbsp;and select the interface you wish to disable LLDP for.</li><li>Select <b>Advanced &gt; LLDP</b>.</li><li>Disable (uncheck) LLDP.&nbsp;</li></ol><img alt=\"\" src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAugAAAGPCAYAAAAOQyXvAAABXmlDQ1BJQ0MgUHJvZmlsZQAAeJxtkM1LAlEUxc+UIdgsEqKVgatWFpNK1KKF2QeBC7Gkj934NDVmptdzItoF/QVFq6AW0aI/QCgionWrIAjatYr2gQRlr/u0Gq3ucLk/Dvc+zhygQzc5t3wAbMcVmZmJ8OLSctj/DA3dCJAcMVmFJ9LpFDG+Z3vV7mmb6m5QvTVafQrerO6Wzz6Mvekjy/93v60C+UKF0XynjjIuXEAziNObLle8TdwryBTxvuJik08V55p82diZzySJb4l7WMnMEz8q/7kWvdjCtrXBvjwo93rByc7R7KMOYRJTSNEXRhYxxDGMMSxQRv/fxBs3SayBYwsCZRRRgkvXCVI4LBSIZ+GAYQgR4igM6rjK+neGnmYdAyMqix1PYwfAeYh+1/a0AdKCVeBqnJvC/ElWq/kqK7Fok3UBdL1K+dIP+C+AupDy7VDK+gnQ+QBcr38CiuJihLFSZPYAAKJ+SURBVHja7N13fJXl/f/x1z3OPtk7IaxACIQpGwEHirj3bLWt3ePXoW2tWltX665tbat+bbXuuvdClmyRDSGBEAiELEL2OOsevz9OckxYMgQBP8/Hg8eDnJxzn/u+zrly3td1rqH86Je/thVFIRIxyMrMYNL4seRkZaFpGkIIIYQQQogvn6IoBAIBdlRV8eFHM3nh2ae5/JrrcLld6ACGYZCRnsa5Z51JUkIChmlKqQkhhBBCCHGE2LaNx+Nh8KBBJCUk8OmiBdTV1ZKWno5q2zaqojB+zEkkJyVJOBdCCCGEEOIohfRIJEJ2djY/+NGPWLdyBe+/+Tq6ZVm4nE6yMjIwJZwLIYQQQghxVEUiEUaPHsv0c8+npaUZFdsGQNM07M7/CyGEEEIIIY4O27bRNBWHw4HfH4dqWRa2bSPRXAghhBBCiK8upFuWhWma0THotm1JqQghhBBCCPGVhvRox7lqY8vQFiGEEEIIIb7ygG5jY3cOcbGkB10IIYQQQoivNKBbFpZloWPbWLYN0osuhBBCCCHEXimKgqIoe4Zq+0sajdItk+tdk0QP52T3/hz2F17gl3ZBx8ALdixcR/fXQoYtCSGEEEJ8ecE8HA4TCoUwIhEs20ZRFBy6jsvtxul0fim5tmuiqG7bNrZ1aAfTNG2v4VRRFKzOLnoAVVVj/4foWo/BYBCPx4OmacfsC6Kq6hcWdtf5H2xD50COfTB0XQcgFAod02UqhBBCCHE8iUQiVFVVsvyzzygqKqKmpppgMITH4yEjM5NhQ4cy6qTR5OTk4HA4Divb2VY0G+qHEhIVRUFVVd599x2WLFmC0pn46ezAjYQjTJw0iYsvvgTDNOjo6MDlcqEoCi6Xi7lz53LfvX/mrrv/xKRJk4lEwsfkCxIIBNB1fa+Bt6sM3nnnbVauXMFPfvJTUlPTejREDvXYB99Q0ikr28yzzzzNxo2bOPfcc/nGN6+VjaeEEEIIIQ5DOBxm/fp1zJ07B1VRmTxlCtnZObhcLmzbpqpqB+vXrefFF57njDPPZPjwETidzkMP6J25XFUA9RBWQVcUhc8+W8Zrr7xMaWkpVVWV7KjYwY6KHVRUVNDU1ITD4aBo3Xp+/KMf0tLSgqqqAIRCQerq6ggGg+xjhMxXSlVVWtva+H8/+wmrV63C4XDsswyWLfuUV15+mdbW1tj1fRnHPphzbW5u4ubf/Y5Zs2YxdNgw+vTtKzVKCCGEEOIQKYqCYRisXbOGTz75hIJBg7niyisZOWIkDoeDtrZWbMuioGAI5553Pvn5+SxcsID169djmOY+h4B/Ya7DRgH08qYAPrcdG0tzML3pmqbhj4vjT3/+M/3752EYRlf+R1FUVFVl69atbN5ciqJGd0dSFBVFUdA0DVVV0XU9dhGRSKRHD3TX/bp6mQ3D6NEr7HQ6Yz87HA5M08QwDBwOB4ZhoCgKuu4A7D0e23X+uq6DomB1Pja6k5NGY309xcXFhCOR2LH31jvucDhwu92xa+gaamKaJg6HIza8JxKJHNCxu65XVdXY9XS9Jl3HtiwrFuwVRaGsbDMbN5Zw88238sMf/Yj29naCwSCqqsaOZ9v2HuXbdcyu8jVNE9M0Y8/X/fGWZWEYxgF/QyCEEEIIcTwH9MrKSmbN+pj8/HymTJ2C3x/HiuXLef7556irq8PpdHDWWTO44IILOePM6cyf/wlz584hNTWVvn37HlSmVhQFy7bZ3hykPRhE1xQ4gI7f/dJ1vTN895ykWFdXR3HxBgzDoGxzKbvq6ujVKyc22F5RFEpKSlizZjV+v5+xY8aSkJiI2dnyUFWVjRtLKN5QjKqqjBgxgj59+2KaJpFIhKVLl5CXNwDTNFmwYD69e/dm+PARrF2zmmHDR9DU1Mjy5Z+haTonnTSa3NzcWCPC4XCyY0cF69atpa21lUEFBRQWDkVRFNpaW1mzdg2GaVJZuYMNGzbg8/lIT0/fT2FHz7eoaD2maTFgwAAWL15E5Y4d9OnTl5NGj+5scbXt89gOh4OamhrWrVtL/a5d5A0YwPDhI2IBec3q1bjcbrKysvhk3lxQFMaPn8D6devQdR1VU1mxYgU+n4+cnByaW5opWl9EeflWUpKTGTtuPAkJCbHy1TSN8q1b2bBhA8FQkEGDBjFoUEHsNW1vb2ft2rVUbN9GekYGJ500mvj4+G4NMSGEEEKIEy+ch8NhVq1aSVJyMhMmTiIxMYlwKIyiKPTKzWXAwIEsWbyIOXNmM/WUU+nbty+jRp1E6aZNfPbZMrKzsw9pPLqqgqaA3j/RjcvtQj2MlUh0Xe/sqf58gmh7ezu33nIzy5Z9imma3PTb3wAKf7z9dpxOJ4qi8OR//kNl5Q5CoRDNzc2MOukkHn74ryQmJhGJRHjkkb/zvxdfICUlBdM0CQaD3Hjjb7jo4otpbW3l1ltuYdKkSZSVbWbdunWce+555GTncMstN1NQMJiKigra29toa2sjPT2d++9/kOEjRmDbNm+99QZ/ffgvaJqG2+2mbtcurrryKn51w438979P8cwzT2MaBv/65z+wbbjsssv55a9+RSQS2W85vPnGG8yaPYv+/fpTsrEY27Jpb2/nqquu5qbf3cxTTz3Js7sd+/LLL+fXv/ktc+fO4U93300wGCAuLo6dO+uYdsY0br31NlwuF0/990lamltwu93Mn/8Jubm92VxayiuvvIxt2/zjkb9j23DNNddw+unT+MMfb2P7tm243W6am5sZMXIkDz74EMnJKdi2zXPPPsujj/4TRVHwer20tLTwjW98k5//4peUl5dz+x//QGnpJlJTU6mvr6dv3778+Z57yc3tLSFdCCGEECdsQA8Gg6xbt5ZTTj2NtLS06CgIXaNw6FDyBgxg585aKrZvY2ddXWz0QVpaGiNGjmThwgWcddaM2MouByI67lyhT4KLkAt007IxTfuQLyASifCvf/2T+PgE7M6hHJMmncyZ06dz+x138tCDDzB79iwe/uvfSUpMJDMri9mzZxEKhQiHwzzw4EPk5Q3ghRee5+G/PMTMmTP5zneu54UXnuc//36CX/7qBr7xjW9imiYP3H8fDz30AKPHjCYuLh5NU3nvvXe58sqruOl3t5CWmgpEVzIpLd3Eb3/7OyadfDKrV63i5z//GS+//D9GjjqJoqL1/PlPdzNlylRuufX3+P1+3nj9Ne6558+MGDGS733/B3h9Ph75+9/4fz//BRMmTMTr9R5QKFUUhR3btzN+3Hh+f9ttxMXFc/ddd/C//73IhRdexHe/+z18ux07Ls7P9u3bueP2P5LTqxf33HMvqalpfPLJPH594w0MGzaca675BpqmsWTJYiZNOpl///tJ4uLj6d+/Pzk5Odx77z388Ec/ZurUU4mL87N+/Xr69e3H7353C4MG5fP+++9z2+9v5YP33+f7P/gR8+bN5YEH7mPq1FP43c03ExcXz9KlS9A0jUgkwgP330v5tnIeffRxhhQWsqWsjP/385/y6L/+yd1/uueYWVpSCCGEEOLLZhgGNTU19MrphcvlwrIsFEXB5/MRDodZtHARtbW1jBs/gfj4eEzTxOl0kZ2VTU11zSF3ZJqmjWnZqDY2cOgB3TRNijcUs27tGtatW8uaNaupra1BVVWysrJISEgAFHr37k2//v3xer3R9R11nR/88IeMHz+BhIQELrjgQnw+P9u2lRMKhZg58yMyMjIYN248O3bsYOfOnUyadDItLS2sW7cOXdcwTZNhw4Zz469/w7hx4+jbv39srPX551/AxZdcQnx8PBMnTWLosGFs3VqOaRrMnTuHjo4Opp91Fs1NTWzbVs6QIYXEx8WxZMkSUlJSyUjPACA7O4e8vDySkpIOKJDatk18QgK/uuFG+vfPIzMzk7PPPhfbtinfVk5aWhrp6ek9jp2Wls7iRQuprq5m+plnEQqF2bp1K7m9csnLy2PpksWxnvv4hHh+f9ttTD3lFAoLC4mPjyclJRVFUcjKyiIvL4/4+HgmTZrEAw8+xKRJk0hKTmH69LNISkqivLwcyzKZ9fFMVFXlVzfcSJ8+ffH7/cyYcQ4zzj6HrVu3sHjxIiafPJmExETKyspwud2MGTOWRYsW0draesiTH4QQQgghjnW2bRMMROfzdS0C0pV7S0s3MX/+PIYMKeTCCy4kISGhM9tquD1uQqHQYXRi2tjY6BxyPI9OVnS73dx3//09JolqmkY4HMbpdMYmFXZNeOya6Ng1Bj0SiURbHQ4HmqZiGiYdHR3U1tTS2trK72+9pcdJJ6ekdJ5wtJD698/D7XYTDodRuy1Z2NUT3PW1g8/no7GxkXA4zM7a2s4hIY/0uB7d4cDr9RCJhPc474OZHNkVXrsmeLrdblRVJRwO91gfvuvYmqaxY8cOTNPg+eef5aWXXsS2QVGgvb2DgoK42ETS1JRU0tMzCAaDWJYVG5+++7k6HA62bt3KvLlzKC8vp6GhgY6ODizbJhAIUllVSU5ODhkZGbHzCodDOHFSXV2DoqgsXryY9evXx1qN4XCI9PQMWb5RCCGEECe0rqXBg8FAj9zTtX9QQkIio8eMISMzMzaqwLIsbMvG43EfckdmVybX7c4tRQ+H0+nE6XShqupB7RDa/T7d/6/rOm63m0GDCvjr3/4eHR+PDUQnNno8Htrb2zsft/cNgna/zbZtlM7Huz0eXC4XD//1b6SkpGBZJl2TPJ1OZzRYc/g7Qe3+//29WD6fD6fTxR9vv5OCggIMI9LjnKLl+nnDaN9vqGj5zZw5k3v+fDcpqamMPmk0Q4YMYenSJWBHV2dxOV2EQiEs29qjYeH3+7Esi2uvvZYrr7qGYKAj+vvOVXfcbres5iKEEEKIE5au62RmZVJVVU3//nmxdc8VRSEzK4szzjyT/Pz82Ep5iqIQCoXYUbmDjMzMWIf0IQTI6Hj0L+MiXC4XbrcLt9vd+X93bBnAriE0mqbhcrm+cGMey7Zxuz0MzM+nZGMJ9fX1ZGZlk56eQWpqKg6H49AvmmgB5g/MJxAIsKFoPVlZWaSlpZOeno6r+3nbxArc7XYfxnPutex7HFtRFAoGD46u1LJmNenp6dFzysjA4/HgcOgH3BJTFIWOjg4e/dc/6d2nD08//Sx3/+kervvWt3E4nViWicvlom/fvlRXV1O0bj1erxenywVEN1Dq1asXfr+flStX4vVGd8lKz8ggPj7+oM5FCCGEEOJ40zX6obBwKKtXr6Kuri428sOyLFpbWqiuqqK1pTU2ygCgrq6ODRs2MGzYcNxu92HN1dM5nO3m7eiEzBdfeIGkpORYr6phGgwtHMrp06bh9/tpbWnhheefx+vzMmXKVLTOtcF3f96u4R+KAldccSUzP/qQ3/7mRr77ve+TmJjEkiWL+ezTT7nvgQdiu3bae+nJ3d+xw+Ew0844g1deeYk///lP1Dc0kJ+fT0lJCW+/9Sbf//4PuOTSy0hISCAcDvPeu++wo2I7aWnpTDvjjD2Gd3R9pbGvn7vfFj0nm4SE+B7HTs/I4JRTTmXqKafwr388QiQcYeSokWwr38Zrr7/KRRdexLXXfQu72/CYfR+fzvXfNRobGtm6dQulpZt49pmnY28w0zQ4/4ILeeP117nzjtupq6sjOSWZt958E8u2uP/+B7n2um/xt4f/wu9vvYXpZ82gva2VN998k5SUFG6/405UVZVJokIIIYQ4IQO60+lk7JhxbN26lVWrVuH3+UhKTsa2beob6tm2bRuDhwyJ9narKg0N9SxdsoTGhgZmzDi7xzDvg31u7M4x6IfK6/Pi9/t59dVXeoS1YDDIlVddxamnncaMGeewYP58nnrqPyQnJ1MwqAC3x0NiYmKPXTQVRSEhIQGfz4dhGAwZMoS/PPxX/vWvf3LPn/+EqqrExcVz8SWXkJmZSSRikJSUjNfn635VaJpGQkLiHi0Xv98fG3qTkJDAPffex9//9jee/M+/sSwLp9PJ5ClTGDFyFKFQiJEjR3LaaaczZ85sFixYwHe/9729BlKPx0NCQmIssHq9XhISEnr0MjscDhITE3G5XITDBiNHjtrj2E6nkz/+8Q7+9c9/8NJL/+OFF55D0zTGjB3H+AkTMS0Lf1wc8fHxe6w373K5Yse3LAuPx8P3vv8DHnzgfn7y4x8RFxfPGWeeyYyzZuB0OTEMk7y8PO5/8CEe+ftfueeeP6PrGllZ2Xz/Bz9AURS+9a1vo2saL7/8EvPmzcW2bQYMGMiMs8/uMe5dCCGEEOJEDOk5vXI4/fRpzP9kHuFQkAkTJ5GamsrIkaPIyc4hNS0NwzCora1l1apVbNu+jTPOOJOcnJzD7sRUvvGtb9tul4uf/PgneDyegzpgMBgkHA7v9XdOpxO3242mabS2ttDQ0EhiYhIJCfGEQkECgSAejyc2dMS2bdra2mI7c3YF22AwSENDA+FwmOTk5NhGOV1rreudY8q7RG9vw+l09QjpHR0dscmiEB1bZJomjY2NtLa2kpCQQHJny8g0zdikztraWrxeD8nJKZ+3bHYrg0gkjM/nR9M0AsEAkXAEv9/fY7JoIBCIDf3Z27G7dhm1bZumpiaam5uJi/OTnJyCqqqxY5imic/n6xHSu37XvTw1TaOxsZGGhnoSEhJJS0uno6MdyzRj5eVwOAgEAuzatQvbtklNTcXr9RKJRGKzlltaWmhsbMThcJCamorL5drvWvBCCCGEECeKcDjM2rVrmPXxxyQlJzNkSGFs081QKExlZSVrVq/Csi1OO+10hg4dhtPpPPhArigEAgEee/wxOjo6Di+gd43H2VfLo/uW8V1b3neN1dnbZNKuXujut3XtKNp1zO49t123796bu7fj7O2+XcfuGlO0v+fe27CZ7mXQddzdf+5+W/fj7+vYXfftuobuv9vX9e6vPKPlbmNZZudrpWDb1t6v0bb3GDLUVT77KwMhhBBCiBNR14qDlZWVrFq5knXr11JbU0sgEMDldpGZmcXQwkLGjB1LdnbOIc9ZVFWV9vZ2brzxV2wr39a5zOIhhq4DXa3F2m3s9L4et6/x1fta1m9fwyysfYxLP5hjH8jv93Yte7u2fd22t2N33fdAr+GLynP3ct99Uc0vukYZyiKEEEKIryvbtnE4HPTr14+cnBzOPPNMIp3LaKuKgu5w4HK5YruGHk5HpmEYmKbFwPz86CRRIYQQQgghxN5DeldQ39vwlX11rB5KQ2DQ4MGEQyF0KXYhhBBCCCEOLKgf4SfBPtxVXIQQQgghhBCHJ7oMtklra2t0uWwpEiGEEEIIIb5669etpW5nnQR0IYQQQgghvkpdy22PGTuO1tZWVCkSIYQQQgghvnoOhwOfzycBXQghhBBCiGOBvfsk0f1tOiSEEEIIIYQ4MnbP4bGAHg5HYlvNCyGEEEIIIY5eQA+HI58H9OiyLhYlGzfhdLkkoAshhBBCCHG0A3oohGla0WUWLdvG7XBw/jln4fN5pYSEEEIIIYQ4ytrbO1i4cD4RIxId4qIo4Ha7cLlcUjpCCCGEEEIcZaZp0jUMPbaKiwxtEUIIIYQQ4qvRPYvLMotCCCGEEEIcQySgCyGEEEIIcUwFdMvEtkwpCSGEEEIIIb5CtmWCZaLqqoomGxQJIYQQQgjxldIUBV1VUXVdR9d1KREhhBBCCCG+Ql25XMagCyGEEEIIcSwFdSmCE5NlWViWBcjwJSGEEEKIo8NGUVU09fD6wCWgn4AaG5uprq3Ftm0UCehCCCGEEEcpnttoqkZ6eirJSYkS0EWUZVlU19aSnpZKYkKCFIgQQgghxFFkmgYdgSCWZaEeYk+6BPQTLqDbYENSYiKaJlMMhBBCCCGOJl3XcLlch3UMSXAnqO7bxQohhBBCiOOHBHQhhBBCCCEkoO+faZo0NTUTiUSO2HPU1O5ke0Xll9rTbNs2zS2tGGbPnVmDwRAtra3HxRuitbXtmDhX0zSJGMZefxcIBmlta+txWzgckdoshBBCiOM7mKsqtm0fmwG9praOO+55kNXrivZ7vzXriyjZVHrQx//g49nced9DvPvhTMzdwvThCIfDPPT3f/H08/+LjgXvNPuTBfz9sX/vM3B+pUHYsti+o7JzSUaoqKykfPuOo/b84XCEyqrqHg2l1tY2Fn/6GRs3bd5bM4jiklKamptjQX79hmIWfbqMSMSQmi2EEEKI41ZJSQmffPLJsRnQLduivSOAYfQMz8ZuAXfmnHkUFW/c4/HdH9c9+JmmSTAUYubseZxx6lS+/+1rY7uo7ivcGXsJ1cZ+gnY4EmbO/IXMmb8gdlskEiEYDPa4X/ew3v0cu5/7vgL97uVyMGzb7vF8kXCYsq3lsYAOoCjKHue1r8fv/rv9/Qz0eB6AlrZWtm7bHrvvrl31rFi9lkAwhLnbfaPhvZ32jg4y09MJh8OsXLOO6to6LNMCZNy9EEIIIY5PkUgE0zQpKCg4dldxUVUFh0OnZNNmli5bjsPpoLRsC/379uGS889l2YpVbNm6jebmFto7Orjm8kvZULKR2fPmEwyFGDG0kLOnT6OouIRVa9bjcrsoLS2jd24Ore3tFBWXoGkao0eN4OPZ89heWUlKchKXX3QBGelpNDQ28vb7H1FZVU1SYiLnnz2d1JQU3nr/Q7ZsLSchPp7zzp5On9xeu523SmpyMq+88TY5WZkMHpSPoiioiooCLF+1mgWLltLc0sqoEUO54JwZbCjZyKfLV2LbNpVVNZx+ymSqa3ayvriYAf37c+kF5+D1elm7vojZ8xbEru+sM05D07QDLtOqmlqqqmuwLZvsrEzS01LZtHkLkXCE9cUb6ZWdhaZqNLc0s25DCW1t7eRkZdC78xq3VVSys64OBeid24v0tFS2lG/DsmyamppJSk5EU1XC4TBt7R2EQmH69u5FVmYGpmVRvm079Q2N6JpG/759cLldlG+rIBAMsW5DCb2yswhHDPL69aEjEKAjENzjGiqra0hJTsLhcNDe3oHf56N3rxw2bNwkNVsIIYQQxy2Hw0FhYSGBQODYniSqqioNjY3M/mQBlmUxYcxJzJ2/iCXLlpOVmQ4opKemMDCvP+XbtvN/Tz1DTnYW008/lTnzF7D0sxW0tLbx4ew5bNlazvDhhRQMGoiqqqSlpNCvT28qdlRi2RbTTp1KZVU1b7//IRHD4Knn/kfp5i2cNnUymRnptLW387/X3mD12vWcefqpxMX5+c8zzxMKh3ucs2manHH6KQwelM9/nnmB1tY2dF0DJdrzXrJpMwMG9Gf82JN454OZbCjZRFNzC/MWLCI+Lo4+ub144r/PUVldxcRxY5k9bz6frVxNZVUNjz/5bI/rW7jk0wMuy7pd9WwoiYbwvn1y2bxlK03NzbjdLhRVJTEhAZfLCQq0d3SQEB9HakoyG0vL6AgEqKyqpmxrOf369iY7O4sNJZtoa2unsamZsvJy4hPiSE5MoL6+karqWjLSUomL87FhYymGabK1fBtV1TUMHNCflJRk1m0oxrZsnA4HmqaSlJiA2+UkOyuD3F457G0HVMMw2FVfT052JgA+n5fBgwbidrtl1RohhBBCnBCO2THou4uPj+OKSy5kxpnT6N+3Dzt37WLwoHz8Pi8D+vdn4rgxFG/aRFtHB4Zpsr1iB5qus2VrObZtE+f384PvXMf5M6YzfGghDl1n2JDBDB86hInjxnDFJReSlpJMWmoqNbU7qdtVz+YtW7jwvLOZNH4sl1xwLv369GHF6jX4fT6qqquJRAzqdtVT39DQ41wty8br9vCdb16FZVn894WXCASCKCg4HA6+ccWljBs9ipTkJDRNo6q6Gk3TiIuL4+ILzuX8c87C6/Vw6uSTmXHGaeTmZNPY1ERRcTEdgZ7XV7a1/CACegOqotLW3k5zS3QSaFt7O2mpqeiaRm6vbOL8fkzTJD0tld69cujftw+6rtPS0srOXfU4dD36jUV7O5Zt09zSgqJAbnY2+Xn9SUpMxLItsrMyycnOYmD//igKtLW1U7uzDofDQWNjE6FQiHA4gmGaJCcl4nA4yO2Vg8/n2+811O7chdPpJD4ubo83shBCCCHE8cw0TZqbmwmHw8fPRkVdkzmdTkdnELawLCsWzkzTwuvx0LtXDpqqccVFF5CTncWmzWXomobbHV0wvmv8uGFFjzd/0RLe/2gWef370tHRgaKoGBEDBQWP+/NF5hUFbAsyM9LJSE8nMyOD8WNGkZKUtMe5GqZBQnw8373uG/z9sSco2VRKVmYGgUCQ519+jeraWvr2zo3uLqV83lNsRAwURemxwZDT6QAbDNPCs9v1ZWakH0RrLFo+fp8PG5vBgwYSHx9Ha2vbPkOubVsoioINWLaN1+vB5/ViYzO8sID4uDiqa3fi0Pf+NlIUJfp428K2wevx4PV4ABg5rBCf10NjY1Ps+RVF2W9rsrqmlqzM9D3u1/Xz/h4vhBBCCHGsW7t2LVXV1cduD3pX+LZtu8fEwq7bFSXaI11Xv4ua2p3k9euDaRioqsrI4YXRZfoiERRFwewW5LuO0eW9j2YxKH8gV156MXFxfiKRCCkpSSQkJDBn/kIam5pYsWoN5dt3kD+gPzvrdpE/II9eOVk0NbfEJpnufn4AhYMHcekF59HY1ISqKGzZto3lq1Zz5aUXcdqUk7EtK/qv2zV2/b/rGJZlYZgmA/P6Y+x2fcZBrAqTkBBPRzCA3+8jIy0NVYuOiVdVFcuyCAaDseUhu2d127bR1OgQlI5AgMSEBNJTU7FtUDqXArJ3C9I9grVlo2s6SYkJBIJBUpKTSElJxuzc/lZVVUzDjD6/YWDbNoZhYJrRBljEMLDtaC98IBgkMz19t8ZQ9HW2bZtwJLLHJFQhhBBCiOOBpmmMHz+e00499djsQVdVFb/fh8OhY5oO/D5frHfU43HjdDhQFIWpJ0/gvQ8/prpmJ7/48Q+4+PxzefXNd3jtrXdwuVx865qrcDqdPR6vKApxfh+6Hu2JnzB2NJ8sWsz2ih34/T4SExPwuN1cd/UVPPPiS9x130M4HU6uvvwSrr78Yv7z7Ivcdd9DKAoUDi5g3OhRPSZq+n0+nA5H7OczTpvK9h2VNDY10Ss7m/59+/Lksy+QmpxCVlYGDocDh0PvPMfo5Fi/L3rt0ev1oGsaA/P6cdF5Z/e4vqsvv/SAyzQ7M4PmlhaWr1qDqqqxYT6JCfF4vV4+Xb6S/Lz+OBwObD4P/tHzUOidk01LcwtLP1uBqqp4PG6G+f04dB1N/bydt8fPDgeKqpLXvy/riopZ/OlyIDpsKSU5idTUZMq3V/DpZysZPGggPp+XdUUlhMNhLNvisxWrGTF0MBVVVbHJod0bQ+uLimlubQUbPlu5mj65vejbO1dquRBCCCGOOw6HA7/fj3L99dfbHo+H++677wvHAB8t0R7dEC6XM9Yz6nG7URSFYDCEqio4ndHftbS24tAdeL3RoRPt7R0EAgHi4uJwuZwYhtHj8bZtEwgGcToc6LqObds0NDWhaxpxfj/hSAS3Kzq0JRQK09rWis/rw+NxA52bKLW0oKsaCQnxe5x7IBBEd+g9hn1YlkUoHMbjdhMOR2hqaSY+Lg5d0zq/DVAJR8J43B4gen4upxNN0wgGg6iaFgv9u1/f7gzDZFNpGfkD86KTU3cTCoexTBOnyxUL0tFvGwycTke0N9y2Y42OaK+9hqpGGzjBYAgbG5fTGe39Nk1QlNixDNOMDtPp+tkw0DQtVvbBUAgAt8sVazQZhoFhmNHXm66hPtHztW3QdY3q2p0kJSbEhsh0ifaeExtKo2naQa1sI4QQQghxLGhvb+emm24iEAgcuz3oXYEb6DGMxN1jXLhCQnzPkOzzefH5vD0e2/3xiqL0CHmKovQYR94VzgFcLicuV0qP42uattdx5126gvzu1+NxR293Oh2kp6bucR9d7zqnnufndrv3e30Hy+XcM9TvL9TuPoSne/l3PbbH/Xf/ebey97jde32OrvspfD7PoLucrMx9tjSFEEIIIU4kqhSBEEIIIYQQEtDFESYrmgghhBBCHJ90KYITrMWlKqBAY1MTiQkJUiBCCCGEEEeRaZl0dASIj4/rsXCGBPSvdUBXycrIoLq2ltqddShIT7oQQgghxNFgE11oIyM97ZDDuQT0E1RSUgIJCXGda4JLQBdCCCGEOFoRXVHUHptOSkAXMV2bAAkhhBBCiOMsx0kRCCGEEEIIcezQo5vEGFISJxjDMDAtSwa4CCGEEEIcJTagqeoe+8gcTH4zDAPdsCxM25YSPYFUVFZSsnFzZ0CXiC6EEEIIcXQCuo2mqhQMGkBuTs5BP960bQzLQkfVUFTZGv1EYRgGJRs3M6xwMMlJiVIgQgghhBBHUUNjE+uKisnKyDjonnRF1UDVZJLoicayLCzLJjUlCV13SIEIIYQQQhxFqSlJWJbduZreoZFJoidsUJdhS0IIIYQQx2MGk4AuhBBCCCHEMUQCejcdHQGqa2ppaWmVwhBCCCGEEF8JGYMOBIMh3v7gIxYtWYplA7bN4Px8rr78YpKOwYmWn61YRXpaKn1658qLJ4QQQghxgvna96Dbts0rb7zNhx/P5szTTuVXP/0h37jyMnSHjmGasfvtvla83bk0pQ09JgEYhrnHfQDM/RwLwLLtHvfp/tju9zdNk7ff/5Dy7RXy7hVCCCGEOAF97XvQd9bVsWDJEs4/5yzOO3s6AP379mHC2NEANDY28fYHH7Gjsor4+HjOOuM08vP6M2f+Qqqra2hsaiYYCnH6KZNZsXot1TW1TBw3humnn8rS5SvZuKmUQDBEQ0MjZ5w6hU2bt7B5azkjCgdzwbkz0HWdJctWsHDJEizLYvyYMZw6ZRJLP1tJ6ZYtmIbBtoodDBtSwDlnncmHH8+hZmcd8xYsZmfdLi4+/5xDXgxfCCGEEEIce772Pejbd1SBrTB8yJA9fmeaJk8+9yKlZVs4dcrJaJrKo088RWNjE1VV1cxfvJRBAwdg2xaPPPZvEuLi6N+nN6+++Q41tTvZtWsXcz5ZQK+cLBIS4vnXv/9LKBxm5PChvPvRx5Rs2kxRyUaefv5FCgcPZvLECbz+zrtsLN1MfUM9M2fPI87nY+Swobz30SzWFRXTu1cOiqKQnZVB/759UFWZRiCEEEIIcUIEc1XFtm0J6ArRXZ8se8+1KhsamygtK+PCc2Zw8oRxfPPKywgEgxSVbELTNfLz+jN92qmcPHE8Ho+bi847h4vOPweHrrOzbheKopKVmcn5M6Yz/bRT8HrdzDjzdC46dwZ+n4/q2lrWbyjBtqGtrY3qmlqwYcvWbaiqRk5WBpddfAEXnjuDhPh4dtbVMXrUCJwOB8OHDmH0qBES0IUQQgghThCbNm1kyYIFEtC7tmFdtXZ9j9st2+4c+63gdrsAcDqdqKpKOBxGQYndV1M1NFXDsi0URUFRlNgYckWJjlFXNRVN04DocTVNw7ZtLNMkISGe3F455GRn8e1vXMW4MScRiURQFAXDMDAMA4dDx7Y/H48u65wLIYQQQpw4IpEIlmkyID9fxqCnp6cyZdIE3vvwY1RVYejgwTQ2NbFg8VLOmT6NtNRU5i1YTE52NstWrMI0TQbm9WdHVVUshEd374z2wNt2dOco27Y7/2/3uD3WALCiYX5AXn/mLVhMnN9P3z69Wbtufbf7293uHz1eV/ivqq6hdmcd6WmpKIoi72ohhBBCiOOYw+FgUMFgOgIBCeiKonDFxRfi9XhYtGQZ8xcuweFwMGLoEPr17cO3rr6CZ196hbsf+AuqonDlJReR2ysbXdfweDyxAvX7fbHec7/fh8Oh43Q68fm8gIKmafh9PlRVA8Dn86EqKmNGjWDzlq38++nnUDWNhLg4+vTujdvt6nwsnff34HToaJrGpAnjmDVvPpXVNfzk+99B1zR5VwshhBBCHP/BNNohe81137J9Xi8PP/gAPp/va10mgWCQQCCA2+3G2xm+IfqVQ2trW/R2b/T2cDiMZdu4XS4M0yQcDuNxu2PHcTmdWJaFYZp43G4syyIYCuF2uVFVhUAggK47cDiibaTW1jZC4TAJ8fE4HDrhSASz87EAgUAQXddwOBxYlkVLaysulxtP5/CbLuFwmLnzF3Pa1Ek4nU55owshhBBCHEWHmsVaWlr40U9+imlZ0oPencftjgXi7hwOB8nJST1u617guqahdwv0XeFe06KBGqKzcruHfk+3/wPExfmJ6358hwM6Hxu9/+fnpaoqiQkJ8oIJIYQQQpxA1q9bR01NtQR0IYQQQgghvmqapjFm3DgaGxtlFZcTlarKxFEhhBBCiOMpgzkcDnx+v/Sgn3hvChVVVdhV30hyUqIUiBBCCCHEUdTQ2ISqKoe0V03XKoAS0E8wuq5TMGgA64qKMS2rx3rtQgghhBDiyLGx0VSVgkED0PVDj9kS0E9AuTk5ZGVkdAZ0IYQQQghxdAI6aKp6WOFcAvoJTNd1eXGFEEIIIY5DMklUCCGEEEKIY4h0sp6gDMOQIS5CCCGEEPvRfUhKJGJ03nJ4FEVF01QU5dBTmAT0E1BFZRXFG0uxZJKoEEIIIcR+ArqN0+GgX9/etLV3EIlEDitY27aNpumkJCeRnZWBeojHkoB+gjEMg+KNpeTn9SM7K1MKRAghhBBiP8LhCI3NzfTrnYuqHd7ob9M0qa9vYld9A5npaai6JgFdgGVZWJZNTnYWDodDCkQIIYQQYj+cTid+v+9LPWZDUxO2bQGHFtBVLBPbMuXVOYEoRL9iEUIIIYQQR5emaRzqKBnbMsEyUXVVRVNknLIQQgghhBBfabhXFPTopFX9sBdTP1pCoRCBYJD4+PhDHnS/P6ZpsqOqGq/HTVpq6pdyzHAkQltrG0Bs0oFt2yiKQkJC/CFtA3uwLMuiqamJxMTEPZ6vra0NVVVpamrC5/ORkJDwpT73xo0bcbvd9OnTJ3Yuzc3NxMfHo2mff+3T2tqK3+/vUUbNzc14PB6qq6vJzs7G6XRKzRVCCCHECasrl2ujRo263eFwcOaZZx7zAWjh0k95/D9PM3HcGNxu9z7D6KKly/B6PXi93gM+diQS4f/++yxvvvsBPq+XgQP6fynnXFS8kb8++n/MW7iY2Z8sYN7CxcxfvJRPl6/gpJHD8Xo8X3ojo3xbBf365MYCcDgU4pJLLiEcDjN69OjYfRsaGphx9tmkpaVx8y230NjQwOTJk/c45pw5cwiFQqQeQqPl1ltvpby8nKlTpwIQDAY597zziEQijBkzBoCKigqmnXEGAwcOJK9/tNwXLVrEN6+9liGDB3PV1VczfMQI+vXtKzVXCCGEEMe0iGFQ39BIelpqj87IA8mis2bNwjCM42ujokjEoD3QgW3bPcZYG4YR+38oHObVt95l5676PYK7ZVmxn7s/vqvnfO36Dfzw+us464zTehTW3hiGudcXZHcD+vfl5z/6Pj/9/vV4PV7y+vXhlz/+Pt//9nUkxMfvcY77uq4veu79cbndnHbaaTzz7LM9ruedd96hpaWFM6ZN4/Y//pHLLrtsj/MBeP7559lQXHxAz9W9jLuuwTQ/P1+Px0NhYSHvvvNO7FpnzpzJurVreffdd2P3e/e998jIyGD06NE8/PDDjBgxYo+GyN7+L4QQQghxOEzTpLmltXNd9L3n0eaW1iOaP46rVVwURUFVNTRVY96CRdTurKOltY3qmhrGjx3DaVNO5uXX36K9vZ233v2A7dt3cObpp/LJwkV8tnI1qqpy6pRJjD1pFLPnzae1rY2ddfUYhkEoFMIyTWbPW0B7ewdJiQnMmvsJdfUN5A/I4+Lzz8XrcbNmXRFzPllAIBQiP68/F547g131DbzzwUx21dfTKyeLC885m4SEaPj2er3079sHbBuv10NifAL9+vZh1pxPWLz0U6654jI0TWXZilVsKNnI8MIhbCjZhNfnpWhDCVmZGVx+8QUkxMexdn0Rs+ctIBgKMWJoIWedcdoBt8yuvvpqnnjiCZYuXcqUKVMwTZMXX3yRyy+/nMTERNavX4+m63g8Hp577jlcbjcrli9n8uTJLF6yhIbGRnbu3El+fj6rV63iV7/6FYqi8I9//pMBeXmcfvrpPP744yxduhRV07jxhhsYOXIkiqLssZ7o+eedx49/8hNqa2vJzMxk5scfc+111/Hpp5/S3NyM3+9n4YIFXHXVVbjdbuZ/8gnjxo5l1qxZFBcXU1FRge5wcNNvf8v//d//sXbtWhITE/nlL39JXl6e/GURQgghxCFra+9g0dJl5GRnUTAwD5fLFftdKBSipLSMyqpqTp4wjoT4uCNyDurxWHCKorCjsopZc+eTlZlBXv++vP72u1RUVpKZkY6iKPTJzaVP714sWLyUV958h3GjT2LUiGE8++IrVFVXU7uzjtfffg/bthlWOJh+ffugqCp9cnuRlprCxtIyMjMyOGXyJOYtWMSyFSupqq7lsSefJjExgVNOnggKNDW38Nh/nqatrY2zz5xGRWU1r771zh6rqBimiW3bWHa0hzkxKZG58xextXwbAO9+OBOX00lHIMDMOfNobW3j5InjWLl6DR/PmUdFZSWPP/UsOdlZTD/9VObMX8DCJZ8ecJn169ePyVOm8MyzzwKwZs0aSjZu5JprrgHgo5kz2bhxIy0tLdx7332sXbOGCy+8kILBg3E5nQwtLGTE8OFs3bqV2XPmxK7vk08+obi4mF27dlFTU8P3v/99EuLj+f1tt0U3StrLGPuJEyficrlYsmQJlZWVlG7axG2//z2aqrJ48WLKt22jsrKSs88+m46ODp5/8UWaW1rYsnUrt9x6Kx6Ph7NnzOCuu+9m8eLF3HrrrfTv358bf/1rQqGQ/GURQgghxCHzetzkZGdRVLyR4k2bCYXCneE8TPGmUoqKS8jJzvrShyl3d9yug24Dgwbmcf7Z0wkEAiz+dDn19Q2MGTWCdz74iInjRtOvbx8+mjUXt8tJQ2MjhmFgGAZl5dtRVZW8fv344fXfQlGgZNNmZn8yn6knTyQ1JZkB/ftR39BIRWUlcX4/DQ2NrAkU4XA4uOaKS3F1jtcv3ljKjqoqMtJHsG3HDhyazuYt5UQikf2O6R85rJCc7CwWLl2GbVvsqm9g2qlTKS0rw+/3ceUlF+J2u9hRWUVp2RY0TSMQCGCYJtsrdqDpOmVbyzll8qQDLrNvXXcdP/npT2loaODFF19k3Lhx5A8cCETXAO3qjU9PT+f+++8nNTUVy7LIyspi4sSJTJw4kc1lZT3WV++6xuzsbO666y7KysoYMmQICxYsIBQK7XU3rqSkJCZMmMDcefOoqq6moKCAgQMHMunkk/ngww/ZsnUreXl59OvXj+bmZtwuF4qiYFkWU6dM4Y477sAwDH76s58xfPhwPvzoI5pbWigqKqKpqYmMjAz56yKEEEKIQ+JwOCgYOADbtikq2QRA3965lG/fTlHJJgoL8ikYOACH48jF6ON6o6JY+LMVVEXBtm0ikeh4oK6x0KZlkpqSQq/sLGzb5gffuY6+fXLZsnUrcX5fbJ3KrnFEhmFgWRb/e/UNijeVRoenAIoChhHB4dB7DCuxbQtd1+nbO5ekpERysrJIiI9D/4JNgnRd57Spk3njnfeoqa2lIH8g6WmpFG8sRVVVFFWJvUksy8I0TTweD7175aCpGldcdAGZGekHVV5TpkwhIz2dv/7tb8yZM4fbb7+98xrsbtdj4/V6Y8E7EolgmmasPLvG/3etBqNpGrquU1ZWxm9++1syMzNxOhx77Tnv7pyzz+aOO+9kzZo1fPf66wG44IIL+OlPfsLKlSs555xzUFV1j3NLSkoCopNNVVVl3LhxFBYWogAXXnABycnJ8pdFCCGEEIfF5XIyOH8goLB+QzHbtlfQ2tbG0CGDGZw/EJfryC6sclwNcbFte4+gCGBjxyZYOp0ODMNkW8UOGhqbGDRgADvrdpGelkbBoHxa2trQNR3b7jkps+tnRVVoampm7oJFnHXG6Zwz/QwURcEwTAb070dTUwtLPl1OQ2Mj8xYsIjEhAb/PR1NzM8OHDsHn9RIIBve6DKS12+TWcWNG4fF4KN64iVOnTIo1BEKhEJvLtlJZVc1nK1YyoH8/hg0ZTCQSQVVVRg4vxDTNfU4i3febzcVVV1/Ngw8+iNPlYtq0aZ+fW7eyMDuH4wDRxoKiUF1dTVNTE6mpqRQXF7NlyxY2b97MmrVrcXs8PPvsszidTv7y0ENMmTIlNhl194mvXU455RSampooKytj+vTpAIwZPRqH08mqVas4Z8aM2H27Gk+2bceu2ev1Mnz4cEpLS5l88smMGDGCUCh0ULOlhRBCCCH2H9IHMHRIAe2BAEOHFByVcA7HWQ+60xHdilVRFFxOF57OsT+KouD3+VA1jaTEBIYVDuHVN9+hqqaWi88/h+qdO/nbY/+HqqhkZKRTWDAIt7vz8Z1BWtc1/D4fCir+OD9DBg/ijbffIzUlmaTEBDRNY/CgfM496wxeffMd3nxXJTsri9GjRvCta67ghVffYMXqNYDCWdNOg6G7n72Cz+vB7f58ooHf56MgfwBOp5PB+fk9wvL/XnuD1tY2euVEx5wnJSVy0Xln8+qb7/DaW+/gcrm4+vJLD7oML7n4Yh555BGuuvLKHstQxsfH43K50DSNxMTE2LcTDoeD8y+4gAcfeohln33Gfffey+jRo7nwoosoLCwkKyMDp9PJtGnT+ODDD/nO9dcT5/eT26tX9Br9/tjr1F1mZibTpk3D4XDEhqR4PB7OO+88/H4/g4cMiTUQUlNTUVUVj9tNXFxc7PY//uEP/Po3v+HMM8/Esm2mTZvG6NGjj8ra8kIIIYT4eoT0woJ8+vbOxef19BjmeyR0jR5Qrr/+etvj8XDffffh8/mO6UIyDINwOILH4yYSiWDZNm6XC9u2CQSDOB0OdF3HNE1aWtvwejyxVk5zcwumZZLQuUFOKBzG7nw8gGlahMIh3C43qhrtMW9sasLn9eJyOTFNMzbso7W1lXDEIDEhAU2LhsFQKERrWztutxu/b+/rr3cNy/j8OG3cce+DnHXG6Zx5WnSd8HkLFvHSa29x1x9+h6ZqxMfHoXULnO3tHQQCAeLi4vbagguHw8ydv5jTpk7a5xj4trY23G53jw2q2tvbcTgcaJpGe3s7cXFxPTYNqq2txevzER8Xh2EY1NTUkJycjNPpxDAM3G43dXV1tLe3k5ubSygUwuPxEAgEUFV1r+vWBwIBFEXp8btwOIxhGLHGg23bsU2MIpEIhmH0eJ92nYvT6SQ9PV3+kgghhBDiK9URCLCxtIyhgwcdVKBvb2/n4osvpqys7PjqQe++62n38KkoSo+ZtFpnT3p3XcsexlpEu4VXTVN7HEPXNdJSU3ocs0tXL27PFparxzI8e7N7SN28ZSupKclMGHtS7Da/z0dOThZ+ny/WeOjO5/Pi83kPqxz9fv9ejvt56I3fbX12RVHIzMzs8Tr06uwh7/oZIC0tjbS0NIBYwN7fZlF761l3Op17vLZd57O3Mt79XIQQQgghjkdd8/4KCgqO70mix7uhhYMZWjgYR7ee7JNGDmf40EKcTocUkBBCCCHE14TD4aCwsJBAICAB/St9IfQ9iz86BObwxlDbsNflDYUQQgghxJFlGMZeF8g44Bxn2xLQTzSqqqKqCpVV1WRnZUqBCCGEEELsR8QwaGhsIiE+Hv0wV4OLGAb1DY2oioqiHFyHq2maNDc3S0A/Eem6zuBBAyneWEpJaRkK0pMuhBBCCLE3NtEluvP69aWquoaIYRxWcrJtUDWVjPRUVO3gR0SsXbuWqupqCegnotycbLIy0jEtS+K5EEIIIcQ+Azpoqoqu63QEgtElDg/zmKqm4tD1ve6Jsz+apjF+/HiampokoJ+odF2XF1cIIYQQ4gB5Pe6v/BwcDgd+vx/Z0UUIIYQQQohjgN2567x0sp6gDMOQIS5CCCGEEPsLxHw+xCUSMTpvOTyKoqJp6mGtqCcB/QRUUVlF8cZSLMuSSaJCCCGEEPsM6DZOh4N+fXvT1t5BJBI5rGBt2zaappOSnER2VsZBj0OXgH6CMgyD4o2l5Of1k2UWhRBCCCG+QDgcobG5mX69cw9p5ZXuTNOkvr6JXfUNZKanoeqHtmyjBPQTjGVZWJZNTnYWDofsRiqEEEIIsT9OpxO/3/elHrOhqQnbtoBDC+gySfQEpMBh7WAlhBBCCCEOjaZpHO6G7hLQhRBCCCGEOIYc0wE9EAjQ3hHocZtlWTQ1t2AYxkEdq7Wtja3bttPc3MLaog20tLZ9aefZ1tZOQ0Mj9Q2NtLW1H/Jx6hsaWLF6LWVby4FoL3jxxk1U19Qe9jlalkVLS8set7e3txMIBKQmCCGEEEJIQP9is+ct4PZ77mdn3a7YbQ2NTfz5ob+ydVvFPh/X0dHB7HkLiEQiAGzbXsHd9z/MU8++wMbNZTz5zAtsLd/2pZyjZVk89fz/+P3d9/DnBx/m1jv/zCOP/4e6XfUHdZyln63grvv+wjvvf0jZlq1AdKLBcy+9wpJlyw/7PKurqzl58mQ+mjmzx+1/+MMf+Nejj0pNEEIIIYQ4VgK6YRgH3Rt9tJiWydbybfz3uRcJhUJAtFe5IxDEtKweIdnq9vP2HVW89d6HnetZwpJly3HoOjfd8Av69cklstv12raNaZo9jrf773cP5d21t7fTr08ffvOLn/Gta65k0+bNvP72uz3uZxjmPs83HI7w5rsfcNLI4dz62xuYPu202PNa1p5jybsf62BUVlbyi1/8gvLy8thtbW1te/Sgdy+LA3qdTFNqkhBCCCFOCKZp0tzSGsuRu4tEDJpbWo9I/unK5bphWZjH6oRCG9LTUtlUtoXX3n6Pay6/BEVRUDv/QbSXffmq1aiqyumnTKFPbi/efv9DgqEgTz33Ig6HTumWrVimxUuvv8noEcPRtM9n1C79bAULFy8lYhgUDi7grGmn8f7MWbhcTs6ZfgbVNTt59c23ueDcGfTJ7cXMOfNo7+jg4vPO6XGqfp+PzIx0MjPSWbt+A1vKy1m9dj0bSjbhdDoo21rOz374XVasWsOny1eBbTN61AhOmTKJdz+cyc66Ovx+H08//z8iEYO+fXKZdsoUVPXzLznWri9i9rwFBEMhRgwt5KwzTutxLftjWRYZGRnk9e/Pj3/yE15/7TU8Hg+q+vlC+hs2bOCf//wnTU1NDBw4kJ///OckJSXxj3/8A03XWblyJR3t7fz8F79gwvjxtLW18a9//Yt169aRmJjIL3/5S/Ly8qRmCyGEEOK41dbewaKly8jJzqJgYB4ulyv2u1AoRElpGZVV1Zw8YRwJ8XFfbuPAtjEsCxVVQ1G1Y7KADMukd04OV15yER/PmRftCXfoKICuaSxauoxX33yHcaNPYtSIYTzzwsvU7dpFclIiqqqSPyCPQQMHkJyYiNPpYGD/fvh8XrBtdIdO8cZSnnz2Bfr17cPEcWP4eM48Ppo9B03TmDnnEyzLYvXadcxdsJDVa9djWRYfz/1kr5v/hMNhWtvaKN64iVXr1tGvbx/a2jv4cNZstpRvY/jQQpYtX8WLr77BsCGDGTGskFfeeJuFSz5lUP5AdF0nNSWF/AF5NDY1sWrNuljPva5rVFXX8PiTz5CTncX0009lzvwFLFzy6YG3dWwbXdd5+OGHaWxs5K677gJAURQ0VaW1tZXrr7+e1NRUfvKTn7Bu3Tp+97vfYRgGb7/zDm+99RaXXXopfr+fW265hXA4zF13383iJUu49dZb6d+/Pzf++texbzqEEEIIIY5HXo+bnOwsioo3UrxpM6FQuDOchyneVEpRcQk52Vl4PZ4v/bkVVQNVO/bXQTcti2mnTmFHVTVPv/AS3/nm1ei6RsQwWLVmLW63k4bGRgzDIBwJ09TcwpCCfNas38BpU09G13W2ba/A5XIxZdIE6hsasGwLBVi9bh1ZmRlceuF5ANTW7WLpshVcf901fDxnHps2l7FxcxmFgwso3VxG2dZyQsEgo0cN73GOuq6zbkMxt//5fsKRCH1yc7ngnLMo3liK3+/nh9dfR1JiIg//83EKBxdwzlnTANi6bTsrVq3hZz/8Lm6XiyEF+UydNIGq6hq2btseO76maawvLqEjEMAwTbZX7EDTdcq2lnPK5EkH3uAxDLKysnj8sce44MILGTduHC6XC93hYOWqVdjArbfeitPpJD4+nssuv5y6ujq8Hg/f+MY3mDFjBtnZ2Vx+xRXU7tzJzJkzKSws5MOPPqK5pYWioiKamprIyMiQ2i2EEEKI45LD4aBg4ABs26aoZBMAfXvnUr59O0UlmygsyKdg4AAcjiMXo4/5gG7bNqqqctWlF1FZVc1z/3sFm2jPsmlapKak0Cs7C9u2+eF3rqNf394sX7UG+HysePcx39FeaQXbjo4hcnf72sLtchEMhcjKzCAjPY2P585nV3091151BU+/8D8+mj2X9LQ0sjJ77tBpmiYD8/K46rKLiPP7SUyIR1VVTNNE0zTcbjcAkUiYOH9S7HEej5vGpiYikQi2/flYbnO3Me5d1+rxeOjdKwdN1bjiogvIzEg/6PIMBoOMGDGCO++8k9/dfDNpaWn069ePjvZ2vF5vbMiMz+fDNE0ikQiqqsbKL7q2p4Jpmiiqyrhx4ygsLEQBLrzgApKTk6VmCyGEEOK45nI5GZw/EFBYv6GYbdsraG1rY+iQwQzOH4jL5Tyiz39Mr+Ji23ZsAqfH4+b6a69GURQ6OgI4HQ4GDchjZ90u0tPSKBiUT0tbK5qq4XQ4iEQibN22nda2tm7BnM7AbqIoMDCvP2Vbt7G2aAM1tTv5dPkKBg0cgM/rZVjhEBYt+ZTM9HQG5vUjIy2dhYuXMnxoIfpu475Ny8Lv89Int1dseE3Xc3ZvHAwaOIDV64rYsnUb5dsrWLlmHQX5A3A5XViWGTvHruuOnqvd2QDoj2EYqKrKyOGFmKZ50JN7u09m+NZ113HeeeexcMECAEaMGMH27duZNXs2bW1tPPfcc/Tr14+0tLTOBoQda+wYhkFCfDwjhg+ntLSUySefzIgRIwiFQgc8Jl4IIYQQ4tgP6QMYOqSA9kCAoUMKjko4h2O8B93ldOLpNr4nOyuT6665khdefg0bOHXqyVRUVfG3x/4PVVHJSE+jsKCAoUMGk5mexiOP/4erLr0In89Le0dHtEWiqvh9PmzbZtzoUWzdtp2nnvsfYNMrO4tLLjgXgGGFg5k1L4WRw4fGQvHmrVsYXjh4j/P0ejw9JhB0cTgc+H2+2CTMaadOpXZnHY88/m9soGDgQM48/TRs28Ln8+F0ODrfEC48Hjeg4Pd5UVWNAf37ctF5Z/Pqm+/w2lvv4HK5uPrySw+4LDVNIzk5OXYuAH/84x9Zv24diqKQnZ3NXXfeyZ133onD4cDpdHL/fffh8XiIi4uLXZ/ucJCSkoLD4eAPt93GDTfeyJlnnoll20ybNo3Ro0f3mNgqhBBCCHE8h/TCgnz69s7F5/Xg6MxqR5pyzXXfsn1eLw8/+AA+n++YKpRwJIJlmrEhIl0CwSBOhxNNiwbB5uYWTMskIT4+1oMbDIUIBILEx/kxTRPLtnG7XNi2TSAYxOV0xu7b2tqGYUZ7hbuHy0AgiMvljA3xCIXCncG5p2AohNIZrLuLjouP4HG7ewTj5pYWbBsSE+IBYufkdDjQdZ1wOIxl2bjdLgLBIJqmxcJ7e3sHgUCgMzTv2YILh8PMnb+Y06ZOwun8/PeWZdHW1kZcXFyPcwmHQtGy6SzjltZWWltaSE1NjV1PW1sbTqcTp9OJaZq0t7fHjmMYBjU1NTidTtLT06UmCyGEEOJrrSMQYGNpGUMHDzqoQN/e3s6vfv0b2js6ju0edKfDAXu5MM9ugT2hM+h253a5YuPLuw+7UBRlj1m3cXH+vT5/9zCuqupew3nXc+2Nruvo+p5FnBDf83x3P6fuwXr3a/X5vNGVaA6SqqrEx+9ZTs7dzj0+Lo74uJ5LBvn9n5ePpmk9jqPrOr169ZLaKIQQQgjxJZGxCEIIIYQQQkhAF0eSDT2GsQghhBBCiKPDMIw9dqE/4GCuqtG9a6QYT7AWl6qiqgqVVdVkZ2VKgQghhBBC7EfEMGhobCIhPn6PlfoO5Vj1DY2oioqiHHw/+KZNG9m6uUwC+olG13UGDxpI8cZSSkrL9rrrqRBCCCGEABsbp9NBXr++VFXXEDGMw0pOtg2qppKRnoqqHVxAj3QujjIgP18C+okoNyebrIx0TMuSeC6EEEIIsc+ADpqqous6HYEgtm0fdnZSNRWHrqMe5HBjh8PBoILBdAQCEtBPVLquy4srhBBCCHGAvPtYre+oUhQZg75flgW2hXRBH6HmqqKCbGgkhBBCCAFEd3xvbW7GtCwJ6HsPkBY8cg+sWQW6Q8rjy2ZEYMQo+PnN0aAuhBBCCCFYv24dNTXVEtD3GdDXrILZc0HXwTCkTL4s3cvTtiSgCyGEEEIQ3QxyzLhxNDY2SkDfd5B0RMNkZjoMKQRZV/xLaPjYsKEIanbKNxNCCCGEELtxOBz4/H4J6PtlGNFw/uh/QZWiOmyWAT/+NuyokrIQQgghhNiNbdsySfSAKApoDlA0KYsvoyzlmwghhBBCiP2SAcAH1pyRMpByFEIIIYSQgC6EEEIIIYQEdCGEEEIIIYQEdCGEEEIIIYQEdCGEEEIIIb6+Ad0wDOwvcaJgMBiita0d0zSPmQK1bZtQOIxlWfu9X0NDAzsqKzGOsU2QmpqbqdhRSSgUktohhBBCCPEVOCrLLK7fUMKsufPZUVWNx+1m6JACzjrjNBIT4g8t6Jsmb7z9PvMXLUXVVH75kx/Qr0/uMVGgz7/4Eq+8/iYTJ4znpht/ibKPZQX/8vd/MHvufF569il69849Zt4QTz/7PM889yJPPPoIJ40aKTVECCGEEOKoB3TLxLaOXA/0rLnzeew/zzBiWCGTJ44jFA4zb/5iAK689MJDOubiTz/jzXc/4Fc/+yFDBuXj9XqOicJsa2vnhZdeZf2GDeyorOKqyy6hb98+e71vKBSmra2NY23hwUjEoLWtDcO0pHYIIYQQQhxFtmWCZaLrqop2hDaP2Vm3i6eff5kZZ5zG9779jdjtF54zI/Z/wzAo3lhKU3MLA/r3JSszA4Ca2p0oioJpmmwq20Kf3F7069Ob5pYWli1fSb8+vcnOzKC+oYHGJpXk5CQ8bjeBYJC16zcQDoUZXJCPy+nE4/Wga0d+o6Elny6jfNt2xo8dQ3HJRmbOmsMPvved2O9rd9axeOmnOHSNtvZ2nA4Hu+rrKdm4iX59epOfPxCAko2bKN+2nZMnTaBuZx2r164D4ORJE8hIT6duVz3r1hcxaNBAijeU0NrWxsQJ48jMiJZdS0sry1eupKGhkcEFgygYlI+maVRVV7Ni5Wps22bc2DFkZqQD0WEtixYvwTBM6hsa0HVd9hMSQgghhDjKNEVBV1V0XdfR9SMz0mVdUTHhSISLLzinx+1utwuAtvZ2Hvr7Y+ys20VqajL/eeYFrr3yMqadNoVPFi7ho9nzSE1OwjBNqmpq+c3Pf4xhmKxdVwzAv/79X0zDZPuOSn7x4+8zrHAwd9//MMFgEJ/Px6P/fprs7Ex+84ufkpGeemRbPLbNex98hNOp89sbf8nv/3gX7334Edd+42o8Hjfl27bz8xt+w+ayLcTHxxEIBPF5vUQiEf507wNkZmbw/NP/wbYsbrntDsKRMDvr6vjbI4+iqArtHR0MGjiA/zz+T8q2bOHGm24hLs5POBSmqbmZwiGDefL//kUgEOAXN95E0YYSvF4PlmXxl/v/jNfj5Te33EZbWxu6ppGQmMAjf3mAjPQ0fvqLG1m5ajUJCfGEQmGcTqfUECGEEEKIo6wrlx/RSaI763bh9bjx+3x7/f2sufPZtn0Ht9/ya/5w0w1cdN7ZPPO/VwgEg9jY2LbNDf/vR9x7x+8ZMiifj+fMZ9yYUUwYO5ohBQO57bc38Ntf/QyHrmNZFqVbtlJRWcXtt/yGO279DelpqYwfcxLpRzicA2zfXsH8hQuZMG4cY0efxBnTTmVDcQnLV64C4H+vvMq69Ru45bc38s7rrzByxHACwSC5vXpx2ilTWbt+PZs3l1FcspGi4mKmnzmNiePHcevvfsPMd9/gx9+/njVr17Fw0RIcDgeBQIDCwYN56fmnueiC81m9dh1r1q7jfy+/xrLPVvCbG37Oh2+/zoP3/okB/fvzwMN/o6WlhX/89UH++fe/UFNbyyuvvcE773/IwsVL+f713+b9t17j9FOnEg6HpYYIIYQQQnxFjmhA9/t9hMJhIkZkr7/fVLqFkcMLSUtNQdM0pkwaj2la7KisAhRysjLJzEjH6XTQv18fWlpbURQFXdfQdQ2Xy4nb5UJVVSzbIiMtFbfbzZJly1m6fCUdHQH69+3D0RitMXP2XBoamwiFQjz19HNUV9dgmhYffDQTy7LYvHkLSUmJTD9zGmmpKWRlZmBZFqqqcP65M7Atm7mfLGD2vE9wOBycPf1MBuT1JzExgcf/8xTLV6xCVVXqdu2KXq9lMWRwAX165zJ8WCGqolBXV8/GTaUkJydxwXnnkJycxKlTJ+N0udi6tRzLsrjj7nv4/R/uRFM16hsaWF+0Ab/Py/QzTic5KYmc7OwvXIFGCCGEEEIcOUd0FZeC/IGEQmEWLv6UGWee3uN3lmXhcDgIdeutjUQi2LaNw+FA6bxPNMSq2LYdWxHFtm26VmvsWrbRsmxSU5LJykhn0dLPSEtN4dprLmf0qOFHvBADgSAffDQTn9dL+bbtlG3ZiqqpJCTEM3/hIqqra3C5nJimSSRixK4VIBwxGDliOMOGFvL2u+8TCoWYfPJEBg7I40/3PchLr7zG+eeeTXZ2VvT6u80q7Vpe0rZtUBQ0TcPtdhMxIrS1tZGUmAiAy+nE6XSSnp7GvXffgcfjJhyOkJyUxD8fewLDNAmHo+dzrC37KIQQQgjxdXNEe9AH9O/LtFOn8MR/n+eNt99n+45KSsu28PdHn+Cl195i1IihrFqzjvWdEx3fePt9EuLjyMnKxDAMLOvzNGrbNlZnGI8GdLtH2EeBYDjE1m3biY+LIzUlGdM0qW9oPOKFuGzFCtasXc+pU6fw1mv/4/23X+PdN17h6isuY9v2Cj5ZuIgRw4fT3NzCI/96jMee+A/zFy5G0zRsy0LXdc47ZwalmzdTWVXFBeeeg23bzF+wkIT4eM47ZwYul5NQKBwb+mOaVqwMbNvGNEycTgeTJ02grbWN+x78K2+89Q6//PXvWL12LWdOO42Nm0qZOWsORRtKeOLJp1m9di0jRwwjFArx+L+f5L/PPM97H3yErutf6nr1QgghhBDiwB3RHnRFUfjuddeQlJjAezNn8fb70fCX2yub8885iz65vdhRWcXf/vVvFAXi/D5+9sPrcTgcOJxOfD4vXcuJuFwufJ7ocoput4tIZ0+vooDf78flcFJXV09yUiIej5v6hkaWLV/Jm+9+wJ9vvwWv58gtxVhaWkZcnI8Lzz+X+Li42O3nn3s27304k4WLlvCHW25i5arVfPDRx/Tr05spJ09i7bp1aGq0jXTmtNN57oWX8Pt9nDxxAoqicMVll/D4E0/y25tvY+yYkxg0aCButxuHQycpORG3291ZHm6SkhJRVZULzjuHzWVbePPtd1ny6TIG5PUnOSmJn//0RwQCQV569TUMwyQ3Jwef18fUySfz6WfL+ejj2Wzbvp1xY0ezYuUqHLoutUMIIYQQ4iugXH/99bbH4+G+++7Dt4/JnF+GQDBIW3sHbqcTv9/XYwOf1tY2gqEQiQnxOBwOAMLhMKZl4ekMod1/7upJdrtc2LZNIBDA5XLx3+dfZnvFDv54840oisInC5fw5DMv8o+H/kx8fNyBn6xlwI+uhY9mwlnT4bFnQd13YA2FQoTCYeLj/LDbiPf29nYM0yQhPh7DMNlVX098fBxej4fW1lZ8Ph9qZ0hva2tDVVW8Xm/s8bvq67FMi/T0NDo6Ami6hq5ptLe343K5cLlchMMRgsEAHo8nVn6NnePhU1NTeqzS09DYSDgUJjk5Gaczel/btqmr24XX68Hv99Pa2nZklqY8yHIVQgghhPi6aG9v56abbiIQCHDU0pHH7Y6F7d3FxfmJi/P3uG33pf66/+xyff5/RVFigXbKpHE8+u9ifveHu/F4PDQ2NvGda686uHB+CLqC8t50b/TouhZbezx63T3Py+/37/H41JSU2P+7b8gUHx/frWwcsbDdJSkpca/nk5yUtGcrTVFIT0/r8XoIIYQQQoivxgnVfZk/II8/334LFTsqsSyLnKwsCZtCCCGEEOK40LUwygk3vsDjdpM/IE9eYSGEEEIIcVwpKSmhrKzsyK7icsKQfe+lHIUQQgghjqBIJIJpmhQUFCAz9L6IbYMZAVWWHTxslgGyfKMQQgghxB4cDgeFhYVHd5LocUnXYUMR/Pjb0vv7ZTV2NhRFy1UIIYQQQuwlLtkS0PfJMMA2oa4OZs+S8vii4G0dRKPHMMCISLkJIYQQQnQyTZPm5mYJ6Puk6uwaPIol24LY0tu7X5YNvfw6YzJcB9f4GTFS1kAXQgghhOhm7dq1VFVXH1xAN02TLVu2YJpmj42GTkRlU8/j1axTsWwZ3bL/gG6T7dNxD/LhOJiCUhTYuFEKUAghhBAnFNu20TSN/v37ox3Epo+apjF+/HiampqkB31f8pPd3D3JIwVxQCEdgqZ9KO9gKTwhhBBCiE4OhwO/339wAV3TNAYOHCilJ4QQQgghxJfMtm1s25Z10IUQQgghhDiWSEAXQgghhBBCAroQQgghhBBCAroQQgghhBAS0IUQQgghhBAS0IUQQgghhJCALoQQQgghhJCALoQQQgghxIkS0A3DwDAMKQkhhBBCCCG+Ql25XDUsC/Mr3nLdsvb//KZpEo5EsI/ieZqmJe8SIYQQQghx9PKnbWNYFiqqhqJqR/wJK6preOSpF1i8fHXsNtu2efGtD7j7b4/T3NK2z8e+O/sTbr7nbzQ0Ne/zPu2BAG98OJsHHnuKR599mRXrNmBZ1n4aBRYdgWAs9IcjEYKhMAA1O3fx+wce4a2P5sg7RQghhBBCHBWKqoGqHb0x6Dt3NfDmzDkUlZb1COjbq6op215BRzCw38duKt9GKBzZe2vDNHns2Vf4v+dfZXN5BfM/XcFjz75MW0fHPo+58LNV3HjXg5imCcC/nv4fT7/yFgChcITyHVVU1tbJO0UIIYQQQhxV+tF6IlVVcTmd6JrW47YzJ09kUP9+pCYlsrZ4Ez6vh/aOAFW1dYwYkk9WehqqqqJrGpqmEjEMlq1ej9ftYmRhAYqi0BEIsmTlaobk53HPTb8gGA5RV99IvN8PwKYt2yjbVkF2RhrDh+RT39DMgmUr2LmrnoWfrUJTVVasKyY3K4MlK9Zg2zZXnX8WhYMG0NDU3PnYdDZsKiMhPo7RwwajaRotbe0sX1OEbdv0652DQ9fJyUyntq6etSWl+Dxuhg/OJz7OL+80IYQQQghxdAJ6U3MLTc3NWJ1jtlVNo3evbFT1wDrn5y9bwaer1nLKhNE89/q7bK2oxO120dzSSnZGGvfd/CtUVUNRFDRV5fk33uOVd2fyi+9+E0VRoheh6yQnJLC5fDuPP/8Kk8eexKihBQC88t5MXnnnI+Li/LS1d3DRWaeREBfHZ6vXo6gKz772DrYNrW1tbN4W5j//ex3TNKlraOK6S8+nd04m9/7rSeL9fkLhEO0dQb59xYXMOOVk7vzrY+yorsXrdtHc1kZ2ejrfvORcHn/+VQzTxLIsTpkwhu9ffWmPa7Ysi+07qrBMExR5EwohhBBCHNdsUDWVxIQEEhPiD/twhzzExbZttmzdxuYtW6OrwCiHfpyuYSaWZeF1u7n/lhv45sXnUb6jiuLSLeh6tNf9rZlzeWvmXC45expnTpkQO4bH7eIH37icnMwMPpi7kN8/8Ah/eeIZdlTX8PK7H9EnN5tf/+BbnDRsMK+89zEnDR3M2BFDcbtcPPD7G7nnd79Ad+hMPGk4f7vzd9z68++jaSqmZWHbEA6HmT51Iv+461ZSkxNZtmodZdt3ULx5C1ecN51f//DbhEJhzpw6kZbWdiqqajh1whju/d0vueLc6fKmFUIIIYQ4kSnRFVg2b9nKlq3bDnthk0PuQa+sqqalrY1hhYNxOZ0Hfv6Kss/bbCAhPo6s9FRyczLRNZ2OYAhVUQiFQrw/ZwEAU8aN3uM4Y4YPYVRhAUWbNvPMa28zf9lKsjPSwIZdDU383wuvEokY9M7OxAZ0h46CQpzfR7hzbLvT4cDn8eDzeHocX1VVcrMySEtJIi0libaOALnZmQwe0J93Zn3C3MXLyExLZVRhAS6ng8L8PN78aA6LV6zmW5ddyJRxJ/VsFakqfXv3kjezEEIIIcQJJBQOU7yxlMqqanrlZB/ycQ6pB900LXbuqqdf79yDC+dAOByhvSNAW0fHXid9drU4ulZgURQF27Zxe9z87NtX43Q4eOa1t4lEPl+7vb0jwCvvzqRsWwUFA/rRKysT27LISk8DRWFQ/7784Zc/4o+/+jG//N61ZKSlYBgGlmUTCAaxLAvbtglFIhimyd7aPGbn+dh29Dqcuo4COHSdkUMK+PUPv01udibpqSnc9osf8usffptAIMQr787sca5CCCGEEOLE5HI66dc7l5276g9rye5D6kG3LAvDMPB6vQf1GMu2eXvWPD5esIRwJMI5p03GsiyCoXA0IIcjhMPhWCAOhkKYnc/V0RFg2OB8Ljl7Go89+zJvfTyXS88+A0VRqKzZyUvvfMgzr7+D1+2mta2dyeNOYsKo4ZSUbeXtmfOoqK4hFI4Q5/Ny782/JD01hfqm5fz6roe49tLzSU9JYe7iz2hsbuGK884iHIlgGObn59E5DCcUjhA2IoTCYRqaW2hta2fh8lXMWbKMaSdPoFdmOi+/9xGDB/QnFA6T379PbIiOEEIIIYQ4sXm93s6OYAtNO7TR5NqwESNvdzoczJg+HecB9oZblkVN7U6yMjIO+IlVVSEpIYFhgwZQMKA/gwf2ozB/AL1zsunbK4fCQXm4XU4G5fVjYL/eqIpKSlIiI4YMIjkxgZzMDIYOGkDBgH4kxsfh8bjJ65OLqqokJyYwZnghyUkJ9MrKYPqUiVx14dm43S5GDikgJysdp8PJgD65XDzjDNJSkuidk0Wcz0dORjqjhg5mVOEgfB43A/v2Ib9/HxIT4hk+OJ/MtFSSE6PnkZQQj65pDB7Qj4amZhYuW8l3r7qEKeNGsbWiklVFxVx94dn4vF5C4TBTx4/mkrPPwOl0yLtVCCGEEOJr4FByMkAkEuHjWbMJhUIo11z3Ldvn9fLwgw/g8/kO8AAGq9auY9TwYTgc+tey8JevLeL+R58iIzWFhHg/W7bt4PTJ4/neVZfIO1MIIYQQ4mvqUHNye3s75190EVs3l6FLMR6aMcML+dNNP2f1+hIM0+TSs89gZGGBFIwQQgghhDiEYB/BMk0G5OdLQD8cA/v2ZmDf3lIQQgghhBDisDgcDgYVDKYjEDj0ddCFEEIIIYQQX6LO1QulB10IIYQQQoivmGmatDY3Y1qWBHQhhBBCCCGOBevXraOmploCuhBCCCGEEF81TdMYM24cjY2NMgZdCCGEEEKIY4HD4cDn90tAF0IIIYQQ4lhg2za2bUtAF0IIIYQQ4lgiY9CPI4ZhYFoWihTFCc/hcGDbNoZpfgmvt4KqqWiqtMePNNu2iUQiUhBST6WeSj0VX/XrDGiqiq7rRCJG5y2HWUsVFU1TUZQjn8QkoB8nKiqrKN5YimVZKBLRT/g/K6mpKaQkJ9HQ0ISiHt7rbds2Pq+X7KxM4vw+Kd4jJBQOs3rtehobm1AUCVlST6WeSj0VX20NtXE6HPTr25u29g4ikchhBWvbttE0nZTkJLKzMlCPcEiXgH4cMAyD4o2l5Of1IzsrUwrka9Dqb25uwQYGD0rDPsxWf3t7gJranbS0tMoH/xG0vaKSQCDI5EnjcTocUiBST6WeSj0VX7FwOEJjczP9eueiaofXIDNNk/r6JnbVN5CZnoaqaxLQv+4sy8KybHKys3DIH5SvhfS01C/tWB63m+aWZiKGfKV7JAUCQVKSk/H7JFxJPZV6KvVUHAucTif+L7nB29DUhG1bwJEN6PL9znFCIfr1ihAH/d5RFFQZ13pUylkIqadST8WJS9M0jtZbSP4aCCGEEEIIcQw57gO6aZo0NTXvMSO7tq6Onbt27fNxlm1TvHETNbU7v/A5Ghobqdm5k/ARnPVtGAZr1hfR2NR8xJ7Dtiza29vlXS+OqEgkQlNTM6Zpful1squ+NzQ20tDYSFt7B5Z1eN8slW0pZ1vFjmOm/EKhEKFQSN5I4itn2zZNTc17vB9bWlqp2FG53291t++oZPOWrV/4HK1tbVTV1NLRETiuyqajowPLsuRNIo5gQLdMbMs8bi+gpraOO+59kLXrN3QLuyb/9+SzPPnMC3uEhNh9IgbPvPgyS5ct3+exw+EIz7zwEn/40338+YG/8sc/3c/msq1H5DqCoRBPPPUsG0s3H7GyKt28mV/dcIO868URVbKplDvufZCKHZV7r5P7+FA7kDrZVd/vuOdB7r7/YW67+14e+Ns/KNl06PXm7fc/5OM5nxwz5ffoo4/y3HPPyRtJfOUCwSB33PMA8xcv6XH7Bx/P5k8P/pXW1rZ9PnbOvPm8+c77+w3xc+cv5La77uG+v/ydm2+/mwWLlwLw2cpVbNtesd9z21XfwILFS7+SkBwOh/nu975HfX29vEnEl98wtkywTHRdVdGO4zFZlm3R3hEgYhix2zRN46wzTkNTVVRNw7ZtFEXBtCxURYmNQbMsi+6db6Zpoqqfr2+5au06Plm0lB999zoy0tJZvmo1Tpczdrxo8DDQ9T3n2hqGib7bDF/LtrEtC03reXv03A/tNaiqqmL16tVkZmZy0kknYds2JSUlZGZmkpSURFtbG+Xl5QwcOJDly5ezefNm1q5dS58+fUhISGDbtm1s2LCBXr16MWzYMKkZx3JvTecybLuPobRtm/aODlRFwev1fuXnapjROmma1t7rZLfzN02zR334ojoZre8dXHDODEYNH0pdfT2z5s7nL/94jN/+8qcM6N8Py7JRO5e86woHiqLE6q1l22DbsfG+0V3bdq+/n9fr3euybdtYtn3A61VblsW69evZUVHByFGjyMnOprW1lW3btjFkyBBUVaW8vBxN00hMTOSz5cvJ7dWLLVu20K9fPwCWL19OfX09o0aNIiMjQyqE1NOjExQ6zzkc7vnt8ZiTRpKWmorX5/2CemX3qAdA7Pe76ut55Y23mXbqVCZNGMuadUV4vdHjvf3eh5xx2in06Z3bo05Gx/9Gy7V44yY+mjWHCWPH9Bi7HzEMHPrBr38RDAZZsWIF7R0dTJo4Eb/fz9atW9E0jd69e2OaJhs2bKBf//6Ul5ezcuVKioqKGDJkCOnp6bS1tfHZ8uUowNixY/HJJNRjkmmatLV34PV4cDj2fJ9EIgYdgQB+n3ePrHa0aIqCHl2/Xd9rwDyeqKrS44+hokBDQyOarhEJh3n2f6+SnJRI6eYyUBQuueBc+vXp3TkpJ/q4D2bOprq2hmsuvwy32wVAa2srlmURHxdP79wceufmALD40+Vsq6hAATaWljFwQD8uPv9cPG43a9cXMXveAoKhEMOHFjLjjNPQNI0ly1awcMkSLMti/JgxnDplEoFgkHfe/4iNpZtJTEwkYhgHNYFl+fLl3HzLLWRmZrJy5Up+feONfOtb3+KGG27gF7/4BTNmzKCoqIhf/+Y3PPboozzzzDNsKSvj/gce4Cc/+Ql1O3dy1113MXLUKIqLiznrrLP4/a23ykSlY9Cmsi3s3LmLEcMLSU9Njb1PbNtm565drFlbRHp6KiOHDf3Kz1XprJM9buusk7qu0dzSwmtvvUtSUhLFJZvw+71cftEFZKSnfWGdBFAVlfS0VHKys8jJzqIgfyC3//kBZs7+hDi/n9fefpeLzz+HrIwMPlm4mJqddVxwzlm89OqbZGamU7KplGAwxIXnzmBIwSAUVY1N+tm8pZwPP55NS1srA/P6c/6Ms/jg49m0tbdz7VWXU9/YyAsvv84Zp01hcH7+AQWcv/71r3z40UfEx8Wx7Y47eOP119leUcGtt97Ku++8g8/n4x///Ccej4dx48axcMECsrKzCQaD/PGPf+S2226jpKSE3N69+cMf/8hfHnqIyZMnS6WQenqUPl/33JSlpaWNHVVVRMJhXn33QxwuB9srKukIBDhn+jRGDR/WWa+in82r1q5n/qLFXHnJhWR2NjADwRDhSASv10tGWhozzjgdgNfffpeanXXMW7CYXfUNTJ00kVnzPmHz1nK8Hg9XXHwhlm0xe94CGhqbePyppznztFPIzEjnjXfep6q6htTUFC46dwbpaWkH3LD68U9+Qnt7O/X19aQkJ/Piiy/y17/9jfi4OO666y7a29v5wQ9/yEMPPcRLL71EXV0df3/kES666CLOmDaN7373u/j8fgDa29t58j//ISsrSyrFMaatvYNFS5dFPzsG5uFyff7ZEgqFKCkto7KqmpMnjCMhPu4rOceuXH7CJrGNpZvZXLYFy7L5bOUq1qwvYvSokXR0BHjxldcJh6ML1muaxqKly3jr/Q85acSIHkFg5PCh5GRncu9f/sZ9Dz/CshWrANhZV8f7H81CUzUmjB3N7HkLWPLpZ+yoqubxp54lJzuL6aefytz5C/h0+UqKN27i6edfpHDwYCZPnMAb77zHhpKNzJo7n7kLFjH15In0ys7C7PYtwIHo378/zzzzDM8+8wzf+973eO311wkEAoQjkdjQHtu26ejoYODAgXz7299m6NChPPmf/zBi+HDuvPNOfnXDDfz7iSf4v8cf55lnnmF9UZHU4GNQTnY24UiEZStWs3PX51+r7txVz7IVqwhHIuRkZx/7dXLLVsKhMEuWLadsy1YmjD2JHZVVvP3+h1i2jcL+6+TuvXEAbpeL4UOHsHXbNuobG1lfVEx7ewcAO6qq2VhahmGYLFuxik8/W8nI4cPQNY2nnvsf7R0dKGp09YzGpiYe/fdTuN0uzj5jGmvWFTFzzjyGDilg/qIlzF2wiJdfe4vm5hb65uYeWGNFUbj00kt55+23efHFF0lISGDmzJlomkY4HO7WaxOho6OD8849l4mTJnHVVVfx0EMPsWTJEuYvWMBzzz3HU08+yfnnn8+9992HcZB/K4TU0y/TjqoqVqxaQ8QwWLthA8uWr2RY4WB0TefZF1+JbQijO3Q2bS7jP888T/++fXsE5sz0NEYMLeR/r77OH+6+j49mzSEYCpGTnY2iKGRnZZDXry/VtbW0tLVx2tTJBAJBnn/5VbweD4kJ8TidTgYPyifO7+ffTz9PxY5KZpw5jWAwyDMvvoJhHNjwXafTyR9uu41XX3mF/z71FGvWrmXLli1YltWjrgUCAdxuNzfecAOpqan8/W9/45vf+Ab/evRRvD4fL77wAi+88AJOl4tHH3tMKsQxyOtxk5OdRVHxRoo3bSYUCneG8zDFm0opKi4hJzsLr8fzlZ/rCbsOuqZpaJqGjY2u65w+dTJTT56Ibdu89f4HhMIhnA4Hiz9dRlNzC9dedTkjh/fs1UhNSeG3v/gZy1asYsmy5fzziSfR1O+i6zrZWRlcdtF5KKrK+pISysq3EQgE6egIYJgm2yt2oOs6ZVvL0TUNG2hra6OjIxocioo3UlK6mckTx3PK5EkEgyFmz5t/UEsp+v1+3n/5ZdatX8+6deuwbTs2JKDrq5muHgxFUaItMlXF6XRSW1tLU3Mzp0ydCsCgQYPonZtL6aZNDJehLsec1OQkxo4exbIVq1i2YhVjR40A4LNVqwEYO3oUqclJx0Wd7ArV5551BkMKBtHY1MyadUWEw2Eczv3XyX3p+ppd7Xyfd/X4aaqK3vmcmqZx2tSTOWXyJLIzM/nrvx6nprYOTVHRdY2SjZtpbG5G13W2VezAoetsKt3MBeecxUXnns0zL75MfFwcv7vh53gO4o+3oqo8/Ne/UrdzJzt27CAYDHZ+y/B5z6TarbdR7SwnTdNYu24dhYWFZGZGNyibdvrpvPbaa3R0dBAfHy8VQ+rpV0Lt3D49WvdgwtgxnHHqVFKSk3niqWdo7wjg0HW2lm/nH48/yZhRIzn/7Ok9juFwOPjx977N8lVrWL5yNS+88jq7Ghq44uILec7pZPjQIbH6P6B/P6pqakhLS6GouIS01BTy+velvqGRaadMob6hkY2lmxk0MI+KHTtQFZVt2ysIhULo+hcPJ9J1nfr6ep566inqGxowDINAIICiqrFvlLuWwVQ6768oCk6nE1VV2bRpExMnToztUzJuzBjWrlsnFeIY5HA4KBg4ANu2KSrZBEDf3rmUb99OUckmCgvyKRg4YK/DXySgH8aH/xd9gHfdr2t7X9uGOL+fcDhCVU3tXh8THx/HGadN5dQpJ3Pz7XezqWwLcf44VFXFJvp1vkPTsS0LwzTxetz07pWDpmpcftEFZGVm8PHcT0iIjye3V3SIzLe+cRVpqSksX7UGrzf6QX8ou9Dde++9rFy1ij/cdhsFBQW8+sor0bGAlkVLSwsQnczS1dtomWasHBISEtB1nYodO+jVqxdtbW3U1tWRdoBfCYqjS1EU0lNTGDd6FJ+tWMUni6KTtnw+L2NPGkV6asoxt77v/upk9H36eZ3sev/btr3fOtk9IHTpCARYs76IvH59cbtdWLb1eUDvtnOconx+Tpqmde4t8HlPvGmZ6JpGv969cbqcnHvWmaSmJAPgcrswO+uPfhBDwFpaWvjGN77BxRddxM9+9jMqKiowTROHw0FDQ0OsPgaDwdiYVauzkQ2QnZXFB++/j2VZqKrK1vJy4uLicLpcUimknh7VQH5gdT7aOdQ1/tzpdOL1ethZV0c4HMbpdO4RjCeMHc2EsaN58pkXWF+8kXOmd4ACduffh9Vr1/PKG2+Tk5NFe3sHmqrt0bNtWtE60ys7m4y0dLIyMjn9lCl7/fZtb5YvX87P/t//4+abb6Zg0CCWL18e3dZdVWnu/Cy1bTs21822bSzLigXypKQkyrd+voDEjh07SElJkQpxjHK5nAzOHwgorN9QzLbtFbS2tTF0yGAG5w/E5XIeE+d5QgR0y7LYWr4Nn9eLaZqkpab0COWWZfX4f1dgDYfDjB87mtxe2fzt0Sfom9uLsaNHxY77/sxZVOyo4pTJE9lZt4uGxkZyc3JoaW2juaWV7TsqiUQibCjZxGUXn0+fXr1476OPUVWVkcMLWVdUjGGa5A/IY/HSz4jz++nbpzdr1xXhcjrpnZvDilVrGT/6JIpKNtLW2bt+oKpratBUlW3btvH222/T1t6O1+tl2NCh3P/AA1RUVDB7zhxaW1qwLIs+ffuyqbSU2267jUsuuYRvfvOb3HTTTVx+2WUsWrSIAXl5jB07VmrvMf7hP7bzwx9g7Ekjj8kPfdM02VRWRiAYwLRssjLSox+6+6qTnf8Ph8NMGDtmn3Wy6/6VVdWUJSexa1c9c+YvpLW1jbPPPJ24uGi4X7OuCKfDwYaNpbicTpTO5y7fXkHh4EF8smAxHo+HzIx0DNPEMAzy+vdD1zU6gkHGjT2Jkk2lRAyDyuoa3nznfa6+7GJWrV3Hsy+9ys9/9L0DmrsTiUSoqanB5XIxd948lq9YwcSJE8nLywPgV7/6Ff369ePdd9/lqiuvBCArM5MXX3wR0zA4//zzefLJJ/npz35GwaBBPPPss/zgBz/ALQFd6ulRYgNVVTWUbCzFNE2Sk5Ohc6I0dC5+sJfPV8M0yc7M4KrLL+GeB//K6++8z1WXXhQ77pp1RXw8bz7Tpk5GURQ2bNxE/oD+0Ua2ZVNVU0vtzjpmzplHWloq1151Oa+//R7bO5dE1TWd1rY2tpZvIzkpibSUFHbVN3D29DPYVV9PfX3DATcsWlpaaG9vx7YsXn/jDSoqoivITJgwgZtvvpl7srMp27KF6qoqLNsmISEBr9fL73//e8497zyu/853+MEPf8gdd94Jts2iRYt44oknpDIc8yF9AGCzYeMmhg4pOKbCOYA2atSo2x0OB2eeeeYerdv9BeKa2p1kZWT06KH6KrS3t7Ni9Vq2btvOyjVr+XT5ChwOR6x1O3TIYBYtXUZhQQG5vXLYUVnNtoodTJk0gZWr15GdlcmUieMJBoIsWPwpo0YMxeN2dx67g6WfLWfBkk/ZULyRSePHcs70aWzavIWi4hI2bS5j4ZKlFA4u4PyzzyIzIx1N03j3w4+ZO38hm7dsZdDAPEaNGEZbRwfvvP8R8xYuprKqmhFDh5Cfl8eyFauYv2hJbNWIIQWDyM7K3CPslG+roF+f3B69ksOHDaOqupr6Xbu47NJLGT5sGIWFhYwbN45gMEh7ezvXXnstI0aOZNjQoeTm5hIfF8euXbsYP348F110EV6Ph9LNmxk6dCh//MMfiIuLk5p7jH/4+7wecrIz6dsnl6SEhAP60G9sakZRFBITEo74OdY3NLBmfRGbNpdF6+RnK0iMjycUDuNwOBg4oD/LV61h9KgRpKakULa1nMbGRiaOH8vylau/oE5G6/uW8m0sX7Wa4pJSUlKSuf7aq+nbpzcup5P2jgBzFyyiqGQjHreb+Lg4RgwrZN7CxdTV7WLRp8uo27WLb1xxKX1657J63Xo8bjcnTxhHfFwcH8yazZx5Cygq3kjvXjksWLSUxIQEvnnlZWRmpEcDQ2oKOdk9J4DtrIuu8Z6R/vn2716vlyGDB7Ni5UpSUlK4/PLLGZSfT15eHmPHjGFzWRm9evXiumuvZdCgQfTr148hhYW0trbi8XiYNm0aZ599NtsrKqirq+M73/42V191lVQEqadHp6FtGCz9bCUVOypZuTb6+RqORIiPi6O2dicnTxzHitVr6JWTTf6APHY1NFCysZQpJ0+kfHsFoVCQaadMISUlmfc/mkWf3rmxDrSIYbC+aANz5i9i5eq19MrJ4qrLLiExPp6m5mbmLVjEroZGhg4pYPnK1Xy2cg1q5zCTyRPH4/V6WL1uPQuXLiOvX18mjB3DoqXLmDl7LstWrCLO76dgUH6PVaP2VU979+6Nz+djzdq1jBwxgvPOO48BAwcyccKE6OTu7ds55+yzmT59OkMGDyY1NZVB+fls276dIYMHM3nyZMaNG0dJSQk28LubbpLOruOArmukJCfRt3cuOVmZB5SBI4ZBfUMj6Wmp+/2W+FBzciQSYdasWRiGgXL99dfbHo+H++6774CXBYpEDFatXceo4cO+8nE6lmURDIU6vw6LflHucDjoGn/icjjoCAZxOhzouo5hGIQjETxuN8FQCF3TcDgcseWk3C53jyXVIhGDlpYWHE4H8Z3h9bW33mXpZyu45cZfoqiQEB/f449ve3sHgUCAuLi4Hq2x1tY2QuEwCfHxsXILhkIEAgES4uMxDKPH2L4u4XCYufMXc9rUSQfciBKiuy3l21BVlb69c4/4c5mmSSgU6ly6MFonnU5nrJfN6XAQCAZxOZ1omkYkEsEwTdwu1xfWye713cZGUzU8HvcePX5NTU3ouo7P640d/9e33s6lF5zH2NGjcDr02DjyUCgEioKrs24FAgHaOzrw+Xx43G7a2trxeNyxP8YdHQFUVd3j6/N1RSUADCsskDecOObr6QH1nts2gWAwVt+ioUZHU1UMw8Tt7llnTdMkFA7jcbuJRCJYth37tqe9owNd03qsmmHbNk3N0SEkCfFxsR5vy7JoaW3F7XLjdrtoam7Gtm0SExIIhcK4XE4URaEjECASjuCP86OpKpFIhOaWVpzdPq93J/VUHI6OQICNpWUMHTwoNsTpy8zJ7e3t3HTTTQQCgeN/iIuqql8427b777svK9nVK9fV4+HfSwPF4dBJ6RyH2iUxIYHsrAzi4+P22jLy+bz4fHtOTImL87P7nwy3yxX7AybhW5wINE37wnWeu9dJh8MR+0P3RXXyQOq7AiQlJsZ+drlcWMEgOdlZJCUl7LF0lmu34SIej6fHJFC/v+c5dM0bEeJEpyjKPuvb3uqspmmx++/+eebby98ERVFISkzY6+d6928Ruv+/e8PY6/HAbn9LUnf7vBbieKVLERy8U6dMYurJE77y4T1CiAPjcbv57S9+tsfmYUIIIcSxRFXV6IIEUhQHr/tycUeLDcflBCPx1bMsC9O0UNWvdzh1Oh1Hto5222FYCKmnxyapp+JwGIZxUMthH4qSkhLKysokoB8vrSlVVaisqt5jAqk4ET9AoK29nXA4TEJCPBzG3wKb6LE6AgFSPTI040jyeNxUVlXT1t6O0+GQApF6KvVU6qn4ikUMg4bGJhLi42N7YhzOseobGlEVNbZc95d+vp0bTRYUFEhAPx7ous7gQQMp3lhKSWkZCtL6P8E/+klLSyEtNZXNW8r3WIXgYFl2dPxnQoJsbHMk9c7NoaGxkYWLPz1if7yF1FMh9VQcaA21cTod5PXrS1V1DRHDOKz0ZNugaioZ6amoR2iIs8PhoLCw8MSYJPp1kZuTTVZGOqZlSTz/GuhaESE5KfHwG2RKtJHn0KW6H0kup5Nxo0cRiUSkMKSeSj2Veiq+8oDeuZu0rtMRCEaHNx3mMVVNxaHrh90g/+LGgIxBP67oui4v2Nft9ZYP6+NK1/bfQuqpkHoqjh3e3ZbjPVaZpklz57Ki8ldFCCGEEEKIY8DatWupqq6WgC6EEEIIIcRXTdM0xo8fT1NTEzJDQgghhBBCiGOAw+HA7/dLQBdCCCGEEOJYYNs2tm1LQBdCCCGEEOJYckgBXVEUFEXBsiwpQSGEEEIIITpZlhXLykc1oGuais/rpWbnTnkVhBBCCCGE6FSzcyc+rxftMDY0OqRVXBRFoU9uDiWbygDISE9DUzV5RYQQQgghxNeSaZnU7qxj164GCvLzDqsH/ZCXWfT5fBTkD6C8Ygc7i4qxLRvZ4lIIIYQQQnzt2KCoCl6vl4L8Afh83sM63GGtg+7zeSksyMcwDGxbXhshhBBCCPH1pCh8aTsLfylHkW2OhRBCCCGE+HIcWrK2bbBNsJFhLSeqrtdW0aJNQiGEEEIIcXQCumEYGIZxcI8qWgmPPASWJeHthA3oNqgq/L8bYehoKQ8hhBBCiCOsK5frhmVhHuwA8l11MG8emBaYZjSoixOHqoKmgabC1ddJeQghhBBCHAWmbWNYFjqqhnKwSySqKjicoFswpACSU5FZoicIRYGGXbChBBQ1+loLIYQQQogjH8NUDVTtMCaJ2p2DlH/6K5g6neigZXECvDVg/kz46Y+k0SWEEEII8RU4/OVXNB1kk6ITiyar8gghhBBCfFUOavyCZVlU7mrA6r4pkfSynnjkNRVCCCGEOD4CumlZbKvdhSmTQoUQQgghhDgiDnosg3YQkwYtG4KGha4qOLWeyzEGDQsbcOtqj6XUw6aNYUV7cBXApauou63kGLFsImbnfRRwaXveRwghhBBCiK9FQD8YxfUBvvlWKaMzfTx2dh56Z7bviFhc+tomWsImb18+iBTP56dxx8IdvFVSj60oWDb0TnAyNsvP90em0yfBBcBjK2t5bHktqNFGQJ8EF+cNSOS7I9Px6LLqiBBCCCGEOH4d0TTbHrZYXdvBhl0BrG7jmk3bZm1dB6tr2wlbPcc7lzeFKKrpwKWrDEx2s6UxxJ/mVTDt+WJW1LQDUNkaZkN1G05NZWiah5U17fy/97dw54IdspbM/2/vzuPrOOt7j39mO6t0jvbVux1bthM7i+OQjRACgUII+w4JgbKWtpf9lv1V2lsoFEqhpdxCQxN2aFluQptAIM7iJM5qO46XWF5la7G2I+nsM/PcPyQrdmwT2ZYl2/q+Xy9H0tHMnJlnRnl95zm/eR4RERERUUA/FssCz7Zwj1J/4tkWnm3x7N/Y1uh/PnFpC796/RIef9d5fObq2bT35vjo73YTmtF1AW5cUcfPXrOY37xxCbGYyw839ZEtqT5eRERERM7AYG7bGGM4betBbEZr0CsiDh97XgsL6xOs3TfC3qEizlhAj4zVw9vW6M+hMRj1oYuIiIjIGWjbtq08cO+9nLYDXh8asxOezcKqKO39BXYMFsd72X/99AD7R0r8atsAhWyZV6yoJ+mpBl1EREREzizlcpkwCFi0ePHUBXTrOF8/lB8a9o+U8RyL1kpvNLzbFnfvHuLePUM0V3p85Pmz+N+Xtoz3pouIiIiInCk8z2NJ21Jy+fzUBHTLAu+QYRYPjdDuMcZHPDgsozHwHxt6eao7y7nNSRZUxfADA37IZ66ZwwcubCTi2Oo5FxEREZEzm2VhjDm1Ad0AlmWxpa/Ae36zA9u2iDoW7z6/AduCkVLIh363iwrPIQgNb15eh+fYYAzfXX+AtR0jbDqQ4zftg6RjDl98wRxc28IPgdCQcG2qY5qWXkRERETObEEQMJzJEIThqQ3oEduiIeGRLQf8cFMfoTFURGxe11ZDfcJloBDwi60DGGPwA7igqYKamEN1wuOePUPctTNDQ9Ljjctq+fDqZla3VACQ9Gyqkx4xjXkuIiIiImeJJzdupKur8/gDehBOfBjD8+rjbHz3eYc98HlwZJbfvnkZgTl8xJWEZxOE8KnLW8df82yLiohz2HIfeV4zf3ZRI3GVtYiIiIjIWcBxHFatXs3AwMDxBXTHtpnbWIdzYOcEl7eoOkYJSirqHGOl0aD+x8RdWzOGioiIiMhZxfM8khUVxxfQbdumta5mdDYhDTcuIiIiIjJpjDGn90RFIiIiIiIzkQK6iIiIiIgCuoiIiIiIKKCLiIiIiCigi4iIiIiIArqIiIiIiAK6iIiIiIgooIuIiIiInDUBPQwwYaCWEBERERGZRiYMIAywXdvGsSy1iIiIiIjINHIsC9e2sV3XxXVdtYiIiIiIyDQ6mMtVgy4iIiIicjoF9al8s/Xr17Njx47nXG7BggWsXLlSZ0dEREREZpwp60G/8847ue222ya07G233cadd96psyMiIiIiM86U9KDn83kefPBBbrrpJmbPnv2cy69atYqbb76ZK6+8kng8Pqn7Yoyh7Pu4joNt24e8DmW/jGPbOI6jK0NEREREzt6AHgQBQRBQW1s7oeVra2vH1zlob2cXt991D74fEBqDMYZ4NMoNr7+eWCQy4X1Zv2krN//sl7ztNddx8cpzx1/PDA/zN1//Ns+7cCWve/mLn3M7ax58hCe3bue1L3sRTfV1APhBwM9uu5NiqcRbXvUyIp4HwEBmiJ//5rcUS2XCMCQZjzO3tYnLV11APB7DGMNv/nAfO3d3EJqQaCTCvNmtXPW8i4hFo7pKRURERBTQJ59lWYRhOKFlwzDEetbQjz29/fz6t3eTqqigsbaGIAyprEiOdn0fh4GhIba272JoeOSw18vlgG279jB/zqwJbWfD5m38v7vWcPVlq8cDehAE/H7tQ4yM5HjDdS8ZD+gj2Ry333UPtm0zq6mBwaFhevsHuWPNWj76vnfQWFfLQ4+t58HHN7J00QJGsjl+ccddPPzERj7+gXeOb0dEREREFNAnkrynZEdt28YCXnzlpbzrTa8eD8S5fIH1T21jdksTW9t34boOq88/j2jEI5vLsWHLdvr6B1i6aAEL583Gtiw8z2VoJMt96x7D9VxWrzwX27YOK3spFIs8sWkrmaFhzm07h9amhsMbznWIRiLYzzr+iOcRiXhH3JzYlsWqFcv42Htvwg8C/ufu+/jXH/yMm3/ySz76vnfgui6pygo+/RfvpiKZ5Mv/ejMPPrGRXXv3s3jB3Km9Kg4p/TnsexERERE5jQP6WC4dHh6mb18nYak0mucchzmzWg6r757MkN7Zc4CHHt+IBSxfsoh9XT18+ds3E4tE8IOQoZERrn/RC3jHG17J//nmd9i2YzfGGBzH4bP/6714nodlWfz0tjuwLZvM8Aivf/mLecWLr8ayLBzbYiSb4++++R2e3r2HykSCH/zydj723ndw3tLFJ73/nufieS7XX3s19657jMee3ExmaHi8vSKeRzQ6VrJjOOqnDgODGfr6B7Dtyb85MrZDsrObJkY/mejq7Ca7pwNLs82KiIiIHCNAge3YVKXTVKVTJ5UVjTEnN4qLCQ0HDvRRCsPxwH4qeZ7HY09u5qv/dgtf++732bOvE8dxKBbLrL7gPP75bz5J28L53Pfw4/hByBuueyl//6kP85m/fB+5fJ51T2wEwA9CXnrVFXzzC59k6TkLuGPNWgYyQ9iWhet63P3gI6zbsImXXX0lH3zHWyiXfX5z932TeiyObdNQV0vJ9xkcGsa2LEqlMv9y60/59N//E2sfeYLz2s5h3uwWXfQiIiIipzMLfN9n+46d7Ng52jl8IrZs2cKaNWtOssTFgnlzZ2PPbp2SYy+VSrzoykt5/cuvxRhDU30dT+/agzGGloYGaquraGlsYF9nN9bY8j/+1T0c6B/AGEOxWCIIAmzLYt6sFqqrUiyaN5v23XvJ5nJYloUxIT29/XiuwyPrN/H4pi2kKitIxEYf5nx2bfyhJS6H/uponyAcum7Z9+no7CIWiVBTlcYwOsJMb38/VakUb3/tK3jpCy4/6kOi1VVpqqvSp66h9zRy8I6rqbkRJliXLyIiIjKTFUslNm99mn37O5nVenydrOVymSAIaGtrO4mAbsDCwprCGmVjDIlYjPqaagzgB/54CcjBr8YYPM9l45an+eK/fJdLL1zJa1/2Yr7y7e+NFW1YGAy5QgHfD9jd0Uk8FqWyIjn6kYJtU51OYYzh1S99IatWnstgZohkMnFEOAfI5gtkc/nxgG6N7cPwSJYg8MdCvxkP5bl8gUKxyK/v/ANb23dx3TVXkaqsIAgCotEIn/jAu2iorZneq+vQspoJPtgrIiIiMtNFIxHmz5lN+67dNDc14TgTz8me57F8+XLy+fzUjeJyMPxOxMH6m8MzY0hoDLfdtYa7H3yYMDTUVqW54XXXUyqV8f1g7O7Dp1AsjYf3A3393HnPWvJjgTwMQ8pln5/edgd3rLmfre27eNP1f0K6soJcvkAuX+CV117Nnfc8wDe/9yPmz5nFvq4eXvmSF/KWV/7J+P74QcBINssXvv6v2GNjp//FTW8By6LzQC/v/+QXMMZQla7ko+95BwZ44JH1/OnWz1H2R/fxytUXcsPrXoFj2xRLJQrFIo4eyhQRERE5YyUSCXx/NIceT0A/NDNPSUB3HAfHcejr6yORSDzn8n19fePrHNTa1MA7Xv8qgjDAjI2DnojFmNXcyE1vfBUrxh7gfMGlq1i8cC6rViznL9/1Nrbu2MWiubO5+tKLSSbiNNbV8p63vo7qdIoduzt46Qsu55ornkcQhNzwulewYM5saqrSfP5D7+PuBx+hfzDD1Zet5vmXXHTYPl564Uqq06lnivktm1nNjVz/4hfQ2z843sDxWJT62mre9prrKJZKmNAQi0aYP2cWK5cuxnEcjDFc+/zLWLmsjUQ8pitbREREZIYJgoBMJjNaUv3Od77TxONxvvSlL5FMJie2hXvuhPe/e/T7b/0bPP/a51zlzjvv5OGHH2bZsmXPuexTTz3FxRdfzLXXXquzNR1O4PyKiIiIyGg1x+MbNnLBivPwvIn3hQ8NDXHVVVexv7Nz6kpcrr32WhobG9mxY8dzLnvdddexcuVKnWERERERmREcx+GSSy5hcHBw6gI6wMqVKxW8RURERESOwvM8Kioq0BOJIiIiIiKngYPPWSqgi4iIiIicRhTQRUREREQU0EVERERERAFdREREROSsD+iWpVY82+icioiIiEybkx9mMfAhDACj1jw70vnoOVVYFxERETnDArplgQnhn78GP7oVjAL62ZHPLejvHb3hsiwGBzMU+wawwkBtIyIiImccYwye61JZWUk+nyechMzq2DbRaJRIxDuNAnoYgl8GP4BHHh/9Wc68IH6sC9S2wXHAtnRuRURE5IzPPKVymYHBQTzv5AO1CQ2lYoliqUxtTRXWKag2cH3fx/f949uxmjqGLriQVDKBZes50zPxTrJQKBCLxY59URkDtk3VonOgtlqNJiIiIme0IAhwbAdONk8byOULZIaGMMZMakA/mMtdPwwJjrOr31+6km0f/hznrzgXz3N1xs8wYRCwf3cH8+bOwnGcY158WIDlqMFERETkjHfMzHO8LPA8948WI5zwTYQx+GGIi+1g2c5x75lxXHA8sBXgzjz2IedPn4CIiIiInA4s2wHbOYlhFo3Rg6HTxBiDOaTtn/3zhM+dzp+IiIjIaWdG1qfs299JsVhi/rw543VDoTFs376DdDpFY0P9+LIjI1n27O0gDEOMMUQiEWpra6irrRldLwzZsXM3hUKB0BginkdTUyNV6dRh77l7TwfDw8MYY3Bdl4b6OmrHtjFRxWKJ7Tt2MjCYobG+jnMWLcAYw+MbnqSuppo5s2edVLsUi0XWr1/PihUriMVi469v27aNaDTK3Llz9RcjIiIicorNyPqGzq5udu3ec1ivcxiGtO/cRU/PgcOWHc5m2ba9naHhYcrlMt0HDvDAukfYuGkzxhhCY2jfuYvungOEYUhndw/3rX2Qru6e8W0YY9jT0UHH/k6CMKS3r5+1Dz3M7j0dx7XfGzdtpqurmzmzWmhuahy/sejr62ckmz3pdikWivzut3dx112/P6xttmzews6dO/XXIiIiIjIFZmQPum3bR31QwHEc7GfVZFuA67osbVtCdVUaYwy793TwxIaNVFelaW1pxrIsmpsaWbZ0Cb4fcM/9D7C3Yx9NjQ3PbMeyqKut4fwV5xIaw7qHH2X3nj3U1daMPq3rumSGhmhuasT3ffr6BjAYamtqiEQ8+vsH6OnpYc6c2aTTacq+z0g2SzwWx7HtZz4JCEcDe6lUora2hlgsOvGGsSCeiLNlyxaampq46KILx9vl0Pbq7u5maGiYhoZ60uk0AAP9A8TiMXp6erAsm1mzWsfbcnh4mK6uLlKVlTQ2NemvTkRERKZVqVymv3+QVGUFiUT8iN/ncnmGhkeoqaki4nlTvn8agmWCDvYoW5bF3Dmz2L1nL/s7u2keC5wHA7JtW6OTb/6R8m7bssCysG2bA719bNn2NI7jYFkW8ViM9U9uIgzCg8meVRespLO7m7Lv09XdQyaTYSSbI51KserC88ffPwxDHn70CYaHh4nH42xrb2fVBedTWVkx4WOMx+OsXr2aNWvW0NjYwKxZsw47vjV3r6G9vZ26+nru/sMfuPKq59O2ZAl33XUXI9ks6XSazs5OlixZwjXXvJCdO3dx991309zcTO+BAyxZsoSLV1+sC0pERESmVTabZWh4mNbmJpLJxCGv59jX2YVj29TUVE3LvmkIjxNgWRaJRJxCoUAQBti2TU9vL09t2cr9D6xjZCTL7FmtzwrlNoOZDE9t3soD6x6hp+cAc+fMxnEcCsUibYsXcdUVl7Fn7z4CP+Dyyy7hisueBxh27NrN4nMWEfEiLJg3l+etXkVTY8Nh49fblk1ndw9dPT0sX9rGinOXYQG7du85rmMLgoDl5y7noosu5Pbbf0M+l8d2Rnvo+/v62bBxI9dffz3XX/8KVl+ymnvvvZdisUixVGLRooW86lWv5JprXsjWrVvJ5/Pcd999zGpt5flXXslll1/GQ+seolAo6CISERGRaeN53lilg2FfZxfZXB5jIJvLs6+zCzA0NTZMysRGJ0I96CfAGEM2lyOZSOLYDhbgl33y+QLVVWmWLV1Cbc2Rk/sEfkAunyeZTLJg3lwaG+rZvaeDiOfR3NSE6zoMj4xQW1tDNBIBoK62lsFMBhOGYD1TnnNEKY5lkcvlsIA9HR3jF188Hj/u4wuDgMsvv5x9+/bzP3fcgTtW4tLb10tVVZrauloA5s2bxz1r7iGfy+M6DjU1NViWRU1NDWEYUigUGB4eIh6Ps+aeewjDkHnz5h3fiDMiIiIik8wCkskErc3N7OvsomPffqrTaQYyGSzLorW5+bBedQX001wYhuzcvZfBwSHOWbQQ27YIwpDW5iaWL2s79nompKamerwk5ZC4Px76AWKxKCMjzzzwOTKSJRaNPeeMrQaIRSI4jsO5y5eRTMQp+/5oOc0J3IA4jsPLX/4yfvzjn9DX18c1TS8kmaxgZGSEUrFENBYlk8lg2w5exMNgCMPwsGNxXZdkMklbWxvnnrt8/HenYkpcERERkeOVTCZobWmmY99+9nV1kYjHaW1pJpmIT8v+2LY9OuLfTDwZxhgGBgd5cN2jY0HSYfnS0XC9d99+hoZHCMOQdDpFdXUVvu+z6aktRCMRcvk8I9ksixctpKWpkSAMCYJgPJwey7GWMcYQBMF4UJ87ZzbrHnmchx99HMuyGBgc5OILL8C2LHw/GA+/4dj7Htx24Ps0z51N+45dPPLo49TV1nCgr48F8+YxZ3brhNulXC6P/5xKpXjJS67l1ltvpVwu09zURDpdxW2338asWbN48slNnHveuSQSCcql8mEBvVQqEY1GWbFiBffffz/ZkREKhQJl3+fqq18webN5iYiIiJxMSE/Emd3awsBghuqq9FEfGp0q27ZtZef2dpzzVp7/+Yjn8dJrryUyVlbxXMIwpKu7h+bGRhznzCtjt22bZDJBPBYjFosSj8WpqakiGomSTCaIRaNEY6PfV1elR5eJx4hEIlRXV7Nk8SLmzG4d7wl2HIfamupjfhRijT0QWl2VPuKBTcuyiCfi1I6VhyQTCepqaygUiriOw9Ili6mvr8WYsfcZG5nFtm0qKypIp1M4jjO+7abGBoIgoFQq0djQQGtL0xFh2BjDYGaI6qr0YaUylmURjUZobW0dX6eqqoqG+gbq6uqoqq7inEWLKOQLDA+PsHRpG6tWrRptU8emqamJZDI5XqPf0tJCa2sr6XSK7p4eHNdl2bKlpFIp/d9AREREThue55GqrJhwzXkYhuTzeZKJBLZtTUpOzuVy/OjHP6a+oQHrLTfcaJKJBF/7ypdJJpMT2kC57PP4ho1csOI8PE9VMmeaIAjYuXsv8+fOVk+2iIiIyHEql336+vupr6s7IoSfaE7OZrN8+GMfJ5fPaxQXEREREZHTgmXN3Bp0EREREZGTD9STt6kgCBjOZAjCUAF9xjKjo66oxEVERERmgnK5jOu6Jz2anDGGUrmMCQ2TPS7dkxs30tXVqYA+E9m2TTwWY19nF/F4HA16KCIiImcrA5gwxHVc3El4dtKEhrLvE4lEJnXoaMdxWLV6NQMDA6pBn4ksy6KpqYFURQVo0iARERE5qxO6IeJ5pNOpE5of5ogcZVvEY1EqKysmfW4Xz/NIVlSoB32mchyHmqPMdioiIiJytvK8ytP8XsJgjFEPuoiIiIjI6UQBXUREREREAV1ERERERBTQRUREREQU0EVERERERAFdRERERGSmBHTbtnFdl1wupxYUERERERmTy+VwXRfbPvF+8BNa03FsGupq2blnL8VSSWdCRERERGa8YqnEzj17aairxXFOPKC7hAEmDI57xdaWZkqlMhs3baYqnTqpuwQRERERkTNZGIYMZoaoqaqitaX5hLZhwgDCANe1bZwTmKbUsiwWzJ9LTaaawUyGMAjB0skRERERkRnGgOu6LFown6p06oQ341gW7mgpuYvruie8oap06qR2RERERERERkO+67oaxUVERERE5HSigC4iIiIiooAuIiIiIiIK6CIiIiIiCugiIiIiIqKALiIiIiKigC4iIiIiIgroIiIiIiJnejC3bYwxuGoKEREREZHpt2XLFtrb29WDLiIiIiIy3crlMkEQ0NbWph50EREREZHp5nkey5cvJ5/PqwddREREROR0oRp0EREREZHTQBAEZDIZBXQRERERkdPFhg0b2N/ZqYAuIiIiIjLdHMfhkksuYXBwUDXoIiIiIiKnA8/zqKioUEAXERERETkdGGMwxiigi4iIiIicThTQRUREREQU0EVERERERAFdREREREQBXUREREREFNBFRERERBTQRUREREREAV1ERERE5GwJ6L7v4/u+WkJEREREZBodzOW2H4YExqhFRERERESmUWAMfhhiYztYtqMWERERERGZRpbtgO3gqilEREREjhQa6Mj6rO8rs3vYZ7AYEp7Bx2MDVVGbuZUuK2s9ZiVdbOvUvqcxhmKxxPBIlkKhgO/7GM7cyg0LC9d1icViVFYkiUYjWNbkN6ICuoiIiMghBkshv9qZ5yfbszzUU2KoFOIHhjM6nR+S0l3HIhWxuaQhwhsXJXnl/DhVkckdN8T3fQ709nGgt59SuUQsGiUSieA6DlhnbvMZY8gXCmSGhti9t0jEi1BfV0N9XS2uO3mxWgFdREREZMxP23P87aMZNvSWxgKthQ04jgVnSUVwaKC/GPLfu/P89+48K+oifOqiNG9YmJiU7Xf39NKxfz8Rz6OpsZ6qdBrPc09JT/N0BvVy2Wcwk6G75wD7u7qZ1dJCY0OdArqIiIjIZMiUQj6zLsM3nxzGGIPtWFhn6bFaB+81HAsDbOgr8abf9nJfZyVfWJ0mfYK96b7vs2PXHoaGR5g/dza1NdVn7fViWRaRiEdDfR0N9XX09Q+wc/deMkNDLJg356R70zUOuoiIiMxovYWQt97VxzfWDwHg2GdvOD8iaI4dL8A31g/x1rv66C0cfy1PqVzmqa3bCMKQFcuXntXh/Ghqa6pZsXwpQRjy1NZtlMplBXQRERGRE1EODR+8r5/bd+SwXeuUPzR5urItsF2L23fk+OB9/ZTDiT/IGYaGp9t3EotGaTtnIZGINyPbMBLxaDtnIbFolKfbdxKGJ/4wrAK6iIiIzFhfeWKYn2zLYrszp9f8WCxGQ/pPtmX5yhPDE15vT8c+At9n0YL5Z1Wd+Qm1oWWxaMF8At9nT8c+BXQRERGR47Ghr8yX1w+BpXB+aEjHsvjy+iE29D13mcbwSJYDvb0sWjAf21asBLBtm0UL5nOgt5fhkexxr2uMUUAXERGRmekf1g8xkAtwlIYO49gwkAv4h7Ga/D+mY99+6mtrSSTiarhDJBJx6mtr6di3/7jW27ZtKw/ce68CuoiIiMw87UM+t+3OgzM9feehgSAc/ffsUuXAHP6aGXvNTOX8Po7FbbvztA/5x1wkn8+TzeVobmrUBXUUzU2NZHM58vn8hJYvl8uEQcCixYsV0EVERGTmuWNPnv58MOUPhRogCAyVnsWitMvclEPctQiC0fRtAXUxm6Q3umMHQ3lTwqEyMnWxzbagPx9wx55jh8ve/gEqkqOzaZ4KuVyezs4uMpmhU368+XyeDU9uwvf9SdtmNBqhIpmkt39gQst7nseStqU0tbQooIuIiMjMYoC13UUwUzuppRkL3O9eXsn6NzRzz6saefDVTTzw6kb+ZG6cwDckPIt7X9nIB5ZXEpQNYWj49IUp1r2mkSVVLsEUzWZqje3w2u4iR+u4NwZGRrKkUpWT/t7lcpnvfu9W3nzDO7nhXe/lzTe8k8//zd/RPzBwyo63Y99+/urTnyeby03qdlOpSkZGshP/9MOyMMZooiIRERGZWYqBYcugP+VDZYSB4Ya2Cr59VQ1ffHyIm7eMUOFafOKCFP/10nqu+lU3G/tLVEdt4o4FvuHdF6T49EVpbvh9H+u6iqMzmk4VG7YM+hQDQ+xZ72vCkEKxRGsyMelv++3v/Du//PVtfPLjH+WCC86nu7ubO353F+VDxhYPggDHOXJq1zAMj/qw6tFeP3QbxphJ7T0/qCKZoLunFxOGWM/xsEMQBAxnMgRhqIAuIiIiMy+gd+eC0Sk1pyqcG6iI2nx2VZofPJ3lk2sHRm8QDNzw+34efI3H/1qR4t139+EbKASGFy9K8E9XVPOhtQP8eFsWe6rr5S2L7lxw1IAemhDfLxONRCf1LQ/09vKTn/+Cz/7Vx3nh1VcBUF2Vpm3JYgA2bnqKn//XLznQ28uFK1fwrptuZPPmrdz3wAOjkyVt3sLypW386U03Eo1G2bZ9O7f+4MfksjkWLpzPO2+8gf6Bfm7+j+/T3z/AggXzuOmGt2Hb9ikZIjIaieL7ZUITYk/gjvDJjRvp6upUiYuIiIjMLOFYAJ5KBqjwbBrjNn/YN1pe49gWjmNRKoX8Zk+eSxsipCI2hcBww5Ikv3hJPd/ZPMI/rx/GnqbZTQuB4Wjz7Rgz2us82UMr7ty1G8exuXjVRUf9/aZNT7GsrY03vf61/PQ/f8mDD62jb6Cf7958C6mKSl59/XX8/L9+xZp77yebzfGJT36O6uoq3vbWN1FVVcXg4CCf+txfE0/E+eAH3kNHx36+d+sPsY/SGz8ZDg6bOJESF8dxWLV6NZdf+Xz1oIuIiMjMYlsc0SN8OrGAA4WQrF/ikoYotUmHvnyAMw2TAMWco8+ualmjk/KE4SQXxRsDBgxHT7RvesPryGQy7NnbQV1tLe07djF/3lzalizmhre9GYD/vuN3tLfvoCqdxgI++P73EvE8Lli5gi1bt/HU5q2cu2wZd99zH1iwZetWrr7qSuxT8MRwGIZYljXhD2s8zyNZUaGALiIiIjNL1LFoTDh0jPhTVuZiASOlkO5cyAtbo/z7puHxkVsiEZuXz4nzQE+JoVJIzLG4fXeOH23LsfY1jfzH1bW87o5eiqGZ2lFnjKEx4RA9ys2Mbdm4rkexVJzUUVzmzZ1LEASse/hRXvLia561O4bvfu8W1j38KMuXLaVQLI6XpViWRblcxvM8IhGP0IQUCgXiiRiO/UzvuO8HJOJxzl+5gngsxrKlbTQ2NFAsFjGnYBzLYqmI63rYlj3BJjeaqEhERERmZkBvq3IhnLr3tK3RgP7Xj2Z4yzlJvnR5NUtrPC5uiPL9a2pZUu3xj+uHCDE4FiRdm46BMm/+XS8vaInx5cuqcJjisdBDaKtyjxrQLdsmFo0wkp3cUU8aGup5zauu54tf+Sp3/eFuBgYzbN/ezpe/+nXuvW8t3//hT/iLP3sff3rTjSSTCYIwwBhzWE9+EAT4vk/bknPo2Lef+9c+QC6X59HHHiedqiSdTjM8PMTFF19Ec1Mj5XIZ27EJTsEQOSPZHLFoBOs4S4HUgy4iIiIzigVc1hjlB1uzGKZuqEXbsbh1WxbXhk9dmObti5PYFnRmA179PwdY11UkFbfpL4ZkfQOOxf37irz9973836tqub+ryI+fzk5JqYsZa6jLGqNHbR/LgoqKJENDw7RM8kRFH3jvu4nHY/zjN75FoVigIpnk0ktWs2TJOVxy8Sq+8rVv0NzcRDQSIZlI4HoulRUV4+tXVFQQjcZoaGjgz9//Xv7h69+gsrKSmppqPvvJT/BXH/8wX/36N/nZf/6SIAh4x41vo23xOaRTqUl/UHRoaJiKiuRxf1BjveWGG00ykeBrX/kyyWRSf7UiIiJy1msf8ln9n130F8MpnUzUMDrcYmXUpi7u4IeG3nxIvhziOKMPgqYiNsXAjD/IGoRQG7cJDQyVpqbbPzBQE7VZ99omFqaO3p+bz+fZtGUb5y1bekomK8rmcgwPD5NMJKmsHA3gvu/T2dVNOlVJMpkkCAJs26ZYKpFMjA75mC8UsC2LaHR0hJnM0BDZbJb6ujo8zxtfpr9/gMrKClKVlYRhSC6XI5lMTlpILxZLbHxqM8vbFhOPx5/7eLNZPvTRj5HN5dSDLiIiIjPPwpTLdXPj3LJ5BNypS+gW4DgWI2XDcMkH65nXDgb4/mKIzTPl8Y4NfYUQC6auBj0wXDc3fsxwDhCPx0kmEnR2dTNv7uxJ34VkIjEeug9yXZfZs1rHfz44jrnrPrOf8VjssHXSqRTpVOrwfY/FaG1pHv/Ztm0qDumFnwydXd0kE4kJhfNnUw26iIiIzEgfWZmiOuFM2eychwUwazR4O9aRoduxjnx29WjLnbJsHkJ1wuEjK1PPueys1hYO9PWRy+V1QR0il8tzoK+PWa0tJ3Z9qAlFRERkJlpR6/GxlSkwxxrUb+YxAMbwsZUpVtR6z7l8ZUWS+ro6tu/YOflDLp6hwjBk+46d1NfVUVlxYuXjCugiIiIyY330/EreuDhJ6CukGyD0DW9cnOSj51dOeL05s1pxXJftO3aekqEKz6g2NIbtO3biuC5zDinFUUAXERERmSDPtvjmFTW8fEGC0D/6rJkzQWhGw/nLFyT45hU1eMdRT2PbFucsnE+hWGTL0+2USuUZ2YalUpktT7dTKBY5Z+H8k5r4yCYMMGGgv1ARERGZkepiNj+4ppY/H6u5DsKZ05tuxo4X4M9XpvjBNbXUxY6//zbieSxbshjHttmwaTN9/QMz6hrq6x9gw6bNOLbNsiWLiXjeiZ2PMIAwwHVte1qmjhURERE5XaQjNv90RTVXNEf520czbOgtjf7Ctg4bUeWsCOVmbI6msWC+oi7Cpy5K84aFiZParuu6LF60gO6eXnbt2cv+zi4aG+qpSqfxPHfSxxif3jY0lMs+g5kM3T0HKJXLzG5tobGh7qS261gWrm3juq572NA0IiIiIjPVGxYmuHZ2jF/tzPOT7Vke6ikxVArxAzOlM4+eMja4jkVVxOaShghvXJTklfPjVEUmr+q5saGO2poqDvT20dV9gD0d+4hFo0QiEVzHmbqZoU5JMgc/CCiVShSKRSJehPq6GurraiclTx/M5UrmIiIiIoeoitjcuCTJ2xcn6cj6rO8rs3vYZ7AYntEZ3QaqojZzK11W1nrMSrqnbOhG13VpbmqkqbGBYrHE8EiWQqGA7/ucyQVElmURj8WorqqisiJJNBo5JZ8MKKCLiIiIHC3QWjCnwmVOheLSyQTaWCxKLBZVYxznzZSIiIiIiCigi4iIiIiIArqIiIiIyOke0C0NsygiIiIiMq0OZnL1oIuIiIiInEYU0EVERERETodgbtsYY3BV3iIiIiIiMv02b95Me3u7etBFRERERKZbuVwmCEPa2tpGJyqyLEsPioqIiIiITBPP8zh3+XLy+bx60EVEREREptvBDvPxGnT1nouIiIiITJ8gCMhkMoc/JKqQLiIiIiIyPYwxrF+/nv2dndi2bZPL5XjsscfUMiIiIiIi02Djxo2sWLGCF11zDfbBWpdbbrlFIV1EREREZIo99thj3HLLLXieRyqVGi1xcRyHcrnMt771LS677DLS6TRhGGKMGf8HjH9fKpXwPO+wDR9c5tmO9bpMnnK5fMT5OF6WZVEqlejr7yeZTFIqlQmCYKz0yQBHfjXG4DgOkUiE4aEMTU1NOI5zwud8Mo5DzszrT3Q+dLw6H6L2O5POx7FKw5/9+qGl5M/+3rIsbNsmk8mwdu1agiAYf7/xh0Rd18X3fX7729/i+z5hGI7/C4JgPJwHQchIdoR4PD4a1Q4J7wroU88YQy6fJxGPn9RzBJZlMTIywpYtW2lqacEYQ7lcHt2mMXCUr8YYIp6Hbdvs2rWTVRddRCQSOaFzPlnHIWfm9Sc6HzpenQ+1n9rvTDofzxXQD351HAcYnSH0YOZ2HAfbtsf/ua5LLBbDdd3xZf4//3DSYLP1lw4AAAAASUVORK5CYII=\"><br><br><b>Option 3:</b><br>If you are using LLDP only to advertise information about your PAN-OS device to other neighboring devices, you should set the LLDP mode to transmit-only for the profile used on your network interfaces by performing the following steps in your web interface:<br><ol><li>Select <span><b>Network &gt; Network Profiles &gt; LLDP Profile</b></span></li><li>Select the profile used with the interface</li><li>Set the \"Mode\" to \"transmit-only\".</li></ol><img alt=\"\" src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAYwAAADWCAYAAADCW7VvAAAKs2lDQ1BJQ0MgUHJvZmlsZQAAeJyVlwdQU+kWx797bzoJBBKQTugd6QSQEnoAAelgIyQBQgkhEBRERWVxBdeCiggogq4KKLgWQNaKBduiYMG+IIuAsi4WREXlXWAI7r557807mS/nNyfnnu98Z+438w8AFAZHJEqFqQCkCbPEob4ejOiYWAZ+CCAAD4hADZhxuJkiVkhIIEBtxv/dPtwH0KS/Yz5Z699//68mz+NncgGAQlCO52Vy01A+ga7PXJE4CwDkKBrXXZYlmuS7KNPFaIMoD05y4jR/meT4KcZQp3LCQz1R1gOAQOZwxIkAkC3ROCObm4jWIU/uZSnkCYQo56PsmpaWzkP5PMpGaI4I5cn6zPjv6iT+rWa8tCaHkyjl6bNMGcFLkClK5eT8n+P435aWKpnZwxBd5CSxXyjqldCZ/ZGSHiBlYXxQ8AwLeFP5U5wk8YuYYW6mZ+wMZ6aGsWeYx/EKkNZJDQqc4QSBjzRHkMUOn2F+pnfYDIvTQ6X7Jog9WTPMEc/2IEmJkMaT+Gxp/dyk8KgZzhZEBkl7SwkLmM3xlMbFklDpWfhCX4/ZfX2kc0jL/O7sArb02aykcD/pHDiz/fOFrNmamdHS3nh8L+/ZnAhpvijLQ7qXKDVEms9P9ZXGM7PDpM9moS/n7LMh0hkmc/xDZhh4AW8QiH4YIALYAFtgBRwAOpks/vKsycN4potyxILEpCwGC71xfAZbyLUwY1hbWtsBMHl/p1+Pd7em7iWkHD8bS4sBwH41CmdnY1wBAC2m6LXZPRszoKNXMxKAM11ciTh7OoaZ/MICEpADdKACNIEuMALmwBrYA2fgjnbsD4JBOIgBSwAXJIE0IAbLQB5YAwpBMdgCdoByUAX2gUPgCDgGmsFpcAFcATfAbXAPPAY9oB+8AiPgAxiHIAgPUSAapAJpQfqQKWQNMSFXyBsKhEKhGCgOSoSEkATKg9ZBxVAJVA5VQ7XQL9Ap6AJ0DeqEHkK90BD0FvoMIzAZpsMasAE8F2bCLDgADocXw4lwBpwLF8Cb4DK4Bj4MN8EX4BvwPbgHfgWPIgCRQZQQbcQcYSKeSDASiyQgYmQVUoSUIjVIA9KKtCN3kB5kGPmEwWFoGAbGHOOM8cNEYLiYDMwqzEZMOeYQpglzCXMH04sZwXzDUrDqWFOsE5aNjcYmYpdhC7Gl2APYk9jL2HvYfuwHHA6nhDPEOeD8cDG4ZNwK3Ebcblwj7jyuE9eHG8Xj8Sp4U7wLPhjPwWfhC/G78Ifx5/Bd+H78R4IMQYtgTfAhxBKEhLWEUkId4SyhizBAGCdSifpEJ2IwkUfMIW4m7ie2Em8R+4njJHmSIcmFFE5KJq0hlZEaSJdJT0jvZGRkdGQcZRbICGTyZcpkjspclemV+URWIJuQPcmLyBLyJvJB8nnyQ/I7CoViQHGnxFKyKJsotZSLlGeUj7I0WQtZtixPdrVshWyTbJfsazminL4cS26JXK5cqdxxuVtyw1Qi1YDqSeVQV1ErqKeo3dRReZq8lXywfJr8Rvk6+Wvygwp4BQMFbwWeQoHCPoWLCn00hKZL86Rxaeto+2mXaf10HN2QzqYn04vpR+gd9BFFBUVbxUjF5YoVimcUe5QQJQMltlKq0malY0r3lT7P0ZjDmsOfs2FOw5yuOWPKasruynzlIuVG5XvKn1UYKt4qKSpbVZpVnqpiVE1UF6guU92jell1WI2u5qzGVStSO6b2SB1WN1EPVV+hvk/9pvqohqaGr4ZIY5fGRY1hTSVNd81kze2aZzWHtGharloCre1a57ReMhQZLEYqo4xxiTGira7tpy3Rrtbu0B7XMdSJ0Fmr06jzVJeky9RN0N2u26Y7oqelN18vT69e75E+UZ+pn6S/U79df8zA0CDKYL1Bs8GgobIh2zDXsN7wiRHFyM0ow6jG6K4xzphpnGK82/i2CWxiZ5JkUmFyyxQ2tTcVmO427TTDmjmaCc1qzLrNyeYs82zzevNeCyWLQIu1Fs0Wr+fqzY2du3Vu+9xvlnaWqZb7LR9bKVj5W621arV6a21izbWusL5rQ7HxsVlt02LzxtbUlm+7x/aBHc1uvt16uza7r/YO9mL7BvshBz2HOIdKh24mnRnC3Mi86oh19HBc7Xja8ZOTvVOW0zGnv5zNnVOc65wH5xnO48/bP6/PRceF41Lt0uPKcI1z3eva46btxnGrcXvuruvOcz/gPsAyZiWzDrNee1h6iD1Oeox5Onmu9DzvhXj5ehV5dXgreEd4l3s/89HxSfSp9xnxtfNd4XveD+sX4LfVr5utweaya9kj/g7+K/0vBZADwgLKA54HmgSKA1vnw/P952+b/yRIP0gY1BwMgtnB24KfhhiGZIT8ugC3IGRBxYIXoVaheaHtYbSwpWF1YR/CPcI3hz+OMIqQRLRFykUuiqyNHIvyiiqJ6omeG70y+kaMaowgpiUWHxsZeyB2dKH3wh0L+xfZLSpcdH+x4eLli68tUV2SuuTMUrmlnKXH47BxUXF1cV84wZwazmg8O74yfoTryd3JfcVz523nDfFd+CX8gQSXhJKEwUSXxG2JQ0luSaVJwwJPQbngTbJfclXyWEpwysGUidSo1MY0Qlpc2imhgjBFeCldM315eqfIVFQo6slwytiRMSIOEB/IhDIXZ7Zk0VGhdFNiJPlB0pvtml2R/XFZ5LLjy+WXC5ffzDHJ2ZAzkOuT+/MKzAruirY87bw1eb0rWSurV0Gr4le1rdZdXbC6P983/9Aa0pqUNb+ttVxbsvb9uqh1rQUaBfkFfT/4/lBfKFsoLuxe77y+6kfMj4IfOzbYbNi14VsRr+h6sWVxafGXjdyN13+y+qnsp4lNCZs6Nttv3rMFt0W45f5Wt62HSuRLckv6ts3f1rSdsb1o+/sdS3dcK7UtrdpJ2inZ2VMWWNayS2/Xll1fypPK71V4VDRWqlduqBzbzdvdtcd9T0OVRlVx1ee9gr0Pqn2rm2oMakr34fZl73uxP3J/+8/Mn2sPqB4oPvD1oPBgz6HQQ5dqHWpr69TrNtfD9ZL6ocOLDt8+4nWkpcG8obpRqbH4KDgqOfryl7hf7h8LONZ2nHm84YT+icqTtJNFTVBTTtNIc1JzT0tMS+cp/1Ntrc6tJ3+1+PXgae3TFWcUz2w+SzpbcHbiXO650fOi88MXEi/0tS1te3wx+uLdSwsudVwOuHz1is+Vi+2s9nNXXa6evuZ07dR15vXmG/Y3mm7a3Tz5m91vJzvsO5puOdxque14u7VzXufZLreuC3e87ly5y757417Qvc77EfcfdC/q7nnAezD4MPXhm0fZj8Yf5z/BPil6Sn1a+kz9Wc3vxr839tj3nOn16r35POz54z5u36s/Mv/40l/wgvKidEBroHbQevD0kM/Q7ZcLX/a/Er0aHy78U/7PytdGr0/85f7XzZHokf434jcTbze+U3l38L3t+7bRkNFnH9I+jI8VfVT5eOgT81P756jPA+PLvuC/lH01/tr6LeDbk4m0iQkRR8yZkgIIuuCEBADeHgSAgmoK2m0ASAun9fWUQdP/CaYI/Cee1uBTZg9ALeompVdQPgCV7qgGQRcVXZOyCJVJsI2NdM1o4SndPmnUwwDs/d0yMDzwLisf/NOmNf13ff/TA2nVv/l/ARw8CK238QffAABmTUlEQVR42u2dd3hVVdaH33PO7fcmuem9kxB6711EUKxg773XUUYdu/M5M5axi4q9YEFBFBBQFEWqIL0HCJCekJ7cesr3R8I1gSCo6KDu93n0Cfeess+5++zfWWvtvZa0fccuA4FAIBAIDoMsboFAIBAIhGAIBAKBQAiGQCAQCIRgCAQCgeAYxCRugUAgEPw5kCQJSZIO+twwDAzD+H0FQ5KknzzpkXzf3oUc6fZHesGt9zsaN+lwP8yBP4Ysy0ftBxIIBIIjHY8CgQA+nw9VVdF1HVmWMJnM2Gw2LBbLrx6XjlgwFEUBJHRNpb3TybKMLMtomtZug/Z/3zzCgoGBLMsoioKm6ahq8KD9FEUhdDIJTCYThmEQDAbRdf2Q7ZQkKXQOk8mELMsEAgE0TTsqP47ZbEbTNDweD6qqYrfbW+5Ps3jU1dVhsViwWq2iJwsEgt9cLILBIMXFRaxYsYING9ZTUlKC3+fHbreTmJhI9x496Nu3LykpqZjN5l8sGtLh1mFIkoQsy8z85BNWrVrJLbfcSkxsbJsB22w2s3Ll93z80UecdfbZ9OnTD1UNthnEd+zYwdtvvdlm4DabzcTFxzN06FD69usPhoGmaciyjKepiaeffoqGhgY0TUOSJCIjI+nWvTvHHTcah8PRRgD2WzfvTX2XjRs3htrnCgsjOzubMWNOICEhAVVVf51JZjKxfv163nj9NbZs2UwwGOS++x7guOOPR1NVKisrOevMCUyYOJG//e0O/H6/6NECgeA3IxAIsH79ehYs+AJZVujTuw/JyclYbVYMA4qKClm/fj011dWMGzuOHr16YbFYfjsLQ5Illi9fxscfT+Pyy68gLj6+jWAoikJ+fj7TPvyAfv3707//wIMEo6SkmKnvvkNicjIZGRnomkZ1dTWFewt5+aUXueCCC7nxxptwR0YC4Pf7+XDah5hNJrp264amqixbtpRXX3uFYUOH89//Pkl0TEwb0TAMg4ULF/LtNwsZOHgwiqKwfv063n3nbd5+6y0ef+IJevXqTTAY/MVikZ+/neuuvRqz2cx5551PSmoquR07ogaDSJKEpmlUVFRQX98gerJAIPjNLYu1a9bwzbff0LlzF3r16o3T6aSmuprGhgbsDgddOnchKyuLZUuX8s233yApCj179vxFlobp57hhbDZbu3GI/aIgK0rINdOeSwpJ4swzz+KOOybh8XjQVJWKykpeemkyb7z+GvUN9Tz66OPIsowkSSiyzIABA3nm2eeQJAmv18tLL73IS5Nf4N133+Fvt9+BruttLtpkUoiOieW5514gIiKCYDDI/HnzuPPOSTz11JO88sprIVeRqmlYzGYkScLv92MYBkrLNciyjK7rIV8ggN1uZ86cOVRUVDBjxkwGDxlCIBAgGFTRNLXtvZDlg8Rmv7tMVdVfbekIBAIhGEVFRcyfP4+OeXmMGDGSsLAwvv9+BW+/9RblFeVYzBZOHj+e0ydM5ISx4/hm4dcsWPAlMTExZGVl/XaCcbRQFAWTyYTJZMJsNpOZmcm//vVvGuob+HTmTE44YSwnnTS+zU3ZP9BGRERw5ZVX8eEH77N27Vp8Pt8hBWr/wK8oCqedfjqz58xi1cqV1NXVUV1VhcfjIbdjR+bN/ZyGhgbGjRtHdHQMZWVlbFi/jorKSlJSUujevQcRERH4/X42btzAls2biYqORtN1Vq1ciW7ogITT6SAlJfUgQd3f/l07d7Jh43oCgSDdunWnY8eOB4mdQCAQHKlYBAIBVq1aRVR0FEOGDCUyMpJAIIAsyaSmpZGTm8uSxYv54ssvGHncaDIzM+nTpy/btm3j++9XkJKS8rOtjN9dMPZH6ff/p+s6FouFSy69lC++mM/8+fM44YSxSLJ0yP2b3WQ/bwmJoTcH2c1mM9M+msaSJYvp1rUrM2fOJCwsjEEDB7Ft23buveduKisrcTqd1NfXk5fXiX//51FSUlK47957WbduHWBww/XXhsShvr6eAQMH8uKLL7cRjP3xn9dff43JLzxPWHg4ElBXV8cNN97EZZddftQC8QKB4K8lGD6fj/Xr1nLc6OOJjY0NvSh3696dDjk5lJeVsWfPbiorKtA0FcMwiI2Lo3fvPnz77TeMHz8+NHOKP9LCPU3TyMjIwOVyUVRY1BIoPmBKLVBfX8crU16mprqa3r17Y7PZOJKA0CefzGDxd9/Ru08fIiMjkSSJ7Vu3smPHDqZMeZU333oHxWTi7rvvRJZl3nl3KvO/WMBzz79AQcEuHn7oAQBemPwiw4YNIywsjJenvMLU997n9dffJC0tjcbGxnbdeIsXf8ej//k3Z0yYyOzZn/P53PlcdPElPP30k6xfvw6z2Sx6v0Ag+NmowSClpSWkpqZgt9vRdR1JknA6nciyzKLvFlFeVk7/AQOJiIhA0zRsNhtJyUmUlJT8oljuMbNwz2QyoygKqqqGFM9sNrNmzRpuvOF6VDXI9u3bKdy7lxGjRnHBBRe2O4VXlmXq6+uYdMftKCaF4qIiNm/eTIcOHbjtttuxWCzouo7JZOKuu+9hxIgRSJLE+++/x+6CAp566mn69euP1+tl7NhxrFq5kilTXiY/fzt9+vTF5XJhMpnIyMjC7Y7A6/XicDjadUUZhsH8efOQZZnjjjuO0tJSMAwGDRzEyy+9yIoVK+jbt98vDsILBIK/LoZh4PV6kWUlNP7sj5Fu37aNbxYupGu3rkycOJGIiIjQuGe32fH7fRi68ccUDFmWqarah8fjISo6qs1btyxL6IaOxWpl1HHH0aN7T8aOG4fdbv9Jd45h6EiY6NatOxMmnMlJJ51EQmIiwWDzeg+rzUZ2dhZerxeLxcruggLMZjM5Obn4/X40TUPTNHI7dgSgcG8hffr0DQmUpqmh4HV7Jp1E80yvsrJSDN3goQcfaPO92+3GZFJEDEMgEPwyt5QsYbXa8Hq9B80W1XUdt9tNv/4DSEhIRJJ+XEysGzp2u/2QE5iOacFojitYmD9vHj6vl/79+2Oz2aitqSEYDNKvX3+eff4FZEnC3DKj6acW4em6Tnh4BI8/8SRutxtZljGZTC2zmYJt5h//ODXYwGK1QsuiwB/dYc3nwjCwWH+er88AFMWE3eEgPiGeN996G5vNHjqnoihYrRZ8Pp/o+QKBgF+ygDgpKYnikmKys7Ox2WwYRnOsNik5mRPGjiWvY0cUpfnFdP9M08LCIhITkzD9Anf4z45h2Gx2HA5H6L8DlcpisbT53uFwtJnJZDabQ/vZ7XYAPv30E6ZMeZnOXboyYcKZB7lo9h/d7/fj8/kOucq7vfQgQVU9SIFpJ4bSqVMnVE1j2fKlWK3Wlpuvs2zZUswWC5mZWT8rQG0YBlarhZycXIqLi9ldUEBycjLx8fHEx8djsVgwmUT8QiAQ/DJ3lNVqo1v37qz54QcqKytD6UF0Xae+ro6SkhIa6utDsQ2AyspKNm3aQI8ePUMC85tZGH6fn1deeZnIqMjmKaF6s2vniiuuDDV09qzP2LVzJ6qmhtJ6nH7GGShy89qEFcuX89RTTxIMBKirr2f7tm18/fVXdOjQgYcefpiYVovxdF3/2VNPW+9jGAa0s+/+bfajqioDBw5i+PDhvPD888iyQqdOnVmyZDEzP/mEiy6+hKysLHRNP2jf9o63//yqqjJhwkQ+mTGdSZPu4IYbbyIlJYXVP/zAvHmf88CDDzNo0OBmK0YgEAh+hmBYLBb69x/Arp07+eGHVbhcLqKiojAMg6qqfRQU7KJrly4hq6OqqoolSxZTVVXN+PGnhOK5v4lgOJxOXC4XM2ZMD52k2f0Tztlnn4PNZiMqKpqlS5fy3XffhS5KlmV69upNeFgYcXFxbNiwgbVr14TcUcnJyVx33fVcdPElJCYmEggEQusu3G43LpfrZ12Qy+UiIiLiJ/1zTqcTt9sd2kbXdWw2G//+z2M88/RTvPH66wTVAA67k+uvv4Grr7k2dD0uVxjh4W2PHxYWhrnF1bW/3Xa7nWAwSGpqKs89/wJP/vcJnnj8MaB5AeD4k0+mQ4ccsYBPIBD8YtFISUnh+DFj+Prrr/H7/QwZMpTY2Fh69+5LckoqcbGxqKpKWVkZq3/4gT17djNu7DhSUlJ+UfxUOtKa3j6fj4DfD+3MBnK5XKgtrp92xaZlFlFTU1MbL78kyVitFpxOF7quHxS4aWhowGQy4XA4jviCPB4PmqbhcrnaFY39frxAIEBYWFibbfb7+mpqamhsaMDtdhMe4cYwfrQgvF4vqqq2Of7+63I6naF2WyyW0LRfs9lMIBCgqmXBYFRUJJGRUWia9rMVXiAQCDhg6cDaNWuYP38eUdHRdOnSldTUVGRJwuf3U1RUxOrVP2AYOscffwLdu3f/xbmkjlgwJElGlqW2Hh4JaInI71+kdrBo/ZhOt3mAlQ4IDXPIQXN/eo2fM6geyT6tfX2H+q55VoHeburyA49/4GftpTfff3/2n1cIhUAg4CjmlCoqKuSHVatYt24dpaUleL1erDYbSUlJdOvWnQEDBpCcnPLbZqsVCAQCwR+tHkYQvSW7hclk+v3rYQgEAoGAYzaeYRgGZrO5XXfT/rUZiBKtAoFAIDiapVg5lnNJCQQCgeDYRwiGQCAQCIRgCAQCgUAIhkAgEAiEYAgEAoHgWMT0S1LcCgQCgeAvKBgBUbxHIBAIBEciGNu27xB3QSAQCASHRfL5/SI1iEAgEAgOLxiGqBEqEAgEAsQsKYFAIBAIwRAIBAKBEAyBQCAQCMEQCAQCgRAMgUAgEAjBEAgEAoEQDIFAIBAIEBX3/hKoqtZcflGkBRMIBIfDoKXWtyIE469GaVkZ+bt2o+s6klAMgUBwWL0wkGWZnKwMEhMShGD8lSyL/J27yevYAXdEhLghAoHgiKitq2Prth3ExsT+LEtDCMYfGN3QMQyDSLcbs0n8lAKB4MiIdLsxDAPd0AFFBL3/UiamSAcmEAh+hzFDCIZAIBAIEC6p31ihGxubcDjsKMqPJp3f7ycQDBLmcv3P2lVbW4uqqkiShCRJ6LqOAYS5XNjt9p99TK/Xi6qqhIWFtfm8oaEBRVFwOByhz3Rdp66uDlVVAbBYrUSEh7fZr6mpCa/Xi67r2Gw2wg/4XiAQINZh/JkIBIM8/8rrvP/xzDbm3aKlK5jyxruhAfP3xufzceFFFzFo8GD6DxhA9x49GDJ0KIMGD+azzz474mO8/8EH+P1+AF577TUuv+KK5qm7rbjxppv475NPtvmsvLycAQMHMnDQIIYNG8bo0aM597zzWL1mTWibOyZNolfv3ow54QRGjhrFLbfeSk1NjehUAoEQjD+3aHy3dDmLli4PfRYMBvG1DLSEZjOp7foONU1rd5vWtN7mSLDZbLzz9tssX7aM2//2NxITEvhqwQKWL13KmWeeGbICDkRtdZ6amhqefPLJ0HZer5f6+vqD9mloaKCpqemga/V4PLzxxhssWbKEqe++S1paGhMnTmTjpk0AVFRUMHHiRL5ZuJBXX32Vr776ihcmTxYdSiBAuKT+tCiyTFRUJJ/OmU9ifBy5HbKRJAlZlgCJtes3svT7VTQ0NtKtcydOHHMc2/J38MPaDRiGQWlZOcMHD6Csch9bt+WTlZHG+HFjcNjtbNqyjUVLluMPBOjSKZfjhg9t4/o6FJIkERUVBUBkZCQ2m42EhATMZjNLli7ljddfx+v1Muq447jyiiuorq7mv//9L7sKCshIT+fyyy9n8osvUlRUxKRJkzj33HOx2mzI8sHvFrIst/u5oihERUURHR1NdHQ0jz36KPnbt/P000/z6iuvIMsyLpeLyMhIIiMjOenEE1m7dq3oUAKBsDD+vKiazsihg+nYIYt3P5xOQ2NTaFBXNZXtOwvIzkynb88ezP/qG7bl76SuvpHFy1cQFuYiNSWJtz/4mNKycvr27sG3S5azZv1GSsvLeeu9D0lMiGPksMF8t3QFy1et/tnt0/XmabeSJJGfn8+VV1zBmDFjmDRpEu++8w5ffvklb771FkuXLeO+++6jd+/eWCwW0lJTcTqdDB06lOTkZPSfaeW0Z8UcP2YMW7ZsQVVVZFnG6/VSV1fH2rVrmTV7Nn379hUdSiAQgvHnxdB17DYb5511Brpu8MH0mfh8fiRJwmw2cdbpJ9O7R3ciI90oikJZRQWKIhPmcnHy2OMZO3oUdpuNoQP7MXrEMJISE6itrWfLtnw8Xh+aplNcUoqiKOzeU/jLzUiTiQVffUVTUxMFBQUsXLgQJIlly5eTEB9PcXExn3/+OcOGDSM9PZ3BgwcTGRnJhAkTyMzM/NluscNht9mYOnUqx48Zw4UXXcTYE07g+uuuEx1KIBAuqT+7laERHhbGhedMZMqb75K/cxfxcbF4fT4+njmb8op9pKUkN7tujIPjGrKisD8JlMVsbn4715qFKDk5AUVWOG38OOJjY35VO/0+HxkZGQwYMABVVenbty9ZWVkkJycTFhbGO+++y2uvvcaHH3zQpo0WiyXk6jqUW6rdN5EDPl/w5Zd07tQJk8mE1+dj4sSJ3HvPPdjtdtxut+hIAoGwMPiTr7Q2QkHsvNwOnHLiGGrr6pEliT17i1i7fhNnnHwiQwf2Q9eN0Pa6brRy3fx4DF3X0TSNrMx0VE1DlhS6ds5D07RfNOuq+Vw6uq4zZMgQyisqcLvdjBw5ElfLtN89e/YwePBg3n7rLWJiYti0aRMOh4OamhpKS0vxeDwAeDweSkpLKS8vp7yiItSeuro6qqqqKCsro7q6OnQN1VVVVFVVsWXLFiZNmsTadeu49dZbgeaJARERESQmJgqxEAiEhfHXwOmwY26xCgBGDBlEUUkptXX1JCUkkJGWytRp04mOiiQhLgaz2YTJZMLpbF4LIUsSLqcdU0taD7vNhqIoZGWkM/6E0Xz2+Txmzf0Cq8XMxNNO/tnts9lsRLjdBINB+vXrx0033siVV12Fy+nEYrXyxOOPs23bNl588UXCwsJISU7mhBNOwOFw0DE3l1NOPZWHH36Y2Lg4Nm/ezHHHHYeu6zgcDj744ANSkpP58MMPWbBgAcFgkI4dO/LsM8/gcrm47PLLMZvNhIeHk52dzYzp0+nSpQsA4eHhv2g9iEAg+N8iGSKvBL9mzYPJZAoN+PuthEAwiM1qJRAMUl/fQJjLhWJSMAwDWZIIBILY7DYwDHw+PxaLGUVR8Pn9KLIcEiGPx4vX5yPM5Qy5hjhgWu+yFasYNKBvyJ3V5vtAAL/fj8vlQpKk0JTZ+vp64uLiQoN25b59NDU2kpKSEroWn89HdXU1sbGxLYsUG3+cEixJuCMi8Pv9+Hw+jBbLyWQyER4eTkNDA6qqYhgGFovloIV5TU1NyLIsREMg4H+3JOCnxg4hGOJHFwgEgl81dogYhkAgEAiEYPxV2O9uEggEgt9yzBBB7z+y2pvNSFYb1U0e3BHhbabtCv7KowGgG0iaKu6FgEMVUJIkCVmSRdD7V7N9I5SXwB/gzb2svILysnJhZQjaEIyIpDE9F1HoXYAo0fob8/aL8Pmn4HQe86KRIEkktKQAEQgAaPJgDBuJeua5ICvifggOVAxkWf5ZpVmFYPwUPj/k5sGkh0FR4JgfjKVmXROawV/eFWUY8Ny/kYKB5qnYkghTChAL935zCY6Khj6Dxa0Q/PGIiYP6WnEfBEIwfjd0HXTtD2HSa5qGpunCXS1ofqhVFckwCAYCwiX1p3EhSZhMpuYFsUfhkHJLbrifG/sUgvEHp7SsnPydBeiGjiQUg7/4XEkwDLpW12DyNbFuxSoMxfQHcKkKDhekNpvMpKUm0+RpLpcs/aoyzqAoMpHuCOLjYn+WaAjB+AOjaRr5uwrISE8jIT5W3BBB80M9IxKpycTAAX2FhfEnIdiSZig1OfGQGaKPFF3Tqamto7q2jtiY6CMqzCYE488gGLqOrhskJsRhNomfUhDKLQ+SJILefyIsZjNOh+OoHrO2vh7dMFDESu+/2sQY4XIQHML3IBC0N/Ar8i9yawnBEAgEAoEQjN8aj8dLQ2Nju9/5AwHq6xuO+O3fMAx27tpNSWkZf5b4SkFBAYFA4Dc59urVq6mpqRGdUCAQgvHHYPb8L3nk8WcoLa9o87mqarz61lSefGEKfr//SGfOMXPOPJZ9/8PRadvs2ZSUlPzP7k1+fj7HjR7N0qVLAZg2bRr19fUcnXWVfm697TbWrl0rOqFAIATjj4EaVCmrqOTLr75ps8x67YaNrN+0hUAwcFD9b+MQb8y6riNJEsYBW2ia9ova9uJLL7UrGK2Pd6hjH8oqOpy11Pp4aWlpPP/cc/Ts2RO/389/Hn00VO71cJbW4Y4NzbNGdF3/Re0UCP4MFnx9QyPBQ5RuDqoq9Q2Nv3j8QMyS4rdYT0NifBzrNm1lx67ddMjKxOf38+XCRUSEh2FSTEiyjMfr5Yuvv6Vg916sVgvDBg+gW+dOACxZvpLlq1bjsNup3FdFVkYaAJu2bGPRkuX4AwG6dMrluOFDj2j6m6ZpvPrqq6xZs4Ynn3yS8ePHk5OTw5KlS6mvq6OwqIi/T5rE22+/zZYtW0hKTua+e+8lMjKSf//738TExLBk6VIUReEfd99NXl4e8+bNY+p77yFJEmdOnMiIESN49NFHiY6JYdXKlZx22mkEg0FmzpxJckoK9993Hy6Xi+8WL6Zr16688MIL7Nm9m/sfeIBx48Yx4YwzDmr3nM8/Z9qHHxIIBhk+fDjXXnMNe/bs4d1338VssbBixQqysrK49557sLWUsvV4PNx1112cfc459O7VC4DHHnuMHj16MHbsWNFBBfx504V5WLFqDYkJ8eRkZ2JtVZHTHwiQv7OA0rJyBvTtRXhYmLAwjgkLQ9PomJNNx5xs5sz/CoBlK1bh8XgYPmRgs6QYBp/Omc8Pa9YxqH8fYqOjeXPqNIpKStm6fQcfffIZeTnZdO/aiUAwiKIolJaV89Z700hMiGPksMF8t3QFy1etPsIZlTLZ2dnIkkTffv3o1LkzpaWl3HfffVRXVzNx4kS2bNmCzW7n5ltuYd3atTz3/PNIksTUd99l8eLFXHjBBVRXV/PwP/9JbW0tN99yC+PGjePaa67Bbrfj8Xp56eWXaaiv54wzzuCWW29l+owZXHHllXz7zTe88sor6LrOu+++S319PTk5OVisVgYNGkR2djaqquL1evF6vei6zrJly7jlllsYPXo0l116KS9PmcKrr75KY2Mjjz/xBD6fjysuv5zP58zhzbfewmq1YhgGERER7Kuq4umnnwZg+/btvDxlCunp6aJzCv7U2G02khLi2bp9B9t37ArFCgOBANt37GJr/g6SEuKx22zCwjiWpi0qisJJI4fz9OQpfL1oMYsWL2fksMFEhIej6wZNHi/rNmzi+JHDGNivD3179WDthk1s3rINj89HfFws48ceD8CK739AQmLLtnw8Xi+aplNcUoqiKOzeU8iQAf04ksIogwcPJioqijHHH0+3bt0o3LuXvLw8HnvsMaxWKwAnnHACO3bsICcnh127duH3+wmLiOCmm25i0KBBBFWVJ554AlVViYmO5tOZM7nqqqsYM2YMpWVlREZGctVVV5GcnMzLU6Zwysknc9KJJ7JkyRK2bduGqqrYrFYsFgsjRozA5XRyyimnEBMdzdSpU3nttdewWCw8/PDDfD53LoMHDeLiiy8GYNv27cyePZuePXuSmprKpDvuwOFwsHDhQjZv3hxyRcmyzM033cQZEyZQVlbGhx9+yLChQ8nLyxN9U/Cnxmw20yE7E90w2Ja/E4C0lGT2FhWzbccOOnboQIfsTMxHuXSzEIxfa2WoGinJifTr05MPPp5JSlISQwcNYO36jQDouo6m69hs1tAgZ7GYCQSDBINBbHZb29QOgKZr2G02kpMTUGSF08aPIz42hp+zKlTX9ZD/0jAM3G43UssK0c9mzeL5556jR48e7Kuqwu12YxgGkiSF9jGbzWAYhIeHM336dKZMmcKkSZMYOWoUf//735FlmWAwCIDT6cTUsnDQYrE0x2JaxRECgQCGYYSOPWbMGLp264YkSWRlZvLu1Km4XK7Q9hHh4QSCQVRVbXMeS4vZvf/YgWCQ7t2707VrVx597DFWrFjBo//5j+iUgr8EVouF3A5ZSEhs3radwqJiGj0eOnfMISc7q42bSrikjgkDwwgNXmNGDScrI52xx4/EarG0BLI1HHY7GWkprFi1hqrqalav20h1TS05WZnEx8WyZ28R+bsK2LItn+LSUnRDJzsjA1XTkCWFrp3z0DQNVVV/xkLf5qRiRcXF1NfXhwZrqUXAnnnmGcaPH88jjzxCRkZGaCaX3qquxv6/Gxsbqa2t5YEHHmDS3//OypUr8bW4kjggaN/e34ZhYDabCQaDFBUVUVtbS1xcHD26d6d7t264XC6GDB7Md4sXs3PnTmpqapg2bRq9evbE6XS2ue7Wx9Z1HaPl76uvuooXXngBt9vN4MEiw7DgryYamXTqmIPH56NTxxxyfyOxEBbGr8RmtaK1DFpRkZHcftN1mM2mljd0E3abHbPZxMRTx/P+xzN58oUpSMDY0SPpmNuB5KRENmzcwqtvvUdyYjzJiYkoikJWZjrjTxjNZ5/PY9bcL7BazEw87eQjbpfL5eLU007jlltu4YILLqB///4hK0KWZU488UTee/99fli9moDfT0JiIpIk4Xa7Qyas1WolMioKj8fDw//8J02NjTQ0NnLzTTcRHhGB2+0O5bSJiIjA1uIrdblchIWHI8syMTExSJJEbGwsx48Zw/nnn8/VV1/N7X/7W5v2nnHGGazfsIELLrwQRVFIT0/ntttuo6ysrNkyarG8nE4ngWCwua0REaG2jhgxgtTUVC5s2V8g+CthsVjIy+1AWkoyDof9N00TJEq0tscdV0BjPUz+4CeTt+0PNFnaUXNV1QiqQWxWa8jV09DYiNlkxul0tHlrbmhswumwI8symq5jaRkIPR4vXp+PMJez3XMEgkGWrVjFoAF9Q/u0Pm55eXlIBHx+Py6nMzT4FhYWYjKZiI+Px+/3Y7PZaGxsxG63YzKZCAaD+Hw+wsLC8Pv9lJaWEhYWRnR0NIZhUF9fT1hYGLIs09jYiMViwWKx4PP50HUdu91OQ0MDTqcTRVEIBoNUVlYSFRUVEpcD2bdvH8FgkISEBCRJQlVVPB4PYWFhSJKE1+vFMAwcDgcNDQ2hti5YsIC7//EPFnz5JREREaL/HmH/Ffx18fp87CrYQ25O9s8SGGFh/EplP+SNNSltSiAqioK7ncGs+fPwNv/ej8Nhx+Gw/6K2KYpCUlISrYNkrUlNTQ39bbc3nyOs1fQ7s9ncxtrIyMhoE1hvPTC3jj+0FoPw8PA2x2vdnvaIiYk54B6a2hxjfzsPbOvixYu55OKLhVgIBIgCSgLBT3LnXXdha5n9JRAIhGAIOPTiwZ9bNYs/4Zx0Ae0XVBII2kFTtV+UzFgIBj9RU+AY9/8qZjOyzUpJVS0JcTHiNxO57sEAMyDpuijRyp9p+r5KXV09YS7Xr57YoWoaNbW1yLKELEq0HqUnr6IcFs07ph84BehYXkHpim+oE2+TghbByMzfhmZzsF6UaP3zlGg1m8lITaG8shJV1X71cgBZUYiOjvrZ1fuEYLSH0wF7CuCeWznWy2THSxLxrdZPCASSP4A+dKQo0fon8jvLsoTJZMLn8//6Z10CWWo+3s91Z4tpte2xZwdUV3LMq0WbV0uBoNUI446EzI7iVgjEOgyBQCAQIOphCAQCgUAIhkAgEAiEYAgEAoEAsXBPwDGeMdfj9dLY5Allbz0ckizjcjpw2O1/+UV/AoFACMZfBo/Xy+Jl37O3sBhN145gxpSBIiukpSYzdFB/nA6HuIkCgUAIxl+BpiYPewuLGTygLzHRUYedoy1JEvuqqlm6YhVN3T1CMAQCgRCMvwr7K/rFxkQTd4RV+SRJQtP1NkWQWlNdXUMgGCQmOgqTyYSu63i8XlxOZ5vtvF4vkixjs1rxeDyYTKZ2M/j6/X40TcfhsBMIBPB4vOiGjklR2mSjPdDVVlFZiUkxER0d9bPuSVFxCZqmkp6W9qvu6yGvWZJDFRSPhJKSUux2O5GR7lDa+vydO7HZbHTM6cCvdUkWFhUTFRmJy+UUD4QAEfQWHNEA92u3VVWVF15+hYuvvJarr7+FG269g8KiYmpqa7ng0qtYsmx5m+2fmzyFD6dNB+DRJ5/l1kn/QA2qB9UMufG2v/P08y8CMOvzeZx+9vlced3NXHr1Ddxx170U7NnTVrBqavj7PQ9wxXU3cdm1N3L/P/+Nx+M94uub8eks3nr3g191P/dVVR3ymj+Y9vFP7pu/Yyffr1oduqf3PvwIb7/X3J69RUVcf8vtvPL626xbv+EXrdpdt34jGzZtDonP9bfcwey588VDIBCCIfj9+GH1WuZ98RVPPvoIb7/+EieOHYPZbMbQDcorKnnk0ScpLimldfzE11LeNRgM8PU33/Ll19+0Oeb8L7/m2+8Wh4pNNTQ2kp2VyesvP89zTz6Gpus8+cwLoXrfANOmz6Squpo3p0xm8lOP06t7N2T5p2MzrffXNK3Nv5vrpOuH3a/tmzuHveZDHXvx0mV8+92SUE2PO2+/lTPPOA2AD6bNICkpgeefeoyzJ55x0KSD9sT8wDZ+8dVCflizDgCn08F//nk/o0eNOMjy+LUvFgKBcEkJDkl9YyOapmN3OHBHRHD6KeMBKC0rJyY6ipTkZB565FGeffLRUCXB/QOe2WRm0ID+TP1wGkMGDyA8LIy6+no+/HgGA/r1DWXYlCQJq9WKOyICd0QEE047hceeehaf3x+Kp9TW1mE2mXHYHcRER5OSksw3ixazLX8HV19+CZIkkb9jJ3O/WMD555zJ+9OmU1hUTGJCPFdcchGKooTatXNXAVM//JiG+gbS01O56LyziYiIYPOWrbw/bTper4+kpARioqM5a+LpoVTphqEf9poPPPZlF53P7r2FfPHVQkDi2ckvo6oqsiQx/sSxrPxhNd8tWUpCfDzPv/QKHo+XzIw0zppwOjW1tbw99QOKS0pxR0RwyUXnoaka70+bTmlpGdlZGVx9xaWsW7+RJcuWEx0dTX19PaqqYjaZOf3UkwBYtGQp8774ClUN0qd3L86ecDqNjY28/vZUYqKjWb12HeHhYVxzxaUkxMeLTi8QFobgl9G/T29SUpK4/Orruf/hf7F+46YfZ1YpCnfdcSv1DQ28OOW10OC/n6CqMu6E0URHRTHt4xnNlsLHnxAbG8Pxx40kqAZ/3DYYpKGhkbLycqbP/IysjPQ2BZBOP+UkSsvLOf/SK3l28suUlpWTkpzEhx/NYMfOXc1v6h/NwO/3M3vufNau28C1V1xK57yOoTfr5tKxTdzz4P8R6Y7gvHMmkr9jJ08+Oxmfz8cTTz9PeloqF55/Nl9/s4jqmpo2ZW4N49DXLCsyHo+Hex74Z5tjP/7Uc8RER+OOcJMQF0evHt3p06sny1asYu36jaSnpRITE01cbCw9u3dDVVXmL/gaVVV5/Mln2bmzgPPOnkjH3Bx8Xh9bt+eTEB/H+eeeyTffLeGzOXOJj4/D6XSQlpJMrx7d6dalC1989TWFxSVs3rKN/zz+NAP79+X0U07m4+kz+fiTT9F1gw8//oSi4mLOOPVktuXv4O133xcdXiAEQ/DLiYgI57n/PsZdd9xGY1MTN99+J6vXrMNstqBpGnGxMTx0713M/nw+CxZ+2ybAbeg6NquVqy6/hNmfz2fFyh+YM/cLrrrsYqxWC4bePJBbzGbWb9zM1TfeyvW33IEkyfzt5hva5PjP65jLmy+/wIXnnc33K3/g5tvvJCY6mv79+jBrzjzq6xtYvWYdZ004gyh3JOUVFSxauow+vXsSERGOruuYTCY2bt6MYRhce+Vl9O7ZgxuuuZJVP6xurgWgyOTmdiA7M5PEhHj69u51UJ2BQ12zSTGxacs2DGhz7BUrVxEe5iIzI43UlGSGDRnEiGFDSElJBsMgLjaWxIQEOmRnMnTwQPr06oHdaqOquoY16zZwy43X0qtHdyaefgrZWZmcMHoUZ55xGuFh4SQmxLOrYDfpaamkJCeTm9OBYUMGcfyo4cTGxmA2mVj47SJ69ujGqeNPZPDA/kw4/RS+/W4JPr8Pd0QEF19wHkMHD+TkcWMpKikTHV4gXFKCX4fVamH0qBGMHjWCG26dxOJly7k4KwNoDmB3zM3h5huu4alnXyAy0s1xI4aH9g0EVbp27kTPnt254dY7OPmkcXTulMeq1evaWCKdO3Xk/x64F6fDQUREeLuLB6OiIjnzjNMYN+Z4zrnwMvJ37uLcM8/gkUf/CxJkZ2eSnpZCRnoq4eFhzJ47nxmfzubpx/+F2WxGkrx4vT7sdhtyixA4HHaCmobNamPIoAE8P3kKGenp9OvTm/79+rR7P9q75pTk4/H6fNhtbY+t6Tr+QABN0zHJRrtxA13XQzEJVVVBara4DENvU7Mc4JNPZzN/wVd06dSJxsamUO0CvVU6+0AwiGEYGAZ4fX4crY7hcjpRVRVd05tnxrWc12w2I8syhmGIhZsCYWEIfhlz5s3n7akfUFtXx45dBZSWlpGXm4OuNU/B3T8EnnbySYwcPpRly79HVloNYi0D42UXXcCQQQO55MLzQvEAvcXC0HUdq8VCclIibnfEQQOWpum88sbbLPj6G+rrG/hhzRp0Qyc+LpYe3bsREx3FO+99yBmnnowkSRQVl9CzRzceefA+IiMi2LlrN5IkEQyq5HXMpbS0nOUrVuLxePhs9jxSkpNwhbnYubOA5OQk+vfrQ58+vdDaKUpzqGs2DIO83A6UlpW1PXZSEuFhYciyTE1dHbV1dS1iYIQG+NaDvWEYaJpGdFQUcXFxfDr7czxeL9vy89mydTvvfjCNsyaczrVXXUZUVGSbwjmV+/ZR39CApmktx9Tp3as7q9euo7ComPqGBuZ9+RV5ubnYbDY0TW1zXSL4LRAWhuBXkRAfz4yZs/n4k08BGDViGMeNHE51TS3h4WFtBvcbrrmS7fk7MJmau5DT5cRibXZRpael8vTj/wptb7NacTodLX/bcLmc6LrR7swnWZaIinTz6ptv89yLU5BlmeuuuoK01BQABg0cQE1dPf369gZg7foNzPh0Fg67nfi4OAb270vB7j1YrRYSE+K56fqrmfzyq5hMJsxmM3fcehOqquLxeLDb7OzevYfP539JZEQE/3nkQcwt1yPL8iGvWZIk4mJjuen6aw449o3IssyoEUP59+NP8fd7HuCBf9xJRHgY1pYYjdPpDMVrLFYLTqcDm93G7bfcwONPPsvy71dhNilcd9UVjBg6mLenfsA33y0hEAwQ6Y5o/l2GD+WFl1+lYPce7rnzdiLCwzEMg1HDh7Fp0xbuuvdBZEUhKTGBiy84F4Dw8LCQhWKzWsWaDQGiHsZfkLLyCmbOmc+EU0484oV7FZX7mDFrLqePH0tCfBwHrsWorq7BbDET6Xb/uIjN48XpdLQNdAeD6LqB1WrB6/OhyAoWi7ldt46m69htNgKBAKqmtXGdtIfX56Ourh6X0xka3FRV5fa77qV/vz5ccM5ZoW1ramvxer3Ex8WhKAo+f3NVsv0znpqammhsaiIyMhKL2cyWbdu55/5/8sIzjxMdFcWsz+fz6aw5vDL5WawtoqcbBp4mz09ec3vH3k9tXR2GAe6IcHw+H4rJhMVsxuv1ISsyVouFYDBIUFVD98Ln81NdU4M7IhyHw4Gu65SVlWO324mICCcYDIaEp7q6BpNJISwsDK/X2xxbaRG7mtpaVFUlJjoaSZIwdIMmjweHw44sywSDQVRVPcgFJhAIC+PP7lOUZWRZpnJfVRvXx+FSg+zf76AOYTIRFxd70DnaeyM1txog9w/O7dE6OG6xWLAcwXXZbbaDjllcWoYkSZx0wpg2n0e63SFx2/8G3Rqn04mz1YrtzPQ0jhs5nHse+D+sVit2u5U7br0pJALQXMLycNfc3rH3446I+PFaWg3MdrutzbFaH89ms5KUmNDmviclJfJjfMnaJsazH8cB6V1a34vmZJNtr+XA8woEwsL4i9DY5GlOPlhUjH6EyQdlWSEtJYmhgwbgcv5xckmpqophGEdtsGtoaCSoqoSHuUJv5wKBQAgGf96UIAZer5cmj+eIA5myLON0OLDb7YddQS0QCARCMAQCgUCAmFYrEAgEAiEYAoFAIBCCIRAIBAIhGAKBQCAQgiEQCAQCIRj8AavJHSlBVUU9RPEcgUAgEPD7rvRevzWf9VvyqamrJzoygt5dO5GXnXHY/QLBIBhgsZipb2jihXc+JDs9lbNOOv6oZNf0BQL8d8o7pCTGccnEUwDYsG0Hi79fg8mkNK+ANkDVNOw2K8cPHcAXi5aRnpzIqMH9aGhs4uO5XxEbFclJo4aG1jLUNzbx6RcLiXRHMGpgXxYuX8WuPUW4nA56d82je15Ou6urBQKB4C8tGNPnLuCjOV9hUhTc4S6q6+qZ8/ViLjzjJE4cOeQn933+rQ9Jiovl3FPHomoahSXlOGzWo5aOWdd1du0tQpKl0DFr6xvYvKMADIOyfVVYLWai3W7CXA76dOvMvG+X0b9HF0YN7ofNamXH7kLmfbuUbnkdSE9uTt+wbPV6Ppj9JeefOo53P/mcLxevICUxjoYmD2s3b+ORO24kzOUQvU4gEAjB2M+GrTuYNmcB2WkpXH/x2cREuimtqOS5Nz/gvZlzycvOxGRSqG9sIsLlZNP2naQmJdCpQyab83exYesOAoEgK9dtwjDglOOHk5mahCzLaJrGpvxdVOyrJjUxno4tFsvGbTtwOew0eX2UVe6jS24HEmKj0XSdgr3F7NpbhDsinD5d85AkCUVRUFq97Q/p04MBPbpSWVPD3Y8+T5ecTG69/AIkWaKyqjnRm8mktOTiMTF6SH825+9ixdqNpCcnouk6y9dsIDYygr7dOvHYy2+Rl53O/bdcjd8fYF9NrRALgUDw1xGM+oZG6usb0AwdDFBkmaTE+IPcLOu2bCcYVDl1zAhSEpqzoWamJnPiyCG88PY0NufvxOP1M33uV0RHRtDY5EE3dK445wxWrN2A1+dj++69lFRUomk6VTV1nDhqCB3S05j8zjRWrt+MzWLB5/dz4qihnD3+eKbN/oK9JeVYrRbqGxpJiI3hwduuYcWaDUydOReTSaHJ62P8yCGcNX7MQZaKLMtYLM1ZRPf/e38yuvasmr7dO5MQF82K1RuYOO44CkvL2bZjN/17dSEjNYkwp5Nde4t586PPGNi7O93zctq9p3X1DdTU1okUHQKB4DfFABSpOW1/eJiL3yzobRgGewqL2b23EFVTD5verra+AZvVQlxU26yZMVGRmM0m6hub0A0dTde59MxTeOTvN6LICsvXbOD8U0/EbDYzpE9P/nPnzdxz4xWYTQqSJLFu63YWfb+ak0YN5ekH7qBfjy7M+WoRBYUlIEnYbFYe/tu1nH3yCRSWlLE5fxfdO+Vw+9UX8ehdN5OXlc53K9fQ6PUe0rXVOlPKT2VNCXc5GdCzG3tKStmyczer1m/BHwwwpE9PrBYLl5x5MknxsXy5eAX/99yrPPvG+wQCQdFrBQLB/wQJUDWV3XsL2VNYzC/JCnVEFkZZRSWNTR7ycjq0W+/gQKIjI/D6/BSVVZCVnhr6vKS8gmBQJTI8nPrGRmxWCx0yUomMCCcmyh1605YAi9mEw24jGAw2u5BkmeKyCiRJpmvHbJwOO506ZPLdyjWUlFciSRIRYU7iY6JJSWiui+APBJAlmdUbtvBJSSkl5ZUY/PJZVweKzLB+vfhi0TK+XLScwtJy0pMT6dZiSfTqkkf3Trls3VHAB7Pms+SHdYwZNpBOHTLbHCMiPIyI8DDRmwUCwe9CIBAkf9duyioqSTygHs6vtjB0XaeqqobU5MQjEguAPt0647Db+GT+N2zJL6DJ42Xtpm3M/uo7otwR9OzSEa2lTKTH66O6to7q2joi3eEoJgXdMAgEg2iahtFSJNPQDaLdbnRdo6i0HE3TKK3YhyzLRLnDQW9dBrM5kO0PBJn8zkesXL+ZscMGkZmW8qum6AZVlSavlyaPF58/QEZqEl1ys1i+dgOFJWUM7dcLm9WCx+tj5hcLKSgsJjcznaT4WDCMUDU3gUAg+F9hsZhJTU6kqqrmZ4+HpiMRjOYKabYjPmhuZhqXnHkyUz+Zy4PPvIzVYsHv9+NyOrj87FNDwWifP8BTr00lGFTx+PyMHNiXyPAwwpwOvlryPZXVNVxw2okEgkG8fh+9unakc042782cy5KVa9m5t4gBPbvSITMNj89PUG12+Wi6jj8QQFVVgqqKzx9g5frN7NxTiKo111T2BwIEgmq7LimfP0Cw1XeGYaDrBstWb2D9lu0EVY2enXKZdO0lDO3Xi+/XbiIizMWg3t1aLKlKZsxbyAezvsBhs9HQ1MTAXt1IT0kUvVUgEPzPcdhtqC314H/OVP/f7JX3hGGDyM1MZ/2WfOoaGomKCKdnl44ktwTBDd3AajHTu2seumbQOTeL3l3zALj2wjNZu3kb8dFRhLmcnHvqONKTE3DYbEy65mK++341+6prGTGwD8P798ZqMTNu5GB0o1kt05MTuOD0E+mWl0OXnGwWrVyD3WphaL9zKK2oxOV0cOaJo3EfULMZwOVwcN6pY4mPiQp9Fx7m4pxTTiAYDIZcWgmx0QD079GFy846lYjwMBJaSqRmp6fw0G3XsHrjVpo8XpLiYxnar6ewMAQCAX/qehiqqrJxy3a6dso9qlXJ3p4+m3nfLuX5f95JVKtylgKBQCDgN69e+UvG9f/ZK++Qvj3JSE3CYbOJX08gEAj4i6cG+Smy01PITk8Rv4BAIBAgkg8KBAKBQAiGQCAQCIRgCAQCgUAgBEMgEAgEQjAEAoFAIARDIBAIBEIwBAKBQCAEQyAQCARCMAQCgUAgBEMgEAgEAo6l1CAAwWCQXbv3sGdvcUtqcumwRQbNJjPpaclkZaRjNpvFLyg4ZhD9WSAsjN+QxsYmVq5eR2NT0yFLpnJAxbvGppZ9GpvEryc4phD9WSAsjN8QfyBAY5OHMaOGEx8Xe0T7lFdU8snsefgDAfHrCY4pRH8WCMH4Hfg5xcgPtW1TUxMffDyDhoYmwCArI4PRo4bjdDqP+Ni6rhMIBLC1k3L9628WsX7jJnRdx2qx0iE7k8GDBhDmch31++H1+Xj51dc5buQIunftcugByu9HlmXMZjO1dfVMfvlVJp5xCh1zckTP/oP3Z4Dde/by2Zy5eDxe+vXpxfChg3+W28rn82M2m1AU5ahd25p166moqGTsmNFt+uH0mbM4+cSxhIv69AiX1B+A+oZGXn3jHRoaGpBlhekzP+PWSf+gsbHxiI/xw5q1TJ7yervfzfp8HkuWLkeWZXx+Hx998inX3HgbO3ftPvoDjq6zc9du6urqf3K7V15/i+Xfrwr9u6q6Gp/PL3r1n4DS0jL+fs/9lJdX4LDbeWvq+2zfsfNnHeO/zzzPjp0FR7Vd6zduYtLd97Nk2fLQZx6vl9fefIfaujrxwwkL449DWJiLSy88n9TUZKqqqjn/0itZv2ETgwcNYPeevezZW0h6WioZ6WkA7C0sIjLSzfb8HUS63WzcvJXde/ZQsHsP8fFxOOz2H5VVkhg1YhjXX3MlAIFAgIf/9Rj/fvxJJj/zBBaLhYrKSrZsyychLpaOuTkhy2fdhk3YbFY65XXEbrOh6zqbtmylvr6BvNwcIiPd7N6zl7jYGDZv3UZ6Who333AtifHx+Hw+qqqrsdsdbN6ylcSEeLKzMqmuqWXTlq1ERLhJS0lGNwxuu+l6EhLiAQgGVTZu2ozX56NL5zwiwsPxeLxU19ZgNpnZvj2ftNQU0lvuheDYYs269UiSzCMP3dfyFh+gydPEtvwd5HbIDsVItufvJDkpkaAaZMPGzbjdEXTM6UBlVRWbtmyhd8/uuN0RxMfF0tTkYf3GTZjNZnp274bJpFBWXo6iKJRXVGI2meiYm8OmLVupq6unZ/duOBz2Nu0ym0w4XQ4ef/JZ0p5KJTUlGUmSsNmsoTYVl5SwY2cBKclJZGdlEgwGKS4pweFwULB7D127dEbTNNau20ByUiLZWZmh4+/ctZvC4mJyO2STlJggOoIQjN/YHdDa1JckFJOJ6TNnMe3jGXTMzWHb9nzOnHAaZ004nWdfeIl91dVIkkSfXj1Y/v0PVFVV8fpb73LRBeeS2yGbtrNg1NDfFouFyy+5kCuuvZnyikrKKyp45oWX6JyXx66CAkaPGsEpJ43jjrvvJzLSja5rDOjfj1NOHMs///04e/YWkpqawuy587n9lht56F+PocgSSDJXXnoh77w3jcsvuZCoSDeT/nE/WRnpmEwm1m3YyF133EZVdTUbN28lEAiSvyMfr8/Pps1bmfzME8TGxHDPg//E7/cT5nLx4pTXeOTBewkEg9xx932kpiSjKArb83fw8P330Ld3T/EkHGOkp6VSUlrGE888zxmnjCc7K5Oqqipuv/NeHn3kQbp0ymN7/k7uffj/uPfvd/Dciy+TnJREk8fDSWOPZ9fuvezatZuZsz+nqrqG40YO58H/+w/x8XH4fD4+n/cF9951B9NnzmLB19/QqWMOuwr2kJ6eht/np7yygsT4BB595ME2brBAIMiY40YB8NAjj/L804+jyErLM2Fm8dLlvPrG28THx7Jp01b+fvst9OzRjRtu+zu5HbLx+fxomorT6cIwdLZuy+e+uycxZNAApn4wjS8WLKRzp468/e77XHvlZfTv10d0BiEYRx9JklBVlQ8/no7L5WTpsu/pkJVJQnwcD//rUR6892769enFipWreOiRRxk+ZDD1DQ1kpKdx5+23YrVYsJgt7CrYw4P33oUsH95bFxMdjcmsUFhUxNtTP6R71y5ceenFbN22nX8/8RS5Oc0C9cx//0OXTnkYhsGSZStYt34jUyY/Q1xsDA2NjUiSRHV1DSeOPZ4rLrkI3dB56ZU30HUdwzCor2/g6isuJTenA8+9OIXpn3zGY/96iM/nfcm5Z01g1Mjh1NfVc+Hl1yDLMvO+XEBVdTUvP/cUdrudh/71KG+88x7nnjWRJo+HW2+8jsyMdO6890EWfL1QCMYxSJfOnbj/7r8z9YMPmT1nHkOHDOTuSX+je7cuzJg5iy6d8vjs87n06t4Nn99PcUkp9941idSUZAzDoHevnsyeM5cbr72KLp068dRzL6DpGjdffw2epiYm3fMAm7duI6iqZGak8/D99zBj5ixefPV1PvngXWpqarny+psoKS0jPS21TczFbDZz643XcuX1t/DilNe4+opLQ89fp7xcnn7i37gjInj0v0/z5VcL6dqlE36/n8svuZDcDtmcef4lnHhCN6696nLu/+e/WPjtIjrmduDNd97jjltvon+/Pnw0YybvfzSdfn17H9GMM4EQjJ8pGIBhUFNbh6IoTDjtZMaNHUP+jp2YTCa6dukEQLcuXZAkiZLSMmw2GwP798PeEuSWZRlZlo84SLivqgpd13E6XZSWleF0Opj8ymvomk6fXj3JSEvltFNO4u77HqJjbg43XHMlO3buIicnm7jYmGY3mstFk8eDw2Fn8MABWK0WfH5/6CExDIPw8DBSUpJb2t+ZlT+sIaiqobYqsozJZEJRZMAgf8cuOufl4XA4AOjfpw+z5szF5/MRER5GYmI8siyTkpxEVVW1eAqOUcaMHslxI4exafNW7rz3QWbNmcvF55/D3+95gG35O1i5ajX3/+PvZGWk069vb2649Q569ejOtVddTlSkG0mSMJtMyLJEaVkFPq+PV994G1VT6ZjTAZvViqHrxMbEYDKZSEpKJCMtjbAwF2aLGYfDgcfrO6hdqqoSFhbGQ/fdzc1/+zvxcbGYTCZAwulw8OnsuRQWFbN+42Yy0lLRdR2LxUJsTDRWq5WM9HRSUpKb+2BSEiWlZZSVVaBqOstXrmLV6jUEAkE65eViGIYQDCEYRx9dNzCZzVxzxaVt3ojCw8Lwen3U1NRiT0yguqYaVVWJiAjHMAx0XT/i2S1ms6nNzJDX3nyH7MxMOmRn4nZHMHrkCE4aNyY040qWZW654VouOu9snnruRV554y0G9u9HeUVF6HvDMEJ+tNZtOXD21v5HZk9hIS6nA7PZjK5rIXHbfxxJkomKimTz5q2h/YuKi3E6nZjNJnTdQNP00D7iYTw2Ka+owGK2EBnppnu3LuR0yKKurp68jrlkZKRz970PkZ2dSV7HXBRZ5qF776aktIwHH/kPb099n7/dciO6YaCYmvtsRHgYERFh3D3ptja/vaqqoX5nGEbomdj/2U91j7zcHG6+/hr+899nMJkUJEniyWdfwOP1cumF5+NyOthTWIRxQP9u/dwZhoEBREa6sVotXH7xhaS2vBztf0YEQjD4LaYyen0+/P6289lTU5IZNKAfDz7yH4YPGcy33y1hyKABpKYk4/F60TQttG1aagqzPp/P5CmvMX7cCW2ERzcMFn77HYFAEFVT2bItn4Dfz0P33Y3T4eDkE8fy2lvvsK+6moaGBlRVZfyJJzBz1ud07ZSH3x8gOTmR4UMG88FHM3j4X4+R0yGbHbt2csXFFxEMBtsIht/vR2sRhOrqGp576RXi42L5eManXHvV5disVqKjovjgo+lUVFQwcsRwfH4//kCA8eNO4MsFX/PkMy/gjoxg9twvmHTrjSiKgtfrDQljMBgkIOb/H5PMX/A1n82ey/Chg6ncV0VhYRG33XQ9AKeNP5FbJ/2DG6+/GkWWWb9hE19+/Q1dOuWBYZCSkozZZCI6KopXXn+LUcOHctrJJ/HA//2bZye/TKTbzfYdO7n9lhvQNJ1AIAiApmn4/f5W03J9B73EqKraps+cfNI4tmzbzocfz0DTNKqqaoiICGNXwW6WLF9BQnw8YODz+UL9zh8IoLY8d0FVxef1kZSYwJCBA3jokUcZPWo4BXv2kpOdxVkTThed4RhCefDBBx883NqEin1VxMVGH3W1b2xqYmv+TvJyO+ByOX/VPpLcbA737N4Ve+vZTbLMoIH90TSNktIy+vTqyeWXXoTFYkFRFPI65hIdFQlASnISiiLj9fno3q0rrlZrOKwWC1abFcMwsNvtDB86mOuuvpz4uLhmn3OnPBIT4ptdYGYzY0aPIj01leqaWvLzd9IhO4vzz55IeHg4gwb0o7SkjJq6WkYOG0qHDtnYLFa6dM5rXtchSVgsFjrndcTn87No8RIGD+xPZeU+zppwOmOOGwlAdlYmlfuqiImOplPHHBwOO106dyI+Lpb+fXuzp7AIj8fLReedzaCB/VvcW+F069K52ZWlKGSkp4VmjQmOnf7cqWMusTExFBYVE+l2c+N1V5GVkQFAWXkFhYVFXHf1FZjNZux2G+XlFezcvZt+fXox8bRTMZkUsjMzKC0rJyU5iUED+tGje1cKdu+hobGREUOHkJ2VidlkIiMjjfS0VGRZJjo6ik4dc5ElCbvdRreuXdrMlFIUhZTkpDZ9plePbsTGxNCjW1e6dM5j9569BAJBTho3hpwO2aSnpmF32OnetStWqwWzSaFjbg4x0dEoiom01GSyMjMYOKAfhqGzZ28RifFxjB41os0zKDiaHplfNq5LxmH8MKqqsnHLdrp2ym3xUx49ysormDlnPmecPO5nr4w9ffxYEuLj/vQ/7MbNW/jH/Q/z0XtvYbVYRE8/hvk9+rOqaUy6+z56dOvKpRedL2664BfxS8f1/6lLymKx4HQ6WLx8JXablcMtkJUk8Pr8OJ12LH+RwTM5MZGbr78GWcQajnl+j/6s6zonjR3DgH59xQ0X/O78Ty2MQDDIroI97CksRj3C7J4mk4n01BSyMtOxiOyegmMI0Z8FwsL4Ld/IzGbycjuQl9tB/IKCP76FIfqzAJFLSiAQCAQCIRgCgUAgEIIhEAgEAiEYAoFAIBCCIRAIBAJEapAD0A2oD+rU+DU0/cj2UWSItCqEm2VksTRBwLGVnsbj9dLY5MHQj6xDS7KMy+nAYbeLvF4CIRg/RV1A57UtdcwoaKQxqB9WAHQDXGaZCZlhXNEpjEirIn5BwTGDx+tl8bLv2VtYjKZrR7QOQ5EV0lKTGTqoP86W7MICgRCMdqj1a3xS0MAPFX6QfvrxMloEQ2p5DCdmOYVgCI4pmpo87C0sZvCAvsRERx02+7EkSeyrqmbpilU0dfcIwRAIwfgpNAMaggaSBKbDmBdmWSLCIrPPp9EQ1NEO8SxWV9cQCAaJiY466ivTfwmBQACPpyVDrAR2mx2bzfrbiXBtHaqmEhMdfcT7lFdWIiMR21KjQ8AvTuim6TqxMdGheiccQeEvrVU68WO9P4eeXU2juqYWgKhI9xHXkDls/62ro7y8gpwOHZBbjQmaplFWXkFCfBzVNTXU1zeQnZVJeUUlTocdl8t1QPt09hYVkZgQj81qFZ2TP0nQ+0jiEFZFYnC8jQtzw4i2KRiHWOr+wsuvcPGV13L19bdww613sLew6Ge15dvvllBRue+oXt9nc+Zx2lnnc/FV13HJlddxzY238vxLU2hobPxN7ufkKa/xz/88/pNvt6WlZSxesjz076efm8yzk18WT8NRFI5fu+2x2p8BVq1ew7U3/Y1Lr7qey66+nmtv+hur16w9Ksdes3Y9Tz43GVVV23y+t7CIK669iU2bt7B8+UpefvUN/P4At995D+9Pmw7Aiu9Xsatgd6ieyHU3/Y0VK1eJDvlXqYdhGGCSYWC8jXOyw1lX5cerGkS0k6fth9VrmffFVzz56CPExcXyzaLFmEzKYR/W/al9DWDaxzO4/pqr2rwdHmmRoUNt19jYSHZWJv/9z/+BBDt3FfD08y9RULCX//zfA6F6yYfav70iMocqLKPrOmeecSpen+8n27xh8xYWLV7K0CEDAbj2isvQjLYDl6brKKJ4zf+MY7U/b966lUl338+ZE07lofvuxmw2Mf/Lr6mrbzhs/zy0taK3VIts7neaprUU+/rxOIkJ8fzjzr/RITub7Tt2ElRVzBYzt9x4bajEwKzP5zFi2FCyMjNISkzgP//3IFmZ6Ye9JlFI7E8gGPvfjzuEWzgt08XO+gCz9zRSH9BJdB784NQ3NqJpOnaHA3dEBKefMp7CoiL+/fhT3HDtlYSHhdHY1MSLU17jvLMmsmzlKlauWo3L5eSsM05jy7btbNmWz1tT32fooAGcevJJzJozjyXLv8ekyJx28kn069ubeV9+RVFxCZWVlRgGnDR2DHPmfUF5RQWnnXwSo0eNOMjlYLVaiYx0A9C3dy/+/fD9XH7NjfywZh0D+/flszlzWbp8ZZvz7CrYzbvvT6PJ46Frl05ccO7Z1NfV8dbUDyguKcUdEcFlF1/Aho2bqKquZsfOAjIz0khMSKCxsZEunfJ47c13SUiIC5W8vPryS7BYLMz4dBbl5RU89dxkQELVVIYPGUxWRgY7dxUw9cOPaahvID09lYvOP4eI8HDefX8aiklh8+at+Hw+Ljr/HLp36yqeoN+IY7U/T33/I3r36s4N11wV+uzC884GoK6ujg+nz2Tb9nycTidXX34JCfFxvPrmOyQmxIf64RWXXEhuTgc2bd7KjE9nsW9fFT16dOWyiy7ApCihUrLbtueTmZnBFZdciCRJ/LB6LT26dUWWZCRJQgJ27tqNIivs3FXAD2vW0dDYyJatW1E1DavVSnpqSoulf/AztmHjJqZNn4mqqvTv14czTh1/BBMVhEvq2DHlW6qV7heL9DATp2Y4qfHrzNjVSFGTioHR7k/av09vUlKSuPzq67n/4X+xfuMmYqJjWPnDar5YsBCAhd8uZvOWbRQWF/PO1A+54NyzGDV8GEhSS41hia6dO9EhO4u5X3zJW1Pf54Jzz2TcCaN55oWX2FdVzeat2/h01ucMHtif+vp6brr9Trp27kT3rl14/KlnqampafcNprXrISU5ibTUFLZvz+ebRYt5a+oHofM8O/lliktKeOnVN7BYzFx12cXExcSgqxqPPfksO3cWcN7ZE+mYm4PX52XL1u08O3kKSYkJ9O7Zg/UbNrJi1WoMw2DW53NZsnQF48eNxelw8Mhj/8XpcBAVGUmk202fXj3p06sHmzZvZdmK7/F4PNzzwD+JdEdw3jkTyd+xk/8+8zyqqrJw0Xd8vXARY8eMxu5w8OSzkwkGg+IJ+o04FvtzIBCgYPceBg0c0G6b9xYVE/AHOP/sM6mvr2fK62+iaRqzP5/Xph/++4mnCASCbNm6jbyOOZw18TSmz5zF9yt/wGq1UlhcjM1m44zTT+HLrxby8Sefoes6sz+fT319A5L8Y737JUuXs7OggOSkRKxWCx2ys+jVswd5ublMm/4JdfX1LPj6m4OesYLde3jq+RfJyszgovPPJSI8nJ/hSRSC8b+2JkyyRKxdwaY0d4Zkp4mzssNIcirMKmhkd2Pz4HQo/Y+ICOe5/z7GXXfcRmNTEzfffic7du7k3LMmMmfufPyBAPO+XMCpJ59IYkICmqbyxYKFxMfH0aljLt26dCaipRpe5055fLdkGRaLmbXrN7A9fyf+QICCgt3NFfwG9GPEsKGMO+F4kpMSOPXkEznv7IlIkkTFviqONNip6jrfLVmGtdV5fH4/u/cUEhsdzYaNm9i6LZ/jRg6nobGR1WvXccuN19KrR3cmnn4KWRkZBIJBRg4byhWXXkTnTnnIioLJZMIwDJxOJ+edcyYD+/flyssuprCoGFlR6NQxh8SEBIYPHczwoYPJzszAbDazecs2DODaKy+jd88e3HDNlaz6YQ3VNbXYrDYmnH4KQwcP5IJzzqS8ogKPxyueoN+IY7o/HyI+1q1LZ6658jIiI91kZ2ZQVlaOz+fH5WrbD4uKS9hXVcWZE07jhNHH4Y5wEx0Vxc6C3RiGQYfsLC4472yGDBzASeNOYPWadQSDKlar9SDXkclsQpZlcnM6EB8XS49uXRk2ZBCjRgzDHR6BrussWry0zTPmDwTYs7f5GVv2/UpKy8sZOXxomyC74FgWDAMiLDJnZDoZlmgnM8zMhEwnHSLMzNzdxKYaf2hK7U9htVoYPWoETz76CF06dWLhosWcfNJY6hsaePvd96mtqeO4EcPJSE/jsX89jM/n49Y77uLTWZ8jS1IbS0ANamRlZNAxJ4dOnTpy312T6NK5E2owGAoom0wm7DY7qqqit/y7vWCzJEltfLqFxcXsLSykW5dO+P3+g87To3tXbrnxWk47ZTwzPpvF9TffTmXVPpCkNuVn98ttWJjrEBMKpNDsFZOiICGhqkFUVWvTTl3XkSUJr8+H3WZDbtnH4bCj6TqqGgzdH+CozYgR/LH6s8ViIT09jaXLv2+3vWvXb+Cmv01i2vRPKC2vQFEUDAxkuW0/lKVmN+jbUz/g7gce5pvvFuP3+0NioCgKht58XrPJ1GJRGEc0gWD/9QaDQQwMDMNAVdU2137vnXfQr09v7r17EoMHDuC1N9/hb3feI+rb/2FcUhI0BnV2NwQZl+rgso5h9IqxMn1XA8vLfQT0w4vFnHnzeXvqB9TW1bFjVwGlpWXkZGfjsNs5buRwnnp2MsOGDSIiIpzqmhrcERHce9cd9O/bh7UbNjQP6JJEeUUljU1NdO/WhaKSErKzMunTsweapmEyNz9A+x8ivSVAt1/1dF0/qFsbhoHf76emppbqmlq+X7Waf9z3MN26dqFv7150zuvY9jy6hoREcUkpE047hQfvuYuCPXuQZZnE+Hg+nf05Hq+Xrdu2U1xSgiRJbdxdhmGgtwTxAsEg+Tt24PF4mD13PtHRUUS63ZhMJuob6qmurml+sAyDoKrSMbcDpWVlLF+xEo/Hw2ez55GSlERkZCSq9qPIHOhiExx9jtX+fN7ZE1n1wxqef3EKJaVlVFVV896HHzP9k8/4YNp0sjIzuf2WG8nLzSEYDDb3w4Daph/GxsZgUky89e773HD1lVx28QU4nQ50XUeSJEpLyyguKaampoZvv1tCl86dMJstoba17n+6rrfql1C5bx8NDQ3oevM2JpOJHt27HvSMabpGRUUll154HnfcciNbtm3H5/eLjscfIOgtAz7NYHm5D5sicWKak7mFHpaV+/BpxhGFoRLi45kxczYff/IpAKNGDGP0qOEAjBg6mBkzZzFuzGgASkrLePaFl7Farfh8Xv52y42YzWZGDh/Kf554irHHj+bKyy5mb2ERN952B2aTmeSkRO7OzsTpcCDLzW9LZrM59HYvSRIREeGYDnj7DgsLY+euAi656jpAIirSzaAB/bnkwvOQJInTTz2Zgj17Q+dJSU7itpuuZ/bn89m4eQuapnHayePJzszklhuv44mnnmX596swKQp/u/l6XC4XkvSj7jsdDnw+H0bLm9qsOfOYM+8L/D4/d9x6I4qiMGhgP2bPnc/Nt9/JA/fcSXh4GGazmbjYWG66/homv/wqJpMJs9nM7bfeiM1qxeH4sYyooii43W4xs+Q35Fjtz927duHRRx7ildffYu6XX2ExN/fZ6666HKvNyjvvfci9D/0fiqwQHR2NhIQsH9gPbyIhPo7+/Xrz9PMvkhAfh8VsweGwYzabiXS7efLZyZSXV5CelsqZp5+Kpmm43RHIsozVasHlciJJEi6XM1SpcNSIYbz+1lQ2btrCzTdc2xKX0Dn9lPHs2Fnw4zOWksQN11zFu+9Po7yiAp/fz8Xnn0OYyyU63rFconVHXZAJ80vYXhvAJEsYgF2RiLYp1Ph1POrBb7GqbpDrtjBjbBIdIswHtbW6ugazpbnT7WfKa29RsGc3/3ro/tAg19TURE1tHVFRkTha3DzNi5FqcDld2O02APZVVaNpKjHRMSiKjM/nBwxsNhuqquIPBHA6HBiGQZPHg91ubzMdNRAI4vV5m01sCew2G9Z2FhIdeB5d19nX4j+Oi4sNbefz+VveKMNxOBzNb0VGc3sA/P4AhtG8gOySK69j0m03k5WZgcvpDF0TQENDA4FgkEh3JIGAPzSba/+9aWxqIjIyMvQwejxezOZmEdF1HY/Xi9PhEKLRirLyCmbOmc+EU0484oV7FZX7mDFrLqePH0tCfNwx359bt62mtg5FlkMDOTS/4WuaTnxcLH6/H1XTuPSq69vth6qqUlZeQXh4GE6HA03TkOXmvh8MBmlq8hAbG4PU4l5r8nhw2O1omoaqqtjtdrxeL4piwmIxYxgG+6qqcdhtOByO5vbb7KEpuz9eezSKoqCqGpX79mGxmImOikKUaD3GLQxFgjCzjGFAUG+2JBp0g7qAjiQd7C8zWv4XZpZQ2hmnTCZTm8G1eQD1U7B7D2dNOK3N4OZ0OnE6nW3boyjExrR90GOi23ak1qu0TSZT6GZLkoTrgOM1+33NWCyHr9V84HlkWT7oWvafPykx4cd/HyA+VmuzFeD1+cjKzCAiPJzYmINXfYeFhbU6pq3Nd+3dG4fD3qZt7V3rX96/K8vIskzlvqo2rp7DpQbZv98foT+33ra9ftX6fDabDd9P9EOTyURKclKb9raOl7S+ntbtkWU5tH6pdUxPkqQ25ziw/Qdeu8mkkJgQLzruH8XCqPFrvLal/hckH3RxRacIIq3yES1A8vsDv2k6jmOVQCCAyWT6WYuoBL+cxiZPc/LBomL0I0w+KMsKaSlJDB00AJfT8afsz6IfCgvjqBBhUbiyUzgTs10/L725RSHcIh/x9NW/oljsf0sT/H447HaGDepPk8dzxJMCZFnG6XC0M/vtz9OfRT9EBL2PVh4pt1XBLbLOCvgzuKQknE4HTqfIOisQ02oFAoFAIARDIBAIBAIhGAKBQCAQgiEQCAQCIRgCgUAgEIIhEAgEAiEYAoFAIECsw+Bo1r8IaAY+zcAwOMIFS815psyKJGpiCQQCwV9FMGp8Gs9trOW9/AYajjAlSLhZ4fycMG7q6ibSJgwjgUAg+EsIRl1A5/M9HnY3NBfmOZLq3tU+jfmFTVyUGyYEQyAQCP4qguFVYW9ts2WhSD8tFbomoxgSqqTTENTRDPGjCQQCAX+VoLdhgHqYKnoG4DBJdHDasDSEYWhyG9eV3x+gqLScuobGg/bVNJ2S8gqqa+v+cj9oxb5qSsorD5n8LhAI8t33a9ixu/Cg77bsKGDpD+t+rLomEAgEx8IsKekwgmKSYFC8jXM6hGOzgnHADvl7Crn3vy/y2Itv4vH62nz35eIV3P7I00z9dO6f6sfSNJ35i5axt6Ss3e/3Vdfy0DNTuPux51m3ZXu72zR6PLw09WMWfb/6oO/mfbOEKe9NxydqGwsEgj/CtNr9Hqcct4VxqS5mbvFTrTQhK/pBBd+DwSDbCva2GfzqG5uY+81ifD4/waAa+lzVNPytBkK9VYEbfyB4ULGboKriDwQPal9zRTuj3Tf31m/1+9/SNU1Da/lc03UCwYOPGQgG27zVt/470KoN5fv28dbHs9hesKddC+L7dRsp31dFk8fDklXrDm57IBCqata6+I6qagSCQWRZCpV73d8GXddRVbXNMQ68/kAw2Gab/e0WlopAgIhhHG10o3narNSiGBlhJk5OdbJwp8ampkYUm4qmG+3WElAUmXnfLGFwnx6Eu5x8veR7issqMZubC7YEgkG+WLScJavW0ujxMqBXV847ZSzL12xk0feriY1ys2HbDtKSErhownjCnA4++/JbVm3YghpUGTW4H6eOGUH5vmo+nDWfnXuKSEqIxR0WRteO2XTJzebjzxewOX8X7vAwJow7jrzsDJ598wOcdjuFJWWEhzkZ3KcnC5asoL6hkVGD+3HK6OE0ebzM/GIhazZtw261Mn70MAb07MobH32KpunU1jdSVrmPYf17M7RfT6a8/wmGYfDp/G8pKq3gognjQ+UzVVVj8cq1ZKQkkRgXww8bNlNZVUNsdCRen4+P537FqvWbCXc5UVUtJBjLVm/gswXfoAY1fH4/FrMJvz/Ay+9OJyEuml17i8lOT2XkwD5M/3wBO/YWkRgbw9knn0BGSiKzv1rEdyvXIgEjBvZh1KC+zPziG37YsAWL2cy4EYMZPqC3eNIEAiEYB1Pf0Eh9fQOaoYMBiiyTlBjfbrUtAzDLEuEWmVq/TkA3SHWZOLtDGHsrFObsqUe2q+27r5pLZNO/RxfWbtrON8t/YNTAPsz7dind8jpQsa8KQzfw+fxs2LaDvOwM6hoamTl/IbmZ6dTVN7Dsh3X069GV7nk5fL5wMXHRkYwdPpitO/fQp1snCgpLeP+zeeRmprN41VpWrtvEBWecyMKlq1izaRt9u3fijWmfsWbTViaeNJqN23Yy+Z2PuOfGK9i2czdBVWPEwD4sXbWOtZu3M6x/bwLBIB98Np+enTuycOlK5ixczJknHU9peSUvT51ObKSbPUVlbN+9l7HDB9Hk9TJtzpekJyUQHxPF1h0FZKYlkZOR1maG2faCPezYU8gFp59EdloyK9Zs5Pt1Gxl/3DDmL1rOJ/MXMmboQCxmM9t27kFRZEor9vHiux+RGBvNoN7dWLDke5AkdF1ne8EeVqzbSE5GGhEuJ5Pf+Yh91TWcPHoYS1at4+X3pnPuKWN579N59OrSkbzsDEyKiZXrNzN97lccN7gf8THR6MbBlpCu65SUlqPpzaV4BQLB0fPQKJJMeHgY4WGuY9clZRgGewqL2b23EFVTj2hxnQGEW2TOyHQyLNFOZpiZs7OdmFUTM3Y1gi3wkwOKqmn07NKRfj06M//bpUz9dC6NTV5OP2EEFrMZTdcID3Nx0yXn0Ld7Z+JjogGJssp9yIqMzWblrPHHc/nZpxHljqCkfB9xMVHcfNl5dM7JIiYqAlXTKCorx2oxYbVaCHe5kGWZ7LRkMlKS2LAtH6fTwb7qWlRVpbq2nr0lZSiKQuecLC6ZeDJdOmZjNpm45vwJjBzYF1XV2F1YwupNW3HYbNTU1uHzB2hs8rB9915MJoW0pHguP/s0Thw5BE3T8AeD9O/RBcMwGNS7O0P69mjjVlr6Q7MLyumwIUkSTrudZavX4/MHWLdlO7GRbq4853TOOXkMVqsFRVLYuG0HTV4vp50wkgknjqZjVjqa+qMbKTczjQduvZqOHTLYtacIh91GZVUNhmFQXFZOXUMDZpOZ4vJ9yLLCwN7dsFutSEjsLW62rPp17yKeYoGA3y82rGoqu/cWsqew+LB15f9nFkZZRSWNTR7ycjpgsZiP+OKqfTrba4KclunEo+qYDBNPrGrAa/Zjkg8/28qkKJx2wkjuffwF5i9axvFDBtCpQxaqqqEoCsXlFTz/1of4/QHiY6Kb/fT7LRRJwjAMVE1DkWUUk8LWHQW8OHU6NqsZl8MR8vcP7N2dL79bwQefzSc5MY5zTxmL2WRG1XTiw8JIjIshJSGOof16kZoYH4pbAJhNpuZz6QaKJCHLzec1dIMwp4PkhDjSkhPp1aUjuVnpLFm1LiQGiqwgSzK6bhBsGcwP7AS19Y2s3rgVs8nER3MWAKDpGnuKS9m2aze6rmMxmzGZTfj8/tDNDwSbhd3eTslPwzBwh4dhNpnAAAODyIgI4mOjSYyLwWIx079HV8KcTuZ+s5h3Zsxh1frN3HPTFdxy+fl8sWgpL0+dwZb8Am685Jw2FqYsy6QkJ4qnWyDgt6qjHiR/127KKipJjI87tiwMXdepqqohNTnxiMViv2DoGHxX6mN+oYcws8Ir6z2UBX2YFOOwYrE/IJuenMjQfr2Ii47ilOOHI0symm6gyDKrN2xl647dHD90IN3yOhAMqhhG84DYOnCs6wayJPH9uk0Ul5Vz2piRZKelEAyqyLJEQWEJPr+fhLgY4qOj2F1Ygsmk0CE9lcrqahx2G64WS8NmtaBrWmhg13UdXdeb15UYBqqm47Db6Noxm301tSiKQpQ7nH01tdis1ubtQ/s2t9MwDMyKgqYbrNm0lW07d4favnL9RkoqKhl/3FDuv/kq7r/5Kq489wx8/gAr120mNTGe8n3VzPnqOz798luaPF50Qyc9JQFJkvh66Uq+WvI9m/MLkFrmLu8/L0BSfCzxMdFUVtc0i4jZTF19I9W1dVTV1HLmSWPIzUqjvKqKnXsK8QcCnHfqiSTERlG+ryp0LQKBgN+pjrqZ1OREqqpqjri+/O9mYei6jqppOOy2I/azGa1FQzL4qsjLqooA+7waZrNxSJEINdysEO5yYlKaL+HSs07hnFNOwB0eht8fwOW0YzGb6doxm8zUZD6Z/zWpifFkpCRhNpuwmM2EuZyhoLHLacdmtdA9L4flazfy9vTZpKckkpwQhyRJVNfWERsdhd1mZcuOAj5bsIjrLjyTK849nVfen8Eb0z5DVmS65+WgG+ByOkJv7jarlTCns/mHNJsJczqwWMxMPHE0NXUNvP/ZvBY3VwojBvTB6bBjDiot1okcameHzHQ6ZqWxbPUGDANystIxDIP1W3aQHB/HcYP7kxAbDUB8TDRfLf2ebbt2c+lZp7JzTxHT5nxBh/RUMlKTkCWJTh2yGDN0AItXraO4rIK0pHiqauuQJAmX0x5qv91m5erzJ/DGR5/y8tTpyLLM0H49qayuYdZXi/AHAphNZi48/SQaGj1Mm/Nl835WKxPGjcakiJrtAsHvjcNuQ9U0dF1vN4b8i1xexmGcXKqqsnHLdrp2ysVkMv3ibVqzrSbIyOmlVGl+TAotLg/QabXyu5WiGAZoOvSNszJ1dCKZ4WY0Xcfn82O1mA86pwF4vT5kWcZmteDx+mjyeHFHhGHoRrO7R2o222w2K4os42m1fWOTB5/fT2REBEFVRVVV7nr0OdzhLs4YO4qde4v4eM4Crr3wLI4b3A9N06hraESWZdzhYQBtjucPBFA1DafdTlBVCQSCWK0WTIqCYRjUNjRg6OAOb46PeH3+0ECtahp+fwCrxYLJpOD3B2j0enE5HFgtZgzDCJ3rQNdSIBgkEAjicjrwB4I0Nnlwh7vQNB0DA6vFgmEY1NQ1YLNasFkt+PwB7DYrXp8/1P79BIMq9Y1NmEwKES0BNa/fT0NjEy6HHYfdDkCT10uTx0dYK9EUCAS/Lz81Lv/cMft/Oq023iFzTraLD3eCahhtA+RGO3EKGVIjJc7IDCPSqrT49mWcDvshXV2trR2H3dau9WNudaNaf+9yOnA5Hc3nUSxgtXDB6eP49MtveeWDmbjsNs47dRzD+vVq2UYhyh1xkLrvx2qxYG11ztbnlSSJyPDwNvu2HmRNioKp1XVarRasrQZxSZIOeR8sZjMWs7mlDWaslohQe1vvH+UOP6jd7d4vs4noyLbXabdasVvbioLTbsdpt4snViBATKv91YRbFB4cHMF1PcNQ9SNLbW4zQZRVIdzyv1lrOKh3D/p274I/EMRsUrBaLKL3CAQCIRi/NbIEbquC2/rH8m0faB0IBAIBIjWIQCAQCARCMAQCgUAgBEMgEAgEQjAEAoFAIARDIBAIBEIwBAKBQCAEQyAQCASIdRgcxeJIBmVlFc0V2UTtA4FAIOBoFsAwmUwkJMS1qY/zh7UwdE2jpKy8TbpvgUAgEPx6NF2npKwc/Xcqh/y7LFs2mUykpyYftYyJAoFAIGjOFF5X38CfLjXI0UyxeyTn8np9NHo8qEEVVdNEKVDBXwbDAJ/P26YcwF/db2MymbDZbISHuXA6HG0ScP7RBYM/ey6p36xb6AYV+/ZRVV0DgM1mxWQyidCJQMBfu3CpqmrU1NRSWFSMbhikJiWRnJTwpxGOv4Rg6LpOdU0thcUlVFXXEAwGMZvNREdFkpqcRFSk+4itEo/Xy+49RSiKTFJiAuFhLuECEwgEbdA0jZraOnbvLaSwuJjuXToT1lLbRXAMC0YwGKRgz1627dhFU5MHRZabiyjpOjW1NRSXlpGbnUlmehpm80+XffX7/ewq2IvbHU5KkqgVLRAI2kdRFGKio4iJjmLHrgLWb95Cr25dcDgc4uYcAf8Phx/nKmllGToAAAAASUVORK5CYII=\">&nbsp;"}]}],"solutions":[{"lang":"eng","value":"VERSION             MINOR VERSION            SUGGESTED SOLUTION\nPAN-OS 11.2         11.2.0 through 11.2.4    Upgrade to 11.2.5 or later\nPAN-OS 11.1         11.1.0 through 11.1.7    Upgrade to 11.1.8 or later\n                    11.1.0 through 11.1.6    Upgrade to 11.1.6-h6 or 11.1.8 or later\n                    11.1.0 through 11.1.4    Upgrade to 11.1.4-h17 or 11.1.6-h6 or 11.1.8 or later \nPAN-OS 11.0 (EoL)                            Upgrade to a supported fixed version\nPAN-OS 10.2         10.2.13                  Upgrade to 10.2.13-h5 or 10.2.14 or later\n                    10.2.0 through 10.2.13   Upgrade to 10.2.14 or later\n                    10.2.0 through 10.2.10   Upgrade to 10.2.10-h17 or 10.2.13-h5 or 10.2.14 or later\nPAN-OS 10.1         10.1.0 through 10.1.14   Upgrade to 10.1.14-h11 or later\nAll other older                              Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\n\n\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>PAN-OS 11.2<br></td><td>11.2.0 through 11.2.4<br></td><td>Upgrade to 11.2.5 or later<br></td></tr><tr><td>PAN-OS 11.1</td><td>11.1.0 through 11.1.7<br></td><td>Upgrade to 11.1.8 or later<br></td></tr><tr><td>&nbsp;</td><td>11.1.0 through 11.1.6&nbsp;</td><td>Upgrade to 11.1.6-h6 or 11.1.8 or later<br></td></tr><tr><td>&nbsp;</td><td>11.1.0 through 11.1.4</td><td>Upgrade to 11.1.4-h17 or 11.1.6-h6 or 11.1.8 or later&nbsp;</td></tr><tr><td>PAN-OS 11.0 (EoL)</td><td>&nbsp;</td><td>Upgrade to a supported fixed version</td></tr><tr><td>PAN-OS 10.2</td><td>10.2.13</td><td>Upgrade to 10.2.13-h5 or 10.2.14 or later<br></td></tr><tr><td>&nbsp;</td><td>10.2.0 through 10.2.13<br></td><td>Upgrade to 10.2.14 or later<br></td></tr><tr><td>&nbsp;</td><td>10.2.0 through 10.2.10</td><td>Upgrade to 10.2.10-h17 or 10.2.13-h5 or 10.2.14 or later</td></tr><tr><td>PAN-OS 10.1<br></td><td>10.1.0 through 10.1.14</td><td>Upgrade to 10.1.14-h11 or later</td></tr><tr><td>All other older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr></tbody></table><br><p></p>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-03-31T21:10:00.000Z","lang":"en","value":"Updated fix availability of PAN-OS 11.1"},{"time":"2025-03-31T16:55:00.000Z","lang":"en","value":"Updated the ETA for 10.2.14 and the fixed 10.2.13 version listed in the solution section"},{"time":"2025-03-28T22:00:00.000Z","lang":"en","value":"Updated fix availability of PAN-OS 10.2"},{"time":"2025-03-17T16:45:00.000Z","lang":"en","value":"Updated the required configuration and workarounds sections "},{"time":"2025-03-13T21:30:00.000Z","lang":"en","value":"Updated the required configuration and workarounds sections "},{"time":"2025-03-12T21:00:00.000Z","lang":"en","value":"Updated the product status table to match the solution table"},{"time":"2025-03-12T16:00:00.000Z","lang":"en","value":"Initial Publication"},{"time":"2025-04-02T18:25:00.000Z","lang":"en","value":"Updated fix availability of PAN OS 11.1"},{"time":"2025-04-04T19:20:00.000Z","lang":"en","value":"Updated fix availability of PAN-OS 10.2"}],"credits":[{"lang":"en","value":"an external reporter","type":"finder"}],"source":{"defect":["PAN-271351"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.4-h9","PAN-OS 11.2.4-h8","PAN-OS 11.2.4-h7","PAN-OS 11.2.4-h6","PAN-OS 11.2.4-h5","PAN-OS 11.2.4-h4","PAN-OS 11.2.4-h3","PAN-OS 11.2.4-h2","PAN-OS 11.2.4-h1","PAN-OS 11.2.4","PAN-OS 11.2.3-h5","PAN-OS 11.2.3-h4","PAN-OS 11.2.3-h3","PAN-OS 11.2.3-h2","PAN-OS 11.2.3-h1","PAN-OS 11.2.3","PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.6-h4","PAN-OS 11.1.6-h3","PAN-OS 11.1.6-h2","PAN-OS 11.1.6-h1","PAN-OS 11.1.6","PAN-OS 11.1.5-h1","PAN-OS 11.1.5","PAN-OS 11.1.4-h15","PAN-OS 11.1.4-h13","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 10.2.13-h4","PAN-OS 10.2.13-h3","PAN-OS 10.2.13-h2","PAN-OS 10.2.13-h1","PAN-OS 10.2.13","PAN-OS 10.2.12-h6","PAN-OS 10.2.12-h5","PAN-OS 10.2.12-h4","PAN-OS 10.2.12-h3","PAN-OS 10.2.12-h2","PAN-OS 10.2.12-h1","PAN-OS 10.2.12","PAN-OS 10.2.11-h13","PAN-OS 10.2.11-h12","PAN-OS 10.2.11-h11","PAN-OS 10.2.11-h10","PAN-OS 10.2.11-h9","PAN-OS 10.2.11-h8","PAN-OS 10.2.11-h7","PAN-OS 10.2.11-h6","PAN-OS 10.2.11-h5","PAN-OS 10.2.11-h4","PAN-OS 10.2.11-h3","PAN-OS 10.2.11-h2","PAN-OS 10.2.11-h1","PAN-OS 10.2.11","PAN-OS 10.2.10-h14","PAN-OS 10.2.10-h13","PAN-OS 10.2.10-h12","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h21","PAN-OS 10.2.9-h20","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h21","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h24","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.14-h10","PAN-OS 10.1.14-h9","PAN-OS 10.1.14-h8","PAN-OS 10.1.14-h7","PAN-OS 10.1.14-h6","PAN-OS 10.1.14-h5","PAN-OS 10.1.14-h4","PAN-OS 10.1.14-h3","PAN-OS 10.1.14-h2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-0109","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface","datePublic":"2025-02-12T17:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-73","description":"CWE-73: External Control of File Name or Path","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-165","descriptions":[{"lang":"en","value":"CAPEC-165 File Manipulation"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h20:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h20:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"affected","version":"10.1.0","lessThan":"10.1.14-h9","changes":[{"at":"10.1.14-h9","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.7-h24","changes":[{"at":"10.2.7-h24","status":"unaffected"},{"at":"10.2.8-h21","status":"unaffected"},{"at":"10.2.9-h21","status":"unaffected"},{"at":"10.2.12-h6","status":"unaffected"},{"at":"10.2.13-h3","status":"unaffected"},{"at":"10.2.10-h14","status":"unaffected"},{"at":"10.2.11-h12","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.6-h1","changes":[{"at":"11.1.6-h1","status":"unaffected"},{"at":"11.1.2-h18","status":"unaffected"},{"at":"11.1.4-h13","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.2.0","lessThan":"11.2.4-h4","changes":[{"at":"11.2.4-h4","status":"unaffected"},{"at":"11.2.5","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files.\n\n\nThe attacker must have network access to the management web interface to exploit this issue. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431).\n\nThis issue does not affect Cloud NGFW or Prisma Access software.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files.<br></p><b></b><p>The attacker must have network access to the management web interface to exploit this issue. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">critical deployment guidelines</a>.</p><p>This issue does not affect Cloud NGFW or Prisma Access software.</p>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-0109","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"The risk is highest when you allow access to the management interface from external IP addresses on the internet. Our recommendation is to remediate as soon as possible."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"POC","baseSeverity":"MEDIUM","baseScore":6.9,"threatSeverity":"MEDIUM","threatScore":5.5,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/AU:N/R:U/V:C/RE:M/U:Amber"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"You can greatly reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface. This will ensure that attacks can succeed only if they obtain privileged access through those specified IP addresses. We recommend remediating this vulnerability in your next scheduled maintenance cycle."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"POC","baseSeverity":"LOW","baseScore":2.1,"threatSeverity":"LOW","threatScore":1.2,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/AU:N/R:U/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"The risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\n\n 1. Directly; or\n 2. Through a dataplane interface that includes a management interface profile.\n\nYou greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.\n\nUse the following steps to identify your recently detected devices in our internet scans.\n\n 1. To find any assets that require remediation action, visit the Assets section of the Customer Support Portal at https://support.paloaltonetworks.com (https://support.paloaltonetworks.com/) (Products → Assets → All Assets → Remediation Required).\n 2. Review the list of your devices that we discovered in our scans to have an internet-facing management interface and that we tagged with ‘PAN-SA-2024-0015’ and a last seen timestamp (in UTC). If you do not see any such devices listed, then our scan did not find any devices on your account to have an internet-facing management interface within the past three days.\n\nGlobalProtect portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you expose the device to attacks through the management web interface (typically accessible on port 4443).","supportingMedia":[{"type":"text/html","base64":false,"value":"<p><span>The risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:</span></p><ol><li><span>Directly; or</span></li><li><span>Through a dataplane interface that includes a management interface profile.</span></li></ol><p><span>You greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.</span></p><p><span>Use the following steps to identify your recently detected devices in our internet scans.</span></p><ol><li><span>To find any assets that require remediation action, visit the Assets section of the Customer Support Portal at </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/\"><span>https://support.paloaltonetworks.com</span></a>&nbsp;(Products → Assets → All Assets → Remediation Required).</li><li><span>Review the list of your devices that we discovered in our scans to have an internet-facing management interface and that we tagged with ‘PAN-SA-2024-0015’ and a last seen timestamp (in UTC). If you do not see any such devices listed, then our scan did not find any devices on your account to have an internet-facing management interface within the past three days.</span></li></ol><p><span>GlobalProtect portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you expose the device to attacks through the management web interface (typically accessible on port 4443).</span></p>"}]}],"workarounds":[{"lang":"en","value":"Recommended mitigation—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our critical deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n * Palo Alto Networks LIVEcommunity article:https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\n\n * Palo Alto Networks official and detailed technical documentation:https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\n\nhttps://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices","supportingMedia":[{"type":"text/html","base64":false,"value":"<p></p><p><b>Recommended mitigation</b>—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">critical deployment guidelines</a>. Specifically, you should restrict management interface access to only trusted internal IP addresses.</p><p>Review information about how to secure management access to your Palo Alto Networks firewalls:</p><ul><li><p>Palo Alto Networks LIVEcommunity article:<a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431</a></p></li><li>Palo Alto Networks official and detailed technical documentation:<a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\">https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices</a></li></ul><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"></a>"}]}],"solutions":[{"lang":"eng","value":"VERSION             MINOR VERSION            SUGGESTED SOLUTION\nPAN-OS 10.1         10.1.0 through 10.1.14   Upgrade to 10.1.14-h9 or later\nPAN-OS 10.2         10.2.0 through 10.2.13   Upgrade to 10.2.13-h3 or later\n                    10.2.7                   Upgrade to 10.2.7-h24 or 10.2.13-h3 or later\n                    10.2.8                   Upgrade to 10.2.8-h21 or 10.2.13-h3 or later\n                    10.2.9                   Upgrade to 10.2.9-h21 or 10.2.13-h3 or later\n                    10.2.10                  Upgrade to 10.2.10-h14 or 10.2.13-h3 or later\n                    10.2.11                  Upgrade to 10.2.11-h12 or 10.2.13-h3 or later\n                    10.2.12                  Upgrade to 10.2.12-h6 or 10.2.13-h3 or later\nPAN-OS 11.0 (EoL)                            Upgrade to a supported fixed version\nPAN-OS 11.1         11.1.0 through 11.1.6    Upgrade to 11.1.6-h1 or later\n                    11.1.2                   Upgrade to 11.1.2-h18 or 11.1.6-h1 or later\n                    11.1.4                   Upgrade to 11.1.4-h13 or 11.1.6-h1 or later\nPAN-OS 11.2         11.2.0 through 11.2.4    Upgrade to 11.2.5 or later\n                    11.2.4                   Upgrade to 11.2.4-h4 or 11.2.5 or later\nAll other older                              Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\n\n\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>PAN-OS 10.1<br></td><td>10.1.0 through 10.1.14<br></td><td>Upgrade to 10.1.14-h9 or later<br></td></tr><tr><td>PAN-OS 10.2<br></td><td>10.2.0 through 10.2.13<br></td><td>Upgrade to 10.2.13-h3 or later<br></td></tr><tr><td>&nbsp;</td><td>10.2.7</td><td>Upgrade to 10.2.7-h24 or 10.2.13-h3 or later</td></tr><tr><td>&nbsp;</td><td>10.2.8</td><td>Upgrade to 10.2.8-h21 or 10.2.13-h3 or later</td></tr><tr><td>&nbsp;</td><td>10.2.9</td><td>Upgrade to 10.2.9-h21 or 10.2.13-h3 or later</td></tr><tr><td>&nbsp;</td><td>10.2.10</td><td>Upgrade to 10.2.10-h14 or 10.2.13-h3 or later</td></tr><tr><td>&nbsp;</td><td>10.2.11</td><td>Upgrade to 10.2.11-h12 or 10.2.13-h3 or later </td></tr><tr><td>&nbsp;</td><td>10.2.12</td><td>Upgrade to 10.2.12-h6 or 10.2.13-h3 or later<br></td></tr><tr><td>PAN-OS 11.0 (EoL)</td><td>&nbsp;</td><td>Upgrade to a supported fixed version</td></tr><tr><td>PAN-OS 11.1<br></td><td>11.1.0 through 11.1.6<br></td><td>Upgrade to 11.1.6-h1 or later<br></td></tr><tr><td>&nbsp;</td><td>11.1.2</td><td>Upgrade to 11.1.2-h18 or 11.1.6-h1 or later<br></td></tr><tr><td>&nbsp;</td><td>11.1.4</td><td>Upgrade to 11.1.4-h13 or 11.1.6-h1 or later</td></tr><tr><td>PAN-OS 11.2<br></td><td>11.2.0 through 11.2.4<br></td><td>Upgrade to 11.2.5 or later</td></tr><tr><td>&nbsp;</td><td>11.2.4</td><td>Upgrade to 11.2.4-h4 or&nbsp;11.2.5 or&nbsp;later</td></tr><tr><td>All other older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.<br></td></tr></tbody></table><p><br></p>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-02-24T22:30:00.000Z","lang":"en","value":"Clarified recommended remediations and added a FAQ"},{"time":"2025-02-21T17:10:00.000Z","lang":"en","value":"Updated fix availability for PAN-OS 11.1 and 11.2"},{"time":"2025-02-19T23:15:00.000Z","lang":"en","value":"Updated fix availability for PAN-OS 10.2 and 11.1"},{"time":"2025-02-18T23:00:00.000Z","lang":"en","value":"Updated the solutions table"},{"time":"2025-02-18T19:30:00.000Z","lang":"en","value":"Updated fix availability for PAN-OS 10.2"},{"time":"2025-02-12T17:00:00.000Z","lang":"en","value":"Initial Publication"},{"time":"2025-03-06T23:00:00.000Z","lang":"en","value":"Updated to explicitly state that end-of-life (EoL) versions are presumed to be affected"}],"credits":[{"lang":"en","value":"Maxime Escourbiac of Michelin CERT","type":"finder"},{"lang":"en","value":"Yassine Bengana from Abicom for Michelin CERT","type":"finder"},{"lang":"en","value":"Sonny of watchTowr (https://watchtowr.com/)","type":"finder"},{"lang":"en","value":"our Deep Product Security Research Team","type":"finder"}],"source":{"defect":["PAN-273278"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.4-h3","PAN-OS 11.2.4-h2","PAN-OS 11.2.4-h1","PAN-OS 11.2.4","PAN-OS 11.2.3-h5","PAN-OS 11.2.3-h4","PAN-OS 11.2.3-h3","PAN-OS 11.2.3-h2","PAN-OS 11.2.3-h1","PAN-OS 11.2.3","PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.6","PAN-OS 11.1.5-h1","PAN-OS 11.1.5","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 10.2.13-h2","PAN-OS 10.2.13-h1","PAN-OS 10.2.13","PAN-OS 10.2.12-h5","PAN-OS 10.2.12-h4","PAN-OS 10.2.12-h3","PAN-OS 10.2.12-h2","PAN-OS 10.2.12-h1","PAN-OS 10.2.12","PAN-OS 10.2.11-h11","PAN-OS 10.2.11-h10","PAN-OS 10.2.11-h9","PAN-OS 10.2.11-h8","PAN-OS 10.2.11-h7","PAN-OS 10.2.11-h6","PAN-OS 10.2.11-h5","PAN-OS 10.2.11-h4","PAN-OS 10.2.11-h3","PAN-OS 10.2.11-h2","PAN-OS 10.2.11-h1","PAN-OS 10.2.11","PAN-OS 10.2.10-h13","PAN-OS 10.2.10-h12","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h20","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.14-h8","PAN-OS 10.1.14-h7","PAN-OS 10.1.14-h6","PAN-OS 10.1.14-h5","PAN-OS 10.1.14-h4","PAN-OS 10.1.14-h3","PAN-OS 10.1.14-h2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-0108","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Authentication Bypass in the Management Web Interface","datePublic":"2025-02-12T17:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-306","description":"CWE-306 Missing Authentication for Critical Function","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-115","descriptions":[{"lang":"en","value":"CAPEC-115 Authentication Bypass"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h20:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h20:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"affected","version":"10.1.0","lessThan":"10.1.14-h9","changes":[{"at":"10.1.14-h9","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.7-h24","changes":[{"at":"10.2.7-h24","status":"unaffected"},{"at":"10.2.8-h21","status":"unaffected"},{"at":"10.2.9-h21","status":"unaffected"},{"at":"10.2.12-h6","status":"unaffected"},{"at":"10.2.13-h3","status":"unaffected"},{"at":"10.2.10-h14","status":"unaffected"},{"at":"10.2.11-h12","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.6-h1","changes":[{"at":"11.1.6-h1","status":"unaffected"},{"at":"11.1.2-h18","status":"unaffected"},{"at":"11.1.4-h13","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.2.0","lessThan":"11.2.4-h4","changes":[{"at":"11.2.4-h4","status":"unaffected"},{"at":"11.2.5","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"An authentication bypass in the in the management web interface of Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS.\n\nThe attacker must have network access to the management web interface to exploit this issue. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431).\n\nThis issue does not affect Cloud NGFW or Prisma Access software.","supportingMedia":[{"type":"text/html","base64":false,"value":"An authentication bypass in the <span>in the management web interface of</span><b><span>&nbsp;</span></b>Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS.<b><br><br></b><span>The attacker must have network access to the management web interface to exploit this issue.&nbsp;</span>You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">critical deployment guidelines</a>.<b><br><br></b>This issue does not affect Cloud NGFW or Prisma Access software."}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2025-0108","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"The risk is highest when you allow access to the management interface from external IP addresses on the internet. Our recommendation is to remediate as soon as possible."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"RED","exploitMaturity":"ATTACKED","baseSeverity":"HIGH","baseScore":8.8,"threatSeverity":"HIGH","threatScore":8.8,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:A/AU:N/R:U/V:C/RE:M/U:Red"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"You can greatly reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface. This will ensure that attacks can succeed only if they obtain privileged access through those specified IP addresses. We recommend remediating this vulnerability in your next scheduled maintenance cycle."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"POC","baseSeverity":"MEDIUM","baseScore":5.9,"threatSeverity":"MEDIUM","threatScore":5.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/AU:N/R:U/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"The risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\n\n 1. Directly; or\n 2. Through a dataplane interface that includes a management interface profile.\n\nYou greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.\n\nUse the following steps to identify your recently detected devices in our internet scans.\n\n 1. To find any assets that require remediation action, visit the Assets section of the Customer Support Portal at https://support.paloaltonetworks.com (https://support.paloaltonetworks.com/) (Products → Assets → All Assets → Remediation Required).\n 2. Review the list of your devices that we discovered in our scans to have an internet-facing management interface and that we tagged with ‘PAN-SA-2024-0015’ and a last seen timestamp (in UTC). If you do not see any such devices listed, then our scan did not find any devices on your account to have an internet-facing management interface within the past three days.\n\nGlobalProtect portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you expose the device to attacks through the management web interface (typically accessible on port 4443).","supportingMedia":[{"type":"text/html","base64":false,"value":"<p><span>The risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:</span></p><ol><li><span>Directly; or</span></li><li><span>Through a dataplane interface that includes a management interface profile.</span></li></ol><p><span>You greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.</span></p><p><span>Use the following steps to identify your recently detected devices in our internet scans.</span></p><ol><li><span>To find any assets that require remediation action, visit the Assets section of the Customer Support Portal at&nbsp;</span><a target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/\"><span>https://support.paloaltonetworks.com</span></a>&nbsp;(Products → Assets → All Assets → Remediation Required).</li><li><span>Review the list of your devices that we discovered in our scans to have an internet-facing management interface and that we tagged with ‘PAN-SA-2024-0015’ and a last seen timestamp (in UTC). If you do not see any such devices listed, then our scan did not find any devices on your account to have an internet-facing management interface within the past three days.</span></li></ol><p><span>GlobalProtect portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you expose the device to attacks through the management web interface (typically accessible on port 4443).</span></p>"}]}],"workarounds":[{"lang":"en","value":"Recommended mitigation—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our critical deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n * Palo Alto Networks LIVEcommunity article:https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\n * Palo Alto Networks official and detailed technical documentation:https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\n\nAdditionally, customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510000 and 510001 (introduced in Applications and Threats content version 8943).","supportingMedia":[{"type":"text/html","base64":false,"value":"<p><b>Recommended mitigation</b>—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">critical deployment guidelines</a>. Specifically, you should restrict management interface access to only trusted internal IP addresses.</p><p>Review information about how to secure management access to your Palo Alto Networks firewalls:</p><ul><li>Palo Alto Networks LIVEcommunity article:<a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431</a></li><li>Palo Alto Networks official and detailed technical documentation:<a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\">https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices</a></li></ul>Additionally, customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510000 and 510001 (introduced in Applications and Threats content version 8943)."}]}],"solutions":[{"lang":"en","value":"VERSION             MINOR VERSION            SUGGESTED SOLUTION\nPAN-OS 10.1         10.1.0 through 10.1.14   Upgrade to 10.1.14-h9 or later\nPAN-OS 10.2         10.2.0 through 10.2.13   Upgrade to 10.2.13-h3 or later\n                    10.2.7                   Upgrade to 10.2.7-h24 or 10.2.13-h3 or later\n                    10.2.8                   Upgrade to 10.2.8-h21 or 10.2.13-h3 or later\n                    10.2.9                   Upgrade to 10.2.9-h21 or 10.2.13-h3 or later\n                    10.2.10                  Upgrade to 10.2.10-h14 or 10.2.13-h3 or later\n                    10.2.11                  Upgrade to 10.2.11-h12 or 10.2.13-h3 or later \n                    10.2.12                  Upgrade to 10.2.12-h6 or 10.2.13-h3 or later\nPAN-OS 11.0 (EoL)                            Upgrade to a supported fixed version\nPAN-OS 11.1         11.1.0 through 11.1.6    Upgrade to 11.1.6-h1 or later\n                    11.1.2                   Upgrade to 11.1.2-h18 or 11.1.6-h1 or later\n                    11.1.4                   Upgrade to 11.1.4-h13 or 11.1.6-h1 or later\nPAN-OS 11.2         11.2.0 through 11.2.4    Upgrade to 11.2.5 or later\n                    11.2.4                   Upgrade to 11.2.4-h4 or 11.2.5 or later\nAll other older                              Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\n\n\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>PAN-OS 10.1<br></td><td>10.1.0 through 10.1.14<br></td><td>Upgrade to 10.1.14-h9 or later<br></td></tr><tr><td>PAN-OS 10.2<br></td><td>10.2.0 through 10.2.13<br></td><td>Upgrade to 10.2.13-h3 or later<br></td></tr><tr><td>&nbsp;</td><td>10.2.7</td><td>Upgrade to 10.2.7-h24 or 10.2.13-h3 or later</td></tr><tr><td>&nbsp;</td><td>10.2.8</td><td>Upgrade to 10.2.8-h21 or 10.2.13-h3 or later</td></tr><tr><td>&nbsp;</td><td>10.2.9</td><td>Upgrade to 10.2.9-h21 or 10.2.13-h3 or later</td></tr><tr><td>&nbsp;</td><td>10.2.10</td><td>Upgrade to 10.2.10-h14 or 10.2.13-h3 or later</td></tr><tr><td>&nbsp;</td><td>10.2.11</td><td>Upgrade to 10.2.11-h12 or 10.2.13-h3 or later&nbsp;</td></tr><tr><td>&nbsp;</td><td>10.2.12</td><td>Upgrade to 10.2.12-h6 or 10.2.13-h3 or later<br></td></tr><tr><td>PAN-OS 11.0 (EoL)</td><td>&nbsp;</td><td>Upgrade to a supported fixed version</td></tr><tr><td>PAN-OS 11.1<br></td><td>11.1.0 through 11.1.6<br></td><td>Upgrade to 11.1.6-h1 or later<br></td></tr><tr><td>&nbsp;</td><td>11.1.2</td><td>Upgrade to 11.1.2-h18 or 11.1.6-h1 or later<br></td></tr><tr><td>&nbsp;</td><td>11.1.4</td><td>Upgrade to 11.1.4-h13 or 11.1.6-h1 or later<br></td></tr><tr><td>PAN-OS 11.2<br></td><td>11.2.0 through 11.2.4<br></td><td>Upgrade to 11.2.5 or later</td></tr><tr><td>&nbsp;</td><td>11.2.4</td><td>Upgrade to 11.2.4-h4 or 11.2.5 or later<br></td></tr><tr><td>All other older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr></tbody></table><p><br></p>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p><span>Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces.</span></p>"}]}],"timeline":[{"time":"2025-02-18T23:00:00.000Z","lang":"en","value":"Updated the exploit status and solutions table"},{"time":"2025-02-18T19:30:00.000Z","lang":"en","value":"Updated fix availability for PAN-OS 10.2"},{"time":"2025-02-18T07:06:00.000Z","lang":"en","value":"Updated exploit status"},{"time":"2025-02-12T23:45:00.000Z","lang":"en","value":"Added Threat Prevention Threat ID to Workarounds and Mitigations"},{"time":"2025-02-12T17:00:00.000Z","lang":"en","value":"Initial Publication"},{"time":"2025-02-19T23:15:00.000Z","lang":"en","value":"Updated fix availability for PAN-OS 10.2 and 11.1"},{"time":"2025-02-21T17:10:00.000Z","lang":"en","value":"Updated fix availability for PAN-OS 11.1 and 11.2"},{"time":"2025-02-21T23:00:00.000Z","lang":"en","value":"Clarified recommended remediations and added a FAQ"},{"time":"2025-03-06T23:00:00.000Z","lang":"en","value":"Updated to explicitly state that end-of-life (EoL) versions are presumed to be affected"}],"credits":[{"lang":"en","value":"Adam Kues - Assetnote Security Research Team","type":"finder"},{"lang":"en","value":"our Deep Product Security Research Team","type":"finder"}],"source":{"defect":["PAN-273971"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.4-h3","PAN-OS 11.2.4-h2","PAN-OS 11.2.4-h1","PAN-OS 11.2.4","PAN-OS 11.2.3-h5","PAN-OS 11.2.3-h4","PAN-OS 11.2.3-h3","PAN-OS 11.2.3-h2","PAN-OS 11.2.3-h1","PAN-OS 11.2.3","PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.6","PAN-OS 11.1.5-h1","PAN-OS 11.1.5","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 10.2.13-h2","PAN-OS 10.2.13-h1","PAN-OS 10.2.13","PAN-OS 10.2.12-h5","PAN-OS 10.2.12-h4","PAN-OS 10.2.12-h3","PAN-OS 10.2.12-h2","PAN-OS 10.2.12-h1","PAN-OS 10.2.12","PAN-OS 10.2.11-h11","PAN-OS 10.2.11-h10","PAN-OS 10.2.11-h9","PAN-OS 10.2.11-h8","PAN-OS 10.2.11-h7","PAN-OS 10.2.11-h6","PAN-OS 10.2.11-h5","PAN-OS 10.2.11-h4","PAN-OS 10.2.11-h3","PAN-OS 10.2.11-h2","PAN-OS 10.2.11-h1","PAN-OS 10.2.11","PAN-OS 10.2.10-h13","PAN-OS 10.2.10-h12","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h20","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.14-h8","PAN-OS 10.1.14-h7","PAN-OS 10.1.14-h6","PAN-OS 10.1.14-h5","PAN-OS 10.1.14-h4","PAN-OS 10.1.14-h3","PAN-OS 10.1.14-h2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2025-0111","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface","datePublic":"2025-02-12T17:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-73","description":"CWE-73: External Control of File Name or Path","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-165","descriptions":[{"lang":"en","value":"CAPEC-165 File Manipulation"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h20:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h20:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"affected","version":"10.1.0","lessThan":"10.1.14-h9","changes":[{"at":"10.1.14-h9","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.7-h24","changes":[{"at":"10.2.7-h24","status":"unaffected"},{"at":"10.2.8-h21","status":"unaffected"},{"at":"10.2.9-h21","status":"unaffected"},{"at":"10.2.12-h6","status":"unaffected"},{"at":"10.2.13-h3","status":"unaffected"},{"at":"10.2.10-h14","status":"unaffected"},{"at":"10.2.11-h12","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.6-h1","changes":[{"at":"11.1.6-h1","status":"unaffected"},{"at":"11.1.2-h18","status":"unaffected"},{"at":"11.1.4-h13","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.2.0","lessThan":"11.2.4-h4","changes":[{"at":"11.2.4-h4","status":"unaffected"},{"at":"11.2.5","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"An authenticated file read vulnerability in the management web interface of the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.\n\nThe attacker must have network access to the management web interface to exploit this issue. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431).\n\n\n\nThis issue does not affect Cloud NGFW or Prisma Access software.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>An authenticated file read vulnerability in the management web interface of the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.</p><p>The attacker must have network access to the management web interface to exploit this issue. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">critical deployment guidelines</a>.</p><b><p></p></b><p>This issue does not affect Cloud NGFW or Prisma Access software.</p><b></b>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2025-0111","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"The risk is highest when you allow access to the management interface from external IP addresses on the internet. Our recommendation is to remediate as soon as possible."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"RED","exploitMaturity":"ATTACKED","baseSeverity":"HIGH","baseScore":7.1,"threatSeverity":"HIGH","threatScore":7.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/AU:N/R:U/V:C/RE:M/U:Red"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"You can greatly reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface. This will ensure that attacks can succeed only if they obtain privileged access through those specified IP addresses. We recommend remediating this vulnerability in your next scheduled maintenance cycle."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"MEDIUM","baseScore":5.9,"threatSeverity":"LOW","threatScore":2,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"The risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\n\n 1. Directly; or\n 2. Through a dataplane interface that includes a management interface profile.\n\nYou greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.\n\nUse the following steps to identify your recently detected devices in our internet scans.\n\n 1. To find any assets that require remediation action, visit the Assets section of the Customer Support Portal at https://support.paloaltonetworks.com (https://support.paloaltonetworks.com/) (Products → Assets → All Assets → Remediation Required).\n 2. Review the list of your devices that we discovered in our scans to have an internet-facing management interface and that we tagged with ‘PAN-SA-2024-0015’ and a last seen timestamp (in UTC). If you do not see any such devices listed, then our scan did not find any devices on your account to have an internet-facing management interface within the past three days.\n\nGlobalProtect portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you expose the device to attacks through the management web interface (typically accessible on port 4443).","supportingMedia":[{"type":"text/html","base64":false,"value":"<p><span>The risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:</span></p><ol><li><span>Directly; or</span></li><li><span>Through a dataplane interface that includes a management interface profile.</span></li></ol><p><span>You greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.</span></p><p><span>Use the following steps to identify your recently detected devices in our internet scans.</span></p><ol><li><span>To find any assets that require remediation action, visit the Assets section of the Customer Support Portal at </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/\"><span>https://support.paloaltonetworks.com</span></a>&nbsp;(Products → Assets → All Assets → Remediation Required).</li><li><span>Review the list of your devices that we discovered in our scans to have an internet-facing management interface and that we tagged with ‘PAN-SA-2024-0015’ and a last seen timestamp (in UTC). If you do not see any such devices listed, then our scan did not find any devices on your account to have an internet-facing management interface within the past three days.</span></li></ol><p><span>GlobalProtect portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you expose the device to attacks through the management web interface (typically accessible on port 4443).</span></p>"}]}],"workarounds":[{"lang":"en","value":"Recommended mitigation—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our critical deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n * Palo Alto Networks LIVEcommunity article:https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\n * Palo Alto Networks official and detailed technical documentation:https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\n\nAdditionally, customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510000 and 510001 (introduced in Applications and Threats content version 8943).\nhttps://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices","supportingMedia":[{"type":"text/html","base64":false,"value":"<p></p><p><b>Recommended mitigation</b>—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">critical deployment guidelines</a>. Specifically, you should restrict management interface access to only trusted internal IP addresses.</p><p>Review information about how to secure management access to your Palo Alto Networks firewalls:</p><ul><li>Palo Alto Networks LIVEcommunity article:<a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431</a></li><li>Palo Alto Networks official and detailed technical documentation:<a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\">https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices</a></li></ul>Additionally, customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510000 and 510001 (introduced in Applications and Threats content version 8943).<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"></a>"}]}],"solutions":[{"lang":"eng","value":"VERSION             MINOR VERSION            SUGGESTED SOLUTION\nPAN-OS 10.1         10.1.0 through 10.1.14   Upgrade to 10.1.14-h9 or later\nPAN-OS 10.2         10.2.0 through 10.2.13   Upgrade to 10.2.13-h3 or later\n                    10.2.7                   Upgrade to 10.2.7-h24 or 10.2.13-h3 or later\n                    10.2.8                   Upgrade to 10.2.8-h21 or 10.2.13-h3 or later\n                    10.2.9                   Upgrade to 10.2.9-h21 or 10.2.13-h3 or later\n                    10.2.10                  Upgrade to 10.2.10-h14 or 10.2.13-h3 or later\n                    10.2.11                  Upgrade to 10.2.11-h12 or 10.2.13-h3 or later\n                    10.2.12                  Upgrade to 10.2.12-h6 or 10.2.13-h3 or later\nPAN-OS 11.0 (EoL)                            Upgrade to a supported fixed version\nPAN-OS 11.1         11.1.0 through 11.1.6    Upgrade to 11.1.6-h1 or later\n                    11.1.2                   Upgrade to 11.1.2-h18 or 11.1.6-h1 or later\n                    11.1.4                   Upgrade to 11.1.4-h13 or 11.1.6-h1 or later\nPAN-OS 11.2         11.2.0 through 11.2.4    Upgrade to 11.2.5 or later\n                    11.2.4                   Upgrade to 11.2.4-h4 or 11.2.5 or later\nAll other older                              Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\n\n\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>PAN-OS 10.1<br></td><td>10.1.0 through 10.1.14<br></td><td>Upgrade to 10.1.14-h9 or later<br></td></tr><tr><td>PAN-OS 10.2<br></td><td>10.2.0 through 10.2.13<br></td><td>Upgrade to 10.2.13-h3 or later<br></td></tr><tr><td>&nbsp;</td><td>10.2.7</td><td>Upgrade to 10.2.7-h24 or 10.2.13-h3 or later</td></tr><tr><td>&nbsp;</td><td>10.2.8</td><td>Upgrade to 10.2.8-h21 or 10.2.13-h3 or later</td></tr><tr><td>&nbsp;</td><td>10.2.9</td><td>Upgrade to 10.2.9-h21 or 10.2.13-h3 or later</td></tr><tr><td>&nbsp;</td><td>10.2.10</td><td>Upgrade to 10.2.10-h14 or 10.2.13-h3 or later</td></tr><tr><td>&nbsp;</td><td>10.2.11</td><td>Upgrade to 10.2.11-h12 or 10.2.13-h3 or later </td></tr><tr><td>&nbsp;</td><td>10.2.12</td><td>Upgrade to 10.2.12-h6 or 10.2.13-h3 or later<br></td></tr><tr><td>PAN-OS 11.0 (EoL)</td><td>&nbsp;</td><td>Upgrade to a supported fixed version</td></tr><tr><td>PAN-OS 11.1<br></td><td>11.1.0 through 11.1.6<br></td><td>Upgrade to 11.1.6-h1 or later<br></td></tr><tr><td>&nbsp;</td><td>11.1.2</td><td>Upgrade to 11.1.2-h18 or 11.1.6-h1 or later<br></td></tr><tr><td>&nbsp;</td><td>11.1.4</td><td>Upgrade to 11.1.4-h13 or 11.1.6-h1 or later<br></td></tr><tr><td>PAN-OS 11.2<br></td><td>11.2.0 through 11.2.4<br></td><td>Upgrade to 11.2.5 or later<br></td></tr><tr><td>&nbsp;</td><td>11.2.4</td><td>Upgrade to 11.2.4-h4 or 11.2.5 or later</td></tr><tr><td>All other older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr></tbody></table><p><br></p>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p><span>Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces.</span></p>"}]}],"timeline":[{"time":"2025-02-19T23:15:00.000Z","lang":"en","value":"Updated fix availability for PAN-OS 10.2 and 11.1."},{"time":"2025-02-18T23:00:00.000Z","lang":"en","value":"Updated exploit status and solution table."},{"time":"2025-02-18T19:30:00.000Z","lang":"en","value":"Updated fix availability for PAN-OS 10.2."},{"time":"2025-02-12T23:45:00.000Z","lang":"en","value":"Added Threat Prevention Threat ID to Workarounds and Mitigations."},{"time":"2025-02-12T17:00:00.000Z","lang":"en","value":"Initial Publication."},{"time":"2025-02-21T17:10:00.000Z","lang":"en","value":"Updated fix availability for PAN-OS 11.1 and 11.2."},{"time":"2025-02-24T22:30:00.000Z","lang":"en","value":"Clarified recommended remediations and added a FAQ."},{"time":"2025-02-26T19:15:00.000Z","lang":"en","value":"Added remediation guidance in the FAQ."},{"time":"2025-03-06T23:00:00.000Z","lang":"en","value":"Updated to explicitly state that end-of-life (EoL) versions are presumed to be affected"}],"credits":[{"lang":"en","value":"Émilio Gonzalez","type":"finder"},{"lang":"en","value":"Maxime Gaudreault","type":"finder"},{"lang":"en","value":"our Deep Product Security Research Team","type":"finder"}],"source":{"defect":["PAN-273994"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.4-h3","PAN-OS 11.2.4-h2","PAN-OS 11.2.4-h1","PAN-OS 11.2.4","PAN-OS 11.2.3-h5","PAN-OS 11.2.3-h4","PAN-OS 11.2.3-h3","PAN-OS 11.2.3-h2","PAN-OS 11.2.3-h1","PAN-OS 11.2.3","PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.6","PAN-OS 11.1.5-h1","PAN-OS 11.1.5","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 10.2.13-h2","PAN-OS 10.2.13-h1","PAN-OS 10.2.13","PAN-OS 10.2.12-h5","PAN-OS 10.2.12-h4","PAN-OS 10.2.12-h3","PAN-OS 10.2.12-h2","PAN-OS 10.2.12-h1","PAN-OS 10.2.12","PAN-OS 10.2.11-h11","PAN-OS 10.2.11-h10","PAN-OS 10.2.11-h9","PAN-OS 10.2.11-h8","PAN-OS 10.2.11-h7","PAN-OS 10.2.11-h6","PAN-OS 10.2.11-h5","PAN-OS 10.2.11-h4","PAN-OS 10.2.11-h3","PAN-OS 10.2.11-h2","PAN-OS 10.2.11-h1","PAN-OS 10.2.11","PAN-OS 10.2.10-h13","PAN-OS 10.2.10-h12","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h20","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.14-h8","PAN-OS 10.1.14-h7","PAN-OS 10.1.14-h6","PAN-OS 10.1.14-h5","PAN-OS 10.1.14-h4","PAN-OS 10.1.14-h3","PAN-OS 10.1.14-h2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"PAN-SA-2025-0005","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"GlobalProtect Clientless VPN: Clientless VPN Misconfiguration Allows Cross-Site Attacks","datePublic":"2025-02-12T17:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","description":""}]}],"impacts":[{"descriptions":[{"lang":"en","value":""}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"affected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"status":"affected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"affected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Palo Alto Networks GlobalProtect Clientless VPN is intended to provide secure remote access to trusted internal applications. It is not meant to provide access to the Internet, intranet or multiple websites.\n\nWhen the Clientless VPN is misconfigured to allow access to the Internet or any internal website, it allows malicious scripts on one site to obtain sensitive information or modify content of any application accessible through the VPN including Clientless VPN itself.\n\nFor further details about the risks of Clientless VPNs please refer to https://www.kb.cert.org/vuls/id/261869\n\n","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks GlobalProtect Clientless VPN is intended to provide secure remote access to trusted internal applications. It is not meant to provide access to the Internet, intranet or multiple websites.<br><br>When the Clientless VPN is misconfigured to allow access to the Internet or any internal website, it allows malicious scripts on one site to obtain sensitive information or modify content of any application accessible through the VPN including Clientless VPN itself.<br><br>For further details about the risks of Clientless VPNs please refer to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.kb.cert.org/vuls/id/261869\">https://www.kb.cert.org/vuls/id/261869</a>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/PAN-SA-2025-0005","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"PHYSICAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","exploitMaturity":"NOT_DEFINED","baseSeverity":"NONE","baseScore":0,"threatSeverity":"NONE","threatScore":0,"vectorString":"CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"}}],"configurations":[{"lang":"en","value":"All of the following must be true to be impacted by this:\n\n 1. You have a valid GlobalProtect Subscription license.\n 2. Clientless VPN is enabled in the GlobalProtect Portal configuration.\n    1. Browse to [ Network > GlobalProtect > Portals > Click on Portal config to open.\n       \n    2. Select [ Clientless VPN tab > General ] If the Clientless VPN checkbox is checked, then the feature is enabled. Take note of the “Security Zones” configured for the next step.\n       \n       \n 3. Security Policies allow Clientless VPN access to more than one internal or external Application.\n    1. From the previous step, use the “Security Zones” configured to verify existing Security Policies for Clientless VPN. In our example, it is named “Clientless-VPN”.\n    2. Go to [Policies > Security ]. In the search bar, type the found “Security Zones” name (Clientless-VPN in our example), to verify existing Security Policies for Clientless VPN that allow access to more than one trusted site.\n       \n       \n       ","supportingMedia":[{"type":"text/html","base64":false,"value":"All of the following must be true to be impacted by this:<br><ol><li>You have a valid GlobalProtect Subscription license.</li><li>Clientless VPN is enabled in the GlobalProtect Portal configuration.<ol><li>Browse to [ Network &gt; GlobalProtect &gt; Portals &gt; Click on Portal config to open.<br><b><img alt=\"\"><img alt=\"\" src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAADXCAIAAADjvn4TAAAAA3NCSVQICAjb4U/gAAAAknpUWHRSYXcgcHJvZmlsZSB0eXBlIEFQUDEAAAiZVY5LCsMwDET3PkWOMPpYto5TghMCpQm5/6Jy7S4ygxgxiIfS3j7tPtblus/teLe0/OSa1NX5BaBiiAEhUE+UWdlI81qgsdDsGx7KcWFiVGL+LMAHR8eNQDiMas69Jx69rk+WUhaV/t1ki0lhy+EW/Gpb0fQFroos+GSEz4QAACAASURBVHic7J13fFTF9sDPzNy7fbObZJPspveEBAgQOtIREVBRbNjbs/vsBXt56tPn06e/Z8WnIiJdRJAOAtJLSAgQSEgvm9623zLz+2NDiBCKqEDC/X7ygXvvzt47c+7snJkzZ84gW3xvUFBQUDjncBzRajWMne98nAEIgdfrE0QJne+c/Llw5zsDCgoKFykIEEaYoQ4agAF0bGJ/1+mfRWdPQYAQ6maNP4CiABQUFM4LDAAQYIyg4wgAw9mfot+enjnoDJ6CEELor1I55w9FASgoKJwfEEKYYNYVbECobQDQ3TSAogAUFBTOBwwQAowwtJuA2hUB6uy0/cpxp2ee4I/dEHWvpt9P5wqAAVQ3A0htpyYz6BRNoaCg8GfCECCMcSfNbqenfzzBH7khAoTwCR93eTpp1xlAdR28chMjPGIMOAIbsmFniaIDFBQU/kwQQhh3LRNQd6OTRr3aBX1TxFcfJP4XgzjgvkJr9iJdyDnPnYKCQrcGY9QV2n+Ai8QLyCeDxUBnPcckGWQZMAIegSghcECTCQJVv0lsL9p3/P3MCbYgvf/Q6RUcVYf8x0FRaWr++GeJklxfdgAATBE9dGq+7Z5NLmgqBAiwxsVUF+cCAJjibcEG/6eMseriAgAvgMkWH/NHSq6goHB+QQgRhLpK+4+7YfsPx1u1GkvRc9fIKfGEUqAU6puhrgksJvbQTTAuidk9x1Lai/Yt/Xn5zt17duzctWPnrq3bdsxftPjGySPtJY0A4PQKfVPjV69dt2v3njVr14cGB/tEqeODREkOCQ5ctnzl2vUb0hOj3T4RAOyNzlunjNu5e8+XX/23ujh33foNWdk5t0691F7VAm2tf/mMrz7Lys7+7IsP7EVlf7V0FBQU/joQAoRxl/jDGHf/EYBHArCIN10GjCGOwMbdvvH3awBQ8XJ63w0sr0BaNo0TVZgnbekHZPYLCwvreIeJE8Zvy760saHRYS+bOv3vl44d479+8/W7Xnr+PVu87diDCc7buzkxPi4lJXn1mvVbN+7TxodAc9Et064dkNkvN3c/AAwc2N+g17/w7JOz5q0VRLmh1TPqslH33Hk7ALS2OgGaAaL/SuGca7w+sanVDYAMepVBq/ZXOEGUPIJk0msAQJLkuhYXITjEpPf4RI5gFc8BQKPDbdZrnR6fy+0Dgi0BOp4jANDq9rqcPo1OZTZo/ZXX6fERjLVqngG0ujxut0B4YgnQA0CDwy0JEuZJsEHLceTk2TwjRElu9fiCjTr/qSBKDS1uwCjMrMcY+wSxsdWDMAoLNJz174ox1uz0BOg1BGMAkGXa4vYGGXUA4PL4Wh1elYYPDtD5Sxqg0yCEKGUur8+gVbe4vFoV19ji9t8KcyTUrBcluaHZhXliMeoIwaIk1Te5AKMgo1at4s9aFJQyv2w1GpXZoEEISbJc1+QChCwmHc8RUZJEieo0KgDwCSJlTKtWyTKtb3VTSbYE6gnGDo8QoFM3OjyCTwSAAKNWo+LqWtyMsrBAA/5jvVOH2+t0+rQ6lUmvQQg53F6nywfYnz3OL0+eJ7LMmlvdAMCpOEuAjlJW73BTUQ42610+0esR/Hcz6NVaNV/X5OJ5EmTUnSJvCBDG5BRzAE4BdDxgBDIFUQaegEMAmQEAaAl45LZkPAKMQM0BT0CUQaKg5YExcImg50Gk4BQAIzCqgGDwSuASASMw8MAT8IjAYeAJeEVgANqTvGeEECB0CidQSllts4vJMuFJsFFHCKaU1jQ4/J+ajFrGmF6rBgBJlt0+EQFoVTzHEUmS65pdgFGISSdT1tjiBsaA4FCTnpC/fNoZtYeCYAyqi2Hph+Llwwml0OKkt7xM1hxBtAoKlrEYGyMYvl8u3fqC2hbPAMBetK+isjIiPDwyqU/lkRwA+N/Xs+6645Zly1deMelyACgpLYsItz321IsfffB2bu6BPhm9bPG9RUlu9Yr+Jwq1jtvuuXrmjI937t4zaEB/U0QPa3DAll+W8xx/wy13rVy6sLm5xWQKAIDPZ3x9/713AUDu/v0909MBYP2GX8eOHtGd4lh4fWL/vulpaekIo5Likh9/Wm+1mgRJTk6IjYmO/HHlL0aNKiTIPG7cGK/Xu2DxsuFD+re2Ovbn5Tu9wg1XT1qzbsOwwQOioiJFQVz3y0Z7TX1zlf3qG6+Jj4+z26u//3qeNS7c6fGNGT7Y43Hv2rufEDJu1LDw8AiHw/HNgp+iLKbRIy8xmcwul2v9hk21DU16jfqsyyJKcmxUeFpaj+8WLQszG1pcnqTYyJEjhsuy/MOSn+0NLYMzUgcPHugThE+/nm8N1J2FDmCMMQaXXTp6469bPF4fMAg0GQYPGrRk+armRtfECSN69Eipq6v/dsbHQVGpl48fNXvmkpBwk9lk7Ne39/I1GydfNsZur+7Xr48gCIQQSZI+/t/3melJI0Zc4nK5flq+yu329kiOGzJ4kCzT3Xv27DtYEKDXnoUoKGU6nWbk8GGBgYE1NTXfz16qD9QGBxqnXDGJUrp23S/FlTUDMnoEBZo3bd2FEcrMSOd4fv2WXYFG/VWTJ+h0ug0bf3U5HZmZ/X5es2HKxHHBwcEIoaKioi07sq6dMplwZMEPS4HSs9YB9qKKKTdcmZiYWF5ePm/xKp2Ov2z0JTExMZIk/bp5a2l5FWVs7Iih1TXVer2+Z890hJDb7V60ZAUCuPrKyw0Gw7r1G3r3SrNYLKIo8jxfVVW1aeuuG6Ze1dLasm79Jp9P6DRvjDGjQR8aGsIo7TRjLhFdO9CzZI8aA44JlmNDxb0l/KRMb4AOEIIjVSgxnPlEIBicHvAIcLBMdbCKT7QKMcGw9oAKY3r9YO93W7Q9rOJlfUWvCDM3qb0+bnQPX+94ySfAqr2qonp+YoanuplsK1RP6OU162B5tlrNdaKQEEKNTU2Nza24s7pKKTMatGNGj9LrdU6n6+dV65pbHaHBgVdNvhwhwBgfOnQYE7Jxy06NirMEBfbulSaKUkVF5e79BQlR1okTLhUlce2a9aGhlj59MnielyTp1183V1XX/9U64NgIoM4HE8dJ44YgmQJGMHulvGoTZ4sH+9EEkgxXjsKmOMkjEW2HkYPVYq48ggHowbyDABBisQDA+Cuui4mOys7J/fjDd15+4amM3j0BtC1uX3JUWIQthFKKCSkurfz2y08+fO+ttB6pyRnD8nPyr79yfHBQUM6+3JVLFwIAxqipuQUjNO2Gqfff++KLrzyQmpJSVFwSHxfb/UZjTTWtAwcNTkvvVVh4JLP/oAGDBr3wxNMA6MYXn4uIiMrPP7J3+/o3Xp8vSZJepy8oKBx36fjqavvGjbvBV3HFVVNy9u2/dPyEVkerTqfrkznguedffPS5x4cMuaSysqJv5sC09J4vPvUqQO0tt33qaHWsWTbFFJE2fsLE+vr6PlZbYmLSzz//PPnKq3NysuMTki69bMKzz05vdTj5sx0H1JdVP/zQfUOHDf92xpceTXR8VMSLL71UU1PD83x0TMzcufOfeW56eVmp3mB4Ncz66ovv2qKDf+8jKGVqFT/piqvi4xNenf4yALnr1ecGDx02c8aH9z86fcy4S8vLSvv1H5iSmvrCS+9eOn5CWlr6C08+13vShEsvu3zet0uuvva6RQvmh4TZeqSmVVRW1NRUXzl+xA3Tbqqvr9dqtcNHjLr1uon9bpiaOWBwU1Pj0EuGv/HaG7UNjWchEEGSksNtV1x19YH9uYOGDIuKjl65YtVjjz/uE3yU0pGjx1w3+aY+ffpGRkb8tGAtIBj28HC9wbjixzlv/99SURRdTueddyWu/HnZ+AkT127cNn7CpPLyUsZYlb3m7w/db7GEEI74fMI33y+ymPS/N28AYK9teWL6YwMHDy0rK+3Xf2DPXr1fevqhyy5/W5ZFQLhf/4Gvv/GPkoM7L5v4jwP79gUGB8fExlVVVWpcrvrS2q/mzJBl2eFw3H3P3aUlpVabNSkpubDwSEur86Xnn6EU1BqN2+X+efUvRp2m06djhAhG7CTulTl1aOPUmrhw8y0zgyf2FUb2bfLKgbdMqNiRp+E51uTRR4c7+ySItc0k+4gmIdyTkRAy+d9BH97XHGj0Ld4Xff/IlokDfPvLVP++v6rITo16GNkX3/zvuKkjW63BLS4PvnI4RD2e9O3YxuwCvSjjp24s/2SJDWMtIZ0rAHzylcA+UUqLjLjiqqtzsrPjEk0jR415559vB1tCRo0Zu39/LsYk0uUZOWrUsoWzHGB+8vFHJVkKC7Pu2L4VEDz00CNutxsA4uMTKysrhgwddigvT6aU51XnwD/qWEMuV8F9z0pqlVqUmOBlj/2TD439TVLGwKDD79wi3P8vog0/dn3qlCsuu3SMzyfcfus0ANi6bQcATH/yYQD4euYsAJjxv69feO7pmbP+d/utNz305vR77rqdMoYR+vjTGQ8/uC0rK3vM6JGPP3jHA/f97YbrpgDAnHmLACwA9QDI4/V8O+v7555+YuEPnwwbMhgQ/PezL997+/Vuth4PAIAygnH+4UOvTX+0R99LXnv9tcGjRhIM4RGRjY0NmZmZe7evj4iMmvHpJ0sXzQKAa6+/llIKvgpo81FDhJAZX3yZv2/rsnXbMzN6Dh8+6q0338zaugaHJs//+ouxlw8PCwuTJMlgNIQnZTa0ODjCPfvEG5og1XffzDBs3MAYe+25vwPA2x989sgjDz5+/6O2+LOxsFHGAOTExOTqavv01159+5VnXn35+fzDh1948gEADkD6fOaCXTu3v/3KMwDYFJlqjQo6O4FhjAWfkNGv3yVjRtQ3NQ4eOtTn9YIqZuSo0bNnzVwyfyaAbcnqheNG95dlOTmlx+333llYWIoxApA4jisuLJo387PPv124edMvc2d+/tGM2YcP5b3+/OMA8PWcJfc/Oh0QKi0pfvGpB2fOXzZ06KCZcxefRSPLGGCMEMIvP/PwhKum3TDtJp7nW1tbHr3vVgD49yffvPX+K2Vl5cAAgAFjGGOE4LZ7H0MI7r31BgAM6tBxYwcghAhGwNj0x+7z33neT+uW/rT4uy//C8hmizsbFz1KmU6vHjZ85JczPl+x+PuMQaNfePHFxN5DMEI7d+386tMP5vy4JjkxruTgToIJwogj3J5dOz754C0AuOP+x3mOu2vazQA+ZIlmjS6gjm/nz3vypTehoWDC0nVffvHF6qXzwBRrCw7oXDLQFgripK0cwT6RTBlec99+nSgRBIQjyCeoJt+bDD1o3xD25Hdo3/tHdh0Mvfu7gOfHOe+ZVD462RBr9alVjt5hMCaDbstTPzyldvvBgKv+LwxU9PCbZbePaCUYZ+UHT/va0vTZvhgdwgjLQKdPq9qSGzR3lynWRDttW9Ap/UAZY4Rgr8/74lPPAbR88OnM666/bu3a9bU1NS899RAAAAQOHz78pjse3LFrT0Ji4nVX3v7N3E+oTCdPnlxfX/fkQ3cCBAC0Pv/6v6qqql5+5mEACIlO/+OW2NNyTPdy4fDxYt7tlQFArUUfThdqy38bEgNBi5Pe/wZvsf7mFtOfffLN119+751/9OqZXlhU9MRjDw8cNrZnz54A8OH77zLGXnjuaQAYfskQMCcdOpy/J2tvVlZWdk5OWXkFAKxeu45SOmTwYNAm9endu6Gx6YefVhpslrZcEW76M0/m5xdMvfoqqzXsu9nz3E5nt5yN8YMxAQjL27vZ0do6cGD/gQMHVZZXZO/dM3zESABYt3rltFtu+fK7xQk9B8uy3C9zwMdfzf34q7lUpowxSZKefubp2T+sKi4u1GhUhOOytq6xxvWitflerzc2Nmbw0KGbf/21qKjw8Uce8NUWSZL0wX/f+HrGJzu2bnE6Xf4MaEISN23aHGgOPOsi1FQ1Pz79CZ/X+/77/+nVO8MQmW4ymZf9vNxoSwmNSTVFpev1htnzFgVF9rDGpavJ2c+tYYxkKu/ZtWvKNdfcecftB3JzPR7P5ROHYg4vmT8zLLYXgFhTUx0YGEgImTt71pVTromMiqCUAjDGwD+4RhjzPA8AtvCII/n5JCgeILC4uDgtPU3w+WLj4r+cvViW5C+/WRR0dD7j98IYIIC/P/PKdTfcePBAbnRM7P7cHDDGkKD47du2BQdboK0JbFMCVJb79OlTXlYKoLHGp+jMGr+IZMoAoS+/X/zRjNl9hoxdtfLnyyZMnLVg+YQrRzk9vrPKGAsO0FFGC4uKg6PScnb84na7R424RKbyyNFjZy1c0dzcuGbzbn+uEIAoiSNHj5kxe/H1t9/fu3dGeXkpgGyNT7Xo1WHRwfrwGIRQnDUISPivmzbdeffdM75bPLRfmk8QT5YB/zoAhDr/C1GjFif3+TLLS7eWmwNExhBjWKuWc3/M2zi9JEAnW0MQRsBzkGaBQ5Vao064YbBY3yruzY+YNrbSZmm+55uQMDPaU6AZYIVEPc4vC+yf6hAlMjit4cA/Cg6WmEo9GABfP7JBryEvLgqNMcHJMoPQ6SsqAhQcFQHYVlCQHx0d63S5IyKjvvjuh5ff/hBA3L5925BLho0dM6qpqRloOQIky3JkdExOdhaY46xxMQChsizHxcV9PmvR86/9q66u9Sze6e/lmAKwqGH1BrJmK8UIKIXbJnLXjKXV7vayAQAsWisBcPxvR2wzv539xZdfzfjyqzfffjcx/VIA3bixIy3BQQfyDq1Zv2H9hk2r1/1SUVkVFxv7+D3X/Pvdt/pn9hvQv3/fPn3eff8bS3T6O2/9X319Q0bvnu+99UhwcNDBvLyC/Tt0qt/MTn/w0acAUFVlv/P22/S6s/wddgkopQA1wTG9NBrtvpzcgYOHBIdY+mYOMAWaJ0656cN/fX7T1deJonD99dcyxvIOHnjv3x88+9I/EMYIEOHI3Dlz3v/3e2FhNp1OD4zpbWnVxVUARq1O63S54hOT+vTtG2a1RcXGpvYZjBDKP3QIATpw4GB75fbWHRk4cIDX6z22EPx35Z8x0PKpPdJ0Bv3f7rkzKNhySWZvt9s1atQIh/1wbV2rKIqCKFw1eUJjRV51ozPQbKQnMQGfCRjjXzduDLOGWW0RmzZuIIQcKiiSJXnImMk1JUU4yBQSGuZyuTDGi+Z89evGX6bddBNCuNOitbY0h9lscmMRQFNERITdbicc19TY4HQ66+pqwVV81ooKtTXr0uaNv/zrjVfr6+qiomPBUSo3FvXt29ftdsHR9w5QAwAI4crKSktIKICnuqg6xGz0//4wRsDYm2+/+/5/PjpQUPrjTytuvXZieXnpFVdd6bBXnU3GEDg9Po1aHRsd2VB+yJbYR6VS5RccIZjs2rH9+edfMpkC77j+SgAghAiSxHHcnt27Xnz1jfkzF1VVVVlCQgHk6qJqk1GP0LGOfGhk0Odfz542ZbzH7Ro1ekxjneMUkkHopK43PEYYs++2WY5UBN02vlqUMMbgFfBdn8a/80OEKHMqgvy3UBN0pJEUVlqvGl61Oy9ib6H60n5Ol08EN+cTaa8YWuRGFIMt2FFcrSGYldeaMFKV1ZjAiwHYmt0Wp1f6903VpQ58ivxAWyygk8KANZTbgdqjoqKam5u0GnVNTfWzL732+Zdf68Jsv/yyISQ07JLhI/Zm7fKnxxjX19bGxidAc3F1nSMo0oIxrqyqvP/pF/73zWxz4NnY9H4vx9pZhCA4Bq5+glSskUODSIABP32z+MNqFQDiCOPUUFwq/+01lSX2mAg4QgDgw4+/2LtzE4AWwBQUFdRY7r7j1psAYNrtD+Tu2uBPefX1d/ww7+vbbrn5g/feOWHmtnnjr5uvm3r1k489AgA//LgUIML/Y+M44h8EffbxRzdcf83iJcsAKOEIQugczI+fBxBKS09/779fWW3hZWUl1rBQSRJvu3YiALz81n/GjBt34823NDbUB5jNOxcsnHrdVFmWiw8UAtTzPIcJRghPmXIVZVQUxW07dgYFBs76+vPy0pLwiMhdO7bFxSccKTj82H23AcBXc5aMGTOK4/nVa9dXVFTcec89c2d/x/P8ux/NMJkDDQbDo088GxJ9NsssBFEaNSjDYgmZesPt4Ch55qW3plwz9Z1333vrzTc+n7kQIaivr5/xxYwnnnwyNaWHWqMuLS154/X3beFnM+DACHMc7/F6vps1y2QyOp1OnueLD+zYsvnXx5944sYbbrDZwnds3bJ8w85bb78DuPD/vPOR1RYeGRUJwPM8hwkBAI7jCCGAw+fPnXPPvfcn/G+OXm/ACN5+5ZlHn33N4/E88/cnvpk3+4nn3/jPZ1+HmQ1nk0+MOY7/77/f5C0JpvD4ZUt/uvf+B774dhHCSKvV3jL1xoefejQpJfX9T2c6HQ7GqEqt/vebL8xetPKrOYscra0qtXr50p84wmGMOZ5/5IH7EEI5OdmXDB/pdjlDw6zr1q5GZsvZZazJ6Vqy+Id7H3j48kmTbbbw4qLCTasW3377Hf0y+yckJUuS5PUJ/zdjtlar++nnVQ/ce3fPXr2fDg1zu10vP/PirIVzvp67oKWlWavVf/D++03uRo7jAECj1cz41zv1dbWW0NANv6zXm0/SY2N+wzpm0HkPQIUxz9EoE7vqk7DN0z1qFSUYGTTCv25qUvF01c7g/9uq5YnEEeAw4gDvL1WlxEjbClRfH9Q8eCWXUxCWFgtvzw9/9+4jqyObdRofRqoPfo758oEKexN5dU7cohf2v1Sq5QgTJO6xL5JmPXX4H1MbPl0d3GnIA4QwPo3ZGRkMxn9//L7eYDAajc89Oz05OSk0NOz5J/6uUqlmz/5+56bN5aUl8QlJn85cCAAcx2k0mp9+/PGBhx/5/NsFjIHD4airrbGG2d594SmE8LKlS3IPFqhOWD7154KOa47tFfDG/eIzt2EAxBg4PcBzMHMp+jUbOVyw+giEHZ3OsRftW7hocURkxIOPPFVqr/ev8/IIUp8eidOfebSmpua2+18IsxgwRpSxmuLcNevWyzKdMP5Oa5y5Y2eq3uGZPGrgU48/LEqSKIqXjr0mLDYKENSUtC5fMUMQhClX3m6KCI22Btvrmxud3mmTR//t7tv2ZOU8+djrtvjfWqO6MpJMbSFBkVERBBOn0/nLjpx+qXEarTqvoETFcVqN2hpmYYyFh9saGxu37z3Yp0eC1+urqqmXZDkjPeVQQVFMpC00JASAFRWXVtY0NFe3jBo30Gw2OR3Otau2DxuR4XJ7Kuy1ABBhtQAgg15fXFbhdHsH9E0vr7CHW0MDAoySLOcXFDU0t2rOyvGRMabTakNDggqKygjBgQEGm826YVt275SY2JhoxujefQerG1sykuMiI8NlmW7blc1xuFPPitM8CAAYS4qPKSmrbHa6RYmGBhpioiMPFRTVt7iHZaZbgoPdbtfqjbtDgvSpSfGH8osAgUGnDbeGHiwo7tMzpaCwxO3xpSbF1dc3tjhcTS5PSmxEQlysIPiyc/O8gmgNCdJpNQeOlKbERhoMusNHSvw9nt8rEJ7nEuNjsvcf9ovU4fZaLea01BRK6eGCI9X1zRGhwfHxMQQTURQr7XatRnPoSKnZqO+Vnsrz/JGiosamlvjY6EMFxT2S480mE0KotrbO4/XGxca43e6NO7IDjdqzG54wgOpG5/D+6cHBQY7W1i179mtVXEpCTHBQEMa4vKKy1eHsm9Grsqpqd25+emJ0ZEQ4JlgQhL378lQ86d2zh4pXFZeUlFXV8oSkJMUVFJX6BDE1MdZms9bV1u0/XKRWcZ3mjVJmCTJFRYZTyjoN1ibJkBAilzZimSK9mpo00OBCcRaqVzOMobSO2FtRvEV2eHGTGyEEPGHhJlpUTxiDpDC50YWb3UiiEGqk8aGyTCG3gvMIODZYFmSobMaxQVRmjCfILYC9lYSbZLOOFdYSjE4IHgeAMKqprq2qrff7HHf6llOTEjQatUzpgbyC5lanUa/tlZ7CEYIxyT1wqMXhjLSFGA2G3EOFhOC05PiGhsb88pqUaFtSYrwkS3mHCrRadVREhN8mebjgSEur6w86+J6W4xWARKGumu35SspIJZIMCIGKhzf/h1/8CHRRYPptm+BfCXzcKl+PIDVXHAQgYbFp7bn36wAAsMb1OnEoXe/wiHUF/uOw2F7+bx33FUGSeYIRQnUOj1RXABDScVVB90CSqX+5HMFIzXOUMplSfxeAUiZRmTEQJZkjWK3iJUlGCHEEA4BXENU8J0qyKFMAUHHE76/i9YkSpQQjjYqXZIoA/CMqSZIBAaWM5wgg5POJPE8EUaaMIQAVT86ipWuHMSZKsj/bMqWSTP15E0QJENKqOIyxIEqCJCOEdGr+7NcBAAiipOJIW6BexgRJVvMcAxAEUZTbCo4Q8omSuk2MVJSpiud8gqjmOYSQIEocIf4qJ0qyT5QwQmoVRzCWKWWUcRwRJRkAztonijHmE6WOClWSqU8QASE1TzhCZEq9ggQAGCGew4wBzxFZpl5RYoxpeI4QLEiyiiOCKEmUAYCKIwDgEyWCkUat+oONhFcQJZkSjDWqNpm0VySCkdsn8hxR85wkyz5RBn/9VPFUpj5RooypeY4/mh8VzyEA//vlCVap+FM4zocEm6OiIhhl7VE3GTB0LDw/EinjMELAKEOMAUJMpm0rhzncdooR83cgKGOUIYIZAiRSwIgRhACYTJHEAAFwGDBiMkWA2tYWIMQYQwgxgpBMgQHjcHsewB/82X+KEKquqamsrutUAfjfsscn+r2E1DxHCGaM+de3AoC/nkuyLFPmr4o+UeIIJhgfq3U8xwD8LQAC0Kj4v7r1hxMVAAA0+cAricLPiOcxY4B4+Nf/0DMzkE2JBaSgoPAnQSkNtQRGR0f9kUmgcwZG2F5dXVFV282Mz50YmALVYBf4h99hRj1iDAiB7Qch8Cxd9RQUFBROBsIIQVcIs4wQuoj2A7AZ4YtNqN1XItAAmr/cIVVBfjlilwAAIABJREFUQeHiAiG/Iyht33aFddif8RSnxww0Jzn90294Jm6gXZGTTjHbzoUPkoKCwkUKA0AIMEaUHmtZUYd//8jpn35Dfyy4rhG49PfA2YvOdxYUFBQuSmoJCrIR+agCOMMNHE+W4Pem/103xBgfaMHu0tOUqMvBrfik+2k1BQWFLgAmHl5Vx7pCxxoBEkUXleDUa8G6HEjK6nm+86CgoHBxwuAkq8AuSHD3C0HGSfLpEykoKCj8BSAAxb3kfMIhuv9850FBQUFB4TzA1YUdOt95UFBQUFA4D3Ay6Txat4KCgoJC94brZpPaCgoKCgpnSBdYhK2goKCg8FegKAAFBQWFixRFASgoKChcpCgKQEFBQeEiRVEACgoKChcpigJQUFBQuEhRFICCgoLCRYqiABQUFBQuUhQFoKCgoHCRoigABQUFhYsURQEoKCgoXKRwGHe3LQ4uDJAsy4Qosc4VFBQuXJAgCOc7D90QjHFhcWlyYvz5zoiCgoLCSeEYU6KB/vmctVQ9Hq8oiYyx7rf5nIKCwoUGd74zcBEhU4oAMO583sXj9VbaazRqtVajRkhp/RUUFP5yFAVwLjiUX7Bzb47FbPJ4fYIkTRw3xmT6zT48jU3NjU3N8bExypSMgoLCOUNRAH85h/OP1NbVXz/lCo1aDQAul3vFmnXjRo0wm03+BG6Pt9XpTIyPPZ+5VFBQuPg4IzdQniM8x534p+IV/XEaJEnanbNv2OCB/tYfAPR63aD+mTv2ZLWnqW9otIaGnKcMKigoXLycvgVXqVRf/LSR+I53FsIIlTg8r90xSRAlhBAhRJKkY59izBjrdC6UECLL8h/M94UGQqjTwvoEISzEcpw/aFRk+JbtO/zHjDFZltvVg4KCgsI54zQjAJ4jny3ZmJdXpuIJAPAEAwBGiMMYqVXNjQ4AQAh5vb4lS5djjDmO4ziOEFJeUen1ejHGhBCO4/waguM4lUr1zXff79qzV6VS+a8jhPxfaU/T8eAciOAPghCSJMnn83X+KSBJlI67yChrLxpjrEsUU0FBoftx2hEA8ja3fvDsrSU1zbFh5oNl9WnRFq8gOjxiZWXVa4t2fIgQADBGq2tqquzVeYfz3S7X8EuGfT9/UWS47crJl+8/cLCltXXEJcOOFBbX1dd5vb69Ofv79+u3dfvO2rq6kZcMRRhv+nWLSqUaNeKSLdt2OF3OS8eMPnAwr6CwaOTwYYFm84XsqIoQ8ng8WVlZHo8nNjY2ISHhuARqtaq6rl6SJI47JuqyyoqwsNBzm1MFBQWF4zn9HIBJp/5w6b64f/x6sKQ2/a0ty7YXvjBnT+hrv3AYvXDtYEYpAAAgXsUXHCnyeDw2q3XTlm1pKcmDBw0oLCretnO3Rq1dumLV/MVLgwIDM/v26ZGSmBAfGxRotgQHbdi8ZcHin5ISE/pk9Nq6feeRomJBlP737ZwFS5YPyOyn1+n+6vL/QRBCdrvd5/PxPF9cXHyiaYsQMmHMqOWr1jU0NvqvVFRWLV62smeP1PY70JPYyhQUFBT+Uk43AkBQ2+q5dohtZHKQxajKejwzOECbZDXcMSzaXlMzple83KYAABggjONiog0GQ2lFVYBBazYFlJVX2KzWkBBLfHxMeYU9MT4OIaxRazRq9a6sbFES1Wp1bV2DzWY1m0zrN2yOsFltNmufXj1dLtesuQtunDolLjbmQm4cGWNGoxEAJEkKCAjo1JhjtYYOyOyzecduj8uFEDabTTdcfeX23XvGjRqhUasRQlqN2uF0BRgN5zz7CgoKFzWnUQCU0oF9krNzD2OMCosYxqiItS1R5bXq4GCzv3FmjHl9PkmURFGUZFkQfHq95edVa4YOGrhnb05QoCkhPt7l8cgyxRh8Pl9zS0txSWlaarLT4xmU2WfJsuU6rS6zX8ba9RtkWY6Kimpqbgq1BDtdrgvcPM4YCwsLAwCv1xsaGkoI6VRd2axhV10+vuOVkYYhPy5bMWXSBI1GExpiKSopVatUarXqHOVbQUFBAQCdbPayHUJw57OUDGRK29s7QRQxwggBQkiWZcJxTofTaDT4fD6vz2fQ6ymlPM8DIFEU1WpVS0sLIUStVnMc53A4MMYGg8HtdguCqNfrBEGQZDnAaPzTC/xX4J/K7uj1hDEuKik7dSygVofjSGFRvz4ZACAIQnmlPSjQbDQaOCWEnIKCwjnh9ArgTG/UwQ/Sf9z+Lxz1dfEn6HgdOrjBHLvIGBy98qfk7dxzJgrgOCil9Q1NTpdLpjJ01XIrKCh0Jf60lVwdG2v/ccd/Tzw4Mf1vLnbZpv+swRiHhgSHhgSf74woKChcLCgbwigoKChcpCgKQEFBQeEi5fQmIIwQ4fg24zwAACD/AWOSJHVdM/1fDc9xa3/ZhE4e3RMBcns8AKDTatkZWP0RQi6Xm2Cs0WjOJL0CACBAgiD4BMFoNCh19QxBAJSx5ubW4CAzVYR2xmCEausbQi3BXUhop1EAGKHa+vol8791ur0tHhSoB4ygwQVGNQsw6q+76U5TQABjDGPcHuZelmXllwYAsiwP6Jdxim1dEMI1tXUAEBYawhgFAILwiekZY7Rt8hxX2avVKlVwcKAi4TMEAWpxOJqbW2OiI/1CVjgDkCzLh/OP9EzvQWl3C9v114Ex2bM3J7NvRhcS2mkUAMK4uqa+j/a5WZuhoQU+eDzg0wWOtbvZT+8FvvdFU8ukqWaTCSFUWFScu/+AWq0CQIMHDQgKDGSMUUr9/pEAcOyYMcYYwth/8VwU8a/HH+vNX+SO1+VTFhChtvR+lUkw2lFa73AJHZ1uKWNhZm26LUCmDCNGKaWUyjJVFMAZghCilNI2yXWT+nYOoJRSxmRZVoT2u6CMUSrLcpcR2unnAFQ8Hnof2KzW1x6Mfvpjg4BCF78fP3uV4V+LgOC2xj06KnLihPGJiYkr1m80m0xl5eWFRcUMoLGpqay8orSsnFLq9fkKi4pq6+tlSkvLykrLyrtHK0YpzcrK2rRpk91u/yNh3TBGb60tKWn2Fja42/9Km73/XF1ETrKJmIKCgsIf4QzcQBkDAI5Y3vyafr8RvXIb++989NZCHUD5sbtwHKV02YpVzz760KHDh/dk5yKEquzVFVVVapW6rKJyyqQJazdtjokMzy8oGj1iWE7u/p7paZRS0sUXPWGMy8vLGxoaCCF5eXkWy/GRn88cyuCa2IC7RsRL0rHuA8dh7D7cqcXfP6KilPpX3/nHWBhjfzwiQjClzL+0wn8RY9w+GuseqvcsaBea/9hvt2wfuhGMAaH2watfbu3JoIMHM2Os47Dv2Lto6xJ1K/EiAISx/9fqrzz+YO/tYjlacHT0+JhUO9Y6AGivn9Bh3Nx+qxPH0F0af9z7dglcmDHwT68AfD7hyJHChIR4AJh19OKbX0B2do4gtG0SQAiZM3/RoAGZMdFRn3659porJukN+u/nLjAYDcOGDkqtb3C53Vt3ZtlCQ222ML1eV1PXqC8t65Ga8lcV6xzSvvNB+5s+a2TGJImKHcePCDodTSKEWh2ttbV1yUlJVXY7oywiIryhobGyqjKtRw+O43Jz90dERgSazaIoZu3NHjig/6FDh2tqa1QqVUbv3lqttqMOaP9hw9Eti7vT77Adf+jW0tLSlJQUhJAoSbm5ua2trampqRHhNkmSD+Qdqrbb4+Lj42JjHA7HkcLC3r16+XzCvn37ZCoLPiE1NcXhdIaFhgYGBu7Lza2pqY2IiEhNSW5ubq6rq09OSqyssgMwm83abXQAAhBEseDIkZ7p6Tk5+5JTknmOP3TocGxszNat27Rardfn65ORUV1TXVtbq1Zr+mT0ztmXK/h8UdHR8XGxh/Pz7VV2hHHfPhmUsuLi4vT0NH99270ny9HampKaquL5vEOHBEFISUmJCLd1j7pHKd2//0CvXj0PHTpcU1MTbLGkpiSfbD/w88jpM8QY9fm8kiQJHZBl2ev1tDcZhw7n78zKiQwPLy+vSIyP27Jtx7YdO63WMFmWJVGSZFmW5b4902KiIpLi400m06TLxuYeyPN5fV09FD6lNCIiIiYmJjAwMCMj45wNaBBCTU0tA/v3r6isKi0pO5xfQAjesnXrP9/7qK6+nuO4uQt++HrmdxqNesvWbRMm3YUQWrVmrUaji46O5ji+Y+svSdKa9RtEUfR3dXP3Hywrr7gAa+ofByFwOF3Lfl4BABxH5s1bWFBYHGgO+vjTGQ0NTTt37V6zbr3VZqurq+cI2Zeb+/wrb5eUlqlUfEho6Jz5PxgDjAaDYd36jS0tLXuy9q5YtdYaFjZvwaKDeYdaWh0D+mdWVNmLS0oP5x9BqBtJDyGv17dg0WKM8Vvvfbjwh8WM0eUrV2KMbeHh8xct1hsMOp12xcrVWp0+OjqK5/n/fDJDq9M99swLhJANGzcLkpSQEK/RaLKysl75x7uVVVU8zy/9ecX+AwdNJlNra2tpWVl2Tm5ycpLRoO8eY1P/HiEzv5sDAKvWrldr1KvXrCsoOHIB/qxOkyFKaWxsrM1mO+7FUEoTEhLCwsL817Va7Z03X19fX19RWdWvT+/EhDijwTBu9KjhQ4cEms3RUZHRUZF33Hy9x+v1z8U1NbdMu/ZqrVbTPd53cnJyv379zOd864LHn3r2u9lz6hsaeZ73+YQdu/b+/cG/7du3H2McEW7bdyAvZ9/+dRs2Pvjw9QCg4rmNmzaVlJRqNL/ZfYzn+biY6F82bkYIcnL3N7e0dJte2IkghNRqtX8Lo6LioismThg8eGB6Wo/yivJ1GzZdN/Xq3r3SBw8aAAitWLX+zVee27FzF8/z8XGxkRHhyUmJJpOJ4whjbNeu3Tdcd03fvn2uueqKXbt3Y4yffGb6rO++b2ho7LjxQzcBgUatBmAZPXtk79u/e0+WVqsjhPRITYkIt6UkJ+l0OoLxxg2bysvK1Wo1o6y4pLRf73QA4Hluz56sw4fzCSHrNmx+8bkndu/OkiTp4MGDV10xaUD/zJ7paQCQdyh/+fKVgYHdyb0NaTUaAOB5rqGhqaGx6cLs7J6msjLGTCYTnBCWhzFmNpvhqAkvKjIiOirS/xGl1Nwj1W+VjowIZ4xptRr/RwP7Z/oTDBqQ2Z3sfX9iQY66TR09hZNWGyrT/pl9kxITBw4YsHL1mkOH8+sb6ndnZe/ckzVp4gQAePHZJwZkZq5d/8vqdRv8cepuvP66yMiIjjt3AgBjLCkxgef5r7+b1yM5YfiwISfby7N7IIqSzydoNGqO4wuLixFChcVFlwwbHBcbczDvUHBQcHNzkyCIh48c2Z2VveCn5ddOncJzvCRJfisZlRnGOCIiPDd3f2hIyP6DedFRUbIk98/sGxcXN3jggJ9XrDrfRfyzYSDLba7tLzzz5GtvvWPQaQEhKlNZkqlMGWMIo2k3Xh8ebpMlyWDQIUCx0dEYY0rpiBHD+/TqVVhUXFJWuicre87iZddde43BYMg/UsireI/byxgbOWLYdVOvFkXxPJf0T0WmMgBQmbrc7ocfvNdms9ILzzvo9L2Vk7UFHa8f7/54Ymwf//Wj0yAX5nzI+QUBuAS51SNI8jGhcUR2C53Liuc5tUqVmpoye85clUp1+HD+04//PTY2JizUUlxSYrEEBwUF5R0+ZAowZWXnAEBwcNCChT9YrWFXXDHJaDAcZwWKioyYeuUkg0HPuo31+gQYA44jrQ7H5198eem4MXfdcdu8BYtWrVozbMigqMjIiRPGz523MHff/sz+/bwez8vTn07rkRoTE5Wff6Rnelq4NQxhzBgLDg7EGI8bO+brmbP++8lnYWGhw4YOsVfXqFSqtB6p330/V63qbjG9McbhNisAhIWGcDz/7JOPrVy52h+x0WoNwxgDsODAoHkLFobbbFdeMSktOfGy8WPnzl9UWlZmsQSHWCzGAOPBdeunP/1ESnJSRLj1cH7+tBuv/3bW95s3bxkzepTBoD94MO/j2tpxY8ekpiR3j34hQhAdGQEAoSGWIYMHRoSHH9fxukD4HdFAMUbo6DolyrrQYrfzAMa4pLQ8KMh8ijQIodq6egAIDbEwxngO37pg/5JWATr2+RmbYFAtuKGnIFGMUFV1jVqlCgoKbJ9zlmWZ4zi/t4+/i+qfYWv3YGGMcYSIssQRzn96spV6J9vXvkuDEGp1OJpbWmOiIv3uOjzHsaNdEL+s/BZb/97UjFFg0O4L5E9AKeU4zi83v8Nb+wHG2P/dju+iG/RvKKWHCwrTe6T45UMI8W9r6q9UBGNRkgCgo1jaaxfHcZIkcRyRZeofBPgF2FGkcFT4AADACCb+l9KlW39C8J7s3Mw+vWSZ+quTJEntVeh8565zztReiTEqr2lqamxGCGFCYqOsOjXX7ZqL84ko0W+uSe/M4xMJUie1p71KHdez8J/6P/U36P7f6mk7IN2v9T8RxpjQwc7Q8WfJGDvRBNEutBMP/In9bX276C7MXt4fhDEmdahCHY23J4oFjkpGFI/Vw05TdhR+F1o5dYa0V6cLvEqc6aw0IWTOqh1+d+DCitr9+aUX4Ix2V4cyxhic8Nf922UFBYXzwhl7LDAIUBGtTltWUd3Q1Gox/ma7dtRh/xa/Xzx06Ba1e8p3TNYtDQ7Hcep5f3x0whcjdCb9H4QR8u+4dkG6E1yYoLYIJEf/VzgDEABDCCGEEWKK0M4YhDCCNrGd77ycKWeqABhjEdHW7XvyCiobUuLComJs7OhkIUKovqHBaDD4Hezs1TU8z2k1Gp1O52/07dXVQYGBarW6obFRq9HotFpBFF1ut9lk6h46oH0dY8fiIIxamk/l+4UQcjsdANCi4s5EDgghj8spCTyPkRIN9AxBgJwul9ftbGlu6h6V7dxAZSp4PS3NzVSJoHfGYIwlwdvS3HTBWvxP5PQKwL8+HiEY3Sdp3srt5fWtowamxtlCZFnGR2d1duzaExBgHDNyeEVV9aLFSywhoSlJ8f36ZDDGamrrpt37+KfvvtqrZ/qK1esaGpueeOSB5rr6bTt2Tr36Sp9P6Or9MoxxWVmZy+WKiorS64+tZOExfm+nXU1OZSgj/jXiRbVn+CyCEAMfZWeaXgEAMAKEsFyhCO13gAAI1ksNNec7I10MnphX7+pKQjuNFxDBOKewoqm+CSGk1qj6pSdQBtkHCn0+gTFmtYWkRFsZY6IovfzWO/94afrsOfPHjBqxd19uTFRkn969AOCnZcvDw20btmx/9rGHFy1Ztu9g3ojBA3ulp2Vl57g8nvr6hn59M/r17nXqwJkXLBjjysrKgwcPYox5nh86dKh/NIAxLi0rVwfbTq3dqOAFAKxqWydxsrTtHVfq8wDGmFefJKFCJzBJZJKANfrznZEuBWOy20H0Aec7H10MydHMGU/l+3ehcbr9AAhe8WvOVSMyfF5fXmlNgF7b6nQjjAMMOsronJXb//HANYIoqdWq1MSEAwfyDheV3n1HzK6sbABACARBWrZmw/133lJdXdPqcABjN193zep1v0iSzHFElmRMSGx0dJd2KRVF0b8dgiiKxxkZRFk+9ejGvzAESzIAIACvRCVKO36FAagIVhHMAAAQlSmigFCX9zI8lzCZMpliiYJiNztzGJNlSmV6Ee7OffYgJMmUdSmhnc4ExMCgIjqtxucTJEmiMhUFKcJmaXG4GQW3y9uecOjggdNff+eRe26Do75xGJND+XkZack8zw0fOmjTr1sQRpTSW2+87qGnX7jl2quumDihvKJizvxFD957Vxe1zzLGwsPD7Xa70+lMTk4+WSwgQriOQ4FO/YI5Dr/xU26LW2zfQ4wBeCWaGKh94creovS7G33UWYPX6cVzw3l8tMKfzsXgxHExcBoTEEfIih37K0rt+4prRvRLHDuktyjJ67bmrN5VMLZPXHRs+MiMJEluC/S6as26gQMyg4OCsrJzsnNyARjP85MmXBYUFIgQWr5ytTnQHBsdZbNayysqnU5nVXVNWVnZyOGXxMZEd6Fpk+NAR+noH+03AWFzKAIghNuwbo3b7VbxPKVUlOSExISUHmmUUir6AMBv0lHxJOKVNb1MbetIRcrMWm5EquXdzRVVr17qEyQARAUPQhjxbWkIRggBZYARCBKjjHFHtQcDEGWmJr9xR0AAPpmpCOJ5DAwYYx1XHbeDMTrZcmCMUfsSQI60BaqQ5U6St+0h2uG6IDE1dx7cI5gsMUnAar2igH4HjMkeJ9EHnNiZ9a8xlCRJpVL9Lh3Q7g1ICAFAsizB0bhphJDusIYOoTYTUNdRjacZAVBK+yZEFBdXBejUlkBjsFEHgMwB+tAArUeUe8WFy0d/+pTSyy+71F8z+mb0zuybAQCMgf8KAFx+2TjGgFIqSVJEuA0AUlOSoesHAT9t5ByEwOv1Trn2uqKCglCrVavTLftxcY/0np2UmsO8P6A8A6TCfx+ftCHHDnzn08gEo+wix859zUhiySnGIBPvc4oDegb6W7lmp/TN5rqnJkeIIpUpIwQhAITQ7A32ywYEz/6xIjCAMwSrrxkW6l/OwRhgBIyBzNjBCld6lJ5RwBgYgw5fhwMV7oQwDYcRIPTzxpraBkFW4yuGhYSaVQiAMaCMYYQwRo0O0SdSa6CKASCAVo/8w6aaOy4L71TlKFzg+I2clDFJFMvLSiyW0IVzv//bg4+IoiDLsn+AK8sy8kdEP+rn3bZ5ACH+PcSLC49EREVzHLdl04ba6uprbpjmj7C07MdFEyZftXHdGo7jR4wZ51cMCueG0ykAxkKDTA9Nuwwh8PdeAWDiJX0nj+jHGEi/DSrQvuZNljtR5FIHI0aXbvHPAkJIweHDWzdttISEDhgyhOCTRo32yozHkCvQ/46Lzzpcu6q4WU06mUfACOxNwtxf6p6bFh2g4+yNvqpGn+CjdS3i9qzGyAhttFWbVycs31RtsWj6JAWs21XPRDZqsKWmRRIlpjdwt10d/eXCsp35LRwCr0e2hmoOHW5NTjSqVPiFeVUvTQqxhmlzcptiovW9EwI2ZTc6WsWIKP0/FtvvHGSaMCSEMqio891xTfShwtZVOxvG9Q/as68pNkYfa9UdqnA1NwkVdT6vRx49NKSy3IU51D/dXN0sIqTYgboeHMcdKcg/kJPdf9DgirKyn35YcPX1NxYdKVi6eGFUTExG38wN69a4Xa7ho8eWlRRXV1VqdXqEUVV5eeagwbbwiHUrl+t0+sSUlDdeeu6m2+5OSEresXWzTqfzhx+vqig3GAx1tTV5B3KttgiEEXTlMUCX40z2A2CSP6p/+6puWRZESZQkxQh4hlBZjo2LS07t0bd//8DAwJPuGS3Ry3qFchz5eGx8nVP47kB9EI87nUZGGB0od43tHRBs5CtrPKJXkijjOfzFCntGumlDTktptcftlvv0DFyxq6mwxhMZrqsV2Z68Fi2PEYLyOmH7vsYip6wlaNbmxpho/cJf6gb0DfpobS2VWHgoHx+l/+5ne1CYbua2xoXb60urvQMzAiODVcFmrmei0f/aEUJ7Dzav2d/aL8HwryX2fr0CF29uOFLt+WxdfXpSQFiIum+SIUBLYuP0B0vchbXeTjWZwgUOQqiutuazD99PSE7+8tP/IoT6DxoSHRPXWF83YMjQNSuWr1u9cte2rWq1ZsPa1WtXLpdlWavVbli7esiIkUsWzV807/u6mpry0pKSosL4+MT03r1j4+Ovv/k2wnH+m69fs2rwsBExsXFTrrvxAo+a0C05jQJAADJloij7/5QW/+yQJNnr9cYnJur0epfTqdacZCMEBI4W78uTe3gonZ9lt6lOOlBgDMKDVPZan8zAoCX/XF3X5JZFygIxRIZqhyToSxqEiGBVbJg2KICrc4j7DjvKWkQqUr+rKY9RiJF/+uoIvRqPTDNqOBykxTFh2kuiNJQyo4bwPHFT0GrwLYODHB45LlIXalaFmFQ8j81Gvt3EqVWhG4YGJ8UaItQoKkw7MFpb3iikRWljQzVGLQk08iDT7ftbKp2y0yt39QUfFycIIYfDEWAyIYSvnXZzgNlsDAjQ6nQRUdGRkZEmk6noSH5cYmKQxdK7Tz+NVtsjvZfBaIyOiY2OiRF8vvLSklCrNSU9PSY2Tq3RBpjMGGOMEMaYEK6+ro4xZg4KAgCMMSEYd6e9dLoCpzEB8Tw39b25MWreoCIVTu/AHrEPXz7oLDxSLmYopRn9+u3esd0/UcwY6z9w8EmMYGhjScuh5vyKZl8AQRQBo+DtzGhOKUuP0q/Jbv7m58p4i8qqJzxBhDJVAD93ZVVuje+ecWEf7WlZst7u9lJJZLUOKVRPRIm6BUopGPUkIcZAENQ1eF0CDTOrXAzmrqzcVuEbP0ilEml+UWtypKa8zK3RkaEpAd+urG5uFnonBxgI+nVP42VDQwDAK9D4GKNBhQlGTQjNWVGZbffdNc64s8RDKTPruE17m908Trbweg6JFFzCxWX36x4wxmzhEYFBwbXV1YTg1PSeM7/8LMBs9njclEJra+u4CZcvXbzQZDLr9DpRFCRJkmTZ4/ZQypqbmiZeOWXv7p3xYpLVFh5gMm3esH7YiFEb1q3Z9Mu68ZdPLikqHDJsOJVlp8OxYe3qHVs3Dxg8LDo29mIzEZ9HTuMFpOK5N2YsuX/a+L2VLXEGMmvr/tevHSX8eQrg1M5kXddg3NELyH/asf/bvgFvRy8gniM3/2+7JFN01IUGAGQGJi3/5W0DBFE+zgsIAVAAp0uSZGbQEYQRMMAIHC5JoyZqFfb6ZJ9ANRqi5nGzQ+Q5rFZhmTKew6Ioq1UEAGTKZJlpVNgnMZdb0mnavihKTKshDqfE88ig45xuSZSYUc+JEhNFajRwwMAnyCoV8e8FLsrM5ZY0GqLisE+kWjWmFFpdokZFXF5Zo8IqFZYlplHjcz+GVLyAzoYOXkAIIcHnczpaNTq9TqdraW5WqVQIIY1O5/W4NRqt0+kQBMFoDKCyzPHQ5PBNAAAgAElEQVQ8MCZJklqj9XjcWq2mpaWVUdkYYJIlyev16A1Gt8uJEFapVKUlxTFx8SqVSpYll8uFEeZ4TqPRdlVLQxf0AjqNAuB57sNvl4cmp966oXTxhNicwtKXpo5qj93KoG37EEKw38PHHzrc5/O1e8S3+36deHNKqdvjMRoMAOAPOO7/uj/mOMbI4/WpeL4r1objFMDJ6KgAEIJmj+gWpOMWgml5LlDn97c73g0UOqgKYOD3t4Gj/pftHx07ZgCo7bRdqH4te7LEHa90PPA/uuNNOiZuT/CbkqDz87tQFMDZ8Fs30PbuS3tIx/bjDkEe/a/+WKjH3356/EF7MnbCI85lQf9MuqACOH0sIJnSIL36nfRQDUcAoKaptdReD4wxBsGBAbHWIIzJrDnzU5MTB2b2a3E43v/ok9SU5EuGDPJvErn/YF5QoNkWFkY7bAdBCEYI19bVvf/JjH++8nxDQ8Pdj01f/O3ndnv1PY8/9+OsGXZ79aIlS61hYZMuHx9gNFDK/FugMEYpZX59c+FPGSGE0KkanbYq3+4bE6hVBemO30+KMWDQFpPRPzjo3JcG/SaSxG/2lUTH0rSf/nbjyZMm7njlFAfHfb0Ta//Jrv/ldJCxwu8BddDr7fXN34Z3PG6/8ttXzzr7lB13h6NN/4mP6Kpg1FFoXYDTKAAEcMgjyUVFAP/f3n2Ht3GcCQOfmd1FBwkSJEES7FWNTaSoXix3SZbkIhfFveXsXOJL7vJd7i7JXc4pl0SJE8ex7LgmtuQiy7asLqv3RkmkKBax9waABIi6Zeb7YyWatmyTSmgLlN/fH3xAYAms8OiZd3fmnfelh8/1JMdErD1UqeWwRiMQxqqOVa96ZIkkKzffcN3ra94qnlq4d//BWxbd6HINeAYHX3r9DcxYv9vDETJzxjRJkqYWFGzbuXvGtKlbtn2s1eluuHaB2WhAiJnN5vmlhS6X63TF2azUZLfbU3amfP7cOS0tLV6v929r342KjMjNyT59pjwzIz07K3P7x7tiYqxLF90kh/G2EYyQyyd+fhLPxUOoJCOEiCyN7uIUU1FGhBCJwMXsqGGmSFSWOTrKLxkgpG7pCCgchi/tsmA5oPBkPH1pIwQAWVF+tHzugLu/q+KllGnfs8da/2/TwaduLN3fNLBkSsKLbdsZQowxa7QlEAh1dnTtO3z8mV/97LU31prMJvfAwJOPP3L02Am7PZEhdK6qmjFa19h803XXLFuy+NU31wx6vJgQxhDP8wV5U3btOzAw4H7sgZXbd+/t7u6+ZdFNx0+c9PmDoWDwxtuXP/Iv//7EA/d8sGnrjdcu0Oq0c2fPDP+VIkq//D8CQ5wWIaSMdm8UQ7zuco4HCCGGsIAEAb60y6YzwZd2mRjWR4yvL23EncAsNS4qxWqK7ApFsibS34tCAztqeh55t+7l24L6T/IU8bJFN/zuuRfmz56p/s4YiouNNRgMlFFCMCYcpZQhxHPc8ZOnO7u7OcINNadVFGVa8dTpi1b834+eyps86bfPrp4yMVfdGo4YS0ywGY2GnPTUkqlFeZMnxVqtpyvOfv8//udvL/xRvKSHX/iQKStJGU91AQEA3zQjrwFQShHmonPu9/WexUgOBHFmtPHlO3JybKYjDZ+098zOyoowGosK8hBCer1e4HmdVosQiouN+2Dj1jtvW3bm7Dmnqz86KpIyGgwEJEniOC7CZFKLKZjNpiXzZ+ZNnogQmj9rRsGUiQghg8FACNEIGq1WO29m6foPNxgNxsKCKZVV1fNnlo7rGqIAAHDFjZAF9MlxhMOYEIJf2XVi3/m2CA3vleTMKPN/37lQzQrFGPM8rygKpVS9eB8q8zTUKhJdrBBCKRUEXpYVjiNq82iEkEYQZEWhlAo8TxlTFIXneUopIUSW5YuPsVpwhidECuNFYEJIY3NrTlbGlT4RAAD4QqMNAEMoY4pyobQ6IRxPxk/7y68RBAAAQPgbdVP4iwjGnMBdSB+H1rQAADBuXUYAwGouNUaIIZh/BwCA8W60AYDniNsXHPT6KaUajWC1mAm0BAIAgPFsVAGA57jyutYX9p+9eYLdHmna29DlcXv/c+X1AiH/4K0ANJYDAIArZeTiqwLPHTlbv72i4YVHl8RFRfxu87HHbyz99pJZ//bKZn9QVKeFOI67kOSDkMDzaovECx8w7PFnMMRESW0SgniOEwRBEAT1fT7/XL/4pSsOSg0AAMadkfoBYNzn9m4sb/i32xbUtXV39Xtyo43bj1clREV8a27e5rIajhCO43bs3N3c0spxHGVszTvrPvhoc1d3jzqgd/f2Dnq9aoRQa72pCaM8z3sHfWvffZ/nOELI7r37n3/x5ef/8kpXd4/aIFQ9Ui0qxxHC83zt+Tq1i9DwV3meU5+5UuFBzXYVRfGKfDoAAPzduJ/85Cdf9jIhDW3d8VGmrCTbtrLqKWkJbq/faNQbtUJOasKmw2fn5WdRxjAhew8cLJladOjIMY4jiQkJJqOhsrqmsrLq6PGT5+vrjUZD/4DbbDadPVel1+l27dnn6u+3WCx7Dx1ZMHsmQ2j/gcMr71oRG2M9fPRYYkLCto93BgIBi8VSca4qyZ54tvKcL+Bf9ewLZqMhIsL88e69sqIY9Lqz56rLz1YSwu07cFCn10VZLF/zhBLGOBgMlpWV1dfXI4SioqKGnu8fcFujo77OkwEAgMsy8lUzlZU4o271up1l5Q2/fXdfVrLtf9879MHHx09XNcYKBCFEKc1ISz3f2NrT27t738HrF15TVVPb3tm9dcfugrwpWelpJUVFikLPnqtSZHnH7v1UoXlTJu/Zf2hwcJDnLixC6HTat9d/sGbdB3Nnz3z1b2umTys5drKsqqpm+679hJCDR45ao61Z6SkF+Xk//dWquNiYN95e19PneO/DTdOnFb+65q2M9PToqKivfzkBY9zZ2RkMBgVBaGxs/JxWyAAAEK5GCAAMIUGrqetzP7HiurxJqT978Mbmtt7f3r9w8TVTJ+ekdMtDFVzxzdfO37h5e2xMjNosAiE0ITszKckuaITISLNWo+E5jhBOoxEGPJ4jx09KsiJJ0iedTyjNmzSRI9hqtWoEPjEhfmp+Xmd3tyBwCCGO47UajUGnM5uNGBOdXn/XbcsQYxNzs2NjYh5aedfeg4fP19V//RPxjDGz2YwQkmU5IiICVgIAAOPISAGA0XR73LHzHQODvuUz897bX775VIMvIOakJG4+Ujl3UhplFCFEKS0qyH97w5ZrF8xBCAVDIUmWA8EgQkiv12/ftYcQsv/Q0c3bd4gh8eSpcq1GoFSmCvX5A+oH+Xy+3OysO29duvql18zmiDffemfrrr3TiouCgeCWbTsqq88jjJwD7n0HD88qLmpva29uaRUEQf2ItvaOSblZPb2Or/ar+vzvh9lstry8vOzs7MLCwqE2OAAAEP5GLgXBEdLhGHhm46F/WTJLQejEucbrpk06WtPc0zew8vpSDl8oBYExDgZDGo1ACAmJIkeIQqlWo1EUxev1mc0mn9+PGNJqNYSQwUGvVqvVajWSJOt0WsaYKIpqCpDf79dqtV6fT6vR6nRaUZL8Pr9Wp9XptMFAUFYUo8HgGRzkOc5gMEiSrNVqfD6fJMtmk+kKrgMP722EoBQEAGA8GFUtIEJIr8v9yt4zXDAUqxNqfeL83KQbp03Cn+7fNpTUP7wh3PBfP/O2lx6DPp1PeWn/uUsfDP/1H/omxhQEAABA+BttMTiCMceRC03iMKKUykq492O5giAAAADC32hLQVDG6IWyzwQTjlFY7QQAgPHt8ibNMSY+x/mm/S95+2oxDt99uQAAAEZ0GYM4xgRzfGfZ8ykz7+4q+w3heARZjwAAMG6NOgBgLPqdjXv+IPqMrUc/FP3Rjfuek4MDQzGAI2SoxoOajcNx3FCNoM+llnxQQQY9AAB8zUZeA+AI4TiCMAn4BiOSZ6XOznU2lqXMvK2/pTLo7jfrohhisiyfO1+fmpJ04NARhNCUyZMyM9L37NvvcDiLpxalJCchtfMvY0MZk4SQw0ePOZ0urVYjitK0kqlxsbHDE4GGP6aU4ou6unvaOjqmlxRTSodnXl5Bavo/Y4xSWBgHAIwbIwQAjpBT9W0vbToiyHRaTGDp9TMH2mvrP7hWs/IkJlr1GIyxJMmHjx03m02SrMyaUfrqX9fMnzvrfH3TXXcsHxhwh0KhtvaOyMjIGGt0/8CAw+GMi421WCIL8/O8Pt/ad9578N6VwWCQUupwOM1mk6u/PxAIJibEh0TR4xlkjCXZE2VZ7ujoNEdE+Pz+hqaWyRMmtHd0xMbGWCIjr2wMoJSWl5d7vd6srKz4+PhwCEgAADAaI0wBEYI3nan/95XXTZmSfuvihbIsRacVJsz+vSU5HzE6NNSpkz8EY4wRY1ShSlpqSs35+i3bd8bbbO++v6G5pXXtuvXdPT3P/eU1t8fjdPUjhPQ6ndFoNBqNlNJN2z+WFeXt9z5o7+h87c13mtvadu7et3XHrqPHT27ftbuxqeWjLdvaO7vWvb9hwONhjK15Z10gEPB6fVd27ogQ0tHR4XQ6ZVmurq6Ww7hPPQAAfMaIawDYKkspsVFN3oCoKK6G7d2V+/TRhV2V+zwtW3mN5lOHEnL85OkTZacfuu+e5CT7ql/+T3pq8utvrq1vbFIoTU2yewYHp0/Nnzm9NDsrnVLK0IWJIYQYz3McIVqNwBCaWpB303XXtrZ3MIZmTp92zdw5jU3Np89W+QKBlGS71+vTCML0kqmbP95zuR3tvwqEEHUmSq13faVPBwAARmvkNQARYUlRCKNGa5Jh+qNUoRgjhPHblZ6Hr0mSFarO6UuipMjy7BmlS5fcTCmtOFvp9fkFgU+ItyFMEmxxOp3OYrGsP7M5Jzub5/nkJLs69ouiyPF8fWNrfUNje2c3oywkipRSSZJFSZJkWZIkQRByMzMy01IVShFCrW3tcXGxs0qLj5edycnOuoIz75RSu90eCAR8Pl9qairHcTAFBAAYL0boB8ATsq68ITnSyIni1Nw0QavX6A1avel0c59TwkWZdvU6nhAcb4uLibFGR0cZ9HrGmNFgcLlclNIZpSUTc3O6ursJIUmJiZnpqZ1d3VZrtNFoZIwRjONtttiYmNSkRJ/fP624KD7eZouJMZmMCbbYrIx0qzXabDLFxsbkT5nc0dGBEEq22xPi40IhUZLkmdNLNILwNX1VXywmJiYxMVGn0w2N/tAPAAAQ/kYoBUEw7u73bN1/mmMsKF6Y4GYIYY57YNk8DU+GrnfVmRA0LHtHTQBVL88JIYgxejELSE3gGfpDSqk6f3IxUwhRytQ/H35BPfSG6kzLZ94nrEApCABA+Bu5FtDwKkDDMFlRwnLsDQsQAAAA4W/kNYChKkCEELX8J4WBHwAAxr/RFoNjCNU1d8qSZLFE2GIiEYQAAAAY50ZVCoIjnHPQn/fHj558e98ru0+pmT8IisEBAMB4NvIgTjDp8nWXN7fckBLz8iM39yvUH5SoHBC9XcNjgLrqO5QLf+njoaJAZJjLOFHIsgcAgDE18hQQT/jt53cdbnTdMqFYEaUim0UKBTyOU0HPQELB3VQREUIY41Ao1NXdI4piXFysyWhsbWtHiEVZLJGRkZ2dXSExRClNsts5jmtpaeV4jlHG8XxCvG00wzohpKmlxRYXpx+WagkAAOAfMcI1OMa4N+DITZjwnvtNrclLFRZnMrq7znSf+akpPksK9KGLhdtWPbu6qqbW7fYcPnrC6ep/Z/2HLS1tz77wMmPoxVf/Njjo9fsD6urxoNf73ocbDxw+GgwEhkq8qRf4w24jLlzyq3cJPM9XVFT6vL6hZFMAAAD/oBHuAAROuGf3DxwBh1lq/nX9ux8m/ixCp+089Wujv6xl71Jt9E3ZN7yKmXLsRFlh3qRlSxapGf3d3T1xsTHZ2dkHj51gjOp1OspYtMWi1WgQQlOLClvbO9NSk5va2ihjsqK0tHUE/N6uHmd9Y9N//fCpZ55/KSUxob6p+Uff/+6b766PNBlSU1IMBoM/EPz9n16wxVqvv3ZBjNUKkQAAAP4RIwQAWZH/POOnbYMdi7Y/9buURZRRSpWY3Mflut32mWu1JjtTZEwwZUzgeYTQ4SPHjpwou/WWRVW19ZXV5x/81p2CIIiS5Bpwa7UadQ8ZvUhRKCaYMEIIZpQ9eO9dp89UNLe02WKtK++8fceu3e0dHa1tHfPnzGhsak5LTaaMagQ+IcFmNpm+li8HAACuZiNMAVFGJ8RkOf2O200rzMiOedLj9Vsz5toKX/W7ugzWbMYopXTyxNz1G7f1ORxzZs/sdjjFkDhnRsmTjz6wbeduxpglMuLa+XPzJk8e6iKpUEopIxjLkhwMBGRZURSF5zjCcZQqiCGEkSAIhJD01OQlN914+63LAoGgQa9/+IF7e3r7Tp05e1kLyAAAAC41Qi0ghBBjzKQ1JfLJa0+23JCX/n5F0zWTsyJjMwV9pKCzIMQQQjqttqSoYNuOnUeOHrv+mnnJyXaq0IL8yRwmgWCQKsqhw0ePHD+ZlZmh0+kwRqFQKMoSmZOVsX3XHq/Pl5uTFWE22Ww2RVFMRqPRoE+y26mipKWlagRh646PNYIQb4vTarX7Dx4SRXHenFnqDUfYglpAAIDwN3IpCIQQz3HNff2Z//fOP+cmGgy6H69YoBMEhBBjn5ThvJDWyRhDSF0JUBRFrY6pLuoihGRZUSfuOY4whoZKKDNG1amh4UV+CMFDFYEQulAViBDMGArbEkBDoBQEACD8jeo6WlEUW6Rp78p5oaBoT4zVCfzwoV+lTusP/5Ohn5eWa1YUOvywIcOHdUVhlx4ALRcBAGCsjCoAMIQ0HJlTPBEjTKHzLQAAXBUuoxaQQhlGCCGMOR4xxqgy0h8BAAAIX6NeSsVY8juoEpSDfm9Pu94aFxE/+as8MQAAAF+t0QYAjEnQ3ST6OhXRL/l9gf6t5tifY06LoC4oAACMT6MKABghjhCO43iOZxjxGmNc7vc5QTe0GIAxVhN+MEJqFhDHcbIsI4R4nlcURU3mUWSZ43k1+Udd7/3MGu84hS/Ww7jSJwIAAJdh5H0AGKGQopyubTlfU9ve7ep2Bp1KTF/AzGn4CIMWIYQxDgaDS+5+iMni+o82W6MsBoPhv3/52+sWzMUYP/Wj/543q7SuvuHXf3i+pbW1tq5ekZVn/vziyVNnHH2OCbk5X8s/8ytECBkYGPB4PFqtluM49UnYBwAACH8j3wEwhHhCkmItabaFLQ7P8cau5fk5iComg27okpcxtGLJDQ/et1KSpP/42S+/8+gDer3OMziIGDIbjW7P4Et/e2vVz3/K83wgEKyprb379uUFBXlP/+q31y1cYDQaxu+1M8bY5XKVl5crimK1WvPz86FmNQBgvBjVFBDBOD7GUl7fdqis+lx3v13PzS2eaNZrh/eGlBVFlmWNRpMYbwuFxMaWto1bdzDEunv7QqGQxRKp1WolSTQaDRzHv7dh4/Zde6aXTDWZjOM6qVQNAIqi8Dzf29urzn1d6ZMCAIBRGd0aAEb+kLjvfPvU3OSbSyfurmlt6HaWZCUNXwDmCOF5vr9/oLm13WQyTcjKuO/uFYyx+oZWk8noHnA7nS6LJbKjs0uW5ZuvXzhzeikb/1sKGGM2m62zs1MUxeTkZBj9AQDjyGizgEx67V0zJ7+551Sdo27l9InFWcl42PBPCDlztuqV19/o7nP84DuPRUSYDQa9WrDBbDKYjMZ/efLx3z23OineFhsXl52RxhBDn7dDeNxhjJnN5uLiYkVRDAYDxnj8TmcBAL5pRq4FhBEKysrB07UD/Z6awVBOorW325kSoZ8yJSsj/kJRfoyxIAhDiT2MMZ7nJUlCCAmCIMsyxpgjhDI2NEReHfk/qkuzgKAWEAAg/I2qGBxjKCiKiDGe53ieD4VESpmg4QWY8fgCEAAAAOFvtGsABp0WIaRe5up1WgRp7wAAMM6Nqq0KvjjHcfEJhhiDfEcAABjXRg4AGOMBb7BrwC8z5vGJGOPBgBSUaZ8nICvjfhUXAAC+sUaeAuIJfvtEa2mGtabb09I3WJoZW9UxEB2hwwTPTLNiKAYEAADj08h3AAyhCL0wPcvW6w0mxBgb3cFzPb4ZmXENTr/LJw718BIEQRB4QeAJweqv6ks8z2OMeZ7nCOH5C4vGHMcJgiAIwlWTOA8TYgCAcWdUi8BmA//WsZp5mTFdnmBBUrROCXa5BuKMxKzXMMQwxqIo/WrVHxLjbSFJumP5LQa9/m9r333kgW9xHPfBR5uvXzj/5KkzVdU1ifbEpYtuwhgfPX7y+MkyjUYzZ9bM/CmTGKVqhijGWK0cpzaVRBf3ChCClXCdbsIYy7JMKRUE4UqfCwAAXIaRA4CssGV5CZ2nV7EmTQLhmhsdedFxcqvvGvsCsy6dUgVjpChyrDX6kQfv6+3r+/Uzf/7BP3/7va07k5MSltx8U1tHl9PVv/pvb617dbXD6VRLgTqcrvlzZycmJPznz3/943/9bu35+skTJzQ2NQ8MDMybO7u65nxRQV5NbZ0v4M/NzjLo9VU1tcVFBWEYA9RCeKdOnfL7/enp6RkZkPcJABg3Rq4GihBiiJgS5uiiJ/H6FHdboy3/7ojkhdqI1KFdYLKslJ+tLCrIj4iIOFtVnWxPSIiN9voDfp+/f2CgZGpBuj1x1Z9WR0dGpqWmYIzrG5ra2tq7e3oS4uKaW9qs0VEOp9Mz6J00MXf9hs2xsTFHj5/oc7pSU5JPl59FiPU5XFnp6TT8Ek8JIa2trQ6Hg+d5p9OZmpqq3rhANVAAQPgbVRooQojwmpaDz7nbtuqjdT2Vr3o6qzH51PQ9x3EcxyHGWto6tVpNKCSuuHXpvkNHahuaEMazZ834+Y9/dODw0UGvV50u12o1hfl5d99xqyTJhQV5/kAgJSUpPS21ras7Kz3t9Xc3ZGWmZ2dlnqs5f+R4WWH+FCUs60YwxkwmE0JIlmWz2QwrAQCAcWTULSERMsVP6m/YIBhsnCZKF2Eb/hLG6ODRE6nJSWXllffcfovVavX6fAa97tEHvnXHI98bGHC//Nc1WWkptrg4k9HIGBNFMTExISM9jTEWCAZFUSzMz1v98uvnzlXPnTFtw5Ztz//mf195463JE3Jnzyhpam6JjYkJz9IRjLH4+HiMcSAQsNlsalecK31SAAAwKqMqBYEY87laCafpPPV2VPo8hJEuMp4XdBpzzNDuMJ/fzyglhFMrPIuiqNFo1ClyjUYTCoUCwaDZbBZ4HiEkiiLGhOc5jHEoFFLTgbxer6IoJpNJFEWdThcMhrRazdvvfTB/7ix7QkI4V45Tl68ZY0OjP5SCAACEv1HWAqLOup2MSrqoNGNM5kBLmRxyGWMmmOJyGfukK+TFgy8sDAx/8EWvfuZI9YChP6GUtrV3pKWmhPPo/7kgAAAAwt/o7gAQwkSdLGKMUYwJQhgxOjT6f3XUlNCv+lPGHAQAAED4G3kNAGNEMEGYfvI7Yur+X8q+8m3A43H0BwCAcWGEAIAxEiWlsrUjIErqJA5GGGGEGNJrNVNS43mCYdETAADGoxECAM9xz2w6oiF4cnIsZQwj7BH9MlNkpvQ0isca2r9z0wxJDsf8HAAAAF9upDsAhAKKMn9i+tRMu0IZwaRzsGdA9EhMTDLHVLT1fvJGPI8QYoyFZ74mAACAzxghACiU3Tg5bWtF445zzQyxHp9Ty/FxBitGKCg5lhfnUqr2d6TbdmxjjKWlpuZNmaRO3LNhDSBVF1YPLnl+vFNL2l0FPe4BAN8oIy4Cs2iTwazVBBWFIRRUAowJakqnxaCL0GvVYnCSJDY0Nd97951/+PNfIiMjBEGQJcloMjocjtiYGFlR9Do9xsjt9mi1mujo6N6+vgiz+eqonkYpraio8Hq9mZmZ8fHxV1NgAwBc3UYIAISQd45Vl6TGFaYnKpQSXNTrdwbkQJCKbgf/0ana7y2aJSsUIcxxPEMME9TS1v7uBxsfvveudR9unFqQt2bdB0tvvrHiXBXP8dmZ6bv3H/zBd594/c23v//P//T1/Au/UoSQtrY2h8PBcVx1dXVMTMxVU+AaAHDVG0UpCIzcvmC/108Z4zDnDUpuMUgRHfBK/MXBDmN8uqLSnmC77+4VsizfctP19sTEqMiIhQvmtbV3pKUkHTt+kuPJzOnTauvq9uw7UJSfp9FoZFn+av9xXwtCiLoHmBACtYAAAOPICMXgFIU+PK+A47lTTV0VLT2vn9zzcXWld4AfdPFmg27FjMlqV0hK6dSCvNuWL83JzhJFURTFKIuls7u3qrqmvqmlrb1Tp9dJCm1uabl2wbw16z4syJ98dUyXU0rtdntqampUVFR+fj5c/gMAxpGRdwJreAERjBBy+B1/OrRaL+ifmPFYpC4SIcQok2QJIaQoSkdnV0pysjrRHwwFExMS2ts7WtvbU5OTJVmOirJQhQ56vSaTcd37Gx576P6rIwCo1Gt/SinUAgIAjCMjBACBE/68688YY4JJq7+jmfXKVJkkpMTr4hSqmLWm++bcLysyGlazYaikjzosqmOi+pPjuKrqmqgoiy0u7moKAJeCAAAACH8j3wEInIAQQhiF5JBr0IUxjjZbNZyAGGKIqaP/6BFCEGNh2NplbEEAAACEv5EXgSVFQggRTAQixFvi1Wx3debn73B1X/gDAMA4MqqGMBzhur29/W6XoshRFmtiRDxjCF3tV/EAAHB1G7klJEe4PU0H79vwyC9O/M6huH9z+I87KjZxlCIy2naSAAAAwtAIdwAc4Q62HG1zt79z+xsBGuzpannkwInMudP7j/zQdOf/I5Z4NKwhzNDyL0III0SHtXxRk2Q+8+ZqBv3QX33uHtovKRpxldWTAACArxlBF7MY1d8xxmTYpT2HyZbmXcsnLuYR+fXJv1STMZUAAA+DSURBVPSs+0X+f7ynX3yHacUPQ7u34GEbwUKhUHNzS+35OrfH09/f39XTo74PxjgkitW15znuU3cMhJDauvpQKNTa2tbc0uJy9ZPPu6UIBoOfu7sKYxwMhSAAAADA340QQk6fqRAlSb1OF0XxdPnZobGYIWRXLCat8aHN3zndVRkVwIjnEULEFDl88GWMrXp29bnq2gG3+/CxE40trXV1DWp9UI6QQCD49vsfcYRTI42K5/lN2z4ecHuefeHlrq7e3/zheZ/Pr26kUj+d4zhZUTZs2Y4x5siFQKVCCPEct2nrjsAXhAcAAAAj4hljKSlJGzZvW774Zsbohi3br18w75OGvQj1Yk9IFqfbpv1nxQ8ejkAH1/xSP+mGvv2rE779LKMUIcRx3LETZYV5k5bdsohSSgg5daac6nQfbtzS0NTk9voeu/9bbrfnhVf+6nC5nnzsobXvrG/v7HrisQeNBj1GOCcrY8b0kvLKs4eOHtu0Y/f18+c4XC6fzyfJyg0L569d/1FSYnx/v9vpdEoKXb7k5uf+8kp2empGRsba9R8Rgu9YvhQKUAMAwN+B+/GPf2w0GBJscTv3HWhoar5m7qzoqKhPAgAhnYM9siTeU3iH2BOwOA7dcctfe91dR7W+ySmzGaZY0BCM2zo6JVHMyc46ePjI+g2boiyRhJDq2trvPvG4FAo5nC7PoPcH3/2n8rOVCfFxE3Ky/aEgYcjhdE3IzXnxtTecTkdqSkpmehrP8QsXzKk4W/m9Jx6vqq7JycxwD3pvu2XR2nffnzghx+F01jc2zywtXrp4UWpyUvX5uvvvuVO9zwg3GOP+Abc1OupKnwgAAHwhHiFEKbVao+bMKMUYW6OilGGrtYqi3DZh8aoTq12S/3vBhMhZO6XenliddXn6raFzJ5TOKuPKH1JFnjwx91//62el04rnzp61acduUZI0gtDjcHp9vj6HMy0txevzIYRCwVDN+QafzxdhNFFGZUWmijJ7evETjz2CMT5XVW0w6LQardPVL4pid28fwtjv9wuCEBlhnj9n1txZM06Xnx30DMqyLMtyKBRiFNYAAADg78T95Cc/QQgxxgwGvV6vu3SPLs/x81Nmtfq7E6raTbet5BKTOHsSSbTzGbniqUpNQTGjik6rLSkq2LZj55Gjx65dMM+emGDQ6aYW5G/YvDU5yT61sIAq8t4DB6cVFxXm59XU1mq1uvS0VKPBYE+MxwjZExMYY5Ik8TyflppiMhk3bt46q3TaxAm5Oo1wvr5+9ozSjZu3uVz982bPrKyqOXbyZEpSUow1+kxFxcQJuVfiexsB3AEAAMLfyKUgVLxG437hGcM9D7MLe4AZFx3jffXPpoe+oz5zYXmWqVvEPqmJhhBSFGWoZxajFF8snab+JISok/jqArFCKcdxaoqn+qr6cWqRIUWhHEcQQ/Ri/mh4LgBAKQgAQPgb7QS6rChCYUno+CGEMWIIIUl/7RLt3AWMXhh/KaWXZvoPPfOp0v+fHrKHRnDKmLq7ePiYfun4LkMPegAAGAv8aNMoKdWVzkbDDmayrMmcxKgy9CRG6JMDvtkp+hd3xQEAQPjie/ocY/JGBGGGL9wHYIJ5wrNv8BItxtjnD1zpswAAgC/D+8dinCKYeCXfG9Vrf9/6y6eS/h/VCvnm3IXJ8xWqMPRNjAIYY1m6GhpeAgCuYqOeAvpiGGGJSi+c/+t1ifO2pe+26qJfLX/1sbr7X2CvXZdyDWV/f/3n4cWFxheMMYI5IABAeBuDip6EkMM9J66JmzkzocTl73/qzNOr+95AmrjfN7zSG3IRfOEjMMbCRZ/bOxdjPPx5jLHf7/f5vOE/m45hyh8AMA6NQQDAGLf1NpTEF29r2rny3A8eNy98RJxY2Tz79vMHQ40VSA6pI6TP51u67JYbb7wuPTW57FSZRqNRgwEhRBAEjUbj8/m2bNms1Wp5XlCf2bp164YPP1SPDNt+6xjjQCDg9Q5CrxsAwPgyFnUUGCIcTxlt83cisSXq49/+KGsZf/38h7pKhMrtNDIe2SciRhFG6Wlpjz/+7da2tjVvvKHVaD788IOE+IQlS5e+v369LMlGk/EXT/+vwWDo6Ohoamy8/Y47DHq9RiNs376torx83vwFRUVF4TYdhDEO+P093Z2UUr3BYItPhFsBAMB4MQZ3AIyxLNuEfa0H7pt4929tT8cbJ+sjk7ieTn3QR2Jzua4mpEgIIYywoihr3nzzyW8/vnjx4mW3LFmx4k6H0/HRhg/PVpSXlpYWF5eUzpg+Y8bMgoICu92+ceNHXp9Po9E8/ugjeoMhMSEhPMfWQMCvbljz+3zhFp8AAOBLjEEAUJgyPW5qja/xZG/5rTg5qWgZGggG5tykJE9l8VP4+gNYEhHGDDHG2KJFi6pr6+YvuAYhZLFERUZEBgLB2NjYgqJCs9mECRkYGHhh9er+/n5ZkhRFEUOhTZu3drS3b922JQyHV4aQ0WTmOI5SGhER+bktDQAAIDyNzYDFGHsk+1v9QdcqvqahYr2cZje+/yLuriQ9Z8XpK5jOgBjDCMfGxCYkJmo0GkLIH//03NNP/6y1rW3x4sU6vV5RFKPRFBlh2bZtq8lkFAQh0mLR63U6nX7X7p28wE+YODEc7wAY02q1CfbkxKQUa2zclT4bAAC4DPh8fePYvBHCHCGI1wofPY1CXjn7Oq6zCg22SrMfVuIzEaVqExhFUdTFUp7nGWIEE3X+RJZljDEmGCPMEMMMYzLU8ZFRxtQZpDE51a/CZ/pTYowH3J6SovwreEoAAPDlxiwAfIJRRBXd8R1i+gRqy/hmpsNDAAAAhD/+K5hYJ4gj/tlLMaOIXqjv9g0UhisWAAAwHB8ZYR6r98Lok/1Q/8gG4KsAxjgQDF7pswAAgC/DR0dZxuSNOEyCSsgTGFQkiddorMZoxNA3sxAQQogQ4vZ4rvRZAADAlxmbKSCOcL0+59N7fvV8wx9emvX6APJHcaaHi++VFfmbGQMYgxkgAEC4G5tSEIOhwZ8e+c335zzV9ljnwpz51S2nH919//PHXmGfXgBWqz4QTHieH742fBXU0hnv5w8A+AYabUvIL8ET/r1zH2VZ0wsT8t47u2F7x/69zRtTdelNStee27ckRSSq6wGEkN4+x4ZNW6iiGE2mO29frtNqEUKMUYeznzEWa41WQ4HaLVJtJEkVhRDCECKEsIvX1ZRSjuMYY4QQShV6RfsOYIxlWaaUCoIw9CS0hAQAhL8xqAWEMe7pabszf/nbZ96758SKZyY+V2dIvjv/vs0Nm8VAgIsiVKYY40AguPrl1x6+b2VqSnJnZxejbN+BQx6PZ97c2e9v2BgIBh+8957GxuaOzs7SacXtHV0lUwtPlp3Kz5tSVV1jMOgrzp7LzEg3GowajRBviztRdjoqynKuqrq4qNCeEH9pL/uvB8Y4GAyeOnXK7/enp6dnZMCIDwAYN8ZmJzDRaryit9XlQw1F39/61wNdBruSeYvl7nP17XWt3WoD9z6HIyIiIj0t1eVyOfv7vT5vYmIC4fnjJ8tsNtvM0pKuru6Ptu2IjIxc98HGI8eOt7V3vPj62s6u7q0f75EVpbSkeP1HmwOBwJbtO7u6e5paWl987Y2crKyIiIgreP2PMe7q6goGg4IgNDU1hfNWNQAA+IwxuAOgjE7LmLa99mOzI7nq0Q0YIY4jCLHcmDSE0b6K+lstpgiTwWw2BQMBMSTq9fq9Bw4V5ef3Ofp6na60JLtOp7VERoZCoUk52VFRUUtuuq62ruGd9Rvuu+u2XXv352SmKbJy6OixYEiyWqNESdq4dceiG67NnzJpy/ad1y+cP2XSxCu15MoYMxqNCCFZls1mM6wEAADGkbEoBkeVkoRCh+zu8nRWd/YdrmvNSLXVtXY3dnQ3tnenWs06rcAojYmOnj931q//8Ozho8c8g15Hf39HV3e0xRIMhaItlk3bduj1+pa2jr7eXrdncFrx1E2790+aOGHfkWPTSqYeOnIs2mJRlwAWzpvtcDozM9Jb29on5mQ5HM4rOOwyxuLj4/Py8rKzswsLC8O2aQEAAFxqDBaBEUIYYcLhVW9uXTwzDyOkEbh+tw9jTAjefKzqydsWRJqNjDG1yVcwGNTp9TqtbnDQw/G8VqPhOM7j8ZjNEaIoBgIBk8mo1WoCgaBWpwsFQzqdNhQSfT6fXq/T6/V79h+0RkcXFeQNDAwolJpNpiteg1PNYmLDcj9hERgAEP7GJgAghAghbb2u3h4nxpghduGqnCGdQZeTmkAuXqQPXa2r8WD44y96ZvjzCKGOzk5bXBzHceHcMRgCAAAg/I1ZAEAIEfJ56fwMKWPaK5EQEv7NFyEAAADC31i0hLwII0IQYYhRqnx1eZnhP/oDAMC4MDYBQL3wP9h8tKWjQW82z8+eE2eMUeiFnMixvQMAAAAwJsZiIxjCMlV+dfAZKzGXZpS2DLTb1hTsnP5+nC6OMsprNJnJNgL5kQAAEGbGphTEtrpdOl5XnFSw5sy6v1a9GvIL7rLF8QaBIXRsIOh6/kmTUc8YU3vnqsu2amkHjLGaw0MpVVuDoYuTPOpL43RrFawBAADC39iUgmjsPP/4gsd/tXuVDmtlnp9kL3li2qK5MyYjhD4+eEqSZfWwslOnc7KzjEYjxrim9rzVanW73efr6hFC6elpeZMnVdfUarXalOQkhJDD6Wprb59aWDBOYwAAAIS5scmg5zXa/sCAiTP8qOJfp5nz/qvk275ggCoKVRRJUhDCCCGM8VvrPtyz7yDPc16vd/rKJ50u1+nyCrvdPmvG9ENHj584eaq+sennq/4oiiLHcW+tW7/1493clc7xBwCAq9XY7ARekDv/g8pND0y/7/bElbdPuV3Lay/NAWIMZaSldHR1ezyDu/cd+Pd7bsEEcxyn1+ms1ugVty4tO1MuCEKSPeHk6fK29g5n/0CCLS4ck/wBAOCqMAYBgDKaE52Ra81cdeKFidZJZb0Vr5e/K5BLJ5eYXq+749ZbHvruv7kHB2+8dr6iUIQudJIMBII8x1HK7rpt2YmyU79Y9cdH7783LPd4AQDAVWJs0kBlqsxNn1WUkC/JEiFElvDpykZCMEJI/any+wPxNtt9dyybUTqtpva8VqeTFaW7u4cjZP2GTXfdvryyqoYqyrIlN7e1d5pNxmAI2uoCAMBXZcw2glFKjVoj0iKMsdvjPdfuiG3oQAhVdThLpmSpxyxZdKMsy8uWLGKMYYw0giYmOrqnp2dwcPDeu+9ITkrSarV6vc4SGZmRluYPBJbcdAOsAAMAwFfk/wMa8ZkAkiMgVQAAAABJRU5ErkJggg==\"></b></li><li>Select [ Clientless VPN tab &gt; General ] If the Clientless VPN checkbox is checked, then the feature is enabled. Take note of the “Security Zones” configured for the next step.<br><b><img alt=\"\" src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAADUCAIAAABlKgy9AAAAA3NCSVQICAjb4U/gAAAAknpUWHRSYXcgcHJvZmlsZSB0eXBlIEFQUDEAAAiZVY5LCsMwDET3PkWOMPpYto5TghMCpQm5/6Jy7S4ygxgxiIfS3j7tPtblus/teLe0/OSa1NX5BaBiiAEhUE+UWdlI81qgsdDsGx7KcWFiVGL+LMAHR8eNQDiMas69Jx69rk+WUhaV/t1ki0lhy+EW/Gpb0fQFroos+GSEz4QAACAASURBVHic7L1nlBxXdqB57wuf3lRmuazK8g6mCoYAAZJN22xDiW2klkZaTZvZ0fzYHWl/zWh3z4yOTO+ZndVqdyTNSn2klmmJbLI9yfbdNCABwhMggIIr77Iqq7IqvQn73v6IqkSiqgiCJAgUgfgOTiEy4kXEu/Einrn3vvtQ9obBwcGhBkSUJBHYbb4rUEp13bi9d3W4p+HvdAYcHLYihJA7cFcGjDFEvAO3drgncRoAB4dNQCTAaoYAdp1cOyZYt+cWJEDE2zzocLjXudYAMACtsPZDAlm8I/lxcLjzIAJBZBt74hu75ngrEzh9f4fbzGoDYNf+/9MXmN+HBOHnx+D02HVtAKWrfRPEa68pZQwYELL+raWMkbU0jDEAQERKWW3KdT8dHLYSSJDcdhMAgDMCcLi9rDYAWgke20fjTQQQeA4IAmjAxNXeiaYZTM9fO4lzyy7ZtCyznAVA4FyyS669qF7MAu+SFYkxphWzILgBAIwSAJG9fgBQC3kAi0heUXR0UA5bEeTwNhuBEeB2m50d7nk4XnJRBpbGfucpFEWcmWcXxrCvDYZ62clzyEmgFYpPPPbg7/7uv33i4x9/4oknDh44uLKysjC3QA39j/74Dz/1qU9WyqXJsUleEgHAsqggSl/94/9cLOSmJmYsvfD7v//7u4d2EKC//7/8e5dLuXj+rKlXnv7M0//mf/yKWi5NjE3yonCnH8I1dN0wNB2Q2DZAXTc4jgMAVdUYA/sDRUTDMBFAU1XKgOM4ypimagBAOMIYM02L4wilVKuoDJAQ1FTdNE3Cc+9pjG8aJhBERFZzfV3TDdPk+ZttOE3TsrXLlFLLooRcu4JlWYiIiKZpMcYopbqqmYZJGSAhmqoBAiFE1w1DN95T5jVVMw2T4zlE1FSNWpTjOdMwCUcAwDBMjiOmaeqazvGcZVpAUKuopmFyPK9pOjCwU94M9sNhjHEcZxqmrml28VmWBQCappu6gYQAoqaqgETXDVM3TMMkPK+pGhLcaO9FREWWEXAdJkOeIGVICOoWGhQZoGGhSZExRESOoMWu/TUoGhRFDhmgaiIi8mT1IgZFnqy/PjCmafrG56xWVNM0Ccchoqpqpm5QBgBICJqmVR2da6pOGUNATVVN0+Le4/vmcA/C8ZJLK8IXnmDtMaLr7M++BVfG8BMHoTmKPEevjCGA2t3TNTDQ/61vf2d8fLKhsb6/t+fIkdd+9elfaW2JpVLLsVjzsWOHKQhGJUsN1VCLBx846HK5zrx1vKE5/slPPHHi5ClE2LFtIFpf/+orhwDYV77yZUkUr46MTk9N2y3HVkDXjYH+nu6eboKwnFyyKBvo711ILJhqaf+BA263SxJFSRTz+UJPdwciDg4NetyuhdkZwosH7t/H8ySVXBREsbOjLZlMRiKRwaGdosCvpLN79+5ubYktLqUsy7pJ9xLTMNs74qaua5pOGdx//z5R4Jfmp3YO7Y63tkzPzN5MG2CaVry1mVpWRdUCfl80Ek4tzAzu2tPa2jI9frmtvTOXLxDE1lizyyWHw+G+gb7mWCwY8M0nkg88cIAjJLUwt23nzq6uzmRyid6cg4ppmINDO+Lx+PTktKmW9+7bG41G5yZHunv7M9mcaZo93V3J2em2jo6Bgf6l1HJ7vKVSqezZu7u1LT47N79n95DH61lOrdxMG8AY08qV+w/s9/k8CzPjnd29/QN9jNGV5XRLrJnnuL7+vo7ODgTIZPMHD96PwLp7ulpaW9ra4rOziQP370dguXx+XaEQgi5ZwetbAJNiT6M1leH7GmhZxz0dRl8zDXtofzNti9L6AFUEWCpwvY3WXJbvbzITObK7zextsi4mudYg29dt8gSWCtxAzLy4yD/cqycyPM9d1wAwxiqatu4hU0p379kVb21JpZY1Vduzd1d7e7vf50Vk2Vwh3hoLBQOEYG5l6f4DB/1+r2mag0ODLS2xXDZrGKbTBjjcAGJY0NjAhvqQUTh2ntEKAgBjYFHYvwMDwWuq/1MnT7x55I18Pi+KAgDs3LHjytWRn//ylcbGBqKEB/o6vvSlL3/py1/p37ZzePhiW7wVAPbuHrIs+srLv+B4vlSplEqlr/ybL33pS18pFIrlchm3mA2AasXOzm5V0wYHh4b2DDHDuP/Awb7+3gMfe8QfCLjd7u7u7qamJqoXBrZtj7fGCeF6+/p7t217+ulf1XR9cHBXT29ve1v8wMEHZZcr3toqitLOwV19vd2xWIuu67/y1FOyLFX7azfGVHP79x/csWOHUc5+7rOftUwr1hp/6NEnm2MxUZL6e7tNw3z3i1RKXV09Dzz4kFnJHjhwsKur++HHP9nQ0Kgork89/eutLa2/+tSvqIV8V3dPV1d3KBQiyDXUN+RyhV//9c9ruj60a3dHd19He4em6Z/+1Cf1Yvpd78gYo4x1dfUg4KefeurJTz/l9wfqIpFHn3yqq6ubUbTU/PYdO9u7e4d27dYNo7uzo6e3v7GhIRAIpdPpvbt3BUOhgD9gmu8uHQBoxcxnP/85wnEdHV179j/Y1z9QLlf23bdfkKSu7u54PB5rjmXSmWKp/Guf+6yu6y0tLaViORZrqVTUxx97BAnW1dVt9iQRCVn3b6nM/crBXF897W0x63zWQHtpuYBFDd0uI96gqgbbP1DmeHzqYFoU4MGd+ce3Gb2tmixZX3mk2N9qeVz6w0P55gDu6y8+vUuLhgyDcRvvsk4LRCmTZamjo7NULv/KU59W3O5Yc0s6k7Esa/ee+5heGBzc1d7e3tjY+PTnvyCIYihU19/f7/P5s9msaVk38wwd7mV4BLAsMC3gOXAr1x3TdMgWV7dN0/rTP/0qIkiSfOj117t6BkKhIGOsoT7K8/wXnn5yZHw81hJDwInJqaPHTx08cP/uvfv7entmZmYAAAEQ8YWXfvzlf/3biPjsc9/+wq99bmtV/wAAaJrm1ZGRsdHRhx95NBQKDw8Pd3V1nzv39r59+1eWVyzLirW0+gJ+YGBRy+f3cRzn9XqLxcLpY2+UCrvaOzs4wo2Pj+7bu6dULLlcLsuyVE3TdO3MyTeDwVBrS8uVqyOEvIvWS9f0Hbv2LS0mg8GQN9RYKhZOvPkaAPzq537zhz94EcAAQZFl6WYk0g3D6/MN7jkgiGI2lwmHIz/49jMA8Nlf/x/KpWK5Unr0yScty2IAmqYlk4uyIrtccqFYPH3sjVJxd3dvD6MsGAwWikWAm1PWrXlPUmrJiuul7z0HIP7q5z9vGQZjFAAopT09PZcvDV++cBYAWuNxi1oulyvg9y8uLjY2NuVzuetcMG94M0EUj77+MgB8/je/qKrlunCdaZlGKcMoZYzxvBCNRiVJzOdzp46+DsABWG3xtjOnzuzaOxRva58YH4MNfWQEIATXZcEt4fyy8LHBXLagMCA8gY4G44VTHrfI8UQ/9LZnqFP7xGBldkl5crC0kleaI8YvznhHEvzvPZ2RRcujWCWVy6vodZndscqf/yjc6mO1t0YAigjA1rkKEURd186/dTwYCOzcMcBxfEN9w2u/fLmvf6Czd3tFrWiapiguSunh134OAPc/+GhdJBrw+y8PX5Ldrpt7jA73KITnYCmFJ84zQmBXH2moZwBACBACR95mQBEAEIDn+Rde+tEvX371H/7pn3/8ox8+/LEHsrnchYuXxsYnR0fH+/v7zp4++X989atf/eqfHn7jeDIxnUotP/nEo/X19cMXLwEAInKEXLrw9txcYmpq+u0zpwhHNn54dxxCCEf4nTsH87lsKFynyLLb4wkGgz/52c/jbW28ICwmFw794peAyHFcYnYum80qiuLxeokSaom3FfIFn99PCGlobAKAYqGABHVNI0iAdweDwXwudzMqIKoXurt7LMsSRbG5scHj9XrDjTt37zdN874D+1raO7u7Oqyb69/xPD98/ty27duvXrnM87ymqTt37+/s3UYIIRx36uRJr9fndnvsFprjOY6QheSiz+dDKdAaj2cyGQbMMHRdUwG5m3uIiIDZbPpnP3oBAbsHBof27GaUIiIvivZDzmQyLa1xxR/p37ELEXmOz6RXjp04LQj8y6++0t7ZBVb5pu4FQAhpbOm878DDxUKO4/hz584hYqytS5JkXddVVT10+OjCwoLP7ydyYHDPXiAyIUR0uzRNO3Lkzc6ubqZrGy+7Xj2PKHJoWuT0lUBva4ECaia+POwSecLzwBEgPkikXN2x4veOB7a3FUcTkmaQwXZ9V5fOc5ZpkaIqijxqlJRUbiUvfn5PWacbb7L5F2G/M3WR6PLyiqaqr795DHjh6pXLDz708NUrlzmeNwxdFKXmtu6+7bskSVpZWT751tuiIm96NQeHKhwvuTgJrozhrj7qdmFfK/S2Y7YAc0n48RGUPWAaVlNzQ0Njw3PPPjM9tbCcyQGIjz/2sTNnzv70xz+8cuXy1NzC3t1DuXwpmS7ILi8vCqZuutyutrZ4Jp15/rnnAeXGxvpoNPrmkWPJpeXhS1dN4Ae3D4yPT8zNL/HCVnEEMikLh0JdnZ2qWhkdGTFN49jhV02TiqK4Y9u2mempfD6Xz+czKyv+YGBpaakt3qYb+huvvGyY5r779uSy2ZWV5cXF5OnjhyXZVdHU5VQqk0n7fF5BEHp6ui9fuTQ9PSvchNGbCIpLkY8c+kUuXwyGAmNjY3t277Is69Arr/b199fXR0dGx2wT7o2vQ5F43HI6nTn2xuu8IALgkaPHt28bqKuL/OjFl3x+b6FQmBifEAQ+n8vl8/lyqUwITo2NGqax7769uVzuxJHXfIHQscOvxts7Z+eT3Lvp5e1azOWS3z59WnB55+cT2wYGFJfr5z/6ocfr3b5tIBJtzOdzJ9481NDU3NPdk0wmKbWSyWSsOdbV2bGSXtk1ODg5MbGYyt6MkQN5KbmwMLRriOPIKz//kc8f6OzoXFpacikujuNOvHmkJd7a292lampyYf6+vXt03UjMzHoDvmQyGakL9/f3X7lyOVcsrZOLcMTjca+zARCCbpEcm5Y4S0jlhZCb62mkIkfSRc6yuFKFL6mkokkjKTEoChdm5IvzUm+j2RqxDl/0UconM2IqK0X9VNXE505798TN2RWBEKy1BFPGSqXyumI1TauxvqGrd2B0bGTk0pVYa6yns1OUhEvn3wqFI2+fPub1BfL5/OTkxI4dO0VJnJ9PRCPRjrZ4LpepVNZbFBwcakE7FpCqwc52+lufIIQAz8G3fwknzoPsXU2kFsvAKtWoQYwxrZgGEGWvFwB0w6RqDkSvXGPOVQt5AAMARE+IIKqlCtCy6AlRiwICAhrljO1OepsFvjFqpQKmCRwvSJJpmpIkGoZp+8egKCMiIYTnObWi8jxvqmVATnK7TNOy1DLwAscLACAIvKbphBAkyKjtXqMBACcrwk23dqqqybJkWZZlWoQQUy0DL0qypJXKwKjk8dzkh63rhm1qtN2TeIHXSyVgTPJ4DMPkBR4Y6LpOCOE4goimYYmSYBimLZGsKJqmSZKkliuyS3n3+60+RlVWZACglOqlMiBIbreuG0zXgBeAMdmlqOUKWCavuEzTFAVBLxcBkJMVS62gIEo3peACALAsyyiXgRDZ7VZVDQwdeB4JYaYpuVxaqQSMcbICjFmaCoIoy5Km6ZIoGIZpaRVOdm0sFIHn66MRtkENpVsocky3kCdMtZAxkDiGCJShQBhlYFIUOaaaKPEMAFQTKQOZX43vYF/PYiByTDNR5llV3cNWvcuMZHJpnfWbMaYViwDASTIv8FWJBIFXiyXZ49Z1gxCCCEa5DITjRNFSywAouj3OVBuHG4PVal0twG9+gkWCSBBeewuGZ0DaQv6ZDg63CcZAFPiG+nrbYnEbQcMw5pOL7zrMcnC4VVzr+8he+NbPV/sLKDu1v8M9i+1jj0Bvb0WMgASdyWAOtxNeLWyyl6mgqrc9Lw4OWwONh1B0vRfQ7biviUYZnHjQDrcN/rc/daez4OCwtUBAJggVdts744yZVr+j/3G4ffCDPXc6Cw4OWw6LwdKduC/iJvFCHRw+LHhqrdzpPDg4OKziWAAcbid8wfu/3uk8ODg4ODjcAXh2k9M7HRwcHBzuLhyLk4ODg8M9itMAODg4ONyjOA2Ag4ODwz2K0wA4ODg43KM4DYCDg4PDPYrTADg4ODjcozgNgIODg8M9Cr8x6Pndih0T/07nwsHBwWGrwLtd98SqoYhQrqhej+fGEb6w+sfBwcHhbofn+XtiJrC93KogrC7OZC+nxRirHRMQRMM0K6rGGHWaAQcHh7uerbIe723ArukJIflCYSWdAYCGaESWZbsNQMRMLs9znNulEERHVeTg4HDXs3kDsNZFvgald0OViIjpTKZYLMVbYpTSqZnZhvqorQTL5QtulyIIAnMMBQ4ODvcGmzQAHCHJlVyhWFptBBggR1ob6whirR11o02VEELpbV5G9b2BiItLywO93RalHMe1xVunpme6OtpN0ySIdu1/p/Po4ODgcJtY7waKiAsr2YmZBZ4QjiAC8hxZTBd0zUDE5OISWaNQLK5tIiGE47iro2OUUo7jEJEQYv+tcvtlY4xZlrVuLCPwPFs7yhFCEAHAtCyn9ndwcLjXWD8CQIRioRSLNYe88kyq0F7vm8+US6UlJIiImUymUlFL5VJdOHzh4qXdQ4PLy8s+vy+VWpElcTmd9rjdyysrPV1dY+MTzc2NS0spSZIYY4IgNDc13k7BEHFmZkZV1ZaWFletpxOCqqqyLNvi2IcQkDLq+Ik6ODjcU2yiAmIMVM0scFpFNbIlVdWMlvqgIouMMUJIOpPdPtA7Ozff1tqSzeYoY6VSmTLa0dEuiqIkivlC8eKVq33dnQxgOZ2O1tXZw4XbL5uu64wxw7i2yDaltKu9bXRi0nb/4QiKoggAgsCXKxVFkW9/Jh0cHBzuFOsbAMYgUhfI5gpqWa9zgVouuTnmCfjtnrEkiQwACZFlaSWdbohGM1nd43bb5woCv5xO+7yehvr6icmpxsYGv9enKArhiJrRbP/L2yYYY6ytrU3XdbfbXXtrylh3Z4e9jQiFQmlyeqY93iqJYrFUqsri4ODgcNeD/+W//Jf1uza4ADEGtm7EVuUzRhFXdfoMGDBAREopIQQYA0QABoB2tVt1srwj9uHaDOQLxWDAv07Jg4iqpkmiiIgVVdU03bZhOIuzOjg43PVsqgJ6R014tRJn7Lra3D5h9ejqyay6v3bjNvOu92WMSaJobyiyJEvSFndkcnBwcLhV3EMTwXBtPvAmBwDtdgsJEHIPPRMHB4d7mU0qO0QkhENcVecwBgwYtazbn7lbC2VsLjG/6SFdNyRJXFUW1eyvDh80XZcl6W7yEbJ1X45QHwksywJAjrurYvfelYX1kRNqoxsoFkvly4f/5HuHpC88Lrz6lnVgoOJt/szQfQ9QyzJM054OxnHXIghVTay1Sv+tQDVX1Z/BgH9jMsZYNpe3zQP0evUXR1abg3Qmu9F+8JEGEZdX0o5QHwkqqoqAsizd6YzcSu7KwvrICbWZDYDSw4fgi09pySXtyX3AA8wsl3bZFWUmOzo+EW9t8ft9oiAAQKVS8fl8mqZZliVJUqlU8nq9t9Pb551AxEKhUC6X6+rqqtPQNi0VeydjjFL6/eGlkMLbqSwG2+qUWNhdnTj2USnUm8cRautjeyQwZHfMkvZhcpcVls1HSKhNjcB09yc/yYf9XhdzuyBdgjpmAQAhJBgMuFyKz+ddXllJpVa8HreiKOlMdnJmliOkLhz0eDw+n++2S7E5iUQCAERRDAaDN5OeMnig2RuLeFZdnhBHEtnaBPbc5qqVmBBiWRZHCF1zkWKMIQKtGUfUuiFt2XfCFspuJhGRUosQzn6JbauJRSnHEQCklFZb96rrl71zqxnP7eKoZg9qMmyLVrtBKUUERGJZ1pqr22qCLSVXVSgAoJRu2TfqPVH9rGoVCTVfGSKSqpsJIhJEWn05EdcVJazVv1jVYgOs6rIBEMA+l+M4Ox2uPczqi1372lQzw3Hce30ZbLnsN4pSynGEUYartQTa+9e9otW72419rXIF1iocO8gCpdR+DvZD2Pgl2kqa6ne96ZuPiNwTTzyxLtPlcrm5uTnW2hlrbgpFmuKtsWKxGA6HGWNvHj85uH1bIV/gCFcsl2VJjsWaVtJpgqS/r6c+Erl8dbShPsrzd96OahcepdQeASCipuvvpEXVNF2RZcpYsWJ4FLFagWeKesgrAUBFVV0upVAsnjh5OuD3raQzHOF++JOf7tw2cPTESZeiaLr+9rnzpmVeHRlzuVyKosDqKKRICOF5vlypWKa1FZ6MDSJWKqpLUSzLOndhuLmpKTE/f/HS5YnJ6Vhz06nTby0kFwOBQDK5ODI62tjQcPzk6UuXrwaDwemZGdO0hi9empyaro9Gf/bLV9rjrZeuXG2oj97x+qgqFCHk5Om3vF7PiVOnI5G6ZDK5kFx85dXXY7HmV147hEhMwzxx6nQmmxNF4cSp0y5FKRRLb58719HRfuHixYnJKZeiHHrjiGlZfp/vzirfEcE0LUAQRXFiakrg+R///Bep1HI0EhEE4Q5m7ANiF5bb5aqo6iuvHvL5fJNT0wvJpNvtGhkda6ivJ4jnLgwj4Pde/JHf55uemQkFg6qqvvHmUY/b7fN65xcWzg9fDAaDR4+fKJcrPM8fefPY4tKSqqqSJI5PTBqmkVxcVFX1/IVhRDI3l5iamfV4PC5FOXr8+OJSinDk1Om3ZucS4VB4+NLl2dlEoVhkjJ06fcbjdl+5etXldk3NzNZHo0ePH19JZ4KBYK32+52EcimKHXfy1UNvbBvoP3r8RFNj44lTb3E8963vvxitqxu+eLkt3nr23HmOI8eOn3S5XIuLi5WKupBMIsGXX3s9l8szRjVNG5+cmpqeURQXIj7/3e/v3LF9ePji60febG5uOndhOBQMHjtxcmJysqG+/tVDbzQ1NV4dHY1GIqZlvfLqa/MLC16v98ibx5KLSw0N9UfePDYzOxcI+M++fa5QKACDxPzC+jebMebxeBRFsSzTsixKLdM0Y7GYXZn293Tn8wWP1yOKYn9Pd0tLs8Dzba2tfT1dhm4YpjnQ2yOK4h2vCGxBIpFIR0fHLaxzEZBS68LFyzzPz87NhoLBXD7v83kvXx25dPmKz+cDQLfL5fV4qmoll0uZmU1ks7nFpdSW1eFyhBBCEvMLB+/f39baMjU94/f7D96/3+vxjI6NmZZFGRvo7+vv6/F63ACwkEwevH9/a0ssnck0RCPHTp668Vdx+0EAO8qTZdHhi5d4ju/r6+nqag+HQjzHBXxeQRQYA1mWEIDnOI/HMz4xQTiuVC5nMtmHHjhYH40AYsDnlSTxTktzDQQEAJ4XFEW589/YrYAxJghCOBRilEbCYcYYAnIcx3FcNp+PRuqamho729s6O9opY4QQUZT8Pp/dgfW4PXYTyPO8z+eVJQkAREFobWmZmp7JZHOBQAAAZ2bmHn7ogfa2VsaYS5F9Xi8AIKAkSwhgxzzTDV3g+YcePJjJZi3T4nnicin28NeOGMZxnNfjuflgAYg4NTXtdruKpdLaUIC2trR0tsfb2+IAbHRsLJ8vIKKiSIGAnxBubn5+bn4+GAj0dndt29ZPCFFVlVHrwYP3RyN1V0dGujraM5nMtoH+nq7OUChECM7Mzt23Z/eB/ftmZmfD4dCZM28bhgkACMDxvP1AAMHjdiWTycEd2x964MDY2DjPc6IgiJKIuNmawDzP11aajDFFUeyBQyRSV18f9Xo8dXVht9ttd7VkWfZ4PNFoxOvxhMOhD/pG3Dre8/idAUHkCXL2Pw7XLR9mUauroyPg91UqlcXU8vZt/VeujgKDrs72zo52i1JKrYpaKVYDqQJwHNcWbylVKu3x1lso2i0EERMLC1euXm1qbDx2/OTkzEy8tSW1vHzq9JmJyalwKFQfjSbmEowy0zQpZZZlRSORYydOTs/MBvwBr9fb09VZKpXutBzrMUyTWrSzo93lclnUohazQ4OUypVCsaiqWmtLLJ/Lq5reFm9ljEqiFGtunptL+Hy+YydOLiwuGaZRKBY1Xb/TolzDVvvwHLd7aFBZW8riIw0iqqpKGU1nMuVKOZPJGqY5MTk1OTWVmF+IRiKUUk3TKKWGrp+/MJzL503TzOXyiFgqlzRNq1Qquq4XS6VypdLc1FiqlEVRSC4udXa0UcuyLKuxqeHIm8cnJqcZY6qmFQoFAFB1vburq7Gx0bTMxsYGXddVTXvz6HG/34eI8dZWr9er6ToAXr46MrewYFm0VC5VVPWmhAJQVbVcqfT39V69OhIOh46dOOnzeSmlqqoxSjVN7+7q8njclNJKRc3lcqZpDu7YvpLOMMYMw6CWRS0qSZJpWcdPnp5LzBdLpbZ468TkFGNMN3RgTNX0WHPzqbfOHDt5KhaLmaa5e9dQcnHRVn4okrx3z26e45qbGnP5fF247u0LF44cPd7Z2VEuq52dHRzhTNPaZCZwtWBWo0HfFcYneyawKGw+8S2XL9iG+x9eShlrsmqUPdHmj/pkAEhnsqFgoHopAEBbMVejoavV4q17YlvQAICIK+lMOBRkjHEcoZRVNZ6MsVX1IgBc70kFwOxJ4NWUa7Omt4QNoFaoVZMMACDW6vo5jrOzutFJrHqdqsp1K+jZEaFS0QBBkSREZGu64Dubqw9OtbCqP9naZ2WXnaqqdijJWhtV9Vur1ZvbKzhVNeaU0qplbrWUAaBGn16rB+cIYde/z9Xh+5qOHu2vA2pmwr6rUGsGCVum1f+qmvrq33X3rWr52WZGxOqHtu50qMl/9d2omgRqE1Q3qofecUGYxXSukC8BYsDvqQt47/hncHv47PZo7U/Krj04qPEXupaiZvsGj2iLPz3LonC9dJa9DdcJaFOdBH7909hyAtrfaq0I9p5q1bmuoRUZigAAIABJREFUUDaW0RasZO1KbQtm7INQ+yLZZWALWFUm2wVXW/mu+xKtDREHLErX7Vm3Xb3aupQb01jWhq/+5li7xVreanbW/r3uu7OsTSWF6z+0jaevu0Lt0Q1XuHZHxtg7NQCQzxXDQV8mX0xn8pGg1z632lhVbc3VVqVqkt7KlR0huLGmYgi2awHbUN3Zk4ftCcR32TqRdiE6Qn0EwNVuHBKCW/jjeq/clYX1kRNq05nAAICx5ujRM1clgd832A0ACKCbZjqdaWpsmF9Y0HUj1tzEcWRpaVkURUVRUsvLLbHmZHKxoaH+PSvfPxzsbPA8X23xpuaXkWBtGrTDX+t6QTXeqcwQoKxqRc36qBTqzWALVdIdobY6CGCYFgAIfPEuk+uuLKyPllCbLAhTquiFQgkJ7uxtzRbK2WweCKkL+gSen00kotFIYj7J83xzUyMwSC6lLMvs7+09fvqsx+MuFIulibIgCLHmpjs7FMCNC8IgysHIJm0zA8kykRfWBgPXjtDVUSmKpmEnuG35//BxhPqogBK1AAAId5fJdVcW1kdLqE1CQSSSK4LALWcKbc0RZCydLyeWsgeHulyK3FgfPXn6rYG+3vGJKUJIvlhcSi0zRoul0r7dg2PjE5Iout3uYrG4FXRBtteHaZqrogH4ZQ7Wpn4AgK0HAwbMpChwACxT0i3GbGsLYyzkljh7GgVBInCrGiJcs+mwtetCTXGv+3mruOUBqhEpMa8JdXfwTkK9v0LZIkHBEZjFAAA5siXyc6u4+Tdw4yd2M8/hPRXfpiHA3gfvKtSNX8VN83wDQT7wK7qJCkiUBE3VAl6XJIlWvkQAGiN+eyJcY0PD2PhkOBRMzC+MjU/kC8WHHzxoWebYxGQoGBwa3HnlyoiiyKqq3vHan222IIy9sTA/zxhlDCRJCtfVMbhmhfna4UkQOfv8erfwRHsoXu+ndiOx6hmCtu8PrQq4TlAGdjKA9YG112YjbrLn3dPf8sdZI9Tdw2ZC3WRf5NqcUgC2NguUcBy7445AVWfku6us3sMbuJYE1/uk3QiE9W7cN0xMKF2/fvj74XqhOI6rtdjf4FVcPbS+friRvKvvKvtAyvb1M4EZA69bTi7nXIrUFAnJkpBczkbD/oDXZdeenR3tpmlGI5FwONTU2EAQeJ6vj0Y8HjcC1NdHPW53NBLZCjULIaTqSGDPBGYcj0gK+VwwFPIHAtlMxuf3A2NAKRIeAY5MZyIiR4E92V2na2aTT/Z7ZAYA1EKOI4gXpgqZrF422VJGjwZFRCxrNJnRw16BAXAcajpNpLW5+Uoyo/ncgiQS2ygEAEs5w6fwtj0PCRLEpZzhkjhEvDyRT6Z1WSIumVu1IxFczhoehUdExmA8Ua7zi7f2mTJqIcdthZK6ZSAyywSOB8YIIbbjYDaTTi7Me70+jufJmlecPTn82jYhqcWk2+MZHx0pFYuBYDCfy5VLxcvD570+/52f22h/5FsgxNatZK2wsLY4Vn3PAQnaxcdx3NLiomUasqKUSkXD0GempyOReru/ZM+xYmz1CrC2aBUSsrK8DAiSJMHa9asxEq6ltL9NxCuXhiVJXllOcTwnyQq8b8+9GqEsyzp86NX2zi77CGMsm82kl1ckSeJFsVot2C/qYnJBUVyLyQV/IACrYSS4SqVsmmZqadHj8dpzLW1BbAeeS8PnC7lcKLwa64wQgkiq/RisUruNWKP/ANh0BMBz3FB/GzCwLMslS7sGOhhjlK75V21wVKrtuK7zTLrjbMyJ3XlPzM1JkiQIwvouAk8Q8UCzbyWvXkqre2KBmhNxKaf7Za6lwWVa9OpM6fJMqVgyoyFpYqGSXFY7Yu6x2XK8XjIsxvEY9AoXJouUgUfhShWruU46N1naHnelsno4IGZzRsDHjy9oQ+2uSFCigI0RaXK+wrBCGXhcfEWzFlf0/nZ3vmDKEjEt9oGGeww29obs4Kfv94pbEsYYMGQMCRm9eqWQywVCoeTCgixLmZV0OBJJL6coZZFodGU5VS6VZFlpaWubGBsNBIKzM9NDe/Z6vN5isQCIyflEW2eX1+c3TePd7/uhiwVwvZbibmCtsDRdf/utUzzPU4tKitzYFAvX1S0mFpYWk5Fo/XJqye8PcJyPUjozNaWpFbfHe+bUiWA4HGtppZQefeNQ//adk+OjHMcHQ+GlxQWvzx9taBgfudra3n754nB9Q0Nyfp4QMrTnPgB49Rc/8wcC0YbG6YmJQCioVtRgKJyYncllMw1Nzflc7uL5cz6fv2/b9vfjybImFCAuLiwEg6FsemVhfr4lHh8fHVleSjXFmmdnppqaY/lczjB0fyC4spzyeH0zU5PxtnZJls+cOhkMhQnBhflEtL5hOZUCYISQ+UQiFAotLSZ1TbvvwAMcx6UWF4f27J1PzC0uzIfroovJeUppIBhq6+i8NHxeFKVyqRQKhzLpTCQa1VQVEN0eT2J2pr2zOxJdDdyyfiYwAmi6kc4WMrmCblrA2FaYC3NrMXS9LhoJBIOartV2qmxF0MGOECKeXyoRbv0XJwpY1qhh0J+cyxKChk53dnknFtWORiXsE3JFQ1a4XMFAhHzRlAWMR6TumGIadFePt1g02hpku8HQDOr38t3N7pCPD/lFAKhULMugLVEpFpH9MlkqWdvbPE1hMeITJIks5oz3//GvegJf8/y1naPsiHWU2tt3DatCAWMT46PRhgaP1xtrbXW53Tt37Z4YHa2Uy5H6+kql0juwnReE/u07Ll+44PF4/cFQIBiMROtdbjcAaKpKOE4URY/Hu/a47qxYdEtk4xbDql7qhXy+Jd6GBHv7ty0k5uYTc7IsG7ouCqJlmrquV8rl+cSc2+OJtbaZphltaMjncsupVKGQD4RCi8kFXdfrolFVrezau08QhHNvnW5uaV1aXOzu6fP5AwygLhLNZjKZdDoQDHZ09aQWk129vQCw6777EnOzLa3xumg9ozS9vOwLBLw+/wcRijJGKZ0YG+EFYXxkxDQM0zRlWYm3t8uysn3nkGGYc7PTkfoGVVV7B7YJvBCuq+vs6V1OLXm83nh7O6XU0A1eEDq6ugPB0OLCwuCu3VcvXwoEQ509vflcFgAe+NgjI1cuD59/uy5aX6mUG5qao/UNuqYxxtLLy9lMurGpuVKubB8cWkktF4uFbTt2zk5PNbe01gZ6WK8CIoRcnExUTFrSjES60BT+yAS2vjFVFRBj4HKtRmrzBwKrkaIptUdGb15OXclWJjOqicgMurPR43evqoCAcIrIlTQrk9VbwpJHIi6FW0hpXc1KNmfwHHHJBBgE3LwscX43Xx+WLYsJAnFJZGZBbW92qRUzFBDKRTMalCoVq1AxfS7O0KlL4QlCQ0QWeTK/pIoCifoFl0SAwUre4AACHt4jc27lPcfbqZ36Ua36VzcYpabJCLK7ilWhKKM+vz+fzYUjdUvJBUmWPR4PLwgej9cwDZ/fL0gio9Tl8fj8fk1TBVH0+nylUrFYKOTzeQTwBQK8wE9PTRiG4fX777BUlkWBsppyvCug1DSBkEI+p6pqpVxOLS1RSuPt7aFwWFVVTdNkRaGUuT1uj88XqqsjhCwk5vyBoGVZBLGpuZnnhWwmEwyHRFGk1HK7PaIsyYqiuBRZUXx+f2JulltVBmK0oUFxKaePHxclqaG5mXCcoijjoyNdPb22skgQhEAoVMjnJVlS3C673X0fQjEkuq6JstzR1WVZFs/zK8upcCRSLBREUVRcLsZYXSRSKZe8Pr8kSQyYorhKpWIgGNI1LZfN6IYhK0owFErOJzx+XyhcNz420tXTy3GcJEm8ICDC2MhVfyDY0dWdSafrIpFcNjs/N9ve1TU3Mx2tbwiEQ5VyORAMKYpCOM7n8yfmZtvaO7OZTCAYEMXVuGTrQ0EQQsamEouGIPKEZ9rerhiljNXoduyJ0aZpimtL6VZnhwFjgGh73VRjCzPGCCGGYRBCqiHD2G2fMoaI+UKRCvLar9VsrObHNJAXECBd1k1K7e42ZRByS7xtnjV0FESwQ4zhNY1KjezAgNXandbiRMC1ZIAMWO12bcpr1uA1MxLiavAvgPdjr2XX1/6maa7GNWOrAwJq2P5qd5F1EYEZBgqCrUTG1TeNADC6Ftoa1ly8rs1qrJYFA8C1MAMAtmYZ4Jr+807BqAUIiFsr4t4HZa2wLMtKJhIen49RGq6LUGoxtjqj6to3xda+CCTXPhzKYG2GZlU/yqohTKpzV9cuwihDxExmJRyO2BUaICAgY+yafo2tnsLeX6FX30D71pTZE49Wv307G2s+Kbimdai17lR9DAHWQkQAq+bKzqGtFCRIYK2iYACEYD6bc3s8q9Ws/QAZUzVd4PmqxWudYXkTG4BmUrdIAJiqWRcm5zXdtBgb7Gim1Bq+ePm+PbtOnDoZDoWamxsNXZ+ZS3S0tYmiYJomIuq6XlE1SqnH7ZpPLgYDgURivq2tdWpqprU1JgiCKAiViurzeQuFgiRJdity21htpdb04dVCsOtlABZ2Xxewc7Wex7UJAoytVZ5rCa6fPl57bC0ESU0yYOu2a1Ou1k1rrx1eu31NspuVExi79noxRg3T7G5vf+yRhxVJumtqe4e7hq3gNX73gQAVVX350KGJqWmeF2xzN6y2rqu10/oGgDFWHwnOJqYFSY6FI9lCyRsIgFrWdd3jdvE8n1pejkbqNF1/+/xwb1enruvpbNYlS1Ozcz1dnaMTk6FgQJEVv99/7sJFjhDCc7NziZaW5kKhmEot84JgmKYsCrlCce+uwdtZ8IxBuvwOynSGYNzQ1veuCbYYjLHVrj5jjNJiufyZp/pFQdA/UlI4ODh8EERR7O/tO3LmktftQkJWFRhQHQxv1gDU+T1+sam8PKwVC3kj/IuLqYebpSZAxmhHW/yfnv/u7/3ul88PXyRI6uujc/PzkiiUymXTNEfHJqhFTcNkEgNgoWBQ0/Wmhoaz5y50tMVzuXx9faRcUZuDAZeipJZXZmbnenu6b1sDQBB61lb7urtha1ok23BoWbQsUeku8/h0cHB4Nxhjssh3hWVFkTmOVF1F11RQm6mAKKWc5Pc07OF1vTCa2tsgJfPFgZY6xpjH4/7ib3wOADra2xilpmnGW2K2l3RvdxchRNM0j9uNhFgW7WhvAwSe4x48sE8QhMbGBgQQBCG1vAyIiiI3NTbQ2xgyiK2tBnfb7ninqCqmKGWWRS3LMkzjXhDcweEepDo5YNPqlDGmG6YgWgyAAySEreqcEWDTBsAGOUVRlEcG3JRSRBQFe6l05vP5KKVulwsAKKV+vx8A7BUQAcDr8cCa1VEUV9ers9eTsX2PGGMN9fUA4Ha5nCrpw+N6vwRqmtbGeQCIaNuL7GSIWDtrkef5ahSNKnYw/epZm8YlvvF0R1hrn6oTtWzvuXe9jn1rtjatr7rk6Tv1IWynA9M0b/41s+/IcTyllvNyOnwkEEXx4sXh9Era6/UODu0yN3T1GAPLNGnNmsBQdYPZOA+g9kREkARelkRJuG6BMKg6l7+DX9r6C73DKbdAeocbwtacxy3LWlf/E0IKhcKLL77wzW8+c+H8+dm52TNnz3D2KJEQnuefffYZqPHmsne+/PIvc7ncT37y45deevH48WP2frsDYs+nJYRks9m1KYek9nRCSKVSUVXV/plIJF544QcvvvhCKpUia1QTA0A2m61emef5N954I51esX+WSqUXfvD9b3/r+empqY3n2s3D+PjYf//vf1koFGozWesIgbU5RySELC8vS5L0k5/8MJNJV08BAPsCiO/BDO/gcHv4zne+jUi6e7oDgcA3vvGPlrUhoAVjlmVV/b/Xnb55A0AQTYsurmSTK1nTonfbHPR7g9oRgGVdNwJARFVV//AP/9POnYNPPvlJXhBKxVI+lyOETExMzM8nOJ4fHR2Zm5udn58XBGE5lRofG2OMLS0uapp25PDhRx55dGTk6oUL57PZ7NTUpGma4+PjqaUlxtjXv/63k5MTjLHJycnkwgLHcZVKZWRkpFwu//SnPzl96pSu64g4P5/weLx79973p3/8RwAwOTGRSCR4ns9kMnNzs2NjY1//u78tFArpdHpsbNSidDm1ZHuaaar6h//5Pw3t2v3ww4+omgYAE+PjCwsLPM+n0+mpqcmVleVKpfLlL33x4088qaoqIWRubnZ6aiqTSa+sLANANps1TXNlOTU1NVWpVMbHx9LpdKVS+YP/+B9mZmbqwhG321OpVEZHR4rFAqV0eTk1NjZaLpecNsBh68Bx3NmzZw4cOBCNRr7zne+cPXv285//tddfP0SuD/bAAOwGYNM2YJMGgCBmCqW3JxImZRTg9Mh0oVy5ruuESNai6m/8JKr9rGq/bGOC9y+0w82xbrBFKa0dASDizMz0Y48+3tXVDcC8Xi8iSpL00ksvzs8nXv7lL4cvnLdMa3Fx6etf/9upqamZ2Zmp6alXXnlZlmXbTX5lZWU5tWxZ1r/7d/82l8v/y7/8cyaT/sY3/ml8fGxxcVHTtBdffGFubvb1Nw7NzMz86Z/8kWkYqVRqZWWlVCra6ibCcYV8bmlxMd7W9sMfvjQzO/Pzn/304qWLf/VXf3H58uVyuVypVAxDHx0dnZ6efvnlX0iybL9cS6nUAw8+2NHREYlGt2/f/uyzzyQXk9///ndHRkf+23/7fzOZzF/91V9mspl4vM2i9P/+s/86PT117Nixs2fPnj179rvf+Tal9NCh1/L5/G//9m8lFxbmEnOVSuVrX/vrdDqt63qxWPjBC98vl8t//df/n6qqf/kXfzEzM/Pnf/5nmUzma1/7mr0cpoPDFkGtqE1NzaFQuL6+vqOz0+fzCYKwIRWrndEG1wfI2eSF1i1rZH55T3fLWCI1ubByf3/7pdklSqlpmsnFRY7jksnF6Zk5gshxXKFYrB1HcxyXy+czmSwh5OrI6MjomGlaVcUCAHCEFArFWr1B7Vj71mIrqe+19qZaute1AdcryhljwWBwcmrCdgv+3/+3P7Ask+O41w8deuyxxz/xyU+NXL0aDIUOHjz45JOfXEwmC4VCLpdLLiTtQtQ0LZ1O/86//mJXV/fTn/nMrl27EonE/fcf+PSnn1pYWIi3xnfuHBy+cIHj+I6OzkKx0Nc3sGfv3p6enra2tsGhXS6XizGGANlsThCF//Af/+CVl19+/PEnPv7kJy5futTS0vLYY493dXV1dXc3NDQWCvlUKrW8lCJrla8sy1OTk/bLZprmkSOHH3nk0Sef/MTI1auxWPN99+3bNrDd4/bEYrHBwcFQOBwMhmampy1qPvTQxyilPM9LogQAe/fsffSxx3iOm5mZXlpcDIfD8bb47t17enp6i8Wiy+U6ePCBgYFtKyvLBw4cPHjwAcsyPmDkRQeHW4uma6qqUkpDoeDAwIBpmpqmrU/EoDbqxrr6YUMsIMRyWW0KeC+Oz7klkSfk8mQi6lFUzRAEYTYxb5rW3PwCAIyOT1y+MnL6rbPTs3OFQmFianp5ZeX88MVSqazpOgBUVFUQhMWlpfPDF6empyenpi3LmpqZPXH6reTi0vCly+l05u3zw2PjE5evjhSLt3h8jYizs7Pj4+Ol0r0+ct847mOMRSLR3p6+/+u//p+HD7/R1BwDgIqq/sZv/ubX/uZvnnnmX/buvW9ifPwHP/j+9773nVhL7LVXX/F6vYahq5pmUUuS5T179kajUcMwioUix/FDQ0PffPbZ73z7Wzt3DtZFIs8//9wTH//42OjI9PR0rDk2Nzf7reefe+ON16PR6D/+w99nMhl7zmBvX+/OnYMA8Bu/8Rtf+9rfPPvsM/v27c9mc6ZpEkIOvfbakSOHf/qTn0QiEV3XNV2zx7DRaLSnp+erX/2Tf/j7r//why/9q3/1W3//93/3/HPP7d69O5PJWpZVqZQppYuLixal+XzeMIzkYtLQjcnJiWh9w3PffPb73/8uIqRSKcbYiy++GAiGSuUypXRqauqN11/XNNXj9SLCc899c3x8rL6+oVgqWpZZKBbvTPk5OGwGY2zbtu1vHn2T53kkhOO4kydPdnVt4lh/g7CP60NBIGKuUCppBqU0V6wgYsjnUnUzGvS6FXl2LjGXmB/o752dmy8WSw/cf9/wpcuRujokOD072xqLjY1P1oVDHo+nsT56+OhxBhBvidWFw1MzM+lMbv/eXbOJedMwCCGargf8/tm5+T27dp468/a2vl6f71YuPY+Io6OjlmU1NTX5fD4AyBeKwcBdEtroBtgCVm2/hmHoup7JZH7ni19uamqq9ZmxtfO6obtdbvtEQRCKxSLHcbKsGIau67ooioIgFEtFjnCCIDDG7H53NZ6UHeoEEYvFoiiKoihallWpVDweT7lcYgzs/n6xWHC53BzHlUolRVFwLTZvNZJtqVTiOE5RFF3TOJ63rRQ8zxuGjkiEtbn1dlvOcVy5XLYsy+12I2KxVBR4QZIkXdcFQTBN086kIAiU0mPHjpbL5aampiOHD//P//73stmsLMu1Cap5M03DsijP87aLUalUdLnctnMUz/OGYdRG0XJwuONwHDczM33kyJHOzs7R0dH999/f3dVd65tHCEnMzX3zmX8OBIP2t1yrj0HE9cHgAEAShUszi/3xhiuzi4ZFe1sbRueX4w1hYMztdk9OTW/v78vm8hzPRaORxaUlRZET8wuEELWiiZLodrkkSVQUxbKs9rbWdCazlErJshwM+BcWFvx+X7FU9rhdmqoHAwHTNAIBPzVNQojb7b61T8fn83k8Hq/XayudNV1XZPnW3mLLUmv+pZSqqrpzcMh+FLVpqvoQXIscIooiz/OMUY7jBEGwXcfsnVX/nGpMJ1irwe009qpBiGhPDREE0W4zAECSZLvurgb/qNbm1dN5nred1eydgiAgoiCs3npdekEQ7LvU3poQzo6da2eSMUYIaW1tNU2TUvbpp56ilIqiWJsAEWVZXtvD2/ey72KHkq/KWCu1g8NWgDEWCAQGBwebm2ODg0PBYHCdVzQiFvL5C+fPyYpSq2+vWnM3XRQed3U1n7w6HfG7AeCt0dldnc12DB1CyKMPP6QbRldnOwCYprmtv58xVh+N1gartz/LjvY2xpjf51uXZ3seQKwZGGOhUJAx1tHRDtebJm4JPM9XK6B7nHd6CO/ks7vu0EYN0o0vtdHWtOllbyYnN5O+ZnvzPPT19cG6RSw2y9KNxXReJIctyA2mwtiwG766mzQAjDFJ4Pf3tZmmBYg8R6BGh7xuQRj6zivAvPOhd6xZbjnOR+sAG6p+BwcHm811mnbniec5o5K3eInwEmyYR+rw0cLWa2xxe7jTYDs43Fpu/MG/s1EL0agU9PKKUUoG2x6i1i2OIvmBl7N3eA8gYrlSLhaLW7wvbBuonFbAweGWYLvb3GAm7+Y2AIJIqZmfvyC4okSIZGfP+pt3Vn2JbPcJANA0TZKkaswWe8MOIGOb6WqtdtU4MHYyTddtI9uH1+mrjTxzj2MYRmd7PN4at7Z2AyAKAm42edDBweH94XUruq6/09H1DQAiFivahbHZsMLH63szE6/42x4wVc4+dOnyVUHgZFnO54vFcinW2BiNRioV1Xb1K5WKwWAwXygMX7zcFm+1g30ygEq57PV6y5UKAnq9nmw2pyjy1dHxro429qFFhUPEfD5fqVTq6uo2nZB8r0Eps97NXnTHsSjlncJycLh13PiT39gAQCKVaYqGPBJHjVKo6wnRHcqXrtoqG57jOI4rlsocz3XE41Mzs4yx6bmE26UQQtrirZTSSF1dfX1UUZRCsbS4tKRpen20bmYuwQA4QhRZzuXyhmV53O633j4/tHPHhyf5/Pw8AIiiGAwGP7y7fHSpBtS8mQa4NpSgg4PD3cEmvS2OMa9L1igA041SLj17WUPZVthb1DJNq6erc1t/HxLS2tKcSCbb463dXZ2UUlEQ7DrCskyCWCwW1YrKcVykrq5YLPt9Pp/Xo6p6c3Njb3cnpXRbf+/5C8PVsEK3nHA4LMuyx3NPLALzXqGMnT779htvHlNV7bqInmtxnKqu93Zc5emZWVXTtrgN2cHB4T2xwQbAgIjimZGZ/likJIaA4Gw+1xEK2879bfE4IhBC7OpeB7Z/757U8jIw1tfbk8/nI3V1jLH2eFyWZbpCOzvbeY4jhAzuGLBnUcaahZWVtCgIne1tFbWye2jnh7TiNmMsEolEo9EtrvS4I3Ac94tfvtLW0tLW0mKYRiVT0TQtFAolk4teryfg909NzzQ01BeLJdM0TdPwer2J+QW/3y9L0rtf3cHB4SPC+gaAMtbeEGoMXus198WiiizaP10uBdbmefn9Pns7GonYKRVZtg/ZJoHqfsaYx+Opbkejq/vdbhd8mEZaR2VxAxLzyc889alTb51VZPnHv3jZ5/VG6sIdba1Hjp1saqzP5QupQ4c9LuUTjz9aKJZefv2n3W1xp/fv4HCXsbkbqCKLBIkdsIXVTAO7ybmdN5gIuml6h9tPT1fH0eMn6+rC589f7Gxv27d31+TUTHNj4+TUNM/zO7f1y7I8fOmyJEmvHzlqUeqsJu/gcPexeQNAkFyZXhidSz042OV3K47L/l2GZVkPHbx/LjGvadqnPvlELpvL5wvb+nplWXrgwH6/zzc5NS3L0v779rhcyuMPP+h2u2RJVlzKR73xNkyT4zhyG8cymm5I4sYQ7bebD54NxphpWYITDu/uYvMFW4pG6dTMckdLNJktAjXY2iywdUsAkjUjYe0KMDe2E9aG9HK4g1BKY81NnR3tHGIoFGxvj3s8bo7jAn4/AHR2tAcDAZ/Xyxhrb4tHI3Ver4e7ow6ajLF//Ma/PP3rv/Wt73z3Jk/5s//nL7TrPaALxfK6hY7HxieOHD2+8dyFheSZcxcOHX5z3f7ZxDwAvPijn91kHlYy2dqfuq5//RvPfO0f/nl5eWXT9GMTk+vyGOAZAAAgAElEQVT2/Phnv/zHZ54vFkv2z3QmU6mos3MJAPjJz1+52Wxkr8vGt773wj8+8/z54Ys3eToAmJaVL5Rq92i6/nf/9Ez157e//9LNX61ULh8+ehwAFpKL//Ts80eOnagemp1LGIaZzeYOHz2+6aLTDreQTdpzguTC0qX6gBhUpEK5Ulg4JYe28byIALlcfiGZlGQpFAgkl5b8Pp8iy6nUstvjbqivHxkd03W9PhqNROoAmD0JuToFDOxY07kcIPp9vpv0PnT48LhmHmfrtXy1lvMtYkU/c/ZtVVVf+u5zK+n0xMTkxcuX9+zedfHS5UI+//GPP3HmzFlEbIvHz54719raOjkxsX//vkqlsm7surHvcfrsueL/z957R8eR3fee91aurs65G+hGIwMkEjOHmcMJmtFII1mWZIUnr+yV/c7u0b7jt+ugfX4+a/k8aZ9tnbe71sp6TpJX2dJInEwOZxiGEQzIGY0GGuhudKNzDhXu/lFkDwiCHBIMADn1+QOnUHWr6lZ19w2/+/v9vvnCvj27L16+Wi6VOjs2T0xNS5JY43BgAHjcrlm/PxAItbW2jE9MtjQ3vf7W8a7N7U2NnmBocWxicmtPl2/On05ldmzfMjY+abNZGzx1N9/xplu+/vbxL/z2b3GcqlAovHvqDEEQh/bvnZz25nL5fD7f2OD5+a+O/u6XPheNxjKZ7MH9eyGE3tnZ/+lrv0cSxIVLl/U6rexR7Z2Z3b6lu72teXhkLBqL9XR3BYLBeCLZ4KkLBENtrS0m402uzysmPcl0+t//3u/+8Cc/z+XyWq2G5/l8oWC32cwm4+SUV6fTNjc2hBbDrtqaO7y9kdFxAFA0FsdxfHhkNJ5ITExNt7U0D4+OFQoFvV5PEsR8INhY78EwbMo709WxeWRsrM7lghAbGRuT88KOjk88tXN7a3OTfyEwP79Q53YdfePtxgZPPpd31daEFsO+Ob/FbDIaDJNT03abNZXOGPS6luame/jqKNyelWM6DGLj0amphG+8dI3AiHI6kF14LR14F4kVUZQmpr1trS2u2tpsLmcyGgPBxUwmy6pYo8EIIaz31EkSyhUKPM8HQ+HB4ZHh0dFYPDE4POKbnQsEQ2MTk9lcLpfLD42MPnAFGIUnm0Qi2draElpc/Ncf/eRP/tNfZLK5c+cvnT1/0Wg0/vinP/v5r349NjF55VofjmFajSawGP7Nq699aPbvVCodCkdIihgZG8/nctu29pw8c1aSJLvV5vXNYjh+tW9wbHxq/96nSJJgVareK1dbmhr27dl99uLlvoHBZ58+9C8//nkykezp6RweGQ1FlvgPWylJptKy70OhWORYtqmh/tiJk0vR2Mj4xL49uy9d6a/3uE1GY7FYsttso2MTAIDf/8qX3nj7+FvH3w0uhhcjUbVavWv7ttamhqd27bjaNzC/ENi7Z/f5i71z/oViqUTTdCgc+dChFc8Lp94/99yRQ/3Do1aLJV8o2q1WgRf+/K/+2u2q8c353zx2QqVS3fkib73zXp3bdf5i79W+/r1P7dZptbFY/Pi7JzVqNU0zx949FQiGdm7b2j84fOLUmcMH9o2MjYkiCgRDv3nj7SOHDso//2cOHxQE4Uc//+Wp98+xKlU8kdzc3tq5qX3Hti3pTNY3529tbhocGfPO+ERJUqlUvrl5ZTnqAbKyA0BIqjfUbTK3NtEtCEm02kpq27Q1ByFGIiSRBI5j+NVr/cViyTfrt1nNGIYhAOWEQ/JgP5FMAgCyuayKZQ16QzQara1xliuVQDBEkWS5XMFxrFAoCqJwa20UFG7HoYP7e3uvfP8f/pmmqc995lNe74zDbtNo1FqNprGhQafV8oKgUaudTufQ8HA8FscxHAFw5+Wry339/+7zv/2Fz3z68tX++WDojbfe6dzUPjo+eeHylRqHQ5IkjlORJHHyzNmzF3pDi4s4QRAEMTY+odWo9Trdr199Y9/unSRJ0iQFAHRYLYMjY3d+ik+99MJ3/+Gff/3qm3P+BZ1OW1vjvHD56lO7dmSzuTePvdPW0khT1Jx/3jfnP3ext87tkiT0xtvvVCp8Z0d7hec5FWu1mC9c7OV5YcY3S1EkTVM0RUEIo/FENpfPZnMMTYcWF+9cDYokDx/Y57TbWZa1mE1en6/3at9iZOkPv/rli71Xn9q5YyEYWjGHWEEwFD6076nnnj5UKpc5jjt24r1iqbSlp2tgeFSlUg2PjpEUReA4TVMYhtW7XcdOvGfQ6ZOppF6vc9c63z19Rr7O1b6BhUDQbrU0ejzpdNpqMUeWosl0+mr/QLFUwjGMJEmKJHlBmFsIFotFh906OeW989Mp3D0rFcEAABjE5jMLV8ayOxrt+TLfZCIQIAhWi0EYWlxMpdKShHQ6rdVinpmd03BcvlDQajVOh4Pnef/8AsswqUxGreYwiNE0nc/nDQZDJpOWJCSKIsepIMQy2YxGrbFZLY/MCgQh/AgqggmCwPM8z/NLS0vf+MY33G73BrHn3A6SJB+q6lYilVFzLLWKcDa4eq1/+7Yt2Vxu2uvb2tP1oO4YikSdNssdCrx76swzhw++cezESx97ds13EUXx2In3aJrZ2tNpXC3uPbQUdVrvVI3l+ObmaJqucTiW7+QFIZPNmwy6NVfyfjh99jzLMAxNd3d1rEsFHl/m5ub+8i//0mazkSQp/76WK4Kt0gEAAEiCeL13pDeU+treTbVmvYSQnCEag/Jgf6Vxv+pxvyLrTjX126p52R5lW6x0AEoHAAAQRUl2XXh4t1iBIIgEsf5SYvdfDYSQJEnrKIu2vMFRuHvu3AGs/mPjBeFj29qe34qq2q0yEkIAgeq0+tbG9Nb25c66TgrrRbVjrn408q9LFMXb5c7DMEwQhFv9uDAME0URIbTxk+7h+KOu4UZo/cGDqAaEcH1FMZXW/2FwJz0ADGIAQoAQQht62KiwBiCE3/rO//O13/2S3WYRRYnA8aVoDCfw906f/cJvf7rC83IzLw/6EACCIEx7Z1ScCsfwGqdDduLCMAxCMDQ8arVai8Vig6dOQqiq67vC4fJeyQvox70ZhD5E0eIuESSwqYY63Mg+iIspKDwh3K4DgGIlzxcilVwaYpLGse3Oi2mKusvjBYZhkaXotu7OweGRQqFBp9WOjE/QNBWNxTEIX33z7caG+kQylc5kdmzpef3YCY2a69jUdvb8xRqnY/vWLUdff6vGaedU3PSMr7Wl6cz5i82NDd2dHa++dVwUhJ3bt7x//hKE8DMvv3Q/lUSV8hZtHH9AuQIRAjgPg0FCmYsqPMFIklRTU3P3c7XVOwAIAQQSEguIT7KWTihLwgMgiqIoihRJAXjdJCePEEulsqzlJAiC7N67EVAEYW4HhmEXei8zNHPhSp/BYFBzXCQS3bm9p85Ve/la/3NHnr50+fKp870ff+7pQrFos5hamhoqvLClu1OjUU9Mees97i3dXf2DQ6VyWRTF7o7NdW7X9Mys2Whw2K291wa6OzYFQ2FBEO7HoK9WMTs7Gx7gUysoKKxgNUUwAArlSiCYLBYgxGxcEtXSAk3gEMOu9vXXOB2RpajFbKYpSqfXzczMkhQJAcQJvJDPc2ouk852dW5e98VGRRDmDkiSxDLsyy+90NPVsRAIXunrxwncoNefvdBrNZsRQDqt9qXnnk6l0h63y2wy0jTNcerxyanWpsbmxvpr/YOFYjGZTBv0OqNePzY+aTIZGzzuweHRWDy+c1tPpVQ2GvWK0VZBYYOzSgeAAFDRVJ3LOeQNkATucpgoAkcIAYQ4lcpdWyuKUi6X8ydTDMNoOFU4snT4wD6E0PDIaDabo5mNkjFYEYS5HZIkvfjckWKx6LDbnA47AABCKIrixz/2LABAFMXOzZvkuE9JknZs2yrPon7rky/J86mPf+zZ5ZHen/nUJ+QCNQ47kD0FAPBAIIrK0pGCwobmtiagSCpL4VAUxWSuYNdrZDMKz/OZbC4cWbLZLCajUafT+mb9GjUXWVoSBBEAsKmtFcfxdR/+y5hMpnw+LwvCKKPRFQiiCG7x2qqmXlkuHXz3+Vge9qfujZaafxQAJLy+6FSR3nre8kKH/iHfVkHhiWX1DqBUEVgM+iWAQYhLUkUQCRwDAHg8dblcrqtzMwYhQoggCLe7lmWYpWiUYRhPnXuF2+g6ogjCPHnwZRHQcB+NIQQ4EugFdbkkAABiiWQylTIajPlCAYOw1mlffpacxjK4GPG4am69ZjKVZhiaZZhINCYKYoWvuGtrorG4zWoJL0Xtdx08paDwOLK6cRzHME7F7G6q2dFQo2JpWbURIaTTaq1WC01RBEGQJAkhVLEsAMBmteq0WpbdWD52cujKetdC4YEhT+IqEgrz0qfb9AtSmcDxyFLkB784mkxnJ72+93uvjU55U5nMwMhYKpO5NjgSiyd+8uvXj58+937v1Vyh0Dc0UuH5K/2D6Uy2f2g0nclG44m33ns/Eo2dvnD5b//xRwuLkTffPb3/D/40Eo39w09fWecHVlB4yKw+AyBwjGCvJ9KiSKLqSnM32i8KCg8KURQXAiGaoTUcp1ZzCIA6HB52s7V66rWxwrzA4xg2Mzf/zL5dWzo3BRfDU3MLmWzuW//vD5xWk3DhaldLw/lrgzVWs8Nm5Sv8N//vf3DZreeuDpYrPEXTv3jrvT/6/S+1NNb/5DdvJVLpz3/yhYsDo0PjU4f37PzK07tfefOdaDItVyOfL2SyOcWIqLDBQQhIklRz8wz4zqzmBQRBMlciCRyX5X8R4kVJy5JKI6/wiInFE5461/I9/gqy0FgmyYf4MgGhIIpbOjf9H//XP45OzViMBl4QBBFvqLXTNKViWZfTPj7j12q46dl5JImtHhcCoGdz2/HT55PpjNNimpzx2Sym5w7sfu2997Uada5Y+p//hy8CAH722vHf/dynD3z1j+SbcpxKTuGpoLDBSabS5XKFpu/WF39VN1CYyFcwiOV4IV0Smi1cWZB0LIXA9Vj/5bnj5cXVqulfLqAYXjY+snTPrVay5ckhMAyTJAlCiGMYAmC5hMPyYre7II5j8pBkxa3lZBJ3o9gsSTffAscBQn8ymiMhcGDQX5EoGmNZ7r/88dfLlTLLMHJtMQwrFIo0Q2MQNjV4cAwrVyokSRI4ns8XKJra1NzA0MyO7g5OpQIA7NmxbdfWHgDA9775Z/KN/vN/+AOKJC/9+Lt3/ToVFDYEGIahe4nKXd0EJCKJIsRaFakmRBIKwo1W3jc7JwiCTqtVqdhyuWIw6GPxhCRJqVS6ob4Ox/HxiUkAQHNTI0mSH/y8EQLLYrIemb0IISSK4k01UQAAAIBh2OS0dyEYamtuctXWyG2x3C4nU2m9TgsAgBCOjI23t7ZUKpVzFy+TJLmprdliNsnvMp3J6rQaAAAASJIQjuNz/vkpr6+5qb6+rk6+2uDwCE3Rba3Ny3IFwnK5AgBYCISsFrNWq5G7BwghQEi69WO62erS6mDQf1hFCYQgcIJQgWW5CKsDdnlPVRhA3i/rGnI38t1DeD1VDnVDNFFOF0qSivyhwhPOKovAEgJNJtKMRYnsjBWGWX7RoSHkoVihUGhtaY4lEpGl6JX+gUKhmM1mp2d8JpOBIAhRlHhB0Gg1QyNj1/oHZ+f8w6NjgVAovBQdn5gKBEOJZDKTzT4aj0wI4cLCgs/ny+cV5ZmVYBj0+xe2b+n56a+OlkqlkdFxURRDi2Gvb/Zff/pvqVR6fGKqWCrN+ecRQqVSOZ3Jbt/a/ebxd1Pp7PjEZLFY/PkrR0Ph8OycPxKJ4jiWTKXOX7q8Z9cOTqVKpzNj45MAgCmvLxAM8Tw/PjElCEIqlZ6c8g6Pjp08c65YKlEUOTE5FY8nisXS9IwvshRVPiYFhUfMql5ACCPVAGqFSoIvxSChx4iqLjyEEMr6DLu2b73aP8Dzwv49u5eWYolkEsNgZCkmCoLDZqv3uBcjSy1Njfl84eLlq3a7NZ5I+mbndFrtIxuPVyoVeRLwaG73WAElJJ29cLGzvfXN4+/a7bY3j51468RJu9Wq12lohsYJ/NevvcnQtJwVhFOxBr3e43JFYzFRQqfOnteoOaPBACD8l5/8G4ETsVi8q2OzTqetcTp+88ZbWq3m9NnzDE0zDP3TX/46uLj41omT71+46Ha7GIapqXHE4vF3Tp5Rq9XvX7g0MDwsCOLFy1cVy6GCwiPmtpNcglGJUQkgkWA01VRvEILxiSkcx2xWC0EQ27f0RGOx8ckpCUlqjkMAeNy1DfWeSCRK4LjNap72znBq7qmd26OxuNNhy2Zzj+q5AELI4/HwPK9SqZRAsJUgBAB45vBBrUb9o5/9aikaZVlGr9MajYZSuXKtfzCXy/O8IIiiXDIYjoyOj0fj8QrPS0gSBJGm6VBo8dyly+VKBSHkdDh+9qtfswzNC4KEUDyRYBg6nkjyPG80GBrrPSzLnr1wKR5PEASxuBghKZJlmcVwBCGEQWi1mBcWAk98V83zQqFYVL6JCg8YBHAcX5ufwqqCMFAo54oJH8EakCSJ5bTK3ISTKgA+SPi+Iok8uKEJU102XH4IIAQxLByOmEzGR5yWp7pWqQjCLBeEgRDmCwWWYTAMK5crsXjcYbcVCkWNRh2PJwiSKBSKGrUaQsCyLEIoHk+IkmQxmwVRSCaSWp0WAlAslXmep0jSYNBDCIvFYjyRNBr0EMOSyaTdZssXChjEaIYOL4aNJiOSUCqdtlrMsXhCq9XQFB2NxdRqjiJJDMPlVVyKopbnj1uMLDls1nV7lQ+amdk5i9m03rVQeNKAACZTabPZqGLZdCZL0xRDf5CPZw2CMIhk1KSz+/oS3PWF2+vNysqiN7encoFVFntF0foIBSCrPPHN/dpACHEqldxn0zRVW+OUJEmt5iRJMhoNAACdVlON/IAQWixmeZvGKYfDJh9iWVZOEytfh2GY2hqn/MKddruEkJrj5LNqa2vk/ZyKlRBy2KwIAISQ/UbjXq3PuryNRwaO41qNZr1rofAEIkrS2iyoq4/H86VKrljKFUr5YilfLPGCeP/z1if+5/14sdyXd0W3jRCSJLTcTbO6vfxQdXv5da7vX3YpcMN/tLpfWna15Vd+tC/g3hgYGgYAeH2z6Uxm+f5UKl2p8Gu4oCRJZ86cmZiYWLHf7/fn83mv96Hono+MjKRSqYdxZYV1Zq0/n5UzAAzC2UginisaOAYAkK0UJIAyWXFvmxtXkiorfFTx+uZomh4dm+ju7HjnvVM2i5XjVIIgzM0vuGqcoXAEALDvqV1X+wYaPHVTMz6e5wVeeObwgSv9AxRJHjl0oGoRjcVi77zzzvbt2+PxuFqtfvPNNyVJslqtXq+3pqbmlVde+cM//ENRFI8ePariOBzDKIqiaZrn+Vgs9vzzz//i3/4NxzCLxYLjeDgc3rFjR2tr6+tvvC4Kosls1qjVCCG/32+32+fm5orFIkEQu3btOnb8uMlotNvtDMOcOnVKq9UeOXLk3ffe4yuV2trawcHBjo6OycnJUqkkCMLhw4cbGhQlho8Eq7qBIobEWYpgSJwiMZrEMAjRjYzBlUoF3gSAENyqE7sR2Ji1UngcwTCo5tQcx10dGDxy6EAkGoUABEKL9XWu9rZWjZpraqyPxxNqNdc3OGS1mGoc9j27d1y4fDW0GMEwfLk65pUrVz72wgtNTU3lcjmVSl25elWr1S4uLn7mM59JJBJbt21rbGyc9nr9fj/DMDRNz8/Pcxw3NT3t8Xi++93vNjc17d69O18o9Pf3f/7znx8bGwMAvPrqa2qNpquzc8uWLY2NjSzLDo+MAAg7Ozt37doVCASsFsuuXbump6eHR4bLlQrEMABAIh5/4YUXBgYGvvzlL//0Zz/T6rSNjY0vv/yyfE2FjwL4M888c9MOCGmSGAvFFzOF/vC8UMYLJejQcza9BkLYPzgkimIsniApEkkoncngOCGJEs/zlUqFJMlyuXw/IlAPEFkQJplMqlQquScoVyrVgKAnnhsmmuvk8/n9+/frdBt9DRzH8eVuArl8XqPm1rE+VTLZ7Ka2VlEUG+rc/YNDNotFr9eVSiWP2z2/ENBqNHqtNplKI0kyGvQGvZ5lWbWa02u1OI6pOa62tgZCmEpn9DqdwWA4deqUvNxtNJrMJhNJknq93m635/N5mqIkSXK73QghjVqt1elKxaLFYslms/v37w8Gg+3t7a+++mprS4vNZnO5XJlMJhqNtra2QgiTyeQ3/uzP+vr6eJ532O16vd5kNKpUKoIgXvn1rzVqdVdXV1NjUyKRsNvtgWCA47iJiYnm5ub333//8OHDNEVrtVqDwVCpVJxO53q/coV7oFQqYzhGUVS5XCEIfHkjnEqlzpw5o1arcRyXf1/VkTGEcKUXEIbBsfmIUaOyaDkIsUg+JiLRHypvb3DSFHnlWh9FUQzDZLI5iiTsNmsimcpksgaDPp3OuGprMAxazOaN0MpACGUDq81mkwVhFC+gqheQzK3pHNYd2Uuh+u8T5gU0N7/gcbs+vNwdicfjkiRZLPeWp3poeLirs/M+b62wYUml0wRBqDnufr2AEAJOo3ZkIToXTceKKT2tJiChZSiSwAFCNE13d3bkcvloPJ7P5wmCRJIEIBB4oaW58fzFyx//2LMbx5vbbDbncjlFEGZVIIQ8z985T8YG7CEea0RRKpXK1/3qlu2HYPXsLavuV6s1AIBiqXSHYvCW67e1tS0/pVrmdrdWeIyAEBYKRTmDy72yajZQvtXJikgMR/wajbtW7RAlUUIShHhjvUcURZqmbBYL6XTE43GPpw7HMEEUBV7Y3N66cdoLhJDZbLZYLEp86apACL/1nb/797/3ZYfdLk8HEUIQAoQQBjEAQblcGR6b2NbdKWyYHv1xp9bpyGazQBmLKDxgkErFqlRrCQS7dQaAGJIhcVJAYoumUcNqVTQnIQQBRAjJUbUYhjEMhRCwWq9PzykARErUaNQbqrVd7siosBwMwxbD4QN7dg4MjkCIDQ2PJtPptpbmYGixvs59uW+AwPHdO7edOHmmsd6jUXPKa3wg0DRF00ogmMIGYpUZAEmQNKQxDDOodAghWR4WgZuctW/Vh3nEIb4K9wOGYecuXtbptFeHRpqaGqPxxI5tPZeuXNvS1SFKot1mrXPV5AuFro5NBr2O59fi565wK9FYfDEcsVrMhUIhlc40NdYvhpfK5bLNasZxgiJJAAFFkszNrgrlcjmRTEVjMRzDN29qW37IvxCoc9WOT0y1t7Xc+daz/nmT0ajVqIdHxwVRsFutFEWZjAYAwJR3pqWpUS4WDC0CAJaiMZvV4nR8oCuSzmR02g8sDOVKBSBA05R3ZjaXzzc11stBfwAAedlJFgccHZ/c3N665tel8AhYpQPAIBbNxa4G+xxaJ8eom00NkijcWkzh8UWSJIvJ9Pwzh7d2d757+qzdZukfGjm4d49vdra+3mO3SpxKpcXxUCgciyf0ukeXv+/JJp5IyglbypXK1p6ui5ev8rxwYO/ui71XOU4Vjiy1NDWYTEZCFIdHxiiKKhSLda5aTqVaisbKlUq5XM7l84IgzPjmjEZDMpmiKWpweHRuIQAxCCHM5fIcx+XzeYfdFgwtbunpEgVhZHxCp9EMDI994sXnfLNzRoPeaDAsxWLxRCIQCnEq1dx8IJ3JNnjq5hcCJEkIgqjX6wZHxvwLAaPBUCqXaIqanZtvbWlKpzM2qyWeSIiiVK5Udm3fGgpHGjzuy9cGzEYDp2KT6YwgCBBCWVd5RdCcwgZk5bAdQhgvJKKF+Hb3dr0AjLNzpZEL4EYHIKttyI5Ey09ZcYVby9xaDADFFrpuSJJ0+OC+YqlkMZufObQfQNi1qa2+znX44P46V21356baGqfDbvvYs08rrf8DRJIkvU7HMHQ+XxBEsRoILW8f2Lv75NkLOIZnszmjQR8ILZbKZavFLCEJAJDOZLs6Nqk5LhKJ5vKFC73XWpqbUpkMRVF6rbZUrmg1mlK5wjAUy7LZbK7CC7lcPhZPOGy22flAjcNOUxRF04ViMRQOz8zOzc0H6uvc41Neo0GvYtmFYCiRShWLJQRAOp159vABUZAKxUJzY4Nvbt7jds355zUa9czsXHtbq8Vsqq1xAgAEQUAIuWudNU7HhNcnimJjvcdutS5FYzOzfuV7s/H5YAYgCAJBEBDAcCbSbG18y3tqZ4Ey73xWyCbFRBy32iEAqXQ6HI4wDEMQuMNuJ0kCADg55W1rbRZFUXYv9c7MqlgmlcnYrVaTyVjNPpZOZzQa9fJuoFQqQYgpshvrguysJYqiyWg8cnA/QogXlHnew6W2xqHmOAzDPHWuickphmGaGhyT095tPV2SJDEM87lPfYKiSJWKTaVSO7Z2X8+5xDAet8vjdslGGLPZRNNUT9fmxXC4u3NzMplSc26tVqPTaovFIsuwkoR0Wi2O4xo1p9dpp2d8u7Zv4XkBAFDrdARDi/l8YcfWHgzC4GL46QN7E8kUQIjjOJ1GYzDoAACcSkUQRHtbk16nm/LOPHv4QGgxsn1rz2J4aee2rd4ZX43TsRSNAQC6OzeZjEaE0LTXd3DP7grPG/S62dy8xWwyGvRrW5ZUeJQQ/oVAfZ17ZnbO6bDLLTEGYKFSvBg7yZU461xdKR1RtWwFAIiiODU9s3P7VlGSvDO+TDY755+vcToCi+FSqeSpcy8Egwa9LpPLiaLgqXMPjYxCn89msWSyGa1GOze/0NzUkE6laZqmaSqfLxRLJRzDOza3b6il4yeY24VGfyDLtc484UPGaiY4s8lkNplkN1yrxVwtoL4R9VbvqavuJAhCt8zDz2Q0mK4n7NMCAKrGdwBAQ71neTF5o7nxpqQONU5HdVs2/VeV0YwG/fKSJqMRANDe2gIAqHPXVuvf1tIMANCo1dUyEMKW5sYPqrGs8gobHMJutQ4Mj7Y2NzI0jRBCAFIYodAAACAASURBVJk05kQx+UdtX08Pn0ZlPp6LM9Ew5qhFABAEjmHYpctXaYoKVEI9XZ1DI6NqTtXQ4FkIBEmSDEeWCIIURGF+fqFr86bJaW+xWGxvbRubmDAY9AxNB3I5kiRn/YFD+/fMzvk1GrViYXgEYBiWzxcy2dxG7msRQhqNeoNEkj8CSJJc7yoofNQhGIbu6dy8PCmjTW0RspIw2df29FckAOpaN/NBPyoWSU7tsNtHx8a1Gg3D0DqdbmBo2G6zLUVjc3N+o9GYSCa1Gg0AkKIIV20tAIDjOLvNOjo2rtNpMQwrFkscxzEMU+u0j46Nm0zGxcXwcu8ChYcEhmGZXD6VzmzkDkCSEE1TKpZd74ooKHxUIG51lhcl0am18fqGyvwcQAiQJCQpAICEkNNuczpsslY3QshsMgIAqu5iTruturArNzTNjQ0Ioe6uDnknQqjG6ZDjcuWbmk1GSVJmAI+CD7L3LdtTjZG+3Tzs7oOB7z9sWI5Hu58rKCgo3BPEqpZfJElEYzOQxOs/yKoQGAAAyeHjt8nhfrNS2K2p3lfsQegRmZ7hhrBxbyAgBivl6/n7IAZxDF8RySH3FsVikV6WV2Q5kiTJvl5yun9JknAcryaZEkVRCQ1ZAUJIEESlj1NYIwhg2OrDLIhha0vXT2Rz96DTiwGsJJZLlSJJUBylkh3UHhfKZSWg6To4jn/3e3+fSmdampuSqaSrtrazo8NTVyc35RiEEMN8vlmOY//+H/7pT/63/8gyrKzm8sGkAaGRycnJyakv/M7n//gb/2nblp6R0XGKIp9/5sg77733v//pn3zrr//mP/4vX1c63eX45vxqNQeVHkBhrcj+9StTP0GYyWSdDhtFUfd6QeLu9YwggJFidDgx2qptns367Spbm6FJfHz6AFEUldRXAAAMwxYCAYTAX/7Fn5dKpX/+4Q9pmimVSj/6yU9ZhmloqO+9fKW2piaWSNAkSVH0Yjh87uyFmlonhmHxeKK5qamvv/+lF19obWk5+tobMz5fa3Oj1Wr5uNt97dq1WDx+6tzlXTtObpA0zhsKiiRt95jFU0HhbqAoUhDFe27+bycJuSoViU+Uk8+6DvtKgUuZi0fnf5nic1VTD8/z1VAAsMzjUN5ACBWLxUeu0HLz7ZSB1w1IgszmssVisVgqIgQSqeSFS73++QVRlALB4AvPP3etf6Cxvn73rp0aNXep9zIvCOl0hqHpyelpDEKvb7ZQKNI0vXP7tr/61v/5seeeEwThwsVL+/bu8dS5/+JP/8g3O3f02HuP3fB/YGjkyrX+OxSYDwSSqXS+UKjuKZVK5y9eOn32fCKRvPsb9fb2vv322zMzM16v1+fzrTgaTySi0WgwGFz13EAgkEgkAABDQ0OnTp165513stns0NAQAKC//06VV3iCQQitbWaJ7927727KQQDLQlmFM2fDl9SZ9L6i+hDTLWXDtN6J4XgoFLxy5YrXO+10OvP5PEmShUKhVCr19fWZzaZ8Pg8AuHr1qtVqLZVKa5inrI1yuVQqFkmSklsiCSGtWv0RmQGsEIQpFovdPVs0Go28X6fTQgCPHT8uCKLRYNDptF0dHeVSiWVVtbU1Op2O5yttbW1Xrl3T6bT79u5ZmF+wOxwEQZAEbjQYcRxraGhQqVQmozGVTD399KFYLN7Zsbm9ra1QKEhIOnL4MAlQx+bN91hnoOZUDPPBksMjFoT5x3/9ydMH91Uq/NkLF1mWHRgeicfjyWRKlKTFcLj3Sl8mm0smUyffP8tXeKPR4Juds9tsdqv1nZOnt3R3vnvyDM8LwdDi1f4Bs8l4tW8glUonUyn//ILDbpPn6Tqttq+/HyB08ODBWCyWy+Uqlcr4+Pj8wnwhXzh95jQE8Nvf+pbD4ZAkqa+vr1AojE+MF/KFmZmZpaUlp9NJ0/TRo0ctFksikRgYGNi9e/elS5e+973vHTp06MSJE9u3b39kr0thvRgeHbNZLQCA0fEJOY6kUqlgGEaSxL0KwtxtBwAAABAECotthlbJ+2araRtJqlihLKm0gFLlc9lodKlYLKZSSQzD+vquzcx4TSbjwOBAfX3D8PBwLpejaeqNN96w2+0mk+nR+P6nU0lBEDAMI6nrXkxKB1CVi/HU1e3Ysb3O7W6or3e7XDqdrmPz5ubmJrvNxnFce3u7RqPZ1N7e3tbGqbjuri63y1VT49y8aZPVat28aZOKZeXg1R3bt1UqvNPp1Ov1giBotVqrxQIh7O7uuleX03XvALZ2dbz29vGxiSm7zTo57dXpNDu3be0bHNJo1MFQWKVi1BxH07TDZqNp+u13T27fuoVlmWPvnXzphedGxiZ6OjcfP3maU7HtrS3H3j1VLBYFUaRIYjESaWlqrHYAU1NTbrdbq9XyPJ9Kpebn58fGxhiWrZTLO3fsnJub02g0O3fuPP7O8XK5QpFkNBqlKCqdTlcqlUwmgxAKhUIDg4Of/MQnfvzjH9tstqeeeqqlpeXSpUuJZHLvnj2P7HUprCOT094p70xXx2a5rV9zB3APJiAap7WkJlKINhr2CZRaMDsQocIKWQCBKEp2u+Ozn/0cx6lJkiiXyiaTyeVyQwjm5maLxWIul61U+Oeee25kdPhRKcZAVqUiCIKiaSXW7FZEURQEofpXlg8TRbG6LUmSfHT5oepG1ZtLVruVzwI3lMiq+x8jypXKb15/W6/VHt6/N5fN9nR1RCLRa/0DOIZf6xtQqzm9TkfTlE6rHZ+camtpAggYDfpoLD4x6b3WN6DVaE6dPddU7+FUKpqmOtpbOU5lNhs5lUp+Y9Ub7d2799e/+c3Ro0enp6cZhrHb7TU1NRazmeM4iqI4jqNp2ufz7du7j6Zps9lcX18vizhGIpGenh6Xy7Vv3z4Vy2IYtmXLliNHjsgnfvGLXyQ/MjF0H3FsVovH7dqzcydzGw+9uwf+8Z/86d2XxiCWF0ooNKkvpBChAXyab94DCKpSLiOEGIYRBCGZSul1unK5rFar0+k0hFAUBIqmIYSlUomiaTX3iPLLr/BwF0Sxxm6TnvTOYFVJyEQi8eWv/K7D4dzQgWAI2a0Wg15X3bNhJSGTqVQul3fV1tzTWQuB4L2eoqBwN+RyeRzHWJa9X0nIOyMhicVp6Oqs8GU8FRUt3QBAgJBs1kcI4TguawLLWoM6nW756XJyqEc2HlcG/lUEQbBZzLVO+0buAAAAj2x96D4x6PUGvf7Dy92Mkm5P4T6R80fdur9YKi3PCnX3EPcarXPdfoQTkp3DbuMDWjUw3eHoIwYCIH60Y46r3f5G5rFzHLonzEZjIBhS0qArrAkEEFCpVBWehysPAJIkWJZZ/bw7QiyfcX8oOMQylVw2n2EZ1qwyitJjoxYLIcxk7yHkTUHhgaPVarRazXrXQkHhA4i7t5NgEJtNzk9Epzdb2y7NXzGrzDtcW6t9gDy6rGYWuv/MMA+cjVaf9QXDMDlbQ/XzAsteUfXfO2cKUrgn5gNBANbor62gAAAgCOLWGSQEIF8o1rlq1pBJ925PgACUhFKmnH22+dDbvpOD8WvpSLLB5DGwernRn/bO8LxQU+PQ63QAgEw2q2JZHMfl05e3MtU91cblIbUvCCFRFOXViIdx/ccXHMffP38xFI7s3r61od4DEEpns6lUqs7lQgCUy5WLvZcDi+HNba2eOlc8kWxuqJdu+JWud90fYyAAcpZcBYUHSy6fr/D8Q+wAAICCIDg52xsTb83n5lSU+jMtnykU8ybOiBDy+mb1er3ZZOR5Yco7AwCKx5Ou2ppsNodhUELIbrNWKpVkKk1RpMALCIE6d+30jA/DsPq6OoZ58J6aEEK/318qlVwuF7em5ZEnGAhANBbr2tzuqXOfvXCpWCxqNJpgKJRKZ+LxhNVqoWmKoiiWYSampmdn/eVyObIUtVkt7a0tH7U+oFyuzPn9OI43NTbE4wmTyZgvFCCEyWSqUCg0NzWWSqXZOb9er3fYbXd3wfLIyAhFUZ2dnYFAoLa2NpFI6PX6oaEhvV7v8XgSiYTP56uvrzeZTA/76RSeDNYcCXy3q4IIIJKkAvmQQ9p0xPDJj5s/TRe1xSw2vRDGIERIomkqFo+Pjk9QJBlajBgMeovZFAiFIIQ0SU57fcHQIo5hOIb7/AtqNXf5Wr/DbkulMw8vo1zVRf0hXf/xRZSklz/+oiCKp98/R5Jk3/Co0aDf2t11ofeqVqctFstyyqTw0pJRr+/p7uwfHFFzXLlcfrIXaVclFo/PzQcwHD9x8vTla33H3z25tBSdmp5549gJ2attMRxJpjMXeq8MDA0PDo3M+GZHxsYXw5FMJjs0MppMpoKLi5VKpXrBpaUlSZJ0Ot2rr776T//0T4ODg+Pj41euXPH5fLLX3LVr18xm83/967+enJycmJi4dOnS1NTU5ORkKp2+cOECQmhsbGzdXofCBmDhRpqQhcDq+ULunnsKBKNsnFVFY3kR1dfaJIQIHKMxTEKovq7ON+tPJpOcSpXP501Go1ajjsbiToedIAiHw65Rc1qNxmq1JJMpq9lktZhJgmAZxmTQC/xD8Y1DCHk8HjnkUjEBrQDD4Kmz5/z+hbo6dzgcaaxzm02m4dHx3Tu2ZtIZjUatVnNmo1Gr0ZhNpvHJqe7OTblsjntUARwbDaNB3+CpS6ezajVnMZtPvX/eoNcfObjvlVffBAAQBD4+MWU06Mcmpkwm4+DIWDqdKZXLf/Htv3U67K+9fXxwaHS5eyuEkOM4t9sdCoWeeuqphYWF/v7+js5Oq9X61ltvAQBIkjx16tTHX3zx7Lmz5UpZrVYPDg6GQqG/+uY3XS7XiRMnbk0fpPCRolAozvrnrw0MMsxaPH+Wcw82IwlJDo09l1xkAZoNLGEYlEQkW28wDOvp6qgmCgY3VoBl+RcAQFtrCwBAFoeBEOZy+fbWFpVK1dLcBB7aGiOO4yqV6qPZZt0ZUZSePXwQAIAQqq9zy+n7P/Hi8wBc/zAgBBBABIAkSb/1yZcAAKAdoRs6Px8x4LX+wYVgaHN7a3Bxcf+epyamphOp5GI4Is+HeF7o6e7Y1tP9i1eO2qzWZCpVKBYZhnl631P++YDHXavX3RQxACG8ePHi0PDwoUOH+gcGvviFL3z961+f8XrL5bJcoFwuv/DCC3a7fXp62lPn+dnPfkZRFM/zO3fu5DjuF7/4xff+/u/X4TUobBham5umZ3x1LpcsyXU/wG9/+9v3dIIsO4DA9T8IraX5fvS+JbIbqEGve+L7g1UjgZeWlr7xjW+43e4N3oLLkYrVfzdIJPCtLgwAAFEUqz4Ot55QddU4c+7C3t075YeqRgLLn8KKsIzbxfjIwjvV7WPHjr344ov390AKTxrZXJ7AcZZlHm4kMAaxVCEjioKO0+EYvubs+k98K6zwJLHqysdtW38AljvqHdz3QXY28Ubvu2pE3u004pcXxjBMaf0/ykgSwrBVvo2CIBD4mhTB7r4oBrHxpalCJU9TzDu+k0+Z9ksIGfQanXqlmUVxHldQuBWWYeYXAh/BhXSFBwICgKFpUZRu9feRc7yv4Zp3HwcA85UCTVAQg4Phoekkv0UtYDj0B5a62+urU1p5o8LzSJJohpFEUc4+ulwrRkHho4mcw11BYeNwLyYghEiMGAoNBvNzL7k+0Vhnpyhi0heEECaSyalp38F9T71//mJLc+OVvsHuze1LsTinYiVJ2tTe+tpbx58+uO+R5QFVUNiARJaipXIZ2/DDIAQABiFFUasMNhGAENht1kBwURCV3HYbA4QYhrGvabXsbjsABJCKVo3Hp3tcW80ZWz5fQghJEgIIAQAwCGmampmdkxDCMMxk0Hvq3IlUCseJSDQ845szGY0b/VuvoPCQKZXLda7HPhI4GAoDAHiBr69zr3ddFK4z659f24n3sG6AENru7MERdKkcNrURQohjUF7vEkSxvbU5EAy1tzaLolgoFmOJRC6Xhxjs2NQWjcXq61wb3P9EQQEAUC6Xb52jFkul5fo2VVWcYrFYqVSKpdLywtncbXMOymN/WVcHAFC6+cTHBQy/7kACAEAIpdNp+aediMcT8bjse7bilGw2K4fCye9tamrqkdf6CWfN1vV7WziWkOTS13osHo5i+6bnR+fCuUIJIGTQ6ymK2rdnt0at0el0nZvby6Xy9m1b7DarmuN2bt9mMhpYllXsPwobnKNvvF2plCVJ8s3OiaIYTyRCi4sTU9ORaCwQDKVSaQDAyNj4rH++WCxNTHv/+7/8f4lEMhgKFUulV988NjE5NeX1LUVj4ciSf34BABCLJ2LxxPJbBIPBiYkJAMAPfviDXC7n9Xp5ni8Wi8lkMplM+v3+hYWFaDS6Lo+/gnyhUM32mMlmby0QDodjsdiZ06cBAKFQiGGYY8eOzc7OLi+Ty+Xm5ubOnTsHADh69Gg2m83dvo9UeMTcc/IgCUlQAjqdeimeqRSKDptRQkh2cxZFkSBwAIDRYAAAIIQYikIAiKL4uAh9KHzEoSiKpKhz5y9qtZrjJ06ms1lBEBsbPP75BYHnJ6Zn/uCr/w7HcYIgJCSViiW1mgsthqe8PgyDFEWxLOtfCAaCwUqFt5hNwVD48rV+kiL/x698kb7hmk1R1C9/+cvBwUEcw0+cOOF0OoeGhjo6OsbHx5PJ5LPPPvu33/nOf/7zP1/f9yBDkeTpsxeOHNz//oWL23q6by3gcDhmZmY0Gg0AAGIYzTDbtm3LZrMAgGw26/f7N23apFarm5ubRVHsvXSpq7NTEkX6voUMFR4U9zYDwDAoSwqrGWrL5vquNo/NuEpoVTXBpzLgV3i8KJfLXq8vkUxjGIYReKFQdNXWUCQp8EKdq5aiSAAAQMg3618IBDEMU7GsVqNu8LgP7tuDY5hKxZYrFZPBUOO0e9yuYqlkt1uePXxguY9/pVL57Gc/+6UvfalQKPA8jxBiWHZ+YSEUCun0eqfT+YXf+Z3XXntt3V7BMkiSPLR/7+vH3tne082pVLcWmJyc1Gq1qVRK/hdCmMvlMpkMAECj0XR0dGAYVi6Xj/7mN/Uej93hSCST0VhM8QbcONzDDECQ0HQgyRIYACDHS/U2jZoilCZe4UnihWeP5PK5I4f3p9Ppjk3t//jDH0/P+F7++MfUao7AiU+/9CIAoKW5yWRK4DjeUO9pa23WabWBUEijVh8+sA9A8PSBfRCDEACCIOw2W7FULJXKy4O5HA6HxWIBAHz1q1/FMCyRSOzevXt+fr67q4thGAih2Wz+7Gc/u26v4GZwDPvEx5673dGmpqZIJHLg4EEAAIQwGo0ajcYVQrAIoWeeeaZcqdTV1blcLoTQmdOnN23a9NCrrnAX3HUcAAQ8LzAEjuGQIvASFIq8pKE/UH2pCsLI/64aGnbr/irVGAIFhXVEp9PKATUatRoA8Ptf+SKQVTgAAADIMwCapp0Oh7yHZRgAQK3TebsLMswH5g75qy9H5AMA5IZStp+43R941DQ0NDzAJ3rgoGXKqjiOO288+6ZNm5bnwKjCMEw1Z5ncShx++ulHUtOPEmsdid/TGgAUJKkoIEZCggim4z4V5eYoTjb4TE17JYR0Wi1JEhBAs9m0vK3PZLKCKBA4odNdz80pZ46Tz8UwbGxisrmxkSQJ+RAG4Y10Q3DNHYMiCKNwn6xBYeMOIAk9FpHACAAIIUmQCKFb4wDkZWGEwNz8wvIj8Ma5HwpUjMMPFoQIYvU8Ih/KPXy/EUAqmjBqGBzDkgXhgm/+WvTkH275A5qgZnyzRqPBZDRGIkuCIPJ8ZWwiRuA4TdPxeMJiMQ+PjTc11HMq1UIgoNNp05msxWRKplIajcbpsBcKhVQqnUylKpVyIpmy22yBYJAgCIvZlM3l3a5a6jZpUu6AIgijsNGocz/2QQBV6utc610FhQfAXQeCIcBQBC8WZ8KxTLnQHw8COqxXWYvlAkPQkiSRN5LMCaIYTyQrFd6g15XK5ZaWpmAoVOt0GvQ6r8/PMpQgiBDAQrEIAMjlchiGTc/4GIb2zc6aTab21tYZnw/DMLerNhxZSqUzrpqatSkMK4IwChuKdCabTqcfixkABiHDMDwv3DIDQCzL6nXaWDyRy+VuNfgoPHoQQga9Xv9QcwEBADAIG+y6okBPJ1I7WDZXrmuxNGM4LiHJU+ceGhljWUbNcSqVymwyZbJZmqYxDGIYxqlUgpDN5fINHnc0FmMYBkIgiqJKpSoUipIk0RTVsXmTb3Y2mUqPT07WOBxXBwZxHLfbbLIZZw0PJgvCVCoVWRJg4//qFJ54kqmUx/3YDJyXp6FezvxCUK/TpjOZxnrPo66Twm3wzfofegcAAJAkxOKMltLEC4kSFMpCRUOrEUI4jm/bct1NeFlriwCACKEap7PGef2Q1WKuZleXS0qS1NbaUqlU6txuhl6yWMwYhm1ua3XV1kiSZDEb1yY5ABRBGIW18pBGDPhq7emGZdXWH9xYCb9DNuxYLKbX69ewfBIOh+12+72epQBuhGev5cR7Kg0hRADU612H6va+2HCk2dRQbV6lGyCEqps3/3t9W174rf4LbuhjiKJosZjlIX+t0yGKopxu6H5acKX1V1iVV159QxRFWYSrUqnI38ByuRwOR/wLgYuXr+YLBQBANpu7fK3v8tU+2ZwoSVKxWHrtreP/9b/93ZlzF0bGxuXMB/J15DwH4EaOB/kLnM/nB4ZHlt86FAp9//vfBwC8+eably9fPnfunCRJ8iny1/XipUulUkkQBEEQEELFYvHRvpsPWD75FoTr28t/UcFgsLe398qVK/39/RfOn5+fnwcADPT35/P5Y28fCwQCy68Wj8d//vOfy9s/++lPeZ6PRCLHjx1bXFw8e/bs0ODQwvwaE9oorJl76KUhBPliqVyuAABUKpalyQfuuPlBd6I03AoPE4amfvmb19RqzuN2JZOpaCzOsqzZZCwUi9lsrlQuL0Vj+5/adeL0GZvZMjg6BiGkaWp0fPILn/2tjz//DEWR27f2jE9Mfefvvq/VqI1GfVtT04Ur13AI21qaEsmUTqfN5fKuGocgSv1DI12bN1UH1BDCeDw+Ozt7/vz5r3zlK2NjY3/9N3+j02q3bNnidDrffe89URDUHPfqq68aDAZBFDo7Op9eJ7/JfKEwNjG5e8f2wZFRh81mtZhXFKipqRFFcTEUwml6z9697777rtvtZlmWJEkVp8rn8wCAXDZbKpfNZrNOp5Pd/y9dutTQ0JDP5bzT0w6nc2x09Mgzz1y5fPl2kjgKD497mgHAiYWlUCzrX8qfHQnEs+UV0+SHZ2dXLPgKDxZBFAEERw7u987MFkslQRLnFgI7tm2pdTpam5ssZtPO7Vu+/d++e2jfXgCA2WTcsW3Lpct9bS3NAABBFPhKRRREnucbPO7G+rp9u3eFFsMaTnX44L5oLL5/z27/QkAQxVy+YLWYGzzu5eYUXhC+9KUv/eU3v/m1r32tUqmUK5WW5ua9e/cmEgl5KtDS0mI0Gj0ez8svv/z5z31+bGxsvd6SVqNpb2195fU3bRbLra0/AGBudtZut6fS6Vw2VyqVZHc7hBDLsgcOHJBrjhOEnAmGIAgkSbLyZSwW887McGr1rM9HkmSlUuF5nlA6gEfOvdnpOIaM8lidXqVSkefmIp/uqhPE6wb9Cs+LgoDjuOwYsMJxEyEkCAKE8FbLoDzqlxVWqykGl2+IolgqlWiaXnHuckNtNargnh5H4SPLtp5uURQJgti5fWs4HGms95hMpou9Vzo2tU9OT7e1NNuslq995Qs2qwUh1NrSFI5ErBZTd+dmAABBkFu6uxiGaWqor3E6CILQajQ7d2xNJlPZXO75Z5/uHxj6/G99aiEQSKUzFrM5srQkCEL122s0GBBCP/zBD4rFok6n0+l0EEKO4xobG3t7ew8eOGAymbLZbE9PTyQSYVl29+7d6/iidFrNZz7x8dsdtdntY6Oje/bsgRBOTk7u3LkTAFAqlbLZrNfrff755wEALMuyLAsASKfTOI4nEolt27Ylk0m9Xg8hrK2tNZvNAwMD3T09g4ODj+y5FGTuQRQeQjjkXSgSbLuDGA6PYRiOIXyXezsAIJ3O+Px+i8kkCIIczs6pVBiOYRDm8wW1mhufnNbrdVqNBsOgimUrPC9He4miqNVqAQA/+9XRl198DsfxXD6v02qLxSIvCAa9XhTFa/2Dda5aAKFWo5YQEnieomlZsKLC83yF5wVer9MnkwmtVnu7pSdFFF4Rhb9P0unM2lT3qiwEg66amgdVn/UiHFmy26z++YW623g0ZbNZtVq9hll7KpXS6/X3XcGPItWP4yGKwiOENtc7e/3J6dh8i6X1/HzvpdT7m6ytOpUusLi4qbWFU6mWotEyzycSyfHJKVGUXDUOlmXjyWSF52mKWgxH0uk0SZLJdHrPrh1X+ga2dHdiGBYMhnZt3xIKRwBCWq1mzj8fXoq6ap0Yhomi1FBfp+a4dCYzPjltsZgFnk+kUgxNtzY3BYKhcGSpzlUbWgwLgthxcxISBYUHyH22/gCAQqH0WEUCr57pK58vAAAKxZJ/fmHVAhiEiWRqDeMsDMJUZpWk0wofAvpgif5euTcTEI5h+xotw9H4wHx/X7L/d+q/LEgiQshutXh9szVORyqdYVlWEkWbxeJ02sORJbPZFAwGCQJHCEkI2W1Wi9lc4fnxicmezo6+gaFnnz407ZtrbvTM+heMep3886AoUhIlAIBOq7nWP9jVudk3N28zm3UaTTQWwyBG4HgimZJEiaZIQRAcNls0Fo/F4na77c5jfCUmQGG9aG1uXO8qPDDaW5vXuwoKD4B76wAQAAgBHOBN9laCZXCIczSHJMlkNJIEWeErNU4HhJjJaCiVypIk1bldJEG4amsrPA8BsFkt6UwGYhBCsLm9rVyp7Nq+lef5HVu7OY4zm0zT3hmAQGNDffD8RaPBoNVqIITdXR2ZdGZLyxbCcwAAFQ9JREFUdycEgGVZURKdDjtJUelUut7jvnD5qsloYFgWAWTQ6+/Q+kMIRFGoVPhqaioFhUdJqVTOZDNgZXCtgsL9QhCE0bAW69laBGFaTY3+5IKTsbqMLgonEUKy6QYAIJugIQRVBRiEEE3TsgQEQkjWigEcBwBQqVTghs+AnLWttaVZDjDZ99QuHMfliAGGphmr5frdJamqNmM2mwAA+3bvlEuaTaYPG/sDQRCV4b/CehFcDLtqHPJ3FAKI1pQSTcmkprACCGE8nsgXCqtqNtyZO3UAOAYBAKK0yvet3lgHlgm/gJtDrlaIwdx8aJWrVfODYhgmb1c3bj1lxf5qyQ9d3cUgwDBMSQ2ksF7gOFYdGJVKRYZh7/UKCCGe52lFX0/hZliWWZt7y53iAHqnl676YthqQ2YJSRKS1jaEUVB4HFmKxk6fPQ8AmJr2TkyulDXP5wu9V64BAN49deZDL5XP5wcHBtPp9MmTJ1cc8s/NXb16FSF0/vz5vmvXlpaWent7Z2dnp6eme3t7Y9HolStXHtADKTxBrLUlXr0DgBBGc6VXRqL/1h9JFivVLgBCWHUhWr5HsasoPPHwPH/i9LlEIvnu6bOZbPbtd947c+7C2yfee+/0++lMRpKkeCIJAAiEFl9/+/jI2Pip98/9+Oe/nPLOfOfvvi/niqgiSZLRZKJpWvZ0ADfyRgAADEZjOpWGEO7du7dSqfRdu7Zr167FxcVsLrtr165pr1f2qVdQeCDcrgMA4VRxb532U52WeLYEAQQAQAiTqdTYxKTXNwsAwDAMx/F4IjExOZXP5zdgH1CNPqvugRBuwHoqPBYIovjbL7/4d//9Xw4f2FsslnQ6zcSUt77OPTgyptNqMRzLFwoVnscxzGm3zfkXxie9Lc1NiWTqs5966VYZdEmSGIYhyOs2WL/fLyvrarVaeWI9PDzc2NSk1mgkSZJEUU4NROAPUqBGQWHV7xOEEBcEQNOkiECpgiCGyZmuvDOzO7dvDUeW5gOBbDZH03Qul7OYzSzLbrQAq1sFYSCEqVRKXpHeaLVV2PioVSqCIL7xv35dEEWBFxLJ5Jaujny+8MkXnksmUwaDvqW58cR7p59/5nBoMex21bY0N0YiS/X1dTS1svUHAPA8n8lkCBxPJBJGo7EqAxkIBFiGicfjiUSCwPG2trb+vr7m5mZeEAb6+zu7Ovv7+x/tcys8ydzaAUBJLKcDA80kqNW1iJKkrowXUnWM1omAJNt/KJKc9vr+//bO5DeOKz3g33u1L73v7G422aQWUtJItgzLHnmJMUmQ5DKZAYLkkEMOWS45B8kfEPgQBFmQ/2CSYBw4cwiyTRIDExgeO/I2XiRrocSdFMnet9rry6HIVpvdpETSlijx/SBQ1VXvVRW72d/36ltnZ07f39icOXO6WqsvLC5NlSePW5bproYwiLiysjo1dawbrjKOLYlEPNgQAS6cH9HT/OL5cxfPnwOAdGo7aO309OjAf13Xw6FQOBx+5dVXdx0qFAqFQgEAXn/99WBPMpnsH3Ic55h3DGY8EQghh3MDDCkAAq5lyJEJRIevfCBLST5UsDtbcnhM4Pl8LvvF9RuLyyuvX/3u3N17iiKv3980DKNQGDtua+pRDWHIzMxZFgXEeFJ4ntdoNgEAgETj8Z3tA0CAqKp2iImMZxhCSKPZSqcSh5g7pAAQRTXcqy0YtXt69jnPMdH3BS0JgL6PuWwml8tOjBdtx7508cJgROZxUwAwoiHMdpjpMbxVxkmgVCwY5rZHDY7UxONpaizDeAykUonDRQeM9AFQLTmtJachyOlCDCQ8BGX6EVVVVZ+SXrtM1jOODzzPh3T9Sd8Fg/GAET4A9Gy72wVCAIFyVFB311dgUpXxmGB/aAzGt8luBUAobSx+3px7m3AAAIRAbOaPpFBUUGMwJPf7Vfthp8fv47hlxomB4+herckZDMYwnnewajcjTEC+51MegFMJET2roSWLnY27ohpHwKBti+/7QUC9aZr9Sj62bYuieJy/qz6C/zSYrRh90qnk0vKqILJGUQzGw0EfeY4eqFLICAVACJEzz4NPjI2P5dSFys1/ApIK52cIkBs3b128cH5ldU3XtWgk8t4H12bOnL47vxAK6QRgeXX9lZevHLdg0D4EQJIl23ae9I08GY7/89nIOxwvPvUdVBiMY8twg0Zfz05aDR99V45e8L1Njpel8Hhg/+E5brsaBKEAkIjHJ0rjtVodEZqtlni8V2oIAEBOZuNpROR5nuf5Y6ueA47zEySD8ewx5AMAMCG01AxLkiaoejw6Pn/vTiEciQMSAMu22+2O4zidTkcQhZ5hbG1VTNvSQZ8uT+q6/lSEBp1AEFEQBI7jgmrbDAaDAcO1gAgh91Y2zs3MnCqPb9RbiiRduvjc3eUNQggCTJfLhmmkUylZkT3XnT1zynXdy5cu5jJpSZKY9D/OHH8TEIPBeMwMm4Bwupi5dW81m4oWkpHFlQ0f8VQxHeRPhUJ6CHQAUFVlcIrICpQzGAzG08YIBaAr0ux0ERFjYQgs54gPerY8/ltkMBgMxrfBiEQwx+rY7ToAERRN1BOAiHisPYcMBoPBOARDTmBCjOqKnpkCoL3qHau1SThOS5SA8gBAKQ2SAPqPAvvkfw2miQXRHbvq8PQHsCQyBoPBePw8UACO6wo8DwBAeMqLrue5apkQcK1ub3MjlSsQgHvzC5MTpc2trWg0KksiAKk3GrFIxN8R4n2ZzlFaqdUopdFIBACWV1Y7nU4ymcik00EkIiFkc2ur0+1m0+lmszWWy/o7OuCYhyoyGIxnHtPDD1fNxQ2bHEEaIYFImL9SlNPantF3rVbbME3fRzh0qyoESoksy5Fw6KBT+YWllfLE+Ny9+cLYWH8vJWRxs53UJUqIrGjrNg1ZjiqLlUrVsm1VURqNRrVW11T17r35bDaby2a2KpVwKNTr9RrN5nixsLC4LAhCOKS3253xYqHZapUnJ957/1oivhaLRRqNZjQSmbs3P17Ib25VCCHXb94ihMiSBACFQn5kI2IGg8F4DFxbNv7s/faNjp+kcBRRhAgWQvVa5y/PKb93ObzrqGlalWotFoukUskjSjxENAxzZXU9EY8pivzoE+lYNv3ZF9cL+TFJ2onkQddzLHBd0/HWq93lrXatYQQHEolYNBK5dWducWmF53me5/K53NTkxOdfXq9Ua+sbG6ZlXX7u0ufXvwrpWn4s9+4HH6ZSSQDwPG9hcenlF1/gOI4AnJ+d6fZ6uh4qFPKGabqed39jk6NUEsVqrT5cdIjBYDAeDz9fMq78Z8O28KxIkjxJcIf/l+RJXiAXCPzpL3p/8W598Cq242xWKoV8TlPVo693CSGqqhTyuWqtvqsB9f5QSZIuXjgniUI/zkdNFMzmhmN0fYRERLEcPxNTEAERRFHMj+UK+Vx5suR5niIrSMC0zGQ8NnP6VDqRiEYin372+fmZM4qqcBz91TdeW1+/DwDhcOj09JSiyLquptPpL67fCIdCiXiUEKIqiqaq2UxaEATKUVlm/RoZDMaToevgH7zbelWm/DdngyAEZiTyJ7etj1fN/s7Nzcp44Zsvc1LI5zYr1Ucfzw81SEFO1AU5JLmtzaYhcQQRVxpmJqYBYiGfd1139uxZREwmEogYj8cQ8dzsDCLGYlEAGMtlB/26hBDP8yZLpcCyPzU5iYjPX7q4fTHE8WIBETPpVDC+7yRgMBiMx8y7C4ZhIyc8RPzfdxApmB6kOWIieghhjsj71jG5wpO/v9G7nJcBwLbtAxlqhvE8j1I6svCnpqqWZT+w6OzLyIYw6Ps4mQ4hbjevIADYzwjYcdIOZgYMZwkMNguDAb/u4NzBAbvGMxgMxuPni1Ur/rB6VFUX/+6NiIQY0rh/+6I7mRFiMvfxivWvS/Y+OkDh4K+X7b8CAIBWpxMN73YJ9PnRP/44Ho2USqVT01OCIPi+b9m2pqq2bQdFvRDxxldfFfKFeDw2PD0aCVdqtbSUfJTfd6QCANglo3cdI4QAYckBDAbjGQM9hH3DcRBA50hUoi/8c/VvLqu/NCGfLco/vdn927vWrPQws5G3E+jo+XtV5apUq6emyi9deREAfv7+B/c3Nno9IxIJT5XLH3/y6csvXfmPn/6XKIqzZ8+MF0dfjlLqe48qnA9efJEQp1frbN4ZdYT0f+49+zCmtf6svaYH/QkOcWYGg8HoI6vUe5gRou1hRKXRKHe1KN9ruO/OG5fHpNcj1N13no8QU7flrSiKlmWPHBYJhz/+9BcAMHf3brvTabY6siy/evXq/MJiabxYLBbCodAPf/P74o7XdhjLth+9Ns+BFQABYtTuqvFCZ/MOodtKjBDiOE6n2/U8zzTNQBw7rhu0p9l+6Tiu6xmG6TgO+TowIMEHNwDA8zzXdXuGAQCO4/QMY+RIwzAMwxw+YZCANrifwWAw9uKNsjK37+qZAIQp+fOfNf/liv7OXePf75rXFq0/fqfx3Yzo7KsA6h6+eWq7hFokHK7VGyOHCYLwWz/8wX//zzuRcCQcDr129eUrL74gK/LVl1+KRqPz8wuvv/bK/Pz8VLmsqtrIM1Rr9Vg08ii/LOxjAhoJIbS1dgN9pVffdLptu1sT1CgBaDSbC4tL2UzaMIxGo5nPjzm2Y5hWs9UoFYuIaNm2YZie51VrNcdxT02XA2OW4zg8zy8trZw6NdVutZLJZLVaEwT+5u25S985z/P87TtztuOmkokv1tYJQCE/pihKtVKNxaK9nuF5XiwWXVpeMU1TlKRUMtHr9RRFkWW50277vu9YVqVWL5XGXccxLTsWCTMPA4PB2IsLGel3s/yHW26I23O9KFK40/L+8L12iBCJwsJ9hyfw43lL2Xs57SE0CPzg3LbIJgQEgTdNS5al4cHpdOpXfvl7ABDE0AfIkhTdEesTpdJeF7Ism6Pcoy92D6YAAIBQMTRWbK18Gi+/1NlaENUYIbC6tj579kyn27Msi+f5W3fmwrruuK4sS19+dfP01NS9+YVQKKRrWqfb5Tl+dW09pOv1RkPXdUQUROHzL6/7nr+wtJKIxzKZtGGagY2M4zjqetVaLZVMcJTe39jo9Xr1RnN9YwMAypMThEC90bhwblYQhFu378iyvLy6Fo/FGo2GKkmEkmqtls1kGq2WIstACEsyYDAY+/Dm9+K/9pPKfdNP8WQvLSAQyO4Eigb/K3uM9BEMHz+08YNfjw3mA6eSicXllUwqNVIHHA7Lttc3NibGi48+5cAKANHnRTVevuq79s4ezGWzc3fn82PZ5dW1ZDzmuS4Q8H0kQERB+PKrm4QQ1XU9zyuM5aanpm58dTMej1VrNUqAE4Ru1xEFMV/KmaZpWzYlhO54SDzPI5ScmzkLALV6o93p2K5byOdUVV1YXEIfEUHTtOWVVUVReoZZLORlSbpx63Z5Yrxer6uKEg6FfPQ912UmIAaD8VCiEv3f30796NP2P8yZP+v6QzEwB+OsRL6fF3/yYrgQ3i1sS8XCVqVabzR0TeOFA4viQVzX7XR7HKUHkv5wCAUA4DZXbwIAoCfHsggIiIl4VBQF0zAuXTiHCJlM2nVcTVNbrXY2k3Zd13U9SZYoIYjoOE6xUBBF4fT0tG1b0Wi03mioqtputbOZdLPV8nz/4vlZx3FEUSxPTuCOP4CjtDRe1DWtWqvJklSenPA8DxGnJidq9TpH6enpsiAIQODs6VOG0YtEotlM2kd0bDuTTpmWzWJMGQzGQ5Eo+f3L4d/5jt7ueUdUAKJEE8qehYBSyURQxcFx3KNcheNoJp06REbxwRQAoh/OzT54CbiTGYC6pumaFuyTiAgAQZoYAEiStDN9O+Q/SFJQVUVVFUSMRaMAICUTiBiPxQYHy7Lc3w4SzYIcNAAMThscGpwVjUQopYixfoNZSRQJIaTdOei7w2AwTiy6QPXIt96kOqji8G1fZS8OYwLaYz8Ovhixc+8pIzPI9jm0szF6Vj/yZ59TnRyChyfWbJ3BOLHsE6B/8DBQQvtbRyqUx/j26X/kJ1P5MRiMQYZ1wEEVAHa25hARfc/u1pxuHQaC7vtQSvtLzmB78MJMaTx+mAOcwTix7PP1P2geAMdLSnP5Eylc7G19nDz9G0Hdt3a7DUC6vZ6qKo7jrK3d1zQ1nx+TRHF5dbXT7oRCoWIhDwCmaSJiYNmHnXZgg5cY7CpzxHWr7/ue54mieKLWv7tsX4FK5nn+0ZMDGQzGM0Ow/h7OhA1eHtgJbLWr6Hu+Y6LnOUaLV8IAYFoWpfTm7dupZPLCudkPP/nspReel0Sx2+22Wu3zszOO4ywtrzSazZCu1+qNdCrZarU4jsvnx1ZX1zRNJYRuVSrRSCSbSS+trJqGWciPxWLRQ8tuQsjy8rJpmsViUdNGp8w9wwx+3oQQQRCuX7+ezWaf7F0xGIzHzK1bt2RZJl831fSPHtAJTIiWHHetnhIbR68iqDH03Z3eviDLsmEYiCgIvCAIwQyO4wzD+OzzL0ulYqPZjMeiU5MT//fRJ9PlCUVRPvrkM1ESGs1WeaLUancmJ0rvX/to5szpbrdrmGb8aGlbnufByW4w2bfIaZr29ttvv/XWW5ZlOY7jum4QQdvnSd8pg8E4PLvkO8dxwUO/KIocx4VCob1qRx84Csi1uq7V8V3b6VUQve2zCAIBks/lYrHoyupaWNc2Njfz+TFN0wSBX1peSSTizWYrFo2qirqytnZu5ky3200m4mvr69NT5U6nU63VYpGwqiiKLMdj0U6nc0TBjYilUslxHEVRhg1NJ4FBfwzHcaqq2rZNKRUEwfM8z/OGS3MzGIynl37IH8dxgQ4QBCHQAX1f7G5D0Jtvvnmga/iujehTXvRsk5eUwKfb1z+ISAAIpYgYyBdK6bb8RYSvN45/MGXnnnzf39jcymUzwc6jL97JQF+aVrsTi0ZOgrzrr+sDL4jnecGqv7/2D6Q/W/szGM8Y/WXfoA4IfgZ7drkEDvwEQHkx6BDDS1o/Ev9rbWEAwPP647+2zNyjb8zgnmwm/Q2uTE+sgOur5EAB8/z2B00pDaR/oADgBL9FDMYzxuC3flAH8Dw/+ARwBB/A9nWAAP2WGsIweXR0Bp97BnVAf2mwa/nP3nMG42lnMOhjlw4Ytv/0Nw6uAAixOxXHaKqJiQdJYYzjx64c4EFlMOj7ZdKfwXg2IENZWfTrDPsA/h+xqsnqG8z6DAAAAABJRU5ErkJggg==\"><br><img alt=\"\"></b></li></ol></li><li>Security Policies allow Clientless VPN access to more than one internal or external Application.<ol><li>From the previous step, use the “Security Zones” configured to verify existing Security Policies for Clientless VPN. In our example, it is named “Clientless-VPN”.</li><li>Go to [Policies &gt; Security ]. In the search bar, type the found “Security Zones” name (Clientless-VPN in our example), to verify existing Security Policies for Clientless VPN that allow access to more than one trusted site.<br><img alt=\"\" src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAACkCAIAAABuCAF8AAAAA3NCSVQICAjb4U/gAAAAknpUWHRSYXcgcHJvZmlsZSB0eXBlIEFQUDEAAAiZVY5LCsMwDET3PkWOMPpYto5TghMCpQm5/6Jy7S4ygxgxiIfS3j7tPtblus/teLe0/OSa1NX5BaBiiAEhUE+UWdlI81qgsdDsGx7KcWFiVGL+LMAHR8eNQDiMas69Jx69rk+WUhaV/t1ki0lhy+EW/Gpb0fQFroos+GSEz4QAACAASURBVHic7J13eFzF1fDPzG27e7fvqvdiyZLcjXvvNiWhkwQSQhIgJCGVfKnkTUIgCQkESKUFUwIvgZdqm45770WWLVu9rFZle7tt5vvj2kK25QaSJcz9PX783N29umfanTNz5swZlFU8BgwMzgFKqdUqMgw+/hkAANDx69NdnPnXfh8CIMtKMplCqPcRBgYGAw871Akw+DTBYMQw+FivPWggBCo2un4Dg0HHUAAG5woFYBjMYGawBSEEGOGz32dgYPBx0QhJSsoJCqBLArXt2HVW8RCkyWBYQwFjhmGY3o8A/VlyzvzxHH5CgDBWBjTpBgYGH6Fqms0qzpk59iMF0JWCGYXaW/+HCEB3CAqX4r46wBdOgEoAwGzmHGZBt81GknI8Iac5LSzz0XhN0bRATE63m3QDbk8sZeFZVSOSSrw2k35PKCFphHqspguRV4MBg2KMGQYPsgVIVwCo7yKCgYHBQEEpjSbl7333zkQ89pECUNvhb48QQWAwA8kUAICvGbLyAQB84cSNl83GDIMQamntWP3uG5lFo0MJaeqYsuLCvPfXbUumJF0HKJpWlJu5sCj/5Xc2eq1CVzR1+ZxLotEYx7Ems+n1VzdkFbh8gdjiGWPsNtvKNducFmFoysDg/KH6GgAedOMMQoAxAkMDGBgMAhTAbbPwLPvLX911TAH4OuBnt6qVJUxKIv/vEZTlYWJbyNNvat++l8sqBug5+tg/91ksZv3mlavevvyyZQDw2kvbHQ77M8+9cPOXv6R7EwXj8vyCvBee/XfsqhtWrN0JwbrXXq69+3/uWbJ4wcwZ0y+/6oaVb24Gzb/i1UPNLW0vlxQ5iscMk3fcV98FQDmv6LWLsqL2BONZ6Y5ANCF1Rd15nkAonpXm6Ikk7Ga+uyUAAO48NwAEWgLAMum5LoxQR2sgM9edkpVQWw9YzV63tbu5CxDrzHaYBf4ckxFLSklZTXOIsqL2tHQDz6dnOzvbgqCo3nwvx57d/k4o9fvDmRkOAOhoD2ZmuzuCUQjFzRkOUeCDsWS609oZilkETlI1uSsCoGG3g2eZVGcIHGKm29bR1A2EevPdHHviEtExExBL6QlzgEASxVRwC2DhqD+BVAJZIk0oyCZQBBBIIqeJdieQTCBTpFEZsQiCMogsmFjoTkGWBXjmhAcihPpdA5AUNdDSAxybkeP290QgmuI8Vq9D9IdiTosQaO0CYNMLvZ1dEYhLnNeqdEcBNNbjVOMyyGpmYdq5NDZKaUdXJCvd0R2J281CT0sXAAM2AaJRABZsZo9TlBQVI8SxTEJSFI2oPRHWY3dZTV1NnYC59Hx3Z08s02vr6AxnZTjPQSaE4smkPwQcn5btCsWTSncMbCYgNCvDKclKIJoUeNZuEbqaA4CQPcMW8QUAc+l5boYxFksMzhtKKaEEIA1lFY+RNejpor43tAwvfvUDcs2P2DtvhEd+QhIJesk3UEsYx1r2aZr26GOPf+uOb/7oxz//8/33IoTu/f39P/zBd5c//Z8bv3SD3WYFSyEkGvWnt/s6du3afflly/7y8N++863bOY7btHnLtKlTjhytKxtRunrN2rlzZtc3NJYUF2UODwXgq+/67f0/Z1mutvbw8qdemjZtzIwZ0/987+++dMvXxk+Y+Pprr06eMuXB++6/9Tvf3LFr9zVXX4UQfuP111VVvebaayVJevSxJzq6Ir/6+fd/e99DSxdMW7hoUVtr2zvvvnfzzV9WFOXDDz7Yte/gueiAaCK1eN5Mj8fz+JP/O3ZMyY033hSNRu75/cO/+tn3RKv15ZdebmhuO7MOIJRyLPulL1x//0OPgqT+4pffv/dXd337h78oKi7eumVLfX3jhAnjHv/bw9/8/o987W0Oh6tq1CiGwUePHOnp6ZkydVpjQ/3fHvjTb/7wJ47nX/rvf1vaO/rqAE0jhXk5HM/1lRhKoe9dGirJljYdsL603fy7L/ZYTNo9L6RfNz328maxI8r87Mqe3/yf5483djut2qMr3YvGx3si3OSKWHsPe6DBdNmU6ItrnNvrBb5PthBC0Wi0o7Mb95ltSIo6ojDv6muvjcdjv/35Pd//yXczs7IPHapZ/q+nv/WDb+7Zs/fqa65WVfXu+x783q1f8aalHao5OLKigmXZQzU1Lrfb4XD++vcPeB3imdsbpVRWtVu+8qUH7v3lbXf+ePfufdddf62iKJ2dXXl5uaqqdnZ2bVi3Ni8/X1UVn89fVl7GMsyo0WMO7N+/YePGW2+7NZlI/uWRf3z9qzc+eN/dv7jngXv/+HBW+ll0QCievHLZgvETL4lFo3/7x2Ofu2xJRWWl3+9nGOZP99w7Z/HC8RPGBwLBD1avu+O2bxBKNm7YsGDhQkmSXnrp5Q5/t6EDDM4LQilG6HvfvfOn3/8FBoCeTvj7D9TMdByL0Wt+hMEJGAMlYDah+2/XYi0AAISQ7Oyca7/wlWlTJ2kaAYCrr/r8mjVr77j96zareMut37rztmt9HR1+v/9LX/nGmjVr58yeBQBLFi3Ys3cfAHAsu2Xr9rzc3MefXD571syVb73DssPKASmYkZH59DPPTp4yZeas8YsWLZo0ZRpA6orPXfnvp5bXNTSPGTcOIFpUXJyfl8/zQu3hmiuvuuqrt3xt29Yt3d1dd377jksXzpgwcdLlS2YVFBQcqa0tKi6eOWM6xszKFSu/+rWvh9oOnUsiYh0d02fMnD13HiRbvvvd769Z/WH1gf2/+tn3ZUVZ/eEH4vEZ2BmghCJAs+bMve5zC2/+6jVTZ8y89Movlo4oe/4/zy+99LK8vNwrr762YvzksrLyouJij9e9detWANi+Y+fipcueeeaZyqpRl199vWi17tm988abbupu7j7h4UAxg1gWM8xH/0IqM7ky/PjbnstnBP/0le62bss7290PfdM3siBlMUGzxEwdFf7t9SFV497c7JIJM6E8Nq408eI658OrPLde0f6vVZ5AjOdPfCbDYH0NoC+BlqO3ffOOD95/PxwK//J3vxhZUfW3fz46ffoMgEDVqNEFBQWJROL+B/96643XuNzut99a1dbWtm3rNk0jK99+v7Jq1KoVK5yi6ayjDQoQaOlasuyya774tfz8woKCAkrpP//1xKuvvSkIpj27d0tSavrMmfMWLJwxc/aCBfMzMzMnT522fPnT02fOGDd2DMfxsizd9IWrK6tG/fju+6KRMJxD75zsjpeVj2xpajp06NCvfvmzktIRq1atenz58/n5BVUTJ3z+yqtSqVR5+cjvfueOhob6bVu3lo4YIUnSo48/1dMTxEbvb/AJwAAgeuDZd5lYnFgs6Pc/0CAEAIAQyAp9eTWGDAAATdOuuPzSF559cumSxX95+JGR46aXl41YtHCBqqoAcNvXb16zYevadevXrFvf1dXz2L+fs1rFb3/vroqKkf949EkAQAgpivyvR5/4xtdufnPFqp7unmG2x4dVFOXwno2HDh6cNGlybl7+kSOH/9/d9/3nuad/+MMfzJg22WIWf/3Hv+bk5qVSSbfHO2Xq9NaWZrvD/tqLy1986VW3x7PsssvWrV2zaPGSeDw+bfpMnufr6+tlWdq8ZlUingDIPGsKFFWrnDAmLT0jGAxecd1XorHoqleff+WFp1xu918efert11/auOvAuZiALBbh8OFDs+fNHzt+fGN9fdXo0bt2bt+1+YNOv9/tcW/etP6uH9+lEUII0VTN7/enUsmyEaUdPt++bWv27tk9bsI4m91+1TXXrVrxpi3LdcKjKWCMMWb69tQcg1WN/dYVwfp2MTstccezrj+tthJCKYWYzCZURtGYsrzUyxudL+4T32g2EYpklb1lsf+KCfHH3yj5xZd8MyoliTCnKIBTdxtoCKN333zx4ft/nV9QpCjyt26/TVFVACCEKIpSWFR84xeuLSgs2rZ185p3Xntvxdru7u5UKumr23Ng/75bb/8myzKEkLMWoDvXu2vHtsVLl3E8L8tSVnbOF75wbfPhHZIkhcOhtWvWFZeUSKkUBVpcOqKr09/YUH9gx9q6I0dKR5RlZmaWlVf8/cH7RFEcPXrsI39/2usQzyoR9HW5aOS/zzzqcrllSfr8lVctXTDrzTdev/mrN7Ms29jQQIjmdLme/McDK/7vuUgkXFBY9IXrr2lr6BxWb5HBpw4MAHYetmzHr3xAGQy3X4UASDgGYIKt+8jTrzBZIgCAIAjLn36W4zirVfzxj35w369/2hMIpJdPHj99wc9++ZupUyaLFvMXrr/uhuuu27K3Zs17bzY2Nf31oT8lU6mnHv8HALAsazKbfvD971QfPHTl578pWkWO486csgtLzG53/OR//lhZNUpKpcKR0OGag8WlIyZcMqnT709Pz0gk4r/+yZ2+9jZBMFFC/P6OjIyM+rqjf3j4sf+5++f19XUsx7W3tdgdDpvdsebD92VZLi4uzsrK+c0fH0kk4gDSWVPQ3R664YYbag4e2L1zx5IlSyPh8B8eeuy+B/9ZXX3goft+e8/9j3xuydx48uzPYTDDseyG9Wu3bNrEcdw777w7c/bcX933kN1uDwaCsiy/9N8XCwuLEMIMy7Asy/H8C8v/nZGZ+cvfPTBt+oz/e+W1SDj83jvvzJ0/PxpM9H0yBWAwZjDCfeAZbOKVnz6dc9uzmZurM7bcU7/mZ60NHXaM0V2fD9y3JCGw6jvbvXff2LL8G/4fT0uwDBU40tHjdFrY2eO6O3qsaU4VTngkxhjjfsYHXl97+x8eeuyvTzy/fu1qQTB1dfl5jv/Gt+8STKZoLJZKpXiW2bJl8+Wfu/J/fv/Q1+64iVLKMGx68VivN02WJYfNSs/BgYljWYZh//CHP44oKwcARZaBUk9eJcuyPM8f2LnO5fIc2L+/q7NTVZRnX1pZVj7yF/c8MKK8fPfune1tbY0Ndd/83k9SqdTyfz/x6D//3N0cOLtIChjjseMm/Pnv/967Z5dgMgW6uz1u97tv/rewsHjf3j0Wi4Xn+dpDhx/85/Lf/fkfXq83mUwSoo69pFyfjhsYfCwo0hdvNQqdDbT5HTU7jZEV6A5B1TewhQENgMPgq29+7IkHN2/Z9tQr72U5RV99958f/MmRo3WP/uNFc4Yz6T/81NPPvvr6itVb9lpNPAD4/JFvf/2qKZMuOVx75N57HgeOufvn31A17fe/ewx4HmT1jjuvLyzI+8ldD2YVu4e6CAAAFFXLz86wO2xH65pEi6knFO0OxEoKMqxWi9Nu37irurwgy9cV8LrskVgiPzvTZBJ27D+ciKZmzxibTKaONra67GJ9U2dBrpfjOFmWCaE2m+iw23iOW7d9f6bbdtYZj0ZImttZfaQVAMZWFO7dUTt34aRYPL5j5+FLJpSLomVfzVGBZ89uxKDgtFtrmzsoQEVhVl2rPz/Tk5eTvWt/jVkQLGahwdddmpMuKwpCKCUpdqu5KxBGGI+rKq9vbA6EY5lprrrWzjFlBa3tnX3ty4qqjRpZKpgE6NOPahQ5zCSaRIAgKqHyDI1nYFcLk22nOS4STaGkDK1hPCKNWE3kiJ91mIisoTwXSakQl5Dbqh1s50wcPSFfCIWC4frmVpb5aMZDATrag3NmjU8mk9s2VY8cXZiVmV7f2JyVmR6ORDu6AlVlxTzPb9h5oLwg0+vxHD7aAACixdQViIweWRKLxxtbO0z82YcdhFKnzdrU0Z3htkuyUpSfYzaZDh+pt4qWeDIpyYrDKvp6Qk6r2STwXcGo1SxUlJUcPlIvq6rLYTvc6BtbXqgoysGjrRNHlbb6OvHZdjUTQkSLOTc7U1aULWt3llQV5eVmyZJ88EhjhsfZHQybTbxoNh0+0j5j2mhKyJGGlrLifI7nGxqbJVkZZpNpg+EOoZTB+Ht3fucn378d9cYC8oXgW4u1v/8cAKGeAHjnYG8hcMdff199M/akZTjMxz92g92U5bWC7jXR0GDLztV7/2M3dEYh1gaQrnfxvpYQYJSV49AIYTD2BeMQTGQVp13IbJ8ZRdUopQyDEQAghBHSNEKBEkI5ltEIYRlGIwQjpGgaUOBYBgApqooQYhmsl6lGCAKEEFAKFKg+OuNY5hxfUb1wAEDVNAZjRdUQQhzL6GnjuLP3/ic9R9MIw2BNIyohHMPoCcMYqRrBCAECdLw1EEIVTWMxZhisEYIx1jTCnmhflhV1bFW5YBI+2r1FAQAIhd4uTqNAKbAYCAAhx77HCDQKFIBBx3QHAUAACIAAMAhQn6cBAMIoGAgebWzpqwAAgAIoiqqXiaoRQgiDMaEUIcRgJKsaAPAcq2maRijPMoAQJQRjLB//q3Mrv2MFqGkEY6SoGgXgWUZfOkMIaRrBDKaU0mNFRxSNsAzGCOn3EEIpUJZhVFVjz02o/hDds0gjRD1+rWpEb5KEUoyxnn2Gwaqqwfk0LQODXiilKVn55c9+snvXzo8UAAXoCMP1UyjPIkmBV/dBmuGjb9AHWVHHj64wmYRzMaR8EhBCwWDwcF3TuXfZBgYG505SkieOGzVhwoSPXHEQQKYDXtqDKAGWMXp/g5OhcGwRGAY5GhxCCBnB4AwMBg2zwO/aU/3B2m2sr76fn1UA3wVPk8HwZ302U2Bn9RnAqUF9zhAK6Fx+6v2IEappYaF5oFNvYGDwERyAE6m7Rw11Ogw+JVAAIIM9/D8OAsBGKAgDg0GF1ZQDQ50GAwMDA4MhgI3ZXxrqNBgYGBgYDAGosdU/1GkwMDAwMBgCWETVoU6DgYGBgcEQYESSMjAwMPiMYigAAwMDg88ohgIwMDAw+IxiKAADAwODzyiGAjAwMDD4jGIoAAMDA4PPKCcf8H2RggA+E/k0MDAwOHdQOBIZ6jQMLghQPJm0mM0cy55BBxwPj29gYGDwWYE1m0xDnYbBBSEkybLZJJz5EMpUSopEo5SeFJ7SwMDA4KKF1Y/VvohBgDRN069D4Ujt0aMAUFJU5HF/dOJ5c2u73WZNT/MOTRINDAwMhgK2pbX9ND+dFKf90wtKSSmvxx0Mhg4frZtyyQQA2LVnn6Zpeo/f2u7Lzc7E+Nh6uKZpDNPPQVT6YolxAp+BgcFFA9vb8Z0AQkDI8fM5KGBGX0PFGGOMCSGEkH4fp/ePCKHT3XDBQAj1rm9jhDHGtUfrp1wyQU/hxPFjN2zemp7mlSRZtFgwxm+/+x7RSF5+Xke7z+1xT5wwXpIknudTqZTZbN68dZvX42EYJjcnm+M4RVURAKUUIcRx3JsrVy1dvOjI0aONTS2hYBAQtoqWSZMm9vQE0tK8GenpQ1oSBgYGBv3DnvoVwjhRfyixdwvjcFM5CYC5rHzb2CkI4MiRI+vWrlm4aHFpaaluV9H7WUIoxohhGL+/o7m52e12FxeXaJqGEFKHyMSUSiZ5QThxwE77ftQPHJdk2WI2x+NxSumly5YAQFtrWyKReOLfyxVVLR8xIiWlWIY5eKh2/tzZgWBwxaq3srOz6hsav/rlG//12JO3feOWWDRaVVGx78CB5ubWsWNGVR+siUSidrtt2/adXo8nPX0YHXxvYGBg0Bfmzu9+76SvEMbxw9XS4YN8XoHc1s7Y7GowYCkfxWC8+sMPVFUdPWbMww892O7zdXV1vf76q/V1dYJJ2Ld37yMPP9Td0xOLxf7+t7/GolGO41atWjlhwsQLPBtACIVDQb+vXZYlm8MJlKqqlub1IITaOzq8Hg8A1DU0iKLodjlVTdUIsYrih2vXV1VWBHoCvg4/QiiRSl1+6bJwJDxu3LhgMMCwXElJ8eHaI+Xl5ePHjikpKqquOTx96pRDtbVVVVUZ6enPv/RK5cgym92OEFq2ZFFdQ+OyJYt+fd/9i+fPs1gsFzL7BgYGBudI/wpACXQAAjUUYp0uLRblMzNNOUVAaWZmViQcfuDPf8IMW1RU+Oqrr9199//U1tZyHBcMBYOBwI033hQKBq026803f3XG9Kk/+OGP0tMzLvBWA4SQLMuJeMxktoiiFQBUVfN6XE6nIxZL7D9Y09rWznFcMBTOyc7ieb6zu8duEysy0/dt2ZSenZ3FQnZBQWlWuu/wodLKKjERcXm9WS670t15yfTp8fpak9kcDQXLvM6IrFRkpjlsVkBohN1SPLJCkFNeqyjYbNZ4RPR454wbJXo8bH8rCgYGBgZDDqo9esqp8BhLvpZkzT7EcQBAVVXIL7aUjMQI7d69u7GxYe7cebt37bLZbV5v2r59e0dVjdp/YH9FRWV3d3dVVVV3d3dLS/OoUaOfePyxH/7oLo7jhmSvmaaqDHvMwJVKSRXlpSx7gr1LluUt23fOnjEtkUyGegLZXhcwLHAcxKIg2kCRgVIQTBANg2gFQkCRwSxCMg68AAhDMg6iDZIJwBhY7thHKQUAIAgQj4FZBE0B/iL3sjUwMPj00p8CAACMEcbHfH8QACGUEABgGEZf4MUYU0oppfqaMMaYEIoQEEIQQhhjVVNbmlsKCgoJ0S5ohvqjXwXQF1lRunoCzLH1cHSi11PvR/TRqviZbjvx46faf8rAwOCihu3fQH8aq/15WfNz8/JUVfl4yRpYCCFwRvdNnuNyMjMuWHoMDAwMhgNIluV+vj3u0Ekuigg6kUiU43me4848IO/rOXpxM4Q5HQzRCCFKwZhtffZACMFn5J0dJPoJBocQ6oqmOrqiLIuLs50mjiHH9YBu+el7p24FAgBCyPCsCYQQwqilre3Mi7EYo7b2jpzsTEKGYy4GFn9nV1ZG+oXX7oNRyAihYChkMZsFgR+WDdBgsNA0LRgKp3k9w7Pn+VTQj1mcUuowc9YcZ11PvLYrahe4XJcFAyCMW1vbvF5vKpWilHI819nZ5Xa59u0/AABjx4yy2+3DpCb6LlQAAKU0zePhuTMFg8MYJxLJ9LS0Id/CdgGQZTk9fQhyOhiFjBBCCNmsoslkGibNz+ACgBAoqoYQykj3fhYGbYNEfxvBEMQlNRRJhiKpmKTIovBBTcctM0owQo1Nzes2b5kycQJCyN/Vte/AwW/f9nW3x83znNPp7A25M7QghDo7O3fv3l1cXFxWVtarA8484KWUUqr/f/E3pqHK6SAVsl65n5G6M9ChFPRaJ8So949Pf3EgKAgc47QKNgsvmnmLibObOX0JVSNk8fy5z7/0KqF02/ZdqqoeravHGAMdRpY4hFAsFgOAUChkhO4xuJjAGKMTgeNzoFO/Nxha9MA5uudkX/RvNEJOqkGGYcjxgGMXrB7784xEoBEqKVpC0dx2k8PMXZvrIpQiANFizszIWLpgbnu773OXLS0tLnrrvQ/KSksGO5XnBSGkqKjIZrO5XC49HMVQp8jAYADAGNfVN27etmPqpIk5OVmyJJtMAsZYVVVV0xCAqqocz2uqxrKs2WwYxIYShmE2bNrS3uFPpaQrLl2MMeY4DgFIkry/uqaoMK++sXnCuDGSJNms1nA4YnfY123Y5HQ4CvPzGIaxWMyqqiWTSbfHNajODf27xlNKFZUUOExpbpHDWNdLmqZNumSiLMuTJ008fo+6ZOF8vZ0NN9N5Wlqa8QIYXExQSt1uJwWqEW3lW+8KgsCy7KiqisbGpv0HD08cP6YnECzMy31/zXqbVbz5xhuGOr2fdRDG82bPtIqW5196JZmS0z2uQCgye8aUxuYWl8shSfLz/30lzeMeP27M3n0HcnOyWtt8CFB9U1M4HPF39XicDlUjFeWlpSXFg9e79rsIDDYzZzfzAEBONJ3rVv6+tv5hYvc/FaP3N7jIQAgSieSUiRO27dptt9msVlFR1da2dlmWnQ57aVFhKplkWCYnO3N0VcVnx6d52EIIaWlt6/B3Vo4s6/B3ja6q4Dh2zbpNdrstzetpbfO5nI6R5SO2btuBMGYY1mQypaV5ugNBp8Pe5vObzaaiwoJAMDioJgwkSdLpfmMwxgwmGtGG2ej+vEAIRaJRVdU47rQ7gQEAY9zY1FJYkDfcpjKDQWubLz8vZ0i8gAa8kBFCXd09Vqtovti9gBBCiWSyo8Ofn5cbjcVSqVRGekZzS4vb5dI0zeNxt7S0iqIoyzKlNCMj/eIuDQBQVa27pycr80JHGzsXEELxeLwnEBBFMSM9vaW1jWVZomksx1rM5kg0ajFbNKIJgiBLciQSTUvzBEMhs8lstYq+Dr/L6aSU8jynaZrFYhm8DJ62T2QZvH5/3Q+eW/3EbcvGFuf06oBer//efOpjjWFYBwYGFxOUUovZXFJcRCl1OZ26r3NRYQE9bqHNzc2hlCJ0zMtrqNP7mYZSKoqi1WqllCqKkp2V0bdCzGbzR9cmk9PpoJRmZ2XptZafl9u3+ga1Kk+rABDGL67fv/uAb/3+uvGleboCYFm2rr4BY1RYUKAfhyLLckNjU052tsViHj5tTo9HRCn9LAznDQAAXyivieFAbzb10VivJ0mf/z8TR9dhTHrf9KFOy2np4+pzltugT832rb5Brcr+FQDGuKU7ylotv7lllspywXjKZuIwxmvXb3C73aqi7ujZ7Xa5JElqbfflZGWp2jA6WBghFIlEqqurCwsLs7Ozh3PjMBgQMMYdnV1DEwkCDZsIFEOYkiESrRFNUVRJlodEuj7TGnI+YTL6VQBIlePUv3ppifXlA7GbJlqUwD7Inogx3n/w8HfvuBUA/vzw38eMquRYtqy0ZNuOXRSoc6RdGw7lAYAQ6ujoiEajjY2NOTk5hgK46CGEZKanmUwXOvI2Qqi7J2A2CUN+5k8qlYrG4ulp3gvf2mVZDobCmUOx5KCqald3T3ZW5oUXTQhp7/Dn5Qzx+BIjVN/YXFyY/7HDuvR/JGS4basne0Jl7MXfzMpmUKMSkmnWBE3TLl284NnnX4zF41csW7xxyzaMEcLI43Ylk8mzzHAuIJTSwsJChFBmZqZhAvqMMCQ7gfVQZEO+CRkhpKdhSOJxDaVoMoSiCVDQhV9g0Segr8h+Alt3fzMASs2uEYHGDZQCnnzNSQAAIABJREFUpgTzTlXqplQjBAoL8gsL8gPB4OHaI7d8+Uuavv1E0xiGGT7+oJRSnuf1IBD6QsVQp8jAwMBgONLvPgBiduZZnPlSvEuwph8LpUM0OO7843I6p0+doijHYv3r3ggXMM1nx/BKMjAwMDgr/QeDU2RFVTXA9kQ8KQjcSWNoSunwGe8bGBgYGHw8+lEAGOMHV66uyuIkSQ6l1NKcEfNGl2haP2P8j734b2xTNDAwMBhy+l0DAKuN92SzkWhCBJOZZRmE9AE/QkjTNJZlddu6JEm9Ee96De76/7239X0wAiCUYoyTyZTJJACAHqxN//NTE9JXwaiaRgnBGPc+9gwb0IztaQYGBgZnpf99AClVqO/KbfNH93dEbp9l2tPUMzrPBQivXrseYxwMhebNnkkBag7VMgyTn5dLKWEYxu1yxeNxh8Px7Av/zc/NjkTjM6ZOwhizLBeLxZwuZyAQyMzI8Ps7V7zz3u1fu/nNVW/bRLG4uIhhsN1mU1Utnoh73G5ZllmWSyQTsiS73a5AMGiz2rZu32Eymz1up9vpYlnGbDb3BAJOp/PUAAC6ZmpsbMzKyrLb7RekGA0MDAw+ffQfDtqZDC88smtbEP+yq3RxODn/8d0dv5qTbhd5jgtHo4TQ9Zu2KIrqcjpsNuueffudDofb7ao5XBuNxj5/+aUsw7T5/DlZmZFobP3GzZTSyZMmrlm/MRSJeFzOooIChmEAgGWZo03NFCGOZWrrGlx224jS0n37q7fs2L1o3uy0NO+OXXtyszNTktzh78zLyeI4trs7sL+6BiOclCSX3T52dJUlO+tUBdDU1NTU1BQIBGbMmHG+C9QYY4bBuocZQggjpKgqz/OKorAso2mEYRhCyEWwCqJPp/SMYIwVRdFnV1Q/5pNSddDy2CsaIUQpAUD6plZ94qhp2scrXoZhGAZrGtEdNOH4fFTP1GBXnN5I9DkxUKoRordzVVU5jqOU6he9Ico1TWMZhgzoipqeR4ZhKCUI4ePXVNM0PQ29vhsDDsMwxzOuMQxLCMEIqZrGsqzuqdk3JR+7ivvlRCMEIEB64RNNA4QwxoNa73p2AOCE6iaktwHoFa0HU+i1jgxskvQS0KXrD9cF9RpX9CZHCDnp/WLuvvvuk5+F0MH2AC6spCPHXVZof25H2+8vK7UJbLrNfKj26NzZs8pHlB6qreV5HgAEXgiGwh6Pq7iocNU770+fMsnr8Ryorpkza/q6jVva2ttVTbt0yaK3333P5XbNmDJZVTWP21XX0DRp4vgjR+qWLloAlKYkqbOrJyszfcrkS57935cXzZtdXXNIU9XO7h5B4CdNGH+0vsHtdiFAsqyke72EUk1VY/HEpInj9Y7jJHiej0ajRUVFVqsVACRZJoQyTH+n3xwHIRQKR9xuV0Nj06uvvcHzfDKZbGhsWPX2uzOmT/v89Tddd/Xnn/j3co/H/dAjfweguTk5/Yr+VBCJxlwu55Gjdd+766eZGWnRSPSl/3t1xvRpz/7nhZqaQ1ar+MabK5uaW0aUlgysE21vIdfVN/zoJ79wOu1btmzjeX7v/gMrVr69b/+BrMyMX/3mXtFizs3JOUfRCKFEIsnzvMDze/buvf/PD+Xl5nzwwerde/d1dnX19AQO1da2t/k0Qh74y8NOh6M34sqAZCeZTLEsy3McwzBLP3f9NVdevmXrtvfe+2DfgercnOwH/vLwwZrDVZUjf3b3b/btPzCqsvInP/9VZkZ6dfXBD9esrRhZ/scHHhItlpxPtp8IIaSqqiwrDrvtnfc+8Ho8773/AaXw+JPLR5SWPPS3f8bj8Zzs7J/+4lf7DhyYNfO8h0RnRiMklZIcdvv2HTvfeuudvfurC/Lz7/39/Wlez6uvr5gwfuw/H3sikUyKFsvyZ/5Tc+hQQX7+T3/5a5tVLCjI/4QVQQhNJJMOu72xqenpZ57z+/09PYE169bv238gPT1t+dPPutzu9nbf8qeflWW5oCB/oLIMAJTSWDxht9sYhvn1b+8tLioKR8KPPf7k/gMHx4yuuuPOH3Z2dmWke//78ivrN24qyM/7/R//LAhCOBR+/sWXqypH/vUfjyYTyaKiwk+YDP2FcrmcHX7/Qw//bf+Bg+VlIx546BGE0K5de7Kysl5/401Zlru6uzdv3rp9x87srKy7f/07lmXycvMwRtDvDEAj5CsLJ2ME1e2hZU/tefSKETe8eLDnl/NUTZt8yQSGwQzDTJ86BYBaRZFSOm7MqLa2dkpIUWF+UWGBqqoL582JRCO33PTFQDDI8xwl9KorLrfZbT6fb9LECf7OzuuuvEJV1alTJgk8X1pS3NzSUjmyHAAURfnBt283m02jqyoVRRk9qtJmtZpMpsuXLopEYx63ixCCMMYIvfLGSqC0sbllREnxSc2IUmqz2aZNm6ZvEjnfLgxjrCrKqrfevfFL169bv0kQ+Gg0OnnC2Kef/U8gFMYY26zWnOxsnuc/1ZMAQkhFedmi+XOmT5v6xFPLu3sC/s5Oi8k0Y+b0rq7uSyaO371n7yDtoiCElI0oXTh/9qwZ08Ph8K9+e9+//vZQdXWN2WzmeN7psOfm5PROTc4dSsjI8vJLJo6vqqzcsnX7D777nbt/87vFC+bVtLT2BELX5ud53O6c7KwBzw4AYIwPVB9ctnjunr37OI67+uord+zY2dnZvXDhgqLCgppDh81mk9kkcBzr9bhzc3JcTmdzcwulMGXSJaFQeMAKmQLLHMPjcZcUFcYTCdFiLsjL4zhOVtTMjIyBEdSvcEqv/PwVB2sOdXZ2pXk96RnpSxYteOa552dOnxqORDv8nSPLSi+/7NJQOOy02/WQdgMlt7CgwOFwXPn5zz3x76e+fcc3n3nueX1M8NrrK664fJnNas3NzRmMvUoIoe7uHrfbvXrN2gXz5y1busRkEurq6mdMm/z1W25+5tn/WCyWzq5um9Vms1mzsjK9Ho/H7YonErNnTm9uaR3AFUpK6GXLFrs93uqDNS6nMyszc8zoUSvfesdmFd0uV7vPp2nqbd+4RdOI2WwuyMvT44xC/0dCAqiaJqvayEx7zXenTMyx+342x27iCKFWq1X3+k/zetK8XrPZbLFYWJYtLCwwm82XLl6o/+pyOQsLCgSBz87K9LjdXq/H6/UIPF9UWCgIfEF+ntPpIITYrFZ9dpaflyeKoiiKlFKrVcQYi6LF6XRkZ2VZrVaGYex2e15ujtlsFkXRYjabTKYvXnf19ddcWVpc1O9wRp9pfpyRDqVA6ZLFC8vLStvbfBUjy2dMn1Zz6HDFyLLp06Z87tJllFJB4Ds6OmRZPu+HDzM0Qkwmoaenx+P2XHf1lQ31DaLNunrN2kgk2tbui8cTgyeaEMJzvKqqDodj/pyZAOCw2794w3XpaWksy7T7fKp63tGlGJZ99j8vcCzX3u5LT/P+9e//nDNrhkbI1VddKYoWhDEA+HwdA54XBIAQ2r1n7w3XXtPu8yGEVqxcFYlEs7Iyt23bvuqtd0ZVVZaPKK0YWR4IBFiWaWtr83d2JpLJlJQKBIPxRHygUkIoraqqfO75/02mUrIsS7IkSZJosbS2tcmyvHTxAgA6eO3WZDKteuudjg5/dnYmIaS9rb2wsKCuvqFi5EgEkJOT3dTS+viTy2OxmGDi6xsaB0rtMRiv37gplUxVVx8cN2bMY48/aTIJVlGcO2fWmNGVGGGWY9vbfYMxXMMY7T9wYMnihS63KxqNbti4aeOmLWVlIxoamx5/8qlFC+ZbzOZLly5ubm62mM1+v7+5uYUSoqpqW3t7IjGQ7xfLsus3bn7//Q/Hjh2DEGpta3M6nd3d3ZMnTyKUul0uiyg++e9nmptbHHZbS2tbbzM403kAeg4RAKXwsWNNDDnnex5A78de87H+EEoIANDjZtZP9fC/9zwAfaDd11DYOyrRDQsDK7fveQAsy+rP1y96P3Icd17F2/c8AN0MSgjRjdF6Tvpmc2ArDiEUCAQFkyBaLPrDe5sNHF/P0McivQnTb4Pj2yd1d7VPWM4IoWQqFYvF07wePTqmLktPhp6k3jQMeJ3KihIKhTPS0/TziuF4xvWi5jhOVVV9nMcwDADVNDJQFvDe8wD0dRd9cUUPqqkXcq/cAX9hCSEd/q7cnEyEMFCKMNZXzvSi1uu9tz0AUIyZ3vGo3kIG5P3qfaEopSzLAlBVPaHwe3Otp+TUlbDT9IkIASGA0PFO7zOEXk9nmD0Mt23PnwS9CQ54p3Duok9NwydZpex9yEl1pD9zUCtOF92v3DMkbMAhhJwkovdVH+xa7tvD9mZcv9B/GpAqPp3ofvv3s77LAyJalwR9SqA3g72i+91HNYD0Xd4/9aJvSk4qjf6jgWpyzF/9X4ZlMsfcDMBSoulqQB9E6OvLZzVg6ep3qPZ8nSRX9+c5QzoQQhToZyam/NDkdDAKWX/YUGUHhkj0ScnoLYQhEA0IADBCF3hYhNCx+JMYows/JEMIAVCELny+T07GJ3yh+jcBUUqoJjVt+IslfTrDWzwlExDiGAbv3LUnHA539QSuufIKnufpsThBVPe6o8ffRkqBENLQ1CRLcklxke4vpHMummNA6Ozs9Hg8DMMghKKxmK+jk2WZM01mEBybJl/0E54hzOlgiEbHzB16T3RBGULRJ0Kh13l3CEQfc7EbAtG6VW2oRA+D7uITv1CnORCG4cK+XRljrkn0tJlsXLKnXkwbCQCRSHTWzOmBYHDFW++0+TqcTqfVYna7XF3d3YLJ5LTbY/F4W3uHKFo8bvfh2lpKwWazrd+4yWKxJBLJUCRy1RWXpnkHN2o5xvjo0aNHjx51uVxTp04lhBCNlJeVsgxz5j8MR6IOu23wEjZ8iERjdpt1SEQPRiEnUymB54fEKzclSRzLMmdrWoMNIUSSZfMFPxEBACilyVTK0ueMwwtJPJ4QxaE5jCEWi1ut4pCI7ssnfKFO+84ghClRYv71CDGAjt1GKAGAuvpGhJny0pJLxo9NSfLc2TPtNuvnLl164GCN1+32ut3z58zCGE0YN2bcmFFNzS0L5s3xdXTm5WYvnj8vEAgO9kSVUqpvAHa73b2a5lzsgBeTcf/M0KHL6WAU8qmG7wvGEIoeJskYYtF0aERTSodK9El8wsI/zSIwpazZFWjYLWYsC7XWpJXPpQCUksqK8k1btqanpU2fOnn7zl0YoSmXTNiwcXNlxUhCSGlJcXn5iOqaw7VHjsycNmXnnr2ZGekFBfmbN2/9/GVLCSFmi5kS22CbgCilaWlpS5YsgT6+EL3o+101TdOjVujNl2VPKAdZIYmUKggMpYARmPiTx3fRpGo1sacqMlkhPIf1C0XRGAbzHMYYUUoJBQZ/9AfHzpFAEEmoHItF4exDSEUlLIsJoZpKZIUAAEXAIKQRauKZlKTZrFwiqWqE2kTuXAtreKCvVnHcmZIdiUSMwB4Gw40PdhxEimLiOQBACLX3ROZOGeWxD/3M4BzpZycwAABQ3uxx5IwSPbmOnDGYswIllILNZi0sKPB6PISQ3Jwct8vldDjy8nKtVishxGG3OR2O3NzskeVlCKH83FyXy4kQKiwsEEXRZrMKgmA6JXTPYKOHBhJMAsMwiUTitttvnz9v3tatW2trawVBeGr5UyaTKTs7GwBSKclsMkUS6lPvtYocbulMBmJKLKGqCtEoxFJaW0dcovDO9q6jHcnsNFNre9xh5+taYjzPNLfH7TZ+V20oJWuRhLKpOriuOnS4Jb6zKVbXHMt2CwdbYtmej2bob2zy72+I5mWJK9f7ogqxsCgSV5IK5RikEhqIyaKJfeTN5lGF1qa2GMthE8/878aO0gzLkdZYIChtPBTu8CesFu7Rla1ZLn7LvkBKIx/s7VlXHRJ5tL02PDL/TBYeSZJMJiEpa3UtMYHHskob22IOK1fXGuNYrFJo7Yi77MJgVIdeyIlEghASiUTi8XhbWxshpK6uLiMjIxQKJZPJQDCIALq6uiKRiCRJPT09CKGVK1dWVlb2a+dRFIVlGIxxS2vbhjf+9vyK7aRzy/LXNidb1joyRoqipaYpsnFvTzCldnUnj/qTBekn2CtqOxJmBtW1x7zOfrK852hI4DAg2HUolJt+sqFDUVUGY4ZhwnGl3Z8wmdmm9rhKgWiUUCCEsmfcfz5Q6I59PMclJK2+JeqwC43tcUkhmkY4DscTqnDKIGag0ENc8DyflLW6pqjDLjT64pJMVI0IPBONK4MqWlEUgedj8cSHrzz8worNqfYtL6/a3HlkDTZ5vd601bu7mltj+1vixZmWNzZ2VBTY6lpjzV3J+sbI+t3dNhvvtHK7agLpXlNC0l5b5wtE5YKMczUoybIsCEJze9fYymIg1GIRrBZTMiUFYsmCLG+jP9Edld02vqUrKZrZ1u6Uo8+wbPWurqKsgVES+gtFKD3UGHHa+GZ/IhpXJJWKJjYQlsymM/m+w2lnAMfWgenxw156DSkU4Jir06l+V26XS9M0l9Op+3v13jB8XOYtFsutt96qatq8efNeffXV7OzsG66/oaurq+89B5pjl07wFOVYOzoTzWH5UF2kJqCIPPKIXHme5XBbUDAxFg7/fVVLoVt4c1/AaWanqGRHfawgxzq10v3IG012M3P9rMw//rchN03ISbOokrqhOliYbQGADbu7KkocHjvfEpAcFjaaVM08jkhk68FgikAsrrpcgoAhLmnXzsoKyqS+JUoZ/Mq6jluW5VkY9NQaX1tA+uHSbCowIoMKs8WyPMuoEsehhuiR9mRhulkU1UkV7sPvtqqEsvgsprZDrXEpqb71oa/AzhXmWP73vdaKYttba3xYIQqDr2NxXuZgDWSOHDni9Xrfe/99t8vl8XiOHj3qcDhWr14tSdK69etzcnLS09LGjx+/YsWKG2+8UVXVRx97bOTIkWc1Hra3+9554ReLFsIHb8CcSbDjHSgcf1V6uveFrd2/vb4YAFZv87cqgKsD+xpj4wvFA80JwcRUtyRumpHWHZVX728uzTT5IsrofOvRllhhjnjJCEd+umX9gaCZQ+PLnGcQnZDJh7WRtKaYzc4H66I9KS3PI8wa7R4ULXp6UgrZ60vV+pKUQcGQzAlMhoOvKrTZBn9IKinkQGfqaEdSAohGFLOF9drYinyb3Tro89FkMvniwz+euQiad4ELA5Kh5vCo8pEV1a3J71yRv7s2tOVw6MltwZljPH//oOPqyZ6ZE9K3v95YmGkhhPp7JELAwjNTRrnW7Q/OOk/RGOP3dx66Yuoo3RSTl53+9qZ9FKhK4IU1HZNLbU3tSYud7eiScjLNqqSNzBP3NsRaOlPzJqQNYAkoGm2JqC17unc2JYpcnMPKWUzYIfJux1ka4BmGJ4ioyYj/KCUynJuTQ69T0Hkk/IJz5MiRYCDwwgsv6FvD29ra6uvr+94wusD6+rbugw2RQ61xSoECjMgwXTE5nWVRUaZFYFEsrsZlzS5yo/It103PcAk4EFMopUdaowCQ5+JFDmOEqkpsty7LxwgWT0irbUsSjQLAzPFpHju/uzZUnmkudPPrqoMaoZTSaEJLStrkKmeLL7GjPjq1wgUAAoNUjXb0pBgGAUBSo7fMzfritDRZIbJKVZUAQFImKgWWRTctzJlS4aprT+w5EjKZmbP2/gBACC1IN0mACKWhiMyxuCDdzLI43ckvqHS4XIO4omiz2WpqaiLhsM1mKygoCAaDeXl5a9euraisLCkuXrJ4scViKSsrW7hw4UMPP7xixQpFlhVZPmvTQkDL5v2iW/ht+pjfxqz3tLvuwogCgB7NPJrSAEEwrja0xieUORSZXDUtPaGSygKxJMd6sCluFtkMj2lUgbXRlyjKFWvbErVNUUAQS6i7GuNeO6dpmizL/W6mfW1LZ1dYkSSSn2G2C3hKqT0QUaxnG38NOBuqg/X+VCqpZXlMaVZ2dpVry+FIputCqKHNNaG6jlQypWW5Tek2dnaVa011pO+sdxChVJxwW9qIe1pMvy0ee8/66N1mEw/H+6KusGwVmB8tyvzjS43XT/FgjJ77oO3WpXnhuLK/LkwBMIO6o4rTxjeGz3uDgtMuRsMxs0kQLWbRYhZ4rqIoCwBUjVw7KyMlk/Ic84KJaVMrHQ4BXz8/56W1nbNHO6vyBnjh+mh7fMPBsKKQLBef5eRmj3b/a3XXuJKzm0xPuxOYYfnmLQ97RlzZc3RF/pRvaaoCAAyDEcJnPhGsd8uZvg/gLOKPbdwbxEMlEULhcMTusPMcRykNBoM8z6uaSjQiimIqldI0ze12A0AwFHY5HQCQSGmxhOKy8wCAAOIpFSEk8AzHIkJoLK4KJkbgmO5gyipyiZRqs3DRuOJxCghA1SgAMBhJimbiGUkhPIsBQNUIxx5TtwlJswgMAMRTKosRw+CUpFFKbSInKQQo1WfN8aTKsDieUKwWTuBwStYEjlE1wmCkUUAALINSkmYSGEnWBJ6hAOGoTDTq7s+U0ZdwOOJw2BWVMBhJKmExisQUp51HAJJKOAYHwpLXKeBz0CLnS28hd3V3ixYLy7IMwyiKou9a5Hk+lUrFYjGbzSYIQk9Pj81mSyQSHMexLCsI/ecrnkgIPM+y7OrVa+bNm9v7PSFkz569EyaMb+tO7j0Uys0WHSbcldAyHXxtY6Qwx5ru5I/4EgwCASNRZI+2xNPdgqJRRSUsRgqhk8pdANDWmVAJEtlYNBpLJpMIoYqKCl1EIpnkWJbjuERKkxXNLDAsiyml2w+HirPEjAvS8wKAqqqSLIsWiySThKRaBAYzCCjUtccRRuW5g+jxpWlaMpWyiqKkkHhSFU2M3mya/AlJpVUFg+hWRwiJJxI2q7WtrY3juPT09N6f1qxZO3funD1HQuGQZLbxE0c4Gv3JwkyLpJB6f/LI0VCagy8vcaQ5hUMN4XZ/MjfPWlsfLcwVRxWd0zoTpTQai9ltNgB4Y8OeDLuoSDLLYAp0x6GWO7+0pDMsEQKhiCzwOBRTYjGluiOVbmZmT/DuPRxCGM2fODAzAP2F0ggNRWWbhSOUMhilZLLhYGDZJeln/fP+FQChNBBORGrfKJt58+GNL6RVXeEQBYzRrj372tra83Jzxo4Z3bv7oG/IBIZh9h2ozsvNMQlCU3PzyPJyPRLsMWEI9dkeDQihUChkNptrj9aNqqzo/VXf0DwgpQMnKoAz39nbN1306ApgSEQPRiH3KoDu7m6v19v7vaZp0WjU6TyT6eYT0qsABk/EudCrAC686F4FcOFF9yqAZDIJAOY+rqgntYQBp68CaO0MtLV1mk38qm01Sy8ZyZqEUSW5p/5JR1AajKnYJ3yh+pmiMhhvq2l4b+fRr04f2bHvbTly4JX1mV+cP8XEc5MmTqg5fMRisSSTyZrDtQ1NzRihkqLC2qP1FeUjQuFIIpngeT4rM5Nw5Gh94/6Dh3iO83o8LIMlWQkGQyPLRzQ2NQuCIIqWWCze3RNgWcYqijslubmlZcK4ses3bU73pi1aMHc4eNcZfLo46Z1nGGZQe3+DYYL5lF0Ig9r7n0Ruujs33b1p96HKvDSeZyv76/0B4MIY4s6X/tYAEGixxE0Lx8f5/MxRS6sW3l2a2iLLGgBQQhBAKBTSNK2zq5vBzKjKioam5jmzZoTDkQ/WbbSK1mQypT9GkZWMtDSP260Rrc3X0dHZtXD+nJfeWNnU2iYIwpYdu+fNmTWipGjWjGk8zx2oqZk7e+baDVvGjR4VikSM3t/AwOBTxPTxIz83f3LliIKhTsj50c8MAAHEKNS1dU0sL0CgsZxASq7W4+gQSgvy84oKC9dt3JyZkUEpFUUxLyeb4ziPx33Z4gWSlMrPy+VYFmOck5MlWiwY40Qyqbm0dp//wzXrbv7CdfUNDRzHzpo2efWadXl5uQcO1mSkpdlsti1bt8+dNY1oWkF+/yrUwMDAwGAA6WcNACEUTaS27Dls4TlCKaXULJonVZX0Wvn7nhOiX/cGttW/Isfjjvba+jHGdfUNBfl5qDda0InrB73LCXA82NyA5dBYAziFi3UNYGAfey4YawDDYQ3gwovuuwYwtAz8GgCl1GYxLZ05nvZGGKKgfRTXtP+u+VQXvb53appWWJDfd0HYwMDAwGBo6X8fgO7HObCSDLO+gYGBwbDiNNFAMdpZ2yxHkxghjVK721ZVlKWHr+nXu1/foH+S2uhrJjrpft0opB+a028Cei1C57KZwMDAwMDgY3CancAUavw9e/Ha7cp774deqvF3Hzv2AePWtjb9jDeGYfT/OY5t9/mO1NVLksSyrP4lw2BJkhLJpN/fqW/20b/X1wAkSdq4aUtrWzvHcboyYBiGwVg/cZ7jWH9nVywW4ziuoamJPf9wuwghPSWfvIAMDAwMLlZOu27GMky55SrCa0lWUbSI/iXD4H/9+9kvf+Fa0WKuq28sG1FS19AkcJxGiSIrWRnpq9euLy0pbmhoLCkpfvnVN8aNGZWfl7tl23bRYjGbzY1NzePHjvF43E8998LXvnLj6rXr6xoaZk6b2tDYFIvHTYJAKYQjEQBQNbWstGT32vXtPh9GuMPvnzh+3Dl26AihQCCwa9eu0tLSoqIiY9XBwMDAoF9O26VSoFlxX2a8IyvWDkD1w9D3HzhYXlq8eev2xuaWcWPHrFm3MZlMqqoajsQSicTm7TvLy0q9HjdFaN/+AxXlIyorRm7ftdvhsHf4O9dt2jJuzOjde/dhhDBmRIulpKiQaGTNuo279u7btWdfm6/jnQ/XVFaUd3X3OOyOzdt2lBQXpaenrXr3/UAoHIvFzvEgAV0BaJrm9/s/G+c7GhgYGHwcTqMAEEiKZop2mWJd5minphEEgBDauWffl794/YiSovb2jnff/3BEaUl1zeGG5mav24UxLirI37p95+ZtO9ra280mk0a01ra2nKzMvfuqo7FYdlYmz/MMwwBCY6oqXntj5badu+fPnb1z777Z0L90AAAgAElEQVRlixfZbTaP25WTlclznMvlZBkmOzNz+85dkUi0uLDAJoqCcK5RpQghRUVFVVVVY8eO7V0/QOcye+A/ZWH0Pz5DmNPBEM1xMBQ+oMdED7UPKAAAyw5ZMhhmyERjPGSiERoW9Q6f9IXqPxYQQqgnFPN1BzFClNLsDLfLJlJK9aNUOJbdX32wqLCQ57l9Bw5eMmGcpmkIIUoIHB9x6979uoN/7zBc0zSM8bFDLIEihDVNY1lWVVWGYfRAQPo9vRsF9L/V/UfPy5jTG5MOIRSOxcWWVrRm/RnqDCEkJ5K8xfxZMBmpqRRnHoKcDkohI9AkBbMMuvBnwyLQZAVjjM583PTgJ4NqhKgaI3AXvgQoIURRGUGAC9ycEAChqqxwJmFI3llVkrgLfrrJSXzMF0pR2Nkz2HFj4AzRQDHGCCMgxzYAnySgt3tlGKxpw9pLByEUTiTM23fBovkARRQaTnsnXPwHwusMYU4HQ7Q+vhiSHA2h6L4MbTIusuY0/EX35fyTkQfg41e8yV+2FE67CIyQFo+SWIRJy+z3MADy0b6wYd37fwTGACLz0F3c0oVUVU/9HSEUi0St9kE/sXI4kIjFRZt1SGYAA17ICFAqmWR5jmHYC/xKIkBSKsWwDMNyQ9obIE1TVVkxm830gk8BiKbJsjwkoikhUiplFi0XviVTCqlEwmIVh3wGcH4vFMNqGzcr37gNjpvE+1UACFRZ2vwaUziGtO4Xp1xGiaZqtDdOw0nCTv2m709wmn0AF/pgSAAKcVyQx5SXne4eGo0xtiHYVn7hobE4Yx2aY0sHo5CRJLHCOZyqPAggWWZY7lyO3xncZABoksT8//bePDiu48wT/L7Md9aNqsJNXAQI8BRPnaZuyZLGR7c9dren7e7e9cTEzsZMd0dvREdv7K5jt72x0zvr8fTObHdveNaO6B7b8iGPLVmyZVkWrYMiKd4kCIIAAeK+gULdr96RmfvHA4oFECBBEVWlEeonRbHq4VX9vsyXmV8e37FOvoSiggPYuRzVSpL4ZSUEQM4w6C2hQEsDI5ul5Yi9sQp326HE1DSAld+WX0sBIPBsCqtq1e17bvzq0l/96PyhsP7HD7QEPQoA5HI5RVHcLSDXSyuTyWia5prqFwT2EZwL0zQ5F16vZyk5uxBcCABIplKhYDC/R18Mx+OVBULDMHSAXDqbNnKw1goAAECIWCpdPDE+QihjSYtBLUTOuutcTptEDQaukSCsDChnJQjTXqdPFZ865nyMWnKxxZAkKZ2mAEbWSBk5cJy1FIAQNFzHAlHr9G/Haw89Q4JmxhycTx1piVBJ/ov/5et/+i//eTDg13XPwsLs28ffr6utkSX5wH17bceJx+PhcHhiYrK+vu4Xv3qztaVpx/btE5MToVAoFltsqK9/4zfHtre2+Hy+VDKFBP1+/8joWMf2tiInixdAJQBASomsrLmphYiZVMrr3xJbQEYm4/GVZwto8ysZ0TQMSS7DFhAgWrkcpZTKcqmPQFfKwZjjOLaq66UXg3Num6bmKcs+jDANQ/eWYR9GCJEzDE85qAtx1x1KknBpJJSIJAPgWsaRlOaO/ZAvmqgEsxNTT22PEIns31YFgDeGhp989OHLV3quXO3NZLNXr/WpqhYMBAKBwPmLl/7+2/9w6sy5t989LgAuXLysqmpVMHTq7DnHYZqqcSFef/OtUNDf3NzUf/360OhYd0/vK6/9yuf1Hnvnvbv19f3QyCehdN3KCCG3+pchAiGICO7/q/8KsN6KP3+z+wvkpgHU6t/ZuH9C/sY1hfl4oNBUbD3cxg1w+Zsl74r5XlfmSYOADabtLqoEZWAV4MapLwf+K++LS9W2VqcSQois/sijeOThbPve6bjxXFetRAgS8tbb7+7ftyeVTqcz2YuXut2gDolEsq62hhDS3Niwb/eugN9fV1sjSdQ0TdMyVUWdnZsbGhl9/+QHpmUKgKxhSJI0NzdvGDlZlqqjUatU60ciSXNzc8xxEol437VeQsjw0NDU1GTh4EIJzi1avYPJhaQ9l7BiCUuiSAgSgpQiQXQETMZMLgSliAjuRUqREIwlLAAQAAuL1uBIanzOSBuMC2E7PG2wwiFuMWFJFClFAcAEEIKUIEGgBCnB/C9TgiYTrjbKmTyRdhCBusKQZakIEsT8xY3XRl54V/6lj8u/tnm1viY1ujqYECJJUiadTiaTZBn5wCH5N5IkjY+N3XGaQwiRZFVR1fyr+2TdckkUmRC3Khq3sFys3aXpsiKn9HZ14t5QWIdlUdg3xVhuISUTo6zUuOK5K6o7oZQoAgClN6VYr2Hnry99xe2GG+gFa5T6bqZ3m4hVYgAA2YAc9Gtf+9rqa4hsLs5Hx8Z6+yYV30TaPrq92t2m39XVFYmEd3V1tjQ3VVdHOra37ehob2ps8Pt8jQ31e3fv0nW9va3No+vbGht2dnZUV0c7O7ZHwuGa6ujOzh379+1taWry6NqOjo621uYd7dv37t6pqkr79tbi1RgimrYN45PK919NPvrQ//bLVx85cv/wjRtZw4gvLnLOX3355UeOHuWc25alaurMovn2xdjONt/4tJEymWnxqbmc5fD5pNU7mDK4ePnd2VjGDgeUK32JQEC50Lsoq7S7P1kVVMbnczMLZiJlD80aQ3PW1IJ5ajB9rjfR2aDfmDYaIxpZWn/AGx/MAcG+oZRhsTfPLjRE1e6BhKpJ3YPJhbRzfThVX62f6VkEin//i4muRj3olY9dWHj/auKhXaEzV+M5i43PGMmsk0jbE3M5DqJvOM2FuDGRqYvc+TjOsW1FVeIZ53RPXJFJxnQuXktUBeSzV+OEYM7mPYPJ+mp90x8KItqWpWraYizGGJuanIzFYleudPv9gRuDg5FoZHJiMhZbmBgfZ4wNDQ1NT0/ncrmxsdFcLnf61KmunTvXcOhDZI5DKJVl+Vpf/4l//Px/91evNqVf+tJf/qBh4VtK3RPRSNV7lxcuXEtMJu25aaNvJtfV6HWYoBQZF7JETvYn/DIZnMjURjT36XAhCEHOhSzTUz2LhCDj8MGVxe2N3lU6yHVbkSidWTSvDiQ9unSxL5GzuWUxhwmHCVUpRUAqIYTgXJbleNo5e2WxKqRe6EskM07OZIpC40nLqxfLUU4IwRmTZTmZdT64vBipUs/3JRJpJ2cyXZMW4pbPUzQfPSEYY4qiLMaTx/7TP/3nX/tJQ+qlP/2rH2qj38pIHa2tbf/pjfGHd4Z+/cFsS70OAJJELlxP1Ec0LpbW0wRRCBAI3QPJ+qgmUfL9t6YO7wic708cOx8DFHVhbb1ZB3McWVHSOXbqUixSpZ7vTyymbMN0/F55Zj7n95bCM9HtUIqqOly8f3EhHFIuXk/NLuQyOSccVMdmsiGfstp+/8YQvvg98aU/EDs6gPO1pORcfeAJBGhHJNNxjyq5pqZCCFVVXJ8vWZZlWXZdwwDATf+CiMFAIJ83Jv8nv98PAGqBiYIQwk3j6d4sl8SNU0A8tK3xnx05wDk/fP+DL/3oB//0C7+3EJvftXt3Ydr6kbnckU5/S50HbD6esK/0pxaYCGiUAhzuCgyOpne3e7kj/uPrU0/t8r96ap5QDAesGzHrPoCDHcFv/nTUp+E/e7zuGy+N7m/zdNZrfpn8l+Nzj+wNcgHvX5jf2R6IBhVZwgsDqR2N+kzCfnBn4G9fnzzS6rl4euHRHb7XuxNfejDyd69OVAWklMFCYaUxqtkOP9Gf9sg4MJ5Bgn6vNDGfe6DV/xffG36oWY/O5wJB9dJAqrZ6o3YgiDgyY9RH1B+cmt8ekA7tDr305tRTD0RePrdILSca1RrmjG01Hl6EzQ1EHB8bi1ZXv//ee9W1Nc1NzadOnmxra/vla68FAoFTJ07s3rMHEB997PFfvf6Lx594StO0H7744t69e+84s0onk2+89v43vgLfexX+4avwre9A2yezAPDOQObrv98iBLx5YmY0w189MXN62HikTZ9Ps0WLx5NO+EEyFbN+8uLw3np1NO48fV/w1JXE/XuCTVVKW73n/Z44AjxzJCr4OoZtCA6HnjlzKma1NHsHRtIzWVbllZ47Einp5giCw8WMJX57dj4cVq+NpIlMhEg9eSBcdGYEh4kYE8fOzAeCyuRoRtXImf7UUweLTg0AzLH+w1/86uv/N5y+AH/5AowOwcT0AiGYMDghIDi82xMfn8kFPVL/aHYuy4bGs3MM/uTJmmPd8d6x7Gceir59IV4VVEIeKWtxLuBQV2ghZfM7PTtEYEwkBLx9boEoZHLODAakD64lnz4UKUGpC+EwYVFyojs+umg1h2TD5ucHpw91+O/oJrD29IRwToSgIHbUBetDHtf8Ewrafd5up9CAZ5Uxz6p7CnHrzaWBbeSOvfP28PDQN/7Pf5PNZIaGbvw3X/6y637s3sC52N/qe+nEws/fmb4ymuVCeHSiIHQ16kjBr1NNJj0D6YW0s79ZFzl2sMMnOWw8ZqUzzviswYXoqlNr/TLnYneb9/efarBtsavZF/ZR2+EE4eihaCQgCwGmLSSKukoFwKnexJ5GXUVsiSp+r4QUdZk0RBVussZaDS0+NZ+7eD35qYOhLz9Z88bZWPdQenAy2ztq9AyndtUo1UG5pd7zyulYS73+s9OLd2y1eTABXpUgRULwt2cXGqpVj0oUCRuiakhGn08pkmW3AAhHIr9589cL8/Oqonh9PsPIhqpCoyMju/fsrW9oqK2rV1U1HA63tm3//nf/8Revvso5My3zjg2Gc/bCn3x3LvLi03/04mTgxf1/8G3BGSKizZNZZ3AqCwCmzVMZ54+eqgn65GcOVukKba5TG2v0kRnz/g7fA3tCv3e0un8o/fxD0XP9SUnCgFcyLT4dsz0yy+VyqVTq1rBUlOBrpxdm47bDhFenMsGHugLIhVeTStnECeLJ3sTgVI4xoanEI5OHd4dmYlY0qBS7qxHE033J/ok8NT64KzS5YFaHik4NAJzzz33zm9D2g5anXyTbX8QD3/N6VCFEvYfMJayBeRMQXnggmjbZge3ebWHlmUPhoIKmLWoD8lP3hcbnc0d2+EJeCREcBpTiuf74vh3BqRnj9lMOgnhhMHVlJMuZ0FTqkfFIV3Bo1qoLq6Uc2wjBG1PZ41eTggtNJV6ZHNgROD+U7Wj08jsNB2unhJxdSAzMxC7cmGpvrN7ZGKlVKSUo+wPlPuz6MEDEZDYLJ8/oLzzLfvAS+dIXuOXksxG4wS3cZY17ng4gJEoYF2Q5c6UAEAIIAudLp+YIgAAOB4IgAJY9poFz4e4hMi4oQYcJSpALQQkKAazgYbi3Lf2+AERgHCgBLoAScBi4cQ1cXsaFu3ckACjBpYeKy1IJAAGEIBeCIDjszs/ItQJyhacEXVWMAJwDpSAEMA5r+W9swrNwKzl/BsCFEJy79sSUUndHhTNGKHW1siTLnDH3eTlr2u8iWoZBZVlRlLePHXvmuU8yhwMAIJi53JXu7sOHDyez1pnuWHuzT5dJyuIRv3ypL7GjxRf0SbNxiwJYFq8OqwNjGZ9XMm2uKiSXY15d6mjyCg6JtOUIRDuZyWRt2xYg2ts7XF9IyzQppVSSljaaETgHieLp3nh7oyfgkUrTYxhjzLYVXacIgICIggtKsXc45fFIjWGtGCs5F3krILKSun80LSmkOaoXj1pwbpqmx+sdHx+TJLlx2zZ3VilL5De/fvOJp560HfbumbmOVr+mUa9KY0nLNlnaEa21ummy3uH09ibvyERmf2fw2lCqq80f8EhXBpILMbOpxTc0lHpgf8SjkjXFzxsgLZUaANxV9XQ25/COhjuPvJuCgg4F7tmDO+NPpJ1r45kHuoJslRiSRN98i3zqOf7ya+yfPA+Os7YC+NEv33/m0YP64kzfr16bTtjRjtYDzzwj+QPUPVwoyNnrxvBxp/OyLIMQbGXex3zG4GX/AMjPuG/NBryJKIwFdFMBvPgS++LnwV7DXLpiBloCFMkM1FUAkiRlMhlvgWWeEMI0TV3XAQQhKDgIcDVu/uOK7NYEUSz71ruvbjcuCHC19C7vCZ9XAKuEchV/ySo4rwBWTdEIQRBQvCEYlhWA6vGspnajeBWT2lUAusdj2zYA5JNCI6LbEkAIQlGI5WTjS/8BFwIBkYDggAQ4FwSXnhclCMtzsttksF3PApUgAkJpRn9Yv0O5xxurR39YQwGsnRO4tSFaWxVIZBb3fOmPdnv9N8ZmtKqw4Pz4+ydN05yYnv7C735WAGiq+sabbzmO8+gnHgmFgn/1199oa2566onHggE/lSTHcXK53NT0zK6uTsMwvB5PKp1mjA+NjDDGd3bu4IJ7PR7TNDnn+qbGJmOMjY6O1tTU6Gt4CX78x/etCSGEd2WHRMR8u2IsrxVg5ceb97N1WmDhHucGhVmj75UDJRuJ1qAulfYTBUP/0pWClsAKFsQCCtOcC3AnsQyg4NHf44PjouQRMdaCEOs25lVY7/RVAEJ6Yjw5NCJHa5MTMwn5kWBLq+M4jz12NB5P/PyXvwoFg7PzCwf27em/PqAoMgBoqhYKBd99/6TP60kmU1VVIdO0vF7PxctXUql0W2tTwO/Xdb2377qiKPFEXJEVAeJi99VoVeh3Pv2CZ5N8SQghAwMDrg3Jww8/XMkouXVwa/vZCuu5Cm5F5blvEGscAiPiyGIGAYPb27c//zzsPVD9zDOBlhbBOePcMIyLly5HI5HG+joEqKupaW5qGrwxBACqqjz/zFM72tsOH9yPiG0tzZJEa6ujEqWf/dTzzOE72tvramsb6+vq62qHR8Z379qZyWSaGxvu27vbXi88w91DCBGNRmVZrq+vX6sdrH2sIwpeP/YQZSppkSq5bE9t+WDmo4AyilEuauFu1pSL/SMw1/8QHWrVzWucARBCro1MXR2bfTiEb337e5HOzsP727xd+7zRmsV4fHh4pLq6urlpW8/V3nC4yrLsxcXF/fftE0JMTk01NjQsxuOaqqZS6dn5+V1dndf6+uvr6kbGxrp2dFzrv97W2jI9PVNVFQoEAr3X+ro6d6TTaV3TNE2TNs8YtDDpvBsOmr7/gfKp58T3f8S/8Luwlt8ZIjCHUYl+7KcOCMA5I7QMJS1GJSMA5xwJIpTaKRQBuOAIiOXzR4Wl4wohuCCElL4GykoNrgVBmagZIbS8o8VddyhJIm8ew8+8IH72c/7Cc2sfAgOAREksmT3VO9TZUr+jsTobXwQgsteLy4erbvKWJSEAGOcA4PrOYMGRmeAcl8LGYf6kxY0KJ5bvd28u3pLNVQCecxfF00/Ir7ymfPZT692Zsiy/ohRJjI8U0rbtK1M+o2JUco4LhawZ1aToMAVICGUJRFoIDmBxoZUjKKkAyHGubyxf96Yjy5inVFFkViHjON5y5aErwN12KPvd4+bjj6qv/1p+/llYcwXgQqYyUgQOjDMmOEDZA558SCwlhDl3EZ7+7wFkAZfXvfMjs5wvNj5maTQ+ZsX5cNialbA1qQtxt2Ig7AJA+Zd/o7zwSVjvEBgRf3zxp9fm+7pqd3ZFO/bX73VYmcK9bhYsS0AvAij1jzhTZwjsQNAYjFJoRJ9ipc/kb0QAGUICDAEmuLaABT+DAAQAQWLgrKp3ASAt30xBQ/ADMAFZATnurpMKblYgKiAlwGErLq/4NVWqs51pAgQAGGy+Pcftp4tFbdx5U8vljz4EP4Op24gkwT4HuteTyv1BAhKBPQV2nILBZQFAAAjIApbMf1fVOFm+f01rAbJcFeSWL65ZlkKUbIDAW94UylCaoaqM1LeybxHqDyGGgF4AAGsphvkaKwCJ0O9eeenhxvtzzPzOme/8x75/f+FLl/fV7WacEULcjR1CqRvc391kL3SMdMNCsGXnnbzf72aW9W6AiIlkMhAMKpJkOc6/+vM//+Zf//V7x4/Pzs198tln33n33ZnZ2T//1/8aAOKpdMjvswX8P6+N7YiqQb+s69Sn0PZGr+uiZZmcE+wZSc3GracPRoFxr0oyJldVkstxn0be7Y61N/ko4sme2MCU4dWlmrDaEJB2NvlG5nMH2/x5qf7dj27sbPFRlb5wMJIxuVclqRzXVSIAJAQGIAF88W/7vvMvOnv6YjEHHt9d5dM2bZWdSGeCPi8HyOS4VyMCwMhxn0bSOa5rhAAYFvcUJ4iNW8kMgAA4nIMQlmWl0+lEItHZ0WFzjgBupmjLstymxRjzaNqPf/rTL3z+82vKlMmZqqJIBGOJxKWzxxOmVO2D2TRUaezQg08EvJ7ZpH2ud7Gl0YsCUjn2wI5A4dfnMsyvkqlYrq1mjdQig1PZuqiuydg3mt7dvDrzRta0ZEmSKbEFWBb3qCRrclkmlCxpjtLsjDhcmJbl1VQGYOSYT6MZi0uUUAISgiNAKtrmEBPCyJk+XWMAWYP59dJRc4BM1vB7dA6QWaIWEkVCQEawOchFq30BkMpkA15PnjprCUqQ0KJTr4LboQAgZTC/Tg1bAAClqJANibHGCoBx7gM9k0v//cX/fGPO92z066eGew807BUgrg8MjoyOHth/37vHT/i83p1dna0tzZNT05lMxnWppYR4fb6Tpz549uknr1y91ty0DQGEENXV0XIaZoml/StZkr70uc9Zudynnn/+12++6dP1z3/2s//+b/5m6S7OAeBsf/x3D1Vtb/RNz2ZHE9bgSOb7702HvVKVRwrqVKI4l7QaItr3j41ns0zVqW3xx3YFT1xL/LfPbXtsX/g7vxrz6fSTh6tHZiY0CQDF5eGUhKBpFACu3khsq/cGdKm9Xvv0QzXfeGUkl7HOjhqd2zxewSfTrNYn+XTy1IHqicXcH95fdbZ3IUARBQfON3Mw4RwAuodS10dTiyav9UkMQOKCI06lHQXEYMz+V8/WN0Q3P9eSW8k9ly+Hw+G3jh3zer2Msfq6OsMwUsnE5OTU2XPndE3raG+vq6t7+513/viP/zgWi73zzjttba3AOay518w5cAZE6u+7fumnn/ZVQQxAIBgCquuv7dnV9bevj33997dnLP7Bxbm0RPvG0r2jqd3NvkuDqUiV+uvL8a88Ek3nnJ7BZGNUjWedqF9ZTNkBn3SgPejV6KnueV2l26rXirLHOXAOlEwsGK+cmttZo81nHcEEA2iOagfaA1W+kpy1cOY+04Wk9bOTsx3V6uCc6Vg86JO6Gj3RgNJaV7TcVW4NACym7J+dnGmv1q5NG8Lm4YDctc0b8EgdDUXLPbdMHc/YPzsxu71a7R7PIhM1VUpno8ej0K6moiX4E8KlTmadn52caYuo50YysoD6iLKj0atQ3N3iv+NvbI4gnAOA6YhfnJ1tCCmvXIx3hKTqkLK7xbeYcj6xp+r2X1/TDBQMlls0498eMP/3x/7sTzu/PDvTORVPU0Imp6epJAX8AY/u+SfPf/LV13/tOE40Ej7xwZm+64OXunsudl9RFDmVyfb0XjMt6/s/+knWMEzLvGO099IAASzLYoydOHFC1zRCyNDQUG1NzdKfhQCA9lr9vZ7FZNYZmjGEgGTaPtzq++InanUFH7svLINoqtYowkjc/sxD1b/zYHVnneY4rDqkjEymAUCV0DS5RyEhv/zVT24LqvQPn2p48b1ZdzG2rdbjUSgAGDmWzDoqQjrHv/p0XXNEeWRXiFNsq9UGp3K6Ql49PRfV6anrqbTh5PNxbhqEAACH80f3VM1bImeyPa3+6Xnz6J4qjkABvvpkXcBXnPNwVxPLciKRyGaz0Ujk0aNHJyYmdu/e/aMf/bijvb22uvoPv/IVTdOOHj36e1/84ve++92+a9cMw3BsZ/1KWLouETw9CHHz4K8uHVA9h7/8f4BcEMPZqxBEGFkwT1+JqV55dDL72L5w37Sxp9nT3ui7MJAaTdoZk5uOmF40czabXDTPX42BENOL1m+vJppr1hxDl0xqT/cmKMVkyn5od1W9j3bUaEPTRolG/5uSQM9QCgjGFq3DHf7tEflIu//l0wtFHP0LqHtHUoLgQsw81O5vjyoP7Ai+eHy2iKN/AfW10bQDEFs0D27376hWHuoM/n9vzRRx9C+g7h9LWwxicevgdl9njfLIztDfvD5ZstEfYKlDjc5mY2knlbb3b9P3bvM8fSDyFz8ee2hX6I7fXmMLiBL65uDbTYGGs+MjL1/1vfSVhwDxjdNDL9zfms4YE5NTY+MTnLNnn37y//32Pzz/zBM+n+/Y2+/V1lRzzuOJRHU0mkqnr/VdP3zowN7dO//Xf/Pv/qf/4U/q6+vK5ZCFiIlEMhAMKLLMOe/u7g6Hw+lM2rbs5ubmyclJn8/X3NwMAIvxRFUoCAATc8bMnLG92U8IgICZWE6ixO+VAl7ZstjEjBEIKkGffG0w0VDrmY3lGmo8EzPZ3duDMsW04QgBXo0upKzqoBpLWUGP7DBuOdzvuTkc9A8lDIvv2REyLd43lGhq9PlVGs86M7FcyCe31HpmY7masJZIW6bFqUSCXlm6bTz6u0IikQwGA8mso0oYS9u6Qkcm0jtaA5RALGV7NTowmtrbEVKkzV/HupUshLh48WJNTY3X69U0LZVK+Xw+wzCCweD8wsLszExDQ0M4HL7a21tbU7OwsKDrusfjiUQia84kMtmsqiiSJL399ttPPPFE4Z8uXLhw8ODByzcSN0bTwYheo5ORpNNUpczOGTVRfVtUO3sjKSPW+CUOMDiZ3d7g4QLm42Y4oEwvWi88UAMAPTcSjGOdPxtPJDOZDCIeOHDA/f2sYciSJMvy5LyRSNvVIdWjS7bFbswaVV65+CPvEhzHMS3L6/HMJ8yZmFlbpSoKZQ6LGyyRsg90BItHzRgzcjmf1xtLWlMLuboqVZIJZzxt8plF80jnncegDw3OeSab9ft8iylrYs6oD2tUIoJzwxajs8ZDu+4w+b0XCCFS6XTA74+n7fHZbH1YIxIBxi0OA5OZT+wpRQxUF26Hygw3L3wAABdwSURBVFpsYDTVWK07HFQJFZm8cWH+cw/X3fHra1sBUULPTV7KGomIb9el/jjn/LF9Dc0Rf2//9YmJyQeOHP7gzFlKyYH991WFQgAwNDwS8PsEgJE15hYW7j98aHRsfHxi8uCB+yYnp4KBQDAYKNcWUKECuP2deQVQRuQsrhU/gryrAIrNsiaKUcl5BTA8PNLa2pK/7jjO3NxcfX395tIVIq8AVl03LaYqpTNPzCuAVdctmytF3o3OK4BV122HS1Jx7VLzCmANarqRbCgfHnkFsOq643BCsbjcK7Fmh+JccAEbmTKuawZKkSKi4djdA7MC4VBHLSK4h8Ccc0qIAODL0ZLc815YzvTkngAjIucM8eZRcFnwX5cCKA0+rgpgc392I1hPAZQY6ymAEmA9BVACrKcASoD1FEDpcY8dat0+wwQDAQrB+3fWwXKMpPw2jsNWWMTlr+cH+oIrlVA8FVRQQQUfRdxh0iQ+MnEN7xUbcRTFsnt0lgiijCUtBjXSsj27MlJ/RMQoJzUpHzVC+R3AAeBeO1T5XZlLAUL5Yj+Xb1dTCEjTSSECH4EQT0UHzaQ595feW6U4lYyYM4Qs8zKEBEA0c4JSLsnldQsVjKFtc1MvvRiCcbRMbnlKT825IDmD294ylFoIks1y5ivvc7/3DrXuGcDHBoiYSOf0if9LkSwQ65+KIABQAPYxH/+XKqBMJS1GJSMsu+uWXHeXkXq1GLjky1yGGigjNQCQ8lF/BIaLe+5QW2MFIAStfpDKINZXAIh8MVdfpU0JUZ6wVqVEwqwJadOlL2kxKhlRZKwqhRoSyd0pvMUmA1Fk7aBELIUYorTUKyEcrllM9yqLt2nhRaJmQjEcv19ZKD01F1LGDgXUudK3ZAEkZUWC6kx5h4t771BbQwEACM4Ed9NZLuWhRMwn/EMhBAiOggFneM9hxvMpgle9X+/KvYMiAQQuBEHkG0hKhOAAZ2VYveYreRPTgAoBgoFwQLASK4BlaiZKT71SjqXi83KIIRgKp3zUrgu0IORm6se7QmFM4rviRuG41Hf/3c3Dcof60GJ8/Ge7hSAEE8kM5zyTzY2Oz7lGq8lUtiCENWQszOQIpYIS4XCgRFAiKAFKBMEVr+4bXP7oglIxlaQIQIkgREwuSgJu3kCJmFikAmATDaQJ4rXFqV+M9nz3/JtXp0ZSwt6g3zWuUxD3zabJtwYvZrK5rGFRSighjHH3DSGEUoKIlBLivhIkBCkliEAJuaN5Nd5SEMQSDUtlpF5XDAJkOVf4x5kawXHYjeGZVDpLKaWEuDM8t/3cbFEEKVnRogghVKI3hqfJPfTGlaVe6uZliXuQF4PejRj0a1/7WrElKy8Q0bQchQ1LEqbTuT//n7/9+Cf2XekdmZtPIMLoxNx/efXEJx7eIzjLMb9HTs8k5dmENLGg5Gzyxnm/JIuZhDybkkamVVnhl657VZX3T2gCMJUjPcOeurDdM+oRAAEvIwSujWnffMf/WEfu0qAXUHz9l6ED2+zRaRUQNIUvpKUfnPNeHtLrq5ygvjkrASJJL/ed+sSNqfvtwGJvjzXYF+roWjtmzjJM5tWlTDJHzg94dUVkbewe8oQDzvlBjyIJm8HVEU9dxNr0OR2CyDG/R87MzCVii6nxyXnLdn7x6zOapszMxRcWkyOjs4oqX7w8qOnqtevjhJBkKtvTO9JQF7lybQQRfV5tdUojAJvrlNgSYTMJeWBc13V2ZdhjCcEcYjPkApXi5O1AAJtrBJlMnLmk1D+me3TWPewxOTgOYRwchopUihkiFxITsirlkga9cN0bCTmXh/WsSUwbVUUk0pJHK5Y1tgDqcEWVjFSOnu/3RUPW5WFPOkdMB3WVx5KSt4jUxOaaruR6+8eyhhmLp+bmE0bOunTlxuxcPJHKptK5/sFxr0c7f3kQAEfGZh2HGYZ1qWeooS4yODRl5KzT5/r27mq5+6UDWkzXpEzWJGf7fJGQ3T2iJ7M0ZxO/h80uKj69FObvbofS5DQT+ME1XyTo9IxrCwk5a2HYzybnFb/nDmJsIQVACeoeNRr2h0P+Xbtbz13ob2qsPnnmms+r793ZjAg5x6fL6bmU1D+pZpiYWpDjFj7cabxyyXOoNXdmRK0LOhNJOmugQvGVHk0YcjRq/vCsb2xB/mBC8nBp3iA3JrVo0DnR580CdxzcGeW1YfvXA2rPoOfgduM3vR6JQL0H7tueJZsxvFIkZyYHg1x0aXXQUBep2+bTQhjyoaLe5lsm8+pypntC8yriB5e15KLS0pD7+clQ5zbzJ9365Rt6nIuIilU+trmjl9tedSUzO5+8fmPKdpyx8TnDsA4f6HjrnUv7dreevtDf1FA9Pjm/mEh7dfWVX34gOK+prvrpz0/MzMUvdN946MFdYmVMkbwCoJTFMuTtYXVmVg0E7YEx/fSoPJ2QuuqtIoS0yFNrBJlEnFiWvDeqTM2oPr89MK6dGZNnk9KOOuu2pmebBlcBKDSXMsnlOWlwTGdU9E2oY4vS0JzcXG17lGLpoSUFQI2USXrm6fVR3QQxMKVOJenAtNJUbXvV4lETm2uaYlzuGWlqjF7pHcmZ9vXBiWgk0Nne+OOX33vkgV0jY3OGYSmKfLV/zO/XL1wePHG696EjO9969/LxUz3jkwtNjdFIOKgqd+vKt6QAMja9ukAGxvSYiaNzStzA7lFtW9QOaKUwn1/qUFLadMjgIhmY1M6Oy9whWZNcHFG9uqgJ3iE5/BbaAnLTp50+1z85vfB333rFth0AePbxA7Pz8UL9zwXYDAMerlDwKrx/Qm2OOmf6vJMx+YMR9cqw1hhk3SOqjKBQEfGxKlX4FfHJTvNwV6aj1hpfpN3TcmvUrtOho9YmAD8565tNSDUB9pvLvpyNJsOsDTOL8qasE7ng++pbtPN9UkuDPTzqJBKkPpI7eQ43kKGJC6jycCACES4P6ZGAU+XhKhWNYacjJEIBu3gtmHPhOE7Q75Ekquvq9RtTzU3VJ870Tk7Fzlzo77s+XhMNXeoZVhVFkmm4yh8IeHRdefzoXlg/ohQS8dI532yS2gzDPqZTeKDVohw9atG7IlLx8gXvVFxyGFb5mC7BJ9pNyyLeTVrkbVQMIo73633TisMwoPOgIh7tMgZm5OqgU2xPfCTi5IB+dUphDAM6D6niaGfu6pRSW1V0ahAQDHjSmZxtM79PDwa8Xo927fp4R1t9d+/wjeHpGyPTP331/Y62+u6eYdthmqaEAl5VlSLhwENHOhOprNejfrjzKCRwfli9OKbmS/3IDuPMqNIYtUr54BFhYEb+bZ9HcAx6eEgVD3YYv7ym7W7M3TEA29YwA00ZXvO3iowAYNsOEgSxlLdAlijjHBFA8LhZH9KmhCBCACK4r6aNqiy4AIehRAVnSKlw3+dHcNtBQFCoAATLRkJAoiJrEk3miMA4cIGKJAwTNUUIAM5BCJQ2aV+CEvqfr7zz/CINNjVzy+axmHpgD6rabQ6yk1Z1UJ3hgiDcLKamCCFACCAEsibRlc1fwyIUVrJARJfdsmxFkTkXjDFKCeNCosR2mCxLIJY20y3bQURJWj2jRhAZu0qhWZmYDkcuUKICAQjCieuenQ25Ki8v0hiEILLOkhXQKupTA3pHnRnxFYt6JYTDVYt5vMoi45jfd0KEvklVkfn2art44xETcs7x+ZTYKuqBaQVQ7KgtIjUXNGuHAup8KmMOjczs293qRp0hhORMy53Um6YtyxLnnBB021X+hIwxDgAnTvc+cXSf+37jEEDSVjigznGONkNFEu7B3ti8nMjhfU3WXf7eh0Rhh3JHKrdDpXPk/Ij65O4sY3c6NttqCiA/ssPKHJdLValOiZWronxWnaUvrpVqp/CjW99i+f41r2w6KKDR2+tMzwECjUbUPTtv7/mctKqDykxhSVeXqDiirlvJ+bpafjr51zuKlFcAEjHdY9f8XZQILrB4Q3BeAcjEcI/cSka9EssKQF4UK8Vww9kWdTa6pADk2GpqBIDiUrsKwK/MAy7FKMv/qaBFuVZ/a7UoAEAghNzt6A95BaDM3Vpqd85XGhR2qMLSIQJBwfidNxm2ihloHm4dbbxn5m9c+uLKi3DLx1X3r3ll08FAqHv3KF22EIIoimBrp5m8DVaXqLS2bTfrSqx+vSuRVt2ykQ6wiShkLzH1emKUOAT7CuoSNqFbw00WtCgB67UoABDwIUb/1ewF77kom11oYemEALYxt4wtpwA+rhCMASHovqmgggoq2AC2igJA4HfK1MwBOEA53KNKDyEAyuLDUoxKdsvCi+BgtzFqURbqm3D3WpYrtrS+0AAgSNmo3RAU5aAWSz2ovA6AcO8daoucAWRkZ1SRpdtsIyAKi2kKzZXco70MsLlalpIWpZJRMK4QZFj63oiCcRmRkzIPBEIA5YJScttoV8WiJkxIMrFKHwoCgDhClolZlj5rc0Wh5aHO49471NZYAQjQZFCU24ZIQHAMW1NKvv9dcggAZpappMWoZISc5UhUSLTkJULI2Uwi5aBeKYbDuMNEGZ4pAuPCclhZmhMXQthOWagFADfLQ70C99yhtoYCcAM23raKEMBmBGCTXZ9KAwREREAUnG8kLqVTppIWo5JRAONISRmSzqEAzpHjZkU1+rAQIAQwjmWISSpACHBYOagBBIDDV9h9lY5alI26EPfeobaQIxgAICKRJUQkEiWUEkKILJF8HPmCABrugmoD3lS3UCw/DTdILqE3fy3/V0I2M1oIAuaYNZqafaXveFZYYkM/Xc7pKgC4ttiupIRurUb48UMZN0G2JvUK3JscW6jvIaJl2X/xl/82mUq/+tqxf/zez2bnFr79nR+/f/J8XgcgwtgCH5vjAoAQOHed4bJWcM17XRObvNE64zdHczeqGlJ485zjGl8jgW+9Ycczgi97HiCFn5y0eyZY2tjYQL2RclH6nSu/uH7prUdn0u/8w9f7ut/beE5qxm9aLhMCjAMiEHLTVaIYQMTxienJ6TkhgBBy4WLvskfYUkJpxhgAuObbBSmm3e+u/7NudE4BiEvmj+5TKwFcas6BlJx6tRwAnAMhS6fSrldaKdYnCABLragwFG7JlkYudZ6u8H3RqVnZqFeLgUtdYONibJUtIAAAEJSSZ556OJezPvM7zx578zhnHJHEYvHCzuow6B3lPz7r1Og4mxAc4afnWH0QZMQ9TWR+gacccByIm6KzlkwnxK468sY1Bgz+9DlZofAf3rRlDvUR9uMz7FAzDsf4eFx87127vZ601ZLhcc4EvNPDH26Hg+303hsKQRyNTXZo4Udnk2JHx7ON7da1btaVQ+V2nsAAgAQuDbGz/YzIGPHgQkbU+3A2LXICdApXZ8SfPSPVh0lRrFsQLcseuDH68qtvhauCk1OznPPXXn9nW0OtZdsH9+8aG59yHGY7Tjye7GhvmZ9f7GhvfvvdM4yzr/2P/3K9/RYk0DfBf37WOdhEhhaERwZCoDaIR7bTkK+4PllIYGCKv3zGOdhEBueFRkGi0BTBPU00GiiZOxggwsQi/+EJ50gLOTfKiYCaAO7eRrwqdjYU51EWUE8n+IvHnSOt5NQQlwHqQriniSgUdzWRorojIMJsUrz4vn2omRwf5CpCYxj3NhEQsK+VFpt6Pi2+f9w+1Ex+2889BJqjuKeJ2A4c3F5c6hViABiO+O67zp5G/O5Z1hnAxjAe7qDj8/zJfdLtxdhCKwAhQFJkRZElSi6du6Jpal1d9Vf/6HP9AyOFyyguwHbE0S7SEMSQHztqyH3b8LNHJL8HHt1NUxyeP0w7qrE+gCDgcw9Li3Hh98IfPi5RAoDQGcH9LWR0Xnzufnr/Drq7iSwkeF0Vpg1h2cJmIATURbCzgWzWuCDLamPvDXrkEXv4hjU3Ix+83zh5fCOxgBwGnz4kT5rCMMSzB+jABP/UQclGyJnwL56UvDoWb8TgXNi2c/ThQ9FIqLY60rSt/uD+Xc89ezQU9D/0wH7G+VNPPNSxvTkUClBKfufTT01Nz0UioT/4vU/fLnQ7Qv8ECwUwnoLnDtFGH0a9OLEgqkowBCP0T/BQABeT8Ox+2uTH+iBenxbVVaUb/V0xRmZ4tApnY/DYLrqzmuxrIj85wzqbijv6L1HPiuowzizAYzvprhpyoIX843G2q6W4o79LPTrHI0GcjcGjXXRPLTncRv/ut86+EgzBCGNzPBzAuRgc7SR768j97fTfvuEc7Cjd6O+KMRUTmgbxFDzSSu5vJU/upX/2E/vhrtvZPbrYGtFATVvBhCQRx2bjkzOEkEzWsG1HkujZC1cefeRw0O8DEDmb6jKXKET9WB0g0QDu3kYnYrzai44DOxsJIWCnha4gIDRHyfY64tOhNkS2h8lcTHQ2E01F5oBC8fF90uAorw5ic4RU+5AzfGwPHZngLfWko5Z01ZGRGV4b3gQdIAACuv8nk+e6LFmiBDgDM6d07ED9dtlKTZvoMlcl9GrQFiZdjXRgVDz3gKTJUB/EA630+ihvrqXyZk8PECFnU11hsiRHIqFwOBiNVO3oaJlfiPt8OuO8c0crQZLJZL1eD2Nse1tTS1OD1+upr6uur6+ejy02batftQJwz8GWcjYAhlTc00yqvBjxEwdhZz2pKtr036UmBCQiJICAjHtaSJUPI34iCOyoJRF/iRQAF8g4KpKgiLKAfS0kGiC1QZQU3BbCxs1oaetBCHQYUWVOEakD+1pJdYDUBFFRsDGITdFiUgPay9TowL4WUhMktSFUVdwWgJaaIlIDgOUQTeYUEWzY20Jqg6QuhJqK2/zQVltc6jyWOpTMJQpWFvY00+YI1lcRnwd9ROxvo6ISDA4RE8mMj4wqMgUAQmlBMCAOSEAIzjkiLGbkKq8Ny4FxlnPELP+QAAGApDC2AwjhmuAALLvduzNvIQBd/5jlH1m6IpZ/BzfNTR8RM0aKH3tdqmkCWWJjNzzPfw5l5TZbQImsFPI6K8pHwG0rNz8WId1pQSVjYVAmAMxHIxJC4NIpxJK3fj6oCyDwWxz3ESBjUkXiEhVLy57lGk5mhN9T1FhAkLWoRIVMeYmpV8FhaDnEqzLEpebripE2hKbgJmYfuhWMY86iPs1ZRZ0xQFU2M/HRreACsyb1644b1Wc5aBdkcyBLUFTbAiEgnZMCHgcKg0AhGDmgFG6JWFgsrBi1CgYcywHGhabcuQVuqTMAAAC+OlLC6sAJ+YSKS1W3Kn7IrXEWxIqRNj+sr7hTrL6yiUODEMKr++EzX3JmZ4Rt64cfFIxvhKAwulG+GlZ9LBLysVvEWrW8ZjSLjZhaFupUIaCUQ3AZqVeIURCLRgjwaiWsgZXUHrV0pmYrIvAI0JXSUYvC7i9AKyH1ajEKOo1EQZY29Oi3nAL4WEIIAYzRaDUgCqcSC2gJZbTO/4h4E5azBsrGvEWpV2GDj36rKICC5en6EOKj9ATvHuKuvHHKVNJNr2TM/1vy4W7JE0iUgXqVFEsvpXbHWq57UXrqZZSrz+ajvJcb99ahtooCsLmE/PaFFQIlm8FHx8OjeBBAy1TSYlSyYII6oshh79enRi7sIhpMbQiOQCbQZlj6Z8o4cCBloeYCuKBloRYCeNk60UpB7q1DbZFD4KTP51fk2wcDWp0U5WOMMpa0GNTlLQ58NJrNx+yZVqg3iHsUY2usAAQQ4lrGf/xn9xVUUEEFG8QWcgSroIIKKqigEBUFUEEFFVSwRVFRABVUUEEFWxQVBVBBBRVUsEVRUQAVVFBBBVsUFQVQQQUVVLBFUVEAFVRQQQVbFBUFUEEFFVSwRVFRABVUUEEFWxQVBVBBBRVUsEVRUQAVVFBBBVsUFQVQQQUVVLBFUVEAFVRQQQVbFBUFUEEFFVSwRVFRABVUUEEFWxQVBVBBBRVUsEVRUQAVVFBBBVsUW0UBIKBlWeWWooIKKqjgI4StkRISMZvNCsEVRSm3KBVUUEEFHxVsiRUAQQAQlGyJwlZQQQUVbBBbZkxEFOUWoYIKKqjgI4UtowAqqKCCCipYif8f6nNPPp4eaRkAAAAASUVORK5CYII=\"><br><br></li></ol></li></ol>"}]}],"workarounds":[{"lang":"en","value":"The Clientless VPN feature only ensures secure remote access to a single trusted application. Ensure that the Clientless VPN access is limited by Security Policies to a single trusted site. Refer to the Configure Clientless VPN page for additional details.\nFor accessing multiple applications, since the Same-Origin Policy is not enforced, we strongly recommend configuring access to only trusted pages through Clientless VPN.\nClientless VPN should never be used to allow access to the internet or intranet. If you need to secure access to untrusted websites, please consider the following alternatives:\n\n * GlobalProtect App (https://docs.paloaltonetworks.com/globalprotect)\n * Supported Third Party VPN Client (https://docs.paloaltonetworks.com/compatibility-matrix/reference/globalprotect/what-x-auth-ipsec-clients-are-supported)\n * Prisma Browser (https://docs.paloaltonetworks.com/prisma-access-browser)\n * Web Proxy (https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-new-features/networking-features/web-proxy) (Note: Web Proxy can only be used to improve web browsing safety. It cannot be used as a VPN.)","supportingMedia":[{"type":"text/html","base64":false,"value":"The Clientless VPN feature only ensures secure remote access to a single trusted application. Ensure that the Clientless VPN access is limited by Security Policies to a single trusted site. Refer to the Configure Clientless VPN page for additional details.<br>For accessing multiple applications, since the Same-Origin Policy is not enforced, we strongly recommend configuring access to only trusted pages through Clientless VPN. <br>Clientless VPN should never be used to allow access to the internet or intranet. If you need to secure access to untrusted websites, please consider the following alternatives:<br><ul><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/globalprotect\">GlobalProtect App</a></li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/compatibility-matrix/reference/globalprotect/what-x-auth-ipsec-clients-are-supported\">Supported Third Party VPN Client</a></li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/prisma-access-browser\">Prisma Browser</a></li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-new-features/networking-features/web-proxy\">Web Proxy</a> (Note: Web Proxy can only be used to improve web browsing safety. It cannot be used as a VPN.)</li></ul>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-02-12T17:00:00.000Z","lang":"en","value":"Initial Publication"}],"credits":[{"lang":"en","value":"Brad Lewis","type":"finder"}],"source":{"discovery":"EXTERNAL"},"tags":["24-02-08-7HJ30628114"],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"PAN-SA-2025-0003","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"Informational: PAN-OS BIOS and Bootloader Security Bulletin","datePublic":"2025-01-23T23:20:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","description":""}]}],"impacts":[{"descriptions":[{"lang":"en","value":""}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","platforms":["PA-3200","PA-5200","PA-7000"],"versions":[{"status":"affected","version":" All","versionType":"custom"}],"defaultStatus":"affected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Palo Alto Networks is aware of claims of multiple vulnerabilities in hardware device firmware and bootloaders included in our PA-Series (hardware) firewalls.\n\nIt is not possible for malicious actors or PAN-OS administrators to exploit these vulnerabilities under normal conditions on PAN-OS versions with up-to-date, secured management interfaces deployed according to the best practices guidelines (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices). Users and administrators do not have access to the BIOS firmware or permissions to modify it. An attacker would need to first compromise the system and then get the root Linux privileges necessary to perform these actions before they could exploit these vulnerabilities. These vulnerabilities themselves do not allow an attacker to compromise the PAN-OS software on the firewall.\n\nNone of the concerns are applicable to PAN-OS CN-Series, PAN-OS VM-Series, Cloud NGFW and Prisma Access.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is aware of claims of multiple vulnerabilities in hardware device firmware and bootloaders included in our PA-Series (hardware) firewalls.<br> <br>It is not possible for malicious actors or PAN-OS administrators to exploit these vulnerabilities under normal conditions on PAN-OS versions with up-to-date, secured management interfaces deployed according to the <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\">best practices guidelines</a>. Users and administrators do not have access to the BIOS firmware or permissions to modify it. An attacker would need to first compromise the system and then get the root Linux privileges necessary to perform these actions before they could exploit these vulnerabilities. These vulnerabilities themselves do not allow an attacker to compromise the PAN-OS software on the firewall.<br><br>None of the concerns are applicable to PAN-OS CN-Series, PAN-OS VM-Series, Cloud NGFW and Prisma Access."}]}],"references":[{"url":"https://security.paloaltonetworks.com/PAN-SA-2025-0003","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","exploitMaturity":"NOT_DEFINED","baseSeverity":"NONE","baseScore":0,"threatSeverity":"NONE","threatScore":0,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"}}],"configurations":[{"lang":"en","value":"The following vulnerabilities are exploitable only when an attacker has already compromised the PAN-OS software and gained root Linux privileges on the system or physical access to open the device. This is not possible under normal conditions on PAN-OS versions that are up-to-date and deployed according to best practices (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices): CVE-2020-10713, CVE-2021-33627, CVE-2021-42060, CVE-2021-42554, CVE-2021-43323, CVE-2021-45970, CVE-2022-24030. \n\nAll other CVEs are not exploitable under any circumstances as conditions to exploit these CVEs do not exist in PAN-OS. We have provide more details in the CVE table in the Description section above.","supportingMedia":[{"type":"text/html","base64":false,"value":"The following vulnerabilities are exploitable only when an attacker has already compromised the PAN-OS software and gained root Linux privileges on the system or physical access to open the device. This is not possible under normal conditions on PAN-OS versions that are up-to-date and deployed according to <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\">best practices</a>:&nbsp;CVE-2020-10713,&nbsp;CVE-2021-33627,&nbsp;CVE-2021-42060,&nbsp;CVE-2021-42554,&nbsp;CVE-2021-43323,&nbsp;CVE-2021-45970,&nbsp;CVE-2022-24030.&nbsp;<br><br>All other CVEs are not exploitable under any circumstances as conditions to exploit these CVEs do not exist in PAN-OS. We have provide more details in the CVE table in the Description section above."}]}],"workarounds":[{"lang":"en","value":"These vulnerabilities require an attacker to compromise PAN-OS software before they can successfully exploit it. The risk of exploitation on PAN-OS software is reduced by upgrading your appliances to the latest versions.\n\nAdditionally secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines (https://docs.paloaltonetworks.com/best-practices).","supportingMedia":[{"type":"text/html","base64":false,"value":"These vulnerabilities require an attacker to compromise PAN-OS software before they can successfully exploit it. The risk of exploitation on PAN-OS software is reduced by upgrading your appliances to the latest versions.<br><br>Additionally secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices\">best practice deployment guidelines</a>."}]}],"solutions":[{"lang":"eng","value":"While the conditions required to exploit these vulnerabilities are not available to users protected by PAN-OS or administrators of PAN-OS software, we are working with the third-party vendors to develop any firmware updates that may be needed. We will provide further updates and guidance as they become available.","supportingMedia":[{"type":"text/html","base64":false,"value":"While the conditions required to exploit these vulnerabilities are not available to users protected by PAN-OS or administrators of PAN-OS software, we are working with the third-party vendors to develop any firmware updates that may be needed. We will provide further updates and guidance as they become available."}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of these issues in our products. We are aware of a blog post discussing these issues.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of these issues in our products.&nbsp;We are aware of a blog post discussing these issues."}]}],"timeline":[{"time":"2025-06-24T22:00:00.000Z","lang":"en","value":"Updated fix versions for CVE-2020-10713."},{"time":"2025-03-26T22:30:00.000Z","lang":"en","value":"Added clarifying language in the CVE Table."},{"time":"2025-01-27T22:45:00.000Z","lang":"en","value":"Updated the Required Configuration for Exposure to indicate that none of the network related CVEs apply to PAN-OS."},{"time":"2025-01-27T19:00:00.000Z","lang":"en","value":"Clarified the Required Configuration for Exposure section."},{"time":"2025-01-24T23:45:00.000Z","lang":"en","value":"Added more clarifying language and fixed Product types in CVE Table."},{"time":"2025-01-23T23:20:00.000Z","lang":"en","value":"Initial publication"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2024-3393","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet","datePublic":"2024-12-27T02:30:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-754","description":"CWE-754 Improper Check for Unusual or Exceptional Conditions","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-540","descriptions":[{"lang":"en","value":"CAPEC-540 Overread Buffers"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:*:*:*:*:*:*:*"],"versions":[{"status":"affected","version":"11.2.0","lessThan":"11.2.3","changes":[{"at":"11.2.3","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.5","changes":[{"at":"11.1.5","status":"unaffected"},{"at":"11.1.4-h7","status":"unaffected"},{"at":"11.1.2-h16","status":"unaffected"},{"at":"11.1.3-h13","status":"unaffected"}],"versionType":"custom"},{"status":"unaffected","version":"10.2.0","lessThan":"10.2.8","changes":[{"at":"10.2.8","status":"affected"},{"at":"10.2.14","status":"unaffected"},{"at":"10.2.8-h19","status":"unaffected"},{"at":"10.2.9-h19","status":"unaffected"},{"at":"10.2.10-h12","status":"unaffected"},{"at":"10.2.11-h10","status":"unaffected"},{"at":"10.2.12-h4","status":"unaffected"},{"at":"10.2.13-h2","status":"unaffected"}],"versionType":"custom"},{"status":"unaffected","version":"10.1.0","lessThan":"10.1.14","changes":[{"at":"10.1.14","status":"affected"},{"at":"10.1.15","status":"unaffected"},{"at":"10.1.14-h8","status":"unaffected"}],"versionType":"custom"},{"status":"unaffected","version":"10.0.0","versionType":"custom"},{"status":"unaffected","version":"9.1.0","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","platforms":["Prisma Access"],"versions":[{"status":"unaffected","version":"10.2.0","lessThan":"10.2.8","changes":[{"at":"10.2.8","status":"affected"},{"at":"10.2.9-h19","status":"unaffected"},{"at":"10.2.10-h12","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.2.0","lessThan":"11.2.3","changes":[{"at":"11.2.3","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","platforms":["Panorama"],"versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.\n\nThis issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, CN-Series firewalls, and Prisma Access.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p><span>A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.</span></p><p><span>This issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, CN-Series firewalls, and Prisma Access.</span></p>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-3393","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"An attacker sends a malicious packet through the firewall, which processes a malicious packet that triggers this issue."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"LOW","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"ATTACKED","baseSeverity":"HIGH","baseScore":8.7,"threatSeverity":"HIGH","threatScore":8.7,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:A/AU:N/R:U/V:C/RE:M/U:Amber"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"Prisma Access, when only providing access to authenticated end users, processes a malicious packet that triggers this issue."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"LOW","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"ATTACKED","baseSeverity":"HIGH","baseScore":7.1,"threatSeverity":"HIGH","threatScore":7.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:A/AU:N/R:U/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"This issue does not affect Cloud NGFW, Panorama M-Series, or Panorama virtual appliances.\n\nBoth of the following must be true for PAN-OS software to be affected:\n\n 1. Either a DNS Security License or an Advanced DNS Security License must be applied, AND\n 2. DNS Security logging must be enabled.\n\nYou can check for existing DNS Security Configuration in your firewalls using the PAN-OS CLI:\n\n> show config merged | match log-level\n\n * Look for entries with the string 'log-level':\n   \n    * If no entries are found (output is empty) or all entries show 'log-level none;', your configuration is not vulnerable, and no workaround is needed.\n    * If any entries show values other than 'log-level none;', your configuration is vulnerable. You should either upgrade PAN-OS or follow the steps in the workaround section.","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue does not affect Cloud NGFW, Panorama M-Series, or Panorama virtual appliances.<br><br>Both of the following must be true for PAN-OS software to be affected:<br><ol><li>Either a DNS Security License or an Advanced DNS Security License must be applied, AND</li><li>DNS Security logging must be enabled.</li></ol>You can check for existing DNS Security Configuration in your firewalls using the PAN-OS CLI:<br><br>&gt; show config merged | match log-level<br><ul><li>Look for entries with the string 'log-level':<br></li><ul><li>If no entries are found (output is empty) or all entries show 'log-level none;', your configuration is not vulnerable, and no workaround is needed.</li><li>If any entries show values other than 'log-level none;', your configuration is vulnerable. You should either upgrade PAN-OS or follow the steps in the workaround section.</li></ul></ul>"}]}],"workarounds":[{"lang":"en","value":"If your firewall running the vulnerable PAN-OS versions stops responding or reboots unexpectedly and you cannot immediately apply a fix, apply a workaround below based on your deployment.\n\nUnmanaged NGFWs, NGFW managed by Panorama, or Prisma Access managed by Panorama\n\n 1. Ensure that a DNS Security Configuration is already present in the device's configuration. See the \"Required Configuration for Exposure\" section for details.\n 2. Within Objects → Security Profiles (https://docs.paloaltonetworks.com/pan-os/11-2/pan-os-web-interface-help/objects/objects-security-profiles-anti-spyware-profile), determine if you use the predefined Anti-Spyware profiles (https://docs.paloaltonetworks.com/network-security/security-policy/administration/security-profiles/security-profile-anti-spyware) in your Security Policy. These are named \"Default\" or \"Strict\" (https://docs.paloaltonetworks.com/network-security/security-policy/administration/security-profiles/security-profile-anti-spyware). If you are using the predefined security profiles, clone the predefined Anti-Spyware profile (https://docs.paloaltonetworks.com/pan-os/11-2/pan-os-web-interface-help/objects/move-clone-override-or-revert-objects/move-or-clone-an-object) for use as a custom Anti-Spyware profile. After cloning each relevant predefined Anti-Spyware profile, replace them with the cloned custom Anti-Spyware profile or group in your Security Rules (Policies → Security → (security rule) in either Actions → Profiles or Actions → Group (https://docs.paloaltonetworks.com/network-security/security-policy/administration/security-rules/create-a-security-policy-rule#create-a-security-policy-rule-panorama)).\n    \n 3. For each custom Anti-Spyware profile, navigate to Objects → Security Profiles → Anti-Spyware → (select a custom profile) → DNS Policies → DNS Security.\n 4. Change the Log Severity to \"none\" for all configured DNS Security categories.\n    \n    \n    \n 5. Commit the changes.\n\nNote 1: Setting Log Severity to 'none' for devices that didn't have a DNS Security configuration may block DNS traffic that wasn’t previously blocked. Additionally, this may happen without generating any log entries, making it difficult to detect the blocked traffic. Review the Required Configuration for Exposure section for instructions on identifying existing DNS Security Configuration.\n\nNote 2: Remember to revert the Log Severity settings once the fixes are applied.\n\nNGFW managed by Strata Cloud Manager (SCM)\n\n\nYou can choose one of the following mitigation options:\n 1. Option 1: Disable DNS Security logging directly on each NGFW by following the PAN-OS steps above.\n 2. Option 2: Disable DNS Security logging across all NGFWs in your tenant by opening a support case (https://support.paloaltonetworks.com/Support/Index).\n\nPrisma Access managed by Strata Cloud Manager (SCM)\n\nUntil we perform an upgrade of your Prisma Access tenant, you can disable DNS Security logging across all NGFWs in your tenant by opening a support case (https://support.paloaltonetworks.com/Support/Index). If you would like to expedite the upgrade, please make a note of that in the support case.","supportingMedia":[{"type":"text/html","base64":false,"value":"If your firewall running the vulnerable PAN-OS versions stops responding or reboots unexpectedly and you cannot immediately apply a fix, apply a workaround below based on your deployment.<br><br><b>Unmanaged NGFWs, NGFW managed by Panorama, or Prisma Access managed by Panorama</b><b><br></b><ol><li>Ensure that a DNS Security Configuration is already present in the device's configuration. See the \"Required Configuration for Exposure\" section for details.</li><li>Within <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-2/pan-os-web-interface-help/objects/objects-security-profiles-anti-spyware-profile\">Objects → Security Profiles</a>, determine if you use the predefined <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/network-security/security-policy/administration/security-profiles/security-profile-anti-spyware\">Anti-Spyware profiles</a> in your Security Policy. <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/network-security/security-policy/administration/security-profiles/security-profile-anti-spyware\">These are named \"Default\" or \"Strict\"</a>. If you are using the predefined security profiles, <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-2/pan-os-web-interface-help/objects/move-clone-override-or-revert-objects/move-or-clone-an-object\">clone the predefined Anti-Spyware profile</a> for use as a custom Anti-Spyware profile. After cloning each relevant predefined Anti-Spyware profile, replace them with the cloned custom Anti-Spyware profile or group in your Security Rules (<a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/network-security/security-policy/administration/security-rules/create-a-security-policy-rule#create-a-security-policy-rule-panorama\">Policies → Security → (security rule) in either Actions → Profiles or Actions → Group</a>).<br></li><li>For each custom Anti-Spyware profile, navigate to Objects → Security Profiles → Anti-Spyware → (select a custom profile) → DNS Policies → DNS Security.</li><li>Change the Log Severity to \"none\" for all configured DNS Security categories.<br><img alt=\"\" src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAssAAAIqCAIAAABdcpCrAAAKr2lDQ1BJQ0MgUHJvZmlsZQAASImVlwdUU+kSgP970xslgVCkhBqKIJ0AUkJoAZRebYQkQCCEGAgqYmdxBdeCighWdCmi4FoAWWxYsC0K9rpBREFdFws2VN4NHMLuvvPeO2/OmcyXufPPP/Of+58zFwCKAU8qFcMaAGRL8mTRwf6MxKRkBm4AkAEV6AAASDx+rpQdGRmOMJiwf5cPtwGktDfslLn+/fl/FU2BMJcPABSJcKogl5+N8FFEP/ClsjwAUAcQv9mCPKmSryOsJUMKRPipktPH+ZOSU8cYTR6LiY3mIMwAAE/m8WTpAJCnIn5GPj8dyUNW9uAgEYgkCBci7JOdnSNAuB1hKyRGirAyPyv1L3nS/5YzVZWTx0tX8XgvY4IPEOVKxbxF/+dx/G/JFssn9mAiSs6QhUQjloqc2dOsnDAVS1JnRkywSDAWP8YZ8pC4CebncpInOFccw51gAS8gTJVHPDN8gtNEQaoYUR43doKFuYExEyzLiVbtmybjsCeYJ5usQZ4Vp/JnCLmq/AUZsQkTnC+Kn6mqLSsmbDKGo/LL5NGqXoSSYP/JfYNU55Cd+5feRVzV2ryM2BDVOfAm6xdK2JM5cxNVtQmEAYGTMXGqeGmev2ovqThSFS8UB6v8ufkxqrV5yMs5uTZSdYaZvNDICQYckAPEiMoAA4Qj/wIAyBMuzFM2wsmRLpKJ0jPyGGzktgkZXAnffirDycHJBQDl3R1/Nd7Rx+4kRL886VtFBMBbMjo62j7pC/sCwFETAIiKSR+zBwA15A5c3MiXy/LHfWjlDwYQgTrQAnrACJgBK2AHnIAb8AJ+IBCEgggQC5LAXMAHGSAbqXwBKAQrQDEoBRvAFlAJdoG9oA4cBIdBC2gHZ8AFcAVcB7fAA6AA/eAlGAIfwAgEQTiIAtEgPcgYsoBsISeIBflAgVA4FA0lQSlQOiSB5FAhtAoqhcqgSmgPVA/9Ah2HzkCXoG7oHtQLDUJvoS8wCibDWrAhbAlPg1kwGw6DY+E5cDo8Hy6Ai+B1cAVcDR+Am+Ez8BX4FqyAX8LDKIAioegoE5QdioXioCJQyag0lAy1FFWCKkdVoxpRbahO1A2UAvUK9RmNRdPQDLQd2gsdgo5D89Hz0UvRa9GV6Dp0M/oc+ga6Fz2E/o6hYAwwthhPDBeTiEnHLMAUY8oxNZhjmPOYW5h+zAcsFkvHMrHu2BBsEjYTuxi7FrsD24Q9je3G9mGHcTicHs4W542LwPFwebhi3DbcAdwpXA+uH/cJT8Ib453wQfhkvAS/El+O348/ie/BP8ePEDQIFgRPQgRBQFhEWE/YR2gjXCP0E0aImkQm0ZsYS8wkriBWEBuJ54kPie9IJJIpyYMURRKRlpMqSIdIF0m9pM9kKtmGzCHPJsvJ68i15NPke+R3FArFkuJHSabkUdZR6ilnKY8pn9RoavZqXDWB2jK1KrVmtR611+oEdQt1tvpc9QL1cvUj6tfUX2kQNCw1OBo8jaUaVRrHNe5oDGvSNB01IzSzNddq7te8pDlAxVEtqYFUAbWIupd6ltpHQ9HMaBwan7aKto92ntavhdVianG1MrVKtQ5qdWkNaVO1XbTjtRdqV2mf0FbQUXRLOpcupq+nH6bfpn/RMdRh6wh11ug06vTofNSdouunK9Qt0W3SvaX7RY+hF6iXpbdRr0XvkT5a30Y/Sn+B/k798/qvpmhN8ZrCn1Iy5fCU+wawgY1BtMFig70GVw2GDY0Mgw2lhtsMzxq+MqIb+RllGm02Omk0aEwz9jEWGW82PmX8gqHNYDPEjArGOcaQiYFJiIncZI9Jl8mIKdM0znSlaZPpIzOiGcsszWyzWYfZkLmx+QzzQvMG8/sWBAuWRYbFVotOi4+WTMsEy9WWLZYDTF0ml1nAbGA+tKJY+VrNt6q2ummNtWZZZ1nvsL5uA9u42mTYVNlcs4Vt3WxFtjtsu6dipnpMlUytnnrHjmzHtsu3a7Drtafbh9uvtG+xfz3NfFrytI3TOqd9d3B1EDvsc3jgSHUMdVzp2Ob41snGie9U5XTTmeIc5LzMudX5jYuti9Blp8tdV5rrDNfVrh2u39zc3WRujW6D7ubuKe7b3e+wtFiRrLWsix4YD3+PZR7tHp893TzzPA97/ull55Xltd9rYDpzunD6vul93qbePO893gofhk+Kz24fha+JL8+32veJn5mfwK/G7znbmp3JPsB+7e/gL/M/5v+R48lZwjkdgAoIDigJ6AqkBsYFVgY+DjINSg9qCBoKdg1eHHw6BBMSFrIx5A7XkMvn1nOHQt1Dl4SeCyOHxYRVhj0JtwmXhbfNgGeEztg04+FMi5mSmS0RIIIbsSniUSQzcn7kr1HYqMioqqhn0Y7RhdGdMbSYeTH7Yz7E+seuj30QZxUnj+uIV4+fHV8f/zEhIKEsQZE4LXFJ4pUk/SRRUmsyLjk+uSZ5eFbgrC2z+me7zi6efXsOc87COZfm6s8Vzz0xT30eb96RFExKQsr+lK+8CF41bziVm7o9dYjP4W/lvxT4CTYLBoXewjLh8zTvtLK0gXTv9E3pgxm+GeUZr0QcUaXoTWZI5q7Mj1kRWbVZo+IEcVM2Pjsl+7iEKsmSnMsxylmY0y21lRZLFfM952+ZPyQLk9XkQrlzclvztJAh6arcSv6DvDffJ78q/9OC+AVHFmoulCy8ushm0ZpFzwuCCn5ejF7MX9xRaFK4orB3CXvJnqXQ0tSlHcvMlhUt618evLxuBXFF1orfVjqsLFv5flXCqrYiw6LlRX0/BP/QUKxWLCu+s9pr9a4f0T+Kfuxa47xm25rvJYKSy6UOpeWlX9fy117+yfGnip9G16Wt61rvtn7nBuwGyYbbG3031pVplhWU9W2asal5M2Nzyeb3W+ZtuVTuUr5rK3GrfKuiIryidZv5tg3bvlZmVN6q8q9q2m6wfc32jzsEO3p2+u1s3GW4q3TXl92i3Xf3BO9prrasLt+L3Zu/99m++H2dP7N+rq/Rrymt+VYrqVXURdedq3evr99vsH99A9wgbxg8MPvA9YMBB1sb7Rr3NNGbSg+BQ/JDL35J+eX24bDDHUdYRxqPWhzdfox2rKQZal7UPNSS0aJoTWrtPh56vKPNq+3Yr/a/1rabtFed0D6x/iTxZNHJ0VMFp4ZPS0+/OpN+pq9jXseDs4lnb56LOtd1Puz8xQtBF852sjtPXfS+2H7J89Lxy6zLLVfcrjRfdb167DfX3451uXU1X3O/1nrd43pb9/Tukz2+PWduBNy4cJN788qtmbe6b8fdvntn9h3FXcHdgXvie2/u598febD8IeZhySONR+WPDR5X/279e5PCTXGiN6D36pOYJw/6+H0vn+Y+/dpf9IzyrPy58fP6AaeB9sGgwesvZr3ofyl9OfKq+A/NP7a/tnp99E+/P68OJQ71v5G9GX279p3eu9r3Lu87hiOHH3/I/jDyseST3qe6z6zPnV8SvjwfWfAV97Xim/W3tu9h3x+OZo+OSnky3tgogEIUTksD4G0tAJQkAGjIXE6cNT5bjwk0/j0wRuA/8fj8PSZuADQiRjkWcU4DcAhRy+VIbkSVI1GsH4CdnVU6MQePzexKwSJfL7sDlHRv05zl4B8yPs//pe5/WqDM6gL+af8FSZIMC9rczpwAAABsZVhJZk1NACoAAAAIAAQBEgADAAAAAQABAAABGgAFAAAAAQAAAD4BGwAFAAAAAQAAAEaHaQAEAAAAAQAAAE4AAAAAAAAASAAAAAEAAABIAAAAAQACoAIABAAAAAEAAALLoAMABAAAAAEAAAIqAAAAAFTF914AAAAJcEhZcwAACxMAAAsTAQCanBgAAAJoaVRYdFhNTDpjb20uYWRvYmUueG1wAAAAAAA8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJYTVAgQ29yZSA2LjAuMCI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOnRpZmY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vdGlmZi8xLjAvIgogICAgICAgICAgICB4bWxuczpleGlmPSJodHRwOi8vbnMuYWRvYmUuY29tL2V4aWYvMS4wLyI+CiAgICAgICAgIDx0aWZmOlhSZXNvbHV0aW9uPjcyPC90aWZmOlhSZXNvbHV0aW9uPgogICAgICAgICA8dGlmZjpPcmllbnRhdGlvbj4xPC90aWZmOk9yaWVudGF0aW9uPgogICAgICAgICA8dGlmZjpZUmVzb2x1dGlvbj43MjwvdGlmZjpZUmVzb2x1dGlvbj4KICAgICAgICAgPGV4aWY6UGl4ZWxZRGltZW5zaW9uPjEyMzI8L2V4aWY6UGl4ZWxZRGltZW5zaW9uPgogICAgICAgICA8ZXhpZjpQaXhlbFhEaW1lbnNpb24+MTU4ODwvZXhpZjpQaXhlbFhEaW1lbnNpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgoGfvWcAAGYvUlEQVR42uy9Z3gcR5omiNvb2fuzd8/c7O74nZnt6VbPs6O+aS+NWm66W77lJYoiJVL03oEOBEFPgnCE995777333hS8R1UBKLgqeEcA91YGkEyUQwH00vc+H8HIqIjI8N8bX0ZGGrR3dJGQkJCQkJCQPFoxoCogISEhISEhIYZBQkJCQkJCQgyDhISEhISEhBgGCQkJCQkJCQkxDBISEhISEhJiGCQkJCQkJCRPVdraO4XyfDOMDQvQ1t71uAv5LDVtl0qjcj7U6UlISEhIHrs67ujs7uzqEYo2Na1CRLTJI2AYyBNkU/yIv+TLoCWkMkBXd68+XOTpCt8wrCq2kFtEQfTunj5Ie8dqfaLsrPgkJCQkJCSPaXELzdXV3dfa1iFqbG5oaKxvaGwQNTU1t2rU0VzgXqatdIg25b4JhoE7IU8QfUgGxxh6OQ26GheFQRnU4zJ129snaWltRxhEgZvXu8+gIJ+Q5tZ2uPvE0p5e8WZTQBSkUFlVU1Vdy9dnXb2otq5BfwJHQkJCQkKyKXrBdG5Obv7NW7e//nrHtq+279ix8+sdO44dPxkcEgq2sV4HdUPTlVdUFxQWFxaVaJQC7m9Nbb3uxbaB7jU3WAxozqnTZ4wuGTc2teASqpH9JHTw90AuoS8rKqvhCQLR2Nj89jvvojDNLW245IMxeoEEXd083n3vvZf//d8Nz55LTkltE6Tc2vYgZZW78D4qnsJLPh1hYHX7jzCKeoLME8wAFb1v/4Fvvt31xRfb4DC9a5abV8BsD1yUdTlUzxsrb1Jy6nvvv29gYPDK714FzwCpQgoo+MGDhxgn47MkzCoJCQkJCcnDbFSATomOidux85uTp05HRcdAo5WUlkOLubq5f/zJJ7du38G6F+qb6SDoIwQwt7Kxd3R2dnF3Uorb+r9Kh42dg5OzG/S4DkvGBgyjp08SF5dgwCE+Iam3T8IebTATCqMRUMCdXM5wicW9pdW9o8eOIyQCNDW3Qn2ePHlKyDDYX1zevmOKZI0vmzg4Ov3+D3/81a9/jQU9sw3wKTMLCvckhbOLtD94mMSsNB2da8lyTxyERAxRcNnS2s4FFuOSf4LDHnawquzs6mWZR3T+jkLTBQqVmpaBrB48dNjO3vHatRs/+ucf4TIlNV1Zdq5c7BYdXT2MWOBeXN5WzT+9fdLSsnJEOXHyVF5+IZp2rVC9p0+f2bt3HyMrGrNKQkJCQkKyZXoBXRMbl4ClvruHV21dQ2FRia+fv4urW2RUNNa6aemZhw4fMTO3aBA1MXUG9Z2QmOzh5VNaXglHVHRsdEw8CMqqxMZHRscmpaTlFRSZW9yrrqmD/tKmrQx0bwmBAyrwww8/evvtdy5cuAityHIAYaoXl6LGZkY48Bc+h48cOXf+gkQ6gEsoYJAMhBRynNbWdhQA2YLGhcIelA2LJf1IBHoXGhqBoX3hg+ggR4xJgKBAVtnD2r5IpIwAfD4ZmRCWEwFwiaSQN4TEr/yjDaSGv9DlcDC9zsgTo2MIJjRsoFCZWTnIbWJS8vDImFg6ALqHy2PHT3RyGWZcAbfjaQo8ccnc8ERt+AcEIgqacGRUzuqNVZrh2XMHDh5iLcQ4E6sx5IdxIBokJCQkJCRbYxhQLqARh48cNbewZDrR1s7eYA0BAUFQUhmZ2X/66KPgkDCm3+GTkJQSEBgSG59oa+/kHxAcGBQaEBSilMCQwOBQ/8BgK2u72LhEaxv7rTMM9nQAmQgNCw8MCoajpLSMW2H3FhWXnj13Pjwi8vQZw//v335+8tTp0rIK6MV792z+5m//7vd/+KPxZRMwkssmV65dux4REcWUJVPn0OJImSnpq9eu417QplC6bCtGUnLqtes34uITTpw4+fOf/wIp1NWLQD4+//yLxKQUBEAiiO7h6XX+wsUbN2+Zm1sy3VxTWw+Vj6yydNLSM3Z/twe5yssvRPbefuedjz76GBlmu1rs7R0dnZwDApWF8vL2QRRU7scff/LSyy8fP3GyqLgEPsySwYgUGgAhw8OV0VkGjhw99vWOnSBGJiZXw8Ijb92+gwDJKWkgSQ6Ozh9/8ukf/viWkZExKgoUJyg45F9ffPGll15GpZ0xNETOTa5czc7Jw0+nTp3ev/8A2wFaXFJ28aLR71599d333gfH1PNlHBISEhISEo16HPoLGmrv/gOFRcVsuZ6ekRUaFuHi5g6dddfMnD2OsLS6BwXKVvJQcNC2fv5BoeGRFlY2YBjgFmAV0Jgc2wjxDwi6a24ZHRNvbeuwxjC6NsswlIqfkR0kUV5RBYeLqxvuDcnJzVPyn/9kYGfvEBwSCuehw0caRM1e3r5/9l/+M1S1s4srxMnZBT9BZyMHSA0KFat5RiZQ8us3buLXb77dBfpSVl6JgiFATGw8PN96+x0PT28I3OfOXwDz+l8/+tGOnTu5Jw4SkAn4W9vYubl5wAEaMTA4FBUdC/eBAwfBCZAOtPiLL/4MOf921+4vt30VHRN7xvAsAuTk5iMDzP3Fl9tOnT6TmpbODAxOzq4pqemo5TfefLO+QcTqndkwGMOIT0hS2jAk/RWV1bgEhQLDeO311+He9tX2m7duI3FwLFw6O7tGRccgnb/667+pqa3LLyjCvX70ox9ZWFp5+/iygqOd+gdkJ06e2r37O6QJyvXrX//m2293JSWn+Pj6MXaJW7dwe0tJSEhISEg2tcGTWfFd3dzv3DVjrxewBXltXQPbpeDp5c1ek8TyePvXX7MnEkobRmKyX0BQZVVNfGJyVEwc9LJAEqBtk1PTwQoENozNMAy2MxE3++cf/+TmzdtDw6PQhVh2v/zyy/BEjnPzCphtA/6DsmE3d09cQkfip1deeQXLemn/IMgEEvly2zZoYmjK/ILCoKCQsLCIsPAIhARRqKsXISLUKjPXgBYhFrQ43NCyLGVXjmehDDExcXCkpWdAx3v7KBUw6ogZQsIjIsXSgStXr/3yl7965ZXflZSWI/9/+Vd/7ejkgruAu6BCp2fmwM4YScJdjC+bwJ2XXygbGkGJ/uc//E/wGH6HC34CbUJZ2CMbZB6kD56Ghmdd3TxQIX/x3/6bkqzk5LW0drzzzruffPpZY1MLcguSCH9wiP6BIVxWVCppGVjayJjCwdHphZ/+FFRpVD5eWFQCf/BKJcM4cXL3d3vAkDy9fFiW2POmyyZX3n33XR0vK5OQkJCQkOi2YUAROzo5Qw3xmwTg6evrD3Vz7foNcAhuw0BfUXHJtq++YgyD7cPw81c+QIE+YtsAhML2EkCdWVrZbIVhMLUazSl1cwvLhMSkhIQkrNFxCTf0IhbrcGdmZjODREBgELMl4E6/feklo0vGLBNQ6u9/8MHpM4ZQ6kyD/vgnL0Cyc/JQBvaaBnRzWnrmW2+/zThKamo6HMUlZdwmBkliUgouoeBRKXCAduF2H3/yyenThmy3xLvvvYdqAll54403/QMC8RPIQX5BEYsl7ZchGxkZWW5uHqAgHMNwl/QPnjx1es+evUgKNAI1+5MXXnj11de2b9/xpz99+MUXXyIYqA+KhhyypySMYbz00svvv//Bzp3f3DUzB8dCEUSNLf/wj//o5OyCVuztk8bFJyIY+4ntz0B+9u8/gLvY2Nr95Ccv1NTWg0yg+Bw/i0BNHj12/PDho8gJSgHPXbu/e/+DP3257avf/Oa3yEl9QyP//g4JCQkJCYm+0r7KMJxdXM3MLfjXIKCXrW1sf/3SS9C8yv0ArR3sGf327V+vZxiB3CsI3dpsENDdW2QYbPfpiZOnoPPeffe9f33xZ5A/ffgRLs9zBglmw0hOTkVWkDlfvwBclpVXItbLL798yfgyzzDee/+Dc+cvsM2PdfUN9dxBH3AjFtJh63Us99MzMtkjDPY8oqCwGD8hADNppKZlDMpG7t41/7ef/5w9QUjibg1xcHB6++13PDy8Xn/jTVAq07tmJ0+etrpn/dLLL6MUqILjJ04i/PUbN9kjGxcXpQ3jFPcGBzMHIduMeTSImioqqsDpGlDN3FZQ5T4MwVOSsLAI5Ao/sZyzKn7hhZ86ccYSJMVym52T28uxEwT44E9/OnjosFg6oGQYLygZBliFkGEcO37iwIGDCHDj5q0/vvUW7o4GQ5YQku1jpXFCQkJCQrI1GwbWt1Ca0ObQLPwbnfEJiXYOjrV1DfxbHeERUbt272ZvV6xnGBoO92QPXLbIMNheh+KSUmbhZy9isDcjLC3vwRPKD3yHva7JNCvbx8AYxos/+5nxZRPwJsYqwEsuXDRiZz90dq0aWBALHALFhi7vk/SjCjw8vZBCeUUVsxZASWOtj2BsywL0LhJElF/+6le4xLq/mbMQINm8/ML/88/+81/99V9DQ4M6gHn8+f/758qc29qBuLCMIeL4xBSYDbfZwgXBTp8x3LtvPzP+oHSvvvrakaPHcLuBwWGwB1AN/kSstXdJlAwjJjYOnGDtuI4OxjBefPFnjGEgM+wpiYurGxgDQrKnIU7Orkj2nrUt6BGzYbBdLGHhSoZxirOmwDM4OJQ9JRkaHpX2y9CKyAadxEVCQkJCsmWGsfqqyIcfgUOwUzixSPby8jE8exZ6nFkTqmpqzxietbCwYvxjlWEEBGk7bvuBDeOe7RYZBnsmUlJa1ifu56kQe/rg6ORcVFzKvb2Zwk639PTyZo82EPHbXbvhvmxyxdvbFyUBJ8AiXnlWxNppHiz96BjlxszfvfoqSnX27Dm4r1y9hlugYHB/+ulnuMsl48twu7p5sAOpUCRLKyXFiYqOYS+XspdFP/v8C3jGxiVAYYOUvfnmf+AyIzMLaps96HF0dAoLjzx48DDcDg5OYBigFx99/AmS5V5hlYA64Kfv9ux1c/e8eNGIi57NdlkyhpGWnsGsDiA6SvPG2ikdosZm5Z5Ta1uE4fLTe8/ahplMnF1c/+7v//6V372KLCHWXTNztqEEvIe9+xoYFNw/MISbIieM1mz7ajv8kYK9g+MvfvkrVAh7EtRGQ4WEhISEZPMMgx3LZGNrd+jI0azsXKb1HB2dDx0+ggUt96y/2cbW/stt2/ILCtl7p/CMT0gCw+jl9Lv68eHs1Q2kY2Flvbm3VXkmYnXPGst9nhbwh2XZQfs5OZeVV5hcuVpQWMRulpySCkpRVV0LTZmdk3f8+MnPP/8iOCQUObC2sfXy9mVPQ1Yz0b76km52Tu6lS5c/+/zzgwcP+fj6NTW3QvczTgB9jMX9d9/tCQwK4b8DAv6BLL3wwk/r6kX826TgLlD84EOoJmaTCAwMvnX7DjO6IAMgKNDce/bsBY1A9KjoWGTSy9sHblYvLDMoguHZc9u/3nHs+InIqBj2Bgdqg20WAXk6d/5CVnYO2z7CtxzYhuldM+SZnXvRyZ24BeoAUgXqcPeuOXd2p7KFoqNj75jeBY1AKUrLKi4aXUrPyEJOPDy9XFzd2bEfNbX1tnb2u3Z/9+23u8GlKiqrhQehkpCQkJCQbIFkQDvfum2685tvwyOisOhtbGqpqq6DPgLnMDUz37N3X3xCotDskZaeZXnPNiEpJTEpBct+ONZJYnJScmpkdOxdcyuo463sw2C7HDT6d3MHX8LBn6PFGI3glMwebhPl6qFb2j7hwY7BYElB77Zz3/uI5d5WLSuvHBgcYlsx2rlDKZAIe0kVXIx58qSHHYCxSkQ4zsFyzmq2lwuMMNxmTAljFeq5Ynlgh4bBoX7GOTsmS13f82nyd0R09tAEDgET6uOriHtOJFXJCSM6yCQjbewxU3sH0QsSEhISkkdAMrDg37Hzm9NnDK3uWWMRe9nkypfbvjp+4mRKajqvwpiGqqlrCI+I9vT29fL20yA+yr/ePv7gGezISm231nXilvorDCpf3xD6Cw/BFDq0nX7NnQrawUoO+sO+KyaWDrDzMHJy85m1gD+mE5fsbRSQj55eicpHRlQ+AqLydRJWfvbIQ1iP6zPTvpaZTpWzQdWT1eEvjC78woh6MPWcCMPT10lISEhISB4VyWAm9qzs3IDAIHd3Tzd3D28f35jYOCzd145FWBeFfVN9Q9F9X10MQ/dPKgG0EQ7dRn4VcoBy1tbVZ2Rmsx2tQhWLy4LCYojGj6frvmxt69TIGDRyBW0Z3pS/xnRUqmjV0fHgHHTdVIaEhISEhORhLBk9vWJ29CUEDvZeJDubSz3KQ9KLdn2+3v7keRb/yENFdDxwISEhISEhIdGtYbXJpgLrjvjsMgxtT2c2/ImEhISEhITkmRIDqgISEhISEhISYhgkJCQkJCQkxDBISEhISEhIiGGQkJCQkJCQkDwahtHT00dCQkJCQkJC8mjFID0zl4SEhISEhITk0YqByhdNtirrv4zS++iSeiak90mk39v37BX8cRRfY2F7n9WybyZ7vc9MVp/v6u39IY395zb/vY8h5FPJ3g+0zzyhTBqsEAgEAoFAIDxqGCwTCAQCgUAgPGqQDYNAIBAIBMJjsGFQFRAIBAKBQCCGQSAQCAQCgRgGgUAgEAgEYhiExwq282XtfwKBQCAQvj8ghkEgEAgEAoFsGN8vDAwM1tTV1zc01pGQkJCQkHwvpKauoa29Y3FxkZnqiWE86Ycj+Dsml5eUVQ4MyoZHRmVDwDATmUCGNIlMp6e2WA/zq0zTrzKdGdB9ow3vLttSUtryKdMjsEwtiky/e8k2agXZQ9SDxuh6NqJM71jaiqDx1rLNF0HPO+r+SaZH9cq0tMuQdv+Hl00NVR3VK9MjNdkmx+lm20umd0vJ9B6AQ5vpkDK9I+oe7DK9E5RtcmLcwjjawtjX2Ntlm58HNjuZyPToGDI9OszIyChWzi2tbcQwnhrDkEj7G5taqDYIBAKB8D2DQjFeUVVDT0n0IgRCFqZx98oWGIa0f6CxuZVPf3lF8zYZlS0z6v5LS0v8z1o22qj/1ZApYQDNOVFNYVktBR2X2m4q/Ksxn8taklrWkojKrZf1y4m2uCsbVZe2KBqLpjs/uku6rFZFKxtlT3cedGRbRw3obovNNv2GVbqsR/TljdpxRUuP0l0Dy3oXQf8JYXmje21tLGwqS8ubrDcdFbWsYw7Rb8wubymrK1o69oY9dlnvjr2sdylW9JugNuzty/oNBx1Vt6yz4Msb+a/oMS42nItWX1xgRvrq2nr1MMQwdNGCR5XYKsPgbBja9tyqEAvhT2AVjz+TqylS0xMIBAJhUxgbk1fV1JENYwNAl4slkvn5eXa5uLgolkjnuMslDrxFYUkNfArCkOsYRnMLTwvu378vFotbWlqam5u7urr4O46MjMjlcj7Y8PAwfOCYn59raGioqakZGxsT0ouZmZna2tr6+vrx8fG1jN3n8yO4vM/yzDKzagjhfsUfZAYpDw4OqhRttUTLS8vEPAgEAoGgjWHIiWHoYWmYm5s7fOpCdFzimr4fPX/5BsiBPpYDHcYJoQ2Dae7Jycmf/exnly5dcnV13b9//+nTZ6RSKfyDgoP/+Sc/npiYYHHt7e2Dg4PhsLa2PnbsmLGx8fnz53k6MjU1df369YsXL546fdrCwoJt5V1v+VjW0/Jx6NChqupqOJKTk1EJ6oGJZBAIBAKBGMbWGQaU9827Vu99saukrJxZFK7fsZDJhuBuaWuvqatn2ndoeFg2NNTY3DI+PjE+MVFb1zDGGR4AuUJRUVUj4ejCqmpeb8PgGcann34qk8mYPcPR0fHAgQNwZ2ZlGRgYXLt2jUV2cHDIyMhAsF/84heMWMANJsH0fWFh4Wuvv85CDgwMsJRbW1vz8vIUCgXvX1xcLJFIEKu7p5slIhaLkQGEGR0dbW5p6e3tRSzwFbCczz77rLqqSsphtURyOcITySAQCAQCMYytY3Z21sLaITgs8vjZSwODg7g0unpreGS0oKjE2d3bwcUjKDQCSjogOAxExNHV856ds49/kLW9My6np6cHB2V2Tm6JKWke3v7s1R1+I4w6w/jkk0+g2tl9Effll1/u7etLTk52dnY+fvw4M12AYcTHx4McbNu2zdTUtKuri4UHKcFfRH/nnXecnJ36+/uZf2pqqrW1dUxMjNW9ezMzM42NjTt37rS1tfXw8EDgr776CoQDwc4YGtbW1paVlb322msnT50CI3F3d29ubs7Pzwe/8fLywt13796NXCGwpaVlQkIif1MCgUAgEIhhbIVhmNy4CzaQmZ179bZ5n1hibm0/MKCkGpNTUw2ixmNnjAZlMi/fwKSUNIQ/Z3w9PSsHqvf0xSutbe3wPHH2Um+fGOTjrqXtmhFDM8P404cfMoYBH7CWr3fsaGlpiYuLi4qOGh8fh6YXiURRUVF+fn5KC0pLy10zs//0Z39mZWXFND1LtqGh4dr16wgcGhoKQvAXf/EXEZERHR0dv//DH6Kjo2/dupWalsbKNTQ09PobbzAucuDgwfr6+pycnG937cJPyMCx48cRS6FQ7Nmzh23I+PiTT8rLy+Hz6uuvs00exDAIBAKBQAxji5ibmzO6cksslsDt7O5tfO3ObXPrkZHRru6e4PCo8OjYm3etwBUCgsPZYxR7Z/ca7hUdGweXBlFTeFSsk6tnXb2osLi0pbWN326pzYbBnj4AUP8//slPhoeH4xMSPD094VNVVfWvL754+swZcA4+eyMjI3/zt38LVqGi78E/wB6ampq+/fbbtLS01NTU0tJSBNu1axdv3piamnr33XfZvtHLJiaNjY0ZGRmMvgCXjI17enpmZmbOnTvPdoGAfxgZGfn7+3t7exO9IBAIBAIxjC1jmVvrz503vt7W3rHCvX5zzvj60TMXO7q6T52/3CBqbG1rP3r64sDAoJdvYFZOHsLctbQtLlVSjet3LEApcvML71jYQBkPyoYkEqluG8brr7/e3t6+wj3sADOwsrKCGyrfy8uLRYyOjjYwMCgoKECA2NhYJAsi8pMXfso/W6mtrQWZgAN04dXXXhsdHf3mm29KSkpWlAd8ScfHx42NjcPCwnAJ9iCVSn/z29+KRKL5+XkkCzqSkpLi4OCwwr0yc/LUqc7OzunpaaTQ0dHByBYICkIykwYxDAKBQCAQw3goG8Y9O6fevlXTQmdX910rO9CFmPgkW0fXgOAwDx///oGByOg4ZsNw9/ZjNgw7Z/f2js77S0uePgFWto63ze6VV1TpYBjQ5ceOHTty5MilS5e2b98eFBQ0NzcL//DwcBALPuLVa9eysrPHxsaOHj26b9++jz/+OCMjg0+kra0NnocOH/7000/LuPyAauzbv4+9XQI6gqzu378fNzIxMQHhyM7O/u1LL927d2/v3r1dXV24DAwMZKlZWFoyumNnZ48w7L2SkJCQyyYmK9oP5CAQCAQCgRiGvsBiXfjSBK9cxycm2DpeeFwEfFQcnH1iin+hlLeOqJyHwSwHIDSzs7O8eWDtLIr7KsFWMzA+jsDqGVYoFMLbITwYCZ8mksOlIG+T7HUYVgQ+GJ9//J2cnMDd799f3Llzp0gkIoZBIBAIBGIYjxibfT9T43HjvA1DpP1MT22ea46l9Z7L2m6n4qMWYFn//IvFYh9f39WtJCv0niqBQCAQNGuN0bGxNYZBp4ZvsgL1Yxu6VbuSYTS3tK0IztPUH7x5Q+Ov6v4qPmsHjC7rSET4tRTBl08eFIdAIBAIBI0aSq5QrH2XhGwYT4PiSaT9dQ2NVBsEAoFA+J5hZHSMfVuVvt7+dBjG1NR0WUVVg6ippa29qaW1uaXtGRdk8rnIJwkJCQnJ05TWttLyyj7ulAdiGE8NU1NTYolUIu2HcA6lwKEU6epfiZqINfmseq5FEUu1xJVo8JTojLI+Vj8fTCX8g/xryeSGBRHmTbz+78apSR6kIFZLRKzppqqBJapVIdYj8yrNtC41yYNbiNXaRUfiqjUpzKdk47oV83eUqPpItLSRWFM3EGvpLSqe2hLR3d/E2nudWLtbc2NJtGReW3tJ9a3DDQedRGdFSTQlwgdeHePqOZToSk1Hw2kYehK9CiLR1D81Dh/xRjOJWGf/1NZz9MmetmKKN6wiiR7dT6K5Y+jo2zqCiTWN4g2nL/W5S6gRNCQl0au2N+4hEl09X+sUsYGi6Qe3GOZOWqKnJAQCgUAgEJ4EiGEQCAQCgUB4KGh8GYIYxhNtgtlZ5QEYgr9za+5ZNZ85NZkVBJ5Tc6sH1vHrnB53nNV+X21hdLt1RNE/Y7OaKkS9yDoSn9OvtvWsN5Vbq2RAd/3rc5dZPULq7jAbNsqs9t4yq8cddXdIfVp5U42l8dazm09czw6s46b69BwdHXJ2ox6+YR+Y1RRsVu+Bo80xu5mxoKNo+owFfTxnN6qKWb2nqTktdTW3pf6jf7XrmDQ0pqC7ZXXfSM+5S7fSmdWeE80pLy7eJxvG02R2i4uL9aKmgqLSsoqqkvJKSCknJWtSqkVK9PYsXZ+mjmAbRlcPs6lLfe5YouWOJZushBItZdcduEQtyoZF0LM5NpuyesZ0ZFVHQ5forBZtP5XoV29bqBP9W1930XT46+jnJevlkeRZd8Y2rPkSLYFLHm5MlejRD7UVrUTvGtBdwzomn5LNdCQd9aB7sJfo3e1L9Cva1ubMh5muS7QntdlppGSr87aO6VF3XRWXVRSXVozJFSu00/NpMYyBgcHK6lod1iQCgUAgEJ5HSKT9VZyC+34yDMHRH8uPJKmHD6PCMJQnbrW2Eb0gEAgEwvcMivHx6h/CqeFLyg9q3H8cWpz7VMf9rUVcWT01vHmz7IRAIBAIhGd5eb/yAzw1/FnS4pq/fEYgEAgEwvcA388vnzFtPT8/n5GV4xcYEhwaERwWKWps4n9ln+FY/XzX+kvOLbjkvsgBR3hUbEJy6sra50b5AAuLi0NDwyvcF96d3DzLK6tW1j7Euvbhj3W3EDAJYhgEAoFAIIbxHDKM6ZkZ4+umXr6BUOEp6ZlHTl9My8jacpolpSAPNer+oAi2Tm7MnV9Y3NHZrTEz6tYLYhgEAoFAIIbxXDKMmZlZUwub6trV4rW0tn299+igTAZ3dm6Bi4dPUUkZsz2kpGW4evqWlVficmBwMDgs0t3bv7dPLJFIS8sr8GtqRpYIRKC1XS5X5OQVFJWUOrl51YsaEdfHP8jQ6Gp8Ump8UkpGdu7IyCgSqa6pc/Pyi4pNGJ+YwGVFZTXIB5KNjkucnZ1dEey6IIZBIBAIBGIYzx/DuG1uXcrxBqbRTW6YVlXXZuXk3TG37ujsMrW0ramtT03PhKO1vaOxqVmuUJy/fCMxObW4tFzU1Nzc0rZj7zEvv8DOru6g0Ii4hORB2dDvP9oBwgGaceD42c7unpj4RKMrt+rqG8oqKvcfM1R+GKy55cRZ49q6hoDgMAsbh/v3l9y8fI2u3kaCF0xu4HbCTBLDIBAIBAIxjOeSYZRXVDHPpaWlK7fMcguKrO2dPX0Dyiur79k5paZnlZZVXLp6OzM7FwFq6hpu3rXi02lpbbty02x+fmFFuQ8jJj0zG4Tg8nXTxcVF+Jha2ICgtLa14y4svJ2TW219Q1hkdCr3OAYRz1661tPbFxapjAsf0BH/oFBiGAQCgUAghvF8MwxTS1u+eKAah09dgEaHZ0pa5tiYvE8smZiYxE/9/QPO7t7m1val5ZXXTS3ZFk6gsanFys5pemYG7ojoWCXDkPYbXb21sKDkHMbX7tTVi2rq6m+Z3VvhtnyCstSLGsMjY+ISk1e4L7OfOGeMu4RHxSanZsAnOjYhNDyKGAaBQCAQiGE8xwxjenoGJMDK1jGvoCggOOy44SW20yIzJ8/C2r69ozMtI6uzq7uuQQTJKygEP0B1XLttAR6Qk1dQWVVTWy+6fMMURAGx/AJDouMShoZHdh86lV9YlJyafuq8yczMDFL45sCJkrKK0bGxm6aWIBxd3T0nzhpXVFV7+wW6ePggM3aOrvGJKUgkMCTcw8efGAaBQCAQiGE8xwxjYWERLAE0ApKRlSOWSNmvS0tLZRWVQaERSSnpY2Nj3FMMkIqkgUHlJtBB2VBCUmpkTLxEKh0eHimvqGIWi8am5p6eXrFEcuHyjeTUDMTtE0tWuA+LcIQjQ65QgF4gADxFTc1RMfG46eTUFC6ra+tAROBobmkVvjRLDINAIBAIxDC+D9jw3Extv/L+La3tV2+b84d4agyv4slf8g9f+F+IYRAIBAKBGMbzSim4I7OUR13dX3/+FVP5DEzZC07cWuZPx+IV/9rejhmxWMJ2ejKesawJLE3hoV78rVUS5E4Nb1mhU8MJBAKB8D1az6/8AE8N12hpUNHu2pS9Shjdxg99PpPGMYz+5pY26o4EAoFA+J5hfHziB/SU5BExk+VHldAKt+2jvLJ6cfE+sLAI3F8kEAgEAuE5B3RcT29fdW39yvf16+3PvhHl/v2l5pa2/CLloeTFZRUkJCQkJCTPu5SUVRSVlJdVVLEjIYhhPE3cJxAIBALh+wVtKo8YBoFAIBAIhEdgrSeGQSAQCAQC4bGDGAaBQCAQCARiGAQCgUAgEIhhEAgEAoFAIIZBIBAIBAKBQAyDQCAQCAQCMQwCgUAgEAjEMAgEwiYg+MYNfdaOQCAQtsow2KdE+a+Y8p8n3fLU/JAzO58Ztc+mq87+2vL5MPnfFJYE4C8fWqU9bNUxPNrvsKyWbnnpqXRrYdHu37/PV7J6X+Uvl9Zja7XERoOmMNr8H28fQ9mF3/hVL5fGbvlEe8jS0+whOkbWlqc1RGFdju94WxuqGmPpyPbDTBSrhSVyTHjqDENHZ30WPkquz7dPtX069eEVtqR/cHpmVltS2tJ/dj7m/jhy8mjTZKmhklHVm6pPFW2hEkaHsnl22mv1K8lyxeDwiP7ZUFEwvM7bsOza0nscBXvktTQxOSUdlD2SSWxTza1emUKG95DDZ7MprA//TM/bBGIYD/oi/ra2tZeWVfT3D+ByZHS0pq5+fn5+Ze27G3wwBpVFpPAYc+FagdcBPE9nPvcFq0zhmoxhfHyisakZGcDfqakplbuwNfTo2FiDqBHRm1taxRIJf4vFxUW4FxYWqmvr5AqFIOKScMpQv6m2amlu7xqfnNIx0UzPzOBeVTV17CMxXd09La1twgyrV51whhLWJF8/a9XFV90Daw0fXeXoeOYpGxpuEDXV1tWj9qpr6kbH5EINtOpY4TKmpfn4hmM+yyssM6uZb2pu6ejs4lMTloXPnraOoXsGH5+YRFWv1tX6qZN59vb2lZVXQMorKru7exa4hgaGh0fgw/oqMDc3V1FZJZFKmbu+QZRfUNjW3oEuwSc1MDiIdErLyhGxp7dP2EWVX8hdy39Wdk5xSens7GxySmp7ewdfItbH5hcW0jOy0AmZ/yLnL6wNXG6o6VkA6eBQd59Eh2JAD69vaKyprW9sblEoxnn/gUEZhirrDEodPDHZJ5awNCenpqqqaxFlkuu9fMr9AwNIqrauAT+hk4xPTGjoIZraUWgdEfYQ1kvX+u0K30OUudKvh+hZSyNj8tbOHh2jVS5XYPQJpyD+7pjcpNJ+Zd+oqkaD8rYWrgjLOjLDZx79pLS8Eh0JHQSXdfUNQ0PD6gNBaJAQuhe5ukL2Oru6hdMLm+7gqTJ/apwoWBj0q7p60Rg3tFXqlvUE1j8x+6EDMLdwIiIQnrQNA4iOTThzwcTOye30BRNMUhhIR88YjcnlGy4FhMsp1puHR0ayc/P1IdTqCpL9La+s+uDL3T7+wbaOrhcuX2/v6BQqeHaXelGj8bXbc3PzyHNKWoZKahi0J88bN3OaXjjg9bdtLq9F6ejpm5ya5tLRsETGdG9l63jD1NLK1snU0gZqLyo2wdnNa8N1pMZlKNhSVU2tPlUnnO6FjrDImF0HTrh6+to7e9yzc8K0qLLWV7mv8FI9w6yqoa3zCoqYj4e3f3hkDP+TjkWe/lXNKnZiahpVrc1Wgb8+fgEGBgb/8svf/fjfXoHjvJFxN6dOiopLcBkQFMwCy4aGcJmSmga3nYOTgRL/Ff9iYuP5bKekpsPn9T++/9NfvcriCjUNn/8/vPfR2fNGMpkMYfwCAlWaQy6Xw9/Cylplya5W8OUNyz44NNInHdBhX7G0dTx51tjTJ8DR1eOiyU10eFYnMXGJhkZXeHYFRo7eCMfU9PTVW2amFjZ3LGys7V2mp6f5AYK+cejEOXcvPwwue2f3Ac4qoNJDVrQsstUbmqXZPzCYkZ3LfJByaES0SmBtPUTPNTeLPqYY7+qV6JhJwBrPX76u8ScHF4/0zOzR0bFvDxxnzECo0bUNBOaDynR29zp36Zqbp6/JDVMbB5fZublLV2+XlFVsOBBUeEZQaIR/UKjKdJeQnGrwd7/GrKtjjhX6zMzMHDe81NTcqm6+EoYEqTp86vzE5CRpRMJTYxhsuSbt79/+3eHxceXaqLdPjGXN7OxcV3cvG4RTU9OYQVhXhgZl09nQ8DBbCqyuI0dGFePj/DR319J2enoG3R0LqdUF3/z8FDfNsckOgdklFlgDA4MqY6mopPTKrbtskRoYEm5qYc0CjIyM8qQHSyVLGwesIzFF4u7ME8NJJhtiSWG5wG7BcjsmVzzQDQoF9JCeDKOtq3diSoMNg2U1L7/wpqkl8wATQn0iMxJp/2qGR0f5vGH9hPpcWFgclA0JJwJkeGpqNZ/gByHhUay6UDPsjrMcEBd0iktzjLXLEJIeG1OZxTx9AzCLsQkUnrgpyBYfhhl1GAvk3cwMwKwd3Pw1y2qSr+qS0nLQOCSIXGHlxNbELGOo/KW1lRPuxVLmi8NsKio8VZv+mJicQlXrYBhBIaHQ6BWVVUiwrLzcwOD/+vyrnegA1TW1HI0wKChU0qDBQRlz9/WJ4QgJi0CYktIyZlhiVZeZlY2fyssrFAqFg5Mz3G1t7cwwJhZL+G5z+NjJ6zdvo9SpaeltnA2DFVAikbK+mpG5asNgfUwskfA0dHJysqenl1ngljcq+8DQcK+kXwfDuHXXKje/kOkzsMYde4/m5ClJPKiGgcFf+gWGsJD1DY2MYWTl5N21tGGGFgyEec5+w+5lYeOQlJLGkuJ6yDzfQ5RafG2YoOGYTY7vpcx2gigz3MBHAcfW+kxxafltC2vWRdGReK2GnjAoG+LZ6moHHhkV9hB0IWZH0fFgZZVhyMfBQXUyjMqLJje4njnHWcUm+Bz6BgRncRwIg3SRm8RwN8xFw9zDKR6DMplwvDCHp48/+AQrPv6KGpsxis3v2VVW1/DrGT4dJI4BwuKCiGAaXKtYOW4Xl5AcxTFdZsdlCZpb23+7/3hMfCILibwxexgyozJRsBZBOnfMrZENpb1tjSdh9LF2AX9i0wKISGdXN2/dkXG8ih6gEJ4ow2BDF/rly28PYJ3Kz48dnd3g2uiLGJAYXaaWttdvm8cnpmB2w1h1cHa/edfqnPE1TB/o4tBql6+bHjp5vrq2DpQCY+/QibPQSaAaLh4+zAJRXlmN5S9bdWEpgMB1DaKWljZMnbaObrjX9MwMn5+ikjILa3uWE6zpL1+/g5k6Kibe5ObdK7fM2Bq6pa3tttk95BCDtrS8Ej6Ygi/fML162xy3AIPx8AnoH1CuC6Gzreyc7lrZ5eQVKKehikqze/Z3LKzjEpMfhmGwS6SG2YE3CwP5BUWoKDb7XzC5YWHjiOmgvLIKqghlxQry8KkLHj7+iI5ZydLG0ejqbcOLV8QSaVtH576jZ46fMYpPSkGlYYnJDOCZ2bkx8UmYxeydPeyd3Uxu3JX2D2DdY27tYHbPDrpEyDC8/YMio+P4zMzNz6OwxSVlcKMCI6Lj0F6BIWHXbptfu2MBf8w2CI/6MbOyyytQ6jCE8fD2Qz6/OXC8sqoa+uDKTdNjZy66evpgJYcM19Y1IBim1ys372KVjIiY0XAjZM/ZzeuW2b0zF6909yitCwlJqfgVVV3EZUCbUYdnGO06GUZwSBioALQ78ywqKsZlU3NzfYPoH/7ll797820Dg/8BHY+uAn/82tvXB4epmUWfWLw2t65uQszKzsFPMpmMa69CuKura8BU/ulff/0vv3zlg0++rG9QlnHvgcM3bt2BDnjvoy/y8pUaPTA45K9f+Pn//Y8vXjS+gt515MRpZhqB/0uv//E3r/7htqnZ/DyUeveOXXvfeOuDP77/SWtb24Zl35BhoJ7B8/gABUXFhkZXWR/DeDS+dicxOZUxDGt7JzhKyyt27D2C1YL6UvienVNGVg7vD/KBsVZUXAo3hlJoRDT0IkYoBvi12xZ19SJoMf/AEGsHF+ShorIawWLjEx1dPNCHv9mPHlKDHoIRevT0BQx2F3dvtHiDqEmZycJirPhvm1tj0Q9KAcXp7u2HLoSReNzQiPWQ8KgY83v2SLmmrn7DWhpTgGGIdTCM8opK9Ek4QKEwrTi4eOw+dBLLFaUBzD8oJzcfaphlBsMWN0WG9x49k5icxkhJQHAYfoW+x2gVPnn5/Jv9wppkwHxYXVPHmuDKTTN0ezcvX2QDc+kNU0s2m6WmZ0XGKAdjfmHx6QsmTm5ee4+cTkhKETKM3LwC5LO1rePE2UuM9Le2tSNvyPCRUxcw6JAmeDBWU5hjj565iJyAWFy/Y9HY3OLlF1hRVc3RmvuoW0yVxaVlmBUxSdbWN4C6Obl64kbIp6mlDVZ9mJeEthMC4Uk8JWG9DTPFzn1Hv/ruUHhULLMQYNZAxwVdyOcs5GZWthhLGDl7Dp9iyykoTvBxjBNMQ0zlnDpvjLkA6gS8AaMFXP7kOePmFqU1D/QFnnDYO7levWWGBZBU2v/tgePgGYiC3o/RyGcG8+MxQ6OmllbMaJ/u2Iu4GKLIDxKEMsP0hFh9YgnUJALbOrqAOoChf/HtAQw/rJ/A4nH3gyfODQwMIgWwGWid7p5eTArQ3Bj/mVm53MpjXNfuMP1sGJigI6Ji3/9y18mzl9iaJjo2HmtK5HP3wRNyuRzLjlfe+RwLa9TSe59/ixUwFrtgEo1NLVgrN3GVA/UAHa+05Tq7s/UoSnf09EWEZBM6phuk8+5n38QlJOG+6ZnZICWY+6DkDp8838dNf2yfAfjB13sOo9UuXb3Fps6q6hpUVF5+IXxAU6CczhlfBxEcGRlBXRUUlZy5YIIFFioQ059UOuDp7W/j4MwiIp+oybSMLDtHV0RBeNAFXM7Ozu4/ZlhVrXygExIWaevgAp8Dx88iY5xF2h2UcWR07OPte7gJ8b5uU62+NoxgpQ2jc43MQUXhMi8vH/n8i3/630XFJW+9//G+g0cwQf/D//41e0ri5uHFzBsHjxxnj1TYQ3RmwwiPiExLz/jnF3/zzgefVNfUGBj8uY2dA/Tl2QtGP/rXX6OLnjx99uZtU1QUAoOUtLS2whGfkNjfP1BcUorWMTD4ryGh4c3NLfBPTUvv6emFA4n7cg90uB0JnXK5YsOnXRsyjNvm99gwZBYmZADDEC0CnQFeiMXuP/32LfQxLAAsbBzYKyL+gaHvfLoTiq2uvkHIMMAM9hw+CVZhdOUme5qJdgQVQE+4cPkGmhvqGVpqbm4eCWK5jEv0H2hljCA08fjEhK9/EMY+IoJrcrbPCUwIt8ys0J/hhvJDZxsbk0O7oy1wU9AO0CBk6tT5y4x8g6AEh0b0SaQfbtuNEaG02K1tt9qIYWxgwzC+dptZHUw5Ew5yAs2NX4PCIjBLoE237T6E3oiOiprBor+5te2j7XtAqsDjMRAW79/HfAWKPLS24scIxVzEzFrcFp1VknrtlhmGMOoENSCTDYFWog5B3RBx35Ezk1yHx9omLDIaVYrGwnILPmAwIPrCZzQgWGXcAgljNjdfuQSqqa3HVAZ+MDo69uWug5iyMH0xCxwoIDgHsoG2w5oEvJCVt7OrG/wD65wjp84rd4oobaULbe2dWK4gLoqD+ZPZbolbEJ4Ow2AqCpr7y28PgAhDaWGWwXiKjU/CsgazORYHWBROT89guhnkFn/pWdkgzszQhzVBcFgkdBh7SnLPzpkZDLGIZ+ZlLJeZ/RZKtJhbjWFN//V3h7FuwDi8aWoJvcVnCcQcysnGwRUDsoAbG9b2zmyxrlyLxyZAi2O1qqQsyyuuHj64O0jJXStbPgXMjOeNr2MiDgyNMLpyC0Xw9AnAGMZQROm+2X8MN1XZKrVZhiGMi2kX+X/70x2YLjFVQb8uLHJ21Kqa8ooqcCOEqa6tu3HHgoVHcRhLA5PANOHu5Wt2zw6XiBgTl8hUyPnL15kNIzk1HbkdHZMbKSnCOHvUjdLBE8zjtpkV2zvGGAZScHLzHJQN9fb28ZZbMBgoPDbHYW2KuuKLEBgSfvbSVbAERGQMDD5gIewhCMhcP8fSvHwCWHhvv0CoIuhOZoTndmn0Y5pDMGgdaX8/Z3TJc/P0QXUFhoRhHYaamdH+Ms5mn5JAizNPUWMjsz00NIjggL5vb++AY8+Bwz/9+b8nJq0aqJClmNh4+Jtcvc4nlZGZBZ+33v/o/Y8+v3z1BmhQWXkFfFq5eTwvvwBuVMV5o8tKhjE6isvcvDzQETgmJibWHgFM/eLlN4NDQhMSk+B/CQndMn3lzbdjYuMqKqvg8+mXXyenpLKHRw/JMFC3rFHYM0rom4Mnz4HdQmEnco88uJX0XXBxNBC7I7PeQyeBcUq57dvseaWdk1tAUCgUIbQj/xAhIUnZQ0RcDzl/+Qbal7+7o6snUkYPQcogOmjosIjotAwllYSGPnzq/NjYWH2DiFFkZef09lOOx7IKZ3cvfkPAzbuWUG+YFto7OthTFSyvsVxx8fCGpke2Wbl015I+DOPyDVNuFIQkp2awR1cYR6AU0PRgGOBJoAtgM+kZ2RHRsczIhzkK2trLL/DSlVvwBDvB1MebysRiCRZCrKKEO72u3rzb3NKWlZPr5LZaTIxoD28/DAdMOIwwxcQnoWIx0YF+saLFJSZHcEs4tvETiX/+zX7kDRMvmhhLrxXlHlKRpY0DS9PW0RXzlbKHDAwWFpUgfYwsLLSu37YAn0CaWBZiJkQKuBF7GISVSVJqOn5C+541uoo85+YVfHfoZHhkDCgLGTAIT5Rh8M8LZ2ZWnxeGhEVFxcRhgEF/41co+7OXrkXGxDP9BA2K4cfMzinpGejZWDZhaVJb3wAGwFRpTV29Nccw0LmxgGAMo6ikzJxTos5unoWcSRazJHTb2my4bqcSBpWphY0wn/bO7vxzSm//oISkFOQQOVEyDE+f0vJKEP+LJjf58JhKkG3Z0FBYZEx4VIxKqbHCCAwOw1yDlceWbRg8leG3enEGmzYsRDx9lfoY5AkLqdT0LGaKwPR37ZY5SwcrSNRSvajx0rXbmM1RveypEGZntsgDw8B6kT36RWEZw8AiiT1hBSNhmy2E+WXZ8/INiEtIEv6AlsXEtHPvUbZ4woQIysL/ipRDuZ0fPBCArXjG5PJ9R88MDY+gvaBdVvWHlx8YRld3D6ZR1nZo3wuXrw+PjIImMvUPjoV5kIXvHxhAUzJlo23vp75PSUKVT0l6entZPzx64jQukcn6hgbePzE5hRkt8gsKwYbZ8h1498PPjp04zSeVnZOLMB2dnfwtamvr4FPGca/o2Djl4xip9MKly7dNzRjDyM8vYM9TmO4B/YL+/tlvXsNoYf6VVdXQZOAlzNaNMeIfGKSkJrl5j+QpCdQ272NubY8+wGU1gVmqEAaD8W9+8R9oKaSJRufVIVQs2yzCOKilrSNjtzxQFjdP3+8On2RKF52WjVAGZzev1PRMYXh0J8Yw0D+/3ntEoVCg7NYOLqvh3b3AqqEmmZ2D2UjAMDAkLawdGpub2QC3d3Zjv4LeXbxyM+zB5tDlh3lKwpQ0KBSoFVPMWPZA32MSyBUwjIzM7OCwCG78zhhdvQlGjtHKHps+aALOASqAKLGCMYXZY2l5GZMPBju0Pl9M6HhUPhgYwrPpNDIGYzEFAxzDnBUhJDySDUN2l/jEZKMrN1PSMzEDYOB/vecIore1dzJzL3ukBfKBuQLlQjrIBloK1PaupW1DYxN7zIQlHyggm2TY3i+MTfAJVOyFyzfY7IQ8+/gHYyXAmNzTOrCE8INjGGxkihqbsHCBCsRi4pv9x0F+sSw+ee4yBgFWSIZGVzASMGIHlXsqRwyNrrLZPDouAcMS+gbrVIworKJ2HzzBtljuP2aISQTq0NMnABMWWAjGgAm3vDC1sGa2WegnrOlDI6KwwELi/DuQbDUA8rH6nJgbEs0trQdPnMW0hdXhnsOnZLIhhD99/jKzB6Rn5YAkHThmmJGVg8kUXAdTBnKFpQlGLJYgNbV1YEjJaRlY1oPr9Pb1YR2P/LA5dwsMg5+GUAlgThj8UPlnLpggDGYBplDvmN9D3jA7p6RlohRY1WF5wdIxvn6norI6Nj7JwcUD8x1WHhe4HWpQGMgVKhAKG4oB0wcKvu/oacy/sqHhwyfPM7MElPqR0xfKK6uwOgTxYkSETSUePv6Ys1BeLBNRRrlcgcShjaBFvjt8Cj6Iu33PkfqGxqKS0qqaWtzr2BkjND1UY0xcIqZgcBSUCDUH6mZupSSF1TW1uB3bZOPq4cOoHvKJImMRdv2OBabRGe65CXsSgbkSPBK5QkNjrRwZHccIyoYMQ7cNw8PLBwr7xGlDk2s3/uonPzcw+HO2N6KgsAj+XZwhR6nhXN0ZIWBmiT37D+85cJh7zJG78uBdkjTOStHBJw5Ns/fAkdf/+J63j5+Bwd+YmlneX1r68NNthucuDnNPSRAFbMbg//mnHbv2Oru6nTh9Fj0Q/j6+fuMTEz/9xb8fPHI8Kjpm154DqK7UtHR3T6+wiEgEAHd5eIYB7u7o4oFxihEKMorLEW4HsV9gCM+80ZmPnrrAtjqGR8baOLigz6P1EZgpPLZuNrtnd9fCBtyrsLgEVGBqehqJuHp4YwRxw7YcnWfXwRPoWmg+dGwkgh6C8HCgoTFj+AUEX79tjqGFrsJWAvj1m/3HEEQxPu7o6ompAHlWPhNJSunu6cFYzssvRM0bXrwi4vQiRiiyh7GJkY6CePsFRXPbWTbYh7HRTs+iYuVcBIeLu1cYt1tLKu3fc+QUmB/qIS0jC6v/j7bvwSXYgKePclsYio+co5ei/8OB4QaNnpSSNiPYFgbPD7/6DpmsrWtADZjcuDsGun/dlHtBfQLTEeZApVXpxDmMkaWl5WNnLoKrIdb27w6j82MRcuC4IWg9fL767jDLmLI4Y/Kd+46xlRtv/kGVihqbzxlfYz6YNqtr6jDQQNnRRX38gyxtHFAKUIdajj1jovj9h1+x91NGR8cwAWLWDQwJB1vCHI5VCugIKhnDGazRzMqWGAbhKdgwMDeBEGDIQT/V1NZztuUB0HNMnVivQBeKJRIsdrFGx5oAmonpucbmFqxdQBSgZb18AzGDF5eUoQej+4KROLp6QCkiBYwZEGrMjGwRVlRc2rmmDDDGMN7cvHyRAnsiwPKDAPz7rvyc2yBqQlIYY8yEi8Ux27kJzc22evSJJRhp0IvIFUaj8pkox+sRHhHB/TGlzs3NQ8tCTSJkP/cOy4ZPSTq6Nb+tyiKiCFhEKo0KIeEDg8oE60WNGPyY2uyc3KDOwa6OnrkYFRuPqmM77BAROQfLwXQMiubFPXdgtlBUgruXH5Y+mI6xBHFx98aKB79iXsa0iOjTa685YEZDodA6SGpB8KZAfYMoJCwiJCwyMCQMi1q0JmKx9kIU5dSvfHxejwxDr7RyL1Cg9kAEcd/8wuKFxUX42zq6RkTFIjozDoNYgOKAJcjlcnaOwgr3+klUTBwmPqSPEqHdubcBR1mFQ3Upj5FIzXDx8EbZ2f587fpjg7dV17YKVfsHBHr7+Lp7eMYnJLJDUFaUZwx0+/oF8K/VYEr18w9sbmmB1ikqLrZzcLJ3dCpbezDE8tDS2urm7jk0NCTkPaj8kLBwcwuruPgE9twdjuycHCTo4+vfIFJuNmpv73BxdTc1s4Aym5iYRPiyMuUjP3BuJHj95u2w8EhmVkEYMwurkpJS9eOw1Mu+4duqUA/BoRGh4VFQHlDPM2uvcaEpG7nhwJgThgCzT8gVCjAPtA4Wzey1Kb7yQUyxfIe/f1AIehdaPzM7l40UdNdkzsCOMYLxgnsxo1SNssP4sccfnDEpHGtoxA3hCssseegh0OJQcuge6IRsDkEA9LR87h0f9BD0VTZGOjo7MWzR/0GyQW4Sk1PZOxdLGz0l6eoV6wgANsOGWAW3sZpZWUAsMEeBNqF0GP4YrbjkXwtXviiUnsn2yqAyMaA8fQNQzNXDYNbyg7UK6h+zBoY5m77QCmz7J9ZjmEwweSJBFh5kBbWHOQ0TTi23gxW3xqojKTUdFctsD8xOifHIVD4bwqgxDCIkmL/2cjiYGfo5hg8mCt+AELQUCgL2g5rkn3xhycdOAUFHRVkwuYHfIMzomByX3NxejlkRrcnecaOnJISnsw9D3Qda7dR5k+zcPMxcWI4o34B4uMPs1t1Dy331OXJRXVdt6gBHfX59cOJWh9YTt7TNdEzLnrlgAlYEhmFt78wIxCMZ3subrDrhIk89jHoUMys7PrfaSq2jKrbQEPyJWy0d3RpP3NLoo7Eq9DxFbVOjYMPE9Tm/WXfZNzxxS3PZ1z9bVDnFYVM5VNlkoDuujb1z5tqmqK30kM1XI0ttdEzR1tWziXlsaRPtoqPSdGVseWlr3Ub91lubGcCobpvf0z86HSJOeNIMY2XtwDh2fiN/9Bsb1TLZUGxCclBoBNg026+nfvac8BsQgnl/3VcAVI625CcOjd/y0Kg5+FWFtqNy+HNC+U+rMEsEf5jS/bWzCFf0/hYAgmFxyd4902bAX0tQpfhK2wAWneFRsfyRCSpnf/GXwspZEXxAgS+v+hwkPNlT/QQtYbus+4CLQJfwraPS4o1Nzcw8oPIJBm3NLTy2lT+EVKUIGx4+tsIdjYqq1s35NH6eQ+VjE/xxqHwYleMRVzR9yoQvEX8X1qYq375RSfBB31urK+Z4EH5Jr6NjR8bkA2sHROqglRqP01U5EUtlQGn8LomOHsKu1HvIqsrmkgJ7Zie5qX+kQ6WHaBv7Kj1kw0+ZMFIyPjkp7h/Uh3wLq0X91toC8BOL+vGXfEkfnHUraHoVh/rIZd8H0dgPNV6qnI+nPlEsrYWsqxfxJxqrj7hNDUMC4XExDB2LYz35uDoh0HaIpObF2CPKobYAOg6y3IKNR5/0n0DV6SjsWq3qWpbprhAdudrs8l3/ZZNeqWk34Wy+ljZa164sa1xxalzdPmQf07smlzc3oleeZg/Z8pSy5Vp6HAZCffrMhrWhd86X9c+Y1n74IJHlJ1Z1BGIYW8G6M/aXiQJvYqpS+Y7Dc5Rzaj7CFrQggQYsgRjGY7FtEKjqHlF1rfyghEAgEJ57hrFMIDzz+CHTUAKBQHgupmUDIlmE5xFdIwthFfLoanlMtQJ/o5V/NTq0iVznpcbAcp0B5FoCyPXLgNaMxdYoIivlcXXjE3NkxyAQCM+5DYNtgSYQnjUsKT8jeX956f784v1rqf0GFm0Gjh0G9t93cehQFtOiLblhbGVlmboBgUB4FudnTe8fGajYYPG3r6+vtrZWJBI1NEAa1v5uCNFmQj7CYI8WoseTjugh0hc9A9Wy4a1FT6Cq0SXrGxqaGkWVNfWJOZUpeVVp+VWped9/QTFR3rSCKq4SRDorU9swFD2ikSja5GB/Mn3pcYxrkZYpTvScTEEPX9hHmKbo2Si4SGdhRfpFFD2Ntt7a+BU96vxozgYAzgDmsKK2m1iDDWNmZmZiYmJycoJAeNbAuuXU1OTi3DRkYW6Kk+mFdW4VT6FD3V8lvEZRucWUpgAqd5/SnviUHhlTTURZ2Nmp1UqgfkAgEJ6taXmc/2AZ7cMgEAgEAoHwxPdhqJyHSCA8g1j+oQkNSgKB8CzPyfQuCYFAIBAIhKdmwyAQCAQCgUAghkEgEAgEAoEYBoFAIBAIBGIYBAKBQCAQCE+IYSwvrztYkN9Byg4D5YOx/aVKhyC8tkQ03ki5iZ477ZxPav2vSxoPESMQCAQCgfD8MYxlTZ9jFmp6lVdWNJIA9dda1L+bojEMNRiBQCAQCN9DhsF0/MzMbFtnd2tHV0dXz9DIKK/4Jf0D/YNDfLBesVQ6IIPj/tJSZ3dvY0vb+PgE/+vU9HR7V09Le2dnT69cMc6nL7SL1DY0QWbn5ovLqwZlwywp3uZR39iCNNVjrV0uESMhEAgEAuGZYxj891iXBNYFZpDo6hV/vO/Md2dM9p299vG+07ZuPiNjcvh7BoZ9fuicpH+QRb99zykoMg7uwIiYN78+8uG+058dPAsWwpICQfn0wNm9Z69CvjpyvrC0Uj0PZnaud2xdkeDvth3MzCtS+dXY1PqWtZOKp47nJnxZCAQCgUAgPL7vtm/WhrEsZBj/9vF36Tn5MzOzDU0tH+49bWbvhp+Do+IMXvrI+I71/PwCgl26bRWdmCYdGHzxw105hSXwrKytn5icYsm1dXYjkYKS8umZWQcP/w/2nJyYUv7U2dPb1du3yFkp7Nx8zB09ZmbnkjNz+6T9SvPJ7GxbR1f/oNI0UlxRXV5dz1Lr7hV39fQx28bC4mJ7Z3dPn0Tb9g4CgUAgEAhPzYYxNTUt7R+USgf6xFL+KQZjGN19kle+PFBdJ2KehaUVBq98OjAoi4xP2Xf26hvbD3kHR8D/rq1zdGLq0PDoH3ceMbV1aW3vZESHKf72rp6XvzgAT7gj4pPf230CyXoHRXx+6NxXRy9Yu/qAKLj7BVs4eYKU7DW8UtfYPDE5aXjN7LszJghTVSdy9Q32DAxfWlr2DYk6aXLn6KVbQZFxk1PTngFhhy7cOH75Tn5xudCqMTYmR1mk/QMSKQkJCQkJCcnWRar82w+VCragL8Ng5g7EqW9o6hNLkEpvn0QuV6xjGL3iX366t6yyhnk2tbb/H29uQ7CAiBgwg5LKmh+/901WXpGNi7dPSCQClFRU7TplbPDGl0Z3rEe55ylKG0ZH14d7T921c7Xz8P9f7+6MiEvOLyn/H299LekfGJAN/f07O0sqqr2Dwq2cvcBvPj9wpqKmPiYp7eP9Z3A5NDKqGJ+4be3k5hdS39Rq8NrnmXmF2QUlf9h5JC07/5P9Z+DfPzg0MzO7ItgfOqpkGChRPwkJCQkJCclDiUT5F1oVbEHK7X9Qf1xioE4vRkfHRI0tGh8xMIbR0yd54+vDdaIm5gmlbvDmtuHRsZCo+Lv2bvABFXj5i/07j12MTU7n49Y0NP74vZ25RaXssr2ze8dxIwsHd3CLsqpaLlbq9mNG7NeD569HxCf7BEXYe/iDUhw8d7Wips7FJxCEg0/Q1MbFNzQ6p7D09zsO+4dFh8cmgZGAoICaHLt065SJqai5dYXeQCEQCAQC4bEBbAGcAcxBXeFqYBht7Z1jcjnjEyr7OBjD6Ozp+8u3vo6MT+4fGMzIKfiXP+3yDlI+FnHyDrxw6x4L5uDpb2DwK5CPzu5eJ6+Azq6e0srq//7W1/WNzWs2jG6DVz5r4l4GYQAz+E//sa2xua2ptf2//Mc25XMQn6BbNi5gGH/ceaS8ui45M+eVLw+A3zS2tIml/TcsHRy9Aju6e3/6wa7i8qrhkVEkPqZQ9A/Kmts6PzlwxtLJU1hg2oxDIBAIBMIjBGMF4Axt3J4HXQyDobWtY2JiUiNVYWn1iqUnjG8fN761z/DK4Ys3oxPTZmZm4O8bEmnn7rd6P8X4sUu3MnILQAgu3LT84LuTnx0wDI9N4rZwKnPQ1dO349jFRs7MsLi4qNyhubAQHBV/xOjmwQvX/cOikVH/0Chnn6CJyakjF2/UiZqmZ2bv2Lgg2f3nrtU0NLr7hXgGhiNiUnr2XsMru05ftnL2ErW03bZ2RrCb9xzbOrpWdL5dQiAQCAQC4SEBzgDmoNdOT4Qbn5jQkRYIgWJ8AmEgM7OzvIVganp6kntVhD82Y5J7PQQ6fnhkVK5QCC0lC4uLcsX4/MKCSuIjY2MjnLEFQGpIAdEV4+Nzc3Ms1sCgbJwjQPhpcu3NlDGFYlA2tMClNjk1DVozroUkEQgEAoFAeIQAGdgEw5jQrp7VNzXwdhL1By5KerG8pO6vcW/EhoeB6nk8qD4/EQgEAoFAeAo2jAmdBoB1nxRZWhLu0hCSgPv8d0nWDuIUqnyWiPpJ4cKQfIJCHz4A/ysfa/3t6OEIgUAgEAjPFcMgEAgEAoFAIIZBIBAIBAKBGAaBQCAQCARiGAQCgUAgEIhhEMMgEAgEAoHwLDEM5asc2j/Vyvksr78UXikjq8R48MtqIP4u6qdwPnCvT3RZmJgg/PLK+hRWtJzsqZJhYWBhrNXSrRVieV22NaavehdBVpf5HAvvpemO6pWpXmnLKolodK8vo2pFLauVZ0X9jWK1Rn+Q/sqKlhupJryyLAi2vKJewxpzpKlHPQivUrcqSWjMMB/ugefKBh8gFnSAZfWSak6cc65oHi/L2noa38dWNHYe9aoQVuOy5nGq2rvU+o+2rqJtlK2slUxt0Gl6l11tiApzLmxHtQCqXUW9+OvrVrUjPOjMy1piqTTNsnpXEY7XB8NWcF8NY0RlwKq1AsuYhnpTj75u/hH2VLV21Ni11NNci7i+ypZVJreVDXqdlqlPqCpU5lp1paCxNbUP9hUNFb4uD5omquX1+md5fWddP0LXusqDDrPOZ4WfGNclxVwrwsAr6+KqfuKcv/k6H9UoK8vqGk9DtWhoFO01qToVPbipBj2uaULbYJIkGwaBQCAQCIRnzIYxNTXd0dnd2dVDQkJCQkJC8kMTcICBQdkjZhjMKoJ0G5taFOPjI6Njow8nSGFkZFSZzpichISEhITk8ckYJ7xD/VLlJx2eOmRUu3t0veeoprgqWeVlZHR0mKnLpyrIwJhcIe0faFj7oPqjs2FwDGNwcEgi7SdDEIFAIBAIP0DMLywIv4X+KJ+SDMqGevskK1q2SfLQsROE95+fn+8fGGxt72hsahU1togam7m/JCQkJCQkj0pWNUtpeVVxaXlxWUVxaYXyLxOhW3ip4q8upWuicqmeuMpfdU+NyQpSQ85r6hrEEul95QfJV3RvtHysWPuU6UxT82NiGINDfWKJSiFR7MnJKblcAUF49gV23fQC3KKuobG7p0+uUH4rFVEWFgkEAoFAeCxYWFiYf3TCoHK5oDPMlmVqanpgUAaSUVhcOiiTqShTHXzgMfGMmZnZJ8EwmI9saCgjO9cnIMTDJ9Dd2987IDglPQtsSwe96Ojsbmppm5+fJ3MTgUAgEJ5DbPzK6CNX83KFIr+wpLOrR0+S8ZCmDm3RnwTDYBUnHRiIjkuMT07r7O6Znp6Zmprqk0jTs3LDomK7e3rV3/7HP9ROe2f3hg9TCAQCgUB49pjFMntawetg4YfEebfGw2a2rOn5FBYWF4tKynp6+/QkEFu+r46IT4ZhrIzJ5ZExCSVllbNzc8IwCwuLNXWikIiYQdkQTyxYvQ8Nj/A5I25BIBAIhOcLTJctLi7OcYqPKbK5uflBmUzlSDFoT7lCoRIRv4KgCI9fgz+75P1ZYOGlMIWZ2dnCkjLF+LjSZ3lJIzMYHR1tbGycnZ3VrWrxU1t7u0QqXdF01N7MzExjU5NcLldJ5HEyjLWdnkBpeVVUXCILoLLxEwWLS0rNLSha4PZkoAJZmMbm1snJKaIXBAKBQHhO6cXIyOiR46dz8/KZZ09P7y1Ts9umZs6ubgrFOB8sMirGy8cXjubmlrExOeMl6tYOlSX3EgdttoQl7rKnV1y/9r6oRhYyNDTk4e6WmZnJdiPoULiFhUXuHl5isVjFWAL+lJ6R6ePrNzI6qpLbJ8QwIqLjq2vrNR7vrazT1raA0IipqSlGzTibh6K9o4u4BYFAIBCeU3rR2dV18fJVA4O/S0pOWeFeijQ8b5SSkgq3qZmFf2AQHx4hQT6U/uaWNTW1fCKyVev+CluBT01PrxoexsZ4RT6/sDA8PKLOIZZWrQuzldW109PTK1rOced4T7eLi3NW1gYkA0wiMyvLw9O7b41k8PTCw/MB8xBGedwMQ8zc/kFhbMuJxtPjZeBQPgHjExN8w4gl/dL+AeqmBAKBQHjusKa5e8RiiX9gcGJSMi6lUum+Q8fY84jOzq5Ll68yxQ+UlpXn5RfW1tX/xzt/Mjx/qUHUODg4aO/kYmPv6OMXsLCwUFFZdeeuxS1Tc1+/gLj4xHNGl++YWczOzo2MjDi7ut81t4qKiV1ce0NVhW3UNTTKhoZXVtS/efLgsUtXV5eDg316errwgY5KkRifyMrKBp/o7VNu70BZ0jIy3NfohTqeEMMIDI1o1nTsBiuGWCL18gti0RnD6O7pHR4ZoW5KIBAIhOeXZAAe3j4xsXFwNLe0XLt+a2FBaY2QyWSG542GOMUPhISGe3r7Qn+fPHOuqLgEPpevXg8OCQMFuWdjF5+YlJaeaWxybW5+/qKxiZmFFfwPHDlRU1ObmZWz//Ax+I+PT/C7SlVoQVNLG3tnU/djgf5+qY+Pd05OjjZLBm+0yMjI9PLx6ejozM7JdffwFNCL5SfMMFafkqSkZ6Vn5c7PL6gzLFCKsoqqmITkGcFOk65uMIxR6qMEAoFAeE7BFsweXj5x8YmcSaP3lOF59rqDWCwxMr4yzu3BBEBBQsMj4bhy7aaYe0Ni+zffISL83Ty8SsrKk5JTIyKj4O/rHxAbnwCHf0BQbm7e9PTMhUuXL1+53tTcrMJseHdzaxt/KsTk5KRUE/r7+wcGBgoK8m9cv6bDkrEssGQcO3HKzt5Roum8iSfCMATvknR09fgEhvb09KlHlMmGQiJiQLKEe2v7xNL+gUHqoAQCgUB4Tm0YjGF4evvGJyQyhfr1rr2MCoRFRN6zseMDR0RFBwaHwmF43qitrR2Og0dP1NQqN2TMLyhX5pHRsYFBIXC4e3ojMBxePr7p6RksekVF5Rfbv1HZaMnzg3pRE//5saqqqqtXrly7dv3aely5cuXGjRtmZne//PKLc+fOgW2sqO0w5dOcnZ3LyMw6edrQ3sFR2/ORJ8owFhYWS8urouOS2to7cUvmCSrX3dMbFZfoExA6JlesNYmyACMjo/xRIQQCgUAgPHfWi8nJyZS09N17D54+eyE7Jxc+xSWlR46f9vH1P3L8VHdPz8q6d0n8GIHYsWtvR0dndU3NsVOG4RFRVta2rW3tScmpvn7+CODm4RnOGTM8vX1yc/Oam1s8vHyiomNd3T2Z4UGFYczPz1dW105Mrr7IiTCKB5Cv/idfdRQXF5mZmeIve5NF475JpJCWnuHt49vV1Y0MuLl7sD0ZGm0eT+5MT5SzrKI6MDQqJT27pLwSZU7LzAkIjcLfyNjEotLyWUHtoHiiphbGReiNEgKBQCA8XwYMpvUaG5va2tpaW9taWlrZT2KJpKSklJ1+wb9QOTo6yg75BhWoqqpmJoT+/oGi4pL2jg6EUX4xdVi5aUM2NMRsFUNDQ+Pj47gFuEh5ReXMzIyKumTKVNo/UFPXoI0BCNHZ2eHu7lpaWnp//Y5Rvkgra2+OeHp5M9OF8u2SzCyQnr6+vqdmw+Ar8f79JbG0v6C4NCE5LSEpLbegqLunD2RieGQ0JiGloLhMSMEk0oH2ji596oVAIBAIhGeQZOjw1HSmp4YTP9VNI/okfp8LCa5QUlYxxL3LurS2D2FpPZiCbmpqtLG5V1hYqNF6wTA7O8vohUSyznaQlZXtvkYynuDbquttGLpZwvDISFxSamFJmfDQz+aWtj6xlK9ZOjicQCAQCM8LvcBf7lOdCwvc9zof+CwsCN77WD2jk/lA0/G/spD4yw73ZJ5CByMILAx/DKjwGK7q2nr+LU4d2rOlpdnBwb6kpFiz9WINBYWFHp4P6AWvkRnJ8PbxG+HeAH1SJ26pfflsmR25pdYS7PfhkdHw6Piqmjo+iyhtY1Nrl4avlhAIBAKBQNCMufn5iqqahsZmHfSC6dmBgQE3V5fi4iLd9AL+HR0d/f39K5pODZ+dnW1ubuEf/TwdhiGgFJq/7zI+PsEOTOVjocyd3T2ippaBQRnyqn6yOoFAIBAIBKXZ4/59xfh4a3tHYXFph+C7oToMLePj493d3QsLCytb3ZDw1L58xs7D0OfhhjonEjrGJya6e3qbW9oam1tJSEhISEgen5RXVpeWVz6fUlVRVQN1zL7qtSFpUD88Q39NrZtk8F9EewwMg0t6YFAm1nkWxxaI0sLC4vz8wvwCJ7xDeDm/JuoBFgQ/Lax3aAypHlGfkBp91O8yr5YHbZ468q+jpAs6U9Yn8IKWGtCzRDoyPK93fhZ0Nta83o2ou+bntfcN3RU4v1ERNszVvFq/VS3U/AaNsmEzbVifenb4eS230GdAzW+m6nTcWlvTbNjH5vUYFOo9QWNv37BR9J8TdMxj2so7r7M+dUyJOsbpvJaJSMfd9R+Vm+2cumdvHVOWeqPMa59m57XflJPZubnZWU5UHHObEW0R1f3VL7UFmNWeDnfJjuN8hh7WzM09eobByMugbKizq2dhcXFm9mGgrDKWAvI6N08g/HCg3MBFtUCNQtgQj7pRFp5bmZ9Tso3Zh1O7jwZoFLlc8bgYxvDIaGl5VUNjc11D49akvqGptl5UWFJeV9+45URISJ5HQeevrq0vKimHg2rj2WmUmrqGwuIyqopnSpRqAo1CauIZGinKv5i+Kqtrm1oeD8OQDQ23tLWPT0yMyeW8jI6N6ZAR7i8fWK5QyIaGElLSR0ZH4RamQ0Ly/RYMnN4+cWpG1vj4ONXGMyKK8XFp/0BSaoZcQbXxrAhTE4mkJp6xRkFzJKdl9orFLa3tj4thNLe2Y0zyBAKYnFBMTY7rEIXiAQtBRgeHhjCeh0dGNmQnJCTfJ8HA6enrS8vMwVil2nhGBG0h6e9PSc+k6ejZEaWakMlITTxrjYLmwAIJy6THyjDaMFGOjI6BzuCmsuGRgvqu1LKW1HJIq9LBS3lrSllLRlV7S+/Aqj0DUda6zpCy6yh9qOVIfgiCrq5QKHp6wTCyGcOgzv8sNIqSYUj7sTLjfahannqjCBkGNcoz0ij4i+ZISc/CMulJ2DDQ8gqFvFcq+9Au699tMt+wz3rVLuu19fJ7+6x/sUizT6wawkgGA1rtOmTDIPkh2zCyyYbxrNkwwDCw4KHaIBsGiW4bBscwxE+IYYyPK7rFA59YpydVtJc29ebVdxeKegoaugsa2N/uspa+OxFlxzzzBoexgJMPjehiGGBJQq6KsDp+Xf+TBrbF/8QiCqOPaIqrnr4gogZCp54ZtejasqQ5rnoYHUUm+R4wDGHf07ho0OavbZGhsQtteAuVYOqjQGNgbcGeX4ahcULYcKjqnn9Uwqs0kD6Nu+HMoON2G06Vzx3D0H9W1KFNtDWx7llXQ7vrPQaVskml8AzO/0+HYXT1DexwyOqSymanJ+Ry+cQ4fnwgszOTITmiQx55shElwxhWYxgj6+dffocH21cisGTKuV8VvA3t/2fvveOiStZ1Ye69Z9/7nfPH95190j1h7xP2OXuf2TN7Tx5Hx9EZZxzjmHPOAcWcUckoYABRHCSKKCCSc845NRmaJnSgoYEmdjeZ5nt6FSybprtFR0fUen9F/xa1qmrVqnrf533eWond28FghPooqP+r+n5tdzf5JY2rF+hkvnRLMkkBcjMLW4zN1FzuVusqu9aqXp00ztoGu80eSHXu40hN1s/VM3Udmqa3cg1jsoIRPSHqpA6IyOnu0a4VrE6y1VlNm2wU5F9WzVjT0GoF7C6mIlNAZZBP1ZvsfTsYhgZ0sEOqMbBspsbYagAXW57dnjwLurCLIEOnGjKwINOpDc10d69Ta1ffRIYxeVImjyTJ1zAH9rqkVuVn0Z7sJTl6GtR6XLZBMlnq1sQiuVanoFFR3RI1evKOMoyNjok1wmZwi1apJmfs6en2TizVwzDUNUAgFIkaxWTcoV7NEglpqkcma21r4wsE4qYmMuItra1IZM7QTlOzhJ0YbLAVcTRUQZtNzc2NYjES9qIiW4AcBbXQPlOyEXvJkzJoFtVQBZ3CLnUmhAIisRi9ZecePZS0tqKHqI5tkomW8S8pw27jF23iQG3t7WiHnDs2cAiBUEi4C3NGzeg2iqHv1DG/vWsY7eMK3EyuN7PqhF1QJ+R3y2QsYCEfitTA50NvJ9xtzeARtAW6SvgEq8/IaZa0MHrewnJc6CoxGWIXQpRjTGOyFSAHZaTMR6hVpZqaSAF0AxvYSw6HAmjhbVnDGCMTjA2qTpk4EuQQ04adIhfjQyYRkIjBZFsjs0kaQRlMG8qjEWwztt/EzgLGkICPOnyzOSwyoHFoAkEG0iX8kllA+fHDdYwfbnL3VFBJ7pwj7b8Rq00aDIOdFPRfxCB5B+OVySiRc2THDRyYMQeVYhPTIJgP70O2sYuAP4FiJGiyqmVM9/jYYlrZBlUMAJivalDEPlJBesgeV71BKYPtaJMAODtr6o6AKBixoPGKYpVLZSaRdRM4IvZShpGgYhg9ExkG8yt7FsNg1d37kc/6zdvnfL84MDi0r7/f3dPLzNIaVB0jHp+YtH7LjlXrNs2YMx/52JuRlbVq3eYqLndwaKi0vHzn3gOYDEy8TC4PDY8w+Lv/LCktU/QqME+XTS2Wrli7Zv3mBUtX7jt4GLP1+EmAquWuLkVvr6u7h7nVlf6BgeTU1I9mfL191751m7Ynp6RiV3FJ6dzvF+/ed/DHVetuODgSK21tk6I/MbFx6OrCH1fduetMdCIiKnrluk3L12xYsWYj9soVcpzXOePLgUEhvX19qGh07GRIaBh663Hf6+MZc7bs2HPQ6FhpWTkwC+Pg6eW9aNmaZas3HD56EsSlvqEBJ4u0ZcfuS6bmrWMDRT3028YwgC/Q2Mrq6h9Xry+vrIQiQRnwm5dfsHPvQSjAD0tWPvTxJRiHXz//J0tWrN2wZftX3y6MS0gkDJX4yPCIqI1bd363aJmruydULikl5b8/mrFr38H5S5aHR0alZ2Zt3LYLjgqHgyYjHxoLgFu9fsvmbTs3bdt5/PQ5dCY9I+ODz75CO+s370hMSu4fHMjJy1u7aVuDQBATFz9vAbq5efnq9dB8HP2Rr9+J0+fQYblCYWphbXfDnu3Pm8swCKmCVdbW1W/fvQ/nu2LtJnvH23A8crmcU1xy6OgJ2Pj8JSvuubqjJIAiIjL60JHjwDQV3MnlhUVFS1euBRxhWCqrqo+eOLNm49avvwOshYAaYvoSkpKHhoeLS0sX/rg6v7AQxWDgGDfUdfO4/8mXc+vqG9iRBFih2PLVGw4cOsrl8QCSH8+Yi/lat2nb7HkLa+vqoCor127EnKI68ATdW6lSmxXOLm7AOmhCVEwsmfqh4aGsnJxzxpcEIhGhsG8QwyCTAvKEE1y2at3qDVuu2l0nJ4ICp89dOHL8FIaRRKfw4jdv3cYsYLRNLaxwplDXXfsMsQGHjfEMCQtHRdtrNz+fPc/Q6Bhwu7i07KGP3zfzF6/btHX1+k0/rlqflZ2DIW1j2kSDDred0BqS5RUbdIMQCMz7yTPnyAo0fu1v3f563gKojeGR47zauqpqLvRnzYYtGzZvm/H1d7edfgLLP3byDDxUX38fiMf+Q0dgVpijmw6Oc75bCNcDg+LW1ECpngQG/eHDGUbHTkDTIqNjCO147VP2ehmGRPZCDAO2gQGtqKwy+F//nJOXz6urY8hB7917rsdOngaZKCziGBj8yvexP/SpoLAoLiEBe3Pz8g0MDKBV6Al4xjc/LIHqQCHETc0wIex68PAR6SS8dRGn+I+fzIyOjeMLhFAsN3fPC5dMCcPArJ8+awyDj4yKXrZqPap7ej349e8+grKCYfz+w5nojGpxglldIEOMDv/rHz8NDY8EiGTn5qKRzOwcA4O/A46jGOgRjs4pKUVnoGnoNk4BPQEo+AcEDo8M21y7YWZhBeYEzT56QnWCgB4Dg/8LKK+uqYHqg/PW1dd/PPOb7Nw8DBF7aJreSoYBBwNu8d6nX4EoA0egn7za2o++nOvs4gp1TcvIhDpBK8BNwyIisQ36ixguKTklr6Cgs3sssIbC/OGjWYBR0NOc3Lzevt7omBjwAKgorKalrU3Y2AioQjsjSiXYuYHBPyMfXueLOfOTU9PQExwUPYmOiQWGImh2cff4x99/jHz4y09mfQfUg+HX1NYCr8GbYaRAf9COv/3dn9MzMjklJdB/4CmB+7eAYcB4cY6ffjUPpl3fwP/3D76Iio7BCIDY2V2/iZzc/AKDf/i9l/fDgcHBoJDQDVt3kkATYwiX/y9/+Bj+o629HXHIJRNzjHNmVjbCJGCF7+Mni1eswSFMzC0xmDgQWfaAYmDuVqzd+Bf/8h5YBdrBYIIcGPz17zBB4BxgkJgFuLqyioqtO/YAptAN1EpNS//TZ1+hERwRM25jd62ez88rKPz1f/wJZdA9+DCoDQItQE1ufj6CMTjIN5ZhiL5ftBx6DpD8buGy+w+8Ad0Y8A8++/r/+e37+QWFKAMjcrzz01fzFmCgQLngztFaZFTMpu27QRNPnzM+dfaCymF3dsKdOznfwzTBJJtVS3TiiqoqeH1Ux4FUyyRMAIw2nX66N2PO97DQsvIKaAKYIgY2IzPrj5/N/svfvg+vBJaAfp69cAkOpaOrCz7I+LIpcmAjTwKDFy5bXVDEUa1lSCSg7ySEximsWr8ZXgPxLXpl73gHfQAduWp7DY2Dax44fBSMRKhaBRG3d9I1DIZhtEk1tRYz/lAvwyCqA2tBOAXKBuaIxuUKubOrGyYMwAqoPXnmPEyRcElixsC1HXsOfPPDUi/vR2AYsGQwDEwbrBFBf3pm5vFTZ8Ei0TIqQlO/+Po7xB+YORi5u+d9Qmyx666zC9gGjhITG4d4sba+Hpxg/6Gj0D8wjE9nzYO1IxyESnX3dLOLLmAGiCFi41SnAN26YmNnbWOHXqHbOCI0GHqGf42OnUTQiQ3U2rX3AJgE7AF09ez5i1AmMwtrB8c72ItdPn6PBwcHu5gFGzRYVV29eNlqkKTE5GR0iSwGUvf8ljIMOej1rG8XgMtiL/QnJDRsw5YdzNqAXLWYd9+LKCQCNagrVGjSmnA3wAux3aZtu1JS07ALmAWuMHf+kujYWGgvgK2/v/8nFWU/A30Dx0UchpbBKpauXAdzgJpB5QaHBlEeER7Cdyjknv2HoI0IsucvWQX2AMOBZt6644TYEboqbVdpPpzrQaNjiNGJU3xDtVQrw6itq5v7w9K8/HwAC3gY+AGo26xvFgCCcKYYYbiuRctWoyScxNadezHImDL8Cz/34Yw5mAUAzh8+mgly0D+AGKMLM9vJAPShI3BtFxDp1vBqUR6HQ8JghoSGW12xgd/atmsfmdZjp846u7hhpgiOoW84NCbl4OGj4RGRqk839PZixud+vwiF09Izvpq3EN5IwXQPbHLhsjVQm7j4REzQmg1bERZDxw4fPQHG86YyDJFo6ap1INnYBSr80McXZ3rd/paPnz+QFhvkUtTnX82D2mN8mJuWVIiKOVq7cRv0H+pKLmSjWRNzq4smZvGJiQhBUZKwkzPnLz7yfTw8MtLeMXYTDMp//d2ihMQk0iAhhfg1t7wSGBL60MfP9vpNzBGYClwJ5gvtoOXzxpdRGFUwL6s3bIXaoKtQkh179geHhil6FaAOW3bsiYiK7usfgM+yumoLTYNmeNx/gJIAf4BAbHx8ZlYWWUeZDvP12hjGBscErqAZ2y1MCIOxJom5HNX1IOEZ92GQhVaYNKji3/3uz4BC6ASmCgwDnMDxjhP4PqaqsqoKcT8cM44OBcJ0QjPg6THBew8eBtNDI4C/I8dPZefmvv/ZbJB34t1hUV/O+T4nLw9zj5x7rm6YTsA3Gndx81AdZWAwITHxk5nfrFy3+e//80OQX8xxAaK3md+AOty95wIfQJSSUFooCjTgy7nzL5tZoP9XbK/ddLgNCCb6Z3XF9ob9LRwIQABWgZ5j135DI6Dw0NDQT/dcZs9bCG60fssOwAHKr1y7MSw8AkeUMpcJoayA+yXLV4MG3Xa6C6Lzhi4+0zR1hjHzmwX4hZ7APQArQSnI5V4Ygn9AIJx9a5v0yIlT4NOwQdDrZas3eD/0IWZIHBt0CSEdfBuAD/8mJCX97k+f2zvedvPwrG9oGBhU6TOMJSk5Bc4GPB5uDwzjx1XrL5uagzfkFRRAUePiE/70+dfL12z61T+/h/gPbCYjK2v5mo0g8eS2jBsOtyyv2MIEWlrIteQO0OhV6zZLmJui3iaGgfhk+ZoNBw4dAbaYWVoDtuBjVq7bRHw/jBS0DGE0hgLea/vu/a3MOgSsnjAMNJKblw9GgmhYLpeTeIb8IuYm61KYbhRjr3MdOnIcsQoYg4HB/4uwWBV77DOEE4UOMDe09ZBLAHB4AJOg4BCCZilp6XO/X4xDgwNBKwCt2EaV+ITE+UtWoiK6BxDDbIIP2dhdB5YiXnpDGQZfIASZ27kX03IcuA1iDbX/9Kt5YBhPAoM//vIbgVCI8h/NmJOVkwtEVV3UZiYLjhyM5Mixk6hKVrvRoIX1Vfh7+1u3o2Pj2LFFNHv/wUPVpStmakhYO3Pu/MysbDRIVptgpHUNDX/6fHZAUDDoyHufzBI3NSPfwurqomWrzhlf3rX3IIPbqogRlojguYEvYG6iatm6c09kdAwTJ7Rt3bUPHSMx6pKV6/7lvc/APsm6Jpr9dsFSB8fb4Pot08a4XuednrUiiULW3c689EL9TaMKefejpDL992GgNSg9uanC+5HPd4uWYYhdPTxPnb0AEpCUkmrwP34LfIRawCz/5Q+qxdv0zMxtu/Zj/rJUVygMfli8jLkVVPj9omWnzxk7ObsCHcytrhCThkrN+uYHWD7QHC2Dy6MYphxV1mzYcveeKxgrYgLQ24IiDgJBogH5hUXgAQ0CAfqgfid/U3NzWXk5MlPSgAUGwFZAj8H//m1ZeQV0iLmmY5CcmgZ1BDCBNTNL0HUGBv8EcMcJgmjfdHAEynz93WJOSQkODXqybPV6oaiRWZTmoH2QLfSwspqLbtBnSd4FhoEgqaSsjNzLqbro8Ff/DmBi1vYa4KU87ntB30Agvpwzn0AVYp4z543Zl/cDZ0GLoS0IrH/35xkwssSkpPWbd6Ak3NjYHdAdHddu2P/mvU/Onr8IzJKrnGgtcK2QUzyiVJIwOjo2Fs4S4Lhs1fqo6BgYfGZ2zrLVKoYhk6siPFAWa5trquUKqRRVgN0Ojnccne4S9/kW3OmpfpVk0XLVBXtMARmc8srKf//gC4wwc9NfI0JMu+v2qsWMsIgdew6Qe3VVaxiFhZ/N+hZuCZPyD//10cNHvsgEvhUVF6Md5p7u5oVLVyI6IgyDeJTi0tJPZn1ramF93d4RvhAQMTA45OHphdlHT1ALk0KuZKH8QaOjIao4uHeMYcxfjFOora//P7/5Y3BIKLkPHTiG0IssZpw6e161TMtcLgEjRMem/7Korqsk6zZv933sX1dfT9QvJjbuj598ZXfDwf7Wnd++9ymgGzMF1EVCRTgaUGe0BmXeb3ikSSIxOnbi8NETZEUc/uWRrx+sppvhW8SLw308eOijWpMYv96HsUImxg1HhOGgQSnD22bM+d72ur3NtRsffTk3Ni4eVc5fNLlqe62mthazT0YYEwT/tWbjNigM5gWZJ06fs7S+im1OcQmoJLwSKp45Z+zmcT8uIfGHJSswyzB2d08vtIZzQQv0adXmTbcTK/nNIBfiVqmkrZ2kZua3o6vLK6HU0E3fVRI5Y5Y/LF2JWQQNj4qJQYB1685dqAK5w8X9vtd3i5Zj8o6eOA0jVE0bQrGN22DVMCEgr4HBX0IfHvsHrFi7qZG5bRsG/Ns/fkbmD8TWwOAfEVKQ2QLhOHXuAqK3jVt3AhpgwINDg6Fh4ZhdFACyww65PB5YPzZOnj53/ORZFzePFuamX2gh2OsGEOmDh1Hd1d2TrMuBCM+ZvwTaM/u7xfdc3QnWoAXEi9t375u/ZAXoLQwGoGB11dbC6gpG8rq9w5zvFzM3MIsPHDq6fPWG46fOrtu0nVvDq6tv+Kt/eQ/HuHDJFIyEvnPm7b4Po6yiEr5h9z5DQ6Njvv5PoDn+AYGfzf4O6rRkxbpLphbQEMArHAOUBwZy67bT2o3bAI5kcQu/Nbzales2IwBC/oOHj1RXSWJjob3Gl0yNjp0KDg3D4XCg1PQMZAIccQjUgub/8dPZe/YbXrhoAv1Ef4DXs75dCFzDBkoCxws5nL/9z48rq6pJlSs214xNzNAUeYoBJc0sr1hesWGfn3qb1jD+4jfvw/HDA7FXo+DAZn274MiJ07BrYFE9n48RIPfHnDe+vGXHnmpuDXNXigFABqOkWhP6Yg7CYiDGnbvOCKmJmzT41W+yc3JRF9AhbZcCFq7YXkNQjkPjKOkZmQb/9B7CDIAtdADQBzYJuMsrKCRVQG6eBASSFa/E5JS/+s17ZOU/WjV9C46ePEO6B84BTUBwv3u/IbmAC80ByoF/TP9lUV0M4/3PZiOqRGCGU0CBXfsOuri5kyeoPR94r16/BXWrudyV60CxVHdcHjh8rKlZAoYx85uFaEogEv3Nf3xI7tLDgP/Xn2dYWtuAjhQzd861SqUgIq4e9+E1cEQy7zgQ9B+WtW3n3r0HDqNWZXX1zr0HQEQ6mGe24QV27NkPx4Z2sA2+Tm7ZJgwDvGHG3B/AMMijpwWFRQuWrgS2f7tgKWJL1EJhTNadu/dALEzMLDG5cJoPfXyhReAiwIT4xKQxh/vuMYx28satb21iLAPzb0VyrocV3gwvuqGWbkcVb3NOOeedKdH7LAm2EcklJieD6Xcwz4bV8HiVVVXjDw13YS9YRWZ2diNjHiAN5RWVxCBhXSWlZWinqpoLC4ci9jAP+JWUlgICmAdA2kAYURFNMffqqx76goVnZGYy1FL1+CsaBJqQLhUWceDjob6AV/ASFCsuKVHvLWhmckpqbl4eecpDRX47OqCjqWnpJBIldBj95AsEaRkZaIQ8ioJdIBAVzFMD4BbgVegANBs2kJOXB2TBXmZdrgWt5eTm4nwLCgvpJZK3+GlVsgwLBYOSZGVnl1VUkEfngWJp6RmYfaLkZHkWvzCQxKRk4BT7zBtpGZoDA4FGtTJPo/AFQtTNzoWSZ8GOyFIH7A56BeUn/6IF6Hxefn5mVnZefgEah19EAdJmEYeD8J30jTxCiVRdU1NVXT3+lg6V0wWaI73RDHjy06rIYcaqRChqhKMg3oI894jYA/OSm58PfCBrSIAODDWGEUMNkMFYcZjlClK+himP4SXDTmglC0fs/eOlZWUYbZlcxlyNbceh0SyQAa0haAawVHG57NP4ZeUV9Q188gwtM2Vj6MQcrpYATjPzPDMygYEAHKJ7TcyNoqRvb9zTqoRnANWh22RGJKqbXYoxkgTzMcIILFFLJpNh4gCeUGwEhJimBj4f8R6cF4rV1NaiGFrg1tQAdVUwm5WN0SbTgbECt1Nf4yFIDqAGswFE4+gwHLSAw2GCMGXoAGglMjFHaBPl2fUP8goGuCeQS3IWaKq2rh4Tmj9u2sRzIZGnkaEqqifSBQJoFFxMemYmVGiazNdrWMOAMxW3tF0JytvmkrrDJWW7S+p21e9Y2sH8u8stLSirWsq8Gkuq463h2MBsgZWT+2jITJDAiFRh9ipACcmUkBtzWM0jtUgVEl2R6yPsA9NkWYx9qJpcMcXhCJcnOaQRcicpODGpRYqxu9S7il0s1JKbsEim+tPbaF+9pHonSVjJzNl4fxQK5n6uDvVDI/igjvntfuOW+nSzF8hZhVfXW6Iz5J7iyS2Madr4lUe5WpvqxdQdm5qaKQggqlsBuThN7jFk3wTToxb+Eg0nC41vDcPQGCuN1y6x48w6IWAFufxK7sRiR2ysvOpClYLcoal1Ftg3oBAGSZwTKdA2fm/HODKMtUkKk1exsVM23j2ZOk4STWCBlIXNN/SNWxqTwv5Lxo0MBevIFYylkHNXHwRy2yxRZmJNZOLYsUXMOfn1mqQwsSatxyX3ymjYAhlzdfdBOjDZKRBPxDoFMu+sk3pHr5KwSdImbZS0ak/NraAgrWoTpvWdnhPerqr2pst2HXsnv8xY6xtb9b/HV+vLkqfyElld1ScXfuED0beGv2tvDZ+s/PrVSb9Oan1Z/nO9glrXi66f6x3Vb/pbw/W8ZF2/8T4TFp75tulnHvEFCr9Bk6XvreG638g+9UnRhbH6XxmuB73bp/ya/6k4BT2W/i4yDOaygL6k/kkh+uUzmijDoDfwTkOGQb98Nv0ZBk3vIsOQjsVMOlP7xA8uaH2nJ000vd2JvM+Yfr19uk0K/Xr7NJwUrW8Np+m1T8ov8/X2GvKW+5+pOq3MFUeqOjS9U86MYRjJlGFMN4YB3KQMY9oxjNj4Nuomps2kkGcyYuJfMcPgMq+im/AF1edIXT3MkzwR0XHkuz7kKzU00fQOJNU9X6LGxpj4JJlcRnLosLz2SSHfk4Mz6x77MDSdlGkwKdRNTL9JIQ9PRccliBrFr4phYNbzC4ura2qrqmsqq2uqnjOpqnB55ZXV8UmpFVXcKu6LNEITTW9igqpX1/CKS8sTk9Ngny9mQTS9/Enh8krLK+OT0gBHdFKmyaSwbqKSuolpNCk1mI6E5DROSRlyXtUaRmVVTUdHZ2ubFKnt+ZOqFvOUVdsLVaeJpjc3tTIPUjNP9tPRmEaTQhGJTgpNU0xdXd2N4ibQgJfMMEYZhtEsaUHro1SoUKFChQqVd08GBgdfFcOQSFoFwkaypKFkljXGftmk+lc58V92r1qVsXLKpwUmt6McnbCX5IxOrKXxr3JiJltFa4fVRaPDSqWWjae/Wg+ttf1JR3l6LB0H1XpEjSFiu6H16Lq2tU6K2jg9nSC2cS1TrNQ249p6Mvm8JhxdqXkWWn+VOg6n/ehKLSel1NNhpU6tUC+vqZYTZ1X71Gjo+cTJ1TXdGjqmHNU3iVr7NqEnE4+rpSmlvm5PPi+tR1dqMyh1G9FMk0x1skpoGogOlNAFAvrmS0etCRs6hlQ56Sx0qoo2pdKu1UpNsFJqm8pRHVasfnaaY6IDSTTRaXQSpKgrnm6L0zLIk3exvmBiP3XNlHY8VO+JumIodfRBdz+164zW445qgcFRpb4RUJ/NUd0OQivCaymmDVX0YKAuZNBlOFrPUanNj08yEHj/3t7eV8AwGAHDEIoa2YsmVKhQoUKFCpV3R3p7+yjDoEKFChUqVKhQhkGFChUqVKhQoQyDMgwqVKhQoUKFMgzKMKhQoUKFChUqlGFQoUKFChUqVCjDeCmi9sCOFhkZGZnK4dTLTLGK/kZelky9M2oPDVGhQoUKFSqUYbxsqqHD5StfoDV495dCLF4GZXn2IZ6X6Ey9Vy/cfypUqFChQuVNZRhoamhoqL+/f3BwUN2/smyjpbVVLpePqr1GRr+HRgFJS4tC0ftM+qJRC7/Dw8MjyhENNz95Qyt10Ghfvf8ymUyjHa1ngaP39PRoFJvcplYSpvbaFc2SWvtPhQoVKlSovDEMQ+vyvh6vRrx7XX39gUNHTEzNT5w+5+LmAaoxocnR0Vu37+Tm5WseamIjCYlJW7bvljFEBC1cNLWoqq7GdklJKSkwmRyQ3/DIKGcXN/bfRz5+nOKSyV3l8Wo7Ojr0nJ0O8qESuxv26RlZz5y2xKTk3fsNL1y8vP/QkYzMrKmMYXlFZW9vr/71D/JvDY9H+k9JBhUqVKhQeTvXMNQrImTHb3FJ6akz5xHl9/X3Hz52MjA4RHUOfX2dXV2kmMOt2zk5uWS7u6dnIgVRydDQENjJ//3Dx6lp6cz5954+f7Gurr6ru3uf4dEe2dgpoCKqa6wiBIeEGhgYZGZlk3zH207Z48eCS+7r6yP9tLpqR5jHwMAA23nSwhAjzK5BHJHt0ijz/vaREeW1Gw4pqWmqzOFh0iC6QcgQOyBJySlfzv2htq4OXKGsvDwrO4c9X1IFxchwyWRyHAgbzHCdEgpFbH/a2zvYLpFxUCgUYyznun0Rh0MZBhUqVKhQefMYhur6wlgkrR7Nj3k79fWGai7X0+uBOsOwvmpLCoSEhjneudvA51tesT1nbBIZFY3M2053yRpGQGDwZTNLC2sbTnGxutMtLOKYW10pKCw6cvwU8fSXTC1KSstCwsLnzl9y28m5WdLCq61FXVOLK4FBIeRyDOkMDnHhounBw8fImoe9gyNaw8bjJ4Go6OZxXyqVoqkZc+bDSQeFht26cxfV4fVNLaxEzFA4u7jV1Tdg29LaxsTcysv7ITrG5wvuOrtY29jFJyTddHAEO0GtK7bXqqq5paVl4BwOt51qeDxy1ti1btN2DqdYfWDRveDQMFMLa7RJyE1oeATatLvhcO6iCXqVkpo+e96Cq3Y3uDU8cAt3T6/bTj/5+QegZG5eHobR4fZdwyMn6usbcNBFy1ZfuGSaX1BIzYMKFSpUqLxhDIMvEGbl5JO7H4jzxm9FVXVBUTF7VYLkc2tqHng/YotVVFbuO3g4P78gNS191ryFFZVV4qYmJB6vduW6ze0dHR6e9+HjQSB27zeUKxRwt5t37Glrk7LB+lXba4SCGBodb2jgY8Po+Ona2jo0tWnb7kaxuKWldePWnaAOCOsPHDqalJzCnsJj/yepaRlo85sFP44olV4PvMEAYuPi9xse6ejo9H7kc8XGDn04aHQ8OSW1r69/9z7Durp6oUhkYGCQlp7R2dl59sIlePHT54zTMzJQ4PzFy3HxCWAYKJCXXwDedf3mrYio6HsubhGR0QMDAz+uWp+QmKhQKLq6xhY8ZDLZpm27mpqbyRmRRZr0jEz0oaurq7yicv2WHaAUIA3WV+2Ghocvm1o89g9ob29fvX4L9uKgyHe4dRuDv3v/oeSUtPiERJwm/vV/Eoj+d3R2njh9LjEpmVxSoUKFChUqVN4khgE3FhETn5yWyZKM8soq/6DQuno+u6IxOvGOgZER1QpEdTUX7t/d477vY/+y8nLk9A8MINqOiIw6fuqsqLHxvteDkpJSN3dP9u4EBOvstYw2qfTPX8y57+UN3rB05To//yfIPHbqrEAglLa3Hz91nmE/gosmZqR8YlIKqrN9QHkcCBsOjnecXVzv/nSvtKzc/haKOINS+Pg+RrNw+TbXbnJrVEsOgUEh/gGBoCCubp6h4RFBwaFRMbFgGJdMLciCShGn+BazPmFtc40c4p6r+wdfzNl30Ij8C14Cfx8SFs5ewujt61uyYl09w43Y213RCDgB2b7r7AIG5h8QhLr4NyY23tfvMTYOHz3Z3z+AucBAeT/0ASlxcfOorKqOiY0Lj4hUzSC3BuRjYGDwhoMjiJHG+FOhQoUKFSrTnWGQfzs7uwjJQHReXlWtohcN/MnNIo7vYe6HIC4Z7MHS+iq7F5kXLpki6G/g8/cZGonFTWAYYB5wmYQZoK6h0XEeb+wcgkNCTS2s8vILcnLzsH3O+HJrW9sV2+uqlQahaPf+w0y3JQj3yUEd79wFb2AP9yQwKDgkjBm1XgvrqwYGBnyB8IH3IxdXd3Is9Ba7jp8+X83lIkcoFC5fu8nUwrq7p8fL++E///Hz2tq67u7uH1dvaGlpQYFHvn5e3o/q6utNzK3g/pFz/aZDdEwcOh8SGkZ8PCjLhYsmYANsN5zvuZ45Z0yWZDo7O8VNTQ8ePrpz1xn/gogYGh3j1dZ6P/KNYC4boZ3H/k/ARTZs2UFO6sx5Y7Iw087czhkWHkEoSBGHY2N3QyaXXzazANsYpfdhUKFChQqVN24Ng+R0dHZGxSX6BgQ/CQ6rn0QvCKUAGzh89ITK144H/afOnid3UKLA0NDwRRPz+w+8Y+MTVq7bDIbhfM8lNzdPoeg9fuqcq7unmYX1fS/vkREl8b4r1m4it1AQsbG7HhAYbHPtZkVFJXzwtl37r92wb2wUB4WEgrh4ej04c/6ihKECJJp/+MiX3FuqWg5pkxr8zX+Wl1fAx58+ZwwvftfZJTVNtWzg5nF/8/bd5GZJbNy+c5dZS4j7X795n9zd6ffYn3T7oNFxaXt7ZVXV0ZNnyfniuAWFRYre3q079yanpAaHhoWFR96wv5WVk8OOm0wms7S22X/oCFo4dORERGR0e3vHJRPzey5u5pZXPDy9UAa0KTomFhsBQcHuHvexccnU4uSZ82AzpaVlx0+dRbN21+3BTsAwvB48RIHi4pJjJ8/iEE8CAjdu3Zmj+UgOFSpUqFChMu0ZhjrJSEnPrG8QqGdqFODWPI2n5QpFc3Oz+jOlcLeFRUW1dXWtra39AwNtUmk348URr5eUlNbweMRzjzKPh4hEIvJYB2kB5EACBtHSKmeuQaDl4pIS8jhGTQ2vpLSUfZyESDs8eWcnSzikUilZFejo6MgvKATbIK+ywC8OTVYpWtvaSH/AbyQSCdvz+vp6eHS0pzopubxZIiGng+50ModAm+A6La2tObl5fP7T8WFfxcHj1XKKiwUCIVnMwOCDOlRzueR80SA5LlrDmJCR5BSXkMbRcl5+Phmczs4unBfpYVNTE1mhKS4pRQvUPKhQoUKFypvHMDSYxFR2TX3RXn9FjVdL6W9c16u0dL2ZSuu7LvS8AEPrLv03QOhaE3pmn19sFqhQoUKFCpU3kmFMgS1MiS5MdvxaX3Op2bRaAfVGdL0QUxeB0Hgtpsa2Rt3J7evY0FJ3cgta+/zMDmi0MXkwKeegQoUKFSpvN8OgQoUKFSpUqFCGQRkGFSpUqFChQuVVMwyBcIxhUIpBhQoVKlSovCNC3P4rYRhjj0WoMwzCMV4a01Dqy1MqJxxoigfVLKbU0qba90i1HFj5rE6qf2FV43Dq48PuUj7rNEeVP2/8lOo9IfdmTDruxJFUKp9xTM3z0j8kk29qUWqfXu2ftVfq14gp6874SSmfdVKTlUSfdk3snlKpbQZ1Na5rcpXPPjvlVI1f32Qp1drS7OfEhrTcd/ziRvxcAPaiBZT6dumpOJU71vVUfS70Y1ubbHHKKQ6j8jlOQj/maD3TF5wj5eirijeVL15YORWzUuqA0J+hpUqlLqCd5Fy0ltSGxi/6eMSoUjklDVNOwRDU7ol8NWsYTNPNkpZGcROlclSoUKFChco7KAzD4L6SNYy2Nmkhp7Suns+rraeJJppoookmmt6RxOXV8QVCuUJRVf1qrpK0tLYhUyaTd3Z1dXZ1v3Dq+hl1aaLpzU1dVPnppNBE3cQbOh2dXTK5XNHbW1n9yq6SiBpfwlUS8mVUKlTeNRkeHpZKO+g4TCtB+NQmbafjMN2EuolpKO3tHeAYL38Ng4iWOz2f05IJyPIFIvXXhFOh8i64Mfz29fWzz3tT5Z8mkzI4OCgQitRzqLz2SRlzE9pe1kzldU0KvLZIJJbJ5FXVvFfFMCa/D6N/aLind0BXUvQPaajH8PAIGqFKQ+UdlP7+fnqv9HSTwcEh4CYdh2klYBjUTUxDniEWN/8SDIN9IUb/4LBPVp1DXOWteC0J+XeTqksF0onkVB/DAEvS9Vk16Jz+r3uQYs8s8zPrvvAhdJ0alXeLYTRShvGGMYyREe3Io2HRzzRwigAvi2GQkRxh5LlQ9+c4CCoYvcZfiGGMU4wuWZ+RV3ZihTib15Je3ZzBlainvLrWO3EVzvGVZIZHpsAw1LmIeobuXdprQZGed+yesxj90gcVyjDeoTWMZ35JcYrVKWi8rjUMOvJvEMMY/xR7t8LYJ1c+MMwSCA1JrxQ7RpdNhWGQJYqGhgby5XFsayxaYBf5fvrQ0BD7AXeWopKSXV1d9fX1bC0NukoKqzeLf9nWUBeHYK8Cko/CsxWHh4dIrba2Nj6fr94m245WdqxizcPDg4ODNTU15DvyGqeGDdR9XkpEhTIMKq+OYRCLJlYpkUgADsRUifGSbR6PJ5fLWeyqq6vr6elRj5IJ2rBIAtwAeow+XZEdpoP/vAyDdROdnZ0Y/Obm5snwizL4l8wRmRSSiV+FQsGrrdUK8lSmM8MY0scwYp7NMFjlMDY2zsjIIDRiXF1UG6GhoQcPHiwtLR2duIagQU5zc3ONjIywUVlZCVzQv3qmDgSkroWFxaRPno5oHCUqOtrMzAwbZWVlIpFIvauTOY2SwRsGxQZ/+GFBY2OjehmNJTuq65RhUJkODEOd7sO6L168GBkZqWHdiBZWrlrF5XJZ4929e7f6v+oARdyb8cWLMTEx7L+T4YKKfobBDteFCxcKCwtTU1MvGBtrhnNqQ9rbq9ixY0d5eTmbIxQKDxw4ADTW6keoTEeGccEnV9avcrHDI2Mv0mXS2LSlVYhvPWMNY2yjo7Ozo6PD1NQ0PT2daBj8MQkRQDyXLl1aVFQ0VrKjg4QCzPl0E3MlJQsKCg4fPoyNmzdvQv/YFQLCJ4DvqkUIaRspTEQsFqN9bGRlZVlbWxMFlclkTU1Nahg0iGJEL4E1VlZW2AAdIbgzNvSNjaR9EuUQIXvRW9CdDRs3Qr8JZkmlUrYPqIV8QlOorlOGQeX1MgxCL2DFAqGQLDoisAEaELsGMhDwwVQClKqqqgj4wKKPHz/O4/EQMZNaRFpaWhBtk+3z589HR0eTbTTY3d2tgYFUnrmGAS/R3t5uYmKSl5fX1dVVyDgFgCcglMDvKLMaTdAbEwGGgWgTs9bb24scgUCASJUgOfwIC/IUeKc1w9C/hqGHYbCUMy0tbeu2beYWFgYGBrBn5F+/ft3S0vLy5csikSg+Pt7gf/5P7AVvjYuLQ8nlK1akpKSgGNw80RJ/f//k5GQYPFG+ZcuWbdq0KSIiQn10PDw80KC5ufniJUtACGD5Z8+eReRx6NAh6F9JSYmJqSlKFhcX79q168jRo9ZXrgwMDDQ0NBw5cmTz5s2WDLFITExE38rKyt577z3SjebmZjMzMzAbw0OHqqqrNEi3q6vrvv37z547t2jRIpQMCgo6dvz4+QsX1qxZ09KiWn1Fsziuo6MjsQEa1lCGQeV1MQxifQqF3MnJCVYJCIKFhoeHl5WXV1dX792798qVK1/Nno0oCF5t9erVAB+BUHDY6DCfz7exsdm/f/+pU6d27NwJ74V2YPuABZg/UAv/mpqZJSQkkHwgBpCKw+FQ9/ZMhsGEq6p5QdCochPm5r/+9a8rKitAHcLCwkAXbt26denyZQApYkWMMNAb+B8TEwNzA+07cODApUuXtu/YjqlEpEdC0OzsbBA+ExPTgIAAOtpvLcMggTusce7cuSAWcOdbt26Fg4dyrFq9Gqrj5+drZWUFKrBn797y8nJoTH19PfLBSIyMjKAxUCC+QHVXhLOzc3BwMFAAOWCsYBKgAsALMAmYd1FREeKMs2fPQRdR2N3dHXCAaAP0BQc1NDRMSkqCvtrZ2aHNZcuXF3GK0DegwKNHj6C1aAS/33//PZfLTU1LI0sdp0+fBvSgNfzr4uKCDTSyc+dOlCwoKMAp4Lyyc3LWb1iPNnGgBQsWQL+vMYLCQCJ0GFC1cOFC9AR9ptyCMgwqr5dhkOi2oqLi//vrX8PqyWrE1atX4ZAQ3rz/wQcIA7C9cNFCGDUCj9DQUDgqsrwKxwZAAG4cO3YMfg7s4YcFC0iIgoqtra12167B3vPz8//r97+HvSMi2rdvH3tvFp0IXQyDuIn29vav58xBaAcjQrwHf5GWno6gERv/+y//ElQPI4laGG1sYEbWrluHTKA0gk9UB+A/ePAACAy2ATq4dOnS7OwsQPTHn3xCFqIoz5u+DINcJRkZmfz9uNG0KTAM2PO5c+fINYWrNjZ5eXnw64gPIiIiHBwc8AuVgtGSxUmYPXJsbG2NjY1bWlqgLuRmn4cPH0ZGRnK5KoaBf+HFyeU36N+58+e9vR9CQaFkKSkpqlPjcjdu2oRmgRo+Pj7Lly+H5ZeUlIAooDPrN2xg78xAEAPjRy0Um/HllyVQ67Q0IA72gkqDDGFjxYoV5PIH4GnTpk3Q18f+/qdOn66trYUBgM0QgwEAicViZ+d7JKBBhxHKgI4gKtqyZQuapet1lGFQmQ5rGJgm2ObyFStICHHnzh3EDMAKCwuLUeYCx+o1a4AnJ0+eNDAwuH7jBoEyxMp1dXXYBkD5+fn5+PreYwKPUeb2MgDRTXv7zMxMwBQCKgTfd+/e9fX1pSuXU2QYwHOQOTJQCDuBvXn5+c737pHw8scffyTXrKVSKcbf1tYWLkMoFJiYmBBHADC/cOEC3AfwFtvffPutp6fnYz+/69evk1mjwPumMgzHZzEMuOeFixYRArFx40bQz5CQECtr61HmQhoskJBWqA5ifZg0TB1Kc/ToURj5iRMnyEoj9AaKVVlZCTuHFsL9I1bQOCPwWXIdFPZ/y9ER8GF46BAaAY2A1wc7hraBr0D5yJWX+/fvA1zc3NzMzM1x6C1bt+LQYBvkTs+zZ88SvoJQhjRbXV39/ffz2cuBkMDAQJAnbCCCmTlrFpq9desWzk61juLhgT6QYqA1OC+BQDA68b5RKpRhUPklGQaBLhLtIICBVRZxOF5eXllZWcATUIpR5pGQxUuWSNvaDh48iMAAmeSWr23bthFn9uTJE7/Hj5OTk4FFDOb2fP311wKhEBFOGiMkH5ZOnj2hUzAVhiEQCuAm4AWwvWbtWgSEIAo3GHqHYs3NTb/+9d+ACG7bvj0jIwMTYWhoCETF7GDuUMbJyQnzKJFILl68CKDeunUrue++s7OT0rtpzTAu+eb2DemcoazqJj1rGOyjnnDtYAyubm6ffPopyL5MJgPVuHfvnqmpaWRUFDRs37595O5IhPuhoaFw/Dt27BgcHAwOCV68eLG7u/sXM2bAzisqK/bv34824cV/+OEHslrAPl1mbW2N6g8ePJg3b55IJILmHTt+PCkpadGiRenp6XDzpsx9GAgvoJ3QSAABivn6+YEIx8fH//6//xssBABBGAZoym//9V+h09DmXbt3o7foUkJi4qja41LoM3DHzs4O4LJy5UrQF/ScBEboM3oCJg4jwQb6Rm44pepOGQaV18UwCFbU8GpsbG39/HwvXbqECASmDWcGS0cMPcrcLbiGWcPYtHmzWCyGowKA1NTUAD0IwwgICPDx8QECANMcbt0yNjZ2vK2KJRCoJCYm4hCISezt7a9duwafN46B1Op1MgwyRPi1u3bt2LFjrq6uX86cCbjOzsnx9PQERCO8BBoDQgGwmKOAwEBnZ+dDhw4jdkWoeejQIUSJy5cvBxqT+zDQeFBQEHwKYkjMDnk/AqV605Nh9Bp6ZJaJOvhtPTxJd13LeGK2he1yv6zau3EVep4lIaYFrgBigeCgq6uLPL4MklFYWAg1GhgYICuTZKO1tRXMAFoFtSBPM1dWVnK53I6Oju7u7r7ePrL8AChHg+RpUqKgKHzixAn4ch6PRx5kRT7KwMcT7gIHT963Aamvry8qKiIPweO4AJeqqqq2trbe3l50T9IiIesr7AOr6AzKkG31+RhlbmxGU2gZZdArHIs0284IThz9z8vLI4+WUHpBGQaV18gw2Dcl1NXVZWdnkxs2gTlyRghuABAAMiAQ+CXXOGDdKEPwgYTFJNTGdCPURsRMmmXfq4F8wA52kaCC+jb9DGNU7QsyrJsgM4Jxxi5AOpwCeWYHoJqZmQkWiDIKhRyZ2OZwOGQvRp59fgRTDOKIiaOjPf0YxvjDqIr+Qfvocpvo8uuxFXYxFdfGE9lGpnl4aVKFhvVqvg9D62tVdJ3hFIdC/Z+xKGFkxMnJiX02WpcvV45OeDx6Kj2Z8E4LzfdhaD+KrpcQUyWmDIPKa2QYk0Fm8htu9Jutntf9TbFBKqPanladykDph1CNFyBRmb4M4ym1HB1tk/XVNnfxmjpVv82dbKrFb1Mnv7VH3j80UXW0v3FriBH2ZZfkQgP7pjbm/XpKNp992wR5mxtbkbwsj21Qgx8A3xF/sPm66o7nD6o3RYqRx2vZfHBqsj3MvLVT6y0UZBf7/jj1EyQ56qdJhTIMKq+XYWggw+j4eyRZwx9/3adSHZTIXnZVXw06BjWKqUMKtfqpM4xJUDzCjrnGZDHbQyzequ+dBPJDumJIKtOCYbws1aFChTIMKq+JYQzSb6u+EQyDylvLMJQTGcbEo6r26kxKLUtVr0t16LcNqbxuhjFAGca0YxhDQ0LKMKaZvEY3QUUvw2h6lQyjpVUgFLGu+sVE9YZXUePY53eVVKi8KzLK3B0sYhgGVf7pMykDA4NgGORfOinTY1aom5heQqZgeGRknGHUvGyGwZhiS2sbl1crl8u7urt/Turo7PyZLdBE0xuaqPLTSaGJTsobmbq6unt6FIreypfPMMavkgiEY/dh/My4gbJCKu9s0EwHgU4KFTopb+ik9Pb2VVa9MoYx+T4MKlSoUKFChcq7IK+EYYxOZBj0BhwqVKhQoUKFMgzKMKhQoUKFChUqlGFQoUKFChUqVCjDoEKFChUqVKhQhkEZBhUqVKhQoUKFMgwqVKhQoUKFCmUYr1so76FChQoVKlQow2B5AftqUkbUM9XLkA32heXaPo6sJf8FOqPWIBUqVKhQoULlDWQYWttRd+0abv6Vrp3QSz9UqFChQoXKG8wwQBqGh4fZRnpksqIiTnpGZmZWVnFJ6cDAANlVX9/Q1iZlSQa3pqazqwsbzRJJXFx8WnpGa2urOjMQCoXRMbFZ2dkdHR2jzMd/iZDqqq+2jP+vvs7BrogMDQ2hVH9/f2xcfEuLqmX0hFTXKEw1jAoVKlSoUIbxyzEMjYsaujLV/yU8o6y8Yva8hX6P/cPCIy6bWRpfNu3u7ka+5RWbHXv2kzKQQ0dPVlRWyeRyo2OnHvn4Xr/p4PvYn21KIBTuP3Tksf8Tq6u24Bl6FkX0y8DgoM21G41iMbjEI18/jVOhSx1UqFChQoUyjNe0hqHtzgmNHIVC0cIsPxD2UFJaZn3Fli1w7Ya9g+MdbD/08TUwMGBpxEUT84YGfm5e/p79hiQH7bCrEQGBQaYW1iRfLpfjt7+/PyUtPTomTsb8i5LFJaWRUTHNzRKZDENQQxYnqqq5+Bf9aeALMjKzmpqaa3i1vb29mVnZazZsraisRPeaJRLScm1tHVneoEKFChUqVCjD+IUYRmdXF7moob5XJpNLWlrYfwmlAEvYf+gIu7QAF25iZgFCMH6Ils3bdnV1dT/2DwgICja+bBoXn4B848tm3BpeZ2fn0lXr7a7bw9mrtwlaMGf+Uud7rny+AP8ODQ2BpoRHRCanpDr9dA9lAoOCzS2vPAkIAnWoqKg0tbAaHBwaHBzcf/iYQCgMCQv/cOa3HvcfgMRYX7UVNTY+8vFbsWZjYlKKj5+/udUVQll27DkoFIroMgYVKlSoUKEM45djGA18YVBYlPqXV7t7emISkrPzCtS/w6uiHXJ5U1OT+hrGZVNzwjBQABxiz/5DrW1t7p5eBYVFUmn7P/33JyAB9rfulJaVj6rutxB5eT/6cu589ioGaba2ru6ne65//R8fpmdkcmtq5i38MSUllVNcvGj52pS09BNnzovFTaR8DY932dQCLKS/f+DQ0ZMqPuH7+K6zC3YNDg3tO3i4o6ODV1t3/PQ5siKydede1C0sLLK7flPX8gwVKlSoUKFCGcYrYRjwzUUlZU+CwwVMAVSMiU+MTUzuZlrQ+ggoyzDMLa3Z/Mys7AOHjmLD2dU9PiEJG3HxCTv27N9z4HA19+lZ8fmC3fsMpVKpRpv5BQWXzSzjExItrW1AUDglJfUNDSAcRsdODQwOkjJ1dXUm5lZk+6zxZaFI9CQgKCIqmixUnD57oaurq4ZXe+GSKSkTHhl10+G21VXbqqpqSi+oUKFChQplGL8cwyD/gjEUFZcGhESUVVTFJiTHJSb3yCZUH1GqqEBTU1NGZhbLMIpLSg8cOtLc3Ay/np6R+elX84o4xci3vW6fkJhEKt738jYwMGho4HOKi58EBg0ODkZFx5iYWZIHTyBR0bFJySn418v7kbOLW2tb29GTZ6qruSgJrtDd3W107GRySioOwautrauvX7F2UwOfz+XWfDRrXmOj+MFDHz//J2inr69v976D7e3t2Lt1xx5JS8vwyIhMLv989ndnzhuzizFUyahQoUKFCmUYv9AaBksyOKXl7g984hJTZDK5RhlCKQqLOBcumaiqMGsPQpHIwuqKOf6u2lpdtSuvqCCFQ8MiOMUlYwskg4MOjndEjY0gIlZXbM9duGRpfVXE9IQsYFRWVZtZWJ8+e+H6TQdyMya4yCVTi4smZp5eD1CGLxCgwIVLpsGhYUNDwyAo4Bwubh7unl6gEYlgH2npo6onVAfd3D3J866Od+6ev3iZ3JRqamGNIpReUKFChQoVyjB+aYbBZg4NDYkaxeQJjhcTPQ+4qjOVybvYfPa6CZsz+d/Jj7DqOlBtXd3pc8ZdzNs46Is+qVChQoUKZRi/NMN4psOeShUNTsDmk9bYd15pvB18cr7Ga7I0XkaucfOpniNCeLzawqKiFz4pKlSoUKFChTKMl8Mwnvnuy8mrFNqcvVJP9Sm+3UvjyyZKva/r0MjX6BXlFlSoUKFChTIM+vX2lyk//2tqVKhQoUKFCmUYlGFQoUKFChUqVH5xhiEQjjEMyjGoUKFChQqVd0SI1381DINpulnSIhSJ6UBToUKFChUq76C8EoZByIukpZX58MfI8ODA8BDS4Iumn1OXJpre+DQECxocpGl6JApHNNE0hTQ4oBwZ7u3tfVUMo729PT49LzqDE5PBic4oGk8ctVSk9qv+r3rixGQWT8osmtignn9fUeJM4UCcX6ozP2dYOM/Zzs/pCeflldSownll4/aKqky1ZZXypxclZnNS84pT8opTdaQU3Rs0peobt5LnSsm5xfFZ+hHpFcER56XaAuf5D8r5BdH1RS3llwDSVwR9r7qRXzrB6UemFaYUVMrkiiou75UwjI52aUhGmVu28H423zOb78GmLN0pe0JS1cpqcEvjTd5FE01vd4Lyu2eqlN87V2AVX7fYp3q578tJy5B8xn/JxuTkM+ViPlPLVG9Wo309xaaY/8xDa+skhmK9b+XU0wbfygNB1TZJ9SpEoio6nSyFuolpOCmumQ1+uQ09MoX6N8JeJsNobW0tr6lvlfU3dcmRmrsU+BV3PiM1dapKMomp0ikTCETjmewummh6u5O8ubu3UdrVJBZXNsuuJLZ457SHcToDCzqe5P/chEaCCt/c1Pmy2gko6PDMavHIkoz/SjxUqcVj4gbJv5/d4pIhORLV6JAm5gtEDJpRRJoeloK56KBuYvpNSqdMLG6Sy+VV1a+KYbSVVNc1dvYKpD1MkgnbZeJOfdMPoxVBV5jCqt92maCtu7ZBOLY9lq819UzaYP/t0VZschU9jau306N7l0aO/gafeSKvqLyecfgl+9DznIV7XkabLzZWutrpeandnqRC7bIGSYdY3BhWIvXKltJbxl7J7e7Pk0ZGR3NE8sMBvOpawThM9UxZ03qeX+cntdP+kkysXfaSDOEFjOIVWNlzuInnwoGe8bHqeQVn92I97Hn+E+l5/oM+F7JpLdwDX89v6+YLxa+eYXT1svSivrUns0YSwRFMSEWq30jVBj+uTFQh7mCsV0aqsKqj2m6Xsb+Tk4BNUp1ltDYimNzCeCOCSXv1d2CKBxXoyBFMLCyYdHYaewV6D6qnGwId3dYzOEJth9N/RkK95fUcSM/Y6u/5VMZfoOO8BNq6p+eknmvwBdpOQWPSJ+mAvKGlo1HcGFEqDeOovq43PKIcUSrl/cruXmVP34uk7j5V3cFhlYGiqfE0Ov6rnpSTCijVdo1OyldOrDt5W6mtfY1u6Kqi1FFrVFvSdUTNU3u+R+iZwm2KofOhdVU8vqhDPgZQGjMo1W7LegxZqE0NtOjbuDcVaoUpqXZ10tZODwunAt3KORVjFGo7ln5IFEwNxp8XVHW5iadDpxcJBTpMngysrm5PBUgFesdEoBci9OfoQRXhlIFRz4RO8V89k8tv6+GLXj3DEHf1ErUWd8qLBdKjD3N/uJmw2D5xkX3iwvG0aPzfb24m+GVwJd29RFeYiirVEY7/q54aWruwV8t5qhVGGfUEVjUlfzBuhMJx9Z1iReHYyHY/7xH1tybQdvo0veWpQ85v6RSLxZGl0sACFcMYYcwqt2E4umIooXoovur5EqrEVQ3FVg11KshXe1i/+Q4vYCinmkDvUKVFpmIY1Tx+IxiGDujQDinAEBVe9UwFfHTtAq3RzFQV7tFfa3IjqnbeLkjR4ybYwcHvM9F48jBS7P0Zk9IjEP0iaxjkYE1dimyeZLZt7Ccm4TPNIz83i/iCSTPMIj4yCf/ONnaXS5rB6WCn8KIWWR9/fNlDj+q09g439fRrakCHHJyGiTB68CvtG5H2K9t6h9v6RtoHRlvkQ8Qg9Sf0ubGzl7XhZtmARDYw9ZGVyAdxUJJQ8WfqaIt8UMtp0vTOMIyIUmlQYcf4W2ZGs+uHw8uGYiqHoitVv2RDT2LL4DeqQpXGGAZ9CZ7mCoW+TDL4YBjn9DIMAj6Toba5px8o1NTdp9e19zR2KkhIpuIB7fJJMVWnJlJ1KpBEDOg9V/xDEPIdYRhkUjAFQGb97bC+g2VjUx9Yml4zw2hmGMY3trEzzSLmWEV9ZRH5lWXkbMvIGeYR8+3ibCNLr4aXGJwLcY7gTIlhdMiDoxNyy7gwWvaqD7ShRtx20+leeX0jaAFP3PYwIMTj0WP/sCi/kMifPB5Ep2QS+3+6VPh0sWQsB40ERMT6h0fDtde3dKKdsPgUv5AIpuKEWhqNEE6D34TMPE/fJ/d9Ax48Cc7klEOzhUz+5FoTN7S0hg3vJyHxGblgKmQxY1LPKfN4txgGs4YxOL4yMRhfPb7B/laTjUGNAgnVQ7GVg7GVlGG8iJDhQoiilWGwJvmTp3dmUXmLYgjQwZo2IKWgknfN8W5STiHwijVkdfxBJgAHlu7h4w/DJzyA3YVoKiWPY33doV7SgdZILC7u7nsUFBaTloXGndzuo3zj+K6xZtXATcgcsam7P6+ce8HUggWrt5hhkEEGA3Pz9ssoLE3NK77vF4B/NWCf9R11ko7brp45JVXNDNhipjjchtuuHtgmM0KXNN6ANYy5trEzzCK+toqayTCMmeaRM61jrkeV3c/gbXJKNjgdfC+yuKWnT6CbYcCQYIo5pVUGBgZHTp1lGQaUoH1gFAzj62+/K6yqAxZwRS3eT4JdvX0//OTTI6fOuD96HJeeg7pI0CeoETaaewaIpaEdCZMDY7ayu2luc03aNwJ1lPYpPX0DwFqwjSoozy4qIEfCLG8gnwAHMf6d+w4ePn4KHMXW4c5v/vW3rt5+pJMwb5BoiWwQFVX/glOrqg9iL7ZVzTLFABxMx1R7ceJ2t+48iYhBZ1CG9FnM3NqCYmRxhbRGFfrdYBjKPP5IHHc0uXY0uW40sWYUpCG+ejipdpSkuCrVpZAk3iiSqgDvaQ6qJPBGKcPQAnP9w+29QxrrForBkTb5oHIKDINwiFbFEExyy849kUnpACKgioSxYrIssWn7ToefXCsaxAQxCAigLgoQ/MG/nUOjD/yD9h060tY3cvOuS25ZNTaIewMymF2xg/9rZ5ZFJSrA6Ufdi+bWgLWk7IIVa9bVNbdLGAwhxyWNs1AjZgCKBCrrNm+NSc0EpBAa9FYyjDF8Bp4rhvYbHQuPT0F4CVRv7OwFhhPsFXXICNhi0Np6h7mNLd8vWpycU9g9PEqGMau4ctX6jbXN7RhJ4iDEz1iFoul1r2GAYXxmGg56MdsyarZF5AdmEcb++e5pNTvupX5hHmlwJtg5kqOfYfBbu6AN1tftTxtfXr5mLahGM+NlOTUN9/0CH/gHr1izvriGT7x1x+AobPLcZbOg6Pj+0dFMTjkSmCxYf3pBKWw+Nj2brGGCrnr4PPENDuc1Se3vutjdcupRjsam5yB0KKjgwdrBcOMychKz8n/yeKDiuT39DS2dT8JjED1kFJXhiIRhoDXDYydBZeSjqkOjIphQemEpttFV0J2AiFg0hQ4joAE0eD0OxKHRgqOLe35FDZoFDD0KDHW+/7C0Toh/UaaEJyipFSTnFAVFJ3g88i9vaISuIxPg4hcSCSJFSca7wDDIN3uTy9rdY7huESVX3SIDsiWEQ3hGV15xCccvOEdkidwzptIrtho5vqmChBplAlfpnVBr4xbpHlURx1VShqEhpRLFrbzWhs6Bp8A3MPK4vCOgomNY+fSODa0MAwAFq68WShDMwGw3bd8Vn5EL2EnJLfrJ0zs2LRtAFJOa9fmXsyISU6sEzQAKgABgitfUBpsNT0ipbZKiBQBLeb0oKCoeYAXT3rprzx1XTwACysDYy+sb9x0yKqisxb8+QeHAnKLq+lbFsKXdDRwXGLVt917CRQIj45w9vXNLq7ENn1paK0TIBKjJKa2GKy2sqkU07/0kBL6W0Je3kmGQSeGJ2x4FhvkEh2/fsy8qOaNaJEnKLgThyCgsA4ZHJKRiMCv4YowGZqpa1FInad+2ex9Inl9IBGgihgvovX3PfhQDFXscFuX20A+YzMa0NE1HhjHHJnauddQ825hPTSPeN40w8spyTeXuck37k2n4t1ZRz2QY/LYuON1KQdOiH5fDXOGGbR3udA2PFtc0rFq30cru5vXbd+HRYVdgqXxmmRFWZHTyDOywY2B0r6HR51/OhFk+iYixtb99z+vRjK9mw4VD+eb9sODKDQc7hzsgB7ddPJzcvfLKuX/9N38Lq3Z54HPjjjPKoGXUPXvJ7PsFi2oaW1Hd8OgJtIz8O273xaq7NxSCtu6DR48HRcUBFxpau/BrYmWDfnK49Z/N+BLQYHTi9AUzS/Rq47adW3fttbS7+bv/+i9Ta5tTFy4tWLIUUOX1OOim0z0L2xug3tBs/EK5EXPgKNdv/7R5x66zl0zBKtZt2oqYxsPHP62gpJneqPEOMIzh4WH8hqRW/urfPrxk/8jwwvV1u4/HVQ3efJi8etthu/txq7YdcnycGV7U/f6fPzxr43HK2mXR6m341zW8ZMPeU04B2XtOX7X3zZANMXSFMozxFQvFoDKsuvNmTks9QzIIvXDMbW3sHmTLTF7DINgCk0ekse/QkTMXTWCPMFLEMKAXi5etQDwAfABp8A+P/tu//3vzq9dANeDb7no82GN4GJACDAHsAKwQMsH8QR3g2M6bmMP5zZw958TZC4i8QRTgFJNzi3buOwA8AYEATF1zdFq3aQuOfvXmLYQoCLu3796HvYCv3QcO3XX3AjyCsqApsBnENv/27/9x8vxF8B7gDHLgOI1Onta45+CtYRiEaWEbQ3r4+ClgLyYF3MI/LBpxKVD9+4WLwCrAw+BBEKTdcnYzNrM8duY83Mqeg4fXbtzs4vUIVeAIANq7Dx6uEbeaWNtY2FwH1O86YAhSQiJJilHTkWHMsI7edCfJLKRo8Y34A+4Z3ll1Z3zzPjaPnG0ROXcKDAMeV9o34hscsXDpsrI60eOw6I8+/RTzHRgVt2PvAWmfsq65ff6iJdAMOF2yqABtO3rq7MOAUJly9MCRY6AL3SOjyK8SSjjcBlDUJ+Ex0LMLppaAD7JiBgiY9fXcXfsNE7MLekdH8S/UFOV/WLyULHis37INkYr9XRdoLZjvZzNm5pXXsAueB44cD4iMxb/YBYYBDb7meBfoAzIhx0A1tn77/Q8IKfYfPooQB7wHcBCfmYfz+vizL9LyS8TdfRUN4vCE1C9mzkIQA6oRHJOIWAcY0Tk4Cv1es2FTdknlyrXrQThgJOzTOlSn3w2GUbVgo1Fqw2hEsWzb4Uv3Y6sPGd/4Kbggv20UTGLT/jMB2ZLlm/dHlshRZuPeU24Rpcctfjp80f5hAu+ktduO45Yyxm9SiqF+C2fvkIpkOOS0FDf3BpR33Aa96BnUfx8GC0eJzEUKEk4cMDoWl5FrY39707adwARjM6sLphYotnnH7tomaVvfCGJlhAeAFDi/0lrBwSPH8au6CHLVDiAWkZh29PQ5WDQcXlZxRVuvapmhVTEMtAFcoB0gDHAvKafwTx99nFfGBQR5+j5JyMyDNwWz+XHl6mIeHygMH4nABq2B1iB/w9btgEdQmQ1btpfUChA17T5giNbYWzreHobRIcd5Ydxw1ktXrKoSNoNXGR47GZ2SGRaf4uDslsUp//177/mFRAKcAdG1ze0I6hDCAU5zSqtQMjQ2qX9Udbnq3GXz/AreifMXQTU++vQz74AQMLl/+Md/jEpOl8gHKd5OU4bx1dWYRXaxNhElrqncB5m1FsFFs6yjvzSP+Mry2QyDkFNifqDwVnY3L1td/eff/BYEH9pz0dwa/hvqtXHrDk5NA2EYzMVOOcIL35AIEAtUDIlNRMQAD21pdwO04+wl06DoeLhqRxePzqFRQAAg457XI3h9BA1JOSqGAXrh+sAHyrpt117yDCpwAQeNTErbumsP6obEJJJ7rAi3PXLqLBABnQEhAOOZMeurqOQMWwfVkgl0V9Sh2LZ7X1pByfGzFxDTgNOA3AAycGpbduxOLyyFitvdcgJGbN6xq6CSB94dGpeME7S6dhMnBYRCdYAUAMvxnjsYNwyArmG8UwxjvaFpYo0yOE96wtLZPaoc7ME7sbagbdQvTQRK8Ti9cdvhi+Gc7tjKQcPz18Ewjpk5WTgF3Y+t8oip8s+SdPbSqyRaSIZiSBnJ7ToaL76T1yruGdR4lkQXw2jvV8KRnzx/ibnBa+i0sQns8epNx8uWV2HjMPASngABw7bdeyv5TSh/x9XzJ09v/JpYXUUgtHPfwZrGVmAF8CEwMg6O8LyJOYodPn66oKoW4QfQBgwDJGbfISOYPCENjwJDV6/fmFvGRdyCwDoxKx98QrWSsWc/r0kKyEJTCEjK6kVgHsAZoAfiHATiyGzuGUjJ4yCTPLb69q1hMLRPiTExOnFa1C7vGho9c9EUsVxkUrqF7fWu4VEwCbMrdqBcxTV8cIubTvec3O5jQJB/2vgyBgdmFhgVj23A70ULawR7y1evBQgnZOUD9uEIgOEUoKbpnZ7z7OL+dDls4fW461GloBdfWEXPMI+YbRkFhvENGMbZEGfdd3o2MBEDjPCDDz8Cu4Qt1Us6YK4HjhwDi/+3//hPaJV/WLSBgQFUR30NY8vO3R4+/ujcqvUbvR4HQsnATsAhyusb12zYjCAgNa/4w48/QXUgQlJ2AZy6w0+uYMFoChEDmAFoBADit//273WSDjT71Zy5OCKIxf/8HwZQX9VKRnM7OgxCg72btu+8cecnaGd4QgoODUVHZwIiYr+a+01+Rc19v8C5380HRZi/aEloXFKrYmjNhk04KZzgzNlfAxree/8DaDOgBEdHmAJQQPsBkbGGR08gSKrgN836ei7iGwBKeb0ICAUC1KIYossY7wjDCEwsnbFwIxhGSH776u1GvmlCk1t+B87ZBee3g2qct7sfnC+d9e3C0MLO+OqRH9fv9oyuvO6VcOCsbWhBh3t0pWcst7ufWcOgDGMCyVCSuzuLGuVN46sXWhiGbALDaGjtBLEoqq77i1/9CrYMK4bNpuZxYLAbt+2oEkrANtILSrDxwZ8/4onbYLYokFFYCsxZsnwlr6lt3eatdz0eZBSVIT8oOiEoKh5xBWBk3+EjTu6qmy1g1OT+idMXLqPY3Hnfu3r7ok2UzyquBFI5e3rHZeSuWLOuStC8Zeeeu+5eKLxs1Rr3R4+l/coT54xRskbcCteIDcBg9/Dow8BQMBIEWm/Nu3bU1zDIYhKw/b33/+QbHAGcxIkD2AGtxmZWFXxxck4R3AecCDD27/7+78E8AqPivvxqNsLOtZu2XLlxC8wP44xMjOTqDZuLeXzArE9QOOYRMF7N3PdGAWqarmF8bRPzpWn4DLOIGVZRM62ivjSL+MoicqZ5xCyLyG8sIw1OB6ueVtW9hgFXijn2ehwkYR4JaesbAQOwsXcsrRXAqg8YHYMJga2PXSobW8OQwSbBYdsHRmGN8Zl5MC2Yuqm1LawR1AHK19Td5xsSAV9+2fJKemEpTB2qCfLr8cgfrj0yKS0sPhmhBtgueYrM5YEPiIjdLaf7fgEZhWWHj5+6ZHlF9bA700lknje1QK8uWaju9EbkAYYBZv0wIOS8iQWCG1RBYfu7LoAMGAMYDOgzunrTyTmvvAYnYmFz3cnd6979h6BKiFeADmDW4EZNPf014jYEQBxuA37PXjIFvQD1odcF31aG0TjpTs/oXMH5m36JNSORJXLzOwHgGVGl8os3Hh4zvX3ZwTeyWBbO6cG/2JvAHbFwCnyUXJ9QPYySRy7ZHzW76xlTTRnG1F+JoYdhCJjHQcmDJGAGx86ch0ki5ZZxEeNi48xFE1goLBfhx82798AwsOHo4mF3684dt/sAJcwyAhWgB1AI2ALkSc0vhkUDLiKT0/caGgHr2DdeXDC1eOAfFJ2SAaj5yeOBg7MbwIFBp/T88hqAHoohgDG1tjlvYu7i9QixUGvvcFRyBnahhwhpzK7acWoaVPTl0BG4T/CPhrfxWZKxJ4S7+0AgMCmO99yd3O5nF1diIvzDo+EpTK/YXjS3AuADq+FKrK/ZYzrgOAoqa72fhFy54YC9Tm5eaKqkVoDqok4F/AXG/7TxZUSe3EZ6Z/10XcPIrWtZ7JD4sXnkLOvoTy2iPrOMmmEV/bllFNIXVlGzrKINLoW7xZVJenr1PEtCLpQIxt+biX+JBZLnRbFNPL3Ge2nYR8LYZ1NRt7a5vYm5eYI82cW8JFS1ixQjmeSIhKmQXz44snwQeLF+y/bbrp5w/wePHgeggPGQi5rsUVRPrMkGyMVO1cOuzCHIu1/YYhob5Nk20Aj8S06E7GX7wBZDqm2Wqh64ovTirWUYY28NV38fRk7DcFTlSCzzBq246hHVL1cZz1VGlfXhF9ts/tMC1SMJNaMoEF0xFFs92qEYoVdJ9JAM5dQZxnhqYlZM1U1bFVRIOtStmLVlQAcxc4I2xHjJW3NYM1e/QwIbCKXAJIzNrURMjI6kFRyauvsbOxTYyz6nCvgVMyUJbEqY5yMQkdepvVfjbX0fhuqdAm097KSoDxSQE6fP3Js/AWzJ3frM8ParYz65x44MmiqH4u30YRhj9yEyE1wj6XqcU2sdVnwlrPgq86tKoWMb1qGca1GlqVVNTZ1yPW8Nn/zKPDZH6wv1xl+Qp1F37PV56hcjVdrDvlBvPFM0bsMah4ZGFlbVIhC57eJBbvl+WoXR4zFdVHsbD6vBbDGN/j89EYbl6No73hkFir1l7+ajaRLDUL01PKignXyXBJLPV73fIrF6ECmJq9pIqBrARjJvBL/YZvPHNkgmdyhFVWA4oWqwQw6GoRxWfZ1EOfJuJw1RZY5oyYcMMwtIrbJBLW8NVzNtYp6CiTlPjZeJOsRdfSykjL9BWKEVzVgAIW98quQ3aYRAGtBEgiiNW7/VcYO4yUpB01sWhet6MaNY29iqhojhE2Rg1cB2fK/aAE4c2D6t/oWm17+GMeHdt9Kehjbtia/ltfBPP2mj8fLNyS/UU3/l5eSXu2nU1Sg/eVtrGfW6MPVWxRCSRDbIfglJo9bknk9oZNKGzo5Neg+drpOl6W1J5CpJYyinNaiAfFtVxQxGGT84OiGpZyo18tULjJV5vk+K0vQ0Vbf1HguoqeI1kK8zTjbtCUY98V/tsNM+8VPMOqybpSx6kEonyEzcHlsDfsu+S9Km6SaE7ZM+c61tbDUmbjJu6xpYmp79fvpfjGGoTfDU1EX9a4ETPss78fOnWnOmsuvFkpajqz6lQ9JYD39Way9a8YVPRFcfXmBUpbrrSp+z89IXGkPplJvS2k/p1FqQTqFK+4v2ZGLjYBiqZXaRKKlaejFKzG1SCNsUtc3yhhYwD9Uv2eCP/6t1m68tv15Ck7xBIq9tlhXyOwumkho6C/ldmXWdVmlNx0J51bUNEz5a3f4qoeapevQ8H8joNFU1j/uykPC5UE76ktqX6nUTr2JeXjoaS18UrNplmuonnQJkvaDCPE8Lao7+lX9btaW1tYLXIFUMtHQrtCaJ2q/21NMr6ZKLRCJJt7ylu7dFT8nXlXp6W3oU07FjNL3pqadXLO0UCoWi9h7vDP4uj+IT3iVHHhQbeXGYVDwxcXRsa0lHniNxjjxf+TclkfPiHH+QryV5a0knvAuOe+VffFISUdrIFwiaO2USqqLTxlIkXTLGTSimqZt4RydF3tzU9AoZRrtUGp9fGVUhiS4Tv2hqiiptDMutIds/ox2aaHrjUlMkRxCUVR1fXF/N5YpFAnGjSNwoZH5pejmpafyXTRr/Ps0XCZvEjfyG+oLSquCsyogSEaCJauk0sRTqJqZdKm+KKGmM59T3yORVXN4rYRjStrY0Djerrj2L15rJa3uxlMVry6nveOHqNNH0hqaMmhZV4rXF5lXVNwjogx7T4gurIyPZhaXJFeK0akkGtyWzppUq6nRI1E1MwxlJr2nliLrlit6Xv4ZBHvhqlrQ0NTX9fKvulfdQaKPyTjq0IUVPd2uLhC8QkU+JUHmdwjCMktJyaYvkWa/PoPJLC3UT01D6e+UKhaLy5V8lYcxPImkVCBuZR8k1DVVn0iw4OjQ8XM8XjjAfUaAQR+VdcmejcrmivoHfKG5q4Av/f/beAzyOI8vz1O3M7s3ezt7t3N7szPbNzvT0TPd0q1utHpluqaVuOUoUJVKkSIqi9957EvSeAL33niBAgt7BEB4gvPfee18FlEcBtb/KAJKFgiHoS1DmF1VfZGRkRGTEe//3f5GZkfLUoLK92jmM2Pik1LQMk8lkNiuUz1E0pblZMRMONyroBwSgqUmTkfnc75JI/zLDaH0qaBSnmM3m4pKyFqkABV+V7Ue19JNWqysqLiktLSsoUhiGozCMuISkjMzs5ubmFolgKH3iCJoizESrYiYcaVBQj9KyihfCMCztDAN4lCpsG3STuSUwvdw9Is89PLftX4SI3MsReW5hubfjCotqmzqKTguFdKnJthz2pXbf09bY+cRHl/Bcr8KuIju+/6xFK6j6srY2hlFWrjAMB2IY8T0xjB7GqH329vEK1nMJnbX76TChL42LxDBKu7uo9vTHY9cTDaiyPbYzy14Sw2gfWrXGsMA16lJE3vWYQo+o/KvRBbbhZlzRlrtJF0KyZAbUHcOwM5avRAievdKnKOHZWUKrQhEUhqFsL4xhvCBweArT+BIQ7IfCMJTtVTGMlzWH0S7N9WrtctfIOq3R3NKqM5oNzR0COfyTS/Z5pvTMMGzjRqPRNl3S+RZbUyo+FtV+qLVjeqttenfZRAlt+CIlNDU1mUwmuSV22eQTbYtlo6mc2PkqBFR1ee6jxYzbr0KGuR4ukLY1NjZ2nK+yiCWS7Wpvb3Zr56o7d4uoiH/52nvoPWV7+QyjB+7YS1ppK+rK9qQMQ+gIOi5AyU6R+dfr9eKQLVzY6L41YjAYNBqNrU7J/xyqrKzUSZvQSJHHFo7smmRd7Fz6Hi+tBRPkQ3V1dbW1tXKlfZhhiA4Rg0Kky46Sh0PkJI/ANrnf7LIpm0MzjFVuUVqTubv6HmaUH/DuiWHIkcjIyM1sW7bs2bMnOzvbVlft5MDOfnfJVGRT3TFbB4sudJX4rl27MjMzRYptmXb12tng5OTkrVu32hbV0NBw8uTJLVu2bNq06dbt2wBHl+1pL7ztlJqamu4Mg4jk5+dTptywsrIyZ2fn/dK2b//+rKwsW+ixxjvRAlvUk8sRKhcWFrbd2VnG0O5aq2yOM4fxpLRPQdKnYBhyj6F6qampwjjZam54ePiSJUtSUlK65HNyOaGhoeipBJ6VWq3WVrkCAgOPnzju5+d3/vx52xMPHTqUlJTUscYWu/KLi4tXrlwpG0vAc8XKlX2JVnbJMORLA7GBX66aiB1E214+FHD16tUC20VRpaWl69atkzv2KbRJYRgvm2E4uUU1GawDZm5pv6nY+sioh6SV7ffqlmHIAoGa/f1PfuLr61tYWOjm7n7v3j27KQ0bzTfLUwWdDbbw+G3TbSdF7NiJLIWACPIqlWmyK1zOb1cdW3xCwrx58+R0+MR33323Zs2a3Nzc2NhYYAIqYNekzpzpzp07165dsy1fziy3HA5BRbKdSEtLe+2110C9goICDw+P3775ZkJCgtwq+XQ7tbFrv7E9G2TuwYMH8lG7bLhZil69wjmMztbiSbmFRUHPJ2cYciejTdCIuLg4GSvk9C/694+MipJtf2fVFowf5Vop2X68AlvHiSpWrVoFQQkODj5w4ICtwwMcYTvbKzLaFStoCgzj22+/ra+vE4kqlWrOnDnC2eiMVH2DYdhOA69duzY6OrqkpMTb21uG387AReL3338vul1sRUVFU6dOFdBqNjfbWQdlc1CGoTE2ywTCbgtN74lhCKXSaDS/+tWvsMp2mo9yrlu/fu/evcJU3759283NbfPmzbjdCNbESZOICB12d3cnPSAgICgoaPLkKT4+PkIJYbgoHvTFynVCQzid0lxcXMS0AYZ546ZN+w8cmDx5ck5OjqgU/cTqL1m6dLvzdvS2Ua12v3zZ9dKlZcuWeXp5CXA5f+ECJTs5OVGprM80aejQoXaXD2U+ePDgmrVrBWcqLy/HX7l06dLMmTPT09Pr6uomTZqExAcGBhYVF0M14CV3796tqKg4evQoAERczGEsX75cnkeFkk+YOFGuglYNHjxEKI+ziwsMnX4Q1IG6uN4rV67Qt6QDZMATukc/zJ8//8iRIzQeLRXdeOvWrRs3bqx0Wnn27Fkxl0g70WQvLy+F479MhiHP/WJ7xFCaH21WYVOr1Yzs/fv3kQf5gK03JuSEETx+/DgyLEZT8dV6yTBE72VkZGzavHn//v2ff/65sNxox9atW1EKg0EPwrz+619fvnIF3YyJiVm6dCk6DuAwEAyNRrp5CiCgg1FRUTt37sQfGD58+Np168gs6kXHZ8+ZgzJiKadMmQLCrFi5EueBQ9SSmJgoVJJTaIMAwKqqKmABIIqIiKDeGTNm0Gb8maNHj1Evaoum2/pafYlhyLO5dA449uWAAZAz4JSuEF0Nkp86dQrGQDpYt2DBAkYQfkZk9+7de/fto+sohFPmzJkrrAPlbN++XaaPytYHGYYwzxi5wYMH19bWCPst4BKjO2z48MLCwuvXr0+YMAE2OmzYsGPHj6GQePAeV6+GhIT8z5/8BCMtLD06SfqJEyfQ4b/4P/8T5jYvLy8+Ph5D/s6771IFBvWbwYNLSkvGjR+Pia2vr//1b35DaeT56uuvBcMQuOzv74/+I3yIbH1dHcV6enpipInU1tbCFaZMnYqkUiDaLt+bQKwFITBKm+DR06ZNg/1wFVBpDDkaQiHJycmg1dixYwEO/BsYT2VlZUpqKocw5zSb8mkhZ40cNSo0NJRs8+bNkxkGmvPllwOEzWAXiAFrCgoKaAzF5ublffjhh+npaVT3H/7iLwDHVatXDxgwgMjAgQNBRkgGdquivBxmg37GxMbSgZTz1VdfHTx0CPry+RdfAIso7dy5c+kHyu8bXtEPgmHYpiA5yFjnQmCi27Ztq66u7vJE2dmtqa1FonC7GXroyFNMgfzYGAadI0QdWvbxJ5/4+ftj8t96+21UAEwYP2FCQ0MDlP3y5cvAxWf9+gUEBuBCoGjAC8Riu7MzWvntt98CShSyadMmX19fDNiWLVuAo7Fjx6Ge6LIYAkqeNXs2EXQQIEpKSiIzhhNc2rNnD0eBJopCr/Fw5khcBB5z7tw5RjNT2lasWMFZsJOo6GjhaYi7LX3j0W9bhiEwFhMAS8PPZDjee+89uggcgzeA8L/4t38DWkFO8kRGRhKhMydOnIgnuXjxYhgefGLMmDGgKyyNfkN3wEwgjnEBFTmqqEZfZhhYa4wiY287yb9x40aESeQZN24cArRo0aLsHOt81+zZs5EhIv369UM4QNsIaVJx/fr1wkUgf7x04wDhw+p/8umnWOULFy4Ijn/33l1XV1cEcbak4cJpELdaRe3IJUdXrVp18OBBbD+uhpgdXbJkCcUuXLgQA8wunIYUmWHs2rXr4sWLosGCYdDmufPmiVlNEGrt2rX4NMuXLxfTrTQeIKNVgpckJSdj0YWngvRrNBriqNDq1atRA/REnonlWqBETU1Nog/BGpqBu7Nr927RGDjQ4cOHAT5nZ2fr9d69C8YJlwhHR8yscHTipElWBIyP5zJJpFJBszjXw8ODxkM1jh47JuBSUb+XwDDkGQifBz7IKszP/bK78HePHz+O94wsAY5gIswDAoo9Y3D37dsH5pINriz0AqUgjjmcNGkS2TgXtIUii6ljZSi7ncNonz2CFqBTIgNqi6bThzgJwcHB7KJEKPjMmTNFf9LPWHq0D/wBOiD6pJCOWj18+JBu5xThgQhLJpQUV1voOzqIky3qGjlyZEJCgutF1/DwcHG6SMcZwKHC0QIx5MnRb775BgYpZrks0gNVgEmfZBjCTGRkZtJjYoDoajoKEnbmzBm1Wo0jt3rNGgFfDAp9i3NIIsgJjCdIE0L0z5o1a+g33FHMxLu//z2EDKj87rvvkpNTFL1waIYhP4dh6biUp/XeRI8MQ35MctiwYXhsckUQeayjIATQUnQJ5cTKiueq0FiIPCWMGDECn2D79u1ovrDxwvbPkO5BQFAOSU451ASrDKsAo8XdluvXr5NzytSp4kKw4mQQVWNZ582bB0BfvXr12LFjMAx2BWQIrKEZ4i4pJeBVyC6jmOSg5WIXraC1kBgBCogy7UQHBMPAbI8aNaq2tpYWiluJgBTKIMzD2LFjRY24nrAfPCRgy5ZhfD9ypNxXFAsnSE5OBhOF+nGZKA++kUwsYPFimvfOnTt0yOQpU2jJ6dOnvX28AdMDEsOgqXQaEdwC0VHQIKjGnz/6SNAdRQNfKMOQ47jIkyZPBj2//PJLhBAqieFB2JDbAwcO4NTi0SIqqWmpQcHBbm5uDCsZyHbixAnGV9xeWblyJaKITUJakJBZs2aFPnwoiLIyjj3MYQgNQhnxK0QG9B334/iJE+iLmN4gJ/+wN/SCCJYM6wUb2LZ9OwwDNiBAYM+ePaGhoeiX9V6quRmswLzJDAMFnD59upis3bt3r3BvvvrqK5AN5Y2JjTl58qRABkwmgEA5340YIV4YYYM4AmtwHf4F0QE/xRyGtA5mH2QY9Bh9KwaIzmSMYmJjodfikoHfP/zhD4Ab3Q7tBqKdVq2CYQDawntEfcgMnuORAuNjxo4FaSkZgiJ7icrmiAxjtXuUvrnbEQrLKO+BYcj6hnP/v/7X/0IaUCqcA7QFWcG2+fj4oJ8bN24k2wcffCAeaRwzZowQGiy6YB7iwQtMbEhIKJFPPvkEGcI2nzl7BiUnW1paGmYY28lRrCYqjf/3zrvvYkrPnTtHBvkuSVR0dL/PP0d8MeouLi7l5eX9+/cXfjyEhnqDgoLeeustQBzyC3AL6Re2HwNAUSA+zBrQx6GEQOCJ4qa88847OJqZWVnffvstOWulGWz+afmQIUNi4+IwIQJxxPzq2nVr/fz83n77bRqGngwfPlxmGPAAzoUkoUgzZswYPXq0oCPz5s+HY3l6ev7yV7+qqKzw9/eHGwnCgUISAYC4dj9//8/69bN275//DO+JiIyke8WEUFKi9Ql2ZxcX2g898vLyunnz5pQpUxXL9BIYhhhc+DRCJW7DI5nAIljJcEM4kCskEEAkHR9XnEX++IQEGCfMGGriJT0qhMGDXDY01H8zeDDMA/GT6bsyiD3NYUjPtVik90X7f/nl8ePHcXIEOGD4gQu6HaNO92q1WuwZnQ/7JwM+8eEjR4YOHcrp69atW7FiBb4B6YwdzAMKQpnwDyBFjKyoAvWEkaD45Hzw4IEAOgYIQMNhYED/9ec/f+Dri+ftsmOHoCyUcOfuXXQfFwhhoAHQShI5umPHDvHAWd+wl53vkliZ1rhxu3fvvnX7trjXHCK9p4OT6X75Mg4VfBqAHfDVV5A2BP6TTz8FOUHIxUuWBAQE/Je//q8gcEVFheg3yoFqMEDQDsEIFdVwUIax4Fx4Sb1WrTPWNunrNQYR6qSgMTTfjys84PXY9TBahNGFXqDSjLq4y4CFxofz8/cTJD06JlpY+qSkRGFTgV0UFasvvseGVydutcBnxVugYC5UID09gxNzpc0iPfYhZixgJ1hcMrNrO/cQEhJCvZhYlJzyUWbRANBBNCA4JATrDmsBd2wZhshz7do1jiLcYhoAceeiBIPhdAEx4gkvjhK5c+cuyMXlU6Moh3R4DGeJp6DxkzhLnhZilxbSV5AJ+IH8ugcela+fH1ckqi4uKRY8DHdHPEFGBA+YBmOHQECuC0ZPj4newEkSVwf5IBtx6AVWrf09e0X9XgbDgEDMnz9f3OyASSBImCgwEdFFPMQ0O/xYPJyLDGzYsIE82CQyQCUFw8DgQa9RAUgwBTLWSIXCMHrDMOQnPTFFgADmH+0QKkAEu0Vn0rFkBjcETKE4VhiJi4P6czpH0Rq0nvFCuaqrq4XKUyAaLVRSbMeOHYP0gzyU4Clt4oUIThQP2QAvHlevBgQGys91UexF14vgEg4SDRBtjpa2CRMnClTsewxD1g4gHXaF8INRDArdC0KClnBohF/AO4cYJowIh+hbgBcNApPTM9IFsROPdnIWhIyzGB3lXW7HYxjt1q5JZ3TyiD3gl3EsMOtIQObRwKyj0r+InwjKXncr6VZMgS26dbemZ+eL6XL3sYvu9Yyhduvh9NyGXh9t7TJD5+U0nqKi3iwF2PnOa1fr/zzNUsSKWXrJDINt7bp1eKug58cff+zq6gqq/unPfwY9Ycbi9tyWLVvEbcG//bu/8/f3Ly0tfffdd6GV4CxcBLa9YePG1atX19XX/f//8A8wDDLPmTOHDHYvciub5XFvqz4vFehSPRlQNze37nJ2hx5dbknJSeJttT5jLLt7W/Up4KurowqgOTzDsLRPS2RVqILTy4LSytr+5SDtRmRXVql1tqPa3XdJxJpR7a/etT2lIXblubIuI/K6nzJAyAtnidNl18Tu5XW5fLuFLOVmiHTZJ7CtVzpq7qzPtufalma7K+qxa6TUQrNdGzqdZXu0WQrmzi3vfJm2EdsLtF1FVC7KLptCL14Ow5B3cXZdXFyOHDmCKxwtvSYQn5Cwdu1ap1WrxPvS+F5iESEIx7Zt206fPo2hgohoNFrxMvblK1eCgoJw13CRtVotJGPz5s2nTp1S7nb1kmF0CQ6d4ahzTjsAkRVcuDRynu5wz275Xbsa7QDNFpf63rh0ueKWXQ/I6x/a4Z4d7HeJpXZnKZtjMYxnASllwXllUxhGb95WfTETSIre9YphvBy8dtjSHJNhKFufZRidv97+SEV79WV5RXSUTdl6teKW3VScrZMqu8W2r2LJblnnE22XQVQ6v1uG8eq+3v68qut7Q6yYCUdUlhf3bdXWR3MYZc+u0oKmKJuy/dg2nU5XVFRcBsMo7GmRn84Go2NKa3c5u/tSj0IyeoCj2PikjIws5Yago42LYiYccCstLX8xDEPSvaqqmuxc67ppjWxNhKYnDNZT1I2N1TU1UglNT1WIEpTwQwxWka+rr6+oqMjOyS0sKrEoj0Q4hiVLSEopKCysr69XqdXtuKSEV6opiplw1EEBwbRabUZm9gtiGNWZuflqvaG+SfssQaXVPWMJSlDCDy7UNWpq1Y01qsaMnDyZYSgU41Vt8oPnSSlpZVU11Q3qWnWTIqWOExQz4XAI1qRtMhi1Ol36i2MYWfmFGpNZpTNYg97YFnlsIKeUWa03Nmj1RaXlDfLpciEij3VXROREgzVFZ7TJ0J7eltnQ8URjW35rNkOHs2zLsW+eTc4u26Dv1AD7TrBtm1yd4VFc3/Equiyti/Z0rLrDxRo6Xmx7RNf5qrvq3g4tN3RovF3D7BMNHfpZ37FX7SvqfL3GDk2yK1BvsC+qy66zPSpK0HUewW5KthumR73aaZi6uASbcdEZuihNZ1Om3cjqjZix/KKSrPyiouISxcY7BtFojU9ITs/KqW3U1Gv1Xal2V0NsJwCdJbyzLugMHVTGTh26BB97lTfYgF6XmNC5kT1W96hA27oM3TasMxp00Oje6bveYA9BekPHLnpkJlR2ZsJeYTtaAV0PvdcZygz2HdUZbewsSJdWxq73OlfRAUs7iYct5us69Ua3gmToxiJ03/O6bjBc30nU9R2hteOglFZUajSaFziHkZVX2GRqVun0ctc0Gowao6m7AOVRd2Qb9RpdfmFxg1bfW3aiBCX0lVBVr8rNL8y2hmJdi6XRaG6yhhYlvIpgbjK1NBqaY+OTUtMzrQxDo1NwySGCXjETjhgYjuKSMolh5LxohvGo1gqVprBG3WUoqFaX1DfVd5QSRKegqEQRHSX8SBlGQVFOQVFqblGVvrW8yVShITS3/3cXTE+eaOrqkKnHcztn6zmx+UmyPfVlNveu2b3M0LEx2ubyJmNMfFJaRtYrYRgNOv3zgv6+xzAUM+GADKOktPzlzGGgG4ZGvbFSrT3mn7H9frKzZ4rz/Y7BM4X0HZ4pIZllj9RAb+xSdEhEw0Ug/nz7pa5J20OZHBX11jVq5FaRn3Tb5okSyFDXJBqptStEPlfKo30uumEHec+3l3ruFiW8UIaRnltUa2it0jYTqpXwKoK153XmSo1JYhjdzmF0RzuEMj5Wgzi3uzwc6q66Hs76cTAMY88MQ/SSHUr3BkKftGOVYD+H0cYwXvwcBpVpjKaiatXMs2HeySUhmeUBaaVB6WUiBEr/YdkV+71T9nomS3TEUK/Vq7sRHW1zi9FiMVks/DcZmx8rN08UDK0Wyu9OWHXmVrlq0Txy0gZOkVmFxmSWSxCZbQvkLApRG4wic6PBZN2V7lr1PFqPxQVdi7U35GzPt5d67hYlvFCGkZZbVGNoxbwJkqGEVxMeMYxu5zDQZVsdlJUXNUcTOdogwVp3Og50kKczCbCeZTCigOr2m9xSup4UTrFiSIull0JFZs76UTEMMShctb7VIoOw/aNs0lyIgFDbUet9xyrh1TOMwsqGZa4RFWqt1mhSSbMaapugN5t9Eot23k0SEx49MIySqpqMvPzUrJzsgiIy6FssYtrAdlJBpvaSZdXLjrhsaMUpYleKaER6SmZ2YXklciaO2nJYCuRQem4eVecUlci6WlHXUFpdK04hsby2rrSqhggpmfmFcSlpmAqBO21XVFYBQomrJsIuFYlDNEOukfy11pmSNhIDlLSRGJ3ermFiNyohMb+0XAY42pCRa+2lrPxC0UsUJc+ayKeLvrLph0cTKnXSGw1WbdTqKYdr56KkfnvUjXalKeHFMYwqrcIwHJdhiIfnYxKTUGdgQUCNrBfEo+ITcgqLUU/rDKgNCskZOESG+JQ0ihU8Qxzln93CsgqfgECBGzXqJmH/EtNBqyLAJyo+UYCPqFc0TG6hHCFDbnGJp69fux3V922GIXWFLjYppaC0vLiyOiUrmx4QuPoIAKVpaQl+GaPEoooqeTjKauoi4xIEbtt2rBIclWFUNSx1jShXaTUGY31n+m9q9oZh3EtSdcMwxL/aYHLZvWfchIl7DhxcsGjxjNlz4AR6iXvKMwFoOLuCAeglEmolHDo9ccnQWvOQgaCTdongo5MfUZs5Z+4dT2/YLvIkO+4iD0xi9vz5CxYv2X/46NQZM5c7rYJnmC0WNH/A118LkkH5l6/dOHL8JOd63Lg5/PuRy1Y6zZo7r0hiLVRBtgmTp2D7rVMd5haEfsTIURwVZMVosQgrLhBEzJRQFNcYGhkl+zcGy6OGCfZAnpFjxjwIDCYi0nfs2Tt2wsT9h48sWrps8tRpiWkZnC6oDMXKfKVJ8oH0Nv0gT5nQOYL+0y0UctfLp8VizaY1t4r80p0sa5utjdEpuqcwjB8jwxA6KLBiyvQZ6KnJYkUPkzR3KPjBgSNH5y1clJCabsUcc6vObJGRSqAWOohy3bh7b8nyFWTwD3mIUdS1axmFn7/ktnHrVuFVo32cxbnbd+7yuHErJjF57IQJ0A6BaeijaJVcuEAe0RIcj08+64fXQSHPd/bX0RiGuF56A8QOCouAVwFi4JVAOQCwDeXMrXQUAXgfPuL7iNh4i4S6muYW3KpxEyfRsdZdk9lgsfRmLlkJr5RhXIwoU2maYBgaoZzWRzSkYTNoTc1eCYU77vbAMHSkIB9z5i+4eus2kfKaujMXXT/t1w9tLKupRRSsFFVnKCyvgH6yCyHFlpOIfJAfvcrMLxS2GXkiZBcUIUnltXVWeqs3khPSiltglISJRDGfISYwKfPrQd8ggsSLKipddu0ZOXospwMHr7322rqNm8gG4Thy4uTRE6eo+je//S3lczokmrq4BE4sqap5/8MP03PzrLTAYqUOP/3ZP+eXlIEvlA8PqGpQC4ZUo27EoYF6N1ssp85d2LzdWcyF0MjkjKz80jKBIJRJLTlFxZOmTvMLDjG0zwTSSzfv3ScPxbpfvf6P//RTvCujhH2cTrFizhbGU61qzMwr0Eg6lpKVI0+ZUGZ6Tp5435huySspo0vBViJZBYUiD5lps5jeUJTq5TMMbB6hoslIkBNtdx+bQQlPzTBUkr1p08HCYqBm/uLFIRFR1hWN61XwCVQPfcwrLv3gT38GBAR8oWsgjFCrgrLyeon0F1dUoUF3vX1WrFpNZPGy5QGhYYK7oMLVDWqsIzpIyWBFcmYW5wIg+FogYUxSMrqPbgIU6HhSRqaYrkArUXYBXKAKKeQpr60/fOzEybPnmy19lmHI7A0EAxuXOTnRmQBdWHQswwHcgav0ibh1wuiAh3RmVYNqzPjxwDvWpLS6BoIIw5gybTpjDWzmFBaD1fShmAVR0MlxGUbPcxg9Mgy9UNHlq1Z7+wcgAWLiYemKledcL+3efwD9pN6YxKSVq9d4+vqPGT9h1br1v37jDber1zj9yIlT6OHn/b+87+OLapFn+qzZU2fM2Ll331bnHb96/dfHTp6mtH0HDwMN1Lt46bJZc+dhp+NSUgVBQSgnTJ6CekMjkEgk743fvok+h0REWouaPuPw8RM04MyFi8dOnUGl//TRRyfOnEOlzdKcAfkRaBjG8O+/R6YFCiSkpv3p448r6uqx5aPGjIVuj580GagCodZt2syl7dl/MDg8AkF/86239h48BDPgf836DWCQX3Aoon/R/fLgb4euXrcelkNL9O03Duklv6CQFunuL37P9Jmzbty5B8TMX7QYd2rkmDEBoQ9FZwJeEyZN3ursgkv0z//6r0dPniLd9fKVcRMnfvHll1dv3qbxHIqMTwgMDRs24vtlTqt+99Zbd7x86KXd+w8ud1q1au26pPRMKlJul7xkhlFntBBUOLvNFsEnYI7qFmuKeDKxLYPZGuQMxNXtGRTq8CxzGIKOu172+O77kZADdDAxPROPBfXctHU7/+i16xUP0tdu2BgcHom2jh43vl///j4BgSjj7HnzcUXAMZQabQ0KC9+8bTvg9vv33hs5Zuyt+55iCjMpI2vqjJnkD3wYhuYOGTps36HDqBugd/32HbjLxClTAZOgh+F44TPnzEUfoRdbXXZQC1i8dIXTqXPnieBpXLpylfxOa9Z2+cBHH2AYYlDwl4C7b4cNpyvo/Kj4ROjFBffL4Or6TZtJBDBB5uu374JyA74eeOmKB4gN4NPtANqAr77OLy2HNU6bOYvS7nk/AJk55djpM9Sl7v3aTgrDeCUMo+nZGMbi5SvQPWmeX4ue7Nyz78wFV9QSugDt2OayA6PoHxL6xptvcgo6OWjwEOx6bnEpKnr/ge+QYcPgCl8NGhQaGY16I3/hMXEZeQU/+9d/JRtiBI29fd9r9rx5DVodFh1BVOkNwhVA/mISk7HiSCrWHVNNvX7BIVu2uxSWV1AU7OSul4/zrt3gAnEUnsRDx46Le3g0niow0mPHT4DiQICGDv8ObKJtiPUFN3eTxBiWrXR6GBXDiRBn5J6q4T3gBZE7nt6/+/e3oNg37t6fOXtOVHzCuAkTE9KslOiLLwf4hzyU5zCWLF+BYtDUGnWjvtVywe3yjt17zl9yo3CDxYKn9dEnnxSVV343cqRvUHBeSZnQw9yikt+++SYUByJP1WFRMd8M+ZY2L1iyBEZy29OL1lIXVz12wkSySWclcHViLlHRq5fDMARRqGgyphWWZxRX+oVHR6Vm1Rhaag2t5Y0Gdv0jYssb9fUmS0p+SXZZdVB0QkhsEidK76SY2H3wMIoMtcoDpE/LMMTtfNQNDvHb3/0uM6+gsq5hxKjR4APmfNqMmSjFvkNHtu3YWVxRNWLkqPTcfHQkLSeXkb126w7ko6iicsLkySgaSrpx67Z7Pg+CwiJWrllTUdcwZ96C0Kho8awY2hoeGzd3wUKqw+yVVFbjl7/x29+iqkdOnPS4cRPqjyuCvw7QYUcBmS3bnfETrly/uf/wEUpDSbGjNBgiEp2QRM5Zc+fWabTiJk5fYhjiyTbgLq+k9L0//jEuOZVEKB3dAmThZAL1/+Ev/hLgEhwxI88awRB88+23jOD8hYvcPK4yHAD4waPHYRjAcmJaxseffQbIM14//+UvI+Pide232pXgwHdJOrwUZL1XooVhJPRuDsNplZevv1GaSNA2t0Azb967j/YiSXe9fdiFCmA1cdZpRnpuHhFSkKrjp89s3LIVvwGTCR3JKy6F+EMCwAjKR/0Kyip27t2HdcelQD85XSvdpZPvkoyfNBlnvVlKB0He/f0fkD/sOuaca/b2D6Q0CPKZCxdpZ4s0ywKyvP/Bh5hn4rQfcjBsxAjIh+AckXEJk6dNp8yFS5aSaJGm5j7v/yW4cOaia78v+lMULOrEmbMHjx7j6OnzF7hMt6vXcF88ff0vX7u+zWUnLTRbLDNmz/EPDpUZBr30IDDYOn3SbH1AHWLBWXsOHIS2Uw7lDxw8OCUze+GSJfzTz5OmToNwcOKAgQNTs3PyS8qoa/vOXRMmTc4tLtmwZSukBOK1Y/deristJ2/K9BmcRc/jARw4crS0qqbzU/RKeEEMA25hJQdNxlUbt3z0ab/NO3ZjRQIi4zi0YNnKhcud5i5eusRpDSzkxAW3f/n5LzY67/ynn/3M4653ndGydde+9dt2OO89uHXX3tIGrUIynnoOQ9yYQP1ReenpitbV6zdgrvYdOjxxyhT8HNTNJyAQ3Jg8dVppdS14FZOUjAtBtvWbtkARcGPKqmtRUnJ6+QUEh0fidaBEMAZACX8DJwqgw+eZOXceiAG9OOd66fDxE5981g+ycuLMOWrB5m3e5ox7MG3WbDwfiwREeEpp2bn8AyDn3dw3bd1229N7+qzZ4mF20EY8GdrHGIZKYhjNUo8tXraCFMBq7YaNDyOjcTXpZGD85NnzOGPnXN04K6ugkOHAKMyZvwDQw+sTt6IYUyggJmP95i2A6keffIrtwD1jZFOyssXdYQWgHJZh2M9hNPT2Sc/25zAWLMSDx6ziZLtfvfb6b35TUFaONl7yuArOQt6RKmzhmHHjiUBjUVqo69Dh3+EWBIdHfDdyVElVNbuQD8p/9w9/SJIW6Rs0eDAMY93GzRGxcXgGKLmupbW4sprM4lZrWU3toCFDcAIQW1Bj/6EjMF/S7z/wnTV3nnhiCCtOGy5duVpUURUYGiZgCA4REBom7ulAbj786CNkl0LADqr+9PPPswuL4ChXblg5DQxg1Nhx1apGKkUBKA2vyPXylQ2bt3CNWPRpM2dSKddOydEJiYOHDi0sr6T9P/3Zz2yfw8DpuePlI91fVFPm//zJT6gabELfqIWreO+PH+ASjRk/PjYppUbVNODrQUAemYeN+N7Lz//jTz+DFVH+gK+/zi0uXea0ChW9fucunUmzE9Mzvh3+XY30aQa64qNPPqHDJUBU7pK8PIZBZP7S5WfcrzKg23bvg0z4hcf0/3pQQ7OlvNHw3eix/hGxHN3kspshu/0gcNqceXGZeUhUUHRCZEomkbCEVHWLRWEYTzeHgfwj8/EpaR/86c/SZGfdx59+imZhwyDizdKTVdYXzapqBgwchO3HS6bP41JSQQNMGqd89/1ItBtMmzpjJk42hg3bT8kz58wNj40TDMB6lyQ9E4cB9ZwwecrZi5dg/O/+4T1ckUPHTgA4WNMFi5dk5hd8NXAgukyTcMFpACiBX0GN5PcLDiVy5MTJVsl8rt+0+dHD2n1uDgNph58xKOAnhz77/HOcRnpg83ZncbcaQPuvf/1fGIWvB33jFxQSERc/buIkqAPdDphjNTZv237q3PnswmKGg/H9ftRo+AfF5peWiYflFXRy0LdVl7tGVDbqdCaTlSsYOgRji/lBUvGO7t9WlV+42uqyY+yEifjN8xctJpKYliFe4sgpKrEqcHIqtd/19uFoi2TCN23bjpQgNCfOnN2z/yBCg62FzmflF1ImSo6uIjdTpk2HFlA4ZhU4GDt+AvGlK53ComPEcxiAxbSZsxYtXXb42AlIw7yFizLzC6nins+DNes3iGcwG3T6OfPmX3BzzysuHTVmLPaYU7Y675BXzsCVGTlmrHiCElKSnJn1xZfWGYvoxCTkGJY9euw4Wou4gynHTp1Zt2lzRV19VELiZ59/cfDoMciE09p1azduclqz9uTZc7XqJpdde2jM3oOH+n3xRUhElPzuzLYdO8dNmHjo2HGu9/vRYwC+ZknxIEM79+ydMn3GrXuetAfMogMpZ9LUafklZTCbqTNmBIWFQ0ROn7+wc+++2fPm55WU0ocUfsfLe/uOnUbpAdWFS5YBeUAVsEUjU7JylOcwXt5dEjGHoTE5bdh03dOKiScvurvfunftvs/qjVutryC1WjZs33nT2//C1Zsc0losDx5GLl+zPiQ2CQpCtqv3vOEceZX11pIVhvFUcxjyC6I4wRD6Xfv2D/h6IOQbGEGXd+3dB0RA1gGTSVOmouMFpeUTJ09x87iGNuEio6RnLlz8dtjwPQcO4SWHWv3s8BWr1+CooHrQhXveD4RvA+9fvW49zjS6tmPPXs76ZsgQvJRT5y5cu3UbxMM0qvWG255eaLHL7j1Tp88Q0ISnPmjwEBqJLwE2gmyAgIt0t7SvPukpPyexe98BeBvA+PU3g7nwgJCHx0+fAQDBT7oReMwrKRNzPBgFKFpadu7GrdtmzJ7NOI4cPaa4ogqGwbBS7NWbt8Xbi/iBeKHKHIajrrhV1TD1ZGhoVkVCYXV0XlVsfnVsPv9VMdJ/UnHtqcCM3qy4xdjDKNFkxMV610166BLmfsfTG4vOKeKOBvrcaLQ+Pg3xpCgkA8NZUFYOvUC1SOQsSsN8kkel02NfSS+qqAQLMJb84xyIGyhyl6GoGNek9IyMvALxuDL/5bX1hWUVorXYbABFvH2KtcZBwX6Ll2OF6PMvXsoQ62EQwcOgXmqkwZFx8YXWc62mmmuEeuMAiVpQANiSWDuLYoEVKpIoeRNxlKGsupY2q9vf6cBDgjlxCieKXhLPpZMnKj4BdtVkMtMALp92SpfW1iG5UofTS8FhERRLA6xv5ZRXUh1eWpH02ojUq9ZPDZEhNDKKlj/6xJ0SXtpdEo1p6qw55z1uoG97jpw4fPp8dFr2X//ff51RXJmQVfDv77wbm5576NQ5570H9WiHb9CYiVM49OdPP4tJy67UGCOSM4rrNTX6FmUO4ynfJZEwQbzOHZuUklNYDBSgX+gaEdAjOSPLOk8gqbx4rYMI+sI/+iWmEOJT09DQUkl5UTErahlM1So1BZJNvG4KZbx0xWOrswuqGh4di16XVFXXqBoppKzG+i4Y2CVeVcvMK4iKT6yorddI2l3VoILuiELypZLxfD79/HO0Xry73lffJWmU8BZXDabFWNCxhOLKKgGkDIG4aVVSWR0cHplVQJ46MgCh2YVFOGOYDwHgomMZYvhcWHSs6EwFmhyQYVi/eVap0uzxStl8N3nb/eSt9+wDietvJ3olFT921XDGHj7RLC1YKdRbbbC+aHr05CnxMoVQe/E2plg0U5xltlh00qMb1oU1W1rFC5bkFxGdeMtcWgFC0JTm9rU75QXwKUpUbbumZ/tKfG0MWl7iU5Rgas8p9Ny6tlh7jaJ54u12sayF1EIrvVBLi2GYpaUmBJYZWq1FiVNEsWJNC7ErXse3W9PTtpfkNbU4yyzlFwBnd/miQ4TnZG4v1rqyiNQt0hoerbZLkZLB3L5YoaJUL/NJT8Ew9hw+di8ghCH2uOt18dqthmbLuSvXlzitIRBRt1h3L12/o7VYgqITNjrvrDNZbvsGzpy/cOW6jdv37M+valCew3j29TBkHdRIOoiuCbQxWSwyyAj1R1Oa2x8gE4tLilV3hfI+Qi1js8gmdJajpdU12EIOtQqtNLeK9X5s1/QUXMTcjgxtyw236yYlk44DQzl96pGprsyEQFrr+4ZSb4i+Fcjf1kXNZtGxbQMn5WH4iDe3o67oWHl1ZgF0Ci45IsOQn7cormtMK6lLK6ntHFJLajPL6yvV2sd+0kb+OMijpdkkIcObV+sNdt8KkT/8Ua/RitX0xK68QJtdxGZFPJFfY1u7bdUNNstidvldEvnLIGIxzR6+S2JbuNzs9gtsvwpp17ZY21rar0tnu8hgl98lac+v6fLy5UjHYuU+7Nir0uqitmsUKuElv61aqtLhmVbrzOWNehzeGn1LndGSW1GXW1lXa7Swa82g1osXT0obtETqTZaCalVGcQUpygTGUzEM+++S2CmLLVDIu3Y6bqvmsvLarq5rq1Yyp++YXy+vZdwlaNhBkzhFLqfPrxpuNyh0b1tfdQDPtuEg0o5vGlsQfhRp1ChA55AMw9jh6+1NBqPWZOo2GE2NevtP0fT+o3liKVxlcUkl/HgYRq2hVbAE/uXZCJXZ0iBWv5BupohvmgjyIRbgami2Lpghf01NCc/ruyQvFK+fV3V9b7pR+baqYzOMF/dtVelmf4daHxdsM6s7vobUKyVUhlYJfYlh5Bf2zDAqmoyCVQjqICIVTQabdKNNulGOiDwKb3gahpHePoehSKkDhCc1E0p4ORNLEsMoe7FzGJl5BdbXK1BFK9/vFDQ2/10H6yQVotO2fF5POdvyi9kwJSjhhx0kga+sa4BhZOcXtn+9Xbmd8SqD7dfba1SN4sNmL1cw9A5WjoOEJzUTSngZ8FXfpC15sXMY1TVZOblNGo1KrX6WoG5sfMYSlKCEH1xoUKnq6uvr6uqys3Pkr7dXisc8O3+dxCZS2Qtj2WUJlZ3K6bI6u0PdFdW5uspuGvxEjazq8cQeLr+7Giu7amcXiZq2GaP4pNTyioraurr6hgbGSBFUBwmKmXBABNNotVqdLv35Mwzpv7KyurikVDAOy9NukBWj9eFfZVO2H9eG5Dc3N6OfZaVlqTmFtgxDCS8/SD1vfVo2ISm1vq6eoWlpaXkWZFO256ssiplwwFERCPbCGUarjR62Pn7rUKzZ3FJYVNKqaLKy/fg2+H9hYXFZWXleQXGLxWI0txjNrSbb0NJx97mHlpd+4isMPbbZKGUwNJtj45PSM7IEw1BwyUE2s9msmAkHpH0lpWVNTS/gOQxL9wzjKUSHQhTRUbYfJ8MoQvpLywuLipXecBDUjEtIysjMVhiGozEMxUw4IMMoK6uQGMbznsPojmGgkUU1TUmFtUmFNXYhubAmsaAms6yhyWCym8NQREfZftQMo6y8oLDY0jb/Z50gVMIrCBICwSri4l8Zw3he1XUxV6wwDGV7gQzjBc9hWNoFWqM3bbmdtNM7be+D9N0+6XsedAj7fNPX3U70Tiy2VafuGIa4S41gtd0QfRXdJ1XeLDWj+RmFWyrNrAilsnXJMNrmMBQAfdVbS+tjGIbEAbsYJjKj4I9Fqsfa/s4ZekkXum7qj4NhiEFpkbYn7X+FtTyLUSt9SQzD0jZs9WrdgvPhOZXqSpW2uLaptF5TWqdp+6/TVDfqr0Xm7fdKaW2f8OiOYXQWFEdwJpDhV+uaKFufncMoKlbkxCEYRu/mMHqwUj0M4mPHtwcD+UTF2rS8j0iUMofxI2cYlnaGoV3tHqVv7lZPwjPLDzyOYQg1a2pqCgsL8/Dw8PPzq62tldWm81OjtrS0y3S7SI/xVvlaaEBUVJSvry8NiImJMRgMctvsnlnt7llWERenFBYW+vj4NDebbC+kc5uVTWEYyuaADENESLlz5w66TJwMtppbXV3t5uaWlZUlzKHdiTJ0pKengwN2fKLF+oUTS3Z29rVr1+Li4x8+fCifyL+3t3dBQYFcrB2babZ+3sRSU1PDuTqdTqRHR0eDnO1OUV8Qqi4Zhtwbnp6edFFefh5Ybc+xpDxi/thkMt24caOkpMSaQUqh30gRA2EHy8rmoAzDyS2qydAsDZitJrSJeUh6Wc9zGEIUEILP+vWbM3cu+rxi5copU6Zg759onsBOsZ+o30QbcnNz//N//r/OnDlDG2bMmDF69GjEsff+it2WmJi4bds25YUrZeslw5DjIGBCQoKtJCvTvC+ZYdj28PTp0+Pi4jqfOHfevJMnT9bV1fWMTl5eXosXLybi7u5eWlpqO6y7d++GTODS7Nixw7Y969ati4yM7BnusK8DBgyor68Xu+Dn4MFDRGP6xs3ZzgzDNr5kyRJIFX7grl27elQ37cCBA9Mz0uUUyOKYMWPsYFlRKEdnGBrBMLoap54ZhswlJ0yYcPrMGfks6IXRZCwuLkaRAgMDUSQi169fz8mxXlhKSrKY5DCbm5OSk8LDw1UqFbtlZWX5+flEOJqZmYkYYeZv3rxZWVlJYpG0BQUFwRvgtgEBAcSFqLHLP4XPnj1bFr6DBw8uWLBAyDqiDGuuqqoSLBguQkpqaqperwcgYmNjxSk5ublUl5aWRhxtz8rOMhgMtJz8nJ4tNZ4LT05Ovnv3bllZqSKyCsOwm8ljW758OdLSG1atbM+dYcj3f1HtYGmbNWsWCiuMOmqbkZFBHN3/05/+BBHEhgE+Pj4+gAkwwrlgjsCQ7OzsxsbG0NDQrVu3kmfOnDkgWHV1tSiflLlz5/IPfOGKpKenP/D1FXMS7MbGxArecP/+/fj4eHkmNSkpCYQBD8HG8ePHk59mQ0fAmQMHDnh5e/VVhiEi9HCotM2fPx/aR+eD86TTG7iFYphIDAkJuXfvHn3CQMycOdPf3z8sPCwlJUV0KSAvqGRERAQMjzFSNMvhGYaxW4YR2iPDEDN+5eXl77//vrDf4kFLIWGrVq167bXXDh8+HBYWtmfPngsXLgwePDgvLw/XwdnZmTzoG+KyYOHCK1eusEv+oUOHErl8+fLhI0ciIiP3799/5MiR7777Dk0+deoUpTm7uMAA1m/YcO78+bNnz1KOPKUGw5gyZYrslMBLPvjww4rKSldXV9LPX7jw3nvvQS/gFtZWHTkyctQo/JujR4+yC6Em/8aNG/FUPv30U4gObZsxcyalTZo0aerUqbSEbFwphGnatGlAFdghA4ciuwrDkBnG5s2bHzx4IDgxgg3bACsRJOHXajSaqKgoYYoio6IE1VZE6HkxDNnnWbNmzarVq86cOYPaWifk8/KAET8/P7xn+p/IX/7H/7Rz507MP2hDtukzZly6dIlxwWkWGLJlyxayYQgBGcbuww8/XL5iBVDWhq5ZWZxCJCY6mipOnjq1dOlSKqUZMBIwCqx4++13zp47B1ycOn2anJQ/ZerUY8eOYU0hOrSkoaEBOgJCcvTatWvnzp1rF6QfvDzYMgxZNehwvL6Lrq70GD0A/6M3Kioqhg0fDvG6cPEidOHWrVskrl+/nm7EU124cOGoUaNcpVOgcViZ+fMXQB+xC7t27eKsZcuWiflyRYn6LMOAgX777bcCKzHhmzZtOnToEJENGzYgAfKsBnq7aNEiTy8vbHm/zz9HSg4cPBgUHAwQ42eo1epx48cjf5SGOYcHiLMw9n/+6CPE8fz587t37yYRJf/1r3+NqyG4QkFhgagiNzcXNiDujIhJiAkTJ3h5ecFgBPuh2KtXr8bGxqLz7Pr5+4sIiYLxQJ9xL5YuW3bjxg1qhPGwC4kulKqAJOHrYDC+/PJLcWtQEWuFYXRmGIgNfi1y+Nlnn3l4eICDWBF8tTfeeAOfDLlCaJF5ZPvnv/iFMGaKFD0XhkE3iunMjMzMYcOGifjixYtxf/FqZsyYUV1dDYZs3+7MIbwLwfOsE65GIyq/0smJ4YAoCCjbt28f3jZwsXbtWnb5F09XiIGmzLlz5xIJCAhwcnISDnr//v2xgvAVzoIuACxitgPHKTU1FZAU91ks0mz/5MmTJ0ycKFgF28OHDy9evGDpK2+u2jIMYSaQ+SFDhojpamhBQmICDBvqAG7/009/isoIR1EvbfQGxAJbsKKd1eHUubi4wNswK3T+u7//vb+/P8Tx//mbvxF3wRQlclyGIZ7DMEsMQrzbJUt5SFpPDEPIhMBKvAFRMqOO5QZSoaKoqJCtEydOiEc0bt++Lciss4sLSosyo7EQ1RMnT7q5ucFqYa8cbVCpKAd2D0eZM2dOdnYWHsD1Gzcs0n1u8qPD+CLgNbRANAZJBU0ErLBFRERADpDOhYsWCRG/f//+hQsX4CX4IuxSAiBCBNaMngMuZ8+evXnjBr6Ft48PSAFVgmEAH2VlZWTDH71z5661T0JCgCeKEpevSLbCMGwZxurVq5ExXNKjR4+KdLznhIQEVAB1CAoKgmHgEyNFO6Wb0Ir8PL85jDaGQf9v3rxZZMAVTkpKOn78OF4EZp6ex2nGzs2ePRuvpsVsRv0vX7587vz5PXv3Si7yfME8ICWMFwO3fft2Coc4Yt5k0AMfZs6aJRjGaWmKgm3cuHHUBVAAPgcOHJBvv1Im2YAj+dFOipo6dSqMhKpFyv3793CirPLQJ9YN68ww0tLSVq9ZI47Cuemo2Lg4fFEx/bxlyxZoB3gbEREODoOu69avh2EwjuJpXCjIxo0b6TesA8g/4vvv0SC4BeUI1qJsDsowVrlHaaU5jNZu5jAOeHfLMOQ3L3x9fd9+5x34ASKCJH0/ciT8YM2aNbAKjsJDFy1ahAnHMB87fpyU1LRUcNbd3V3UIiYzkSecDCJCY78ZPJgMsJNf/upXQAN4ffjIEdLz8/IGDhwEn2hQNSBh5vblN7Kys998800EDin09vamHPFGyYABA3x8fBoaGt555x1EE+Xv/+WX5Afr582bRwSBhgxhACAuNHLKlClgRHJyMhAAAfp26FDxdMiRI0dcXS/RQhKh2F988YVGo7E8zaOpytYHGYb8avSWrVsRSwixcGHZkCi8LmzViBEjPDw8wsLD4dPTpk8XE3WK/DzHOQz5vu3/8Zf/kQ4Hi8ABTBQAhbIbjUbihYWFOEU4wfjKxMmAggMRI0eOhAGMGz8e1CotLf3vf/u3YWEPcVFgBpQJgsFFwIf271RXwVGAF1jIP/7TP8Fa4BCDBn3T2NgI7oFC2L/RY8aAFTg2Y8aMocbxEybAO3FXEAYyTJw4kbNGjR59Q5roxZu6IXlQfe85DDEodN2vXn8d5KS36fPExMTQhw937NhBzxQUFFRWVr7++uvR0dH/4+//Pi4uHpT+rF8/wH/SpEngs3UeaNiwwMBAspFC58+aPZueZ0A5ReZtyuaQcxiXIhulOYzmllY4hG0gMTjtMe+SyBGcA3go5BQqij6je/ADxEjMKO7Zs+fixYunTp9G8UjBexg1ahQsQZybnZ29a9cusVrXwYMHUT/BAPbu3UshSBii5u/vD4MR+VH7tWvXQmmhAgJZhM5DbymHEmhGXPucSkZGBum0TTztAehQoPBCUHgriwoN9fPzQ8r37dtnbeSpU/Hx8agB7kVjoxrHQtxkAUEgKHCdNWvXQr3FpSk+qMIw7OYwJk+ZjJBnZmb++1tv8e/r5/f6r3+NMaupqQFYIbJilpi4cv/4ec9htMhvsKPRK1euxBXGXcF1IYXIpk2b8IxBACzT8ePHxYQ87g2HyCmmE9D9hQsXMUx4FOASIwhZFPgG1QCU5Ko3bNiAvYSjgDnwAxBJPEYKzuBfEaFMgGj79u1il3/iq1atAh5pEjhDmyEZ+/fvB3wWLFgg8FDY477EMOQZcXAbb/PcuXP0OZdMdzFM6AU8A4j28vLi2m/evIkzCQ7DxWGKsD1g2cXFBdCmEBib8D8ZGvqfAYWsC09P0SNHZBiqJv30M2F3E4r9U8t8kksfpHQIgenl+7zTzgZl9bwehm1cq9V2ycHRZA7Jme/evbtx0yY7aO68iVuktlXIEZPJZENdHzXA3Gy2VVH5USODQf/YAZAb2fNGUXLVilgrDMNOEvBZU9NSieByYXsOHDgAGgqJvXr1aqr0phIuGtmU/nwRDEMeCKDD7uVV8e6G3ZDxL95HsNi88tCerYN2U6D8JKlFWsRi85Yt8tMD7bjXoUbSbdvAibYOtwx9+E5wkb4EKZ3eJbHIuN35AXky265uYL171TEP3di5c8jTG7hWtlfBMNoHyths9kwsPhaYeSwgs+2/PRwPzDwakHk6JDuttN5WSrpc0/NJ13YFYQWv7+UafJ0O9WpR3s4vx3dVbOtTK7ZCLxSG8RSioojNC57DeIIFuZ9uLOSn0Orr67sb2S6/X91dUXjhfeyty57Xw3g6RFWU6AfDMDowwdZWg8ncXTCZW1rtRafbL591v3Zn1x+Dt1slszMzsF27s7tFOXtogG26Lfo8dglRucbOjZSLUkRcYRi9XBlaEZWXzDBsVb6jdrd0ng3tBBqt3a1E3HnN0PZ4S3cIZreQuR0Q2c1k9PnvkshD0EPfdgn73Q2c8jVdR2EYre0Mo6j4eX69vfUZLlWRDGX7oTKM0t7OYShy/jIYxiv6enurpVX5tuoLNRPK9hxlVcwmlL1ghlFVXFL2rCrd2ipoirIp249t0+n0RUXFZeUV8tfblT555QwjNj4pPSPL9tsiyuYI46KYCQfc8I5eDMOQdK+yqjq/oLDFbDZIm9Eogu1msPm3i7Rl1uv1ZeXlYklX46NCugvGx2VwhPCDaKRDXZrxh9zJT9USSdTVanVJSWlBYVFhUYnCMBzEksUnJufk5Go1GqDJYHhqYTC+Otkz9phi/AFqmTATFZ3MhNHxtNvYp/HfFr7401dWVmk02ozM7BfCMKqqazKyc1UaTZ1K/fRB3ajSaJ+pBCUo4QcYahtUNfUN/Kdn5RQVKwzDURhGUkpaWWVVVW0do6NIqaMExUw4IIKp1NBwrU6X/qIYRlV1Vn6RxmRW6QwqvfFR0HUT0Rk7ZNMb1Xpjg85QUVNnX4ISlNDng85Yo24qrUSJCpU5DMdhGAlJKbmFxbVN2gatXsElRwiKmXDYQamuh/i9uDkMGEZeYZOpWaWTVFEKDe2R7kKDtsNuvUaXV1DUpsxKUMKPKVTVq3LyChSG4VAMIw6KkZpR26gBmhRccoigV8yEIwaGo6i4tEnzwp7DsGEYj2ptNBgb9d0H6agdwygoKlFERwk/ToYBbioMw7Gew0hITs3IUhiGQwXFTDgmwygpLddYGUb2y2AYar2htkn3IKXkUlhOl+Hiw+zrMfkZ5fVqebZDb+xGdLqQpIYuE5+3zFGgCM+hKJ2iD0pQGMYPkGGkZ3bHMHpAhl6CRg+w0F6C/ilgxK72PmWMuzUT9l302Kt+ogFVggMxDCprMppKatXzLkYeD8w8G5p9OjjrTEjW6ZBH/+cf5qy5EX8qIKNBoiOcon6c6Dw2NBmb1R0nRZ4xqK0TLSZR5jMKn1yOEpTw1AyjhzVnnyMj6XK1OoVhdEaAxu4Bpzf6LuClS0LAoSaTmaMiw5MWCxLaoiKh79jOx5kJ0UVy3/aEyR2Hz67flPCkDKO4jWHkvAyGoTGaCqsaFp4Pz69prGnSlTdoKtXaSpWW/wqVNdRpDbdj8l3uJMIwGhGa7hkGoy49QKqXKSq7bY+USjNmDVqdqLSyrqGuSduZkMrzELYw0T4/0XZuZwQRminETt9isdXSzuXUd1WOvGt9EKa9DW35NTrbST+FOyuh93MYL8fqK5MoPTAMocWV9SoOCe2WM/CvbW4BiAgC02wBwTZSo26qalBb0dJkFoWIQ5hGDuWXllc3qKtVjbZw0WWNtmhDhHpBQvlQcUUVgSr6CMh0zzBEh8hdxG7njrLrzLpGjRhKctJvFXUNnbMpwVEZRmXDMtcIKIXOZOr8TIbBbH6QVLTzXpKqG4Yh/rHrlzyu+vgHorRWUdDptebWwIdhZy+6CgUWjJVsaNGipctyCouNFgsSJjipmGYUlJbCyUb+NtGRjsq8QdPcYgsBpHv6+m3auu3g0WMuu3Z73LyFtqOlgtDYlqO2K0fSZBHII6XriOw/dOT67bswFSH3Ir8IwllRSIbCMLpjGHI8KSmpqKjIIi1ryNYibW0qmZUVGRkpvqoljsofxBI5pYWQH50lNjFLISfKkxbiU1tpaWnJycmiAbbV2eya5fzsiNqbmprCw8PFV7h+0DSlO4ZB3MoJDEbwISo+UQAOACVAhkhQWMSipcvDY+IEdXiEFe1eNThmslh8AoJ27z8IFEAmsHYCBMjJIS8///2Hj9zx8jl17rzs6nB078FD4bFxokZRuChZoAoRg8WSnpO3cvWa0upaCiSnb1DIilVr7PCt7zEMErleOt9l956I2PiA0LAdu/cI5Jd7T+QRKVUNqtXr1scmpSCy+Id0ZkZewZoNG2XbISG54vs59hzGkosRZQ2aJoOxTgM5sL45IgWrWdWaTF4JhTvuJjV0yzB0wnLPmb/gtddeK6msFppWXlvP7oCvB5IZFBQ8A0XKLyn7+NPP0rJzTe2J8oyimGw0tFqsXNVgFPMfYmZC0A7UD6dBY2Ppia9Zv3HxshUU6BsUPGb8eKc1a8lDZp25VbAH2win8I98C4ihXjHtIXaJ3Lx3H9yxxk1mMRcndF5yd6yMW1AoRVIVhtEVw2ijETt27PDx8emsj3l5eYMGDQoODn4un+e+c+dOfb31k4TXrl8/efJkp7mNlp5Pr6iomDRpUnV1taXHjxv/QBkG/2g6Wg/IzJ43PzgsgitEf8mDXovZi8/7f+ntF0AEzBHmSispuy0cM0437t5bsHgJeLV5u3NCajogJuCIDEtXOIVGRt/z8XXetRsksVKHVuvR1es2+AWHUmOT5O0AUzLmEK9WqWl2anbOVwMHFpRVUDKJheWVE6dMTUhLl12vvscwrAbF3Cr4xNIVKwNCHiZnZrtfvS66pUbVKLBd32ppNJroBDq/oq5h8NChccmpdKygYilZ2eMmTKxWNRKnQIZPALsSHJdhLL0YUa7SagxWAmHXIJ2p2TuxCIbRwxyGIJ6Hjh1/6+13jp48zXgjKJev34Bh7Ny7HxGBni9aumyrs0tJVU1xZfW0mbOCwyNv3feEv3Mu9D+roJCz7nr5hEXFYODnL1oMwyVnRW098nfO1W3foSOc63Hj1rqNmyABSJUgGVS0c+++G3fuWYHGqvnajz/91POBH8LnFxxC5h179qbl5JLZ09fvgtvlTdu2Uf49nwdUQTZgAsjYvnPX4mXLQQowIuhhOL5FYXnF2YuuF9zclyxfERmfQHpMYhLZnHfupjQBFoqwKgyjuzmMrKwsLDdqXFlZmZGRERMTA6Uwm80uLi7btm0TX6muqakJCQnJz8+3SN+zxt6XlpampKSUl5dzSMyCcFZEREROThsWlJWVBQQEiNkR/t97/312yZ+enl5XVyfKiWWLixMMhjbQgMTExLS0NNE2slFpSmqKOLp69era2tq+xzCsRr25JTEtY8t2l70HDn351Vcxiclo8dVbtzdu3XbR/TJOyG1Przd++9tLHldTs3OBneVOq9Zv3pKZX8i5Zy66ltfWoeZ3PL2T0jPhCpu2bqOEod99t3bjRoACMaC07MLiqTNmIg/+IQ+nTJ8BXKxaty4+JQ1QWrvBmg0UApqIHzhyNLe4BBtZUFZ+9OSpZSudgsMjkjIyJ0yeQkvwjg4fPwGmAaHnL7k1SzjW9xiGGBTQdduOnfsOHf560Ddh0bG5RSWBoWF0NZi8ftOWE2fO1aqbYpNSNmzZunj5CvgW/TNzztzd+w7sOXDw2KnTlJOZV4AFIZJdULT/8JEtzi4RcfHy7XglOC7DaOqOYST0yDDa5/02bd2Opg0ZOgzwzS8tnzBp8vlL7ttcduYWl97x8kHbd+3dJ3gDeoUMzZg1OyI2vqiiCiICdaCEgd8MDnwY7hMQSOZVa9cfPnYCXs/RTdu2RyUkIkwrVq3OKSxeuGQpSCF4Ky4Chv/0+YvsQmVQTijFybPn0PP3P/wQCUZjx02cBDtZsXo1dCEgNOy//be/2bV3/z3vB//j7/8OQCEPlXr7B/7urbcq61WgDLKelpNHvaQfP32G1uYUlXzevz+MhGIzcvPFvJwirArD6I5h7NixIzomJjk5+e233z5w8OCw4cPPnjunUqkmTZ7cv39/aAFWf+7cuRyaNGlScEiI0WicPn36lwMGuF++fOfOnbFjx7rs2LFg4cKdO3fCSGASUAS4wuo1a44eOzZu3LiCwgIKQUR3797t5uY2fvx4X19fGMyWLVs2bdq0fv16ZxeXlhazh4fHRx9/fOrUqX/+l38JCwszGAyUdvTo0ZEjR0JlIDoLFizoewwDU43Fwnvp90X/K9dv4sz8/N9+AaTgY4wYOQpd3rzd+YL75eiExPc/+PDqrTvJmVmoPKoNwgA1ZdW1A77+uqC0HH6wau26W/c8YQNrNmykhKHDvzt9/gI+tJiriIpPnDJ9Ot4LHtQ//OM/gn7u165/PWgQELdluzNHQyKiPvv8i+iEpEPHTsyhqxubcNz37D/4MComPCYWyrJw8RKOjp80mbaZLBZgEP5hklzzH/xEqa2ZkB6eADarGtQMwZkLFyPjEn79xhtR8Ql3vLx37z8Qm5T8+m/ewCiQjlfp7R9AhN4YP3ESpmTO/AVr1m+IS079auCg2/e9ICXzFy1hgGbMnnP52g1cxIGDh2TkFSizy311DkMn7nQsWroMUonlJoLVd7t6TSLpkxt0emx/SGTUNpcdcxcsRGIGDx0Kdbh8/caZC654CYuWLdu1b9/D6JhZ8+bpzBY4B8xj8bLlFJJXUorfAKYjPag35t/LLwACC9mXb9SRjXJ0La2ILwyDWs65Xtp38LDrZQ+ulxauXrcekd178FBQWAQpI0aNxr0AUGfNnRudmKSXkMLjxs3/9//770XllWCBf0hoalbOjFlzLO1zdMkZWTv37sNfgaCIehVRVhhGZ4Yh2+mlS5eGh4dHR0fPmjWL3eLi4k8//bS5uRk2IG5nLFu27ObNm0TS09NHjBhRVlaG1Yc0kOLpeX/hwoVEbt269c033xA5c+YMtMAqzCqVVqsl//379/V6/R8/+CAvL4/0I0eOUFpERMScOXPgGSaTacaMGdR+9epVuA4ZvLy81qxZ09La0tjYCJtxdnY+e/asWq2mnTU1NX2JYeDw4PWCA1j3WXPniXusS1c6PYyKxm8eNuJ736Dg5U6r9h86QrZJU6dVqxrNFgseCEbOZdceDoE5CxYvKSyrAHNwV/A9gh6GL3NywkDi4aRKt3frNVr4R3hsHFikNbfeuu+5aeu2ZukuzLfDh1MXngkV4cncf+Bnke6qjBk/wcc/cOToMUUVlZRA5vTcvK+/+QaayOn0PgjmExB07NQZY59jGOLmFFcNh5g8bTo9j87QmaERUQGhD4+cOIk5GP79yA1bttK9+IpkgE/QFeMmTASKsQWMplWM/QIYIHw8IB0w//d33jl59vzNu/c/7/8l5kPcDVcAykEZRpnK+hxGvUaQBkND22PYht48hyEYxur1G6D5qOUHf/oTaqM2GMOiY1etWw/PWLtho5evv/vV68gHqjtk6DBEKj0nb9h3I0ABwBrdhq5a75tU1UyZPgPpOXn2HIgAXZ04ZUqV9Kj2hMlTcDWIwF5JEf2F2rvs3nPt9h3rU2zSQx5UjTty7NRpvA2LpKuIsl9wKA7Kg8BgFHvmnLk4JbR5w5Yt4TFxlzyucojI0O9GQG7gLoJhQJwNFgt1fT96NM1APRD670ePgc2IW62KsCoMo7s5jE2bNsXGxmLyDx06xK7BYJg2bZpWp8Pke3hYie+4cePEzQ6s48yZMxMTEzdu3AjPIOXu3bsHDhwgEhoaSiIRX1/fCxcuwAygBa6ul2APpLS0mL/o37+qqooMly9f9vHxcXd3F4WzuUnx27dvX79+XTwKumnzZp1Od+fOHfjK1m3bOKW2ttbJyanPMQy9YBh4EWALcIThWbhkKU4LXsfBo8fE2x/8F1dUjZs4qaymDnqB53PPx/e+z4ONW7bCMMCc4kprx4JL3n4BweGR4tHC+YsWZ+YViKfKDBIgTJwyFRIDLu3YvUcwiQEDB8YkJsMwAh+G7z14+Lanl0V6rmLU2HFY0+EjvseNoa/BE0CGFuJcLVmxggIhFmcvuh49eVpiMLo+yTDosSnTZnCx9ACOKAYCqHfeuct601DdRFd/+Oc/x6em7Tlw8NIVD9zCpStWpmbnAOA4geTxuHlrq7MLfuyGzVvgHCNGjsL3wwmEtInXUhR0cuB3SRp1OhPeuQGeIUKj9G+U3iXpYQ5DPB0Nw5g+a3ZkXALqB8+A3UuU0x/v4Z73g0GDh4RGRm3bsXPUmLGoNyQARdW1WIhMmDSZUy5fsz60Ae2A5BKJS0nFjVi1dl1OYfHrv/kNWGCUphAx8OExsXDbh1Ex4sYb/+s2bf5+1Gi/4JATZ87+8vXXj548BQNA8v7xp/+Meu/YvRdKUVmvQpkBArrg/Q8+eBAYRIPnLliAg7JspdPp8xdJoV6Uf6vzDk9fv6T0zM8+/wKVgFt8+OePqO767TsRsXHzFi0+f8ndKEGMIqwKw+huDmP58uWRUZFhYWGbN29mV61WDxs+HK12c3MTsxHOzs6CfAQFBU2bPq26unry5MliQuLmzZsQFCIPHjxYsMA6mQFRgD1cv34DwmEymZYsWQILIfLzX/wiNTWVDKdPn75161Z6evqgQYMaGhqgDgO++iozM5OzOESGyMjIffv3e3t7DxgwQK/XX7x48cSJE/X19QsWLOh7T3qKuyTwhj+8/z4GG1slvA7Q6fd/eA8gOnPRFZejvKbujTd/BzKkZeeSAUaCp/H1wEF1jRoYyco1a2/f9yLdLygEUwcXAWpApOWrVkNWxAPjVDF95qyCsgpKI6fnA7/N250xnLRh9rz5IBUG9ac/+xdgcM36DU5r16n1pnUbNwE4t+55ul+9FhIROWTo0PLaekzsspWrQCROxyNv7hvw0tVdEnp70JAhu/ftxyekx8KiYzx9/bELaJObx1WY3LfDh0MmPvjwT3ikF9zc3/vjH1OysnE+6VUg+q/+6q9gb1kFhfio9BvIv33HLsB578FD2A6MmjKH4aBzGHPPhmVVqsobNEW1jSV1TSIUS/+Vau31qLwe5zD04jFsFKawvKJRWhVDPBucXVgMRa1WqX0CAjH8QeERKKd0my2wtKoGHoCEoYT6VuvcA3ZdbbBS3Tue3mddL/mHhMIzyqprEayqBrV4cts/5CFeyNVbt6EC4klP/qMTkpDOy9euu3lcIy5eeaL2xPSME2fOXfK4WlxZzW5AyEPr86Qt1rfCsguLOJG2FZZVwJFBFt/AYDwMjEdUfEJmfgHYAWXhKiDIDwKD4cgcPXTs+P0HvuL9F0WUFYbRwxzG/v37ExMT4+LixD0R9Hn16tU6nc7T09PN3V085rl27dr58+dPmTKloKCAQ2vWrCktLeWQn58f5p8IBGX37t1E/P39oRQwhqnTpkFQVq5cGRgYSPrZs2d/+ctfQizYvXr1Kin8U+CkSZPELRgIDScSSU5Ohmrk5+fPmTMHZrN48WIvL6+6ujrKF4+I9sEnPU1mqMPx02cw8Bih3OISfYt1YuPI8ZMX3C/j55AZXKpWNTKmvkHBJ8+dBwTIyel5JWUnz567fuduUFh4FmNdUBQQGkaB6Tl5R06cJI9YJAqSsXPP3tPnL+SXlvkEBF26cvXi5Sul1bWga3B4BOgHxMEzjp8+e+3WHYyreFaM+IEjR3GlcJweBATRDALoBxyNHjeehtHOvsYwbF4epjPpW9xOwB//DT2CUtAtV67fBGCjE5NA3fCYuGOnTkMyIuPi6RAwGV+Rsxg+rUTsGCm1wQTJ4Cwsgn9wqHjRT0Enh2MYTQZTaV3jQteofQ/SjgRkHPRLP+Sfcchf+rfG048GZK6+Ee/60Ppwk1rwiW5edJZXu5ID8kSi9e2jFgvKRiCCZBgs1sQGjY5dtE68+mW0tL0wJrLxL142IyIsujhENoLtslpkM0mzjgTxwpj8rprJJjPnijUwRERusKa5xWhpq5EqxIswti/NEiGbtf0Wi9wYRVIVhtHDilvykhWy5RYReTULkdjU1CQvXCGn265mYXuWYCriPRS5WFLEiWJhDDadXqfT622bIS+MIe7XqFQqeRlQ28b0vbdVsVUmSWf1rW0goG8HELFGhVBn8cq6vh2gxMyoyCawgiDQQCMVqJPyUBGAkJyZBedgt0XCEBltrNgioY1INArEwyMymsQuOCNQRYCexfrgSORF9yt95w5sN2+rij40SN0lFmkUOC93ixXSbYbDuu5Aex+yK7xK0W/CahjbYVmBJodjGII01Gn1UXmVt2MLbsUWiH85sHszJt8zsSiron0NtR6XUum8qq7sUsjBNqecYrs0m23mzqtqyum2iWJhPkKnzFrburqM2DbPLtH2umzzKEFhGM/4XZIuZz6eaO3OzmfZrh3e5TrifXX1z+5W3LJVW1vAsd3tjDmdT5TRQIp0ABlBULqsqMsa5Zx2IFMnfXe+T5nJbsxEl33bGYTtTEDn0bErSsElB2MYxg5fb28yGDVGUw9B+baqEpTwBAzjUWJrD9bdjhPYHumOVXTLM7rmFvY8xq6EvsE5HvtdkheK14pGdBcUM+HYDOOFf/nMfvX+9qU8OwfrIUV0lKAElfJtVYdlGK/o6+3Przq9qi992FmvmAkHZRgv/tuq+UXtK6AZrV/9EEHXY3iUzSBmBfMLi8UdEzEhpgQl9P0gKUJVvTo3vzA7v0hhGI7DMOISklLSpDkMYc/0HVFLCS9bUwzSCwGKmXC4QcF2F5WUNb3AuyTVNRnZuaomTZ1KJQV1+38vgzVzbYOqoqq6d6fLeVRPUVGnUzrvPl2x3aWoum+D6kmqeKImqR9Xfs8NUPXi0GO7sTetUvU4uE99pU99db1p/1MMk117Oggwkl9VU1taVp6RlVNUrDAMR2EYEIy8/AKGpqa+oa5B1REZeimfvVEK1RNqaA8pqucnyU9aoOpptUz1uB54rJlQPachUD2PHnvqnul5WFXdNE/1zAjcQ8N6i5MMSk1tnVarfVFzGJVV1QWFReyYpK356UKzyWw2899sUoISfkTBZDQapA0lUuYwHGQDi5JT0lUqlU6nY3gErJkUcX3lQZgJpR8cCsFMJiBLp9OnZzx3hiH9V1ZWFZeUPaNK08TKymoF2pTtR7jp9YbyisrSsvKCwmKFYTjOcxh5eQXYM2U4HGdTzIRjbtU1tS/kOQxLG8OoLioufUZkRJNx4BRlVrYf4abVagsLi60Mo0hhGI7CMGLjk9Izspqbm/vGCh99Zm5JMRMOpyytrSWlZU1NL+A5DJlhFJfYMwyDydyoM3YZ1Fqj1tDc0lFKzOYWClFER9l+lAxDV4T0P2+GIb9NqvTwUzCMuPgkfDKFYTgaw1DMhKNtDEdZWcXLYBiW9hfj9SbzpfDcfQ/SO4f9vul7H6Qf9s9IKqq1xcEuGQa6LT2c0SwvL9gDIvRG7MSqg7a75rbt8VX0BpVoryJwyuYgDEMWc6WHnzvD6A5wgBeQ5LErptuuzdoVRnVdXQ9n9UAxfzwMQ/SSvF5t7+3Fk3asstmJWelLYhjtFEPVpJ97PiIgrTwyp+phVmVYdnuQ4jF51Yd904/5prW2z7H0Zg7DKgGPU5ieNeqx+vYszopCq5XNMecwFPl8cXMYPSyK2kOHd8zW8kJhpI+N+4uYw1BU4wfEMNpGq16tXeUWpTGaLZauWUFoetkBr5THMgytVltdXV1RUUFEVkih85ZHX16w6n9xcbH46rTsQEjTH4+e0hJTFOQhp1x+c7Opvr6+srKSdH37lxdaLaI9j06XP9Mg4MBsbrb9NoTcHpVKRVPbJzNa7GpXHhlTtmdhGELSzB03S/s8nK20k41/FOfy5cuI9927d9PS0mQVsP00iV1pihvXG4Yh+iovL098jcWu64jk5ubW1taKgZBnRuUMIoUMhYWFcrHyiAgYiYmJEYNoMpnEFBSoVVNTo9FoKFxk6wxQdj4SVURFRfWxSazuGIYYgvz8/IaGhqampvLyciHqMjiLPKJXxRip1Wp5OLAv2Tk57bPpClb/YBhGs0wgumAY3t0yDHl0jx49Onv27AMHDkycODEiIsJ+SsNm2717961bt2wFTm6P7deYQNt9+/bJ2dLT0wcMGLB///6dO3dSRUBAgF3hdndVbNvWeS7u/v37q1ev7tz7CnAr2wuaw+hyOl02MJ/16wfUXr9+PS4urpfumgKsPTAMW12eN29eYmKiLdSIQ66urgsXLszOzu4SqeTu9fX1Xbt2LZGEhARYoMXm5sjNmze3bdtm1x4w0NPTMzMra/r06RLt6GLI7PgKTOWLL76Q/a4+zDDkHnZyckLUg4ODnZxW9QDCOp12/PjxqampcgoEzq5ju7xXpWwOxDCc3KKaDFaGYZYYBD8ptA1bSFrZ/u7nMGRpWLRoEbyB3YcPH/7sZz9r/N/svQd4HceV58v3dne+3dnZiet9M9/bMPbYbzy2JcuWLGtkJVKSJVJiFnPOmQRzzjkTDACYAEYwAAwgiEASIECAIBKRM5FzzrjI4f1uH6J1eREIRkFgna+Ar293dYVTJ/xPdXV1RQUn09PTZb6B/9puAnWg0UOHDl2+fFnQqGgsCiafrtanQ7jdwcEB1KKfBOOPGDECzEtR2Iv/+F/+i5+fn1wqLikW5TTeW11Nw4qLiwUCY7X1CQ8akJmZKeepjmCxWdsXhFbl5uaamnuZ3uhhIYWiV40w9LgqISGB0BYhR8w4traxSUx8rM+ILvIfGhoqP1NTUy9cuHDmzJlZs2YVFBbGxsYQ/nISPG3UzZISykE+kVXUCv1COIHvdnZ2BQUFCmR0jDAeswU7gGVYtmyZMBxO4p/EIMDbTz/7LD4+XnLC9iLtQ/YQNkqsgXzJlmBm3bp1HKxes0bKkauUtmrVqoiICLFg2dnZTyCM+PgZM2aQRzPZFbp941hur6mplqsIDE06duzYxUuXejTCeHwA5xkXWBoUFASrhaWMne4sTPnJmQkTJqIO8K26ulp8ysyZMwVhUI7OdqUL3RphdD6H0QnC0KcNgPlg/BbtC9HvvPPOgwcP0LQhQ4bMnj0bxJCUlLRixYq5c+eePn0a3IDSIiJjxowhgOAuLm3YsOHUqVPi+6fPmLF58+aPPvro5MmTejMePnxINv2np6fn2HHjOECZp0yZgoG2tbPjp4eHxwILi/nz52/atOnixYsDBw0igkGOsdq0ZNy4cZSMhmO4L126xHmsz/oNG4YNH75jxw6pZfny5atXr3Zzc2tlkRJcRV1CGPoDQeKz2XPm2Nvbf/zxx1u3bkXm33vvPYQNTEzQjO9BkoEaeLU/vP++k5MTmGPQoEGABjxWZGQk0MTKysqovwkJ5MewTpo0afOWzafPnPnlv/3bSVvbrdu2zZkzR71+0hHCEJ6gwuPGj8eT/ae/+Ivk5OTa2ppNmzczHJiavLy8a9eu9erVa+fOndgfhmDs2LH9BwzA52GXGAV5qmJra8uZ4IcPd+/ezdh98sknEydN8vD0lHrT0tLmzJ0LSqAE4uzBgweDFDnP2Lm7uzN22DF+MqATJ07C9O3eswcZwCoGBAZwftv27Y6OjtLOGzduxMXFYbJ6UkRuijD0CWZvb+8xY8du3Ljxr/7qr8ANQGenGzfg4YEDB/AgGGecxZ07dxD4b/v3hzN4E1Rg2rRpa9asYYwYF8YO4adIXMzyFSvWr18v8aqiHo4wNmt07969UaNH79F0iXABIVuwYAF4AoSBPqN1KPDRo0cBGSgtkkS2n//iFwEBAVhb3D/aCKqQhyPkwfLqzQATIFjGrfq0SQiCQuALuv1Z796YZiQPiYyOjibOo0bkcpVGyC7AAgXGTIN2QcTkpxYvLy+kHAj8L//yLwg6zXjr7bdTUlIwBCdOnKAKCV8UKXpWhAEBW+96GZ/iTZw4ERfFwahRo0JCQvbv34+AIbrTp0+3O3XqwoULNjY2XEUyMamYznXr1yOcOD/B1uBvDGhVVZXFwoXkaWhsQImKioqQzz59+sg0hnquZ4ow5HG+TF6+/dvfElcQ+44YMQLLQ0SBKcAiYX9w8+j+yFGjyIBlQPE5L09OsSSTJ08u1uYziDowFEQdGzZuxCBgWIxTSsZdEY08j4qKWrx4MdUxcMUlxdT4zu9+hx2zs7O7efMmvhP7w8/hw4dzFw3btm3bufPnMVBYmNq6OoZy6tSplDNz1iyKys/Px5WaLvLoSQhDBgWufvTxR1hpzDLhJaLu4+sLuzj4T//5P8t8s3EXjbQ0DkJDQ7/77jtOLlmyxMHBgduBg4B1uA3aYOD69evn7+9fWlry29/+NjYuTqHtbo0w5CkJAUCL2ZRWS4tP1xAGw48GXrlyBZQqU1gMv4OjY//+/e94eODFFy5cKDnPnj2Ldk2aNFls61//7d8iZJzkf0RExPYdO+Spm6urq+lTErR00aJF+k9CikWLFxN86BMbCN/t27eNCqxZZ2dnZyy4FlIckVgBQHP+/Pl3330XkwH+Bcdgo+fPn48Fb9GeC0ZGRaWmpY4bNx7TgNFpabN6XJGirsxhABRknRDhssyiL1m6FKhhefAgYTHxNNYTqdu7dy/Yl6u5ubnTpk/HdBJhI/yIK8IsUTI4uLKqatXq1WgKbqlvv344LarAQJNfIYy2cxhifOA2zJcMmzZvDg8PA1hMnDQJ34/iMzrEyjNnzhTdT0lJZiA2btoECMDTY6nkIa+VlZWvry/QkFHgJ44tMzOzpfVBRlR09AILC44pCrOD+erdpw9h1blz5wArjOOu3buwe8RFMr1PUVu2bGFMicSuXL2KdaI6Hx8fmY5KT08HmErJPRVhwBPMtfQOVoSHhwcFBwvIPnbs2DfffMPotGhPrLDeRodiYZGRkY42iUcIDAzESmdlZcG3gMDATz/77JSdHcBx3759reZaIYwfJ8I42IV1GCBNfWEEdPHSJeK2ispKlFNWyAPYJTMBBGJx+PBhVJGA7NNPPxW9RVFra2tRM3lCccTKiphPLxDxmjFzppSARf7Vr3997969+ISE9/7wB1HLGTNmgEKI/xA4fgJ77bTnJpaWlo5Xrpw5cwa5JEDBNAcEBKDtO3buBGGMGzeupMQYrxBABD98KHWh/ESfZoGpIkVdRBj4DFdNhmfNmoVMcjBg4ECsJIK9fPlymVfHkwHBv/jyS4QZWf3lv/0bZzCpoWFhiPrgwYM5DxyZO3cuCGPq1GmYWgI7oDnAoqGx4Xe//33ry1Bv+rYuZnMYgjASEhK+7ttXTMrAQYPw9FgAKy1ikZNgiKFDh+L7YSNcjY+PZ6QwPqWlpWPHjgUFknPx4sUYCsAKjo1aMBFxWqwsBoc8YA7c4fwFC7AYDN9nffoAFDA74BWGm0AFd8jQi/+zOXpUDNratWtlHDGYHMh8FbXLotEe+ZREEAbw689//gqOcTxkyBDAN6K+Z88e6TUD8bd/+7eEf2PGjoUzMBAICD8JLMWzHDp0SOYwYCyWn2GS1S0MmbLS3RphrLkQWNPQ4Qg9iM/p4joML21mWNTP3d193rx53t7en/XuTcQAwsBWihwgUp6entyOtCFPmF0k6fjx46hxcXEx+vzBBx+cPXduxMiRpuswEMef/I//AdRFzr78859BJ3J+/4ED69ev37Vr19KlSyn/4sWLB7VnK1evXj179qwEIleuXHG+eRPUTKs+++wzghJEdu++fSCM6dOnI6Bkw/SDqcEiJ06cAAPJ2y5qlbKiriMM/ZEz8iZTF46OjsTHMsEmr14j57ixtevWydpP5BxzydVr168j/E5OTvJqw5EjR4j2EGAkFo8IBMEu4zutra1Bycg54EPkVtlWszkMYQi8WrduPUqN+mNPQAMEM4OHDEG7sTMEJ2CL8ePH8x/Gjhw1ysXFBRuycOFChu/U6dMjR448dvz4r996KzQ0VEJnGURK4F6pF8C3efNm7BWDQi2XHS737tOHYIlRIxbHBWLWWrTX1qbPmE6kPmHCBJGB8+fPf/LppxKsgzCioqLETGG7WnroSk8dfGP858+fjxn/6KOPcAoEewAymLZ121Z7e/vt27cLgEBxrG1scBlwDCbPnjMHxRk0aBA6QgZxJQSTU6dN43byy1MtZau7J8KonmXrF5VZklpQ8Si3LCmv3DRlFFVd9Euyuh3z1LdV8dZmaxcAodjZAu3VcKykNqlrzIyqyyskmEh5GTotLQ1FlVnfFm2BPbFCmUZ6aegz2QhNiDYEBeu94AxaSlwihRcXG19w516phcyyfhs0Q7GcpDE0VUx2Xl6u4GvZZqOiopxsRDxqGZ2iZ0UYbZVZsev1Iww97MEgREZGEuZiCuRpCAdoNzZEtmTA+IjuEz3j6vhZXFIse5Zgu5KSkrAVVVWVmIv8fKNpAo5QoEwdyeCC/A4cOIDdCA4OAsTg56iUu8rLyjipv5KGQQsLC5NNHWQSRSwYbZA8WK0vv/xSDGBPfZdEn8yAt+np6XADPjAuMI1LcJshENDMmQcPHoAtJA8nOSb8E3cAh3XGpqSk4DhM3YGiboMwWqNzQ239AffoHW7Ru91jdj2ZOLPnVswm58i7MU+8EdTJnp5Pdcz6JdHttlFgB/d2uDWvmUybldlFK99JXxQpelaEoUum6UGLybv++r4v+so+/bzpXU2tuwm1lWclnB0hDLOnt22Nw/Opebv7OuDz/P39Oy2h2ew5WrsjKD61h41L2/0wusLqzufkTHc/UpLfrRHG94IOgq6sSc4rS8otS841/teT9rM0vbCiqrbhSdFpB2GY7TMoi7q1nfIa9H02zXLqO7K15mx88sb2C2xoqDc1Fvp50zJbTL48IuWYFavv46lvCScHshujPNBV4qjoeecwzPcA6ARGd45ROipHyWfnCKPlyZ1VdR031W49yNE/qNSuCRJb0VpgfdswRpaX6hWR3dTimdm3ltYdWvVAq6eOaUc7buncEHvb1gWYDoew0cxBdMRYRd0RYbws0VGkSCEMRd0HYbwee/0qPkzTgxGGoh6LMJqfRBhP1vq01EallegoekMRRrVCGN0aYSiGdBeEodxEN0UYOa8SYeQXpGdocxit6xielXRw2vS8JShS9CMlFNRgMIAwgBgKYXQjhBFmRBjyqELZpW6hKdoDIOUmuhsxHNnZuZVVrwJhaKOeX1AYz8nKypKyMlLpcyVuLC4tLX3e21VS6ceYjCpTWlpYXJxfWBiX8AicoRBGN0EY4ZHRGVlZhUVFxSUlJUpWu42+KDfR7QaltKy8osJgqI6Nf/RqEEZ+QUJyWmVdQ6mh5kVScUXVC5agkko/xlRUUZVfUhaflJqerhBG90EYMRk5eYXllSWVBiWi3ScpN9GtUlm19t9Q84oRRkpaZX1jWXWtnkoNT0smmctq6kqqqlPSMrQW16qk0huVgBdJKWkoUZpCGN3pKUl0bDzgD9Ok7FJ3SOXKTXTLxHBkZGZXvcKnJK1zGMAZvdaqurrq+voOUoOhrr6i5olWIjqp6ZlKdFR6MxFGcmq6QhgKYajUeVJuopsijKwcDWG80qck9Q3fy4GhJj6nNDg5Pzg5r/X/9ykoKS8ivTC3zNAl0anR0g/CuxolPSp1F4Rh9s6k9tJ/OzusvOZXK3swwggNi/yhEMbLqq51HrunaEqNQhjdFGFkvjaEUWqoraytyymt3Hw9bMvNyO2uUdtcIk3TdpeoHa5Rq6+G3niYapz4EnXSpr/aik5xpQENJxVXVOlAxAyXkKctzjUtR/KUVtd0HSZLpcZ62xT+7KDbYNZmlVR67jmMtvvbtruJlqJXjTA6gh1iPZ6q8tzbUR4pti046BpceKLY8scxUk/xxx24CZPItloY+1S73Xb4uFcZoheew0h8DQijpqquPi2/dLadX3BKQVx2SWRGUXRmcXSm8X+U8X9RQm7pqXvxu5zDS6trKxAaQ015B6JT09TS0NLS2NJS19Iiz+GqG5v5r3eMn7XNLWY419DYXFFbr+cxNDRxO3d1Bfka29/QJJWSappbXjAOoAR6oaRQpedDGPpxUFBQampqS+uukSUlJQEBAfLNT32byBbtc8HyDU+1KeErRRhYFYxMWxBQVd/I8GCCOjEaXKqsa6CEjlYbGJ8y1zdW1T+RAbskq+k7Kba81txCGo97zFzs0xCGDEo7TqHNXEi1iY8Qnnc0HCp1S4SRV7rsnH9+RXVNQwODV1VbX1lbp6e6psY7kRm7nSPKOkAYugBFxCXcuuvletsjIDSsqqExp6jk8tXrGXkFqF9RRSUyERgafsf7nqg6uJVy+O9wzSkxPQNtpExyxjxKuul+W65qxuJ7eyGAVxbE6pqflJHpcc/HzeOuu+fdyLgEzuimRG43DSmkNJNyvi9War/3IMA3IEgaY5bNtDSVFMJoF2Ho3xaxsLC4c+eOfj42NnbsuHEVFRVm6jlv3jxXV1cFEV4RwtCV/arzzZjEJIKH4srvX22oqG1Iy8k7f+lyaFQMuo/N0WcUTLUe9/YwMurmrdtGA1hbr5fPQW1LS0Rs3AWHK35BwZ4+93WUwH9n91vRj6RGgxnokdeRDI1NKVk5l65cyyspo9jK+kZvvwcXHBwJcnrINGrHCIPz5TW1N1zdoxMSSe4edwVAlFQZTMcO1mGKi8orHa47xSenyhjxPzUr5/K161oh5j5CpW46h7HkrH92mQE8UVJlqgka0qxvcA9L7xRhGMUFEVm4dNnkadPP2F/808cfnzxzNjE9c8DgwWgRlZITZUMVd+zZi9AgJehtXUtLQVnFNwMGRMTGk0dO3vW9v3jZchAJwJac/AeaSEVGtNti/Ml5QSeEhJeuXuvVq5f9ZceDVtbvf/DBYZujEhyQgXtRVwEcFM6N/ESTub2u5XGxMtFSq2XjwPr4iaMnbTkgBCED1UkgwlXaL6UpGVUIo3OEwf+NGze6uLikp6fLTIbBYJAvdJM5IiKC4+rqan6uWbPG2dk5LS0tKSmpvccoip4fYYh2i6ZPmDz53gP/Bm1uVc4YQ6n6xvkLF+7atz8pI8toHDQFlxkFmVqQGIbxcLx+Y86CBdyIcYtPSeNA3BvZMGiYoOs3XTdu3cZ5sVdcXbZylcc9X2ONNcYvPlc3fT8vS0VUTbFERF9+9RUoh3KQm6iER32/+TY9N79awyU9EmHIoMBneAVL7/r6ed7zXbdpM3ZVhgBWCJKr0TgJP3OLSr7u9w3RKQNdqfmIqPhHw0eOwneIVa9tNfLKNP0YEIapNFR/jzB2dTqHwRlUcdHSZR73fKgiJTMbkHHH22ftho1e9x94+/kDVJGDR6npgAnECOvscM2Jk+D3WXPnoYpkC4uORXrSc/M4QHpiE5MJOwgdOKjSYAGhxhUn59ik5JzCYokMENNLV66izE3ao5n0nLxPe/fBHIA8cotL3T3vevr4YnS4NyE1LeZREs1Lzc5Bpa/ddAEUI51cDQgJ4ye4mBbSJNpWWF6J8kfExROI0B5aRXvueN+7fdc7p6iki09wVHqT5zB27Njx8Sef7NmzB/gbHx+fk5OzaNEiLtna2lostNi5a9evfvXr8PDwI0eOfNa795YtW372L//ip31aUz0ueXGEoU9woshYAMzL9Fmz/IIekjMuKeX6TZfwmDjjzERE1IcfffQgOCS/tDynqNjNw5Oc4tqDwsK5lxIwAng4Lq1ZvyG7sHjG7DkYnLScXHnmm5VfOH3WbOzJbS9vEEZ4TKybx11uxOHhNbFp1JiYlnHDzT0gNIxiJTR6GBGJHcsuKMK+jRg9GpNCab4BgfmlZdt378EWgUt6JMKQUI2TXr5+YIs58xfgGjDUweGRWG+8A30PiYyCRdhbMtxwdYcPHE+aOtX1jue9BwEhkdHkxJJPnT6Tcipq63weBLjcukMh+Ahllrs1wshpgzAkVYMwwruEMJYsX+Hsfhv1CAqL+NPHn+C5x0+aNHvePJTzH37yk4LScpfbd3bu3fcoLX3YiJHHbE/Znjkbn5IKPhg6fPi2XbuNtjg5FRixcMnSjLz8EaNGj580efP2HT/92c/SsnORpK/69jt93v5//q//RdwgVRMcXL56zWLxYsEKzcYg48KqdesxCjPnzFm9br3F4iXLVq1GTC2PWL33/vsbtmwdM278kmUrlq5Y9fY776Rm5971vb989RpqARST7ehJ24tGC5JHY6hl1Nhx8xcuouU0e+uOnUeOHr/rcx/LolaDKoTRCcKAVq5c6ejoyMEBS8uzZ8/m5OYsXbq0rKxsyNChJSUleXl5AwcObGhoAIjY29uT7dLlyxs2blRvl7wUhCETDJgIIpzZ8+bvtTyIOhMzED8MGTbsouOVWfPm+/gHXLnhzHmgAH7uxKkz6PuI0WNOnbMn7Pl2wACMA86Mq+CDew/8N27ZSoDxh/f/OHPOXLydTJHi8CZOmVpWXeN134+i9hywnDxtOpXSAIweqCIpI+uDDz/kPCVj8QiuMFAjR4/ZsmPnuUuXsZNz5s/PzC/cunPXtp27MCzYN6tjx+tb5EFJTU9CGPIfhLFr3/6Jk6cctLKGY3DA3eMuxjkpI3P4qNEnT5/hOKug6Pyly7BonsVCLDPAjih00JChB48YbwmJik5MzwTqgTwO2xxdu3ETY4c9zy0u6Xzhi0o/PMKoel6EUaY9JVm3cfPoceMPWdl8/OmnN2/dTs/N/2bAAAwxleK/Aap3vH0QLA4QlICQUA3PGkDxhBHkwYtfvnYdK7BizZrMvIKxEyYGhUdwftTYsYQI9g6Oh22OodVjxk8gpCDQI1bQ5jCuzV1ggWwRAaCZDteckOCLjleRPFn4iYkBRhyztUO3KW3C5MnnLzngB6ZMm+7pcx9ogkADigXfnL1wifAiJSvnsz6fUybYApPkHxKKrB85eiyroFCtMFKpK3MYm7dsuXv3LsfgjKtXr+bm5oIw+Hn69GlQhZ2dnZeXFz83btzo6enJwb179w4ePNjyUr/V+WYiDFQey4ApeBgZ9XW/fvml5US3wAL/h6EYHxAAdgkwAXQoLKuYMGlyTlEJjh83T4BxwcHRYvFS4hnCa4wAyk7k4+Zx1/v+AwIh7B5BVHhsXK22VALjg+GaPnM22ZzdbxGKcEB1n/bujYk7ZG1DzG1z0va43WlamJqV0+/b/hg0/kfFP5InNZHxjzBHOMsDh49gDDnp7ullc8K2rqWlJ7y5auImYB1DI9MPf/66Lxxu0J6S+AYEedzzwTiD1f7hJ//Dxz9QnmgzKAwil4Z8N4xbFixajM2HjecuXtqyfQeqt2LNWiLYd//wB6JWMvzXv/4bICPjqBBGN0UYi8/6Z5dWVdbWFVfVlH6/xadRyg319W5haU+dw0BDNmzZuv/Q4eDwiITUdDQcWApCT9a+soY+o+GePr64fy7dDwyeOmMmsB1ZWb5qdWh0DHkuOFwBGaB+hAvpuXmLly0Pj4kDSSxdsfKO9z20cejwEcftTp29eCmvpJT2i8g6XHcCTDRrT0n4D8pBRa2PnTh38bJxJX9LC7gEwwG8cLzuxJn1mzY7u93CRuzcuxcTEJ+Stnv/Acr8dsDApPRMAotrN11SsrIxHAg60cyU6dOJfsDLWIFhI0bSEm0Bh5rDUAijM4SxYMECJycneSxy5syZ7OzsUaNGGX/a2fXr18/e3j4z03jv7NmzJZurq+uGDRu0e9UcxovOYeCcUPy7vn5r1m80rq5oasFEYHNQ4dXr1qP1xD+4pYy8ginTZ/AfC3blhvOJU6cJoLfu3IUdmDlnTm5xKSVbHrEmyMbzYcGAIBglLEaj9hQDgxMYGg5kqWpouuHmDqQwmua6hpFjxt4PDLI7e/6O1z2gDNW1aHgClOPk6kZ+Sq7XjFV8SuqYceN//dZb2B8aXN3Y7Hj9hvXxE/VGhFHdkxBGmYYw6COwAHteVl3XrDkFv6Bgbz9/LHCTBtcsFi/BHWTmF8C0I0ePgwiXrlzFSK1ev+FhRCRsJEZdsXoNoeDmbduJDwcMHuzk4kb8iWdJy8nVFskphNEtEcbSc4/nMIxwQd4I0ucwGoxzGLtvdogwSowrPesq6xsnTJ4CBm/RVMXQ2IwJ/uLPXyENnBk/afL9gCC3O55rN2xEgNDh2MTk37/3HsIBkpVHpIiU7dlzoIrZ8+YhLoOGDEWBafHQYcMAqiCMXr16bdq6jWN50ikrPUESf/7667ScPAQR/PHzX/x/BB/EEO+9/8e45NSgsIjP+vThEkJse+acNocxxd7BsbalZfmqVRia5avXWB07npieQeFxySnHbE/ZX3ZMysj63e/fraxryCkqJgxCBxLTM4lOsD7zLBZisNRTEoUwOnlblf9WVla+vr4cu7i4uLm5FRQUWFpaotVbt269du2al7f3yJEj4+Li7OzsfHyMS5f8/f1PnTql5jBeyhwG/wkh4pJS/ttf/w02hAAG7X4YEYX/nr9wERki4xNQ9qyCoj/88QOiiKiER/IYBaAwYtTo3KKS4SNHEWlgB956+7e3PL0wU0REWLlZc+ddcbqBBcMCYAcepaaDUQg/iLB/9+67qVk55Pz8yz+DWnCEYBqCGQxOVn7hDVf3QUOHZuTmfzd8xKWr15Izs0Mio7B7YydMwBIS3jg6GVeP7bU8eMb+YkNLj7AwT85hFFdUwbGUzOx//eW/ed33Y3TgOSyCvZu2bs8rLsVTJGdm/fRnPwU6/M//9b8BGV73H3z51VeMzrgJE8F/ILORY8Zcv+kK2+EqCjhx8hQvXz/Kh5PySo6yTj+OlZ6lJklf6Vna6duq+GObEyeRCa6CAMDsqdm5ew5YpmbngE8B5kAH/4chl65cRbZWrlm7efsO43KnwmKAalT8I/I4u98iXEBuAAoov+VhK5CBNglxlJgAhd+1b39IZPSqtes2bduuvcBiXMtNjdNmzkIzCVM2btmGmTBoq5EvOl5duXbdspWrQCQG4wPOC3e87zUbW3ISCUbWT507j/Xhdgo8f8mB29Oyc8EcHvd8M7R5VHqE1O4/dJhKz126DOLes98y+lESIUupQhgKYXS641Ztba3sflGvUWNjI9nS09M/+Pd/j4mJ4eCzzz67f/++ZJBtM2qNy4oUvbR3Scpr6y9fvUZIgAHZuWdfdEJiSWX1rr370feFS5bi2wpKy3fs3ouO47qwVEQ4h6xtrI6d4F6MwORp0/cdPERIQ7iCoThicwybRow0euw4LBXOrML44YVaLAwBdHhsHJBi974DCxYtJi4n59GTtmHRsdhMDAhhFVeJdupaWiiN40VLlzlcd8LuEfnQ5pjE5I1btmLu5sxfAPJAIIpaNy3sSeswZPktMG72vPmwGntudAohoaArQji4hFMgwAOxEQ3CN0YEn0KgePq8/YYtWzds3oIFJrBMzsjC4GP/A0LCLBYvWbV2PUVlFRSqdRjdFGFkFJRNPnH/2sNU98iMm2HpruGPk4v2/3ZU5l7XyCO3o0u1Xec62XGr7Wvfpu+O6++mo5z5peVpOXmCS4orDW3zmJYmJxcvWw7mQBDXb96ybuMmbdFQg/6tS8wEZcobpwKZUXJiEc7Lm2n6m9amTZKVR2k5uSBoWRpmdlU2KpU2pOfk4Vqq1DoMhTCecU9PncAZ3t7eVlZWx48ff/Dggb4s1CSbmr14KQjj++XnOUUlnJQpz6r6Rg4y8woYQe3DTI83YBArlJKVoys7OYEdYlL0rXFkrydjgeWVYiKAAre9vPFwUjjxEt5RlmrJglPZnod4ybgBhvZ6PP8JwGgDRckr97ITD8nl1h3ABwc95G219t4lkZeEc4tLZB5a5y3HBWXlxHiyfRknU7KyySO+RuwwbDRuHKLBCDkpzCQgFEuuHpF0P4ShTUsUVBgu+CftdY/ep6W9JmnfLeN/y9sxDxJzv98kowOEwRjr+9PJXmzydpa8pCQaJRNZSEZ1Y4v+xrmeR7JJHtPzyNyjtPSTp88QjoD9c4qKdbgqImvQtq8QkdWnVQyNzaLtxkIoTXtn2liFVv7j1mobxonpkar12qUX0gz+V2tvsSuMrNIzfZekdfvOZv01VO0bJY065tAfrOiAQ9HL2g9DdrYw+mxNu8WTVbeaBV3NxQpxXgCBvuOkmBQxXJLTGLpo2fR3L6kxMT1D33FH37yn4skaxXRI0jb+aTG1M4I8MvMLibt6jpHpYD8M4a0AKVOnUKXth1HRaqXF3pa3mmXZLUmu6sPxmJlNLbq5Vql7IQw9FVfV5JZV5ZZWGf+bpdKq/HJDSZvpirYIo73N+c221KzRZwjMpijMDh7/rP7+vCiwbN9rKk/6jpztzqB0Xovp/p7ttsEsm1p+oVLZC3xb1SynWm/xGvb01Pd81PXa1CyYbuJpZgf0bKaGq+12wBLh6DbNtECzokyNp743sW4hjVikrqFHzfN3EIh2xFszc206cGajZrbpqvqabrdEGE9+vb28ptZ0p3CzVAHSbLPt62v+aJ4+Y1H28j5mqJJKrxNhtGqhWsv5mhDG6zRN3a2o7pDUt1W7J8J49d9WTUkX3F1mfEygpeqnpZrvkzy8SEnLKBWX/9pStTyCeY01qqRSm5RfWp6UkvYoJf25EIaiV4IwQsIioowIo/XDFkpQf+hkdBNVRjdR9prdhEodO1DNd9dmZGZXvsI5jILC+MSU8uqa4orKEiD/c6TKqqLyivTMLGMJlVXPWYhKKv0IU3FFVV5RcUpaelxicrpCGN1nDiM8kpgsv6SsqKzi+S2bSi8xKTfRLQeluLwyOye3qsrwCucwEpNSamtrql6EDFU1L1iCIkU/QqqsrKxAoyorE5OS1RxGN6HGxqaIqJjCoqKysjJGR0lpdyHlJrol1dfXV1fXxL58hKH9z8vLz8jMfnGtxsoq06boDST0s6ysPCs7JzUtQyGMbjKHER4RnZubp7+bo6ibkHIT3ZAMGr06hFGQru3kra03a35i+Vmn1FpIsxY0NGJe9T2S1ZgpehNIhL/KYEhNTTcijHSFMLoHwmhufhgaERMT19DQoD4d1300RdyE/j62YssPPCiP359vzsjIqqx8BeswWloRRkZm1gsOeWNjU0ZmthIaRW9kBFCdjgo9F8Jo+yKJdqLpqXep3TI6n8MICYuIj3+kEEa3IhCGchPdEGdkZ+dqCONlz2GYIYyW1oFvaGwKSi64GZp+MzStzf/0GyFpntHGvdZMJ0I0hJGlREeRQhjPogXNnUCNziMPRU9BGKERcT8QwniJ1fWwsdYQhnIT3RZhvOI5jJZWG1dhqF18Ifj4vUdn/JLsfBNP3X8inXuQvMEp/OKDJBGTpubmriCMlydVPWTzAKVmbxrCMH28qB8YDIaSkhLTW6qrq3Nycjq65bGGVlakpqWp2eaXjjCelZmvYc+0njS+CmF0T0+U9ZoQRqs0l5Qblpz1z6+oqalvrKiur6qtr5RUY0x1jU23wjIOuEY9E8JoeXJtR0cGt20w1/lxe1fb38JITiLidXV1bSsyW1zS9kwHIWZzVwrBzDVon7Pq2Hw0d3RvS0tzR+1pj6+P87dtrdjZjhjeituaW9THPF8NwuiIpW5ublOmTOHgUWKifMD94cOHvXv3rqvr7LNnEREREydOFEluampUQ9B1hCHiLR+fa2uFzGxLW3VrfmzuGimhbf4W7ZN1ZWVlDRqZlsBg6cvU2mq6XOK/bp2gSo16EsjoCGGYDcpTLTA5dYNmxjdlvn4cCGOVfWB1fYeWyy8ux9KtQ4ShD7C3t7e1tfWJEyfs7e2Li4tFFForamprfNuqtKmsyL2Ed0ePHi0tLe0Idugyp3Utb8eOHRIRypnw8HArK6snW9JOFGLWEtPMXWmtaRsgLy+v69evm15CH86dOxcZGaln6+jedp/Td+K0zDjg7u5+9ty5tvbXLHNHllTRS0EY+qAjkGIKa2pqMKa4ouzs7JiYGM7s2rXLw8ODg8LCwuTkZN3HFBQU4KvEdeVkZxsMBo6RnFmzZ9dpH19VCzK6jjB0XllaWsbFxQlXTS9FRUWtX78+Miqy81kK/4AAzBoH5eXl+idwpQR/f38uYfocHBxM7zp58qQMtFmNrU0yFpuVlbV9+/bK1rctHjx4sG3btp6kj+0iDH1QbGxsYFFISMjRY8fMeG4q5DAcZXn06JGpU9i9e3dbdKIUofsijJX2gZW1Rk1obJIIV9LjYfOJye4EYejSMHfuXBw8Srtu3bqZM2fWdxDHP3XK0bTY8+fP9+rVy8XFpROUoBPGGkeOjdbPoP8LFy58Ks+f2ryniq9pBldX1+PHj5uqU3x8PL1YsWJFBx1v6rpwdJ7h/v37gAw9d7uK3Qn+UOr34ghDfqanp69du3be/PnHjh0vKirau3cvqrF9xw68yM2bN2NjY7/55puFixaByDdv2XLx4kVuwdQusLCYPXv2rVu3kOR9+/bNmTNn5cqV1dXVCQkJkydPbp3DUAijSwjD1J4sWLAA9prJOTkHDBjg6elZ/5QZxxZGZOnSpRzsP3BA4KA+Cti6hw8fElTs37/ftD2bNm0KCAjoSNcEdiAk/fv3l2AM4mDS5MmpqammuKSHIQzT41WrVgUGBSUlJengzBQ06OwCZA8ZMkQQhhB8mzRpUl1trZL8HxPCqKpr0AGEGfnGZnc6h/FYbYgGgBdy/Jvf/AbvjlafPXv22rVrVVVVbm5uAHZ0FbkB8vv5+UkMwXkifpl4AM6TuaKiQgopKSnBsJ63tx8zZoxo4LXr1ySqi4uPpxCZMADPXr58GaiLgOJiJYOzszPmGz3fu28vP+/du7dx0yYaQzYCESoFtWzdti0oKEhm4W7fvr133z5q5xiXcPr0aStra1PgTBiKb9iwYQN5+Ekw6n7rFi3Hc+AARBPAQ6dOnVq9erWuM8IiHAwOAyMVFhZmHJSEhDt37ly8dGnPnj1isGiSo+MVOkJ3Woy7ouXDqBs3buB+0MCMjAxaK3YwJDQ0ODgYF0VjCJ6wYuHh4Rs2bsRQchXzRKyWmZlJdZcuXTpy5EhiYiKeiXZiAcXkERDTWZgTr9G+/fvPnT8vPFcg4wURhj5BBZo8c+YMnGdESktL3/n97xkOrvr4+KxZswbQAHRARBEqJyenMWPHlpWVffzxx4GBgWgKwwfCYNwZlFmzZgEZ09LSxo8frxBG1xGGcAlOWllZ2dnZDR06VOYw7t69C0pAm8QKvfvee8QD6DJXd+zcefDgQeITLqEvYkZ8fH3QPhSHMJoRGTt27J69e6Ojo6VeMoMCGU0GzsLCApVE09PS07m0devW0NBQYwk+PpzEMmDNRNMxVlzF9CEbU6dNQ69zc3Pt7e1pPBp95cqVtr62ZyAMfab56NGj2MkRI0ZERERgbIVRgG+spKOjI3xISUk5dOjQlq1bYT78mT9//klbW8aRq2J7YTsH3IuWHT582BR/KOqxCAM4f+HCBXAAjnzGjBnoIYH7xo0bcYeWlpb4ZuQJi4lJ5cwXX34ZHRM9ZcpUHKSNjQ16K3ABFK8rGLaVGznAN2szmc2ff/GFuEn0GZTg4eEBmEVXKfzYsWPoMDEB1tnD0+O7YcM4TxyJFwe4oLf49RkzZ2LWEXEaBlDg5Ntvv43O43FHjx4TEvKQA7AO4ks2GjZx4kR5WC7WiltwyaPHjMGgyLQEfh0s8tlnn6EG+GxQOaaKJsEHnb1UN2r0aA7IvGv3bg5oNvdi4NCNadOmoXg0csuWLbDl008/BZlhy8hAB+Ek6IoyMZEy6dqvXz8UEns0bNgw/4CAn//iF9wI38hPx+HYtm3bcGm0EEPGSRAMZgvAwQGKyhDQNs4Duaiob9++oEBQC7qqEMbLQhjwf9myZQyHnKxvaECqBcMR7wJJOcCZIWAcMKybN29mdGR9hk5IIxBz+fLleDuuTp06tVY9JekawhDrAVYbPHgwWoDr+sd/+iecFgI/ctQoFJlQB94Ctf/4xz9evXoVdUPx+YlXA4hjLr755huZWsB8EQygImACDAhqiJ8DtUu9KOzMWbM4wCj9xV/+V3Tq4sWLw0eMYKyJFriKCfrkk09QWDR95apVtI2xRhnRXCQBvWZ8qX3mzJk0QOIiXG9L6zqqnoQwZFBAyVOmTrW1taX7P/3pT2GR5927BEJAhHfffRd2wWoG7q6XF3EU9hl/wUAsXLhw9ZrV2K4+fT6HyQC7JUuWlJSWLlm6lDxo0IiRI3Pz8pQF6+EIY/uOHYMGDUJ/iNKAmQDz9//4R5nu+/2774JGJXxHyWVSAT8H6hcf/NHHHyNJq9esQfJ0cZwzdy62gAAOew1W4AzoxMrauqCgEMdM2Ifk4UrF/c+ePRuNxUBkZWVhFxBQzgcFBRIsatMhxVS9wMIC4QZDjNZcPrRz504/Pz89v3F2JC5OGkZw03/AgMCgQN2s4zPwClQN1ECswSsynzlw0CD6O3DgwHQtfOFe3UzwHw/xr7/8JQaOOOaff/pTuubr6ytuBp+BCgHFRo0aBbs4gznDzMVER4+fMMFYeGMDByAnarQ7dQrTRjc5f+r0aXJyAGfksQgHoWGh9EUwGQTqImIjwPrD+++DfmD4ggULaAxGEJUmAwyED2A7GRqlnC8LYWBGQdiMsqANhm/6jBl5mgVEXPFVHOBp8HzinFasWJGfn//2O+/ITB7RM5HZosWLsaTICTYU4dGekiiE8XSEIUsIW7Q1WBgQybB6tdE/ETqD1/Fh69evRwXIjGuXmSFQRWpqKmqyZu1a1BzHLwgDZbx//37ww2CxP9woOi4GCo84V6uCmEE0GgL6UxcjCKCxsrJCByX/hAkTODNm7FiZzBCrBWTB2uhPNtHfM2fPtPSUhQWmCEMcAUgC+ylYGZaGhYUFBQURpMFzrCiDImrCCGL2L126RLQGw7Hh8pALI8YQYGw3bdrEmff+8AfyEKoB48I0vK6MWPdFGM+9DkNHGBhNV1cXfdE1Gjt27FgUGEz67h/+INYTCZug+U7cMKolT6DF00+bPn3dunUShXCGuI14HZ1HV9HzX/7y3yqrKrHXmAC8qdyI/AkikYkHwMEBS0v0lpZEaMsqjTNve/diqZFRMASlcSMCSkQoL33YHD16389vw8aN8vwCwov/+c9/BqYg9FgZvTsYLBFrQA+NB2FYLFzIJWzT/PnzKRM4kptnRAmER+dal1uiY2gUN9KLkydPvvX22+AJnMqBAwckzKI7NBW7IyEvpopwh8JnavCFwkFRNKOoqAin1efzz318fDh/0vakBD1btmwR80QV2DWsoY2NDT9RPJgm7grmwyXsGuXITCyB3ePwur4eo/bbd97hXuW9Xhxh6CoDV0Hbe/bs2b59R1Z29sRJk3SEsXTZMhES5N9Li9UETZ63Pz9x4kRE19HRESmdPWf2DWfncePHAwqRyWHDh4td7hnz568BYaDRsnhCEAZoAGU/dvx4laGKsYCZIGxsDiqGGgLH7xjJY/fu3ZgLtE/mnA4fOQJSDA0N3bptG4VjecSOySgQtIAdZfJVVpRT+5AhQwjNz50/h+8UZC9GcsqUKSCMsePGlZeXS6tA9oD+Xbt2ocVyxsHBAXf7eA6jpQciDDiGtRQ7QyCK2XkYEiJBEbEQNq1v334pqSkwAVbA1bXr1sElRkcect26fYsBIhjDX2CKMZuoBk4B8/jUZX+KfkiEsfrC879Lorsl/L0Adt1V//1PfiLT7wcPHiQmQ+fBHNhWHP93w4ZxCbQhj9aAI2Jwde0Fq3KXXhpxnrhMPKhM/suUBnYc379k6dLjx09gMviJqybiHzx4MLZ7xIgRxBZBwcG//d3vUtPScNIUAgT5f/7xH2UekigHB3/Px+fPX32FG0ayiRcR/VOnTuHmL1y4oM91g6/RDer94ssv8dD05eNPPhEQ8Ff/7b9R9c5du5avWIHc/1//4T/Y2dnJXdiXf/7Zz/R1W87OzqtWraJYCWSxYn/84AMcP+aJezGCP//FL/RHMJKhb9++NKlFW8zBSVl5vmv3bnleO2nyZFnzMX78ePqLjURdMXDkhM8UBbCgL+s1FSUn6orVw/NxC1GCm5sbdX344YcSIqg3IV8QYZj+xA5iQJGf5qYm/Q0RzKhIFMibEcHVVdfU5Ofnyy0MNDIgvg31QQLREUYcd0gJaj+MLiIMYTWOB0CPqrq4uqIOxDYYis9690bgUQ2UHWDx1ltvMyJEyWSA82hK//4D8FXAenwY2ILzwALf+/cna09vcXjYE0qQetF6DAgVkYecRA5YCQsLCxpACZGRkWjiv/7yl0ANNG7lqlUt2qNkdJ+SXV1dAS7Dhg1jfAlaxCCg425awNDz1mFIjwh4vu7b19bWFk8Bx1AQWaeCIty6dYvoa8CAAQzEu++9B0bHvH/wwQeyrhO+wa6//4d/4CqaJXwDeRw9ehTUgt2W9w2VdnRThLHojH9+ecf7YYRndOVtVdRMFkIL5sC3ySy9PA4gOkca8LiyHlNWR/Jf3tnDy/YfMKCiskKPrTkvDw6EUtNSBb6ADwAiYkSoGkE8duzYzZs36zXy9vbGcFAFkd/Zs2dxuui5rKcjLkSxqRG74OnpKc3GKEhwSeG4eXd3d0rGxJMZKAPy0F+8pjucxElTI56Atkl0Ik3lLuqlRiqiTOldi/bcXaYHdJPE7VgceXOVe2UpO/xxcXGBPzJzjhOShyDUTptlwvbEyRMS38iESlKSUQIe+D+Qp8LcSJPQRkrGAhoNq4sLmsxJegqSOHz4MDGxoaqKDNIkYikQD92U5a6KXgrCaOl0D66OMijL+LIQhulKT3QE44B6BgQ+VnN0E4E/d+4cP8mM1qN65MduoFz8Rxf4idYcP34cIIKlys7OzsrK4kACoSNWVvprKdCBAweIkcB/1HLp8iV9RSfGUGY7MEEnTpy4evWqxAbYlqvXrhHn4E3JKaaMNhC+E7SAY+RVuB680pMgB4aAJ4h/8vJy4S0WCeMJGxkaMYxw+OTJk7AUVCHPpsWaySI8rKgs8zcum3VwYEQwxWoOo/sijApD7cLzgZ3s6bnxRsRl/+Rmk1s62XGr462x2pE//RjvbqvF/WYT9ab2wuzq6zTKz1eX2V4aL/IMApAxevTotLS0lvbeL32OktUDkVeHMEwHvSN1aHu14y8OqqmLZ0YYr4JjbfZ1aBQQQ2DQxT1sOm8SWMTe3r6lB+3u0Pnbqop6OsJoHezGpubw9CLjV0hC2vkuiXNI2u2orMySqsfteyw6Te1updLu1nXyS7vaZLrPXYvJZ58I+s32s+uoNDNX3REEad0DrknfwlKyyU+zbKb59So62vRTv2RWqX7JtOXtbudnevLxvVqThMz6KDgMtJ6SktJ2G9M27f++kUKmV82YL/V05ctbip4DYSj6YRFGuyrZ9ueT2t1kthGnmbKbabdZ/NC2Iu3qY7unWzxTVTW1IabWsmeMS7s7bpnxysQXNLXdAFo/+aSdNx8OpYPdEWG82LdVX8mG80pQnsoWxSKFMBR1EWH8SNW9x4yL+i7Jm4UwmlsRRnrGY4TR3OYrGJ1QayHNuug0vbzZSApU8/adiwUsUrraHaDeY4SRla0QRjdCGGE/+m+r9qRY3MRNZKsVyt3KfDW9om+rNn+PMPIZ9RdV6eZmjKwaM0VvIFVX16SlZ2Tn5KamKYTRXUznw9CI2LgEhcK7G/KTaFZRt6LMrJxXM4eh6V5+QWFSckptbU3Vc5OhqrKyMj+/QI4VKXqjqKS0NCcnByVKS89sUV9d6gZhGcAiLCIqJTW1rKysoqJCiWi3IOUmuuugFBUVVxkMcfGPXg3CyC+IS0wur64prqgsrqgqaZPaPdk2Q5mhuuRpOV8kFXetMSr11FT8XJdedZOKyisLyyqKyitQIv2dLEU/OM6IjI7NLigsKC1jdLBsP5RkdnPFef3NeNVu4k3m8PM2vrKyts5QXR0bl/CqEEZCSnpVfWNZdW1ZTd1zpPKaulJDTWZOHiWUP1cJKqn04034sIzs3KT0LJTL7I0DRa+ZHn9+s7o6OCQ8MSWtuKoa0/Tclk2ll5iUm+img1Jdm5NfWFVleFXvkjQ2NsnOd00vloyLql64EJVU+tEl2SLJYKhOTEoJj4yJjomPio5T6QdLMXERkTE5OXk1NTX1DQ2N8lq8St1GWRQTuuGg6FvfvgSEUd76MXRFihS9nEl57dWeurq6ysrKioqK8nKSoh+AKjQyGAytb5Go99EUKXpRQq+eAWFUVlapFe+KFL1UgAHCMH4lHMK3NdTXN7RP9W3+Nzx7zrY/6zu+2m6eH5zqX+CW+iePTbM8/ikD0TO+eK5I0Q++dBrM8HSEIVkfJaUUFZeYWsYfhFrUE2NFPU4qcGk6zlD0A5K+fa0SdaX+qhcv1B2NwAwgh7YTE+0gjJLSsqiYOPnusyJFihQpUqRIUUcEWgAzgByegjD0y7l5+dGx8WnpmRmZWekZKqmkkkoqqaSSSk8kEAI4AbQAZmh3ZUWvjlBJVZUhP78gr5ukvE5/PjW/SiqppJJKKqn0spO2Q5qhIyDRDsJQC58UKVKkSJEiRV2n5i4iDP1xSdtP6LZ08IJJ2w+O68dtP0721K/atF1F0lEt+ofY2r3FdFFNJ/WafqvdNENHLXzWRTsdM820Bc3PB/K+/7qc8ctBestbazTlhmmpzc1t6mxpd5g6alObi21Hv7ndnpj0uv3S2+V6c2d9f7IZzR0U0vxkp8xEy4R77dX+ZPNM+PxElx+PtVnh7TO6+WmD3Nzc0mFf2g5Tu4Nl2qh2VaC5feVq7nQsujIQz2aPOlK0p2boePN1YW/7eve0t+Sa9XHscFyau25hWwfIXBCa297QRmOaO7UHzZ1qxff1dl3Hny1nV3e+f2bxeJYbmjs3TF0ZvuZO7VHXSn7S75hrkOlIPMG07we4fQa/8GA1dyKhnUiyaQOan9b7zr+B0KvzhrYLHYpLSp1veV53vX3N5Zavf1BhUbFcDQwJvx8QrGf28Q96GB7Voq0ydXK9c/bytZDwqPr6er2ctIysC1edL127mZSS2tDQYGvv6HHvvoASU1N445bneUenFu1TAvxPzcjcesCmoLCoLRoQNFNlqN595EREdKx2S5OpMjz+JEFTU8DDMLsLV27d9ZHGty1H2gnV1dXxv76h4ejpC3d9H7Rtnum9zSbsbhfKKFKkSJEiRT3vdZJnQBgd3SMuPCkl/X9/Ndpi3fa91raj5yzvO2F+tLZdubXd+V6/+jooNEJKWLJ+x5mLV+vq6pdt2jXRYvWuw8e/mjAvrfW7eanpmf0nL1i9ff+qbfss1u0oK6/YfvCow3WXtpXuO2q3csse/WdkbPx//3KkIIx2qbSs/MPh0701NGCGdh9DFjePD4dNszx2avD0xQ5Orm1LuOcXaHPK3rjiNb9g5bb9QBaON+4+dPXmLTUVpkiRIkWKFHUFM/R62oRPc9tHHqCEj0bMeBge2WLc3r9m636r0XNXVNfUON5w+2DolK/Hz83KyePSuh0HnN09yfzzvmMCQ8O1zNX6BICX74P/96vRuXkFcp6Tnr7+sQmJJWVlfkEh4VExlJagvV9rZXd++wFrDqJi4338gx4Eh05ZtNbl9t0b7h7kl4bFJyaDFe76+tc3NFQaDIOnLbrvH8T59Mysay637vo8oAq9CzOXb9puaSOTGTSbg+zcPCe3O+6e92pqa8EuC9fvWLhuu7dfoPUp++Gzll52cvW673/zthd9ySsofBAUGhoZzUlBS1VVBjcP7+uutyNi4pLTMmBIcFjkhSs3IqLjzJ4QKairSJEiRYp65ARGuyCj/bdVGxsbs7JzE5NSSPEJiQUFhaYIIzU9893Bk4NCwuRkeFRsr0++y8zOuXjNeemm3Us27lq0fgdx/54jxy9eda4yGGat2PT+0Cknz19Oz8zWC0lITP7T8Onj5q0ESZSVV+DsR85dQf6klLRe//jZzkPH1mzf/+W4OYXFJSfPO+yzPolr//svRgJZYhOSvp20YNOew2t3HPj3YdMKioppwL/0G2dzyn7UnOVHTp7llhGzl9E8buk9ehb1rt1paXnstDxkgS5cde71yTBOyjOdzOzcIdMXW9me27zvyIGjpyht3PyVi9fvOHf52vqdlqPnLre2O29n7/ibb8ffvHM3KCyy1z9/bnns1NxVW0bNXVFeUXnw+Omlm3add3T62z7DHW64XXW5TWmnL165eO2mwBdhKUAETgpLVVJJJZVUUqlnJNCCuNenvK2qr0JIeJSUlJKqbeFfifuv0TylKcL4/eDJAQ9D5WRUbPxf9B6ekZVz9vK1fTZ2WTl5Q8Vh7z2MoyVDYVHxhas3Rs5e9uHw6clp6Xo5KWnpNqfOfzJyxoK124AFq7btv+ZyKy0j8//0HctPKn97wITw6LhL110mLFg1femGA0ftjNAkKeX/7jOiqLikrKLy05EzgkMjgAVAEHmA0mf0rLDIGDIHPgxz9/D+7cCJnj4PrOzOv/fd1BzthV3pJthi3U7LXu8PvHn77s1bnp+MmOFyxwsY8X++HptXUESz9x45QU6/gOD+UxcJUJizYtMtL9/QyOg+o2fW1dVlZOf805ej0jKy9tvYXr5+MyQi6rORM4qKS13vePX6dJj3ff+SsnJT3jY0NAg/VVJJJZVUUunHnsrlf3kFaAHMIG796Xt6gkeSklM7WYeBW/1q3FyAhZw8fuZi79GzKqsMwIht2tOHyJi4j4ZP/2rcHHdP74bGxtpa42JJPPcfh0656/NAKqqprW3QUA+A4Df9x0fFJew4eMzJ7Q7wpfeY2UYAUVY+cOrCyNgER2e35Zt2b7e02bD7kLYKJK3PmNnFJaWl5RUTFqwOCY/ccfDo6QuOXEpOyxgweUFwWOTiDTuDwyJcbt8dMWspBxHRsYAPQ/XjGYXKqqrHKzysT67defC8o9PclZt9/IPoEanSYDh0/AwlkgGgMHz28jpt1ee8VZs9fPxCIqOHzVhcV1efmZ37xdjZhUVF9/wCBk1btMfaFpAha0IfBIUsWr9jycZd6vMuihQpUqSoxxOYAeTQ8rQ9PY3X9K+3N7WSfo8gjMSUtF7vD9q059A1l1t4/Z/3G3c/wLjoYffh4/PWbJfMt718e/X6awL6sKjYL8bOOXPxCm7745Ez0zMfr/S8etP9m0nzr7veWr55N/64tKx8zLxVOPvE5NRevX6bm18AyOj1d5+EREQfsT23YZdlWUVlr7f6Od5wA4v0+t99cvPyi0pKe/38y6iYOF//oF6fDrvjfX/55j1LN+3OzMl9a+BEv4BgwEqv3iNowx1v3xtud2q1t0KqDNWzV27euOfQVWe394ZMuXXXh+58NGLG5esu3n4BjjdcGxubjp258LO+Y6nazcP71/0n2F1wLCwu+W76outudx4Eh/b6xZfV1TUpaRm9er1FO53dPT4ZOWPrAWuqyMnLB/F4+wVyy7tDppRq0xj6qyVNihQpUqRIUc+ilie+3t78lJWeCYnJgjA6WgSaX1h09tJVO3sHa9tzggnk6l0fP5c7XlJfQ2Mj3jooNLyyyoCP337A5sBRO3nlRArJzs27eNV52wHr42cv4qc5c9nJ5WFYZH5BobXd+fKKyqoqw/EzF9Izs+8HBN+85UGGwIdhF644hUfHUXtZeTlY4fiZi5nZOVwCCuy3sbW1d+D2urr6Uxcc47XeBoaE7be23X3khG9AsEyZNDY1hUXFWNme27rfiobVaJ9fCYmI2m9jt+vQMU8fP3kMRMOuu9zOysmjFyAnarnucisiOjY5Lf3kuUv1DQ0wAQ6kGV+dtb7s5PowPGr0nGUUEhoRTU9pmL4KVZEiRYoUKerBZEQYicldepcEJFJeUfEiL6s8ZUOb59o19KU8a3iJDyykKJDQjOUbN+w5bH/lxrj5K+9qAEV9ElqRIkWKFL05BGZ4+tfbdYTR0RxGR762g40y20EeHZ1/WbihK8V28jruc1BhUYmX7wN3T+9HHSxeUaRIkSJFinowmTwleRkIoyubeT0dhbQ0P7lXcXMn6MT0zLPCl4621+zkjMmu2h3uJt7JBupqDkORIkWKFCmE8aJzGG846Us4FapQpEiRIkUKYSiEoUiRIkWKFClSCEORIkWKFClSpBCGIkWKFClSpEghDIUwFClSpEiRIkUKYfQgUotDFSlSpEiRQhiKXhXIaISamhoVKVKkSJGi10jihjQX9GzbhCuE8SOgrOwcXz//wOCQgKCHKqmkkkoqqfR6UmBQCM7nUWJyRmZWTFxCbPyjuPhHsa0prsOUSOaU1PRa7YMb+ldIFMLodlRf3+Bz37+8vKK5ubmeH99TY4OiH5Ia1RAoUqSo51u6xsayclxQRV1dXU1trWlqS4/P19WRH5BRXFxi+qC/JyOMp+4U3naTzXbneTq/pW0Wk4zNz9RIIUYr6GGoWZ7WzbuannvdRkf3PmsLX8kaka6VaToR13F3nrW1zV3p+zPtn9aVbem70rbXsRznh1/xo5YcKVLUQyg1PSO/oLDnPyURf2Dmk15XzY8RhuYfmjtvQLsoBDgYEPTQbEtyUy/7rN9bMXUk7WyC3vFdzU/e1Uldz70henOXscUzgchnxQEdAdCOGiM7x3fy2Z2nHTe/YNu66Laf8q3BJ/HTC+raSw8AXjy0UCumFSl6fk+muTDTz3c8PtOqWK2Xm3WblpaRWdDjEcYzfRVFX9LS9me7RIbnMFvP5MBAGIFBIU+eqSkpKSksLKypqTFtqrS2qqoqJSVFR1QdtbC6ulpHJ6WlpZmZmXo2KUfKNPMWnOFGvbX8NBgMcix1mXbENMrXHY/pgWn5xp9NxtvLysrS0tJMW0KehoaGtn4iNzcXJki27OxsySPFciysoCi9OtiVnJxcX1//5OTH96zjP/mlg1p3Gsy6TwnyWJFeF2kkFemIivPBwcHCc7nELXl5ea2caTIdptTUVL1tlZWVMmqm4yU/JU9dXZ00XtppNqzCVemL6e3SBigzK4vWmvVXZ7J+F90vLSszk0nTVmkdbWrbTp35plw1G3pTaGjaBilQuEcDpM26LPHTbBTMJMeseTK4Iku6JMTFxiLhCmQoUvSKXGq7J9PSezrCkG43NDb6+Qeev+jofsezymBITkk9fe4i5sx4SbNfYoYeJSZfd3bVLVdJadm5iw5icHVLLaZNzF9DQ+ONm24JiUZ+1WvlmNn9uPhHwSHGBxxR0bHkJHnd85UCdfMqjkHuqq6p8fC6l5efbzpgOsLQz5w9e3bmzFkHDx2cNm3agwcPWp780lt8fPzYceNqHq+vMQ/6JU9BQcH777/v5+cnJ729vbdv3y4OBrdn2l/9XrkRjz5p0qTExMTHApSWumnTJh3o6P3Cp8bGxnYSRJp6I9OFyvwPCwubPXuOWYO/P9Z+4m6PHDliYWExfvz4W7duUd13330H4Ggjoo9WrlwpiEFa1b9/f3y5znYz14VIkB9HboaT9OMzZ864u7tzsH79+jVr1uzYsYM2JCUlSZP4f9PFZd26daZlxsTETJ48Wby7aXWcnzJ1qgghFB0dPXToUFPmmLWtsKjw2/79BVGZtq2LEwlbtmyBUW0Fz8z3L1iwQCQqICBAetRWEsxmX8xOlpeXh4aGdj5/8GSlzXqrcnJzFy9eDN7txH6ZDodZN9uiYf2Yvi9fsUL5BkWKXmcY3/PnMKTnHnfvbdy22/f+g/2HrGPjE7Kysy9cvqIbd50CAoM3bd8jYaIWIufNslhOrNkRH2tr67bvPvAgIKgjdjteddq59yAHNsftaADl7z5wZNuu/RIHt32K73DV6WcffB0Xn2BqLtsijLVr1wIycABAhP/+k5+UlBiX0uTk5EhTY+PiRo0aVVNTLffiVtsCBWdn5169eq1dt05a4uHhgbPk4OTJk1euXNHbw72m0yT8x1Ny47fffiuV4ibxi+LCKyoqdB/v5OS0e/dumeEQF8V/qYtydJbm5+fLMTnpjqwq8vf3nz17tlRXXFws92ZlZZlOkPj4+o4ePZoDztMGagkKCqIZUldxSUl5RYVRRBMSli9fLgMtcwbAI7pAU03dD80WQEae1atXP3r0yAgZ6+v1SvWxgEsXLlzgoM/nn+OD6dHp06fBeeKMyTZ33ryoqChxtIyITMkEBweTQeSKHgnEAVKMGj1aWAeTAwMDp06dyoF0WfeRFCJtABT269cvX0Of3JWdnW0KKxsa6gX7ks10xkUfESCRm5urHJOnQuNPq85XCHCBZs+ZQ0so/+u+faX9+jSMHMsMEB0XzCRE7+CVtITuz5w5E54b13xpwkN+XYr0Ga+CwkK9DWSUKQ3Ga9WqVcIB/kvHs7KzdMnRVYAu6FLEoOvdFBEivxReVl5eouEVWjhs+PCMjAw1jaFI0QtSu4FNu0/G34inJNDWXftv3HTVf2LdQkLD6xsaIqOio6Jj8Os+941xW3hE1K59B7V4seiut09GRhY3enrfu+p0Mz7hkd7riw5XPb3uYWphqOWRoyFh4UZfGxt/1v7y/QcBptx3cbtlfdyOg+O2Z27duWu0sNXVS1dvcLt1JzI6RtxSbFx8RGQ0B4HBIaCQY7anwyOjOkcY+DncsBy/8847fn73jx07Nmjw4FmzZ+O98KN4X6xzYmLinDlz5i9YQP6S0hI9qsPcjxkzhhKWLV+OO+EMcTnYglj8s969Bw8ZcvPmTcz3gQMH8JekyMhIvXY8jcXChRSLJ5Y5D/wixRK2rli5krCeezH3M2bMePu37wCDrKysJHR2dXXdum0bB5TGSXzY0aNHZ82axe3ci1c4fvz4woULd+zcCfrZuHEjOc+dO3fmzBk8meXBg0uWLrWxsdFnI8ATf/f3/5CSkvJ4tqmkZO/evfT98uXLNIwWDhw0CBeFR1m2bJmEsBRCwz755JPNmzeDwChNm6YqXbN2LYE7LSEzPF+0aBHOkqJoA3G/kXUalpLhoOXXr1/nAKQizj49Le1Xv/qVOMXMzMyRI0fSSIYAVixZsgTohp+GD9zu6OgIpLOwsGB08OiMzoQJE4T5sCI8PPzjjz+mRvhPx6U04BH56QLlA1n69uvH/9y8PODCxk2bjhw5ontZalmxYgWdGjx4sHQtJCRk2vTp4D8pbfOWLTSGA+pi+KZPn+7j48PP27dvT548mWwyN0MhnL967Ro4ktofJSbGxsaCGObMnbtr1y5kHiGZP38+bOndp8/Vq1e5JSkpkc5u2rSJEaSdZONeW1vbQ4cO2dvbGyU8Nnba9GkiPFu3bgUcgGKpdPqMGV5eXpynnGVLlzIuTjdu7NRqQTjpY1l52alTp2jSzp07deSE1hw8eBAMCnvhM4OFiDKCq9esgTkMytKlSxnThYsWXbt2DSwOFoQVRg5s3iwceOqjT0WKFHUUruOP/AKCMrNyTE+WlZXf9w8sNIk63qw5jMDghyMmzjxkfSw6Nk6eWWzavgdHu++g1bZd++/e852zaEVUTGx0TNwh6+MlJaXrNu8EK5SUls2Yv9ThynXHazfmLFpZVl6R8Chx/tLVwBGroydPnDoLr/cfso6OiX2UlLxi7eaIqOiTp8653fL4fqrAxf3I0ZOCMJycjRDnYWjYstUbARNrN+1ISzdGVItXrqc9RUXFqzZsLSouvn7DBfRjagfbIgy86bp16yTWx7jjAvG1OOlVq1e5ubnh9YmqieHwo97e3ty1fft2/IruJgm+Mcoyk4HF5+Du3bv79u3j6uLFi2UOA8uOpebgwYMHX339dVnrs3ncHs4mLz9/ypQpN11csnOyF1pY4N4+/uTjgMBA7Ps333wTFhZGIQSjuAo/P7/JU6ZwI54Sx8MZgn5MP/4MX07XgBfDhw+nhLlz5+7evVuaR9VOTk4AjqbmJrrw9dd9aQDe1PRZlYODAwX+6aOPkpKTQSE//8UvikuK8XPW1tZcxT/htwAN27ZvB/RQFO4H/8ctuHaq++u/+Rv6glM8eOgQHXdxdaU91AKwgIGchzNgBZwZLlNnnaWlpfBn7NixdqdOwbePP/lEXLjxKdujRwJocMA4RQSMlsTHx8+eM0dGgQ7ShT179lA+3hFOStuol3v/5u/+Dh8cFRUFzuOAEk6dspNHMxs2bqSPVFpQkL9t27bDhw9Tzrx582BC6+OqNLqWlJxEtl//5jeUhksWjPXvH36Ynp5OR+7fv4/MTJw4EdlITk7+1a9/jXvOzs7mJ7APTAaHN2zYwIgDxT7493/P0pZugId8fX2pAp9Na2NiYqhIJmbAqYw4nv7ixYvci/AwrLS/f//+/ITPn3/xBUy4cOECt8BtcCGiSzMQntLSUtr8y1/+knZaWVuD2JCN+IQEWAcYXWBhISCMG2EFpQEsZAgQHvCEjCb3rly1SkaEYbKzs6PMf/qnf+IWxIZ7aT/Abt78+YJjECqFMBQpehFn2tjYFBoeefnqjcysbDlfVl7udtvTw8vHYKh+Q+cwjF1Nz7h4+crAUZPDwiMACtv3WNbU1u61tMLlc/X8RQfQQEpK2sr1WxetWHfbwzjfkF9QaLF8bZU2x75x2+7YuPhLYA0XY6hHjLto5fpHiUnnLlx+EBB05brzus07QsIiTp29AHbRpx90hHHR4crMBcv2HDi8ZNWGgKCHxlDy5Cmve760CogD9OP2Gy5u1TU15Pe6d9900qktwiA6xEZj1jHoEtbj1Ik7hw0bBmgg7sRDgzkIE2Wa5OHDh4Sz+tMfvAg+GzsOOvnLv/yvGFxM/zZtgoE4Tx7Dr1y5kuhWJuRxGPrSS3zz0O++q62rw7V88eWXuLr9+/cHBgb+6U9/wpGAS7Zu20Ye55s3raytpPFTpk7FqeBWiWsx8VSEw8PdumtzG3hKjqkU5y3P7/F2//E//ifcA85MAt8tW7eOHTdOpltM+cC958+fn79gAa5o1qxZIC3cDH0RzIS/wUeOHz+eouCAPFKh8Y0aTCEupzpYIasucJn4y7i4uBMnTuA7OQ9YuXTpEq0StySVwnkJ3OE/eRgCWq6vG6UZ8K25uQl2TZgwYYGGvUASMt8DoyRkZ9RwtFz63e9/T9tkOio8PHz0mDGaaFUAbqKjo9etXy/Payhh5MiReOj5C+Y/0laWAIOuX78OJ8X3Qwy3TCYJvsG/wpw7d+6ALIcOHUofrW1sGAV7e/vLly/LLXQBDiAhFHXkyJEhQ4fCQHoNAxm1gQMHavMTSTCqocEoObCFekNCQgRFgUv2aHCBeukarAA/RUREUBeYSaoAfHh5ex84cIBhAlkClXx8fRFR/UmccSGRv/+FixdF2ODJjJkz4cm9e/eMwlNXB/gYPHiwi4uLLr0UTr/0ZyXjxo+XdRsC72iA4AmGYPjwEXIejnFw48YNhTAUKXpxwrbg7C4BMrJziMNdb3t4eN0zXU7wxiEM/THw5SvXzpy/FBMXb3nkKO7c8rCNTBhccrzqftsjMSl5+54D1sdsT5+7yMmi4uKlqzfKA929lkeiY+LsLznc0sAH6ASsEBf/6MIlRxCGw5XrtqfPp2dkpqam5+UX6C7wpustSuPA7sz585ccyysq6+oeG8romFjAxJ4DR/z8AwsKi/ZYHjl28jSZV63fAkYReCh+qy3CwNDrRtb4LMbFpf+AAdjZffv24T8Sk5Iw0xjfr/v2FfeJ9ecWuR3v/tbbb+OBcI0BAQFDhgzhPw5YEAa2GN8sXgr0IPnfffc9eSIAZWsIQ6ascUU4g/nz5xMo9+3bV/IQXErYjW+WW3ByZKM6wmUOVq1aZZzUOXECt6QBiFyialw7DRBfK3MYnp6e3333nSxZaNGe7kscLD/T09NoWIu20oLMsbGxBMEEtVu2bBHn5ObmdubsWVz+zl27KIpu0jAi2g8//NBgMDQ2NX03bFh8fPzOnTtdXI1zS6AZfBWxO3CHu+Ckq3ZeX0wg3KPNMm1AgampKaYqJwgGmCIckGh7ivYMCLeNVwP9SJl4dMuDljhvi4UL4fbo0aPBN3Tkq6+/btHWH6xYsYKBW7t2LS3nDD2aMWMGSGv8hAlUQWlyvrKqEr8LBOQ/DvWrr74CLtDOb/v3B6Bs2rz50uXLDA1AEy8LNgKOwJb1Gza0aOshvv32Wz8/P3AGbaDLffv1gz8yN1ZVVfnbd96htMLCwgEDBwqrjx8/DmgD/03RJqVoJxgIvoHwBBqKiSHDzFmz6uvrBEsxaufOnePS//nnf54wcaKh2gCYEJdP+e//8Y9UbWtn5+riIhCNEUQ4R44aJZUK7PjFv/4rjRcmW1tbHzx4UC7J8zipHa4CcSgBNCaCgUyK5KzQ1ngypvIkSCEMRYpeHGSEhkdecLx++arT3Xu+le3Bi56PMMQrYH/BE1euO99/EDDLYnlEZFR8wqNVG7bW1NRu3LbbPzCYPCdPn7vp6h4ZHbN99wEM35Yde51d3WHNpFkWZZrDWLxyfVx8ArBgwbI1ABEgxb5D1lVVhm279odFRMXExq9avzUzMysiMjoyKkYq58/x2o2d+w4ZPdMh6+vOLvoMf4v27smu/Yc+HzjK7NmVzQm7wOCQzp+SYIVdNIsseTw8PDD6RJNffPml882bGNlx48YhAbgTztva2vJTouEWbS2nLOoUwlfhU43LFDRAgAnu3bs3LgcPh2cioJ8zd66Do6OeH3OPBddX+eE8CHZlkQG2HmCxfMUKsA6Op0+fPgSgOjiQW376s5/JMwXgCFG+jY3NvHnzCKzhOUhFZhoCAwPnzp3LAbXv2bOHk3hHImAgiA448FIfffwxXfvwT3/CAVMj7oQQnOhflhfQkbNnzxLZizMjbgbZ4LRwq7LYEMcJT8gwaPBgHOeoUaNhIB2ZM2cOSIic/b755tQpOzyuzBMI2iMcd9S4MXz4cFCRNgQN+lX+T58+HegAP/HHQDRAxiOZ2Ghqwv8xIi3aMlh6lJKSPGz4cAEigAZ6PUabwwBtUAjsMj65GDgQlg4bNozj8oryTz79FPgSHh7er1+/CxcuAFCoC1asXr0afsLkY8eOcQy2qG+o37FzJ2MN4gRwJKck45XJWVdnnFI6dPgwTYK9pWVlU6dNu+zgAHv7fP45bATWyBtGNAbHDH8I/adNn05RgwcPBnBERERMnTrVCCXLyubOmwfWxMGDBeH2Em3mDOTxWe/e9Iimkp9WhYUZpwkXL14CtWivI82aNQsOrF69RlCs5cGD4vtTUlMXWFgg1QwiecIjIoAF4GOGPjU1dfHixYAPih0xYgTdoQpYAd+oHS7BE4QWDDpo0CCZuvjmm28E8WzevBkBmz5jhrz109TcpDyEIkUv4Fgfg4ywyCgfP38JLdp/W/UNmcMAUpw5f/HoiVOyojM7J/eOpxcMuuvtk5pmDJWCgkNAD7l5+bKKoqCw8KqTc0ZmlvttD3kMcdvjboYWQPv5B56wO3v5yjVZo+5x11uWUwBfbI7bgVTiHyXqCAPA4ePrp131D4+IannytdLIqGive75mW2kFBAZLgW1XeupEOFtmsmmBePHg4GBCuvKKCjyovrAfi48JlnWIcoagVmZlZNqZ3nEX/kzeJoAnWG0xxFTBvTILot8ubw3o6yEoRH+pAZsuExWPxSMhgUha3gTmpHSHuvTJNOACbY6Pj5efFCuXOM+xcIDaaQa+HLdnJsdgHaqTxzdUQb/4D2dkCoG76BSsI5tUDSuAIPqrGXp1+Ga6KREzOckgI47vpHya19rZx2/5ysJPbteXnZpOY4A/AHBVBkNQcFBISIhs9C48oSIZNRw55dA22izdwX3Cf8kme3vI4y1qCQgIkHc6KEf6aBTg7GwYIu8MUxQZ4APQEDQGtpNJF/gAZmIUGH1EgvJFDOg1DYuNjdVfP8ad0wDKoQqjCGkM5CejI8fIQ0BgoDQe4dHbSb3ylgd+nfbAYV3GwsJCa2tr+EkXRNJkBxfhFe2hDTRV8uuckfGSPsp4IQA0T+ApzZASyAxbkAoZWWr39/eXeTUGRSa69AO6QJe9vLwWLFigfIMiRS83hu98e703aB3GU6c6OvrZ9RvbXu8kW7v7P7a7eUBbhNHFdna+52bnHW9v54PO8j/Tpplt5bLtBg9d39Sl3X1Ou8gr0wlz07vanUjvfMtOuR0HLIstnldm2u9FJ7s+COHUZdFuJ3na9utZt0Y12SOr+amFPPfQd87qjm7vXHjCwsIEkKlXVRUpem3U83fc0i2jvjuhqbPUnXqzCbXNZpq/7caU7Z43Aw3tvitszNzc1AnO0BGG2a7hZlttyr6HQrLqUN9gkQMiSFO/Ip+xaTHZrlHO6Bs/yMfVpBY5/n7j89a62t3MUeoy+6kft27b0GC6q2O9RmaX9A3QYI++H5q2DUOjWZfNqjPd6lHf/cw0g+neoHp17ZZjcr7e9IsnOqPabjRp5gVby2zSN/fU2tbYYrKHpr4fqAyB6c8n29DheU3eHn9e2WAwCD+lYfrw6XvE6fuWPs7W/EQ2KU3vl5wXRTCVIpPRab89HQ292TegW4e+yVSezcarsanRpGrztrUR8u9lxrSdphubKnihSNFzx+HPSm/WHEaXv5Tx9E8YyNbrL1DFs1HbL58p+vGLmaIfeKpSkSJFag5DUUtdfb3P/Qc1NbWKFYo6odf7ST9FihS9QWQwVJMaG5saGhq7kIxzp1UGQ0xcQlFRccsb8vX2Hy+lpKYBMoJDwgKDQ1RSqd0UFByqmKCSSiq9ZMPyMNT//2/vvILbSNI8z7d7vtvYh7uIe7h72Jjeudnd24nbvbndmYmZ3Z6emZa6p3t6plvdLTuSumVbtkVJlKW8pySSIkXvvXei9x4kPAFakKBHwQMECJDAfagkSwWgAAKkpKVa3y8yEIWqrHT1Vea/srIyu3pk8qEJ5aR8cEQ+5OYGaSf3coPDIwPyoeGRsQXWqlWoMDYvVuviwgJcLMsCOnTo0KFD98YcvRC3zWYzmswm8wLbmd3/uh2ip+rxeDeJCgNBEARBkFcPKgwEQRAEQVBhvBssLS1pda51qLVaHfxqXL/o0KFDhw7d63OkxdFpNFqLxWK1LhqNJqMpUGcymeEUj2+4UGFsRpSTU4rxidm5+emZWXTo0KFDh+6Nuanpmbn5ebVGq6LU4CiW895DrezRQIM1NT1rsVpRYWxq7Hb70MgolgOCIAjyH8LyWhOEe+NwOObmVQaj8V1RGP5n2HRyTGm8dpkys38GEmNQU2sz2Gw2sniK95SjyyxWTnT9rrqVbSezvPjKbGGek5aSKcRYJ666lRgdbnvcs7Py6+QKgfHA4dlrIlSvXHhMqEqf7n4u2wN3Yli/DnYu6J0OrixzZoEpT4dzjbMcTCK5wl8JwMkqK68ickuk06tUvU50+rh2Pp3D534HyxLc0uPwTGqg4QeVML9l63AEHZqnGXMmdfVKcXpwrDcjTg8D47yIDq68O7yuu58Nj5IJsIhWjcbp6y5w+C6HtQyJ0+YdDo5csy+og23JjvUbMEcC2KXq8GtpDo7rEoSpe11HX5Wh/ztljeqFs3wcgd5Evi6rZyXPnan1oNZoPUTCD1NhBLKCxkam/AvqXH+euQ7Z7PaRMQXXWY71Rce5+kkQ6Xc6Xu0V8X/I/2ogG7F+BEEQJOAaO+gVuyi15oevMJjHbp1Ob6dXRrBaF7U6nXfvgtFomp6ZZUpncdGmnJyyra7CwNkzMTMzS5YUZ573PbofyCKZsLHgwrJm626xWBbptSjZCmN0TOEuDDVGel3QeRU1oZxUTCjVao2fYCHjc6tTtxIPWq1OrzesQ2QQ/3qDcWx8gr0yix/PkPehkTGywCZ7dRXzwgJJFaQEynl8QgmF775mikMqG9TTK8GyOpMcpMtuZnYOrqPTNR3Z+OTUDFYBCIIgm4ofvsJYWR56XnUvIvL85Runzl1WjE+IxJLDJ8/p6JWp2fTy+u88fMqskzQ3N3/y7GVojJ0+FheFVvPB42iyaIhXj72L6tr6pNRM2CgqLT997vKdB08uht/u7ev3fvommx1dPRfCb5EYmTbVW2H09gvG6BXem1rb+ULxiGvGzw5mrIZHIk1mc2NLO7TH7LQJxVKyyvz6ppqG0Dp7eAF2coBmamrtMLPWOieRgp6A/bAhkcpgA0QGhNnbx7fblxjrbO/qWfJKoc1m5/ULKqvryRWExHT19tm9hCCCIAiCCuO1E/08MS0zB56P+ULR5NQ0tEx8gYhentHVmBmMRis93tWlMB48Ie2fxWKdmpq5cPUmqBM4yl6eFJ6qiX8IIeJpTDfd1kJDqNFqFxdt7HauuLQiIjIGNmLikzKy86yLi+2d3XsPnYDndaahhZAt9Lyq0MR+dzqMiAl2dN4KQyCSTCgnYaOts1urc7WyGq0O1Aa02Yw8UlFqsvhkN69fQUfHTphLX9CKhFlfdGpmdmJyivS4EF3iWrRGRZG/Wp3OaDJBpCp6knkok54+PmxDYS7Q0gEyPjk1Ax6YENRqDYQAZWuxWiGdZD+oAcbD7NxcR3evKzEDcmJzkLzmtk5qtT/GlUY640ajyU4vPWo2u+IaGh4FXdXHF0GBk7NAcqk1WryfEQRBXivQZECFzLRQzLO3yWS2ufe+v0MK43lCyuOoWGgmyd+R0bH8olJo7+EXlMfNexH3I6IWLBaBUHT34VNX30BLW3J61tT0zNlL1+KT0i5fv5tbUAyFCMIiO6/w1v3H9x5FQiDgE/yDall2OMAD6JiU9GwV3SqTci+tqIqMiXcpjLikmroGJ71QatiVGzn5RSA4yHuK3MLiltZ28H/+8o0n0bEUrQzYasBbYfCFKwqjtaObvGgYU4z38PiwX0ZfPIPB0NTaAaYwqhivrKmXyuQTyin2Sw3JgJzp84DGm9cvBNUCsqO9swdiBwUGLf3wyFhXb598yBVgZw8PJAWc09jSDtIBUl5T3wT+4az2LtcpEJFMPkQ3/EI6PROwH6QAqAQwx66ePsj4AO2BWKVLYczOgR9a7sjF0gGiYyB8HV0sQJ9ARHRDc1sHqBlQJx3dPDLAE34hItLZQ2dHBhnEmx9BEOQ1QdoOqO3FUjlU+OzHYGiG+oVibz3wrrwlAa0Qfuv+tj0Hn0TFwjO3RDpw9tJ1i8V69+GT1IxsnU5/7db9+sZmmXwQpEZHZ/fNe4/mVSqtTr/v8EkQENDA/+XQCXheB+VxMfwW+G9pa/8+7Cq0tc+eJ0CrCfsPnQhVTk4lpmbAuUzspeUrCiM5LTPyWRzE++jpM1AncD0uXbstEkvgIn1z9PT09ExHV8/Xew/nFZacCL1YXFrBTjyXwhCP0woDBAEIC5FkoLWjC1ILKhI0BzTBIAuGR8egGYYGWzGhBNXS0t5FOk4YhTE4NEJCg3x18/rJfh5fCLmAQ0SpgDho6+yBX2jsSe/FyKgCztVoda73F7SFQRqIynF1hEzPdHbzQKBAqtSala4I0BYknXAio4JJfwbsJ4YE6YQYIUyQNcQPBN7bxye9FHqDAQIHgWwymUg6FxcX6Si0L3s7RhVYBSAIgrxuoK3hCUQukUHX5LPz8739fPYQxneuD4MwPTMD7Xp55QtQEhGRsaAwIiJjJPTTc35RKewfG1N8f/7Kp1/tbWvvdDWBM7MgI0jPz8Mn0QKROD0rt72zm4RGSwRpdm5Bc2t7bn7R02dxsFFSXlleVcMMHSireBEVmwAbmdl5oRfCwXN5VTXp5CirqCooLoOI4hJT4cLcuh/RSkc6phg/de4yabNJE+6tMIRiKegAV9dCN290bByugnV1VhMQH7AHWt8Fi8Xg6jxYGS2hnJrm9QuYEAbkQwp6JAcwMTklEEtWrunQCEgTODo5PUNEQ2cPDxpyCJa8oQA5QisMLWgOckoPrx9sa2ZuHmTN4PCIQCQB4QVxMQMvFhdtHV29Hd29oGrYCmN2bp4M5gBD6heIDCBkzGa2NISdZOVfTiBJoKjItlQ2yLwJQhAEQV6vyNDroQmAtgaeKnl8ATQBnN7eCYWx5HoLICAfXySlZuQVlrj6Kh5HWSyWR0+iySiKjOy86tr6Adngk+jnvD5+2NWblFqt1xtOnL2k1eqgRbx57xE89ReXVcQnpznpMRNHT51XKicTU9L7+gXlldVRsfHQlMLju4Y1IIBRGM8TUkBbuMud2TsPnxw4dgZkipN+21Lf0EyX6tDZi9dIB4AvhdHbJxhTuPRBfXMb8xxPmm0VpS4ur4Jmnjzot3f2gCYwGo2gRYikIDJTJBmA9hvadMgjtPTkbYveYGhobtPp9JC7tg7XyAnyogR0Rk8ff2RMAaKBBKjR6qrrGrU6HZzV3NYJua5rbIGoyeDNhYUFSAAIEdiYmZ2DKCB8UA8QI+nGYDqWmlrbnfSwEqZ7gz1OVjIgg7hgA0QPiAm9wagYV5JigVxDCieUkyTXEDIzZARBEAR53ej0BtAW8OgIlTznlxA/fIVBMgwNUkx88qlzl6/cuHsi9CI03qAwwq7eguf+67cfkKd8UB7llS8kUhn4cdJvN+48eAKt+JFTK5+chF4Il0gHoPU9f+VGYmrGpWu3a+sbl5aXw2/d7xcIwQ+cmJ1XGBOf1NzSxkRdUFx2PyIKNh5HxRaVlBMdwLy+SkzJOHg8dHX04kjoxWsxcUnfh11tbG5lp99bYUBjTzo5oGEmg0uY6acgcJFEyqgcuMD9AjE0wCOjiiXWOAzSpQH57eML6WlfKYEIvInJaAYIZGjENZpSKJaSj0XBM/wFKUCGZcB1F0tlMvkQjy8kKQER4Bo96hp4MQyKZGHBAp77hWKId8FigXRCmFbrIuxkOh5AJcApsDE+oSQ9EJBC9ncoIEH6+CLSXQGeKUpNlJNWpxeKJaBWIPGgdSBA0E8Wi9WJ35IgCIK8KQxGI7SnvuSF8915SwKP42NjCplsUEe3x2azeW5uHlrlufl5E923oVZrQD1YLJYZurcHDimVk9C4wvM9mUID/JNeEBATA66Bk5MkZAiBzIcBIYslUmhj2Z9lQvM/r1LRXQsU8+GD8+WsEgZK/fItAFwq6YCM6W7yM9IzWJnFHpLzcr/7zJjek8LCWSupdTpcH62sDqt0rk68wpoqlBSyzcPUmA9bnOua5ov0nbDnw3C4TwZKfkEMgbLBux1BEGRT8W6Nw/DVwq05ieSah/y3mr5mKA/wlI0pDEeAMfo6izA5NW1d/cp0fXOfr6+DASK1c8kjNz/WxaW1/CAIgiCoMF6XqvBYGcThtfIFe4/HX2+fnB68Fx/xvxIKp2dvn7TCGPdINntVEa6GnCNYXwXitXrIGmd5B+CrhH2VUiCF4134nHFtcAZ0BEEQ5DWhVmvfuT6Mtw6bzUbm3kAQBEGQt4V5FYUKY7Oz7HCAwlBRlMlshgI3GNGhQ4cOHbo340zwq9HqoPUxm80mk29ndtvW6vRT0zPsgYmoMDYpCwuWiclJ5eQUOnTo0KFD9ybduHJSo9WCzphXUSpKTa06lV8HHkAheHxAgAoDQRAEQZBXDyqMzYivsZAIgiAI8gbaIFQYCIIgCIJsUlBhIAiCIAiCCgNBEARBEFQYCIIgCIKgwlhbYZA1IxAEQRAEQfwDmiEIhWE0uhYDw88cEARBEATxBdEJoBnWVhjE69DwKEWpmT0B4gxyv7cfp/seZ5CBvFacXMlwBp/TV5ueN59x55tNnncJOzdT4awvUqePDedbYjPONxjIf/iNv8E8Ol+FnXDucW6siJyv/3I7A9h2BHlHO19pTtfXNm28fJyvP9mv9V5zci0gBZqBLIXt0THBoTB0Or1IPLDgPicogiAIgiCIB6AWQDOAclhDYTCH5+ZVYqlsdEwxppgYU4zTv2znvefVuvEAYnndaQg2ljeTHnTo0KFDh24zOFerBzoB1AJoBifXyIoQ36rE4pqEnJ6u/OWvy63+paiXc5WvHKJe/mXPZK56GcI84439u+LcA6TouLwD9I5lJUxqJS7K3YOK2U8feplUynPGdWa/Sq1ipXP+pX+KO6keeWfn0a3EPBxTjO4hrJzo5ZnJiErNSg/ldsitwD3CVLNKiZUjN5/uiecoZLV7IbM9U14J9roWbkVHuR1lp41dMpwX3S1t3mZDeVkg+4pwWZT3Kd6ne4TgXThuF51ySw877y+LWs3hx/tC+Lo7Xpa/+0X0SB5netyKzt3gOfLFvhYUx/VSud9WKq4CpDzKn3VjqtwD93OnUxTHhfO4u91uZPcbhPNivTRp74vu7kHl40bwyBFFud1xbilhJZVd7J7WQnEbrUcJqLiK1PP+Zd2MKq7bgeKyFo46nOK4Om73PuV+46vd6lKKlX0Vq2ZQedcY3gG624/nna7mvq/Zl8bDdCmP+t+9pvLMLOXRhLn7VHMZEsVRbXKk3KvWVXnU81ym7pERjhvNR73kGQj77lZ7Vqds0/I2UYryyDioBV9CIgR7eBAEQRAEeeX4VBi+PiTh3A87l1cHfXgNAXGy/3t4c204147I1zY7fF8heKTGz1+P0SvM9vLqXz/p5B4Rs1aMq0GgHSIIgiBvJX4+Ow3xf5pHW0i2VWpNXkllVmFZak5hVV2Tlh7f8TQhDbbZkXkoCWDRZnsUm1zT2OqSGqy1X5eWlipqGiDAjPySshd1Q6OKla9aRhUFZVUWi5V46xNKyqrrYWPBYgH/kQlpL1ZjJ4HXNben5xVnFZRW1zdTai07Fu/E+Nle0Uz0uR09fTciYowmM0nP89TsnOLygrIXucUVcWk5w2PjfnSP+36H/3XOHAiCIAjy1n02FWwfhq9zSKM7PDr+n//t8wu3HiVm5v3r5/sv332s1Ru+D7+XmJ7jPxy7fWnb4VDQJR4e7Hb714fPfPbNqejEjDPh9/7mw+2F5S9crXt3X0jI/03JLiCe49JzDoRetS4uxqVl/2b7Ifj9ZP+Jls4ectRitX534caHu448jU/9aM93h86GM+JjI1Q3NP/qq4M6vWsKMvGAPPxB1MXbj/5u646z1+/feBQ9ODIWbH8PgiAIgrwL3Rghfrwur8LeA7+Kicl//myvVDYI25W1jR/uOjo+OX0zIiaNlg4Tk9PZRWV5JZWT0zPkFIFYmpxVUNvUOk+pj164WVBWBftrm9oaWjtJgKAwDoZeSczMJ7GUvagL+bvfT8/OCSWyrbuP/vcPvmxu74L9abnFd57Eqij1tkNnkjLzXJ0fy8tLSyvJs9ntJy7dikvNJlIg5L/8QiofgkNVdU1wopz+VBei6+WLkrLyqxtbQJGAWKlrboe09fQJ4Khao4W/fQJxcWWNwWjq7Rdm5Jc8fJb47ZmretY06ooJ5V+9v21UMbFosxVV1MzMzbu6N0bGqhtbhVJ5Z29/W1dvUmb+8JgC9kMUze3dIJL4Iin8NZsXahpbk7PyyV8P9YYgCIIgbxd+RAb316rQ5E8oJweHRgaHRwdkg+RDFEZhjI4rf7vzyKNniTlF5Z/sOwG/9qXlU1fuFJZWqigNHLoXGXcz4tnWvxyj1BpovP/H77fHp+XcjYyD1v3cjYcFZS/4IknIP3/cyxeu9m3Y9528GEuLAwDO+vWXB5raunh80d6TF54lZfzLn/YplFMlVbWnr94BZZCQnhvyj1sv3omAwBkBBG156PX75248AAGUmlOw+3gYtP2RCalHzl+HFEJiQBm0dPb85OPdz1Oz7kfFg/4AHfDZNyfT84p/tGVna2fP0Kjiv33w1RcHv3+eml1YXv3rrw6Az0t3InYeCyMKg2R/aHg05GefyIZGrIs2CA3kAuw8E37v8fNkEBkh730Qm5J5JvzuJ/tPwFlpuUW7T1yABOw8dh6yD8Lr0/0n4bf0RZ19aYkp8KWlpTHFuEw+BIG7ih0dOnTo0KF7GxyoBWjEnWt+rcq0dgPyIWjwjEaTyWSGX3jY91QYO45AIw1a4cSlW5EJaVq94ez1+4VlVRW1jV8fDnU9rC8s7PjuXGlVLQiLp3Ep5HTzgiX0+oODZ69u3XOMjMZgYgQlEZuSRbypNbr3tx9qbO3s7RfCfminbz+OORp2/WFMEggIIikaWtrP33wY8vM/1jS2kLMWLNYr955+fuA0xPtf398mGxwBpfLelh3RSRkVNQ3//vXBlJyi78PvZhWUEP9TM7M//mhXT7+r9yI5M//MtftCiex3O4/waN1z+c5j0Emw0dja8bvd3xmMLxUGqK6/fn9bv1AC2xU19d9+f6WnX7jt0Jnp2bn2bt7W3UdJd8iWXUdLquoOnQ2//ST2RUMLJCwuLQfS8P7XB+ua27T0axf24A+zeYEUODp06NChQ7fp3YpCALUAmmGJ9czsT2EoJ6dHVwcwco7DUCgnf/XlgUH6vYPrfcRPt/IE4gfRCSWVNcWVtQdDr7reWdjsR85fKyituvk4JjEjjxmMGXYr4n5UHMgRZnQFURhHz19Lyy1mhj6E/O1vp6ZnBeKB7UdCIVKtTn/gzJWfbN3xLCnDZDaDIz7hrLu0DiCBn756Nzkzb0QxvmX30frmdo1WB815QVmVfGhEKh9SKKegvS+prCb+Z2bnfvLRLpFUBtu5xeWnrtzpF0k/+/b0xOQU7IEUxqVlE4Xx5ZGzBnqhltVhKIpffPGtQDIA27Pzqr0nL372zal7Ua5klNc0bD96FjYgwR/uOlJaXX/43LXUnMLBkVGBWAqebXZ7R0/foXPXzl1/YF1cxLd3CIIgyNsOaAZQDs415/R0slZv9zUOY2hUEfJ/Pr5w61FWQemeE2HHL96amVPtPXUpPadwcnrmR1t2xKfnRCWk/e9P9kzNzDa2dYb88k8FZS+exqe2d/d9dfRcbnEFaJSQkJ/AozwJ1mazfbrv+Kf7T0JjfOtxzI8/2plJ9zQ0t3f/9b9/Dg/3rnZ9TBHy3gfXHkSNKCZ2HQ+7cPtRQnrOP/xhd2dvPxPIx3tPwOmwXVj+IiTk79u6efejE46GXW/u6I5OTFdOzZRV1//t1p15pZWQvD6B+FFM0u7j5ytqGt7bsqOqrtGVr//0c6I50vOK/+bD7bklFUfPX//pH/eSkZ4k+yDWQkJ+BKeTePNLq0J+9gfyxqeitvGXX3xTWF596c7jP3172mgyxaZk7Tlxob6lHRQVjy9q7+qtbWp78CzxzwdOW61Wj24MUtj4Vg9BEAR5i8ZhBLN6+9CIgTWw0buTY55Sw0N/Zn5xQlp2TlH5nIoiwzN7eHzYkMgGY1MyQWRI5UPOlY9I2x7HJoGwmJmbL62qhYYW9tc0tMC2jX55Y7fby6vrMvNLkrPyMvJLRFL5EpEyI2N5xeUQAom9q7e/srbRYrXyRdLohPTHscldPL6D9aoF0tDY2uH6rsRihRQ2tXVqtLq84opHzxKzi8q0Oj1EBCFExCbllVQYjCa9wZhXUhkZn1rd0AwySkWpQQdMz845XWvRGiGEpMy8lo5uCJaoHBLR7Nw87CfjWOkhq607j5230HLhRX3ztkPfg05KzMwbofuBTGZzUUX1g+h4yN30zFxPv/BpXEp6bhHoPZS9CIIgyA8Al8IYGglMYQwO6w2GTfX1S1CffW78G9HAQzCazB/uOVZSVUv+FpRX//Gbk7ZVSYQgCIIgP3hAMwTch7H6lmQ9UsB7xq11NfDcc3Q6HR4x0hucPrm1gp+//n16Qyb6NBiNvXwR6eEAXF/YSmVLS64OGNJ3hFNlIAiCID/8PozXpDDeWTYiUBAEQRAEFQbiT2SwR8Iyc40jCIIgCCoMVBgIgiAIgqDCQBAEQRAEFQaCIAiCIKgwUGEgCIIgCIIKA0EQBEEQVBgIgiAIgqDCQBAEQRAEQYWBIAiCIAgqjB8MDsfy3Py8UCzlC0UCkZgvFAuEK7/E8QWiAZlcp9d7negIZOpPD2+rf3HOUGSdWBcXxxTjxFzZtrqy4bJhEXgAb252yDk9/1r4MvUAjR9BAKg8pTI5VKQCVr3KWCyYK1S/c/Oq9VoUTseMCmOTaguXLZrNC9l5RelZ+YXF5fmFpflFZbQrZX4LS8oTUjIamlpXFmpZXQmWvcEWDczEoPALR8kexhth5RDeDEjwjIwqYhNTwTIL3CyWdoWlrp1FZeBhVDG+lsxdW2E4WF7YNk9OJeaNIH4qWPita2yGKhQqUlbV+tJioeJNz8rLyS9eWFjwkAiulcUdy25/WXMus22Y8YAKAxXG5roBtDpdTHyKRqv1o3+lA/LM3MJlL4PeeBLwKiDBwusXFJVUcD6xMX9BZ/Tzhf79rNNkOabVRzNGfFaw0OpnZOfL5IN+/KjVGqiEST+xt3167OFc2AE71VBhbF6F8TwxVavV+fE5IBvMzitafvkA51QqJ2PjEqKexfTy+gYHhxqbmhnrttvtpWXlFKWG7fqGxpjYuLj4xPaOTjhdKh1ITUtPS89ISUuX07cceUzEa4EETh9fUFxW6d8PSJB+gYgx8tnZ2dq6eqZq7u/nS6TSkdHR6GcxmVnZBQWFySmpWTm5BYVFSckpsCe/oDAhMSk3v2Bqeqa2rg52pqSmt7W1E+MfkMkio549j0/gC4SvRLUgP2yFkZVbKJcP+fGp0WifJ6axFMaKOVVX1wiEKzZms9sbm5rm5uZJ2BaLBWpdFUUVl5TqV19hQ7VcXlFlXbSiTaLC2EQKIzYhFUS0c7WTze11Bt1HJ5HKsvIKGZM1Go2Hj52srHrR0tqWX1gslkg+27ZdOTlJjgpF4l99sNVkNsc8j9/77WFeX19Tc8vV67f0egNU06HnwmRyeWFRyY49+xV0PzZ2NSPBKozC1T4MD4slGgI2CorK2ApDJBZv277bYrESY4uOiYtPSNTpdH19/aCGf/zTf21qapZIJL08HojghMTkD7Z82tXVDYY6Oqb485c7amprxRLpbz/6DGQKRVFguu0dHdU1tbn5hcx7QLwuiC+FkZlbIB2Qc1ewtMWqKDVUwozCIEY1OzsXEhKye98B8hee3P74xVffnThNTgFRsmP3PqiK7z149CQymsR45uyFjMxsVL2oMDadwgB7dfp9SwIynLkfxsYU7/3052azmfEQ8SQyJzefbF8Jv1FTWyeXD/78335P3iy6BLjNBr+xcQl19fVkz+nQ8w2NTeTOwWuBBE6gb0noDgayRzowcP7CZVYPR2liUjLZnp+fP3D4GFvmisWSsItXyfbc/DwYKnlG7O7pvX7zTktr+2dfbPeOEUF8KoycggHZGm9JGIUBD3XLtDWmZWQmJqd+fzZMIHRpZfPCQsSTp//zf/1TfkEhecw7cuwkVJ4Gg+GX738IcqSfLwA5QqpTXCIbFcbbpjBYfRhQHYOk+Nkvf5OZnaPRuDo/4Flwz/6DYNZQF//TL943mkxFxSWR0TFO1phQcs+cC7vY1tZ+++79O/ceENmBNwMSXB9GoArjZR/G4ODQR59+/qK6pra2Dszv6PFT6RmZxOfExMRf9h+E+hq2rVZX93Ivj3c6NIx5joR6HPzAdviNW7HP4y0Wa+j5C1s++XNFZZXFYkEDRl6twiASYWHBAjWqRqvt6u4BXQt7oGp9FvtcJBIfPHK8o7NraXkZLJPYbXNL666935w8HSoUidAgUWG8rQqDPQ7DSb8NuXz1GjzPgbiGI9t37xsaHq6rb7h5+y4cBfERFfOc9m9nK4yz5y9AFQ8yPPTcxaGhYbwfkDenMFwCo76tvcNNYSiVLoVhMjEKg8frA4VBzJKi1Dv27Dt2Ep4kL96591BLD4i22ezd3T3fHv7u4pVwVMnIq1UYxKJAWHy5Y8/k5KRILHnvH/8ftGg2u/3SlXCDwTAxofyXX/9WIh0Iv36T9K5BFPsOHHn8JJLzpkBQYbxlfRhwDyyvbn+9a5+IFs6FRSXwkHfg8DGxRAJ/O7u6f7PlU/KQx9Tdz+MT6+pW3pLExiVERj9brZ3xlkAC5RW8JSkuSUpOJdtKpXL/gSMmWmEs0lNo8Pr6Qs9fJKJhdm7uxOkzCtaHr8SS6SrJ8Oevds7OzjrxTR/yahSGgdkf8STy0NHjMc/joZ7c8oc/1Tc0ws5rN26CucJGSWn5r3/38aEjx5hX1VC1lldUOXFYGyqMzakwfI/0dPlhRnqSUwYGZNdv3uELBKVl5Ye+O0G+dFVrNCEhf7V99z5SNYOh3757/9vDx8Bbd0/PhcvhUFmnpKWHXbw8THd1bN+9v5fXh7cEEnQfRiAjPYs9R3rCEyGIA2JstLqNISGAenj/939gvyXp7OratfcACWp6euarHXsoimKOtnd03r3/SCaTJyalhN+4ja+9kbUVBjPS08E90pNaGem5ojAGh4Y+/uxLSq0mfwVC4Vc7/wJ/w6/fHBtTkJ1PIqNCQkKYgW43bt3NzM5BU0SFsRkVRoBfqzIPiBaLpaa27mlUNAjnCVpTE7NuamoGPcGEbLPZXlTXuL7ri0vo7OqGPWKJNDE5JTk1LSExuZ8v4HwMRZA1FcaaX6sWen2tWl1Ty/5atbeXR7Y1Go3rAz9aPRC5MDGhBPMmJ+oNhuqaGvhlpLBery8uKX38NDItI5O0AVinI/4VRlZuoSzgr1XJI1xzSytzdHFxsbLqxeTkVE9vL3kUBEwmU1l5BdOj1tHRKRJLsDpFhbEp+zDiU9ZSGHKQ4curNwxnOOwploMxdLwfkODg9fOLSivWUBjF5X1rzbjlNUmRp916b685GxKCeCsMesatNRRG7OqMW0wF6zF1vW+rc6A1osLYvDeA2WzOzCkEB8+FhSXlRSUVHq6krCoxNbOuoZk9SS17OnAmQI9JbTlnDSfd2uQQ3g/IOhgeGYtNSAWRUVzqabHwF3bCRmxCyshqf7LT96zhzgDWHPGeUZFYtYe1I4ivR6/a+qbE1CyoSL1rV7DYkrLKzJyCrNxCM2vWcI/ZwZnXf947fZkxggpjUwBmOjM7xxeIeP0CeOzr4wvcnRAeGcWSAe9Ojo2sfIY3A7JurFbr8OiYD3MlFisYGR1jOpC9H/W8jXRdjQfaMBIQUHlCFQoVqS9zhep3dnYOHr6wrFBhIAiCIAiCCgNBEARBEORVKQw9KgwEQRAEQQJAH6TCMGCRIQiCIAgSgMIwBKEwjEbXDH04nBBBEARBEF8QnQCaYW2FQbwODY+q6Dn4EARBEARB/AOaAZSD06tjgkNh6PUGoVhKujEQBEEQBEF8AWoBNIOenrXdn8JgDs+rqMHhEfilKLWKUpNfjw22U/n968epuDZUa3n2H6NqrbSpAstFIMmm/Iaj2kAgFFeyAw9f5deDykcp+fqlfPtXBZNBVcCFE0i+VL6PBntxN5IYzvSsmU3VWsYTYKq8b0/K9z2l8ptsVcAlo/KdEdWruIP82KoqsHstEOsNyhhU660oVL4rugBrUVXAl0YVZB5VwdfP6whkI9b1yivSoCrw9QUSSKZUgVl4IM0iFWTbRwXcfKx5rclfRi04uUZWhPhSJcvLy3Z3bKu/NnvQ2ALezw7fFmQgtgDOsq0rCzYfibT5jc4WcOCBJMm21k4b18VaR4wBFqM9+Jz6uli2ANJsDyB3Nr+H/JjKBq3a5ttubb4TE0j5BG4/AabNz7WzBXyHrhl7sIHYA64HbIFVCP4rq3Vc6w3WZhuMcd2JtK0rI+uofOyvoZzXkU1bYPeULXjbs23AJGzBnB54NbKOZivYWihAQ/IzOW8I9vAgCIIgCPLK8akwHAiCIAiCIGvhS0j8fzXMl0WeD9AeAAAAAElFTkSuQmCC\"><br><img alt=\"\" src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAY4AAAHlCAIAAABtVYyyAAAKsWlDQ1BJQ0MgUHJvZmlsZQAASImVlwdUk9kSgO//p4eEloB0Qm+CdAJICT303kQlJAFCiSEQROzI4gqsKCIioCzoKkXBtQCyqIAotkVAwe6CLArquliwgfp+4BB295333nmTM5nvzD937tx7/smZAECmsQSCFFgagFR+hjDY04UWGRVNw40DEqAAAlAEVBY7XcAIDPQFiCzYv8v7IQDN2lvGs7n+/fl/FRkON50NABSIcBwnnZ2K8GlEZ9gCYQYAqBOIX2tthmCWbyNMFSIFIjw+ywnzPDPLcXOMlp6LCQ12RVgbADyJxRImAEAyRfy0THYCkoc0u5cpn8PjI7wFYcfU1DUchDsQ1kdiBAjP5qfH/SVPwt9yxolzslgJYp4/y5zg3XjpghTWuv/zOv63pKaIFvbQQ5SUKPQKRqwCcme/J6/xETM/zj9ggXmcufg5ThR5hS0wO901eoHTU0KYC8xhufmI86T4+y5wPM9DHMPLYIYuMDfdPWSBhWuCxfvGC10ZC8wSLtYgSg4T+xO5THH+7MTQiAXO5IX7i2tLDvFZjHEV+4WiYPFZuHxPl8V9PcT3kJr+l7PzmOK1GYmhXuJ7YC3Wz+UzFnOmR4pr43Dd3BdjwsTxggwX8V6ClEBxPDfFU+xPzwwRr81AXs7FtYHiO0xieQcuMHAD7sAX+dBAILAAlsAc0QjgnsHNypg9jOsawTohLyExg8ZAOo5LY/LZJktp5qbmlgDM9u/86/H27lxfQvL4RV8qDIDFbE+tWPRxcwBof4204t5Fn3YQAFKrAehczhYJM+d96NkvDCACKUBFfhnUgBbQB8ZIbdbAHjgjFXuDABAKosAqwAaJIBUIwVqwAWwFeaAA7AJ7QTmoAodALTgOToIW0A46wWVwHfSBQfAADIMx8AJMgvdgGoIgHESGKJAipA7pQEaQOUSHHCF3yBcKhqKgWCgB4kMiaAO0DSqAiqFyqBqqg36GzkKd0FWoH7oHjUAT0BvoM4yCSTAVVoV14WUwHWbAPnAovBJOgNPgbDgX3gmXwTXwMbgZ7oSvw4PwMPwCnkIBlARKHqWBMkbRUa6oAFQ0Kh4lRG1C5aNKUTWoRlQbqgd1CzWMeon6hMaiKWga2hhtj/ZCh6HZ6DT0JnQhuhxdi25Gd6NvoUfQk+ivGDJGBWOEscMwMZGYBMxaTB6mFHMEcwZzCTOIGcO8x2Kx8lg9rA3WCxuFTcKuxxZiD2CbsB3YfuwodgqHwynijHAOuAAcC5eBy8Ptxx3DXcAN4MZwH/ESeHW8Od4DH43n43Pwpfh6/Hn8AP4ZfpogTdAh2BECCBzCOkIR4TChjXCTMEaYJsoQ9YgOxFBiEnErsYzYSLxEfEh8KyEhoSlhKxEkwZPYIlEmcULiisSIxCeSLMmQ5EqKIYlIO0lHSR2ke6S3ZDJZl+xMjiZnkHeS68gXyY/JHyUpkiaSTEmO5GbJCslmyQHJV1IEKR0phtQqqWypUqlTUjelXkoTpHWlXaVZ0pukK6TPSt+RnpKhyJjJBMikyhTK1MtclRmXxcnqyrrLcmRzZQ/JXpQdpaAoWhRXCpuyjXKYcokyRsVS9ahMahK1gHqc2kudlJOVs5QLl8uSq5A7Jzcsj5LXlWfKp8gXyZ+UH5L/vER1CWMJd8mOJY1LBpZ8UFBWcFbgKuQrNCkMKnxWpCm6KyYr7lZsUXykhFYyVApSWqt0UOmS0ktlqrK9Mls5X/mk8n0VWMVQJVhlvcohlRsqU6pqqp6qAtX9qhdVX6rJqzmrJamVqJ1Xm1CnqDuq89RL1C+oP6fJ0Ri0FFoZrZs2qaGi4aUh0qjW6NWY1tTTDNPM0WzSfKRF1KJrxWuVaHVpTWqra/tpb9Bu0L6vQ9Ch6yTq7NPp0fmgq6cbobtdt0V3XE9Bj6mXrdeg91CfrO+kn6Zfo3/bAGtAN0g2OGDQZwgbWhkmGlYY3jSCjayNeEYHjPqXYpbaLuUvrVl6x5hkzDDONG4wHjGRN/E1yTFpMXm1THtZ9LLdy3qWfTW1Mk0xPWz6wEzWzNssx6zN7I25oTnbvML8tgXZwsNis0WrxWtLI0uu5UHLu1YUKz+r7VZdVl+sbayF1o3WEzbaNrE2lTZ36FR6IL2QfsUWY+tiu9m23faTnbVdht1Juz/tje2T7evtx5frLecuP7x81EHTgeVQ7TDsSHOMdfzRcdhJw4nlVOP0xFnLmeN8xPkZw4CRxDjGeOVi6iJ0OePywdXOdaNrhxvKzdMt363XXdY9zL3c/bGHpkeCR4PHpKeV53rPDi+Ml4/Xbq87TFUmm1nHnPS28d7o3e1D8gnxKfd54mvoK/Rt84P9vP32+D301/Hn+7cEgABmwJ6AR4F6gWmBvwRhgwKDKoKeBpsFbwjuCaGErA6pD3kf6hJaFPogTD9MFNYVLhUeE14X/iHCLaI4YjhyWeTGyOtRSlG8qNZoXHR49JHoqRXuK/auGIuxismLGVqptzJr5dVVSqtSVp1bLbWatfpULCY2IrY+doYVwKphTcUx4yrjJtmu7H3sFxxnTglnguvALeY+i3eIL44fT3BI2JMwkeiUWJr4kufKK+e9TvJKqkr6kByQfDT5W0pESlMqPjU29Sxflp/M716jtiZrTb/ASJAnGE6zS9ubNin0ER5Jh9JXprdmUJFB6YZIX/SdaCTTMbMi8+Pa8LWnsmSy+Fk31hmu27HuWbZH9k/r0evZ67s2aGzYumFkI2Nj9SZoU9ymrs1am3M3j23x3FK7lbg1eeuvOaY5xTnvtkVsa8tVzd2SO/qd53cNeZJ5wrw72+23V32P/p73fe8Oix37d3zN5+RfKzAtKC2YKWQXXvvB7IeyH77tjN/ZW2RddHAXdhd/19Bup921xTLF2cWje/z2NJfQSvJL3u1dvfdqqWVp1T7iPtG+4TLfstb92vt37Z8pTywfrHCpaKpUqdxR+eEA58DAQeeDjVWqVQVVn3/k/Xi32rO6uUa3pvQQ9lDmoaeHww/3/ET/qe6I0pGCI1+O8o8O1wbXdtfZ1NXVq9QXNcANooaJYzHH+o67HW9tNG6sbpJvKjgBTohOPP859uehkz4nu07RTzWe1jldeYZyJr8Zal7XPNmS2DLcGtXaf9b7bFebfduZX0x+Odqu0V5xTu5c0Xni+dzz3y5kX5jqEHS87EzoHO1a3fXgYuTF291B3b2XfC5duexx+WIPo+fCFYcr7Vftrp69Rr/Wct36evMNqxtnfrX69UyvdW/zTZubrX22fW39y/vPDzgNdN5yu3X5NvP29UH/wf6hsKG7d2LuDN/l3B2/l3Lv9f3M+9MPtjzEPMx/JP2o9LHK45rfDH5rGrYePjfiNnLjSciTB6Ps0Re/p/8+M5b7lPy09Jn6s7px8/H2CY+Jvucrno+9ELyYfpn3h8wfla/0X53+0/nPG5ORk2Ovha+/vSl8q/j26DvLd11TgVOP36e+n/6Q/1HxY+0n+qeezxGfn02vncHNlH0x+NL21efrw2+p374JWELW3CiAQhSOjwfgzVEAyFEAUPoAIK6Yn6/nBJr/TzBH4D/x/Aw+J9YAHNsCQLAzAAGIrUJcOohKdgAQiPhCnQFsYSHWhVl4bm6fFeljANQYmYab+o7g8OCfMj/T/6Xuf1ogzvo3+y97BgivYAsKBQAAAIplWElmTU0AKgAAAAgABAESAAMAAAABAAEAAAEaAAUAAAABAAAAPgEbAAUAAAABAAAARodpAAQAAAABAAAATgAAAAAAAABIAAAAAQAAAEgAAAABAAOShgAHAAAAEgAAAHigAgAEAAAAAQAAAY6gAwAEAAAAAQAAAeUAAAAAQVNDSUkAAABTY3JlZW5zaG90JYBhOwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAp9pVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDYuMC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6ZXhpZj0iaHR0cDovL25zLmFkb2JlLmNvbS9leGlmLzEuMC8iCiAgICAgICAgICAgIHhtbG5zOnRpZmY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vdGlmZi8xLjAvIj4KICAgICAgICAgPGV4aWY6UGl4ZWxZRGltZW5zaW9uPjU3MTwvZXhpZjpQaXhlbFlEaW1lbnNpb24+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj40Njg8L2V4aWY6UGl4ZWxYRGltZW5zaW9uPgogICAgICAgICA8ZXhpZjpVc2VyQ29tbWVudD5TY3JlZW5zaG90PC9leGlmOlVzZXJDb21tZW50PgogICAgICAgICA8dGlmZjpYUmVzb2x1dGlvbj43MjwvdGlmZjpYUmVzb2x1dGlvbj4KICAgICAgICAgPHRpZmY6T3JpZW50YXRpb24+MTwvdGlmZjpPcmllbnRhdGlvbj4KICAgICAgICAgPHRpZmY6WVJlc29sdXRpb24+NzI8L3RpZmY6WVJlc29sdXRpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgr+WlYGAADd0klEQVR42uy9BXhcR5Y23Av/7v/stzAz3252djM7kMlkdgJD4QlO4iSmxI45ZrYsWczMzMxgMTMzM7PUYrWkVovVYrC/t29ZnbYkyxZYkZM6z1Hr3rpFt+rUW++pS6zWtg6qVKlS3ePKok1AlSpVClVUqVKlSqGKKlWqFKqoUqVKlUIVVapUqe4BqGphQ9t/yI2L0xdtgVW7VKlS3Umoam5tgz7hGBNGIxvs9s51EyKQ5Eky34Pt0sxub2oR1K2phQ3dbCXJqbV3dkOFgdhu6+imNkeV6s5DFZhRd29fb99AR1fPk6BVW0cXgScMy8YWdm19I0JWJSRHezgDiNnZ3dvTN9Da1rnX2gUVw1mjkvjt7eN29XA2hVM4QeRQWl5RXFoOzMKZIry4pKysoopsU6VKdSehCkDj5OKqo6efnpnd0dX7WLQqLC6ta2hCKjARVzePYydOYqyKwhwZxnkFRYZGJrLyCsoqaq7uHnUN6yDad6hAk8joGBVVdZy4tq6evqFRWERUy6NJYit7dfKComIVNbWvjhz51Yu/KSmrANIBtSWlpC2tbEgO1BOkSnXHoApDrrK69rmf/heLxbKytunh9AOASDhhT8TBwTaIA0gEcGrfvs+BTb0CotRhY+eAhEAlHFoZn4K0VTV1J06ewiFZOfnjJ05iIyomto3J59s8Gb+J7IrSEHJU1KtiUnUJK9wukpAowRdhVsLkonFWYQcOmVlYomK3xSUuX73KYsTDy0d44vgVVoxsk3ZAJsTFO3j48HM//amPr39+YTECgfLVtfX7DxzU1NQWtuHac6FKleqmoQroA9fP0sr6pd/+VlzizieffppfVEyIVWNzK6gThhxAByOwvrGZDLywiEgM6czsnIamFoSTo0IS0SJY/WGDX4BGIVpKWgbyR0JAGxgH4tQg0xY2fquqa4nniIKQg9CBgmIXEUi2BIMQU5CMiYD/wkPYAM7W1jUgOckKCXGIJCdpmTg1CCGIIwpVdg5OqCQIEShhRVXNjZu3sAvcQRE4XyjODnkiVX1jEwpCVmQXEdACiGxjZ48iEIojpNzjx0+CojGV7SanhoQIJ/BHbZEq1a1AFYGkr44cvXb9RlFJGcZeUEgowAWHAoJC3v/gQ1lZeUI3vj52HAMyMzsX28//7GfvvPPuBx9+9NHHf/397/9w+eq10vJKsKq2FYLT2c0JDA5BTFNzi/LKahQBsoZDGLevvPKqnJzCO+++S7JNTk3PyBKM+ZjY+M4eDvGqsHvm7FlyFAmBFy/85kVVNQ1UAAMe1O+L/QfyC4uMTEwQ5//8678wbMgbLC8iKvpff/wjS2trhFy6cgUYZGxqhu2f//wX+PUPCCLgJbwaYGsvoITIv29gEGftfdcPuwVFJXIKitdu3HznvfcEFYtLyMrO/f//+Z9++cKvsHv02HFkm5ic8sZbb//N3/7tW2+/g0Z44403f/yTf4+KiQMOHzl6TEdHD4AGeFJSVkGS37z00k/+4z8jo6IpVFGluhWownACEPj6B2I4paVnYlf8juS58+cxdEGsgkLCEK6mrgEs8fLxFeCOmTlSGZmYYjsgMDgpJS0hKUVLW/eF3/yGrCsDsKCgJ9hubGoxMDQieKStqxeXkISBCmYkgKFvzsbFJ6amZx48dPjTffvKKqpPnDp945YYiAnYjaKSMiKkZWRduHhJXlEJqQiWQXLy8oFHP//Vr7R1dFFJXX19UDyQIAVFZSBmWUUVYAXR3n3vPe+7vlk5uY5OzgLHMzoW5RLoRLZgfORKnxCqcBbwaiOiYlh//7eAyOZWNlxChNvZO8YlJAKAXn3tNUVllYys7NDwiC/2Hzxx6hTKgt+HOGbmlmgfJxfXf/3Rv6FN6hmo0tTSxomoqmv87Oc/x2nWNjQ6OrsgMsCLeoJUqW4aqgi5UFZRFVCJwmJAjA9DKzD2AGEBQcE/+smP4eaAcWDgAVNuid3mDY9GxcQiDiJz+rndvf2EicDHwXB94YUX//THPwOAsnPzgAggQQlJyV4+d//3t78j9IRAlbePL5c3DBYDKvTcf/4nkAhognCAS0NTMzZMTM2GRsYIJiKJmrrmyVOnDxw6FBwSBkbz3H8+h4QofXBoBEczs3KsrG2Js5mYlMIQw7CBwSEA381bYswCnK2Lq5uZuYUAYYOCAXZkIal1Bap++t/PEyi8ev0GyBrO9+y588dPnMQpDA6NEpgGMnb19PVxeeGRUdgtLi1DTGyER0ajTdIzs377u98FBoXglEFRdXT1QK/QDv/7u9+5unkApxQZeoVoFKqoUt0cVJFVKhCKf3/uOYwiuDAff/zJq6++hm1NbR0cDQ4N/9H//QmoE1lL3vfZZ2K3xQd4w8GhArYFb7G9swf5uHl4/uO//B+QKYAI/DWwMyjoA9ANqQB5+MsrKDp15gxcKjiASOvq7tnF+HpI+3f/8HeoA5Du8y/2q6iqGRqbwJ8CUULCkLBw1t+wYuMTGYgJcffwOn3mGzUNzU8+/RQIBeywsLRGnQ8d/vLr4ycYqEonUAXMQskgenDWbty8BfwFyQJ5BKyADeF0VjmA8D1z8wtz8grI2hnqdvHSZXi1iIMmQrmIg5qT3ejYeOyChQFYBbAYHIqqotxfv/iigFU1Nn/51VE9PQOcETAL+fgFBHp63wVEwjmtqqmlPiBVqpuDKuaKVY+TsytDZ/IwioA+4AJk9FbX1mFg/88vfoHxD2cQg3T/gYPiEne4AqgKJ0vRZHEKBOeXL7xQUia4IIhBjsGMX2h8YjIgg9whCYA4cPCguqYWsEAAVW4eGN5ILikl/d/P/wxZIS2pCURFTb2T8dEam1svX7n6yquvHjp8GGwrEg4ai/XzX/xC4o5kP5eHkY/dpJQUnAuBM7haicmp2MAvCkUOwNw33nyrobkVFAzFrYIJZlndkfhlYFKC02HWy3EKV65eA1QhgoBdBgYjTmx8ApoL6uLqTk4/Oyfv7//+H0JCw5E5AP33f/gDYVXHT5zS0dFDBb4+fvybs2dxasgQmZMSqS1SpboJqGIuT3Fy8wow6nR09cnNkBioGFcY8Ag0MDTyCwhihn0KDiH28z/7n2/OnoNjBZ8O4bdui8spKIJrODNDFw4RhjG5Nx2jHUkMjYzJshTct9+9/DJZrgb6YOPPb7xhamahrKKGbT0DQ8LaQIKOHD3KLEgVkBsjABNaOroIkVNQQMXKK6tPMDc9RETFAB0iGEfMPyAwJCzivfc/IAgVl5CEDaAkzo/AJXYPHj7s7OomKyf/T//2L6npGaJrVWbmlkzlywm0kbvPUS7A8eDhL8klApwjIFVwsc/WTktLh3iUiJmcmkaW6jkDg6Sgu77+wPo33nxbkVliI/Tz2IkTru4eIHfP/fSnYILUAaRKdbNQ1Qu/7OLlK0AQbJOBynhGnW7unrp6BvDmgGKIQ6DExMwchAIxQRw8vXww9rR19YrLyoEOWto68HeEjhVRoBIAQlFJWUpaBkQJFAtYRljVtes3VNU0pGRkbO3sCWqQhGBtp06fEd4AhQ1wOmQen5hEoAcEBxkydwv0gKmZWViC/iAE/h0qg6rm5heoqqnDmxPeBYbqIQREDFDl6x+AWiFY6ACGRUSiJgRBhPdbIBWoJZQE4hfuram5hbSMrLSsnIubO/AIFYCXqqmlk5KaDtKEEnX19JOSUxubWuGW+vr5k0qGhkegenckpfAL/iV6QwZVqlSf1AHEIITjA+du1U3Vwods8CsYrkxgD0fgyJCY3b39ZB2KPFmCaOz1bkNHBMTE4Ozt45KlK8CcgH34+cOR7OjqRgRynxRyCIuIIstMorc+kTrgl1QYRYJPkW1EIzdVEK+TVFUAM31cIXMht2UihMGfvrXPzTCV5zJ3MDzUMqgYqZuwLOKxCspC+MpDRcJHkYTbxGckBZEKY1e4ZkcNkSrVLV4BBEyshRjho8uiDzCLPnIsepRksvEj0ORJYIxY8BHBPVCe3hi3IDgPcmAIDrjP4a++ItEeVUPyXLHoo8LCUkQrs+o9ByRk3UemRTNcW/NVjyULdW3dRNtqVUPt8Qe2qVJ9lp4B3DXFoC0sLq2pa1j1nB1zT1YFHLHNPzRHH7KjSpVC1VNQsn6/NhxOEl1ypkqVQlXH3iFWLexHhVOKRJUqhSqqVKlSpVBFlSpVqhSqqFKl+gOAqraOLqpUqVLd48qqqq2nSpUq1T2urMycfKpUqVLd48q6T4UKFSp7XljLVKhQobLnhbIqKlSoPAusijYBFSpUKFRRoUKFCoUqKlSoUKiismW5d+/+8o7o8r3Nha8b50kib7mUvVyBp1Srp1Sx7Z/UqlpttpKbir9rLbBSEIUqKlSoUFb1w6RU9+8nd04rJvPUk3lqVKlS3QmlULXzMruwfCqexx5d4M8ujU8vTcxQpUp1u0qhaudlam5ZOZFH24EKFeoA7qQsLy/fu3dvZTn8Hna3D1VKDFQtP8j1/pKILDOh95hAYbnkflyyscRsLz1cDSY+Ey6SatNneu8eSXtvZYMKFQpVz9oCk8jQ3eYgXgtVG5Ulsv3kKLkjQEPRigqFqmdG5ufnQyKiOX39ZLehqSUzO2/nWNU9UoSHh4eRkZGJqamlpWVLSwsCp6enHRwcenp7SZLyioq4uDhsNDc3a2ppaWtrh4WFiSIXtv38/TU1NQ0MDNrb27cGNAUFBU7Oztjo6uoaGRmh1k+FQtUzIzMzs/uOXbB38Zjk87GblJZpZuP4wBETcbVEHUNR1wzhi4uL9zaEKqDSK6+8UllZyeFwQkND3//gg4aGhqmpKRaLpaurOzMzgziAIR0dHQS+8fbbqSkpgDCEkPxRDWyER0ScPHWKx+PFxcfXNzSQGgIEReFsYWGBOLOi1RZuQDo6O1NSUmZnZwF51dXVq3gcJVlUKFTtXZmentHUN5VT0wG3wm52foGXb+D0zIyzp6+BmZW1oyufP1VYUmZkaadrYukbFOrlF6SibegfHI7I3EGem7cf4gSFRc3Nzws9x7VQdfny5bGxMVJicHDwuXPnRkdH8XvkyBFfX18ERkVH29raTkxMAL8SExKW16DGXV/fjz/+GFRImCc4moKCAvgXEJDP58vKyR07dszGxqa4uFhGVnZwcBDRpGVkuru6AgMDT50+feHChdy8PKTKzMpCKWfPnQsKCpKSkgLAAaQsLC1LSkooYFGhULVHBYPc0MK2sqYOAJRfVAL1uBswMztbXdfQzx00srDJLSwG1bJ3du/t6zeysPUNCuvo7JZR1W5ht0XHJmgZWTS3tsmq6iSnZwpJylqoOnv2LJfLJSWWlpaeOXMGuzIyMqA2r7z2WlFRUUpqqp6eHo5i+/jx44CS9PR08LWGxkbEQeTJyUnAEMKBOMgwOCQE22w2G7wMSBQSEiInJwfQGR4erqmp+fivf+3vF7i0KAjeInxGZI5DBYWF6urq4+PjH3z4IVgeInz++ed5eXkDAwN/euMN/FKookKhao/K1PS0gqb+4NAQfK6bMkpWDq7efkEILy4tj0lI1jYyT83Ijk9ODY0UcC5v30CEA0H0Ta2z8gpcPO96+wdFxSUGhkZU19YJsWldqAJ2EFcuIz19/4EDQ0NDIEEAyuaWlv9+/nltHR0zM7MVn3QmOzt73759cPTgBpqZmpaUlpJDPT09gKSQ0FBrG5ubN286OTubm5tXVFQYGhrW19eTOJ2dnQcOHSJQBTaHXcATqBZZq4LrN8XnHzp8uIHxIhMSE7W0tWNiYjw8PChOUaFQtaehSkPftKtHsLydlZv/5dlrdwNCyquq9c2sQaPMbR2T07MSUtKDwyIRwetuQEFRydzcvJaReU19Q2BoeGRsAsLBvyYmJpmhvr4DePHiRT6zFgbm8tdPPomLjwe1OX/+PAGUiIgIUCQHBwfEycnJIcthBw4c6O3pEdYTWNPLrMGHh4fDZ3RxcdHQ0CCZg0y5ubkRrAEaArNY//iP4FBzc3OnT58GVMFJzM3NFUBVYSG2QdDeeecdMDKS/J1330WVhOtfdEhQoVC1J6FqakpGRZtA1dLSsouXr5O7dzO7TVFTLyo2QV3XGFAVHZ/kFxiCCC4ePrkFRfMLC3eUNJta2Jz+fhUdIwcXD0t75/bOLiErWQVVs7Ozr776qoSEhI6OzptvveXp6YnAsbEx8Cbic4Gm4aiJicno6Oj+gwdlZWQOf/kluVRHVvfvM+vuCJSVlf34k0+APhMTEyBlwB34gwIU43DefvddeJRw9Nra2iwsLL7++msFBQUUgcjy8vKgacgkLz9fTEwMG5aWli+//HJVVRW27e3tQcoElac4RYVC1Z4VgMv0zAxAiuwChmZn57AxPDIyyBuCL4aQufl5MBQGdOaYRej7SAJ8YZy12YEBUKoJAigP4O/h+6pQBOjSyMgImA5iEjgDBgElhSwG+ZNLgcA1DoczPDRE8hcK8geQgViBB5EcEB8xBwcHSd0QDvcQZA15Im1fXx9KRCASEuZ1n7lEiO37zP0TQEnB2c3PX7lyJSsrixRBxwMVClXPBGxtePTJmdrcsuIT3wK6tRWinVpUAvzZ2toSsKNChULVD8ypnFtWSxJA1cLSvaXlPa0ETPG7x+tJlSqFqp2X6bnlm3GDtB2oUKGsak/L4vI9jcIx+bQhh9wR65xhG6pUqW5bKVQ9FeHPL3cPz3cMzXVuTzs2Gb5unI6dLn2zyb+rCjylWj2lim3/pDq2V8mOPdkCwoIoVFGhQoU6gFSoUKFCoWrPyvTMTHcvp6u7p6u7l/mlSpXqtpRC1c7L8vJyeVV1Q1Mzu72jta2d3daxZW3dZPi6cVp3uvTNJv+uKvCUavWUKrb9k2rdXiVb92QLCAuiULXzMj+/kFdYQtuBChXqAArk3sOynXzWD39chA2gqqC47D7z1PE9KlSo7IR8f1jVtp812bH3nzBQVXqfvlOFChXKqiBDw8Nd3T3stvaOzq6R0VEhYDFvI1gmH4bBL/nQCwEN8qIC8lZfErq4uFjX2ETerU4OCWPPzs3hKIJq6xo6u7rvP/jwzLLwpcAkLgmhUEWFCoWq9cXJw+eyuKxPQLC5nbO6vmlVTd3W8nG/G1BcWraWY8Unp00x7yEIDo/KzS98ck5HoYoKFQpV38rdwBC/4DBszDHQIKGgDm41Pz+flpkdHhXb2ib4rEsLuy0yJi45PXNichLAUVBUEhoRXVVT28PhVFTXZufmQ7NyC9jtHX39A8WlFakZWUmp6f0Dg2UVVdclFQBSCImKS2hqEbyIrqGpJSo2PiMrhz81PTnJLy6ryMzJi4lPRLgoMFGookKFQtW34uUXCEol3LV2cMnKKwiJiHZ09Sopq9Azterp5eibWacBTgqLJyb5mdl5Cpr62bkFwJHi8spbsio2zu6ZOfkmVg5lFZXQ/aevZOXmG5jbBoZGgKNdk1RIScsCfkkoahQUl3D6+s6LyQjeYmxsGRETh8wviMkGhkb6h0RoG5nzp6aE2EShigoVClUPQ5V/8P2VS4G2Tm7JaZmyqtr2rp4AFHU948rqWj0TC1tnD3Z7J6JZ2juDK5G04FwyKtrj4xPYNrVxrKyugZrZOmG3f4BrYevY2NyqoW86NCz4WJ6Vo5vgCxEFxU4e3tjl8Yb0TC2LSss1DMwGuII3KKjrGnV29VCookKFQtV6DmBASEBIONmuqKpV0NDr7OqWU9fNLSgaG5/o6Oyem5sbn5gAq7oqLg9s8rjrX1pRSeI3t7ZpGJqRV2Ja2rtU19RVVFZZOrgwh9iWdk7w6VR1jcfGxhEC8lVYUpabX+js7oPdoaFhPRNAVYWemTWX+YaVrrFFVzeFKipUKFStJw5uXpKKGnDvfINCZVR1sHFfsAQebWXvXFffiI0BLjc9K7emtl5J27CX0wc3UFZNJ7+wGE5fTn7RVSlF8u0GRU2DwuLSmrr6S7dlC4pKAHYJyWlw6JQ0DUIjogd5QxoG5hnZuWBb39yUTkxJg2sZGRvf1dN7/IpEH/Ny9CsScm0McaNQRYUKharV0tLKFuBOdi74DllEv8+8mxyB8UkpRaVlY+Pj2I6KS6itb1hYXJxfWCirqIyKTQCQ9fUPlFdWzzPfGYXrNzI6WlJWrqJjlJSajo2JScHXZdht7QCmHk5fXUMTIU2tTAjgbJI/NT0zU1JWQS4Rwq8kviSFKipUKFQ9RrZ5zzp4k4uXn2hua/N/wqwoVFGhQqHqW1l+WISAIgwR3V6VhBwSBhI6NjnJFx5lwu8JYwo/M/NwhAffeRCGrIKqZfpgDRUq9MGaPSvwK/OL6OPKVKhQVvW0XMidyWdpaamotLyvf2B4eGRoeHhI8LtlHd5k+Lpxhne69M0m/64q8JRq9ZQqtv2TGt5eJYf3ZAs8KIhC1VORkdGxmvqG6tp6qlSp7ohSqKJChQp1AH+4vuQ9ZlV++7q8yfB14yzvdOmbTf5dVeAp1eopVWz7J7W8vUou78kWeFAQhSoqVKhQVkWFChUqFKqoUKFCoYoKFSpUKFRRoUKFCoUqKlSoUKiiQoUKlacl6z7nz9pCLsKHdu+vPNO7+yez9kHlNRFEHjZeL/nTfu2BsKG+fbb5u3jRgmhD7WwFvpMzIp8IEn5aSNjUS0tLwsqQXZH4S6JHhRFWPj+0fO8R3Sf6jPrao6vy3LW+w/9V9XnU4/Si8XfWBu59FzbA2nHw27OovLMyOzc3Mzu72Qp8/14Ls7NnNDOLVp3bVOmrKiC6u+40tv0K79Qpz83PT8/Mbgq5tnz02TLCiUn+8ppKbhqq5ubmK6qqs3Pzu3p6sdvKbqtraNpahZa2SscWFhbqGhrzC4uLSso6u3tI0wtPjeyy2zoam1v5/CnBC/CmpkV7CJ1aV9/Y08vZjqX2Dgx2cvrvP/rNVlPT04XFZajkAJeH/dr6ho7Ori0YioBEbL2hFnH6xSVlhcWlqAl5Afw2hRAWIHVRcdkw8+75nZmomUy6OP09/dxH5YlCi0tKc3LzcvPysUHaEzLAHczKyZ2emSG7PN5QWnrmDLPb1NKanZOLJH1933YWIqRnZuXlF0BhSIuLS6L2Q8Z8R0enr38gMkFZpeUVwrTkd3x8PDIqpp95B+wWTp8kGeANtXX3PiqHxcVF2Az6rqCopKqmbmR0jIRPT09jxAlpI2rY1MIm597W3pmTV1BZXUsmUaEdVlTVFK3YQHtH5/a7DHZFoLasvHKQx9vxma+ivokUsWWoEuTiFxgqp6br6OZ9U0aNNzQcGZtgYeeyhToVl1WgBTfbaiTy2PiEtJKWtYOrpb3L2euS6IC1c6lfUJiDm3df38Cl23KDvCHRgjD4Ta0d0zKyt9OaA7xhoNWj6g9bMbGy1zI0t3f1VlDXn56esXJwi4iO2xRAk5wzsnJFX9y+KeHz+W/vP2Vu6+xxN9DB1buiunabNtTe2ZWUmoGNSf6UpLJ2Q1PzzkIVhzvYPzi0Nk+yOzwy8vK7n7Agf/tr/PzlkwPxCUkIz87Nw66zqweJXFJaht2hoaHmltZX3vqIxcjpC1enmK8KQUrLyhHyv2/i0I9YrJ+GR0aJFkdQAGCHOKOjY/i9elNcUIfleyITYRvCgXTbgSre8GhX3yPBDvPrBTFZbQNzb79gQws7BXVd8hETzM0XxWQzs/NItL7+ARlVXR5OtpUtJqPi7hMgLq+ekp4lHAiYkj89dsnC1tnTN8jRzaeUyWQ7XdY/wI1PSmVAcEZZy3DLTGWDlqlraVtY3CpUkSz6uYO3pBTJ+3xHx8bmQLHmF2ZWSCzmAdGZh/T6vYcnCtJ8+EXLJSanbUBchWsBgk8cr8whJGR0bFxVy4B8ErmktPzkJXHyvQay+EBiRsUlom+wi1lFGCisAOYi8rbiVfmTGWNjLv2gKQaH1p3/yS7m8JtSSuTd7RhgyH8WMje3UuLS2oYSzQG0kRxCZQB5DY1NG5iXMC02Flc6mESenJy8I68G23qwkPGwuyRauui6D0pfszz0oIj07DwrB1eyUoM2JHyEoP+q6onmubaRN+CqfYO8R7Xq2NjYp4eOWlrbDQ1DRq7cuA28aO/oqKqu+bcXf89i/XtcogC5yisqGZQZtbCxP/z1yV5OH4ZrXn7h/Mp51dTUIkJjUzNMV0pO6b1P9q98PXtZ6FHm5hcgDtgTurKXw1k1EcLym1taJiYnRWx1HdPd+GQHh0e6HkHMCVSJyapWMrMLTCc1I0tMRhlzHs5FQl7t0MnL5HX+GAVy6vojo6Ounr7+weEM7ZqZnOQjS5It4l+RUPjWBlavZN1bNTRItFU2INqbhSVlto6uxLkBmxM1v3uPGMJri9i4ZWqb2duFKrBQGWWt9KzcuZVRB/yOSUgGifC8G6itb2JgZm3j6N7a1mHv4gnmpWtkrqJliLE6OzePXRMLG2UGYqqq667fUUDTZ+UWhEXFhkbGkSGtY2yFk4+NT7Rzdje2sMvJL0rLzDG2sLVxcCktrxKFKiUNPfLxdxDaIxfE4AKkpGVp6BojPCI6HuGRMfE+ASHj4xOWds5AK0Q2t3XS1DW2dXLrG+BGxSbU1tXfF3z2JtTOyc3U2gHeInDBzcvPwsbByd0bk9WjbOhJoGpkZOTQ6SvFpeVC7AiLigM5v898aVVNx1DP2MLa0a2mvjEyJsHIws7Y3EZRQw+Danhk1NrBTdfQ3MjCdmCQl19UcuLCLUROSssMCIlITEkXzDkNTWhk/tSUx90Adx9/cTlVeHZoSTNrBwtbp9yCYlGouiWtBEcJuEycAh//kADGoOMSUzBdw6ad3H0MTK20DMxROpx6NJe1nbNvYCji1zc2W9q7Orh6yihpoP7oVi0Ds5tSiugdGwdXbSMLMgC8/YLQ0QpquhnMVB8UFmnr5GFqaSepqA736j7zbQ5re2dTK4dWdvvGS0iPg6rxNz/+3N7JhUAkQARokpiYVF5Zxfqv337wyRe//sM7YKD1DY0IHxkZtXdyZbGeB0gJzZWMKwJVnL4+bHv6+L785vvoKRC0jz7/8vMvjzu6uCE8v6AQcSYmJnQNTdw8vBCSlZ179PSFL748BvrWym7779+/29bWPsnn6xgYi0vKSMoqNTQ1oZ2t7RwvX791W1Kuoqp645N9LFTdlFGBDyiEj9tyqnAGuYM8bSNLK3sXKUUNMAU4s9IqOjjZ0IgYRQ192I/oQgeBqgticqDDQBbEB+rpmVgXMm+pxSAFO4PPoWdiZWRuDfaN0wFqw5AcnMHPQjAYs/MK4bvYO3uIy6pgG+NCXdcY2/YuHrABDT0TzMfjE5MwG30TS2VNfYwj2Lytk7uTmzfsVknTAL4XbAlmhoFm4+iGGj52MXdbUCXMBU4v6nT+hnRgaCR2w6PivPyC2W3tSup62E1ITtU3s0XNbkgpE9IEsw4KiwahgEcNPPcNDLZ38QIXAzpgtCBCREy8o7u3oOd4vCviCvAsQsIiZVW1wd0qKqs/P36puq6hsrru86/P8/kPCDygSkXLIDU9Cz0H7AMdzcorlFHRRkNj8Bz65lpLKzs1I9vLPxhdiJGMpvQNCMbIJGiLIlw971bX1gFzz1yV6O7lJKdlXpdSjklMFZdVHRjgTvCnFte01BNC1QNqtriYnZuvoWt05ppkembO8tIyzjorJ4/d1nH6mhQmtsLiMhgHkhqaWSc8aCjP4LBIWFJ7Rxd+tQ3NQyNj0FCyqjpNzYKvNzu4eQWHRwlYQ2W1oqYh3BkFNT1YFMhCQVHpodNX6+oba+oaPj5ysYX94KMYgLOvzlyFIRpb2nv7h2CggibomVh6+webWNqjcUIioi2Zrx/yhod5QyM6BmYunr7gzvJqehmZOTV1jd9cvYMpBA349QUxTONoMfjOOOWh4RE4GsAFQKS6ngmwo7m17ZOvLwxwuR4+AeY2jsgTRMDAzKazu/eymDQGAJp99tFL5k/Iqt766xfAArL4CABi/eo1bx+/5LSMf37hVTTvH9/9WEtHLyo2njiAXd29EtKyxAHE/Le4MslXVlUjxMPLx9HVHRsW1nahEVHYCI+MTkpJw0ZaekYl4I+Bqq9OnHVwdIJVYNfF3RM2CexjswUOYGNjk4ubhyBhVMyN25JXboq7e/uy/r/nXdy90jKyNljJekKouiGtUl1bL2RDptZOGF9oeSllbTSFg4snlNM3oKRliKmaWPUtaWUNfTOyDiuEqmOY7QBGlvZu3oKvB2B0wLo8fQMRH1akZ2oVHZdICBom9RuSSpiwUQpwJzYhBTQCDGBpeQlGdeTsTQBTcnqWo6snWfwGVCGVq5ffXebjwZirLt2WRZw7ChqxCckIcXLzCgqLglmKSSmNjU/AkNYuQj0tqCJLVo1NLWeuSWAIpWVmA6rAxlHpwqJSnHxJWQX8QmVNQ9SPwbJYN29/DBL0cWRsopmNExAXyIVpgXjUIDgedwMJE7ktq8afmg4MDsvNL0IIWtDMyg5FgHklpaSPT0wKoUpNxwhmER2bkMeQiNj4JHtXL3IURKOkrBzog8GJYaama4zRomNoDnQXngt4U31jk39QGLowOj4pIjouOTUDMBeXkHxbTj08Oo7P52+NVa26xINZUUxKEd3seTcoJS0TIK5jbAHw8gsKy84VkCwYDfEvMnPy/ANDyAYojKaBeWBIOCAAhshmvsfj7HE3nFntgvlqGJgDl1F5tDY5fTlVHcGJxMTDRPoZSkhY1TUJ+dqGJlge+ojYbmm5wD/KLxS8UlnP2JI0tWD1bZAnr6qNCSYyNiEsMgZ0tbCkXMfIgqyvgZPCD83JK7R2cCVmCjjr7eWgDYMjogk6m1rZN7e0+vgHx8QLzLSmrl5Vxxj1xNR9S0bV3dt/5NEz6hOyqtc//MzB2ZVcHhoaGsaJREZFoxGwgb6uAL783f+A+LBYP+JyucTpQOvZOTgxPGuE5FZZJYAhHT0DVzePqOgYDLak5BSEkPmJxfrb8PCIouISgQM4MXHq/BV3T6+Ojk4B/A0/MCFC6AqKikzNLV9/f5+7110HJ1cvHz8QOlAw1vMv6+gb9fT07gRU1QlDZFR00JIwY0klLVQM3quWvhm4qq6JVV9/P4kDzoJZWd/MWniRAVB17qZMbX0jJmmkJWWFhAugGTwaXvwdefU2Zq2dWKy4jDLmSFgaEB+pAkOjCAwBaED84Xhn5uS7ePiQqxyYaHt6OJr6pjAqUrqGnjHaE7yPuK4Y3QAyVAZcXkxODbtkunqKrOqBJXH6yNhYWFySUtJsamrBqAMiYGDfllExtLCNikuCV4suV1DXJ3UNj4y9GxiK01PS0AfcBoZEwOjRIpjnCVQBj7SZ8QCOek1CAVAVFBqenpXDrENV6BiZkwpwRVZbAVWAfP7KKqlgDSUrV0xaZXpmFo1y8ZZMbV2DoGIBIfD70L4jY+NOrp4JKWnEAgB5Xr4BdfUNCSnplrbOJAf0BBAWYwAD4KqEQkZ27qOWwJ8EqkA3wH3IBVNFdV04PuB0KWkZ8wuLmvpmoCFA7anpGSQF3HQyV7Lg6oZGRGfl5oMnD4+Omdk4AqowBckoa3czRu/o7gNXi1lGKZJV1cWJ6JtaF5aUCUIKigEcyyuNI1xCmpiclFRQE8VozKLAGgdXL7jqmIcB654+AWSZHI4AWrW5lU12QejKK2vg7wtAYXjks2OXAF5oZ0w2JGdFDYOe3l5QQlVto3sCUjx06PQ1jE84j8QHr66pA+DCx0QzTk/PAJTjE5NXLcxtCqpGx8Y+/+q4hrYefKuy8gpVDS2Mt+7unqqaGmyQz8eiCNY//ZzF+gl2E5OSY+Piwa08PL0Fq1djDy6i1dQKHEDhBUTBOkZaOgPfRdWMbxiXkEiYF1jV2UvX3dw9MOCxGxAcglGNOI1Nzdhtbmmxc3T+j5f+VFxWkZNfCLY1OjqG7YysHBz19rm78ck+fq1KTg1gQVobrsP5m1KweYxBBQ2DldWPrjNXxG9KK4NVVVbVcJhF+tz8Qi1DC+GdNKj51TuKg7xvbQDmZGJpBzPw9PEH3smp6WIGIr2Mzrotq7pSKB8+I1iVA8OhwDy+OHEZQzglPduDYWcYa0YWNgAmjOi7ASFkcjpzRQJTgrahBbkIAGwCR1tkZGhk9PjFW5jMdgOq+vq58IcNTK3kVXXgnWKWBgC7evmD62L2DgqPhkcKDxZjQ0JBs4wZq0BT+BRV1XXSihoxcYm6RhaW9q7wWTKycg+dvAQuA8dBWknD1NIOMzx4I9rCxy8wKTWTWU2ctXP2wPixcXABFxP2OkbjbVllspy0cu183t7ZE1RLRUvf3MYJFQMRc/MRTOOXxeUwsXd0dd+QUrKwdsAsxG7vQicVl5ahGmhTM2t7OD4A2eraBmsHF1cPH8QhqzBbZlUY1VfE5S1tHG9KKgWERAC+bZ08cbKDQ8Pwm+B/of9QFru9E/NSG0OaElMy/INCK6trFNR0wfLU9ExcvXwRDnAXk1ZKTs9EQ527fsfO0U3XyBLGCvNV0jQkUAXod/Py1TYwM7eyRxcI6SemkNc/PaqpZ4LmhdsOoLF38XRn7AwtgIaCncGLtHd2V9I0YLd3wBwv35ZzdPGQV9PFmIQDeO66FBofHYQK4yxaWttOXRLzuuuPygAc4UoA0QC+esYWiENcbGt71+CIGOKoyqvrd3R2A3zdvXzhcraw27azVgXe9PpHn7NY//fHL/6Rxfqvs5dv1DNrYfC1AQ1CLukfFEwcQB//QNaKpKZlCD9TRJy7tvYOsjZMsMDA2IzF+imL9d8SMvLkHgWyrL7/yEldAyPBIqOfILefvfymqqZuVXUtcQAHB3kHvz79/qf7/+XFP/oFBoMRHz11XkpW4eCxM8Rt3/JaFVDp1BUJBTUdK1snTAaquibErcOMLi6vQfipYDovq/jwyDnBtfiYBAl5dRMLW5CGpha2cKLFrPnuwdMCG7CyMzK3CQ6P1mI+wYtDAiYel9TU0nr9jqKzu5eWgRloUWVV7VVxeVd3bzlVXbj8cYmp1yTkHFw8LovJkou/gP6TF2/B3jCmYFRodsCChLyamZX99TsKmGvRpDDykrJKhr5FO7h6Y6oGaHjdDbCwdd74BpedcQAf3NsyOzvI46GHCFsGnUMImsnbN2hubo7D6ReXUcEAQCAxAmyQS4Qgz2hrPn8Ku6gPIAb8BRMdKjc9PQ0GC3PB3IuuFVwr+/by3BKmxwEul3wcVLheCHbw7UUr5he4gyKEFcOsAhWNKSilrx9OBHP1apZcAQSJ5XIHAUzkaiZmRcxa0yJlPRKqeEMb3KxA5hxkiyqR0gkHzMrJc/HwBRxzOH3X7ihi5sFRlEtWXnDiyA0Q3DcwgPMldwbhdHD6IPzEA0KemG9JQ+G/8KoWupY3NESWG0Tv24YPiEaGZUMB2cLFAmRLPrOKrAYGuCD2pN1I3cjaZ0FxmayKDrLl8YbJlIAMx8bHMTBQZxQktAEeIg0NC9uZXOuEAZA4GPC9fX3o3w2c5Qc3Kwysf7OCsN9xCqghyA5QWLhYjq5EiPDaFqqKSpJdFDo4OIgkopdcUbExAfd86GopAgGFI4JLQHOkO8aZTFAQWRqDKaIl4Veim8hJEQtHA8JEeTwe+gI1QTv39PQwvfDYK4CjG0AVAlEyTgS1wq/wgjXODvURvWKLNiGLWaiewABWvA1ha4ArjQlsAFVDFJjA5LcflGMWOtA+QBwcenDX2MQEp6+PoCEcQFsnN0QQOI8rdRO0AzPQ0NfEMFAlNIKQt6IOK8N/DmYsaNvhEdQNbfXUb1bYePUKwxsOhZ2Tu6WtU3JapvBZhV27LXaDW5Z3/LZd4R1AG9jZo6S7h2Pr6Gpt72JmJbiq8ITXbnf8RJ4wflVtvaun7+7c+kzy6e4b2HgC2Kmu3+xJ7ezjB8Jb89p7OE/bXLeZG/ybmPikrRaxxVpVNjRv8xbQx5wz8Fpkplrv/tGtd+39vSMP1k3GJ4aZG4i3MKgwr80/fN/KbuL43pQHLt7Y+AjD9bZZ58cmf5L8n+TeqC1Wj5jBJJ83PLrjcL+N5I+t8i6ZAWastWt8rJ0qQNTpuP99l3vb6MBnq6Hu3b/3TLTqM2xLP6iz3YawdrTR7/2gLGzL53uPmucTzHk/hAmPWsKTDxD6vioqVKg8m6zqHhUq35HA+haXlmcXlue+10o7egtCWRWVPSS8hftfJ46y3AZYPoMs7++punPD2+ZpX2+XVQG9OFSo7Lr09nKGuP1ZNR1n/WpkA2ol/YnWrGyIas16R1cFbpBQNOaT578qycYJN6q/mG+NVlxjX18f7fRNyWqoWl5ebqdCZdelo729rb29t6tjqL+L971WnOAgp4v2+GaFOoBUqFChy+pUqFChQpfVqVCh8sNlVVSoUKFCoYoKFSpUKFRRoUKFQhUVKlSoPDNQtXzvHlHRh0sf/lb1PeGbzB56amLlqOAr7Ss5bFzWk785iAoVKhSqnhRNHvp06KPf9rvl/KlQoUKh6olkema2rbOL3d7R0tbe2d07x7xsd2Fhoam1bXrmweenOf3cHo7gI2szs3Ps9s7ahqauHo7ww0qDQ8MIbGG3t7Z1jDCfGhV8AlPwXcwHn8asbWzJK6ngDY9m5hePjD74Fik5NDo2npqTT94dzoQtkxdpMh/RFHwwneIaFSo/LKha67mR/y3tXb86fPGrWwqSOmYvn7xp7xUAhBodG2OxXvEJiyZvnlczd9Ays8VGaFzy++fvXFfW++KGQltnD8nHOziS9e7XMrrmX4kpiqsb9nNXf/Pewz/kjLRGQ0vbHW3TppVP2hHp7u376LJ0Vy9nA9p17xFnQYUKlR/QLaAd3b2X5bWSsvJm5+bZHd1X5TXd/ENBc768JrP/ihTCEcfBO9DTP2R8cuqKkq65i/fw2MTI6BgYFsGU8PiU8zLq0zNznb19//v11cy8IkSIT80MCI8uZD6hHBwZK6dv2dvPNbBz7x8cQkGp2fm+IRHFFdXtXT3KpnYDg0NLy/dSsvJ8QyILmA9jtLR3BkbEhMUmdm7mZdVUqFB5tlnV+MREc2t7XWNzbX1Tc2ub6KH2rt6TEio5RWUPKFJQxDUF7aHhkTOSavo2LoeuyzS0sB18guzcBB81dPML+fyylIm9W36J4OuBxFkLiUk8Ka7U0zeQkp3P+vRMXkk5oh28IW/q5M367JvW9s7I+GRxTWNsfHlTrqG1PS07/9UTN5x8Q7xComoamllvHOH0DwDavryl4Bsee+C6XHJWnrmzl7KxjU9YTG3zt18Zw299Y3NdQ1NdQzNVqlSfaV0HqoZHRoFQk5NTzMeCFhYe/mABoOqUhEp2YekDZy0gTExFb2R09N2z4rVNrSHRCV/ekJUzsLRzF3yvcXFpKb+0UtXY+vMr0tlFD5KExSUfvCYjrW1yQUbdJziypKrulopeQVnV/MKirJ5FZEKqu38oWFVLW+dNFb30ghJtC4fopHSStqun92/2n69ubLF08QK5c/YLvSirERSd4OIXfOSWfExqFlkvE4rgFKhSpfrs62qoWlpabmppm3r057rgAF6S00zLLWRgq+eKvKZ7QBhY2EcXJNkdXXDWlI2s3zhxDQ4gIoD+wO8bn+QfF1MMjk4kOcABBL509HAm+IIPlrV3956TVs8tKZ+enbujZRKVmAb8UjG2BauS1DTKKioztHHxDolaWITPd6+jq/u3x641tXVYOnvK6VlU1jdnFJT2c3ngaIHRCcdvK/qHx95/xHciqVCh8v1xABcWFsG17q9/Q9ODZfX/OXThlJSasondH0/d0rF05E/PjIyOsf7546r6JkRgd3T/7MvLlk4eYxOTvz1x8xsZ9dPS6pcUtIFxD4hYYPi/HzhPPlZOrty5+oV+fElKz8aF9fnZrt6+uyERn12Xb2K3s744B4cuu6CE9fEpU0cvaw+/ovIqFuun3Zz+nMLSV45fc/EL0bB0TM8vDolNAvOCS5iUmUuhigqVHwhUNW2wMg2KVFpZXVxWWVRaUVFTP8l8eHZ2dq6gpJzceQCpa2xpZL5MD9qVW1icV1za1tXNIMg9ElhSUS38Wu99wTf1JksrazJy8puZ633tnV3IeXxysri8amKSPzs3h92UzJzGFjZveCS3qBSBoFiVtQ0ILCqrAKWqrm+MTkwtr66dWbklggoVKj9oqForD90C+og7P0WXujdIfp9evKNChcqOQBXzWMy3su6DNeSQcEO4++Aok8Oj8hRGuLfyK3qU3CxKChINJP+W6S2gVKhQqKJChQoVClVUqFChQqGKChUqFKqoUKFChUIVFSpUKFRRqKJChcr3AKrwf3pmZpI/xadKlSrV70gfD1ULCwuFJeWtbR1NrW3N29OmFnYjtFlUWzfcXTd87Xbr4yI/KtuNVZhWdKP1cdVjPxxtVQVaH1extYVuUMQG2a7VDYpjP8HRdcNbH9eAaxut9cmirW3JJyx9U33R+gQGwF7PAJ6k6I2Niv24ej4qcN2Oa30y63rCsjY+l9bHjYXH5vPYUb/OEH48VM3NzSEq5Z9UqFDZ0w7g3Nx8faPgAWbhveObFfLoHzaGhkc7u3oIvaJKlSrVJ9dNQNXah/hWPciywUo8QAoUrqOrhzc0MjExOcnnU6VKleqT6+agigQiJK+w2MnDx9bJzdrB9W5gSHMrewO06uH0N7e285l3MFChQoXK03UAScjU9LSXX1BQeBSnfwC7s3OzTS2tju7eGdm5q7Ii8Xv7Bto7u2lDU6FCZfegCh6fp29gaUXlKg6F8MCwyPyiklV+4tj4RGMzm77ojgoVKrsHVZDq2nr/kPC1OIVf7iDP1sVzZHRU9FBbR9fI6BiJTtuaChUquwRVwWFR9U3Nj8orOCKqoalZCF58/hSgChnSVqZChcquQpW3X+Agj3d/5T3rQiHYlJ6ZXVVdK9wdGh7p6ubQJqZChcpuQ1VASITwYp+okMiRMfF1DY2iLmFPb999+jghFSpUdhmqissqAkIj7ovcuAAhH38fGxt39PDhDg6KQNUQhSoqVKjsNlQhZH5+3sHVu7mFLfT7hFf3klLTs/MKRVFsZHSsc+WDWlSoUKGyS1BFno/hDQ07uPlkZueOjU+QCJ3dPeHRccq6xkWl5aJQNTM7y27rnJujX7uiQoXK7rKqB5/tGxuPS0qzd/Vycvd29bxr7+ZTWlE9Nj4O37CsspqkIjG7ejh9A4O0lalQobKrUCUaPj09PTExOTE5KeRN0zMzdwNDK6prhLmBWDU0tSJcFL+oUKFC5alD1aMQZ8Xpm/MJCCHcSnjDemVN/fT0jGhMKlSoUNmUbAWqHiUkAjhUTl6BaAjQCtyK0z8wOztLJwcqVKjsEqvalJBUs7NzPb197PbO9s7uzu7eLqpUqVLdjD4VqFr7nXeyMTs3B4Y1NDzCGxqmSpUq1SfX3XgLKMlqma6pU6FC5ek5gAuLi0VlFdV1DVW19VvUmvqS8iqyUVlTR5XqM60w47LKGmLStDV2TR8PVfPzC+iSiYmJkdHRLejo2NjQ8HBUfNL4xPjWcqBKdU8pf4pf39iUk184PTM9PDJCG2R39MmgqqZ+fGJCtFeGRkZ4wyOCVSeR3yHh9sP9xxsaik1MGRsfp/1K9VlX2PAkn9/Q1JxXWDw1PYVpmLbJXoKq2oegCjI1OTEzNTkzNbGeTk5OjImyKgpVVL9/UJVbAKiaHqImvWehanRslDs0ElDQbB5XZZ1YbZXwkFonVJvHV2U3do+NjVGookqhiup3A1XDo6MTE+OdvVyWfspnbvnvO+V+4PyQfuic+5pDzkmnrPHxx0CVIDdGhbtrD5HAVdEe8kOHh0UPwf1kfodXJXwoB+ao6KFVqTao4aqKra32gwxX8tzgjEhxawul+oxC1SrLXNvpGwSub/MrFvKoIUAsba1RrRuTKDHLDQbU9wqqJifHmzs4qj55czN8nPl6fTl63SkL5GtjqOJPTU3PzKCzEQGHsIsNEoEcgk5MThLLIBs4JLot8EOnp0nFkJYkQciM4FeQG/IhR/FLQkaYJCQmCsUuc4hJMzuLnB9aPeXzp1eyIkWQmPgdY0KQA6m/6DbJcGZ2RnhGpALTTFoEImcUROqJQlctAlJ9RqGKWObDq+8PLFzYxfhFHGJ+/Cn+6NhD6yTEupDPtxYy+8BCmA/hTZIciIEJzJuxT0TAL3Yn1hgeNpAPLHNGODRmZ0kgsUMSB/pMWODWoKpPzTefQNXoKmEQ6pZL9sZQhe2qmpqsnJyq6ppBHo/T11dVXT3IGxofH8fMUFffkJOXX1hUzG5rR8zmlpbmVjZJ3tDY1NbRMc5cjkS25RUVHZ1d2OUODpaUlhUUFpVXVuYXFCLbAS63ura2u7cXR3t6eyuqkD8PmZeVlyPnkrKyvv5+5NnZ1Y3tgsLC7JzctvZ2ofWQamRl5zBZDU4IiuBVVFXl5OZXVlX3c7no7/6BgcqqKhSEInAKOIoqdXR1lZaXC+pQU4NaoQgc7e7pKSktzcsvaGhsRM7s9vbSsjLEQaGk/hStnlWoWllWb2xqblmxUlgRFPaDHodZdvf0EotFIGwM/Z6bl9/Q1ARrEY4RGGdxaVl2Th6yQQ6wfGIhGCMwHmSO3Bmkm+jq7imvqETauoaG4pISFFFQVNQ/wG3v6EBZ+YWFNXV1OIoSsYF8YKUILC4pRSpExqBAYF19PWpO4iCfZ8ICtwhVqnfzAd+8R7CqmxtCFQYvoOLYmQvaegYSMkqAHnTSc7/5I7oERyOiY/78wefKappfnzmvZ2w2Nz9vZWv3x/c+7e3rQ3IpBVX/wCAEImZ2Xj6LxXL18MJM0tvLsXVwunxdjMX6h2tiEoHBoa1tbR98eiA9K3t+YT4jK5vF+o+Ozk4ACpJIyMh/dvhrE3MrVCwmPhEh+kYm8sqq6M4xBisxz6DXj5w+r6Gle+22VC+nD6Bj5+jyyaGvVTW1X//wcwdnV1Sgtr6BxfpHWNHC4gLSIh8gY3hUNDYQ7Rd/fC86Ng6I1t7ZKa+sduLsJVlFlVtScjBcTx8/xDExt0ChADgUty4/pfpMQBWhMGpaurb2jqArxMijY+Pf+eSgsrrWoWNn0PvtHZ1IBbD4aP+Rm+JSEtIKl2/egUGSQYFf/6CQc1duyiupWNs7IbmzmydMCxYiJa/Q2NxsbmVz/poYxuD4xKS9o/MtSVmY7pkLV//y6QFDE1NYcg+H4+Hty/q751U0tP7nD39Jy8hE3U6eu2Lv5NrV02NkZnHs9HmYnKSsQkRUDI5iG+Our3/gV79/NyQsYmrqGbiUudtQRTiwg7Pb2YtX2R2dgHz0LKDqzPnLA4ODmIj+43dvpaSlo0uw28puA2X19Q9Ay1pY2yIffRPziKjo2dlZZKutZyQuJSchLcdu7wDrgetVU1d/9tK1plY2GG53L+fqzdu5+YVzc3OgaPu+PNnV3Q28O3zsVEdXN4gV8kRIcmq6grIa0sKSiEuIPpudm4uKjnnl7b+2sNuQBL1eWFTyr7/+c1lFJSJWVlf/24t/zs7Nb+vo/PTQ1y2trYBO8Lt9h47BYmLjE2+ISyEHTx9fGXkl1NPN0+fkuctAMcycMHG0gI9fgKKqxszsHMPPx+j4/x5AlYW1nZfPXeJwYTZ64Q9/AVrhEEjQqXOX3Dy9Yb3XxO44urgRUAC1EWVVJ85dBuJw+gcAH8jEw8dXRV1rZm6OeH+V1TUHvjoGMt7W3vHGRwfgFWB6vnVHJiA4DLYHJwVxAFUaOnrzCwtmljaYelENzJcu7p7El0xMSTt5/orAG5iYQHxtPUPM8Zh9YYcCT+J77ABuh1VhA1T5/NWbXx475esfOCDw3coPf32KNzwMR+xPH34BFoMkQSFhqemZcMGdXd0wOZy/ctPF3cvc2i4kNBz9UV1Td/WGWGVN7dkrt1JS02cY8Kqtrz92+lxzayu6B5PJ+cvX8woK0Zf4fefTLzu7uuD0vfrm+4am5gA4J1d3GA2g6o33/iohJQtD6ezuxmkiEMlhixevix06esLT5y5yDguPVNHQBveZ5E9i95vLN0PCwgF5r3+wD3iK+lRUVr798X7gY2xC0psf7LOxd7xy43ZMfAIOySup2jq6TM8I1hdgUuBQ3r4BH+47eOv2HVhS38CAcJGO6rMLVaYW1u6e3sAVmHdpWfmps5faGdd+ZmYGva+pqw9yzfrVnzDPwSSi4+JjExIBPUJWlZmd89EXX165LgbKg1Tevv7vf3oAFgJAgYUAX25KyGCGg0v41clzgD/UQUxS5tjps2cvXMmE6zA/7+F9d9+ho7YOzucv30BuKFdKXsnJzQO5weQSklIOHf8GzgFZhK2qrgHN//Vrb9U3NI5v9e7u7z9Ukf7mDQ0DQUBtyioqwIaOnDgD0lFeWcn6+R/ArRDZ1NLm5DcXBwZ5Lu4e4ZHR1bV1f/nrF79/5+PI6BjUDF344h/eMTS1+OTAEdBjLo8HfIHjfebC5aaWVrJ6dercxaTU9MWlJTiAb31yCOAFivTViTOgZqznXiouLQX3iYlLkJSRAz/v6e0lqwzC21YBnSBTv3jlTTj6Obl5+w4f6+jqmp6ZAXV6/aMvEpKSezh9H35+GB7cwuIibOiLIydhVWBVx7+5aGRmefDoSXDshYUFbX0jBRUNhr0LakUM8Y6MQk8vB6AsurZK9dmFKhihj6//9Ixg3bqFzYahlpSVYxuWLK+ibmFjx+nvf//zLxOTUwBVweERb368PyMrh7/iecHYYMN+AUG//PP7nV3dAUEhEtLyxELIxZ/4pORvLl6RVVQNCgmFESJQXEbe1dMbEQa4XNQERnXlpjiM7dzl65y+fkCVrJIqhgnhZYnJqccwmrhc1Ae2jRxs7B2UNbTHxp6ZZ0i2CFUqd/Onpya5vOEhkfvUhXer39jQAURWgSFh8MZDwiNeeuMj4Docq1+++ibAAk1pamF16frt9Mysu37+J765iNwsrG0wY6BTE1NSAW1wAIEoYCXuXj5lFVVRsfGsH/8WZgHcwZT1uzfea2xuQVlALhClI6fOwTk/ff4KaA4sAsSK9dPfVNXUghP96YN9mOgAVW99uC8jOyclNa2VzSZmh7SRsXFWdg5RsXGfHjxa29AAwvXNpetAHBAlSTklKTlFpAXjM7O0RhGh4ZEfHziCSRUW4BsQtP/oyUHe0A0JafBwtEBRSen7nx60tLWPiYtX1dYHLHrd9Xvzw8+AbskpaaD0dFn9WYcqAI2hifm1WxIg6anpGZiQDEzMj5+5GBkTZ2JhfeDoyfKqKqSKjU/4zesfhEVGp6Slv/3Jgdz8QgSSrjcwtYiIjrFzcL50Q7x/gOvq4f3uX/cLLQTRBriDP3/1zZff/ADzOrlKePT0eQVVDcTBTIwh5uDiflNCCvP9wWNnHJycYcOXbtyGW0qu92GY/Oer7wiham5uzszCSkpBlYzQ7y1UNXVwdAMK7y/NTk2OM/esr9IJcbfsDe5Wx0ZxaZmdg5ORiRmYKiI0NjX7+gX09fWjWcFZgCOm5haW1rYALPRKalp6Xn4BuUcBQADmBf/R2c2dOyiYTAAK/kHBCER/tLW3A+BAj8mqU3dv713/ADMLSzDn7p5e8F5MQZ7ePkAZlOLq4VlZVQ3YQr/a2jvoGxqXlJaRbsMv0NPazh5pk1PTCPA1t7IBRqbmll4+vthmVsfGkRWKMDI1w1yHcqempgqKin0DAgXxW1qtbO0xwQK/cvML7BydkDY6Nh7GBDrp6OxiY2evq28IeH1WrhZTfRRU4Rd4YW1rZw1LcnJBnH4uNzAk1NzSGrul5ZXjghUiQTSYtIWVNcwbMy44PrE3xI9PTIaxweZrautgD1k5eUILqaqpEZCvkREYD8BOeOtMSFiEvaOTpbUNpmHYHowqKCQMxlZdU2tl69DL4UTHxsGdJNYLe/b29YPtkWogQwwr4Nf3+RbQyYnx1q6+LyzSMqo7Yotb4ktaH9LS1pjillM2GRvfrY7OnpmdnZmdmWLu7xC49MxiE+kD5tAsWNIUM4ZhEMLBjPBJgOXEBI4yS+ArgczsJLiFZHaW4BQpmtyZIpr5LBNBsDE3R+6FwcYcfP2FBTJZPVzD2alpFM3czzI+jpgkUMiDSInTTCnkZis+k5Ahj+PIlix+of4kLaHu/Cm+sFDhbWJUn0WoEvYduhgdSpSEEFMRGqcwmtASROkMuemJ3NxHbndaayHTM9OIJkyCHIQlMncm8uH0EZ+AhDDxp4R1JqNAeBbkNq7v84M1GJB9g0NXA4tZ+qksk3SW8RrVT9WILt/4bnVyZy3RlaWroVWHEEKOCqMxS0gP7scVxid+vvAWOxJhbSnCQCQU5iDcILrqrmLRGgoruSq3tUUIoomcFAkURFhJSxB23UKpPru3gBKLJSoMWdGHnq9Ya5Oi4UKDWWshota4Ns7a0bTGeh+6HWFVbt/Px5WhHN5wJ4fb2Te4ruIofVyZKn0GkOp3D1Xjghv5xx+lY2P0zQpUKVRR3QNQJegzoiMivyJKoYoqhSqquw5VNfWCJ04efrXAE+rIyqv1hM/uUqX67OrQsGDdur5R8Go9clcUbZPd0SeBqvnq2oapqalx5snbzSr6FdQqOj6Jz+ePT2wlB6pU95AKrvnONDa35BYWzc3PjY1Tk94lfeqfgahmXpWflVcIvNv6hySoUt0zWlPXWFxWmVdUWlvfSFtj1/QJPq41P19b37S4uCS402mrsri4SFJvLY9tlLwbMrvrOc9uJu3sd3Re33kFnl6tmBueFmb3mAXObq/1ZvfkkBQW9GTfAWxqoZ8ho0KFyvf5Q/BUqFChQqGKChUqFKooVFGhQoVCFRUqVKhQqKJChQqFKipUqFChULUdoZBKhQqFqp2BkuXlZeb33rp57izWkLKI7BpWPrYsiqdUqOxpqNoYm7ZTBEm7uLg4MTn59IBAtKpPWO2lpaV1o1GwokJll6BqXfqwwbgFv8FvQVGJrIKysqqGtJyCvaPzJJ8vmmp8YqKtvWPL2Nff329sbjU2Pk52B3m8m7fvqGtqq2pomVpY9/RydqTVJiYm1bT0Gpua11RG8Ovi5lFRVUNCurp71LV0+cw5CmVqarqxmT4AQIXKrkDVupxiXZxaWFiYm58nvhh+Y+ITVTR1CcyBcUxO8slR8qRPQVGxsbl1/8AASTg4yBsZGSXcZHpmZmxsHMP+wTvLh4ZnZ2fvM+9+GBoaGh0VROvt5YjLKJIkkI7Ozutid6amZwAuqelZ56/caG/vmJmZAfkiFGxqamp+fgF5Dg8LPqVDTmGMeccWSsfu9PQ0n3k3NlpmgvliGimxuLScxxsi2Mrj8RBNePrS8srZufmkAqgztkkLcLlc5IwTQYiRmSWSoAIjIyPAU5w4tUUqVHYeqsj20PDIDAMWZJf8DnAHV7k8iSlpVvZOQlcIu0rq2n39/b0Mx0lMStExNMFItnN08fELcHH3fPvjz23sHcmnzWztHbX1jOobGusaGq/elrx4XTw6Ns7ZzVNMSk5aTlFbzxCDPDI6Tk5Z7cLVW1U1dQMDXFll9ZHRMVKBzq4uFXUtYcW97vpp6hmZW9vl5RdgNyklzcTCJiU948S5K0am5p99eQwkCJxOVklNSlbByc0TFdbWN1LT1peWU9I2MHZycfvLJwcyswTfg1TXNWzv6Ghqbr4uLqWhpRsSFiHA4nsCLFbT0s0rLCIlDg0PK6trjY6NObq4W1rbunp4N7ey9Y1M3/hgX2RMbHxisq6BMcJLyyuoLVKhsvNQRfgRoME3KEyUMdXUN3j5BxHOInSIMPgrKquEcZJT0784elLXyEzH0Izd1o4QDFdXd09jM0tsFxYVAz5QVkNT8y9fe6uuviE4NPzsVbHM7BwxCSnBR2fGxyVlFesbG5eWl2+IS5dXVoGqoMTo2AQjU0vu4KC0oirhPgSqlFTUl5ZQrqAqcYlJzm4elVXVeoYm2NXU0WtqaY2IirFzdMauj6+/m6cPYGV6eqaX0/fR/mPgTQYm5rn5hYI3e7F+DnitqauXUVAGjCpr6lZW1RgYmVbX1CIt4XGkiVQ1dfIKilY80CFFVU24pe98/EV7RycaE4EJSalALmxY2dh53/WbnZtfYlqGChUqT8sBLC2v9ANaMSOwuq7e2z9oamr6UX4igarE5FR1HYMx5k19xINDCIvFSkhOxXZ2Tq6ZpR2gJzU9Q0FFPSc3Py4hqbyiMje/wMTcChHgA8qraMDnwraGjkFJWUUrm+3k4q5vYm5t68DlAqrUHoIqVfVFAZsTVMPe2dXTx3eSz78trRAYEm5hLSgoJDwyIioaR8OjYty9fOFyBgaHOrt7njh3eXBw0NTSGqAJ91BeVQtQ1dc/oKGty+dPAWrjk1K09IwmJydXnexDUDU0BGCFr5eTm3fiwlUAJWhgSlqGjYOAZnL6+nQMjO/IKII2UlukQuWpQJVQgFZBYVFFpeU+AcH8qam1McEsQCiErCoOXo+hmfAoWIyiqkZ8YtIdGYX5hQWwKi1944XFRTa7TUJaAYRofn5+YnKyqKRUS8+QQJWknBJQA6UYmlr4+AXC48NQB9IZmVoMcLnisopCqOro7JRTVCFFFxQW//XAVx2dXQw4pgAcCSHyDwoBNmEjLCLKwcUdGBQZHdPe2Xnw+FkAH4qoqa0HVF0Tl+X09fdyOEqqGlNTU0AusCpjU3NCGMniGjlx0KgcxsEk535TQpovWBGbhzN49MzF9vaO3LxCIzMB7M7MzKLBUQFdI1Nqi1SoPF2oEqBVRZWnb+CUyNKyKMuIio03t7IVrlVlZOUcO3VOQUn1hpi4X0Cgla1DeKSA1MAniktIHB4ZlZZXVtXUBnMJCg2XklWUVVTJyMouKSu3tLa7zyxja+oaAESwbWFjn5iSBkoFkLJxcHZ0dhvk8TR0DQB/pAIDA9z3P/lCWU1DUVlNVklNeM2uuaX1q9MXJph1dCBUVHQsNmLiEgB80bHxKhpaPn4B18Qkwd1sHZwbGptGR8dUtfSQG1iVgbEpPEQtfRPgL/K5KS4lLacUEBSyvHI91NDE/Pyla0oqapKyCsVl5eBuPT29eoamRibmTm4egC14qSe+ueji5hEWGa2jb6SurVdb30BtkQqVpw5VIti0TiAQapG5mrYqEELuz1wFbfDXFlZWu1A68S43EGQyMzOz/OjlHlKW6CpbSFhEAMOk1hW4pQtrKrxB5ih9rXdMChWGw9NENNE6kyIQKDxZKlSo7BJU7XER3iaalpEFV/E+vWucChUKVc8KclGhQoVC1R6VVY4nFSpUKFRRoUKFyi5ClegrCqhQoUJlN+VJoGquobmVgjoVKlT2NKuaX1ioqK4b5A31D3AHuINb0H7oVtMKcxjYw9q/J0vsfwbPazebbjtn1z+wXZN+GifVv4vd3b/r/fUEH4JfWCivqu3r5/Zw+no5/VtT9GvvNpJTpbp3FAOB0z+wzRFBdbP6RA5g47YdQPJ+FSpUvh+yuCh4JRFth2dgWf0xuT68Hra0tNTW0bUmmAqVZ0/I6yHHxif6Brj0WtNeW1Zf52aFheV703OLM/Pr6PT84iokQ2d293DotEDleyOTk/xB5sWK9A6evciqvg1ZWLLPZd+MqZOMq5eIq7/z8O+NmLrkes4qqOrq6aVtTeV7IxOTfO7gtqCKYtzThSoSNDQ2dco1r2Fgorh9qKxzeJUWdwwdt898LFQti8j2v/6wcQTyXDT5vc88YLyqaOFHdKhBUNkdqKKAtRtQxR3hm4WVbpCpvHf+brKqHTQXajpUdgGqMC+OrrxSjZrc04Uq3aASQeRFARVZpUvL9yQ98jaGqqmpKX19fXV1dQ1NTV1d3dbWLV5hnJ+ft7Wzy83N3QCD2traJCUltbS05OTkbG1tx8fH1dTUdHR0ULqBgUFdXR3icDgcY2PjoSG6+kBlJ6HqUV9OmZubg+11dnYam5gQC6TytKBKP1gAVUvL63/UT+pxUDU8PPzn119HV/F4vMiIiA8++IB0GBwzoNjsyqclFhYWsE3eBjU9PT0/Py/saT6fT97gXlhY2NjYSGALcRCfVJN4fNjIy8uTlpZGtpOTkzg6MDDAYrGqqqsxrUVHR7/y6qs1NTXd3d0I7O3tpVBFZWtQBWODWZL3pmEDpkhWGxABtgdzJbvkKOz/8KFDfX192Tk5sD1m3C2QTGDV+MXu9NTUIiPky0a0zb8zqLp8+TL5IBXE3d399u3bwBpQmzPffPP+Bx8UFRWhgz/86CNFRcVDhw+bWZgrKCj8+sUXwb+6urrOX7hw/fp10CJ0qoOjIyKXV1QcOHRIQkLi9TfeSEtNFS0LRxETZIpQ7sHBwbfffZfT10eO+gcEmJmZwWh+8txzfUwghSoqm4UqIIuXl9fXX3997Ngxa2sbsdu333rrLX9/fxwKDw8HnVdVVY2JicGuq6vrvn37YPwXL14El9c3NGxpaYmMjLS2tsbRnJwcb2/vlNTU02fOnL94UVxcHPFff/11SSkpMn9TqPoOoOrsuXPjKx8WzcjIEBMTKygoQBeCWGVmZb32+9+PCD4Sw2pqakI4NjAvWVpZubi4AMIwEY2NjX311VfV1dXWtrZ5ubklJSUvvfTSzOwsnEFtbW3wo0JGgIaIg+Q3b906cuQIwuHlvfLaa8A7UnR9fb2enl5zc/MvXngBpkOhisoWoAqsR1dXNyQkBCb95ptvwhrZbDYm3ezs7Pfeey8lJQVmuf/AgeCQkB/9+MfEmTh9+nRPT4+CoiIsPDg42MBQ8N0AxMe0HRMbi7RT09NXr1718BB8NwQg2N7eTqHqO4Kqs2cBNw9eHxwScuLkSUdHx6CgIOyiIyUlJYFHABdsV1VVHT95Eh2Wlp7u5OSEJH5+fmbmZvv37y8sKrKzt4eLV1xScu36daQFBsnJy1dWVSGOj48PmFRZWRkcQMAQMgQLA6sCVMFcSE2ioqJA5XCU9Td/08tA1TL9zhWVTUIV7AoTHiAJ26BUmA77+/vhKAB3YNhgRs7OzllZWXfv3pWVkwM/Qvxz584BqpSUlQFVsH8TU8F3QPLz85EkNjYWLAw5YxvohnA1NbWKigoKVTsOVfelPB8PVefOnyefFG5sbPzpf/0X3DSw3ytXriCksrLyz3/6EzDls88+GxgYAO7sP3gQHZyckgI4Cw0Ntbe353K5R48eBVTZrkAVMkRaTD6Xr1wRfVs5ut/Kykq4iwxf+8MfyNuKGxobn//Zz2BDcP3AvLhMIBUqW4OqxMREbF+7dg02Bou6eOlScnLy8RPHyeUa/tQUZs1fvfTS/Pw8jsJV7OntUVRSErCqkBDMr4gDeoX5NTomRl5BAVMmJubAwECEKygoYMKmULUVqNIJLN7AV5Jwy90YqsCTn3/++Tt37qAP3nn33YSEhPuCO4An0UNAq/fefz89PR272AB8oJMOHjr0/9h7D7iq0jTP352Zndn5z/buzHTY3d7u+U/q7uqurq6cq7SypZY55ywggqgEEUFBMJCjiKAEUXKOkjNIzjmnC5ebc+Tu756jt64kEcWirPf5vB7f8543nXPP++X3nPve84JrGZmZcACBnm3btuHP1JrvvquoqACqoK51qOrt7T105IiIWuOLfhgJ8AFDlpaWBgYGYBbuG+ziL97p06e//uabuDjtqsiQ6//8858fPXr0+PHjrq6uxA0k9rSoggOYkZGBOLw23LSg1Ucff4w/t/Hx8Tt37TI0NPT188NfaFtbW+ziNkO2oaEhK2vrhoYGuA5vvvUWpNPvX3kljjIMhEm1Gjc5QdUzoYonlK4MKPYs7rma23Etr9M5r/P7bX6nY077iXuVc6MKNeFvi4gyWls9zKlW8/l80aPFBJGHnpxJf/dHfz+CCHADz06hUOAQ/Y2JbgEYOjJlIWgoMvpbGLFYTFeLiH7TdBNIpPOQoUjsqVBFDRwF/Y0zffvRtxmdAX90ccfSNxvuNC6Xq12miMpG38PUKJOx2WwUoRc6om9m+htAuk7yXGIhP6zBf80MfmT1QEL9UFzd1BBTO9jBFMyNqiVlREARe3ZUEVuKqHpaI78BJEZQReyHQdXktEnq+mHK5wft2k+9WYF8qsR+7Ebf2wRVSxZVHc/46fYNEFVF7CVTVUxyHZYWquRyeX1ji1Ak4vJ4PD5/IYHHY7HZCyxLAglLL3C4XDaHQ67DiwwvaHEtDXkFKLGXy8gt/eN4CygxYsSI/QgeqxMjRowYQRUxYsSIEVQRI0aMoIoYMWLECKqIESNGUEVQRYwYMYIqYsSIESOoIkaMGEHVsy0kO32VIZVK9f1bZSij38jDYrH4fL5Gbyrw3JWzORwuj6+rR/P4HOJ59k0/6/TpyNMjUxKlUunIKGO2bI9fXoVMJpty4jN2W3+rd1Qz2wmSPyTECKpmRdWMo1GtnnXM0DDKySvYtH2PhdW5PQePZeXkTskTGxefk5c3vSFd8e6e3p/95xv00oHa90/fDikuKUW8rKJyjkarqmuPHj8pEDx8kVZwSFhdff2UnFKprLK6ZkrB2Sig/6ozBoNhf8lp7gstFotD7tw9Ynji1BkLq/MX6Pe4zwEapJQ/qJzPR9jR2TU8MkpoRYygamZU6f/Bn/tvu0gkohenoYd3Snqm/WXtS++bmls+W7MJI43N5jQ1N49TP1WPio7Jys7RaF9qzO/o6Ozr76dfhKjDYlJK6r/85aPrAbfo2vwDb2Xn5La0th8yPIGqFEolZEtnV1dvb6+Meg0jna2isuqP7y53uupKv6rRzz+gmqLS2NhYU1Pz6CgD2QqLS0+csujp7RsbZ/IpqKFjPEqyof8CoRBle3p7Ozu76KMcDofJnBgZGW3v6LA+b6fR/uBegKrQz8HBoeaWVhaLreOaz/UAe6erqA1Hq2vrRikVNjAwiHOkV/0SikSjDEZ3d08ftZpOV3f3ESOT+oZGSDZosY7Ozrb2dsAUHxBzgtU/MIBzRHOo2dXdMzomDjWTF0USI6hqnxFJg0PDXIpB+oc6u7p1Kyw+hEtahuM1Nw31xmFs0zLuX3HxoMTI2J4jRglJKQFBty9fczlqfFKpUsXHJ2Tn5skVClt7RzdP7wNHj8clJNE/lNZoF7OZMDxpAcbZ2TvSSzlAVaWkpccnJv/xneUR0bEjDIb39QCUNTM/eyPwls6vLC1/gEYtzp4H6bDr4+vf0NAIlJw5ez4yOtbD27ehqTk0/N67n36dmJIaGh4RdDsE2c7ZXrzsrF1CwsvvBgRgTl6++Vmb8xcvWdtexDlGx8S++tFXfv43Kx5Uunt6ASjGZub3s3PrG5rO2l4MDr2TV1BIXweouTWbdw4Nj+jLsdy8ApDR3dPHyOT0BIuVnZf/2eqNAUG3Pl+1vrauPj3z/vKvVnlfvwGcxSUke/pcvx0ahmvV29e/cdeBqy7upy2svX39UeeKlWvtHBxLyypUKoIqYgRVj/OIHm9tHZ03g+/QEoM+WlL+ICI2QfX4n3cgCWJEVyozK2fDtt03bgYdNjSBT8ThctEEl8ffddCgta09PT0jv6CwqKTsgoMT7e59s2HHKOPhWjJl5RVO11wQCQi8FRGjXcHBLyDwQWUlBrDFuQvYRUNHjU3p50frNu/o7x+gC5aWVwBhI6OjG7btbe/oDL8XAR13NyJqx77DAJ+ZuVV8YlJDY7Odw2Vkhq654HC5u7fv8jXXw4bGExMTDldcsnMLzljasNhsnOdho5PlFZX372f5BwQi/ziTecTguJunD6iK3ejYhFMW1uPMCaVSRbfO5/MPHjVEWZ2DDHjtPGjQTrmxV665RsbEZ9zP8vDy0arOtHSQEQ7jiZPaVUwGBoc+/GJ1anpmbn7BrgNHgEIzc2sgWy6XHzpmxOHy/G8G1dXVa8iyYMQIquZwAEGrgEe0Ki6riIxLRA2z+Yn0WMq4n42R3NrW1tvbhxT4fTeDgkGcvUeMWts7gKrCoqK4xBTfGzeRmcXmHDQw6acWy4ZnBx9q575Dbp6+uw4cw+BHcTiA5RUVnZ3d5ue0Lhi8OTcPL7pFS2ubyqqaR4x74OzhTXudcBX3HzHs7u6GIgsICq6qrgXImBMTyHPR6SryQCp6+Ppb2VzIys2H43bnbkRwSFhbe8dhYzN6kQh0AIopNTUN6KRZ/O36LZt3H6yp0S4rIhKLE5NTt+87cj8rmz5liUSycv32xqZm3WURCoUHjhoPUG8cjIqN9/T1T83IDLkTTqE82//mbQ6He8LsDC4aSh07caqoGH2s7OrugUt4/uJlrc84OWl62hIqUufMElQRI6ia6xtA0Co4PDIjOzc6PklOrbQxJWf/wGBdQ5NuLCWlpF10uqY7GngrODgsfGxsfPu+o00trckpqVk5OYjs3HeYx+OVlpVt23eEzdY+zent7d25/8jwyAiXy4UqMTEzzy8svnkrpLCoGKpq9yFDcGRwaOijr9dpnyh1dX+3cbvuaVFRSSmUEb0QSE5u/rJlyyCdMrNzqKdmk0PDw3y+AKrK0OQ0/VgtKzsHeeBjwptD5H52jkQq3br7YG1dHZPJXLN5V1t7Z1R0DFxCDbVOqoPj5Z6+PvAI/ppQJJJKZaVl5SfNrUUU2nBBYuMT9h0x7O3rA7YAa3h/5mdtE5KSUe3JM1aoJzk13dc/AJkRcfPyQzf2HTYYG2dCURqcMOvu6UGdiENmHjluhvPCxdx14CgyXL8RmJObR1BFjKDqyZMVQKvYpBTFo+ffUyRVWmYWhpNuLJWUloeEhdPzFbBbXVtn5+Dkez3AzcsX47C0tKy0vBzpkTFx5lbnzlida2pupWtLy8hMTE7RVZ5XUBQafg8QeVBZhWauubiDF3C7QKUTp8wtrM6hIV2jECN3I6JpVMnlCk+f61BV1PP1m9bnL1ha2wJtMrnc6aqzveNl0KSru9vWwQnsg59la38JziDdVUvr82ZnLGPjE7WeWmpqLeV5MRiMgMAgqkuFAbeCAVD4dBcuXa6q+V7soOmEpFTT0+ZW1jZwFXl8Pjw7NI1+BgWH4lIUl5YlJmnPrqSsHDoL7YLgx4xPAr4trW3oIdrF6QN2fjeCADJcQBc3T2ARR3ftP5yUmkZQRYyg6rlNAZ3ta8SnreGpCj6XL/GntTg53cNdhFaIESP2/FA193zL6ZMVp+/O/TbYJxbUzDT98omNzl2JboKY7vvHuVuc8VymX4f5ND3X+3CnwXH+812JESOqihgxYsQIqogRI0ZQRVBFjBixlwdVz7K4FjFixIgt9uJaspb2TgJ1YsSILWlVpVAoqmsbBoeG+wcG+weGFhQGH4WhZ6hhaAmHwZe0V4Pk+sx5S79kd+DgkvxMHzY0L1RV1TUOMJi9I4y+kbGFhX7G+ILLkkDCkgujY/2juKUZ5FK8sPBkVMnl8vqWNolaI5ArhQoVHRCfM6h0OenMw2NMbUSh1E8ngYQfXcA9LFJNsgSiMRZHrJrUHxQkLGqYF6rqmlrxkXDEUjpwxVK+VCaSy4UzBaTzJLLvM0tkbJGku2+Aq5dIAgk/3sCTKUYn2APDo3y9QUHCYof5oar5IaqAGzoM88Rd47xuJn966GLyJ8QyXU6aUD39gzypXD+RBBJ+pIEvUzBYnMHRMf7jg4KERQ1PjSq+TM7gic6mNm6PrdsTV78r9rGwO7Z+c3TdreIOZJsnqp7lw15w2fkUXEDl5MYlqCJhSaCKI5GJFIquUc6egKL2cX51/0TtIGtKQOIGr1x9MM2BKiTig1/wmEevFnDOszU6/Y58WiW4gCIkEFSRsEioUnaMsO0jtK+UE8rkEoVyShArFCeCinlPcgC1Pr9UPsrm9g6PskUS3ZMsOoLmWEIxky/UT5+CMGRo6+nToWfKTaPv5eqn8HCfcXg9QyO6tqjIY3noeNfA0BiXj57oKp9S4ZTmkK1neHRwfAL9mbFpXSskEFSR8CJQ1TnCtg4vl6nVE0IJWyzVD8jDFkkNbhbxpHOhiuYUGih5UGV4wmRkgi1SqhHEqkkclUxqUrOyd+7dm5SRKdNo6EM0koQKFQ0FiVozxGQdNTRCSn1re21zK1L0dRPS6QrpnuOuQhyJco3mQV29obEJmEJ/s/B9HplCpJqkmxtiThgYn2jr7Uff8kvK0A0aoGKVtj/TpRPK4loFh98Nj44RKtTCR6dDYwspYrUGbZEbjqCKhBeqqs6FlysmJ1miGfWF7Imowoc9wBjvGx27FxO3bdeu4Qk28rR09TR1dEErQcts3LL1VtidgTEmZFdTZ1fngLY4ky8YGBtHT5ABnEINO/fsRX5v/xvO7p7dg8OII3DEkgmBaHCMiRTUCdagCJRUa3dva08f4mXVtes2bEIG1NnZP4h0BpuL9HGeoL23v7mzG2oOXdqwZUt1Y3NEXLzJqdNoC9JvlM3B0Z7hEUoGSh81J6XrAfsuXbkaei8SxXFqHX0DqA0ZBAolRFxDWwcSyZ1NUEXCjwZVWk6NMTdt2XrE0HD3vv37Dx8BTQKDQ61szp+2tIqMi7+fl//LX/ziqNHx8KhoDx8/IxPTt997t7Sqpry61vikGbqUlV+4YfMWsMDc6mxje+fqdetWrVnj4esHOabSaENbbx8yHDhyBJWgCSZPEBJ+b+/Bg199sxL117W0fbduAyAYm5SyctWqXXv37tl/YIzDi09N23/wEPK7efmMsNh7DhxIvZ993MT0r//LXwFA0G77Dx05amj42uuvJ6SmQWcpqLakk5rC8op/+udfnLU5/8tf/a/EtIyM3Ly/+4e/w7n88z//PCE1vbalddvOnRcuOd4MDqFdXRIIqkhY6qiivCEVFNOW7TtAluzCoq07d5XX1P7p1VfDo2JikpKXLVvWOzx6/qJ9WXUNmoMOwvC+6uYOkJVV1SAd3UKpvQcOdg0MATEgxb2Y2Ju3Q+BtpefkIpJTVFLX0v7t6jWN7R1o7p3330c6VBLYBI6gnsr6xh2799S1tm/YtLm5swsSbPlnX6Rl5YCYIyxueU3dxs1bkOfg0aNtPX3w6WwdHHAdwiIizc+eRXN5JWXbUbyl7W50TMjde0DYd+vXX78ZpNZorrm5QyeiKvAODiAih44eQ+LWHTtbe3pHKe1Gbm6CKhJe3LMqoEo+K6qkT0QVJIbTNWdUfj+/AKIpOiEJ7IhLTrkbHZuccR/+HXwuoAoQiU5ItHO4hKFuf/lKcUWlrb2WGoARUNU5MLT/0GEQChCBKEMPoW6i4uNREN7W2vVa3QT/a/uu3UnpGQCKxVlr87PWFx2diioqjxkdT8/O3bR1K7oEpnhf909MS4dAs7lgb3bGYu/+AyWVVVBkcPdA1QuOjpPatVGDouITgSr4iavXrkMfMnPz0Gf4p+s3bc4pLEbHrgcG4RSgxczMLWj1t3Pvvva+gaDQMCA4IjZO90UBufMIqkh4EarK9m65SjOpfRQtlU8JgJThk1AVGBJ62MAQlLkbFQP3DWTZvG07uAA2YYtb4cDhwzVNzUj//St/bOvtv+rqdsbSCihZuXr1hEAYk5j83gcfdg0Ob92+Q6zShN6LgMuGsuAIAvyy9t7+z774Eoxo7e7999/9LiwiCuTKLSrJLigCrYorq9ZvhJ7q3rFrNwQavNE/vvonCK4TJ83yikuhqr78+uvSquo9Bw42dXbfDr9reuo0HD3w9KNPPh1hcQA+oBPNyTUauIEChXLtho2QV3yZEnSLjEtISs88YmiEy5eZm79240b0H8KwqOLBH199rbN/kP5mgNx5BFUkvAhUnQouEStVDL6YKZRMCeMCyUH/grmfVQ0xWfCMjhgaGp0wueh0mXbNIH+glVw9vUABKKna5pae4ZG9Bw/aXLgIkeLm5Q0HzfT0aeivUxaWIE730Ai2qA0q6ZtVq8/ZXUBBQAFdBaG279wFzbV+40YoGgaHd9nZxfT0GeR38/Z5UNdgbGqGRHBqy/bt6zduwtFxLt8vIBASz/KcjbWtXUVtHbbaJ/HdvW+/+66Hrx8ijteckRkdyC0uhRbTPVMveVD1zbffmlud3bhly/38woycPPQf/iDAh0rgEqLdw8cMQExycxNUkfCCZqsL5IohlmDz7bLTaS0myY2mKU1TgkFi4+mY6rlnq2unSsrkLKGI/nkzPZkT2eAf0ZMzsaubLQV/EBG+XDu7EgE8wq6uFF0bCKX7vSFkS0tXz///b//WN8pANyB26JmZYJOuZl1ByEC29ks6Fd0c8tCTEug8dIt0tXSjwJO21OMzSLU5kUevHr62funDSqju4dQWNmGVBIIqEhaCKm2QypoY3OSGoYyWkfTm4SkhrWm4ZZw392SFp5xc/nQ/bcGdNDg+ERWfOMri6Hd7Ph14xrnm5MYlqCJhKaFKIhPK5FKlcrYglMl/2J8r42aSaTT09EvyGZNAUPXTQVWb4PGHwRyxbMo89cfnrMt+WFTRLhv5dElYVFQRj37poaqpVfsHhHoetIAAagBVXPK+KhJejvdVSeWjLM7ACIN+lkrCEnpfVX1js1Ak5PJ4VOA/Hnh629kSeXplp9cwPc+UbLxpuzPGpyfOfXTGDkzf5U07kTka4s1UXP/sZsswW2dmOxfekz4O3iyVzOdKztHoE9N5s58Fb6Y8/JnyzPahPPFj5c3ZVd7sn+x8PsSplfD48+nqHE3M/RnxnuYennH4zHGr82e5P+c4l/mMMt6TUMCf9+lMjc9zca0OsmAGMWLEyJKlxIgRI0ZQRYwYMYIqYsSIESOoIkaMGDGCKmLEiBFUESNGjBhBFTFixAiqCKqIESNGUDWjERoSI0bsB0PVJGV6TSiEQiGHw+FyuVKplE6Uy+VoSNcK0pUqFZ0+NjaOzEqlUr9CpIyNjUkkErpyNWV0Wf1dXdO6OH0AtY2OjqJyHFKpVHS6rpOIkzuDGLGXB1VTGPTEcU4fSsu4/8ZHXzg4Op2/YG9yxqqmrh6JeQWFew8eE4nEdM6zNnbtHZ0gmuNVF3NL68MGJ4pLynR9yMrJMzxx0uyMxVVXD9Dqia1PTxQIhVbnL7BYLBzKys4lso4YsZcWVbrdJw5vFps9PDL6Paoy719x8aAPNTQ2fbth28DgUF1D47Jl/8XZzVNFiSnbi5f6BwZaWlt3HzxGFxwbZ9INcfn8/UcMu3t6EaerlclkVdU1efkFo6MM7AJelVXVRcUlI9gfGxscGkIipBkiEHIoiKOovKKymsfjodTu/Ye6urobG5vZbA5yQnC1tXdIpTJycxAj9qNHFR2H8AEM9FPwr6qmTq5Q6CcmpqQ5XHGmXS0aVfZO10Afevd2cEhsfGJpeYWzu6fP9Rvh9yKReMHBsbunh8lkfrV2s4+ff0tbm36F1wMCDxkY5+TlC0Ui7EbHxqNkXkHBFRd3Ho8feDvE8YpzUnJqcWn53agY3+sByBMXn+Tpe6O4rHz5ynV2DlceVFZZ29oDXiFh4Zu2765vaHT18HL3uY6cza2tJ06Zqx+5jeQWIUbsR48qqCG/wBDoHV16elZOSkbWlBEOfDAnJvRVlf1lLbnop1Hhd++FR0TlFxaF3AmHx7d2y+6Ozi6Ao7VV242h4eFbIWHvf74qPTNL165YLM4vKNq+/8g1V/e2js69hwyv3wjMyS84eOz43cjo42YWzAkWrY/iElNC79ylvM7MW6F3ikpKz9vZa2uQSMwsrNlsNmh71dkNKQzG2L4jRkjxvRGYm19InlgRI/ZSOYCDwyN+gcFjzAmaU2n3s2fTIfSja222+1k6BxDNmZ2xrK2rK39Q6e13AykVlVX7jxrv2Huwq7tHV7agqPiosRndoo4gwM1pK5uwe5HnLlwqLinr6e2Hw9fU3GJmeU4gFNF5ouISQ+/cQyQjMysoOAyo8qKkE18gsLC2ZbFYDU3Nrm6edOYbN4P8b96yOGsjox63EyNG7GVAlc5Aq8CQ8IjYBKCKzjLlMVZrW3tBUQnlAGopk5icetjIdGxsrLevz9XD2/KcHZqAqoL7RpdKoNZY7uzqLquoDA2/x+PzvPxu+Afeoo/C5fQNCMLR5pZWgxOnevr63Tx9UtMzuDxeY1MzkzlhYHomOzcPEWTIzS84ZW4lEAqvuXp4+PrDZ7S1d9QKPb5gzyEDOJjdPb0GxqYcLhcSDPF3PvkSuoy4fsSIvYSo0nqCQ8O5BUWTGs2MfmJ+YfE9avzTgqihscnb18/Zxc3V3TMmPlFIKSCoIfCFLqJSqaKiY+mH4r7+AQ6XnAJvBdOPpej+ZOXk2l9yunzVuaq6VkM9XIcD6HTlWvi9SJlM1tfXf9XF7ZqLW3nFA6lU6h8QiIbCwu+VVTxoamlNz7yv0T56l0bHxvP5fDTne/0G8rBYbHTW6ISZvj9LjBixlwdVTyVAZsw8/y8Tp9sCnijN1kpyarqzuze5J4gRe2lVle451Gw00T9K6ybapszb1C9CT9pSqdX60zv1K9RVq5vzOeMuHdG1pWtFP0J/FzkwOEg//idGjNjLiaqXwMjDKWLECKp+NLQiwCJGjKCKGDFixBYfVfo/ACZGjBixF2nzQZWspb2TQJ0YMWJLWlUpFIoH1XUdXT1tHV3tnd0kkEACCS8+zGsh+IamFolUKhAKhSLRQoJw2nZhNSzZIHzhNQufpqzwBzqvH7wDi9Srx8qKFyE82xBb8NUTLskh+aih+TmAbc+6EPzI6BhRsMReGhNLJCzqlUEaDUujqdJoKqntM4ZqjeaBRoPRpyJX+If5BlCtVvcNDJHvEIm9BEbfw3yBgDE+johK3aJUu6nUriq1GxV5LCinbVWzxKmth1J1VaWOnJykf0NGBsszowr/MUWyrjF+D1PQPT5DECsfm7munpzsHxwi15rYS2N8gZD+raha3aZS+6jU3tT2GYOvSu2uUsdCtBFUPR9UiaQK4/j6fQmN+xMa9bd02BZb75/bSlBF7GVH1fgjVIFTXtT2GYMvpbNiJwmqnh1VdNI4R2gaXCpWqBk8MVMgnRLG+ZLdvvkEVcQIqgiqfmBUjbGFV6Mr56j09O2SeaKKXi1G9xSAnmXa3d1Nr2SDXYlEIpPJlEoltkhUKBSPrT3z+K+d6fTh4WEOh0MnouAEi0WvdjPlZ89TatD1h25Irvd2velt6Tc3vQ9a4SkScbk8jd4vq6fnIfYyoUqp8laqvOhAo2e23WkpBFWLiSqHiAca7RuHta8gnxKQZBpUPB9U5eTkLFu2DGTRPP4uFyMjo5GREUSw3bJly7Fjx/7whz8cPnzY0tKyq6trej1TXsmAbMXFDzsAZGzdtq3t0avZZzP6zMCpQ4cO7dixw8LC4ttvvw0PD5dPex3oPCkTdufO7du3ye3100GVRuOn0VzXaPyxpdFDpdxACuLqSW/qKMKNSY0v/WyLynxD/XCXoGpxUHUpUosqkGrGYT83quhqBAKB0fHjQFVu7sO1raBlWlpaampq1q9fPzY2pmNQX1/fm2+/LaJerQeuYbezsxMUq6ura29vp9Mho2pra1F8nMm0OXeORlVPTw+DwcjOzhYKhRMTE9htaGgYGBjQUK9d7+3tRVtgH81KWoLt27dPR8n9+/ffvHmT7mpjY2NTUxO9kBdqoKtisdkdHR1oFOnoan9/f3V1NapFns6urqqqKpwRdpubm9FPsVhMV1tZWYldIqxeDlSpqMfqSpUnn3+FMWbX3XN2lGGnnvQBm3j8y13dVkPD5yGd5ApP5oT9KONCV/dZvuAqjsoVHn391p1dFmKJy6TGh6BqKaKKNoxqFxcXjOevv/4aKEGKs7Pzt6tWeXp6gl8sFkvzaIUb+IPvvPsukMTj8XBo1+7dUVFRVlZWyLl8xYqMzEx4hbv37LG3t/fz8yssLHRwcAAOKioqwJ3W1tY333kHgAB0UNbb2xtbwA58WbV69fXr17EbEhpKYxGoOnjoEOBCnyjYh6OA4MWLF89aW+8/eNDGxgZtoVEDAwMor3///e/9/f2X/dVfoT9AoaGRUUBAwKfLl6O56JgYiDKgEDWgV9jGx8cjz/bt20NCQpCieLSoD7EfO6oAJqXKvbBwa0jIK/kFO/xv/Ctzwg48ion9OPP+xjvhb9bVHxEInXGnZOdsiI75PD5huUzuXvFgT+b99UXFe4pLtkhlbqiE+hKQoGrpocrE1DQiIgJ6ZPPWLVBJECAYzxAswNPGTZv0VRUkDFAFVQKi/dOvflVXr13ilMvlomxQUFBYWFh5efk3335LZwZZgDy4kGAZk8lEqeWffQZtBUCkZ2Qgg+nJk/fv38/LywMosQu/sqGxQaeqDh48CJDRPYQaWr16NbzUI0eOYHeCxVr23/4bJNgJExMQFvINHWaz2dU1NfsPHKCbBk9NTEzS0tISEhOjo6OhvDZv2YJDpaWl6BUgiCJlZWWSR2tKE/vxo6qVooxHbt7mB5VHNZqg7JxN1TV76xsM09I3ajQ3R0bP3b79Fod7Ofzu6yy2vUrtfuvWW+PMSz6+vykr39XSetzVbRlzwhG+oVJFULVoz6pUFKu+D5Pa7XyeVQE0f/03f7N+wwYLS8tX/vhHd3d30MTY2JiWNohgV4cqjPCPPv4YYIKqWr9+A30IQgZi56SZWWRkZFZWlq2tLS3BoFY8PDxAhE2bN6M46Lb8888ZY2OBN2/SjHN2cUlOSQETgSFzc3NvHx+6IO0VgkpDQw+7mpmZueLzz8FTNKShfmAEvELimZ06BYoNj4ysXLUKSO3o7Dx79iycRGRzdXPDSaWnp8cnJMTExEBVnTt3Dt0Ai8+fP49KQNV169fjrOVkUZyXClWe+QWbGhpPAFVFxdsqq/eUlu0sKT2EXYHw8p3wz8fH7ePiP+FwL6nUXpGRX42M2IWGLe8fMO/rP9M/YCWVuVOVEAdwEVB1Zc5vAE/dmhVVdB2eXl4YrsAKZAh8tDfefBNa5r333sPYbm9vB2ggiHSo6urqQgr0Ee0AaunQ0UFLMHAKPh28Oez29/ePj49DyJw+fbqkpOTevXuWVlbg2v/3i5+PjI4iW2mZdil5K2vrxMRENIoicCHLysv1UfXdd9/VNzQAcPn5+X/9938PL3V0dPSPf/xjW1sbPEraM92+Ywd8w6HhYeziaEtr69GjR8E1nBG04d69e2NjYyOjou7cuQM/FIILZ9HU1HTmzBk0hE4C05988gktG4m9NKoqK3tNdY0BparWAVW9fWeDg9/g8Z1qag9HxwBSV+6Ev0qpKs9bt9+bYDlFx3zc2XVSKvMYGbWWyd0IqhYLVSdvlygnNWyhjCeWTwlckezwjcK5UeXl5VVVXa3LEBoamk8ZxryPry8kEsazDlUjIyOOjo6gAAhy9erViYkJKCyoIXsHB3t7e3AHeZKSkiCIoFzgaoFfjY2NSIRYg6OHLXy31NTUVup7wIjISLhgaOucjU12djYcQIdLl+jnYmjOx8fHzMwMUgiCCwpIJ69OnTp13NgYlWs77+0NbYVuODo5wQEEfYKDg8Es4+PH4eU5Xb4MQhUWFaGJ9o4OuKg4ZYAYIgskhfuJTuJ8yWP1l+exOqWqqmsOdXSaw+OrrTvS2masVHlWVh24F/FlfMLKCdZFkdgFHiKPf1k96XX//naR2JUxZhuf8E1M7Mqikp3kWdXzRxWdIpLKT8TUHE5qOpLYePjxcCSxaXd8w9XM5ic+q9JV+CIHra4tPz8/f39/KDhXV1e4eBqyljKxBaFKb7LCddxWStXDCDVZ4To9g2FS4wsSaTT+FI+06epJbyRSGXypyQ3kG8DFQZX2GbNY3jDEaRnhNj8ekNI0zGVLFHOjavoKNPqzOqdQY7ZlZnT59Xf151jqL1Gje2867e5xOJzUtDQonYKCAqneQ279tXB0PZySoh/RPD77dEpcv/UpPSR33kuGKt3czikR3SRP/ZmfM84IJahaFFQ9lWnnHC2lH9YQ54vYM948i/zDGvJmhYWjaur7qh5+3zdbmPbp9g8sud8AzqjgiBGbjwl0qJqk36zg9ciJe0ZUuasndW9WIPb0qGqiVBX94PkpTVtEpVQODA5p/R5tDQuoRL3QUi/MVC+8ZtXTlFX9QOf1g3fg+feKfoDA5/NpVClVLZQT56nv0C00wCt0Vaqi1WoB/oA+ZfdUM52RajGvtuoFD655vbC4rrGZJxCyOFw2l7ewoC2+0LJLP7CWZIsv8QX/oT9uLofP5wr4LK6Qy68Sip2FkmtCifMzBxehxIkvCmPzRllcAZvL/bHfgc83zAtV9c1tQoWKK5FxpfKFBIlsjMPjLawsCSQsscCTKVhCMZPH58kmedImkdxDJHents8YPEUKZ6EskiflcqVKrlRGLrV+mJ+qam4VyJUcsVRLKypwxAhSajtDXJftUWZpV28fj2IWCST8uINYypcpRifY/cMjfLmGJ2mgOOVGbZ8xeIrk1wSyCK6Ew5UouBIpudr6YYGoEsjkQrlitsCXyaegqndgiKCKhJcjAFUMNndwlMGXT1Ko8iCoWoqo4kllEyJpQsPQtdx2j4JO94KOKcElr6Oif4KvByYU7Okf/PGiarpO/DE2QcLzRBWLQ6FKQ1C1RFHFkcggmvrGeZ/7FwU/6PMr7vIv6Z4SfIq6dgYUPRFVSGSLxGyRhA4v7pyfnpgz9Vwy/55T3rF0/k3Q9bOEYrZQjO2zUIwjkhIIElT9RFElUig7Rti2d7W/jxNI5SK5QqRQaLdUEFNxg5uFEF9zoIoeP3JUTgXppOaF6SO2UPK0RSYEIv1dnAjdbYVGI1Fr5nNn8+XKufMweYLvnWu5UqbRKKmAJqa43k8V0D2RUk1oRVD1E0VV5wj7XHi5bFI9IZQ8/lhdu2WLpQY3i+ZGFeLQC5l5+cHhd8MiIkuraqAjdGqFHlo62aKfrq9odHF9pTOlrE710JGcwuLEtHTd6P2+hmk163jK4PBuBocOMVnoM4d+pMrmpmRm3Qq7Ex4VXdvcqt+rqT2nGh0cn+gfHZuSTT+OOoNCwobGJ9AE4v2Msczc/DsRUag/PiUVZYUK9dytTDlTOg9qi05MzMwrwPmyhKLpeV6omH3ZUSWUfR9o9Gjj0sd3Z0yRuRFULaKqAqoUk5MskXQmGSKbG1V05NKVa2+/935CajrGvNEJkzEODxIA8kqq0dATI7CrTdFoxKpJOoI+4C5BHsmkNidGoJTSNagQh5ACMYJElEURuipa9fCkCkQgUnxv3LSwPodD9CjVZqM0HapFo1KqWgT6ZFEVRA0i77z/fkffAPLQsy6sz9ut3bAhPSvH09fP3unKGJevX1DXc3RGoFBBfEXGJcQkJtP9p7OhLf2mEdZt3IQmcCKgUmVDo/atoSmpGbl5ZyzPrl67rmtwGEXo86Xr4YplDy/XpObhyVJVoQb6xMXUZYmIiUvNypZRu/p56LJilYYMgOeBKu03gFKVl3zSW6HxkU/60OiRqr20uxofscIDAUdlVAbkxFGJ0hM5sYsIQdVSRBXiGMD38/I/XbECUoUat2pEkI6ReeKkmfFJs7KqGmT28PG95uZ+wuxUdEKis7uHwXHjxvbO9t5+O4dLl65ctbV3gD4C41w9vUZZ3OrGJouz1seOG6dm5cBfA/7OX7Q3Nj3pdzNQqFT3jTKQDVWtWbf+qqsbBipQxcdIjo0zPGFiec6ms3+wqOKB49Vr5+wugGU1TS3oWFp2Duo3M7fYvms3YIEuARbB4fe+WfXtOE+A8Y9bFj3HSd2LjkXPT54xr2ttE8gV6K2Lh+ee/Qcgvipq6r75dtX//J//GBEbX9XQZO90+cIlx7Lqmqj4hBNmZidPm9c2t6A/Bw4f6aK+JAWS6lravl2zBpUrKGq7enmfsrDE9UER45MnTU+fqWluESqULp5eFx2dLl5yvBMZdf6C/cnTZ3qGRiDB7C45HjcxxRVg8oU4QUjXqoZGq3M2aNfcyrpneHSIOeHu44t6Am7dxrUi38w+u6oSSl0aW40zs9fHxK1KzVjPl7iIZG419cfuRX6ZmLJ6jGXPFlzNLdicV7A9LPyz+iZDscJ9iHE+OfW72PiVXX3mABlB1VJEFYbfNXcPa1s7jHb6sTEQAAa9+957gFRUfKL2tXmM8Y8++fTm7RDwArslVdUXnS5fdLzc3NmtfedvdS348sVXX2NUYze/tLyitr6w/EFOUcm2nbvqW9t37tnrfd2/rqX1N7/97YO6emi3Tz/7DLIFNMHwplGFdgFBVAgYgQLp2bmoqqG9w/TUaR//AIADu0gsKn+g1TUUR6BNLM+dB4kgZOga0PO8ktJVa74DRoHFL7/+Glj8euXKu9Gx6BVqqG1pBQGBklEWB4BGSmZuXmpW1pq16xraOvwDb336mRbZAHQndYlwceBUfrJixfAEmyOWQJRlFRQuX/FZYnoGfWo3gm5/uuKzvpHR9Zs2RSckJWdm0hcE1xMNtfcNJKVnVDc2/+///evOgSGcbHB4eHZh0d//7H+0dPccPHLU72YQrtX6TZs7+gdx9Qiqno8DKHPJzFofl/jNOPvinfAPm9qMuvrOhoa9PTpuV1C0PSZuBZPj5Ou3rKH5eFun2c3A/xznOIXfe6u86kBn75nQsN+PsS5BagllHgRVSw5V128Gnba0kj5ElYT2kvCXX63RYIjuO3gIw/jQ0WOQA209fX967bW+EUZZTe3Z87ZNHV1r1q3DAAuPijYztwQpnJxd4lPTUCc45Rtwc+v2HQWl5ceMjOvb2qGMMDjDIqIsrW2yC4pQOcY5dM1DVSVT9A6PpmVlm52xCLl7Ly45FUoNEiyvuNTrun95Td1X33wD5w4dhnfWSaNKNWlz4SLkCWqmIQunEuSydbik0mhAvX/9939vaGs3O2M+yuYNT7C++Prrxo5Ov4BA7+s3kCEhLQ09RDeguSD6kAJ8/J//++vWnt4zllZTUAV+oZOoPyMnb/P27dB6DleuYre1uxet1Le1gbAQd4DX199+i37GJCVDeOKkKusbgPvPvvgSJMLFuRsdk56TExR6B+3iNC9cuoSzfu3NN4xMTFCWcOo5oEqriVyzctZX1xlpNDehnkortheV7iws2Y87box1MTRsxRDjQlTMB+Nse4nCPfTO8r6h8zcC3sor2JybvykiasUYy1Gq8iSoWpTH6tbh5TK1mimUsMXSKQH8mvtZFarCaIQWqKxvBKRAB4ApNikZHhPgNcxkvf7mm02dXYbGJyCIWrp6Pv/q6+6hEQiHC45OQNXGLVvGuLx7MbFWNud5MnhbnolpGdcDgzx9/eBw7dyzB64cRAqaAMhQSVRCor3jZXiXOBdnD09IDxAHncGYh7RBWTcv79CISCgvDGOk55eUoTb4aCs+/xJdHWVzN23ZSjuAcF0Bjn/8+c8hXpTUYyz0/IqLq4nZKYAAfcNJNXV0nrE6C9AMjjE3bd0KtQVPNuBWMFqHxxpwOwQFgcKjRsfVFN1QBIoSFNahCohZuWYNImAZg8M7dMwgOPyuf9CtY0ZGKIILgiKN7R3mZ8+ib1COm7ZuH2FxgFpzq7PQWQA9rsDWHTtQzzU3D60PmJsXGBKGSw2+oyFcZHQPFxD1oKDgSd9OkjAfVOXkbazSoso/r3BrRfXe8spDSSnrgaqRcdtbt98eHrsYHfsxY+KCSO52L+LL/hG74JD3WDx7+aQnV3RZIHV9+MMagqrnrqouRlTgkEiukCiV+kGKrUJpBFRJ5voGEOMwKCQMQwWultM15y3bd8A723vokM3FiwbHT+APPoboH/74SkllFTwyZOscGCwoq8DwrmvVenw4GnA7eNfevbhp4JGF3ou4fM0F/lfw3Xt/fu01CKivVn4LcQEk/e4Pf0hKz4QP9cZbbweFhr3y51dPW1jCj8PpgIOv/vnPcKyOGhqBTeFRMccMDVFhVn4hxjya+P3v/4C+wXf79W9+i+7RVwBnASaiDzeDQ8zPWp+ysAATV3231tXLe/uu3Q6XrzI43A8++ggs6B8dQ7bqxibgA5GcwmL4m/B84faCTXDigEg4qtBoUE9wZpGo/1jdw9cPTaxeuxbYhXrqGR6FR+zq6b1r7z4UAazf/+hDoAq41y77OsG+ExkF8vr434AazczNp5puPnPWOjAkNCE1zdXLB4i8Hhh43MS0saPrqqv7zeBggxMnIMforwtIWDCqxApPOIApqV+XVhzWaALSMr4tLt3GYDmEhL2embU1/N77JeW7x9lOt27/dpRpK5a7+V1/FTKqsETrGBaVHsov3MoRXKEerhNV9XyngCoUPWPcFV75aS0j0TX9sbUDj4W6gaia/m3zmAKKgD/72YXFeSWl3ZRmwWgsLCsvKCuH64Sj9a1tIxNsIAMsYPIEUFsQFNhFKYzt7qFhSBJaHA2MMftGGckZ94EzyLHB8QlomVEWB7cUfJyBsXEmX1haVQ25BBEEjxLp9Hf/tc0t6Tm5pVU1aBpuEepHu0PjE4gAppA5oF5FbT1qAyx0/Z/gC0EB4K+wrAJNQxW2dPfmFpdCy6B7dKNwD+Gl4hTQDQAFPinOAvDq6B+kv21Et/MeFuEK5Cp0bJyaWoVWRtkcnCOuA+p/UNeAdL5cievf2tOnLVL+gMHm0q3gOqB+4BvNof+4ICgLRxidqWpoQmdQBIK0nzGGc0EN0IboKjCKzmcXFmGXDIDnNVlhZPzCOBt+nNcI8yKDZS9WuI9O2De2nOrosRRIXfgS14GR8zyxs0juDu9PIHHlS5zbu8wbmk/2DZ0jqmqxflgDFy+ypv9UapNNRsvZx4N1Rot5WnNy09B8UEXPOZBqHk5TxACWaR77yp8v085O0E1HgEqid7mUo4RdZBOpJnEIu7qZDbqcdCXYpb+el1FzF+jZDDQUdNMgUFxXIV2cfmRO90es0ug6Twsr+ot/GVVQm1Nv5gF26Q7TjdJzEXCm2p5QEw641AQ0FJFNK6IbCdiFv6afYZYiMt31oftP70oezUsQKSeRjjPSXWH6ctH1CB9dChKew2QFtRf1vEk7a0E7HUHmjq1Co52OIKImK8jU3vQ3ffJJb7HcHXH6KHbJZIVF/LkyPR9yljcrzPBLlBlRxXk0GVI35XLKLvdhRKL/85Rpu9IZw2M/ahHLph/SHWXP1I3p/ZlSigqSWXuum5Q/Z8f0a9BrQsrRm9s5rchMrUy7Drp5rbNd4fn83IeEp5kC6o6gm9g5fYbnjBEyBXTRUaWl1exh+m9TegcG9R+0k0DCj/olMI9QNUleArO0UKV9tR7lLNB+zWzh4YvHpgatI9bdN8CDRzZn8blr5i3hwF2SLXJ/hOe19D8sLvVFMIPNHRgZFSjgejdqVZXi0av1FI+CXG+rmCU+JUXuKVY4C+XaV+vxpKoFnBT3BV6ZF39vzPeFxVyhcILLY/HowKcCb9qWP+0QFeHyRhgMvZQpNeinT0mZHufPFJ8tA29ax/gztT4lM2/aLm+WzvNmKTtbbbw5T5k/7dBsveVNy8Ob6YLw5sw54/Wf7XTm+Jjmc4l4s39YT7yR5v4E5zhx/tP3do7b8lERLo/N54+zWIzxcTZfzOFXCbQvGn4OLywWSFyFkst80R02D4NFOFNvZ7tKc5zpHOOFN0vKbJd9jovMn7Na/pw38xyn81hkHstAyOXalMlJhVyuxOEFBbVarVhoWRJIWFIBplIp1Srtfa1QNCuUngqlx6PtswQvhdJFoYxSKHhKhZpc5ylhfotrtXU848I4w6MMsjoQsZfGRCLxBJtNLa7V/mhZLZ9nDOrvF9eSkCv8gy1Z2jcwSNYKJfYSLVkqYIxpF9dSqVvJkqVLGlVcqWKILRrhioc5MwSZ+rGrPH0heGLEfvxLljI1i7W6MlkI/jmhSixTWqY07Ypv3JfQuDe+QT/si2/cElsfUtxJUEXsJbZFXgieoOqZUUUnjXNEhrdK2BJF/4QQ2mpKGGAJd/jkEVQRI6giqPqBUTXGFl6Lrpyj0jPBJfNB1eTkpL5Tqb87+bhNSZye4XvFJxbLZLIpmR/rjFo94yOz6YlSqZRe9fuJDy9m65h+zVMS0Q1sORzOOHXHz9bD6WUnZ7Lp7QqEQrrzc1xDYs8XVbol3Wn0UAu76+9+v+C7fgpB1eKiyiHiASJKlXr6qMFAMwkqnhtVfD5/9erVhoaGJiYmW7ZsKSkungMZ8zdAyuj48dzc3OmDH1tfX9/lK1acPn16z969zs7OLBYLiWlpaedsbJRKJZ3Txsamo6NDKBReuXJl9+7dGzZuLCws1NXg5eVVVlZG52xqakIGsGYO3rHY7AcPHsyBRdTm4eHx6Morbt26tWrVqjNnzuzbv9/Ozg5X6Yk8nTF9aHj4yNGjo6OjcxOW3P3PEVWTGl+Nxk+juY4tjR4qxR8p9C51VJsB6fQ3hlRmf/WkD0HVIqLqUqR2BKrUM8sT0yehCpjYtGmTQCBA5tra2vc/+AB8gb5AilbOyGQMBgNxbHt7e/v6+miBMDY21t7ejkSUYrPZiHR3d3O5XKQjAhEEoJSWlqIIMmOg6jLToLl44UJgUBCtZVxdXQEsmVSKdpctW3b9+nW6YwcPHuzq6mpoaFizZg12mUxmZ2enDlUXL16srHwoJ1H57195BVWh/v7+fpQC4GhZhzh4h/5nZGTs2rULUEP6xMRES0vL4OAgfRXRPfTtzp07np6edOU4R4AyOTmZzuzm7n7o0CHAF/lxgugGrb9Q7cjICK4JriFSkE63KxKLe3p6Oru6JBIJKszIzATp0D20gkRcLtQDGuLitLW10RAktHpOqPJRqjxFImcW+9LwyAUW6xLoo570FomdB4fsxpkOwJBC6cnlXcahoWE7kdgFR1FklHFhcOi8VOb2iFYEVUsSVZAkPB6P3o2Pj1+1erXdhQtBFEowwrdu25aYqH1z8eXLl3/+y1/m5eUBAUePHnV0dPy///IvGLpubm5vv/22tbX1q3/5C8QO4hBKGNhQE0XFxSDFW2+/jbJIhGKiWYCyt27fplvEgP/q66+BGKDq2LFjx42NaUZA6GHwYzyj6aSkJJ0woWtwcXEJDAxsbm5GnpiYmG+++QanEBcXt2XrVkMjI5wRMBEREQFBdOPGjdTUVHTs7//hH1zd3FChgaHh3bt3zU6damlt7evv/z+/+c2lS5e++OILKCkaxNhetLdPSUnRtfh3//2/Q5SBwp98+imk3z/+4heIFxQUoG8QfZu3bDE6bnTkyBFjY2OUjY2NNbewwC6uIeC1Zu1aQGrjpk04O1NT0zfeeANMh4SEjAWmiykZS58UsWdBlUrdBtAole7FxdtDQl/JzNx4I+DfWWx7oehaQuJnScmrQ8Nea24xEgidbwb+7P79dXfufpSS+pVc4VFTeyg1bU1O7rbyil0yuTtFKx+CqiWKKp2Dk52dffLkSYzntevWYZg5OTo9qKwEsCwtLWlyHT5yRCQSYbABWBiN1dXV/v7+YWFhYJP2lZiNjRAar73+OgBkbmmZkpoKQtFuIE3DKahCD8EvVA6ZAzQEBAQMDWnfpD48PGx97hxEEEZ+RUXF8ePHkVhcUqKrAQroq6++unARSLHfs2fPgQMHoL/AKYggVPjehx9i1+nyZWg0pCB/eXk52KdSq2/fvv3RRx+h23DuUBhkBGuQITMzEyCjr6sWVRcv0qhCCqj33dq14J27hweyIdH/xg10AD6jp5cXdnEBkVkgFKKTXd3duD64GhB9+/bu7ejshCMMVAHuQBsyw92GELM5f97BwQEXX+fwEntmVLVSlPHIzdtcXn5Iowm8n7WhpnZfY9Px5JS1Gk3A4JDV7eA3ONzLYXdenWBdVChdg4LeGGde8vX9dcWDPR2dpq5uy5gTjnAGlSqCqkV7VqWa6c/yPFG1d+9e2t2DQYPgrz1G2okTJy7Y2VlYWOBQenq6bjybnjwJXyY0NBQMWr1mTVVVlYenJxAGrm3buQOAAJL27tuHra2dXXBw8KlTpwYGBqY8q3JycgoOCaFTgDaMcDhQcJSuXruGFKghDP7169e3trbqTgQO2voNG3RXA/0BVeFpYhcY2rlr1/379/fv30/n9/Xzy8/LA0+B3Vdfew3KDv08fPiwXC6/fOUKBCCokZWVBWQYGRnRSCoqKoLG0aEKBITwoWsDeiCmUD9gBzGFFNDT28cnJycnOiYGu9BKJaUluCzfrlqFOnERztvaWlhaQmQ1t7QYnziBczQzM4N/jcz2Dg7oD+oEDX/9L/9SU1NDVNVzRZVnXv7GhkYTjSaoqHhbZdXuktIdpWWHsSsQXg4P/3Js3D4u/hMO95JK7RUR+dXwiF1o6PLuHrP2DpPOrtNSGa2qiAO4CKi6HDXXN4Bmt56MKnhPTCYT2gEk+of/8T/gVSEd4woEoQVRdHS0jY0NIhjVkCGgBu0zYviVlpbCF4PbKBSJ3nz3XZRiczhffPklZNrRY8dAH6gYUEkml0M3AQH0mDx//jyGOnZBMdOTpnDTEEclEBp0ryC70HpbW1thYSHtD/r4+FhQyo4+dVtb2+JH3wAADf/5u9+BEUAV+gMJg7J1dXW0+gNSAVac1IoVK3CyOIUTJriPNf0DAzgFHIU0Q69wFh4eHnT3oHSAs6ioKG22/v5jBgboMOLe3t7AGS6U+ZkzISEh8IVvBwcjHWjOzcsDqt546y2IKUi89vZ2RCCgcNZ79u6FSEQiAKf9RMzMgGCQHX8PEhISrl69Sp5VPV9VlZ2ztrrGEGzKyd1QVbO3q9siNPRdidS5sckwIuIDqKq79/7C5jgAasEhH06wHCMi3+8fMFepvZkTdo8cQIKqRUCVeUgpIkKpQixX6geJXCmSKY8GFM6NKowZ+us/s1OnEMEIp9Mxuv7r3/7t4KD2VzgQFLdu3UIEdICGwkgzNzd3c3fH8MNQDA8Pz8/PxwCGU4MhCkhduHAB1cKfgmQAOExMTQ8eOuTu7k6LINQDduzatQsuGHB2MzCQfhqdlZ0ddueO7gEW+NXT04O29u3bBwcQymWcydQJEBAQThydGUQ7ffo0HNLKqir4WagZ9QME0HQQTaBMT28PIAWPElKRzWbDd0OXwBeAdXR0FIlWVla4AqAY/axKoVCAU2gXPUQNoCQqR/rg0BCQjbM+e/YsThNXIz0jg35wVlVdLeDzAVOgDaoQ/YGoBNq6urpcXF2hGd3c3OiH+n5+fgB0XFzcSTMzXEZwlqiq56uqKh7sbW07BQfwQeX+xiYDhdKjuGRn2J0VkVErGGPnRSKXjMw1XJ6TetIrOXm9UOQyNGwdFY2jX+cVbJHIXNWTvuRZ1fNE1UPQSOQH7laaprUYJzcbpzwWTqQ0H0lsvJDSMDeqZnQbsU1KSoK0mZ6us/lMdJqt7NPaHMXnrvk5ImCesxNoe6onUERSPRdU6SYr4M/BpMZXqXoYoWcnTGp8NBpf3S79TR89m2GSSldPYteXTFZYLFTBRgXS8h5mdT+rqm9qqOydGBPKnoiq6ZMYMcLhrdCSip4GOePkRhoE+kf1x96U9OlTTGecEjllAE+v/ImZZ2t3trOY3pPZeqiZaQrobGc6PXH6LpkCuhiooiZ86iZ2es80I3SGCD1NlKBqEVH1VAbsPNUPa4hjQmzJGj0IFvmHNeTNCgtHVcdUhUJpJfWkZqYwFWmT8/4N4Gy/eiFGbEmZQIeqyTbqGdPzQhX9vioxucLPpKp0TtnTmkqlolE1qab4thBbYNMvytQvvGb105RV/0Dn9YN34Pn3ipb8fL7g4WN1VQvlxHnq/cRvwcFHqYKqipmcFGLwPWX31DOdkXoxr7b6BQ+u+bxbXVHX2MwTCFhcLpvLW1jg8gXsZyhOAglLKXA5PB6Hj4iQy68Sip2fy7vVhdp3tDsJRGEc3iibS8bL1DDfFWsEChVHIuM+Wpbm6YJEpl06WBuhwkJqkC+w6RcTJC+8ZsnTlJX8QOf1g3dgMXol0a6eol09my/gSdUPV6zRLq7l8TwW13IWyiK5Ui5XquRKZU99UpJnu3qSJTkkHzW0wHUAZ1so9FGYug5gV2//9CVLSSDhR7oO4OgEu394RH91ZbIO4BJdslQoV4gVswaBTD5tydIhgioSXp7VldlcvSVLPQiqliKqeFIZSyTNaB31K+4KLOsJKO2eEvxLumuH2Xw9MM22EDwJJLw0C8ETVC0tVHEoPdXP5H1+o9inuNs5r90lv0M/uOZ3XMlt3x9UzJc9GVVskQSBQ21f5AeD/tBNP+yAWPosVT1LcRIIqgiqFgtVIoWyY4RtE16u1uBzkgllcgTB49ujAYUQX3OhihreMo1GF/DxvzBOoS20qNBolDg7jQanRrFyIVUJFSqJWkNuI4IqgqqliKrOEfa58HL5pJoFSYIRqxfoAWxws2huVNHx0qrq2KSUqPjEwvIHDA6PFjssoVgXoSUPm0rRqTAaK3QeXUS/iH7OKek0p4Yn2AVlFan3sxPT0rMKCvtGx8RqDZ0ZOVn6zaEgVXZKunZXIBKpJvOKS+/nFTyUadPyLIyAJPwYUSWUuQmkDwONHirF9ftdKZ3HFdtHR7/fJahaLFUFVCkmJ1ki6UxaQzY3qhDhS+Ve1/1/9rO/vX0nPORuxJcrV9Y2tUgnNVJK5gABiEP1iFWTaJfWXKgEu4jjEGqg05GICFJESjUtlFAWTUDpyKiqkJNOp7UP2IFIfWv7smXLPHz84lNSzczN123Y0NzZjRogkRRUKUR4ErlkUhuXU92gI+iGrkK6k7HJKfdi4+jWdXnQkJTKQ3eV3GQvO6q03wBKVd4KjY9S44stjR6Z2lul8UWKWOGBIJ/0wSGkSNVeOCpReiqpo1KVF0HVUkQVDZfc4pI33nqre2iEZsoQkzXG4RVVPLh+M/Cc3QVIlaDQMCMTk5T7We19A84engOMceAjq6DI2d0jPCp6hMVp6+3zuREAiLR29waH380rKXXx8DxjaZVTVAI5E52Q6Obtg4Ko2cvvupXN+fiUtAmBCB1AEYDpzbff6R4cxtkhs29AoLnVWeAmM6/A4qz1hUuO1Y3NTL7wbnSM0zXna27umXn5l65csz5v19E/OM7je1+/ccrCEkdxRonpGWnZueU1dZ6+fshsY3exZ3gU6Tdu3bawPhd2L3KUzaU5S261l1hVCaUurZ0n84u2Jyavz87bDq0EeDW2GsfGr87I2jTBdeQIr5WU7S4q3RsVs6ql3VSscGdMXEjP3JSY/F3voJVE4UFQtRRRBeiAONa2dtAgkDmgCcYzkOEfeOsf//GfElLT7+cXJKZnFlVUvvLqn/JLyoxNT2blF+L+2L1vv4//jfc//ripszsiNg7KCJwCXy5fc0nPyQXIUrNydu3d19jeue/gocNHDcAvmwsXTU+bQ0at37Spqr4RTUMNNXV2/fo3v6lraaWfNKG2bTt3xSWnrPj8i+IHVf5Bt48YGtY0taxdvyE4HKLv7i9++cukjEwnZ5crLm5NHV0RMXFl1TVoHdUG3A657OxyJyLqz6+/XlnfYGl9ztXTK6eoeNOWLS1d3Q/q6se5fCKsXn4HUOaSmbU+OvbzIYZNSOg7LR0negbPhYS92Td0Nit3Y2LSV0yOk7fPsur6Y/XNx4OCfsfkXo6K+bDswb62rlP3Il4fZztCWwllHgRVSw5VvgE3z1idpZ0yOIDaNWMCbwFVvjduqjWacZ4ARIhJTPrnX/yypLIa5Nqxew9IBGZBEzlcvoL4NXcP1ADpdNXNI/V+lkg5WVZTB3dyy7btBWXlRwyMaptb4X+98977BseNr7l5IB2Ci1ZVqFwfVTVNzSfNzVHh+YsXcZqjLM4HH30UGZdw4qRZW08ftNiadetEKnVmbv6+Q4dwtHtgKC4l9Vf/61elldVhEZHu3j5hEVGXrmrfeow+Hztu3NDeuWnLVstzNoAmzppIqpccVVpN5JqVs76q1kijuZmbv7m0Yntx2a78on0azQ2op5DQT4cYFyOjPxhn20uU7qFhn/YNnff3fz0nf2NeweaQsHcZE5cIqhbrsbp1eLlUrWYKJWyxdEoAv+Z+VoWqqhqafvuv/9LQ3iGlGgG54GEFBof63QzEbmhE5Clzy7jk1E9XrMguLB7j8jds3vzehx/GJqUge0ZOHthhevoMiPPO++8fNzFtaOtADZA80QlJu/ftgyMJytS1tIFE733wIQQRWoSzqf1xz/cO4NtIQVtwPE9bWt0KCwd9vlu3XqhQA0bvvv9BbHKKmblFc1c3ULVr3z6BQpmWlWNlY3MvNg6eKY5+9Mny8ppaeKNe1/3Do2KgrShUJRubmeF8oRNR52uvv45OokVCq5ceVTl5G6vqgCr/vMKtFVV7Siv2p6ZvplBld+v2u8NjF2PiPgG24Bjei/iqf9g2OOT9Ca69ROHGEThRDqMHcQAXRVXZR2rf2C2SK6RK5ZQgUSiPBxbxJHN9AwiIBIaE/tt//OetsDv3YmLfePttOHTQPvZOl1GtnYPD+Yv2qVnZUFsxSdQ7zm8EIM7g8rWg6epGHAIK1SJiYX1O6xvu3XcnMioqPvE//vM/sguKvvj6m4raejiYkGzfrl6Tlp2Lmtv7+nEWqIF+rO7i6RWdkHjUyGjT1q3dQ8NdA0Ovv/mmu4/v2fO2CHAtf/6LXzV2dDL5wr/5r3+FDkMxgYPn7Owg7jJy81BDQVkFlCB6i63pqdPoZ/Cdu99t2PCgruFuTExI+L0du3d3DQ4JlWqCqpcYVWKFJxzAlNSvSisOazQBaRnfFpVuGxm3vx3yakHx3siYTwuKto2xHYNu/WZ03FYsd/Pz+xOD5ZhbsCkpZWVlzXHoL47gikTpSdGKoOp5okrRzeB85ZWf3zWe2jiU3jw8JSBxq3/hE2erYxdDOjEtHXKmpLKKweZCgMBjgkfW2T+YkJqekplVVl3T0Teg0migXFw9vekv4FhCcWV94+A4E/Hqxuamzi6ZRoMt9E5adg70Wt8Io7K+YXB8AnxB5rziUlAmMy9/hMXRfvkoUyCCFuHQpdzPyisp7WeMi5RqpLd091CPyXN6RxjUXIoaiCO2SAL1hIKADirvGRrJyM1NvZ9dWFYxwBhv7emFNgTXIOLQ8/befuRBTlSCRpFOHlT9RCYrDAzbjDDtZWrvgZHzw2N2YoX74KgtSNTYasYXO/PFLl19llzRNZHcvaPHii9x4YquNjSbVlYbdvZYQFWJFURVPf8f1sgnhJLbFd3HEhvNUppMpwXDpMbo2v4nogqJ8P70p4BC7yAADQCHhDqEwY+UwTHmzt172nr7gB66LNLRHzoiooqIqakDcqoInDU6A5qg5xbI9KYR0LcanVnxaAooh5pUJVI+nJQgoBpCnoczDyY1tBJEtfRWStWJgugqmtZuqZlZ2p6rH86ckFKzHMgd9hOZrABIUc+bHkZEMu1kBXrugm6yAsUjd7nGGyBDnJrc4CPXTm4g3wAu0s+VpdrZnuMCCVM4c+BMm9U9xw9rdHM1dT9SoSO62Z5QRgwOl6tXXPdrGF2EI5boiugmhU6ZIKo/V37GH9bo10BXrmtOvypd9/RfJjF9PirVJTIF9Cc0BVQ3t1M/opvhOTUim5qBoGpR3qzAwwemnclJb/Uj2sCbhqreZ/i5Mk8qe2E/uyGBhCcE6gcPj1A1SV4Cs7RQVd/cJlSq6ZeK6cIcb8PiPRa0lOnuG+ABN1MPzTcsuCAJJDzfgFtRoFAx2NyBEYZAoXn4aj2FO6WtPLTfBtJBrrdVzBKfmuIpVjgL5ZE8KZcnVZFLPSXMT1U1tnCFogkuj8XjLyRweUMjowssSwIJSyyw+YKxCdbI2BhbIOEIqgXaFw3Trxt+phcWCySuQsllvugOm8dg8YTkOk8J81gGQi5vbGlTq1UyGaILNLVaLSdG7CUxmVKpUKmUcplKLm+SKzzkCndq+4zBU65wlisi5XKuXK5EK+RC69v8Vqxp63jGhXEYY+NkdSBiL42JJRI2h0OtMteunvRRT3pT22cMftTiWnEajYRc4R9qyVJ1b/+ghiw+TuxlWLJ0kl5cizE2pl1cS91Klixd0qgSyVVMgZQllE5MDwKp8vGLTC0EP0yuNbGXa8lSpmaxVlcmC8E/J1RJ5MqLma274xsPJjTufzwcSGjcHtsQ9aB3GqqGFtY/IsSILUFb5IXgCaqeGVV0EpMrOhhYPMKTtI/yOsf4XWN8/W0Hg7fVJ++JqJrOoEWl0pQFW8kHT4yg6uVH1RhbeC2mco5KzwSXzFNVzQgsHU3kcvkEi6Wilt6ekn9SL/P0gvNH0pSc0yuZni6Ty+coS26pnyyqqBXhH6OPfgod0c8wLT9B1SKgyiHiASJKUIRaUl4/qNSTJkHFc6OKz+cfPny4sbERcZVKhS3ip06dGh0d1c82ODh4zMCAy+U+BqmZcDAbI7Qr3lOkq6io2LVrl+nJkyYmJmiotbWVus/UC7hkFpaW2dnZ5NYhqNJHlVrjq9H40YFGz+SjlCm76kkfOmXKLkHVoqDqUqQWVaDSjHQwnQeqli1bZmtnp9ayTkuTdevX/+UvfxkYGFAoFENDQ+PUfdDX17d2/fre3l6ZTIZsUqlUKBQiXSwW83g8uUIxNjY2MjIip2QOUlAti8VSKpUTExOoSkBlplEIuPzljTdEIpFEIklJTUXrnZ2ddKnh4WE2m436kRNYRJ3YoglwE+n0GaFaZEPriOfl5aFR9JPD4SAz2qJPCnGwVSAQkLvqJ4YqH5XKSyJ15QuuMiccsaWnL0hlbtjl8q4grlB6CUXOPL42A9KRArqx2E7jTAe5wuMRrQiqlh6qMMg3b9libmGRkZGB3dTU1E+XLz906BCoFBYWduzYseXLl5eUlAA35pYWrm5u1tbW4NHNmzePHz+O/Hfu3PH1872flXXc2Hj79u0+fn5oFMX/9Nprfn5+mZmZSL9x48Z5W1uAie41+LJ6zRr5I98NNVy/fh1M3LFzp6Wl5e9+97u6urqenp6PP/74wMGDBw8dhHSC7nvllVcYDAbAtHXr1tOnT+/aswckMjE1rampgUwD75ycnLCtqq5G8UOHD7u5uaWkpCxMrBH7MaJKpW4DaJRK99KyXWFhf0pOXnMz8PdcnqNI7JKa9k1M7JchoX/u6DQFp4KDf5uR+d3t4Lcz769WKD2bmg2SklemZ2yortn/iFY+BFVLDlUQTQ6XLsELW7t2LQABypSXl4NQ3d3dzIkJmVx+OzgYBIGQ2XfgQFlZGfDB5fH27du3bdu29vZ2FxeX5uZm8A46q76+XvvWPQbDxsYmPT0dggjZQJCmpqaf/dM/paal0S0CVSu//ZZWZ9gFzi7a21taWXl5Q4drwBcDA4PS0tK9e/eCbvfv3z9y5AjSr127BnQiBdIJzX22YgWEHphVXVODDgOgyBMSEgLmRkdHm5ubQ4UpFQpyV/2UUNVKUcYjN29zSekBjSYgPWNdbd2B5haT+IRVGs313r4zwcFvQFuFhP5hnGknlV0LDHwN2srv+q8rq/Z195xyc1+GXeRUqgiqFuNZ1UNUqReGKiaTiYGNCBQTQBMUFASHa9/+/UBVbU2NvYPDUYNjjo6OkDNffvMNfDRnZ2ew4JyNTVJy8okTJ6ysrMAOeHAeHh4WFhbLV6wA1HCULxAAFp8sXw79lZycDMnW39enQ9Wq1auBNnrX29s7ISHh/PnzcXFx2O1ob3/vgw/AL0NDQ+y2tLSgRUTc3d1BIvh90GjuHh5ffPllR0cHVFVtbW1BQUFEZCTyJCUlXbhwAThDh994662c7Gyiqn56qPLMy9/Y0Gii0QQVFW97ULW7pHRHWTn+2gUJhJfv3v1ybNw+Lv5jLu8S/L6IiC+HR+xCQ5e3tRs3Nh1raj4hkbpNaoiqWhxUOUVVamZ/mH3y1pNRBTcLEeDmT3/+89jYGCByzMAAIuitt99ubGyMiIiAqgKq/kw9YEpMTATR0tLSBoeGEIH7BkpCkRUXF1dVVSEFOcEsxtgYXDw4iYAOKu/t66N/foh4Tk7OBx99BFWlVCqhoegit27dgteGDADWSTMzyLfNmzcjM5Qa6IMI5Buo5+vra2trC1W1afPmtrY2QyOj6uqa/Pz8wKAg5ImNizt16hQaAq2SU1I+/OgjHRCJ/XRUVU7uuhrtMhBBYFZ17d6OjjN37nyoVHm0d5iEh7/D5ly+F/Emm+MAqIWGfQIZdffeuyOjUOV+HK69XOFOVUKeVS0CqqzDyhCRKlQKlXpKkCvVBgGFc6MK2sfBwYF+5q2gPCaoKmicyqoqaBM4VrZ2dp6enkAY/Q3g4ODg7t27UQoKa+XKlXDuaI5Amjk6OcFzHB0ddXV1HWUwtBKpowMO4wmT/9feeUdXceT5nrM7e86+P97Zt3l2vbve3fHMjsdeZ+PBYGMbDMbGZEQGkREi5ygQQUI5CyEJUEASQhEJ5Zxzzjln3Zzz+94u6fqiDJKMjKtOnaa6urK6Pnx/3XW7jh4/fryHiYEDhlasWAFFBpAhfVlZGXlkdur06b17927cuLGhoaGtrQ1mIFFVwBMCHh4egYGBubm527dvR8zq1athAMJyBExzsrOfBAVpbcm4ODNz8/T0dCMjo8PGxkAYvat+haoqI3NzReUx3DJZ2VtLSveBPknJ67y8F/k++nNH5wWB0PJpxDcc7i2V2iEo6DuB0Kql9ayf/4LHgd8mJq0RS6xVameqqmYSVSSGL5IaeOVciqs9G111Nrqa8SRQdS6m+vizyguhxROjagKHWqB9pphY99R8tJu6tIHOmjQNeKp7JD9BmqkURd3rhKqfFiswPzlGWBdQa5wVSnsSIPHDqxZ0Vx0YPUXXVc0aquBa2aLEmp70+r60ut4RPqWut4MrfmlUUUfdLxFVdLX6HEXVCzmViqKKOooq+mWFV4EqBEevU9f5EUxTU1VF3WuIqtn6soKGqqpXoarUzJ9T1drWMVTCy0mzOf7butlr3nglT6VGXZqXbt40+/XKGzALrRr6XhWfr3usPtOoClKrX1xVkb6M0gizONo/25QcrmiK31av5AkELA6HzeGyuc97jt5xvEjO+Cn1s3BGZdG/xB3nEnecJk16dcwGjD4d0SrOhBVxxsqu37vxEozXmPH6whnVGO741XFecCQnqHTSeM74veCMlWbi22OCPnKncMuN2S/OOC2Z9I84skmYDgIur4D5MrrFND+sTr7OLhSb8YU+bG43m8PXlj/1e3jM6TPBrc4d5/6cYNinMss4k6GAO+XujApPcXOtGr5cOZ3dzAd4Aro7EPWviZfIWELxIF/AkaiGdqyZyc21HjObaynoOM/MPoDaXTnH92zRyH0AG5tb6Zbo1L8WXrsPYPcAq62zi6+3uzLdB3COokook4sVCrF8LK9Q8Eft+d7c1kFRRf3rs7syi6O3ZakdRdVcRBVXLIVuSmno885t9itoefS8R4xPfktlL1cfTONtBE899a/NRvAUVXMLVWyxVCCTtw3wlrpnmiXXXYurvh7/nDeNr74cW3XAO5snnQRVsPaJn84jsDG91jidicK1/RXR24V6iqpfJqqEckVdF+uib7ZCo4a84kqkIzwK3Xs3lQTGQxXCErVGptFINRqhdov5CR5hTqkb+oXz5UoUK2O8WKXRRopehlPoskippmKQeoqqXyqq6rtYlx/lyIEq4RijiTQH3dMnQBUCA3xhbnFpcmZWWk5ebXMrSTMoEMETLYMANBGSxaWkldfVA2cIE7mkS6Z9scgX4r4pq6mLTkhCmOxt39Ldm5adm5SRlZKZXV5bTyK1eZmMKEG/OpZQRMrUjydFtfb0RcbG97A4iCeJ4Uc0ld5AFFUEVQKpDV9iTTxBjy6GnPIlNoy3Rrz+VXJKUTVbquoSUKVWD46JKtEkqMJfurmrZ968ec733I+eOPXOu+9VNTRBB8kZj4qQAJpLyYS3bt/5LD5BodEgBnIJMkfBJCP0wSlaGJ+a/s2yZd0sDjJCRgUEh/7VX/7G93HgHRubP3++MDw6hq1VfzJUoS1Ho8Ep2EdqlDLKSzGsv4RM+USOVTc2m9y42d7XT9SfgjlyxDI0Q86cChQqSiuKKvIGUKpylGuclRoXhcaZoAcxKuZUJLeDl2uckAAxiMdVxCiY9BKlA0XVHEZVZ/feAweREnP+ynVTN88HGXn5lrZ28PWt7e19A4GhYa4enr4Bgaa3zRJS05HL/aFXTXMLVNhtC0tH17udAyyBXBkU/tTWydn42PHjp890DbJ5UhkQExgW7unto2boll9aDiZCwfVx+Z7evqa3zYPCI5CxoKzioa+fg4urf1BwQlo6kBSdmMQWinOKStCGO9Y2FXUNA3yRyz2Pjv7BmKRkb/8AcysbLz//fp4AYLVxdLphfqe0ulZIaUVRJbMTSK3qm09n5e6KjjVIz9oJoSSS29Y0nIiIWpectpXFN+MILPKL9ubk7wmPXFvfdEost+1j3UhM3hwVu66t67JYYUdRNXdV1aq1a2H6FVdWf/7ll0npmaBAanbubUtrOycX8OUv/+o3l65egwV38apJZFzCvQcPzSwtC8sr5y9YkJaTa23vcOuOZUpW9tvv/CkxPcPexXXL9h2w1FCFFlWh4TYOThwRLE05qt62a1dIxLMnYU8PHz2GikAuZIlLTtUG0jL+3z/83SWTa2FR0Tita2l7EhYOjeZ41+3azdtQVd8sXQqq7jDcjbxozKefzs8qLD568tRdj/uZ+YWlNXUUVRRVBFWx8av9Axc2tp69/+D92objrZ1XvHw+qG04FRXzw7PoFf0cM0fHebmFe/IK9z54+McBrnlI+OKMnO2VtceCQj7r59yWKO2FUjuKqjmHqrbevv/4z//ctWfvytVr3O4/YAnF0ERFldUWNnZnL15MzsjaYLAZ+mVQILppbgGIHDt5CuGAkNB333sfYDp26tQBo8NQUtBcaCFUz3bD3ToDEKiydXQiFQ3whQeNjXF67NTp8tp6GJUPH/mjRkDqxOkzSHD52nVoOhBn45YtQCGaimY43b13yNg4t7hk9/79oOrJs+cCgrXfNb5jY+v3JMjMynr5iu+fxSUMMo+02PSW+pWjSg7EWMcnrs4vPqTRuCemrM/K3ZyZsz0pdbtG49bdb/LQa2Fn7/WAwM/6WKZiha2X98LWjisuru8mJq9NTd/o7vmn7v4bUpWDgKJqNh6rX3yUI1Wp+gXi0UvVwa+pqCpwCkYcioWHdXboyNH7Po9geV020YopXAWbEH/jtvmZ8xdWr11X2dD0NDoW1Ojl8Fq6e7sGWBeuXIX1hxbCdjPct6+HzR1CVVi4h5e3inm0VFJVM+83fwGs7D1wACTSaFHl5+ruAWF1/tJlVHHrjoWHlw/ahgbA+gOGnO+5a2l48lReSemBw8Zo6rlLlx+HhCKvtYOjX1AQX6bMyi9cs359YEgoqqOqiqIKqAJ3CkuMNJq7KWkbcwu2Z+bsiI4z0Gju9Q1ef/Dws46ea0Ehi3oGrgllNv4BS1s6r3p5LehnXeeLLQa5t5hH73bUAJwVVUW2gRDK5BKFYoQXyxXGHulc8bioQlGNHV2/e+v37b395IVgQ1vHG2/8W15J2R1r2527d8cmpfzX796CqoImWvHDjzD0YPT9wz//I9TWeoNNgSFhAAcsuNik5Lff/d/4lLRDxke++XYZ86xKiyq/oOAvF3+FBKDSP//Lv/g+fiJSaTy9fdYZGDwJfwqNllVQCOoZbNkCVBkfO25l74A2LF6y9Flc/Oat29Kyc13cPVf88ENmfsGChYsaOzqR0uOhN/p7/vIVKLLgp5HZBUW3LSx9/B9TVFFUieSw3awiny3Nyt0LNkXFfJeRbQA2eT54O7dgf2j40oSktb2sW54P/r2776pIZuPi+k7PwM24hB9j4laVV53MLdjFFpiLFfYMrSiqZhRVDd3s7x1T8toGk2q6U+p69H1qXU9SbfdG1zTe+KvVEYAySs7M6h/+DTP+9glpGe4PvcOiovNLy+pa2kAlsoYzPTe/prkFBlpiemZ5XT1Ukrd/gO/jwOLKKlheMP18AgKAtuzCIpSGklFUbXPrk7DwxyFhsAQz8wtRCBrf0T+IZF6P/FKycpCmqqEJJELDcoqKiyurkRFSrr1vAAxyu/8wNDIK8c2d3alZORBrGXkFMB6h0aCzEEhKz3zg4xsU/hTpR/zeiPpf62IF68bW8+3dJjK1U1Pb+dauSyK5bVP7hfSsPQXFRhzhHa7IsqruBJAkktlW1JziiqxYfLP8ooPpWYaVtSf4YiuRnKqqmf5hDRjUzxc7p9ftCCk9GF6+P6xsf3jZ0JHxO0NKffOaeRP+sIYsHdCPkai1L+zkzCoBgVwp0Wh08TgFbshiUegj/bWd+ks9daUJhhcTkCUOpAG4vWTM6gTdYgVyCRlFSrW2ImZtBE51zYChJ2EaiRihUo02IBIBXaWUUxRVPy1WUDtKlA4CqTagXY4gtZWpHZUaZ/3FCgyPbEkAWoxZrOAsZxLQN4Cz8nNlrkQ6KJJ2cYTdXGHXWH5w1JcVxvxhzYhT3Q9iSEA/fkQCbZhJoDvVL023gpQ1vLBzxK9tdKe6EvTLH92McdtAOUVRpbcEVLe2U2+Rp9YLyanERrcWdCiZ5KdcFFWz9WUFrljKl8rG89xRP1Jppj9Xpv718IxCH0aVmn4EZm6hqrSyRsD8Uo/8SEULnck89yePQZc2trRzpfLn46mn/pfncQ/z5coeFqetu4cv1wx9Wk9uy2grO+3bQOJlekf5OOERMTJ7kdxSIHvMlXC4EiUd6hF+ih8sruIIRQNc3iCP/zKey2vv7GK9XF7qqZ9Tnstn8QU9A4OdPT0svoTNL+SLrcjnhqftYRKa8US+LF7vIE84yOPR0db3U9gGQiYrr6xWKhQSiUQqhR/hJHpHXYxkxCWlUimVjE6pfyrRyzhegSPC45UmGefqBJFjNkAyKn682iUTZtGPkYwzSmOOxph9kYzVWuk4VyXjFCsdv+oJBlAy2ThLxvrDjTkU4/VFMtYfZSp/wfHun4nbM3Gvx24VJoJcLlMo5PhXKi2XymylMhvmOE1vL5VbSmUBUilLKpWPMyATN3W8G1I68fQc/+Ycb45LpzBVJ8g7wR90XJ5Mbceamrpp7jrR1z9Adwei7rVxYgmMNC6zq0wts53y0KbK0/MuKrWtSh2C4ukI//yba2nI5lrNLW3TKYE66ubMPmrae5jL43f39s7O5lrBL7O5FkXVeKiSKlQ8sYwvkfPFIz1PLFeNQJV2y9JOOtbUvTaOzxf09s/WlqV0I/gZQ5VErrRKrjMMKz/4tGL/04oDzx93hpZHlLaPQlXHVP6zmn4a6qj7GdwsbwRPUTVtVJGofo5wm3tG44CgpI1V1sEu72DrH0vaWeudkidFlWrYjQmgKVJp6slUem6ayKPEpI6i6peBql6WwDIof4JCTz/MfFFVxWazZXL5BESQy+VIox+vUCimAo6ZJYtSpaI3DXUUVb8YVJkGaL+sIFdqJcoIr1Spj3pmTIwqgUBw7ty5s2fPGhsb+/n7Azo3b94sKS3VJfDz87O1s9PPkpuba2VlpTtlsVhXr15taGiYuHsqhixNTU2kujNnzly6dKmUqUj1UtBxcXX1Dwig9w1F1QhUqdROao2zRuOMI0EPYvRP1ZqhBIgfjtGeKodPKapmBVU3mY/AgEpjqphjk6FqcHBw8eLFXV1dlZWVi774Iisra+++fQkJCUKhUCzWvqlFPNiEAJfLHRgYgKRKTEw0MjKSSqUcDocYdBEREUAeLiEXInEcuo14PJyKRCIURXhUXq79bHFLSwsio2Ni/vKv/zq/oED70E0igVJDIWrG4RR5UY5coUC9fD6fFIhcICOOCKOpdXV1SIxTJEB6DTMqyItO4VRFZdevElUyuZ1IYs3jWYjE1mT5AmK4PAuhyAqnCqWDRGqDS4iRK+xxFbn4AgsO9w5z6kRRNXdRtWfPHmLB3bp1K8Df/+DBg9u3b9+xY8e6desw4cPDwx0cHAAFQ0PD69evP4uKSktL++CDDyCO/uPNN+Pj45Hx8OHDgN39+/c/+vjjkydPfvLpp/39/VBMX3zxxSEjo08++SQmNpY0uaqq6u133gFuSO1xcXHQVsDZ5SuX9+3bh5Tp6ekA4u7duzdv3oxGmJmbozFvvfVWbW0teIc0qOuHlSvBNRcXF8CuubkZ7DM1NcUxOTkZ2Lpy5cqNGzfQF1ILfZ71K0GVEqhSO8kVtrm5Ox75vR8Ssuz+g3d5fDOxxDoufqV/wJfePu81t5wWCC0fPXo7JuYHd4/3k5LXKpT2tXVHwsK/fRrxQ2nZPtBKqXKiqJqLqMKcX7BgQXBwsOmNGx98+CHBRFh4OOAF0NTX10c+e4ZLjx8/Pn/hAgQO4oGqDRs2QLNkZGSsXLUK2uf06dOdnZ0WFhagFco0MTGBdXb0+HGklMlkgAhgRKoDqv7zd7/rZ94uE5F15OhRO3t7HHGak5Ozfv36/Pz8bdu2tbe3FxcXf/zxx6CPv7+/mZkZAogEsAwMDJDR2cUl/OnTxsbGlT/+qFAqY2Jitm7b1t3djerALySmqupXhqpqxoKzS0xal5a2XaNxjYxaWVq6u6b2RFDwUth39Q0nvLw/5HDN7z/47+6eK0KRubvHnwYGb9+9+28FhYYtrWfs7OcNDN5CRoXSiaJqLqLq66+/DgkJSUpKAggQA+WSl6ct09zcvKamBqi6eesWLKxz589/Mn8+LsEABJuQAEzZuGkTLp09exaoun37Ni4h/o6FxYOHD3H1wIED0D6Ojo5S7feshlD1X2+91cfcW3DQaG5ubk7OzkAbeez14ccfR0VFGRsbwxhE2xBAPJoH3QTLLjo6Glxb+u23RUVFtra2aFt1dbWFpSXB3O49e0DGwMBA0ArFEgOWqqpfD6oY880+OWVtWTn+57ufnmGQV7AtM2tzTu5+jcaDLzDz81va22caHLKQw70FU9E/YElnl4mX1xflFQcKiwwLCvcLRdbMIy2KqllA1S0GVSrV2KN5/P7kBiBsPf35DIMrMzOTiCMtqiIjL1+5olIqQQGEly1fHhYWdvrMGSQAtlavXQtUnTp5EqiCzQWUIB4KyMPTMzs7+4/vvON2715ra6tm+Nl5ZWXl//37vyMiC7gBU2AnxsbGzp8/H3qtpKQEEik3Lw+qCrYnxBesTqR8EhSEMiH9tm7digbDxgQH7ezsIiIj0UKTa9e0j66yszcaGKCRIFRHeztKbmpqoqj69aHKLil5TbH22+qeKanrC4t3Vtec8Pf/UqNxamo+5ePzEYtt9jjwExb7BqDm6/tlf/9N30ef9A9c1Wju8vi3ZXI7phBqAM4Cqkz8chBQQFapNc95BkyH3dMnVVWQUeACeUCOGKPDh8lzdKiq2tramNjYGzdvpqenHzt27NChQ/Hx8SkpKefOnUOCgsLCHbt2AVWXLl3q6uqytLQkj64AEYgaqJv9+/d7e3vv2rUL2Ul1EEEffPAByjl+/Pi6desI2gRC4aXLl3fu3Lls2TKkhLZaxdiVoNJRxjAEHC2trAoKCrZs3Xrv3j1YhWVlZU5OTlHR0Wih+Z07Gua9pPGRIxCGKPzqlSuI1D5op6j69akqEKq07AhQlZa+EVpJIrWJif3B2+cLL++PYOXxBZZBwZ+zOTdVagc/v69x2tB40sf3kydBy+MTV4klVlRVzQqquELJjx5Z5in11+NrTBNq9f2NhNrLsTUnAgsnRpVm1FoB3cpM9bAjMbDIyKs9HdR0Ad2prqkikWjHzp0RERFcLhcECQoO1tmkSCyXyyF/lEqlfr3IgsgRTRpRERQTCiTt0Xe6NLq3h5RQvzZU6d4AKpRajzAJkHd8YomNTEYUkyO5qgsgUiK1FYqsmGfqdLHCTKNKMzyEdf388NKOmMruqIqu6IouciQ+sryriSWcFFWz5CB8LCwsILX8meVa9A9M3c+DKkYTjVzVST6ZMCryuasquq5q9lD1ou7nRBV11L0iVNHV6nMSVepRi9T1/QimwUL62VAFc0xJHF00QN0sOHJvM6jq15B1VTOPKvoRmJdHVd10VBUytrRRVUXd66iq1DWM6TdTqLJVqYM1Q6qKuhdEFfNt9Uq+QMDmcDhc7st51jTyUk/9XPOYCywOm8MVcvkFQrGlUGzBHKfprYViM4HQh8Pt5nD5dJBH+BfeXIs91r437OEje1Tk0MZ8fOHoBKMLYY/O+/ylMUtgT3g6XmL2ZJv56Neo78csij1O4eO1f+JmjM4++sgep7WcUa2dIMuI9C86sOxxxoEz/qBNXNR4g8+ZcNgnGDH2ZH8L9vi9mGDEmF0mcUsrueLy2dhci81srsUe/+87Qa9Hn473Rx9vMDnjh6c+RJPm5Uw2BUb8dV5yH0C2SMoSScbz7FFbljY2t9J9AKl/bbYs7R5kt3V28fW2LJ0pVAnoPoAzu2WpUCaXKBRihUIyluc/TyXtlqVtHRRV1L92uyurZxxVdMvSGUMVF+pXJM1pGQgubgsvaw8rHelDStrrBvhcySQbwVNP/eu0ETxF1dxCFSxGgUzePshbcT/7Ulz1majKs8/7c9GVxyMrjvvl8qSyiVGlLW3YT78bL1TOjNQ4g36mBuEX1GWKKoqqWUeVUK6o62Kd88mWqFT9fDFLyDyfEg57kWRQKDF0TZ1YVSEsVmkkaq0XyJXTn4donkilmUpiVC1SqfXt2Vcr99AMgUIlUqpniyYiCaYWBoeqWoqqXyOqrvjlKDTa2QUkPe+18+GQe/rEqBoUiMpr6/NKygrLK5u7ejgS5pWKUIR4thZ8YgRwJGEyh5kEWs8ZfgWjz5q23v7K+kYSJrn0k2lfQQq0hSOmnydIycpuaOvgy5XkvWRJVU1WQRFgMcAXknpJRpKF5NKP0Q8//6pBoh9JitIVyGbCAzxBdGJS58AgxnOIU3JlY0dXVWMzVyonMWQcfso4XOyIhrGYinTV6caHNZxYWx1fiAFp7xtITM/oGmCRVunGdsxiR8RTP0VUCaQ2fIk18QQ9uhhyypfYMN4a8fpXySlF1Wyh6tKjHLlaDQE1pkw4OCGq8JcGnubNm2dubbPDcPeiL7+qa2mTa7QKC0eBXCXRaJQ41WiFgEwbo8TMwamUSUPmFQKAC5l7SON2/wEKLCirQBakR2JSF7IIFSrEoEAUDinX2T945vxFsAkliJkF7UFPIyxt7dRM4UomDTLiiGIVTKWEBeSqnGkVylQwV9EXHa1IJBJgrBCPjKQE0k7EKJlLazdsrG1pJTJKy3qpzHDvPjS+j8tHMgBUyhRCMqKnaDypS8iUo98wMj6kDdBNUqbx5KpQoZYx5eBYUddw5PiJBmYrRsXwOCCXTDOyv3KmNLlePPVTQJV2sYJU5SjXOKs0LgqNM0EPYoZO5XYiuZ1c40QSSFQOuIoYpcYFp2KlPUXVq0KVdHJUdXbv2XcA8Zj/5y9fuffgYWxySnRi8sNHfphXMYnJto5OUQmJXYPsJ2FPqxuaMMEgRp7FJ8QkpUAKYRbFp6YVVVSiTJQG1XD42LEDRkZXTE0xzcrr6pESCMPVyNi44qpqCC4H17v3fXzBRKiqgJDQstp6ZHwaHYuq9x8y8vYLAClQu4PL3bScPGRMzc7xDwq563k/NDKKJ1NAniSmZeDqo8dPulkciEFnt3vuD71QNeDCqEsZKnK+5+7p7YPeoeWhkc+CwiMQk1tciqv1re3uD7xQ3Z8/X9jU0QWuoYXoSFp27qatW7//cVVI5DMQtra5NTIu3ts/wM3zQU5RCfBR2dB01+M+MhIQp+Xkkoah8cz4hLd094BTmfmF0QlJSRlZiHG555FfVh4YGo5k6Dsa6e3/uKmzOyA4xPGum6e3b2p2bmt3b1D4Uyt7BzQA7U/OzHoS/hQj0Nbb5/s4EOOP2un0mKKqEkitm9vPF5YcSErZkVe4nyGRbWPr2fjErVm5ezjCOxyhZWnl4aLSQ3GJW5FSrLAb5N5Oz9qVkLyls9cEpxRVcxVVXT1rN2zAjK1paln2/ffxKWnLVqyY/+cFAJaLu8fuvXsjomN/97u3MNUxLbfv3BUVn/jdypUZeQVQH0UVVb1s7n+++V+AGpEVgNrOPXtg023etr2jbwAcQTKcgko/rFodm5y66MvFjwKf3DAzP2R8BFV//NlnmNgJaRlIFpWQtGLlysDQsPzScie3e+DFmvUbqhubj508tXXnzmdxCX/zt38LQxX+w48+iktJ9fF/DINx5erVqBTT3uTGTVCMJ1WAO+BLcHjExasm127eBq1QuIeXj52T88IvvgBTtmzbfsnkekhEpPbTxp3dAgZVYJO9i6t/UHBCavp+o8MgMkiEBF5+ATb2jkdPnIQUWrlqNSDrdv8h5Bis5rMXLm7YvBkNW7R4cVhU9KfzP4uIicWfas/+A8FPI9du3HjZ5JqruycKAXdOnDl7x9oG1iVOwazS6pr45FSEgWb/J8FHT51KycrBoGGITp87/9HHnwYEh9o4Op29eAmkzswv4DE2KfVTQJVVXMIaX//5VbXH3D3+VN98qr3nmrfvB2UVxuERS+MSVvdzzBwc52Xm7EjP2u7l/e4g705E1LdpmVtLK43Dn345wDUTK+yFUjuKqjmHKvzX/e9vvmm4Z+/ir7+xdnDAbN+9b39kbDxHLNtpuCerQPu5K3AKcwbq4/rN25hdABAMohvm5tACEE1HTpxkMw+MYSJdu3kL1ABfvlqyxP3BQxgvV01vQKOhBDNLq5zC4jMXLohUWoPLYMsWsGnbLsPcohIHF1cQASoMnHJ195AyigbIABoS0zMuXL6KMJpx6uw5WJfW9o6AnYaxj0KfRf3LG2+AaxcuX/l80RdaYcUMTi+HB/JCvm3ftauxvfOrb5Y0tHdArG3YtLmitv7b71aAkki2ZfsOKCyYdaAVVN47778HEIO/2m+TVtcisGDRFxBufRze4aPH/J4Er9u4EadIv97AAMwyvW0OSqIlJ8+e8wl4nJSRCTZBGaHYzgHWwcPGuIq8//M/b7f19rf39oN34Ozy77+vbmpGLgzdZZPrda1thvv2GR056uzm/vXSpTheumqSnJkNVt73eYQY4A//H+ibt9RP+KzKOj5xTV7RQY3GPSF5fVbu5uzcnVBMGo1bV99VKOnOXtOAx/N7WdfFCpuHXgtaO686u/wxMWVtRtZml7v/0dV/Q6pyEFBUzTiq6rtYFx/lSFWqAYF49FJ18Gsqqmr7LsOWrl7ts1uJNgaogqCADoIuyCoo0k6quHigCvVevX4D0xg2i0qjgfbZsGnTt8uXI4BLMKCgrX7/xz9iQl64cnXbzl0HDhvDqAT1EFj23Yrc4hIYdIePHefLlJjtUBARMXF7DhzIKSqGfEhKz0AnfR8/8fLzh+kEXfPA99HGTZuTM7IumVxDDKbuxSsmsOnu2NjAntIwD85CIp4dMDoMA6qutR3CEF1AS6CbzK2swZHbFpbGx44DUpCNWnuTywcRYBsa7t2HEQCU0XHtQ32ZAnCETPubv/07CLHzly5/Mn8+dBm6A6h19A/2sLknz54FH79ZsgwMQmLACGbgrTuW0J4YCmTxCwqGQNthuPtf//UNGKoo/KCxMezHHjZn9br1Ld29yHjyzDmYcitXr2ns6IJfb7AJ/ELKH9esBYtbe/oQifagkSCalHnGh8Ex3LffwtYOnKW0mhxVci2qEpPXFpYYqTV3U9I25hRsy8jeFpcIVN3rZ5k+fLigo+daUMiinsFrQpmNf8DSlo4rXt6f9wxcZfFu97FN+RJrkbYQagDOgqq6wXxbXSiTiZk16895udzYI50rHhdVKArT4+133sGEJDMBx08/0xoysOYwOVetXw+TZMGiRb6PA4GJI8dPwkIEraoamgYFwuu3bi///gdMQlADGR1d3S5fuwbxhWmGGYhkMItQ15dff42wSKUBLxDweRwIGbX3wEFMy3n/569h3YRGPlv8zTcpmdnvvveeg8tda3sHDy9vzOrf/NVfxCQm7dqzF2IHRFi/0QBtgNBb/M0SSBjfgEBQct1Gg6fRMbFJKdEJScAriIm2MeZk4r0HXgu/+JJUCqGH2Y6uNXZ0fvvdd1BnsNG0xml7B0w/2Krvf/QhClExz8hh3C1dtuyBj+/v//g2ONjD4rz/4YeQS6vWrHW8ew/SD8oItueOXbvDo2Pwt9lhaGhl74CMAcEhKBMaCr3+5LPPnoQ97WaxtV957+xC5Nr1G9Jz8xnDuRJFgXcZefm1LW3o7LmLl3EJjAOkfvhxFf6rwPijjzgFE0+du4CuUVRNiiqRHLabVeSzb7Ny94JNUTErMrINWjuveNz/Y2nlkWfRP0THruwdvHX/wZvd/VeBKlfX/+0euBkV811y6sa6pgtFpfvZgjsiGIAyqqpmGlUN3ey1zqnl3Zzsxr7c5n59n9fcn93UZ+CaypOMuwQUAVg0+M9f+86LiUQMuFBZ3wjigF+Yig7OrlHxCS1dPU/CwuvbOqBuIJQy8woABVsn5yfhT2EMIhfmEsCEjORlGTyUAkQZbMDUrBwAjtRYWF7hcs8diqmivhE4g7CCrQcdhEnu6eUTEhFZXFkNrGDmg0owkRBOSEuvamxCdXHJqQXlFYMCEVQeiAZ6AjGglauHJ+ym9Nw8VIp7Fy2BRHJyc4N9CvqApOFRMegLMpKeghQu7h5AVXBEZNcgCw2GFRwQHApZRB4JQUYhC9ofk5SMMKAc9iwaVlgV81gdmINCxF8BhaO/UI5ImZlfiJ6iTNi5bGacMYxlNXUDfAGKwiDDJkX7MYAYPViXOMKitHV0xhChhdCJNg5OOGI0oNRglgqVaowb2uni7gkjUSBXUU5N0QCsbTjV0nFZrnGqbTzd1HZOJLdFID5pa2b2bjbfjCO0LKk4zOKbiWQ2RaVHcDrAvaV9rJ60paT8ME9sRVXVzP+wBgzq44ssE6s3BZcahpbuDBnpDYJKPDIbJl6tTt7l68eQVQVEYZG35lLm1T559699Aq3WQH1gvn386aeYWoRNutUMbNHQIiCyBEH7ck09tLIBHonlTJmogtRFFBlZTyBj1gHgEtLLmHq1yx20a1O17ZEMrzaQMpfI4gCRaigjqYK8ARSrhhJINUNLAQiDpMPrG+R6JZBlq6R3Q79YYvoiGV6FQE61ay+YjHKmGUhJBgp9J8sL2nr6YBFnFxaTRRXkKnLpCkGBZAEE+kiWQaiGFyuQ9shJf4eGUUKWjEiHT+kMmeJiBZnaiXnehICjVOUolNoiRqlxVmicRUOLFZwZHtkCZwiIFfa4hAS6eIqqmf+5Mlci7RNKWgb5rSxBq/bIHzqyhsL9zz9uH/OHNSNWGOqWdGrXQDLrD3XLFHUrKnGEymhkHg+Nzqg7JQgbsV6ULHFkk+WOTJlkpehQvEisO2UNL0PVX1rJBH5q1U/rLZ9vic6PWJw5fHVoZab+ktHnGj/ccd2ptp3DGXXlDBXLlAO9BjUETUeGV3dVv3ayrJQM7NA6z+EW6vdoxFJSyqkXXQKqW9upt8hT68kpArq1oKOvUlTN1pcVeBLtjwEFUpnWy2TPBWQy3qhFoc0z8XNlormIMqKe/GiG6DXt2FKy/ExeMurLCrb0hzVzBVWllTUCBhDEptBOjMk8V88jY2NLu/aHI8/HT91z9OvVawb1ZEA4s1b4azli08zOlyl7WJy27h6+HFZ2OaOqbJnjNL29SG4pkD3mSjhcifKVdG0u/+Gm+MHiKo5IPMjjD/IEL+z5OPJbOzpZfMHLZKee+rnl+WyBsGdgsKO7hy2QsvlFAom1QGIpkFhN29sIJOY80SMWv2+QJ3rJ6fb6+ilsAyGTlVdWy+UysUgkfkEnGT4qFArdKXXU/XIduYelUikzI2QSSalUZiuVWUtlNtP2dlKZhUTqLxYPogaxWERHW99Nbceamrpp7jYxyGLTLTeoe22cRCrl8fnMBli1zLajP+0/Og3volLbqtQhGo2YjvCM7QP4onvzNbW0aZ7ftP1Ft+ea23vDqX/mkqdS40+7YU9jV7QZafyrasBstIrk4vL43T09zD6A1TO9D2CQWv3C+wCSVo3o0Yt28IXS/2xTUlfRS6JKoVKLZUqJfGw/ohMqtbqN+QIJddS9Ho7PF/T292vo7spzXFVJFUrXzEajiIoTz6qOPavU98efVR6KqEio6hqBqhncXXluKqw5rvuom1lHN4Kf66giUQMc0Qa3jPIublZjf27TwHO+eQCR652SJ0UVrEJdFSrGTb8zP+0Cr1S+kIk048RR6rnplPnSJjN1FFUUVZpelsAyKH+CQk8/zJy6qnqhqSiXy4VC4Rz8G5K3QrOnuSiwKKooql4GVaYB2i8ryBVaaTTCK1Xqo54ZE6OKz+e7uLgMDAyQ0/j4+NjY2KnM1dbW1pu3bvEFgjFnb0hIyI0bN0xMTMzNzXuYp54TFBURGel69+6IQqqqqkTiF37/AjV39+7dzMxMUrhCobCzs0NLrl27hmNeXt5L/3lSU1MfPHiAAumdOudRpX2Lp9Zoj8Poee6UvOZDjI5NI04pqmYFVTeZj8CASmOC4NhkqOJyufPmzbOwsCB2n7WNjbW1NZnzEE1EnmB+kgqV2g+jD7WnsrLyu++/7yN3yfBVkgDu4MGDFpaWKPzKlSuGhoZy7Q9yNboCiSiD/JFpfwisKSosLCgo0Ck1RKKK06dPowpSF1KKRCJSNapAe0g5JL2uUrQZNR44cCAqKookRlHoXUxsLIfDSUxMXLJkSUREBEkskUh0jUEJSElOcSQNIB1HvaTx1dXVWVlZJDHy6tLglPSLqq05giqF0kEmtxNLbHAkyxcQg1OpzI7QSq6wR1gssSUSDJESia1IbM2EKarmKqrYbPbmzZsPGRl5eXnh1M3N7f79+5h4ECNXr149euxYU1PTsWPHoEfAi3Xr1wMfSHb9+vW7bnevm5qGhoYdOHgQUxrz+diJE9nZ2aTei5cuoRyEQ0NDl3/3HUhha2cHaXPixAkU2NXVhUr37d//72++CYJ4e3v7+fn19/cfP3781KlTT548CQoO/qff/vPqNWtwFYAw3L370qVLUHwsFmvV6tVHjh51dHQsLS09d/782XPn7B0cUHtRUdGfFyw4evQo2IRcOlQtW768rKyMdDY9IwNlgmgBAQErf/xx+fLlaB76deHiRZT5zZIl9+7dO3PmzN//4z+mpKQIhMLzFy7s3Llz2/btKCc3NzcoKAglbN6yxejw4fc++CA9PR0dN7l2DeMD8QhgUfPwFaJKCVSpneQKu4JCw8eBnz55ssTH92OB8I5UZpOcss7H93PfRx+1d1wQCK2ePPk0JnblPff30jM2gWKNTSdDw5aGhi2vrDqEU4qqOYoqyCJwh2ir8vJyX19fD0/P3Lw8nNbU1NjZ269atQpHzO329nZEAkBtbW3XTEwqKio2btqE7MAZ+IWrW7ZuJYvx4ECl73/44eLFi7v37oUpFxkZ+c4779TX14OApjduADEw07R9njevrq4u/OlTVJGUlLRlyxagk8fj4dLevXsJ1JAmNCwMsuv9999HYq1KiolBgv379x87fpzEREdHAxZhYWHQOCu+/x5Q06Fq8VdfFRYWktPe3l6INTDun377W9i8sGE//PAjtOrHVatQe31DA4pCjWCQqakpxqShoQGqav369XFxcSgENI9PSFjw+eewTBMSE6FAMzIzkQXloNn0Dn7VqKpWakWTXWLSuuTkzRqNU3jEirLyvXX1px4HfqXWOFTXGPv4fsTl3fHwfKOj8yKXd/Oe+/8Msszuub9ZVLynrf2co9O8gcFbGo2LQulEUTXnUIUZe/jwYQQyMzO3bdtmfOSIp6fngwcPIBz8/f0hsjAnMWOhHSBAMDktLS0BBUzajo6OpcuWwRQCIEANpIQy0hmJEEE3b96E9tm5axdOAaat27Y9fPjQ1dU1LS0NXIAaevTo0fETJ8QSCSqCMhIIBGZmZv/9+98TTWRkZIQqmpub//t3b7ndu4fynz59Ciau37iR3JoQUCgNOgiiDFmgfVACFBNMTsIyHaryGesSrri4eN++fUCVxZ07JOby5cvBwcHoLGQjn8+HzkIWaDdjY2MoQTTV1tZ24cKFQGFhUREqAqpQLzK2NDcfNDICqdEL7fdOw8Jk4z/Lp+7nQRVj39knp6wtK8ff6H56hkFe/tasrM05ufs1Gg8e38zPb2lfv2lwyEIO95ZK7eDv/01nl8nDh4uKinfn5m3LzNoJzaXWQFJRVM0iqlRjo+r+5KiC/ULC7u7umHUQUJiiZ86eJQ9uMP9hIq1evfqjjz6CdAIatN//rakBRNauX8/mcECr3//hD5Ae0CO61kK8wIhDYOXKlTDoQJmTp06Rx1UoDRLp84ULb926BR2HSJARqoo86oKdhfJhDKIBqA46SPsJ4DbtCvt+xq1YsQIIwymgQ94AoIWdnZ179uxpaWnB6cJFixISEvRRVcEYrV3d3QabNhHIoszBwUHIt2+//ba0tGzP3r05OTmQUV8uXozmdXd3A8fPnj07dOgQFNMuQ8OoZ8+KhlF18OBBlAZ8A1XoDuDY1t7+2zfeKGP6MiNLPaibBqrsgKriEvzv65matqGoZGdl5dHAwCUajSt0k5fXh4Os24FPPmOxbwBqfn5f9fXfhJ3IYl/XaNyEInPyeIsagLOCKlP/XIKlMQs19kifFFVQELqny9AXABasnvPnzyMe0gYKBbXddXODNYc0ERERmOcIwG5atWYNBAjCEDLQUPoT9ezZsy6uriTZ/773HjTLhQsXUOaGjRuzsrMBL4gjlAkpVFRcDFVla2eHAKqA2nJyckI5MBX/vGBBLOO++uoryDRLK6vOrq4lS5cCTCi5pKQEoIEs2n/gAOgDsgA0JiYm777/Puw1MkpyufytP/xh85YtKHnZ8uVQYcyvW+X29vaA77p160BerYm3cSNQBXLNnz8f5O3p6UE5qampa9asQZZly5ahcOAVSI2LiwfXUDgMz9NnzkCvwXxG39E13YN/eiu/WlQlJq0uLjECqsCs/IKdYon104ilj/y+evDw/fqG43yBRcDjj4AqqCovr895fMvqmiOgVWjYyviEH0USqqpmB1UcgeRbtwznrGbrlHqb1Oe8bWrDneS6w375E6OKSA9dLQqFgpwiAIqx2Wzy/ou8dyMB8qYMNCGvvRBvYGBA9JH+92pIRiLNkAunKLCf+Q2E6Y0bkZGRsLBg2YGMJD3KQXVIQHhH0pO6kLJ/YAB6h1SqAyJiILtguJGVq0iGMClK10Gkh/YBhoAS/R+dITEiSVGkhYgkPdIFAGK0B/BCgaQLupePyEgqQiFAGxk06l4hqnRvAKUyO5ncHtiSaQNQSdpXfjz+HaHICpEKpYNEaksenzMB7RtAgdCSwzUD1OhihRlDVcXzP6zBP+Xd3Ef5rUHF7U+KRvqAwraaPv7EqBqBrZdod0trq6en5wtlga106/Zt5jWiG1nuQB11M4UqsmxKt35qeNmUMyOXhlZRjQiQq3pLqyiqpokqmay6tn46VsbM/gbw5dzs/YaGul89qojt5jxt7wJDUqkK0VBUzSCq1KMWqev7ERSA2dLKfFlhBumgbcALPksmWWBS6f/8kDrqXuL/PL1nVVVKFSw4K+Y4TW+rVJkrVQFqjZCialrPqqbjWts66FhT99o4vkBIPgKj0XSpNXFqTSxznKaPV2ui1Zo8ZgM26l4GVdLyymoERCIRh8tlsTkv7tl9/f3s4fDLlfBSuX42z/7ZS2a/SF72K+rXK2/AbLQKNzJnYJDVPzCAAIvNYrH7Wew+veMIP2lk3/PHgeGGsV+8U+zpjR57Tk7JoYomR5VCoSwpqyyvrCmrqC6tqHo5D9iVlle9dHbqqZ9THnOhbOiWxqSomVFfTYd3TD85qqijjjrqfgEG4PSf7+l/+Jl+W31GSqbfVn+FrZqDNyT9tjp11FFH3S9HVVFHHXXUUVRRRx111FFUUUcddRRV1FFHHXUUVdRRRx11FFXUUUcdRRV11FFHHUUVddRRR1FFUUUdddRRVFFHHXXUUVRRRx11FFXUUUcddRRV1FFHHXWj3f8HI0+fmvIoSX8AAAAASUVORK5CYII=\"><br></li><li><span>Commit the changes.</span></li></ol>Note 1:&nbsp;Setting Log Severity to 'none' for devices that didn't have a DNS Security configuration may block DNS traffic that wasn’t previously blocked.&nbsp;Additionally, this may happen without generating any log entries, making it difficult to detect the blocked traffic. Review the Required Configuration for Exposure section for instructions on identifying existing DNS Security Configuration.<br><br>Note 2: Remember to revert the Log Severity settings once the fixes are applied.<br><br><b>NGFW managed by Strata Cloud Manager (SCM)</b><br><br><div><div>You can choose one of the following mitigation options:</div><div><ol><li>Option 1: Disable DNS Security logging directly on each NGFW by following the PAN-OS steps above.</li><li>Option 2: Disable DNS Security logging across all NGFWs in your tenant by opening a <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/Support/Index\">support case</a>.</li></ol></div><b><p>Prisma Access managed by Strata Cloud Manager (SCM)</p></b></div><p>Until we perform an upgrade of your Prisma Access tenant, you can disable DNS Security logging across all NGFWs in your tenant by opening a <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/Support/Index\">support case</a>. If you would like to expedite the upgrade, please make a note of that in the support case.</p><b></b>"}]}],"solutions":[{"lang":"eng","value":"This issue is fixed in PAN-OS 10.1.15, PAN-OS 10.2.14, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions.\n\nNote: PAN-OS 11.0 reached the end of life (EOL) on November 17, 2024, so we do not intend to provide a fix for this release.\n\nPrisma Access customers using DNS Security with affected PAN-OS versions should apply one of the workarounds provided below. We will perform upgrades in two phases for impacted customers on the weekends of January 3rd and January 10th. You can request an expedited Prisma Access upgrade to the latest PAN-OS version by opening a support case (https://support.paloaltonetworks.com/Support/Index).\n\nIn addition, to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases.\n\nAdditional PAN-OS 11.1 releases with the fix:\n\n * 11.1.2-h16 (available)\n * 11.1.3-h13 (available)\n * 11.1.4-h7 (available)\n * 11.1.5 (available)\n\nAdditional PAN-OS 10.2 releases with the fix:\n * 10.2.8-h19 (available)\n * 10.2.9-h19 (available)\n * 10.2.10-h12 (available)\n * 10.2.11-h10 (available)\n * 10.2.12-h4 (available)\n * 10.2.13-h2 (available)\n * 10.2.14 (ETA: early March)\n\nAdditional PAN-OS 10.1 releases with the fix:\n * 10.1.14-h8 (available)\n * 10.1.15 (ETA: end of February)\n\nAdditional PAN-OS releases with the fix only applicable to Prisma Access:\n * 10.2.9-h19 (available)\n * 10.2.10-h12 (available)","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>This issue is fixed in PAN-OS 10.1.15, PAN-OS 10.2.14, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions.</p><p>Note: PAN-OS 11.0 reached the end of life (EOL) on November 17, 2024, so we do not intend to provide a fix for this release.</p><p>Prisma Access customers using DNS Security with affected PAN-OS versions should apply one of the workarounds provided below. We will perform upgrades in two phases for impacted customers on the weekends of January 3rd and January 10th. You can request an expedited Prisma Access upgrade to the latest PAN-OS version by opening a <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/Support/Index\">support case</a>.</p><p>In addition, to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases.</p><p>​​Additional PAN-OS 11.1 releases with the fix:</p><div><ul><li>11.1.2-h16&nbsp;(available)</li><li>11.1.3-h13&nbsp;(available)</li><li>11.1.4-h7&nbsp;(available)</li><li>11.1.5&nbsp;(available)</li></ul></div><div>Additional PAN-OS 10.2 releases with the fix:</div><div><ul><li>10.2.8-h19&nbsp;(available)</li><li>10.2.9-h19&nbsp;(available)</li><li>10.2.10-h12&nbsp;(available)</li><li>10.2.11-h10&nbsp;(available)</li><li>10.2.12-h4&nbsp;(available)</li><li>10.2.13-h2&nbsp;(available)</li><li>10.2.14&nbsp;(ETA: early March)</li></ul></div><div>Additional PAN-OS 10.1 releases with the fix:</div><div><ul><li>10.1.14-h8&nbsp;(available)</li><li>10.1.15&nbsp;(ETA: end of February)</li></ul></div><div>Additional PAN-OS releases with the fix only applicable to Prisma Access:</div><div><ul><li>10.2.9-h19&nbsp;(available)</li><li>10.2.10-h12&nbsp;(available)</li></ul></div>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is aware of customers experiencing this denial of service (DoS) when their firewall blocks malicious DNS packets that trigger this issue.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<span>Palo Alto Networks is aware of customers experiencing this denial of service (DoS) when their firewall blocks malicious DNS packets that trigger this issue.</span>"}]}],"timeline":[{"time":"2025-01-30T00:00:00.000Z","lang":"en","value":"Corrected the 11.1.4 fix version to 11.1.4-h7 in the Product Status table"},{"time":"2025-01-17T23:45:00.000Z","lang":"en","value":"Updated Required Configuration section to clarify how to verify if DNS Security is enabled."},{"time":"2024-12-30T19:15:00.000Z","lang":"en","value":"Clarified affected products and platforms, and updated Workarounds and Mitigations"},{"time":"2024-12-27T18:40:00.000Z","lang":"en","value":"Simplified Product Status table, Required Configuration, and added ETAs to Solution"},{"time":"2024-12-27T02:30:00.000Z","lang":"en","value":"Initial publication"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks the CERT-EE team for their extra effort in providing invaluable forensic and analytic assistance.","type":"reporter"}],"source":{"defect":["PAN-259351","PAN-219034"],"discovery":"USER"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 10.2.13-h1","PAN-OS 10.2.13","PAN-OS 10.2.12-h3","PAN-OS 10.2.12-h2","PAN-OS 10.2.12-h1","PAN-OS 10.2.12","PAN-OS 10.2.11-h9","PAN-OS 10.2.11-h8","PAN-OS 10.2.11-h7","PAN-OS 10.2.11-h6","PAN-OS 10.2.11-h5","PAN-OS 10.2.11-h4","PAN-OS 10.2.11-h3","PAN-OS 10.2.11-h2","PAN-OS 10.2.11-h1","PAN-OS 10.2.11","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.1.14-h7","PAN-OS 10.1.14-h6","PAN-OS 10.1.14-h5","PAN-OS 10.1.14-h4","PAN-OS 10.1.14-h3","PAN-OS 10.1.14-h2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2024-9474","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface","datePublic":"2024-11-18T14:20:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-78","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-88","descriptions":[{"lang":"en","value":"CAPEC-88 OS Command Injection"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.6:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h31:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h30:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h29:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h28:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h27:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h26:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h25:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h24:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h23:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h22:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h21:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h20:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"affected","version":"11.2.0","lessThan":"11.2.4-h1","changes":[{"at":"11.2.4-h1","status":"unaffected"},{"at":"11.2.0-h1","status":"unaffected"},{"at":"11.2.1-h1","status":"unaffected"},{"at":"11.2.2-h2","status":"unaffected"},{"at":"11.2.3-h3","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.5-h1","changes":[{"at":"11.1.5-h1","status":"unaffected"},{"at":"11.1.0-h4","status":"unaffected"},{"at":"11.1.1-h2","status":"unaffected"},{"at":"11.1.2-h15","status":"unaffected"},{"at":"11.1.3-h11","status":"unaffected"},{"at":"11.1.4-h7","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.0.0","lessThan":"11.0.6-h1","changes":[{"at":"11.0.6-h1","status":"unaffected"},{"at":"11.0.0-h4","status":"unaffected"},{"at":"11.0.5-h2","status":"unaffected"},{"at":"11.0.4-h6","status":"unaffected"},{"at":"11.0.3-h13","status":"unaffected"},{"at":"11.0.2-h5","status":"unaffected"},{"at":"11.0.1-h5","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.12-h2","changes":[{"at":"10.2.12-h2","status":"unaffected"},{"at":"10.2.0-h4","status":"unaffected"},{"at":"10.2.11-h6","status":"unaffected"},{"at":"10.2.10-h9","status":"unaffected"},{"at":"10.2.9-h16","status":"unaffected"},{"at":"10.2.8-h15","status":"unaffected"},{"at":"10.2.7-h18","status":"unaffected"},{"at":"10.2.6-h6","status":"unaffected"},{"at":"10.2.5-h9","status":"unaffected"},{"at":"10.2.4-h32","status":"unaffected"},{"at":"10.2.3-h14","status":"unaffected"},{"at":"10.2.2-h6","status":"unaffected"},{"at":"10.2.1-h3","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","lessThan":"10.1.14-h6","changes":[{"at":"10.1.14-h6","status":"unaffected"},{"at":"10.1.3-h4","status":"unaffected"},{"at":"10.1.13-h5","status":"unaffected"},{"at":"10.1.12-h3","status":"unaffected"},{"at":"10.1.11-h10","status":"unaffected"},{"at":"10.1.10-h9","status":"unaffected"},{"at":"10.1.9-h14","status":"unaffected"},{"at":"10.1.8-h8","status":"unaffected"},{"at":"10.1.6-h9","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.\n\nThis issue is applicable to PAN-OS 10.1, PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software on PA-Series, VM-Series, and CN-Series firewalls and on Panorama (virtual and M-Series) and WildFire appliances.\n\n\nCloud NGFW and Prisma Access are not impacted by this vulnerability.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.</p><p>This issue is applicable to PAN-OS 10.1, PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software on PA-Series, VM-Series, and CN-Series firewalls and on Panorama (virtual and M-Series)&nbsp;and WildFire appliances.<br></p><p>Cloud NGFW and Prisma Access are not impacted by this vulnerability.</p>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-9474","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"The risk is highest when you allow access to the management interface from external IP addresses on the internet. The worst impact is that a malicious administrator is able to tamper with the system integrity."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"HIGH","providerUrgency":"RED","exploitMaturity":"ATTACKED","baseSeverity":"MEDIUM","baseScore":6.9,"threatSeverity":"MEDIUM","threatScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/AU:N/R:U/V:C/RE:H/U:Red"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"If you configure a specific list of IP addresses that only allow access to the management interface, you greatly reduce the risk of exploitation because attacks would require privileged access using only those IP addresses."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"HIGH","providerUrgency":"RED","exploitMaturity":"ATTACKED","baseSeverity":"MEDIUM","baseScore":5.9,"threatSeverity":"MEDIUM","threatScore":5.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/AU:N/R:U/V:C/RE:H/U:Red"}}],"configurations":[{"lang":"en","value":"The risk is greatest if you configure the management interface to enable access from the internet or any untrusted network either:\n\n 1. Directly\n    or\n 2. Through a dataplane interface that includes a management interface profile.\n\nThe risk is greatly reduced if you make sure that only trusted internal IP addresses are allowed to access the management interface.\n\nUse the following steps to identify your recently detected devices in our Internet scans:\n\n 1. To find your known assets that require remediation action, visit the Assets section of Customer Support Portal at https://support.paloaltonetworks.com (https://support.paloaltonetworks.com/) (Products → Assets → All Assets → Remediation Required).\n 2. The list of your known devices with an internet-facing management interface discovered in our scans are tagged with PAN-SA-2024-0015 with a last seen timestamp in UTC. If no such devices are listed, it indicates our scan did not find any devices with internet-facing management interface for your account in the last three days.\n\nGlobalProtect Portals and Gateways are not vulnerable to this issue. However, if a management profile is configured on interfaces with GlobalProtect portals or gateways, then it exposes the device to attacks via the management web interface (typically accessible on port 4443) in such cases.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>The risk is greatest if you configure the management interface to enable access from the internet or any untrusted network either:</p><ol><li>Directly<br>or</li><li>Through a dataplane interface that includes a management interface profile.</li></ol><p>The risk is greatly reduced if you make sure that only trusted internal IP addresses are allowed to access the management interface.</p><p>Use the following steps to identify your recently detected devices in our Internet scans:</p><ol><li>To find your known assets that require remediation action, visit the Assets section of Customer Support Portal at <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/\">https://support.paloaltonetworks.com</a>&nbsp;(Products → Assets → All Assets → Remediation Required).</li><li>The list of your known devices with an internet-facing management interface discovered in our scans are tagged with PAN-SA-2024-0015 with a last seen timestamp in UTC. If no such devices are listed, it indicates our scan did not find any devices with internet-facing management interface for your account in the last three days.</li></ol><p>GlobalProtect Portals and Gateways are not vulnerable to this issue. However, if a management profile is configured on interfaces with GlobalProtect portals or gateways, then it exposes the device to attacks via the management web interface (typically accessible on port 4443) in such cases.</p>"}]}],"workarounds":[{"lang":"en","value":"Recommended mitigation—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you haven’t already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines. Specifically, you should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the internet.\n\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n * Palo Alto Networks LIVEcommunity article: https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\n * Palo Alto Networks official and more detailed technical documentation: https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices","supportingMedia":[{"type":"text/html","base64":false,"value":"Recommended mitigation—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you haven’t already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines. Specifically, you should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the internet.<br><p>Review information about how to secure management access to your Palo Alto Networks firewalls:</p><ul><li>Palo Alto Networks LIVEcommunity article:&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431</a></li><li>Palo Alto Networks official and more detailed technical documentation:&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\">https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices</a></li></ul>"}]}],"solutions":[{"lang":"eng","value":"This issue is fixed in PAN-OS 10.1.14-h6, PAN-OS 10.2.12-h2, PAN-OS 11.0.6-h1, PAN-OS 11.1.5-h1, PAN-OS 11.2.4-h1, and all later PAN-OS versions.\n\nIn addition, in an attempt to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases.\n\n * Additional PAN-OS 11.2 fixes:\n   * 11.2.0-h1\n   * 11.2.1-h1\n   * 11.2.2-h2\n   * 11.2.3-h3\n   * 11.2.4-h1\n * Additional PAN-OS 11.1 fixes:\n   * 11.1.0-h4\n   * 11.1.1-h2\n   * 11.1.2-h15\n   * 11.1.3-h11\n   * 11.1.4-h7\n   * 11.1.5-h1\n * Additional PAN-OS 11.0 fixes:\n   * 11.0.0-h4\n   * 11.0.1-h5\n   * 11.0.2-h5\n   * 11.0.3-h13\n   * 11.0.4-h6\n   * 11.0.5-h2\n   * 11.0.6-h1\n * Additional PAN-OS 10.2 fixes:\n   * 10.2.0-h4\n   * 10.2.1-h3\n   * 10.2.2-h6\n   * 10.2.3-h14\n   * 10.2.4-h32\n   * 10.2.5-h9\n   * 10.2.6-h6\n   * 10.2.7-h18\n   * 10.2.8-h15\n   * 10.2.9-h16\n   * 10.2.10-h9\n   * 10.2.11-h6\n   * 10.2.12-h2\n * Additional PAN-OS 10.1 fixes:\n   * 10.1.3-h4\n   * 10.1.6-h9\n   * 10.1.8-h8\n     \n   * 10.1.9-h14\n   * 10.1.10-h9\n   * 10.1.11-h10\n   * 10.1.12-h3\n   * 10.1.13-h5\n   * 10.1.14-h6","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>This issue is fixed in PAN-OS 10.1.14-h6, PAN-OS 10.2.12-h2, PAN-OS 11.0.6-h1, PAN-OS 11.1.5-h1, PAN-OS 11.2.4-h1, and all later PAN-OS versions.</p><p>In addition, in an attempt to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases.</p><div><ul><li>Additional PAN-OS 11.2 fixes:<ul><li>​​11.2.0-h1</li><li>11.2.1-h1</li><li>11.2.2-h2</li><li>11.2.3-h3</li><li>11.2.4-h1</li></ul></li><li>Additional PAN-OS 11.1 fixes:<ul><li>11.1.0-h4</li><li>11.1.1-h2</li><li>11.1.2-h15</li><li>11.1.3-h11</li><li>11.1.4-h7</li><li>11.1.5-h1</li></ul></li><li>Additional PAN-OS 11.0 fixes:<ul><li>11.0.0-h4</li><li>11.0.1-h5</li><li>11.0.2-h5</li><li>11.0.3-h13</li><li>11.0.4-h6</li><li>11.0.5-h2</li><li>11.0.6-h1</li></ul></li><li>Additional PAN-OS 10.2 fixes:<ul><li>10.2.0-h4</li><li>10.2.1-h3</li><li>10.2.2-h6</li><li>10.2.3-h14</li><li>10.2.4-h32</li><li>10.2.5-h9</li><li>10.2.6-h6</li><li>10.2.7-h18</li><li>10.2.8-h15</li><li>10.2.9-h16</li><li>10.2.10-h9</li><li>10.2.11-h6</li><li>10.2.12-h2</li></ul></li><li>Additional PAN-OS 10.1 fixes:<ul><li>10.1.3-h4</li><li>10.1.6-h9</li><li>10.1.8-h8<br></li><li>10.1.9-h14</li><li>10.1.10-h9</li><li>10.1.11-h10</li><li>10.1.12-h3</li><li>10.1.13-h5</li><li>10.1.14-h6</li></ul></li></ul></div>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is aware of an increasing number of attacks that leverage the exploitation of this vulnerability. Proof of concepts for this vulnerability have been publicly disclosed by third parties.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is aware of an increasing number of attacks that leverage the exploitation of this vulnerability. Proof of concepts for this vulnerability have been publicly disclosed by third parties.<br>"}]}],"timeline":[{"time":"2024-11-21T01:40:00.000Z","lang":"en","value":"Clarified applicability to PA-Series, VM-Series, and CN-Series firewalls and Panorama (virtual and M-Series) and WildFire appliances"},{"time":"2024-11-18T14:00:00.000Z","lang":"en","value":"Initial publication"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks our Deep Product Security Research Team for discovering this issue internally from threat activity.","type":"finder"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.4","PAN-OS 11.2.3-h2","PAN-OS 11.2.3-h1","PAN-OS 11.2.3","PAN-OS 11.2.2-h1","PAN-OS 11.2.1","PAN-OS 11.2.0","PAN-OS 11.1.5","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 11.0.6","PAN-OS 11.0.5-h1","PAN-OS 11.0.5","PAN-OS 11.0.4-h5","PAN-OS 11.0.4-h4","PAN-OS 11.0.4-h3","PAN-OS 11.0.4-h2","PAN-OS 11.0.4-h1","PAN-OS 11.0.4","PAN-OS 11.0.3-h12","PAN-OS 11.0.3-h11","PAN-OS 11.0.3-h10","PAN-OS 11.0.3-h9","PAN-OS 11.0.3-h8","PAN-OS 11.0.3-h7","PAN-OS 11.0.3-h6","PAN-OS 11.0.3-h5","PAN-OS 11.0.3-h4","PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 10.2.12-h1","PAN-OS 10.2.12","PAN-OS 10.2.11-h5","PAN-OS 10.2.11-h4","PAN-OS 10.2.11-h3","PAN-OS 10.2.11-h2","PAN-OS 10.2.11-h1","PAN-OS 10.2.11","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.14-h5","PAN-OS 10.1.14-h4","PAN-OS 10.1.14-h3","PAN-OS 10.1.14-h2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2024-0012","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)","datePublic":"2024-11-18T14:20:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-306","description":"CWE-306 Missing Authentication for Critical Function","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-115","descriptions":[{"lang":"en","value":"CAPEC-115 Authentication Bypass"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.6:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h31:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h30:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h29:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h28:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h27:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h26:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h25:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h24:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h23:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h22:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h21:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h20:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*"],"versions":[{"status":"affected","version":"11.2.0","lessThan":"11.2.4-h1","changes":[{"at":"11.2.4-h1","status":"unaffected"},{"at":"11.2.1-h1","status":"unaffected"},{"at":"11.2.2-h2","status":"unaffected"},{"at":"11.2.3-h3","status":"unaffected"},{"at":"11.2.0-h1","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.5-h1","changes":[{"at":"11.1.5-h1","status":"unaffected"},{"at":"11.1.0-h4","status":"unaffected"},{"at":"11.1.1-h2","status":"unaffected"},{"at":"11.1.2-h15","status":"unaffected"},{"at":"11.1.3-h11","status":"unaffected"},{"at":"11.1.4-h7","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.0.0","lessThan":"11.0.6-h1","changes":[{"at":"11.0.6-h1","status":"unaffected"},{"at":"11.0.0-h4","status":"unaffected"},{"at":" 11.0.1-h5","status":"unaffected"},{"at":"11.0.2-h5","status":"unaffected"},{"at":"11.0.3-h13","status":"unaffected"},{"at":"11.0.4-h6","status":"unaffected"},{"at":" 11.0.5-h2","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.12-h2","changes":[{"at":"10.2.0-h4","status":"unaffected"},{"at":"10.2.1-h3","status":"unaffected"},{"at":" 10.2.2-h6","status":"unaffected"},{"at":"10.2.3-h14","status":"unaffected"},{"at":"10.2.4-h32","status":"unaffected"},{"at":"10.2.5-h9","status":"unaffected"},{"at":"10.2.6-h6","status":"unaffected"},{"at":"10.2.7-h18","status":"unaffected"},{"at":"10.2.8-h15","status":"unaffected"},{"at":"10.2.9-h16","status":"unaffected"},{"at":" 10.2.10-h9","status":"unaffected"},{"at":"10.2.11-h6","status":"unaffected"}],"versionType":"custom"},{"status":"unaffected","version":"10.1.0","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 (https://security.paloaltonetworks.com/CVE-2024-9474).\n\nThe risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431).\n\nThis issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software on PA-Series, VM-Series, and CN-Series firewalls and on Panorama (virtual and M-Series).\n\n\nCloud NGFW and Prisma Access are not impacted by this vulnerability.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like <a target=\"_blank\" rel=\"nofollow\" href=\"https://security.paloaltonetworks.com/CVE-2024-9474\">CVE-2024-9474</a>.</p><p>The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">best practice deployment guidelines</a>.</p><p>This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software on PA-Series, VM-Series, and CN-Series firewalls and on Panorama (virtual and M-Series).<br></p><p>Cloud NGFW and Prisma Access are not impacted by this vulnerability.</p>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-0012","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"The risk is highest when you allow access to the management interface from external IP addresses on the internet."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"HIGH","providerUrgency":"RED","exploitMaturity":"ATTACKED","baseSeverity":"CRITICAL","baseScore":9.3,"threatSeverity":"CRITICAL","threatScore":9.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:A/AU:N/R:U/V:C/RE:H/U:Red"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"If you configure restricted access to a jump box that is the only system allowed to access the management interface, you greatly reduce the risk of exploitation because attacks would require privileged access using only those IP addresses."}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"HIGH","providerUrgency":"RED","exploitMaturity":"ATTACKED","baseSeverity":"MEDIUM","baseScore":5.9,"threatSeverity":"MEDIUM","threatScore":5.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/AU:N/R:U/V:C/RE:H/U:Red"}}],"configurations":[{"lang":"en","value":"The risk is greatest if you configure the management interface to enable access from the internet or any untrusted network either:\n\n 1. Directly\n    or\n 2. Through a dataplane interface that includes a management interface profile.\n\nThe risk is greatly reduced if you make sure that only trusted internal IP addresses are allowed to access the management interface.\n\nUse the following steps to identify your recently detected devices in our Internet scans:\n\n 1. To find your known assets that require remediation action, visit the Assets section of Customer Support Portal at https://support.paloaltonetworks.com (https://support.paloaltonetworks.com/) (Products → Assets → All Assets → Remediation Required).\n 2. The list of your known devices with an internet-facing management interface discovered in our scans are tagged with PAN-SA-2024-0015 with a last seen timestamp in UTC. If no such devices are listed, it indicates our scan did not find any devices with internet-facing management interface for your account in the last three days.\n\nGlobalProtect Portals and Gateways are not vulnerable to this issue. However, if a management profile is configured on interfaces with GlobalProtect portals or gateways, then it exposes the device to attacks via the management web interface (typically accessible on port 4443) in such cases.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>The risk is greatest if you configure the management interface to enable access from the internet or any untrusted network either:</p><ol><li>Directly<br>or</li><li>Through a dataplane interface that includes a management interface profile.</li></ol><p>The risk is greatly reduced if you make sure that only trusted internal IP addresses are allowed to access the management interface.</p><p>Use the following steps to identify your recently detected devices in our Internet scans:</p><ol><li>To find your known assets that require remediation action, visit the Assets section of Customer Support Portal at&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/\">https://support.paloaltonetworks.com</a>&nbsp;(Products → Assets → All Assets → Remediation Required).</li><li>The list of your known devices with an internet-facing management interface discovered in our scans are tagged with PAN-SA-2024-0015 with a last seen timestamp in UTC. If no such devices are listed, it indicates our scan did not find any devices with internet-facing management interface for your account in the last three days.</li></ol>GlobalProtect Portals and Gateways are not vulnerable to this issue. However, if a management profile is configured on interfaces with GlobalProtect portals or gateways, then it exposes the device to attacks via the management web interface (typically accessible on port 4443) in such cases.<br>"}]}],"workarounds":[{"lang":"en","value":"Recommended mitigation—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you haven’t already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines. Specifically, you should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the internet.\n\nAdditionally, if you have a Threat Prevention subscription, you can block these attacks using Threat IDs 95746, 95747, 95752, 95753, 95759, and 95763 (available in Applications and Threats content version 8915-9075 and later). For these Threat IDs to protect against attacks for this vulnerability,\n\n * Ensure that all the listed Threat IDs are set to block mode,\n * Route incoming traffic for the MGT port through a DP port (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba), e.g., enabling management profile on a DP interface for management access,\n * Replace the Certificate for Inbound Traffic Management (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c),\n * Decrypt inbound traffic to the management interface so the firewall can inspect it (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2), and\n * Enable threat prevention on the inbound traffic to management services.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n * Palo Alto Networks LIVEcommunity article: https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\n * Palo Alto Networks official and more detailed technical documentation: https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>Recommended mitigation—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you haven’t already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines. Specifically, you should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the internet.</p><p>Additionally, if you have a Threat Prevention subscription, you can block these attacks using Threat IDs 95746, 95747, 95752, 95753, 95759, and 95763 (available in Applications and Threats content version 8915-9075 and later). For these Threat IDs to protect against attacks for this vulnerability,</p><ul><li>Ensure that all the listed Threat IDs are set to block mode,</li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\">Route incoming traffic for the MGT port through a DP port</a>, e.g., enabling management profile on a DP interface for management access,</li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c\">Replace the Certificate for Inbound Traffic Management</a>,</li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2\">Decrypt inbound traffic to the management interface so the firewall can inspect it</a>, and</li><li>Enable threat prevention on the inbound traffic to management services.</li></ul>Review information about how to secure management access to your Palo Alto Networks firewalls:<br><ul><li>Palo Alto Networks LIVEcommunity article:&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431</a></li><li>Palo Alto Networks official and more detailed technical documentation:&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\">https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices</a></li></ul>"}]}],"solutions":[{"lang":"eng","value":"We strongly recommend that you secure access to your management interface following the instructions in the workarounds section below.\n\nThis issue is fixed in PAN-OS 10.2.12-h2, PAN-OS 11.0.6-h1, PAN-OS 11.1.5-h1, PAN-OS 11.2.4-h1, and all later PAN-OS versions.\n\nIn addition, in an attempt to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases.\n\n * Additional PAN-OS 11.2 fixes:\n   * 11.2.0-h1\n   * 11.2.1-h1\n   * 11.2.2-h2\n   * 11.2.3-h3\n   * 11.2.4-h1\n * Additional PAN-OS 11.1 fixes:\n   * 11.1.0-h4\n   * 11.1.1-h2\n   * 11.1.2-h15\n   * 11.1.3-h11\n   * 11.1.4-h7\n   * 11.1.5-h1\n * Additional PAN-OS 11.0 fixes:\n   * 11.0.0-h4\n   * 11.0.1-h5\n   * 11.0.2-h5\n   * 11.0.3-h13\n   * 11.0.4-h6\n   * 11.0.5-h2\n   * 11.0.6-h1\n * Additional PAN-OS 10.2 fixes:\n   * 10.2.0-h4\n   * 10.2.1-h3\n   * 10.2.2-h6\n   * 10.2.3-h14\n   * 10.2.4-h32\n   * 10.2.5-h9\n   * 10.2.6-h6\n   * 10.2.7-h18\n   * 10.2.8-h15\n   * 10.2.9-h16\n   * 10.2.10-h9\n   * 10.2.11-h6\n   * 10.2.12-h2","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>We strongly recommend that you secure access to your management interface following the instructions in the workarounds section below.</p><p>This issue is fixed in PAN-OS 10.2.12-h2, PAN-OS 11.0.6-h1, PAN-OS 11.1.5-h1, PAN-OS 11.2.4-h1, and all later PAN-OS versions.</p><p>In addition, in an attempt to provide the most seamless upgrade path for our customers, we are making fixes available for other TAC-preferred and commonly deployed maintenance releases.</p><div><div><ul><li>Additional PAN-OS 11.2 fixes:<ul><li>​​11.2.0-h1</li><li>11.2.1-h1</li><li>11.2.2-h2</li><li>11.2.3-h3</li><li>11.2.4-h1</li></ul></li><li>Additional PAN-OS 11.1 fixes:<ul><li>11.1.0-h4</li><li>11.1.1-h2</li><li>11.1.2-h15</li><li>11.1.3-h11</li><li>11.1.4-h7</li><li>11.1.5-h1</li></ul></li><li>Additional PAN-OS 11.0 fixes:<ul><li>11.0.0-h4</li><li>11.0.1-h5</li><li>11.0.2-h5</li><li>11.0.3-h13</li><li>11.0.4-h6</li><li>11.0.5-h2</li><li>11.0.6-h1</li></ul></li><li>Additional PAN-OS 10.2 fixes:<ul><li>10.2.0-h4</li><li>10.2.1-h3</li><li>10.2.2-h6</li><li>10.2.3-h14</li><li>10.2.4-h32</li><li>10.2.5-h9</li><li>10.2.6-h6</li><li>10.2.7-h18</li><li>10.2.8-h15</li><li>10.2.9-h16</li><li>10.2.10-h9</li><li>10.2.11-h6</li><li>10.2.12-h2</li></ul></li></ul></div></div>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is aware of an increasing number of attacks that leverage the exploitation of this vulnerability. Proof of concepts for this vulnerability have been publicly disclosed by third parties.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is aware of an increasing number of attacks that leverage the exploitation of this vulnerability. Proof of concepts for this vulnerability have been publicly disclosed by third parties.<br>"}]}],"timeline":[{"time":"2025-03-03T20:00:00.000Z","lang":"en","value":"Updated the product status table"},{"time":"2024-11-23T23:30:00.000Z","lang":"en","value":"Clarified no impact to GlobalProtect portals or gateways"},{"time":"2024-11-20T00:00:00.000Z","lang":"en","value":"Clarified applicability to PA-Series, VM-Series, and CN-Series firewalls and Panorama (virtual and M-Series)"},{"time":"2024-11-18T14:20:00.000Z","lang":"en","value":"CVE-2024-0012 assigned to this publication as the vulnerability is identified and fixed"},{"time":"2024-11-15T22:00:00.000Z","lang":"en","value":"Answered a FAQ about indicators of compromise"},{"time":"2024-11-14T22:18:00.000Z","lang":"en","value":"Raised the severity of PAN-SA-2024-0015 bulletin as we have observed threat activity"},{"time":"2024-11-11T01:03:00.000Z","lang":"en","value":"Added instructions to find your devices with an internet-facing management interface discovered in our scans"},{"time":"2024-11-08T13:00:00.000Z","lang":"en","value":"Initially published as PAN-SA-2024-0015"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks our Deep Product Security Research Team for discovering this issue internally from threat activity.","type":"finder"}],"source":{"advisory":"PAN-SA-2024-0015","discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.4","PAN-OS 11.2.3-h2","PAN-OS 11.2.3-h1","PAN-OS 11.2.3","PAN-OS 11.2.2-h1","PAN-OS 11.2.1","PAN-OS 11.2.0","PAN-OS 11.1.5","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 11.0.6","PAN-OS 11.0.5-h1","PAN-OS 11.0.5","PAN-OS 11.0.4-h5","PAN-OS 11.0.4-h4","PAN-OS 11.0.4-h3","PAN-OS 11.0.4-h2","PAN-OS 11.0.4-h1","PAN-OS 11.0.4","PAN-OS 11.0.3-h12","PAN-OS 11.0.3-h11","PAN-OS 11.0.3-h10","PAN-OS 11.0.3-h9","PAN-OS 11.0.3-h8","PAN-OS 11.0.3-h7","PAN-OS 11.0.3-h6","PAN-OS 11.0.3-h5","PAN-OS 11.0.3-h4","PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 10.2.12-h1","PAN-OS 10.2.12","PAN-OS 10.2.11-h5","PAN-OS 10.2.11-h4","PAN-OS 10.2.11-h3","PAN-OS 10.2.11-h2","PAN-OS 10.2.11-h1","PAN-OS 10.2.11","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2024-5917","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Server-Side Request Forgery in WildFire","datePublic":"2024-11-13T18:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-918","description":"CWE-918 Server-Side Request Forgery (SSRF)","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-664","descriptions":[{"lang":"en","value":"CAPEC-664 Server Side Request Forgery"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"status":"unaffected","version":"11.2.0","versionType":"custom"},{"status":"unaffected","version":"11.1.0","versionType":"custom"},{"status":"unaffected","version":"11.0.0","versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.2","changes":[{"at":"10.2.2","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","lessThan":"10.1.7","changes":[{"at":"10.1.7","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A server-side request forgery in PAN-OS software enables an authenticated attacker to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"A server-side request forgery in PAN-OS software enables an authenticated attacker to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible."}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-5917","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"LOW","baseScore":2.1,"threatSeverity":"LOW","threatScore":0.5,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"No special configuration is required to be affected by this issue.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"No special configuration is required to be affected by this issue."}]}],"workarounds":[{"lang":"en","value":"Recommended mitigation—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you haven’t already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines. Specifically, you should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the internet.\n\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n * Palo Alto Networks LIVEcommunity article: https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\n * Palo Alto Networks official and more detailed technical documentation: https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\n\n\n\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>Recommended mitigation—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you haven’t already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines. Specifically, you should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the internet.<br></p><p>Review information about how to secure management access to your Palo Alto Networks firewalls:</p><ul><li>Palo Alto Networks LIVEcommunity article: <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431</a></li><li>Palo Alto Networks official and more detailed technical documentation: <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\">https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices</a></li></ul><p></p>"}]}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 10.1.7, PAN-OS 10.2.2, and all later PAN-OS versions.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue is fixed in PAN-OS 10.1.7, PAN-OS 10.2.2, and all later PAN-OS versions.<br>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2024-11-13T17:00:00.000Z","lang":"en","value":"Initial publication"},{"time":"2025-01-15T00:39:00.000Z","lang":"en","value":"Corrected the description and the CVSS score to reflect that the attacker must be authenticated. "},{"time":"2025-01-22T20:45:00.000Z","lang":"en","value":"Corrected the required configuration for exposure and provided mitigation steps."}],"credits":[{"lang":"en","value":"Michael Baker from AC3","type":"finder"}],"source":{"defect":["PAN-115469"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2024-2551","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet","datePublic":"2024-11-13T18:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-476","description":"CWE-476 NULL Pointer Dereference","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-129","descriptions":[{"lang":"en","value":"CAPEC-129 Pointer Manipulation"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"unaffected","version":"11.2.0","versionType":"custom"},{"status":"unaffected","version":"11.1.0","versionType":"custom"},{"status":"affected","version":"11.0.0","lessThan":"11.0.5","changes":[{"at":"11.0.5","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.4-h6","changes":[{"at":"10.2.4-h6","status":"unaffected"},{"at":"10.2.5","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","lessThan":"10.1.14","changes":[{"at":"10.1.14","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<span>A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.</span><br>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-2551","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"HIGH","baseScore":8.7,"threatSeverity":"MEDIUM","threatScore":6.6,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"No special configuration is required to be affected by this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"No special configuration is required to be affected by this issue."}]}],"workarounds":[{"lang":"en","value":"No workaround or mitigation is available.","supportingMedia":[{"type":"text/html","base64":false,"value":"No workaround or mitigation is available."}]}],"solutions":[{"lang":"eng","value":"This issue is fixed in PAN-OS 10.1.14, PAN-OS 10.2.4-h6, PAN-OS 10.2.5, PAN-OS 11.0.5, and all later PAN-OS versions.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue is fixed in PAN-OS 10.1.14, PAN-OS 10.2.4-h6, PAN-OS 10.2.5, PAN-OS 11.0.5, and all later PAN-OS versions.<br>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2024-11-13T17:00:00.000Z","lang":"en","value":"Initial publication"}],"credits":[{"lang":"en","value":"a customer","type":"finder"}],"source":{"defect":["PAN-223185"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.0.4-h6","PAN-OS 11.0.4-h5","PAN-OS 11.0.4-h4","PAN-OS 11.0.4-h3","PAN-OS 11.0.4-h2","PAN-OS 11.0.4-h1","PAN-OS 11.0.4","PAN-OS 11.0.3-h13","PAN-OS 11.0.3-h12","PAN-OS 11.0.3-h11","PAN-OS 11.0.3-h10","PAN-OS 11.0.3-h9","PAN-OS 11.0.3-h8","PAN-OS 11.0.3-h7","PAN-OS 11.0.3-h6","PAN-OS 11.0.3-h5","PAN-OS 11.0.3-h4","PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h5","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h5","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h4","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2024-9472","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic","datePublic":"2024-11-13T18:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-476","description":"CWE-476 NULL Pointer Dereference","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-129","descriptions":[{"lang":"en","value":"CAPEC-129 Pointer Manipulation"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected","cpes":[]},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*"],"versions":[{"status":"affected","version":"11.2.0","lessThan":"11.2.2-h3","changes":[{"at":"11.2.2-h3","status":"unaffected"},{"at":"11.2.3","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.2-h14","changes":[{"at":"11.1.2-h14","status":"unaffected"},{"at":"11.1.3-h10","status":"unaffected"}],"versionType":"custom"},{"status":"unaffected","version":"11.0.0","versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.7-h16","changes":[{"at":"10.2.7-h16","status":"unaffected"},{"at":"10.2.8-h13","status":"unaffected"},{"at":"10.2.9-h14","status":"unaffected"},{"at":"10.2.10-h7","status":"unaffected"},{"at":"10.2.11-h4","status":"unaffected"}],"versionType":"custom"},{"status":"unaffected","version":"10.1.0","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected","cpes":[]}],"descriptions":[{"lang":"en","value":"A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.\n\nPalo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected.\n\nThis issue only affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series running these specific versions of PAN-OS:\n * 10.2.7-h12\n * 10.2.8-h10\n * 10.2.9-h9\n * 10.2.9-h11\n * 10.2.10-h2\n * 10.2.10-h3\n * 10.2.11\n * 10.2.11-h1\n * 10.2.11-h2\n * 10.2.11-h3\n * 11.1.2-h9\n * 11.1.2-h12\n * 11.1.3-h2\n * 11.1.3-h4\n * 11.1.3-h6\n * 11.2.2\n * 11.2.2-h1","supportingMedia":[{"type":"text/html","base64":false,"value":"<div>A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.</div><br><div>Palo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected.</div><br><div>This issue only affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series running these specific versions of PAN-OS:</div><div><ul><li>10.2.7-h12</li><li>10.2.8-h10</li><li>10.2.9-h9</li><li>10.2.9-h11</li><li>10.2.10-h2</li><li>10.2.10-h3</li><li>10.2.11</li><li>10.2.11-h1</li><li>10.2.11-h2</li><li>10.2.11-h3</li><li>11.1.2-h9</li><li>11.1.2-h12</li><li>11.1.3-h2</li><li>11.1.3-h4</li><li>11.1.3-h6</li><li>11.2.2</li><li>11.2.2-h1</li></ul></div>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-9472","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"HIGH","baseScore":8.7,"threatSeverity":"MEDIUM","threatScore":6.6,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"This issue is only applicable firewalls where url proxy or any decrypt-policy is configured.\n\nWhen any decrypt policy is configured, this issue may be encountered regardless of whether traffic matches explicit decrypt, explicit no-decrypt, or none of the decryption policies.","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue is only applicable firewalls where url proxy or any decrypt-policy is configured.<br><br>When any decrypt policy is configured, this issue may be encountered regardless of whether traffic matches explicit decrypt, explicit no-decrypt, or none of the decryption policies."}]}],"workarounds":[{"lang":"en","value":"This issue does not impact firewalls that do not have url proxy or any decrypt-policy configured.\n\nThe issue can be completely mitigated by setting this option:\n\n\n> set system setting ctd nonblocking-pattern-match disable","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue does not impact firewalls that do not have url proxy or any decrypt-policy configured.<br><br>The issue can be completely mitigated by setting this option:<br><blockquote><tt>set system setting ctd nonblocking-pattern-match disable</tt></blockquote>"}]}],"solutions":[{"lang":"eng","value":"This issue is fixed in PAN-OS 10.2.7-h16, PAN-OS 10.2.8-h13, PAN-OS 10.2.9-h14, PAN-OS 10.2.10-h7, PAN-OS 10.2.11-h4, PAN-OS 11.1.2-h14, PAN-OS 11.1.3-h10, PAN-OS 11.2.2-h3, PAN-OS 11.2.3, and all later PAN-OS versions.","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue is fixed in PAN-OS 10.2.7-h16, PAN-OS 10.2.8-h13, PAN-OS 10.2.9-h14, PAN-OS 10.2.10-h7, PAN-OS 10.2.11-h4, PAN-OS 11.1.2-h14, PAN-OS 11.1.3-h10, PAN-OS 11.2.2-h3, PAN-OS 11.2.3, and all later PAN-OS versions."}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue. However, customers have reported encountering this issue during normal operations.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue. However, customers have reported encountering this issue during normal operations."}]}],"timeline":[{"time":"2024-11-13T17:00:00.000Z","lang":"en","value":"Initial publication"}],"source":{"defect":["PAN-262287","PAN-226361"],"discovery":"USER"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 10.2.11-h3","PAN-OS 10.2.11-h2","PAN-OS 10.2.11-h1","PAN-OS 10.2.11","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2024-5918","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User","datePublic":"2024-11-13T18:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-295","description":"CWE-295 Improper Certificate Validation","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-151","descriptions":[{"lang":"en","value":"CAPEC-151 Identity Spoofing"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1:-:*:*:*:*:*:*"],"versions":[{"status":"unaffected","version":"11.2.0","versionType":"custom"},{"status":"unaffected","version":"11.1.0","versionType":"custom"},{"status":"affected","version":"11.0.0","lessThan":"11.0.3","changes":[{"at":"11.0.3","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.4-h5","changes":[{"at":"10.2.4-h5","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","lessThan":"10.1.11","changes":[{"at":"10.1.11","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you \"Allow Authentication with User Credentials OR Client Certificate.\"\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<span>An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you \"Allow Authentication with User Credentials OR Client Certificate.\"</span><br>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-5918","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","subIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"LOW","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"MEDIUM","baseScore":5.3,"threatSeverity":"LOW","threatScore":1.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:U/AU:N/R:A/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"This issue impacts only firewalls on which you configured a GlobalProtect portal or GlobalProtect gateway to use Client Certificate Authentication and you set the \"Allow Authentication with User Credentials OR Client Certificate\" option to \"Yes\".\n\nYou can verify whether you configured GlobalProtect portal or gateway by checking for entries in your firewall web interface (Network → GlobalProtect → Portals or Network → GlobalProtect → Gateways).\n\nIf you do have GlobalProtect portals or gateways in your configuration, then you can verify whether you configured Client Certificate Authentication on these portals and gateways by checking your firewall web interface (Network → GlobalProtect → Portals → (portal-config) → Authentication or Network → GlobalProtect → Gateways → (gateway-config) → Authentication).","supportingMedia":[{"type":"text/html","base64":false,"value":"<p><span>This issue impacts only firewalls on which you configured a GlobalProtect portal or GlobalProtect gateway to use Client Certificate Authentication and you set the \"Allow Authentication with User Credentials OR Client Certificate\" option to \"Yes\".</span></p><p><span>You can verify whether you configured GlobalProtect portal or gateway by checking for entries in your firewall web interface (Network → GlobalProtect → Portals or Network → GlobalProtect → Gateways).</span></p><p><span>If you do have GlobalProtect portals or gateways in your configuration, then you can verify whether you configured Client Certificate Authentication  on these portals and gateways by checking your firewall web interface (Network → GlobalProtect → Portals → (portal-config) → Authentication or Network → GlobalProtect → Gateways → (gateway-config) → Authentication).</span></p>"}]}],"workarounds":[{"lang":"en","value":"You can mitigate this issue by setting the \"Allow Authentication with User Credentials OR Client Certificate\" option to \"No.\" Additional information is available here:\nhttps://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-portals/globalprotect-portals-authentication-configuration-tab\n * https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-portals/globalprotect-portals-authentication-configuration-tab\n * https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-gateways/globalprotect-gateway-authentication-tab\n   https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-gateways/globalprotect-gateway-authentication-tabhttps://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-gateways/globalprotect-gateway-authentication-tab\n   ","supportingMedia":[{"type":"text/html","base64":false,"value":"You can mitigate this issue by setting the \"Allow Authentication with User Credentials OR Client Certificate\" option to \"No.\" Additional information is available here:<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-portals/globalprotect-portals-authentication-configuration-tab\"></a><div><ul><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-portals/globalprotect-portals-authentication-configuration-tab\">https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-portals/globalprotect-portals-authentication-configuration-tab</a></li><li><div><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-gateways/globalprotect-gateway-authentication-tab\"></a><div><div><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-gateways/globalprotect-gateway-authentication-tab\">https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-gateways/globalprotect-gateway-authentication-tab</a><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-gateways/globalprotect-gateway-authentication-tab\"></a></div></div></div><br></li></ul></div>"}]}],"solutions":[{"lang":"eng","value":"This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.4-h5, PAN-OS 10.2.5, PAN-OS 11.0.3, and all later PAN-OS versions.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<span>This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.4-h5, PAN-OS 10.2.5, PAN-OS 11.0.3, and all later PAN-OS versions.</span><br>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2024-11-13T17:00:00.000Z","lang":"en","value":"Initial publication"}],"source":{"defect":["PAN-216947"],"discovery":"USER"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.0.2-h5","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h5","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h4","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2024-5919","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Authenticated XML External Entities (XXE) Injection Vulnerability","datePublic":"2024-11-13T18:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-611","description":"CWE-611 Improper Restriction of XML External Entity Reference","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-201","descriptions":[{"lang":"en","value":"CAPEC-201 XML Entity Linking"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1:-:*:*:*:*:*:*"],"versions":[{"status":"unaffected","version":"11.2.0","versionType":"custom"},{"status":"unaffected","version":"11.1.0","versionType":"custom"},{"status":"affected","version":"11.0.0","lessThan":"11.0.2","changes":[{"at":"11.0.2","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.5","changes":[{"at":"10.2.5","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","lessThan":"10.1.10","changes":[{"at":"10.1.10","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<span>A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.</span><br>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-5919","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"MEDIUM","baseScore":5.1,"threatSeverity":"LOW","threatScore":1.2,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"TBD","supportingMedia":[{"type":"text/html","base64":false,"value":"TBD"}]}],"workarounds":[{"lang":"en","value":"TBD","supportingMedia":[{"type":"text/html","base64":false,"value":"TBD"}]}],"solutions":[{"lang":"eng","value":"This issue is fixed in PAN-OS 10.1.10, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<span>This issue is fixed in PAN-OS 10.1.10, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.</span><br>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2024-11-13T17:00:00.000Z","lang":"en","value":"Initial publication"}],"credits":[{"lang":"en","value":"Dan Marin of Deloitte","type":"finder"},{"lang":"en","value":"Cristian Mocanu of Deloitte","type":"finder"},{"lang":"en","value":"Alex Hordijk","type":"finder"}],"source":{"defect":["PAN-205062"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.0.1-h5","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h4","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2024-2552","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI)","datePublic":"2024-11-13T18:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-126","descriptions":[{"lang":"en","value":"CAPEC-126 Path Traversal"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected","cpes":[]},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*"],"versions":[{"status":"affected","version":"11.2.0","lessThan":"11.2.4","changes":[{"at":"11.2.4","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.5","changes":[{"at":"11.1.5","status":"unaffected"},{"at":"11.1.4-h9","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.0.0","lessThan":"11.0.6","changes":[{"at":"11.0.6","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.12","changes":[{"at":"10.2.12","status":"unaffected"},{"at":"10.2.9-h18","status":"unaffected"},{"at":"10.2.8-h18","status":"unaffected"},{"at":"10.2.10-h10","status":"unaffected"},{"at":"10.2.11-h9","status":"unaffected"},{"at":"10.2.7-h21","status":"unaffected"}],"versionType":"custom"},{"status":"unaffected","version":"10.1.0","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected","cpes":[]}],"descriptions":[{"lang":"en","value":"A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<span>A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.</span><br>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-2552","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"MEDIUM","baseScore":6.8,"threatSeverity":"MEDIUM","threatScore":4.3,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"No special configuration is required to be affected by this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"No special configuration is required to be affected by this issue."}]}],"workarounds":[{"lang":"en","value":"We strongly recommend customers to ensure access to your management interface is configured correctly in accordance with our recommended best practice deployment guidelines. In particular, we recommend that you ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. The vast majority of firewalls already follow this Palo Alto Networks and industry best practice.\n\nPlease see the following link for additional information regarding how to secure the management access of your palo alto networks device: https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\n\nhttps://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>We strongly recommend customers to ensure access to your management interface is configured correctly in accordance with our recommended best practice deployment guidelines. In particular, we recommend that you ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. The vast majority of firewalls already follow this Palo Alto Networks and industry best practice.</p><p>Please see the following link for additional information regarding how to secure the management access of your palo alto networks device: <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431</a></p><a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"></a>"}]}],"solutions":[{"lang":"eng","value":"This issue is fixed in PAN-OS 10.2.12, PAN-OS 11.0.6, PAN-OS 11.1.5, PAN-OS 11.2.4, and all later PAN-OS versions.\n\nIn addition, in an attempt to provide the most seamless upgrade path for our customers, we are making additional fixes available as noted below:\n\n * Additional 11.1 fix:\n   * 11.1.4-h9\n     \n * Additional 10.2 fixes:\n   * 10.2.11-h9\n   * 10.2.10-h10\n   * 10.2.9-h18\n   * 10.2.8-h18\n     \n   * 10.2.7-h21","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue is fixed in PAN-OS 10.2.12, PAN-OS 11.0.6, PAN-OS 11.1.5, PAN-OS 11.2.4, and all later PAN-OS versions.<br><br>In addition, in an attempt to provide the most seamless upgrade path for our customers, we are making additional fixes available as noted below:<br><ul><li>Additional 11.1 fix:<ul><li>11.1.4-h9<br></li></ul></li><li>Additional 10.2 fixes:<ul><li>10.2.11-h9</li><li>10.2.10-h10</li><li>10.2.9-h18</li><li>10.2.8-h18<br></li><li>10.2.7-h21</li></ul></li></ul>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<span>Palo Alto Networks is not aware of any malicious exploitation of this issue.</span><br>"}]}],"timeline":[{"time":"2025-01-06T21:30:00.000Z","lang":"en","value":"Added additional fixed versions for PAN-OS 10.2"},{"time":"2024-12-20T23:40:00.000Z","lang":"en","value":"Added additional fixed versions for PAN-OS 11.1 and PAN-OS 10.2"},{"time":"2024-11-13T17:00:00.000Z","lang":"en","value":"Initial publication"}],"credits":[{"lang":"en","value":"Bobby Storey","type":"finder"}],"source":{"defect":["PAN-261332"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.2.3-h5","PAN-OS 11.2.3-h4","PAN-OS 11.2.3-h3","PAN-OS 11.2.3-h2","PAN-OS 11.2.3-h1","PAN-OS 11.2.3","PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 11.0.5-h2","PAN-OS 11.0.5-h1","PAN-OS 11.0.5","PAN-OS 11.0.4-h6","PAN-OS 11.0.4-h5","PAN-OS 11.0.4-h4","PAN-OS 11.0.4-h3","PAN-OS 11.0.4-h2","PAN-OS 11.0.4-h1","PAN-OS 11.0.4","PAN-OS 11.0.3-h13","PAN-OS 11.0.3-h12","PAN-OS 11.0.3-h11","PAN-OS 11.0.3-h10","PAN-OS 11.0.3-h9","PAN-OS 11.0.3-h8","PAN-OS 11.0.3-h7","PAN-OS 11.0.3-h6","PAN-OS 11.0.3-h5","PAN-OS 11.0.3-h4","PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h5","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h5","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h4","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 10.2.11-h8","PAN-OS 10.2.11-h7","PAN-OS 10.2.11-h6","PAN-OS 10.2.11-h5","PAN-OS 10.2.11-h4","PAN-OS 10.2.11-h3","PAN-OS 10.2.11-h2","PAN-OS 10.2.11-h1","PAN-OS 10.2.11","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2024-2550","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway Using a Specially Crafted Packet","datePublic":"2024-11-13T18:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-476","description":"CWE-476 NULL Pointer Dereference","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-129","descriptions":[{"lang":"en","value":"CAPEC-129 Pointer Manipulation"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*"],"versions":[{"status":"unaffected","version":"11.2.0","versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.5","changes":[{"at":"11.1.5","status":"unaffected"},{"at":"11.1.4-h9","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.0.0","lessThan":"11.0.6","changes":[{"at":"11.0.6","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.11","changes":[{"at":"10.2.11","status":"unaffected"},{"at":"10.2.10-h10","status":"unaffected"},{"at":"10.2.9-h18","status":"unaffected"},{"at":"10.2.8-h18","status":"unaffected"},{"at":"10.2.7-h21","status":"unaffected"}],"versionType":"custom"},{"status":"unaffected","version":"10.1.0","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<span>A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.</span><br>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-2550","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"HIGH","baseScore":8.7,"threatSeverity":"MEDIUM","threatScore":6.6,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"This issue impacts only firewalls on which you configured a GlobalProtect gateway. You can verify whether you configured GlobalProtect gateway by checking for entries in your firewall web interface (Network → GlobalProtect → Gateways).","supportingMedia":[{"type":"text/html","base64":false,"value":"<div><div>This issue impacts only firewalls on which you configured a GlobalProtect gateway. You can verify whether you configured GlobalProtect gateway by checking for entries in your firewall web interface (Network → GlobalProtect → Gateways).</div></div>"}]}],"workarounds":[{"lang":"en","value":"No workaround or mitigation is available.","supportingMedia":[{"type":"text/html","base64":false,"value":"No workaround or mitigation is available."}]}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 10.2.11, PAN-OS 11.0.6, PAN-OS 11.1.5, and all later PAN-OS versions.\n\nIn addition, in an attempt to provide the most seamless upgrade path for our customers, we are making additional fixes available as noted below:\n\n * Additional 11.1 fix:\n   * 11.1.4-h9\n     \n * Additional 10.2 fixes:\n   * 10.2.10-h10\n   * 10.2.9-h18\n   * 10.2.8-h18\n   * 10.2.7-h21","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue is fixed in PAN-OS 10.2.11, PAN-OS 11.0.6, PAN-OS 11.1.5, and all later PAN-OS versions.<br><br>In addition, in an attempt to provide the most seamless upgrade path for our customers, we are making additional fixes available as noted below:<br><ul><li>Additional 11.1 fix:<ul><li>11.1.4-h9<br></li></ul></li><li>Additional 10.2 fixes:<ul><li>10.2.10-h10</li><li>10.2.9-h18</li><li>10.2.8-h18</li><li>10.2.7-h21</li></ul></li></ul>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-01-06T21:30:00.000Z","lang":"en","value":"Added additional fixed versions for PAN-OS 10.2"},{"time":"2024-12-20T20:55:00.000Z","lang":"en","value":"Updated the Product Status table"},{"time":"2024-11-13T17:00:00.000Z","lang":"en","value":"Initial publication"}],"credits":[{"lang":"en","value":"Michael Baker from AC3","type":"finder"}],"source":{"defect":["PAN-244950","PAN-221352"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.4-h4","PAN-OS 11.1.4-h3","PAN-OS 11.1.4-h2","PAN-OS 11.1.4-h1","PAN-OS 11.1.4","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 11.0.5-h2","PAN-OS 11.0.5-h1","PAN-OS 11.0.5","PAN-OS 11.0.4-h6","PAN-OS 11.0.4-h5","PAN-OS 11.0.4-h4","PAN-OS 11.0.4-h3","PAN-OS 11.0.4-h2","PAN-OS 11.0.4-h1","PAN-OS 11.0.4","PAN-OS 11.0.3-h13","PAN-OS 11.0.3-h12","PAN-OS 11.0.3-h11","PAN-OS 11.0.3-h10","PAN-OS 11.0.3-h9","PAN-OS 11.0.3-h8","PAN-OS 11.0.3-h7","PAN-OS 11.0.3-h6","PAN-OS 11.0.3-h5","PAN-OS 11.0.3-h4","PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h5","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h5","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h4","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2024-5920","assignerOrgId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"title":"PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in PAN-OS Enables Impersonation of a Legitimate Administrator","datePublic":"2024-11-13T18:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-79","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-592","descriptions":[{"lang":"en","value":"CAPEC-592 Stored XSS"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1:-:*:*:*:*:*:*"],"versions":[{"status":"unaffected","version":"11.2.0","versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.4","changes":[{"at":"11.1.4","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.0.0","lessThan":"11.0.6","changes":[{"at":"11.0.6","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.7-h24","changes":[{"at":"10.2.11","status":"unaffected"},{"at":"10.2.10-h14","status":"unaffected"},{"at":"10.2.7-h24","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","lessThan":"10.1.14","changes":[{"at":"10.1.14","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator's browser.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<span>A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator's browser.</span><br>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-5920","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"MEDIUM","baseScore":4.6,"threatSeverity":"LOW","threatScore":1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"No special configuration is required to be affected by this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"No special configuration is required to be affected by this issue."}]}],"workarounds":[{"lang":"en","value":"No known workarounds or mitigations exist for this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"No known workarounds or mitigations exist for this issue."}]}],"solutions":[{"lang":"eng","value":"This issue is fixed in PAN-OS 10.1.14, 10.2.10-h14, PAN-OS 10.2.11, PAN-OS 11.0.6, PAN-OS 11.1.4, and all later PAN-OS versions.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue is fixed in PAN-OS 10.1.14, 10.2.10-h14, PAN-OS 10.2.11, PAN-OS 11.0.6, PAN-OS 11.1.4, and all later PAN-OS versions."}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2024-11-13T17:00:00.000Z","lang":"en","value":"Initial publication"},{"time":"2025-04-24T17:20:00.000Z","lang":"en","value":"Corrected the required configuration and workarounds sections"},{"time":"2025-04-30T17:45:00.000Z","lang":"en","value":"Updated fix availability for PAN-OS 10.2"}],"credits":[{"lang":"en","value":"Kajetan Rostojek","type":"finder"}],"source":{"defect":["PAN-222484"],"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_affectedList":["PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 11.0.5-h2","PAN-OS 11.0.5-h1","PAN-OS 11.0.5","PAN-OS 11.0.4-h6","PAN-OS 11.0.4-h5","PAN-OS 11.0.4-h4","PAN-OS 11.0.4-h3","PAN-OS 11.0.4-h2","PAN-OS 11.0.4-h1","PAN-OS 11.0.4","PAN-OS 11.0.3-h13","PAN-OS 11.0.3-h12","PAN-OS 11.0.3-h11","PAN-OS 11.0.3-h10","PAN-OS 11.0.3-h9","PAN-OS 11.0.3-h8","PAN-OS 11.0.3-h7","PAN-OS 11.0.3-h6","PAN-OS 11.0.3-h5","PAN-OS 11.0.3-h4","PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h5","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h5","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h4","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 10.2.10-h13","PAN-OS 10.2.10-h12","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h21","PAN-OS 10.2.9-h20","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h21","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h24","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"PAN-SA-2024-0012","assignerOrgId":"00000000-0000-4000-9000-000000000000","assignerShortName":"palo_alto","serial":1,"dateReserved":"2024-10-29T20:30:00.000Z","datePublished":"2024-10-29T20:30:00.000Z","state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000","shortName":"Not found","dateUpdated":"2024-11-20T08:00:00.000Z"},"title":"Informational Bulletin: OSS CVEs fixed in PAN-OS","datePublic":"2024-10-29T20:30:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","description":""}]}],"impacts":[{"descriptions":[{"lang":"en","value":""}]}],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"status":"affected","version":"","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. While it was not determined that these CVEs have any significant impact on PAN-OS, they have been fixed out of an abundance of caution.","supportingMedia":[{"type":"text/html","base64":true,"value":"<pre>The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. While it was not determined that these CVEs have any significant impact on PAN-OS, they have been fixed out of an abundance of caution.</pre>"}]}],"references":[{"url":"https://","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"PHYSICAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","exploitMaturity":"NOT_DEFINED","baseSeverity":"NONE","baseScore":0,"threatSeverity":"NONE","threatScore":0,"vectorString":"CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"}}],"configurations":[{"lang":"en","value":"TBD","supportingMedia":[{"type":"text/html","base64":false,"value":"TBD"}]}],"workarounds":[{"lang":"en","value":"TBD","supportingMedia":[{"type":"text/html","base64":false,"value":"TBD"}]}],"solutions":[{"lang":"en","value":"The OSS CVEs are fixed in the respective PAN-OS versions.","supportingMedia":[{"type":"text/html","base64":false,"value":"The OSS CVEs are fixed in the respective PAN-OS versions."}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"x_affectedList":["PAN-OS"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2024-9468","assignerOrgId":"00000000-0000-4000-9000-000000000000","assignerShortName":"palo_alto","dateUpdated":"2024-10-14T00:00:00.000Z","serial":1,"dateReserved":"2024-10-09T07:00:00.000Z","datePublished":"2024-10-09T07:00:00.000Z","state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000","shortName":"palo_alto","dateUpdated":"2024-10-09T17:05:00.000Z"},"title":"PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet","datePublic":"2024-10-09T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-787","description":"CWE-787 Out-of-bounds Write","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-583","descriptions":[{"lang":"en","value":"CAPEC-583 Disabling Network Hardware"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h23:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h22:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h21:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h20:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*"],"versions":[{"status":"unaffected","version":"11.2.0","versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.3","changes":[{"at":"11.1.3","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.0.0","lessThan":"11.0.4-h5","changes":[{"at":"11.0.4-h5","status":"unaffected"},{"at":"11.0.6","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.4-h24","changes":[{"at":"10.2.9-h11","status":"unaffected"},{"at":"10.2.10-h4","status":"unaffected"},{"at":"10.2.11","status":"unaffected"},{"at":"10.2.8-h20","status":"unaffected"},{"at":"10.2.7-h24","status":"unaffected"},{"at":"10.2.4-h24","status":"unaffected"}],"versionType":"custom"},{"status":"unaffected","version":"10.1.0","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.","supportingMedia":[{"type":"text/html","base64":true,"value":"<pre>A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.</pre>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-9468","tags":["x_refsource_CONFIRM"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER","exploitMaturity":"NOT_DEFINED","baseSeverity":"HIGH","baseScore":8.2,"threatSeverity":"HIGH","threatScore":8.2,"vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:L/U:Amber"}}],"configurations":[{"lang":"en","value":"This issue affects only PAN-OS configurations where all of the following are true:\n* Threat Prevention is enabled.\n* The Threat Prevention signature 86467 (\"Possible Domain Fronting Detection-SNI\") is enabled on an Anti-Spyware profile.\n* This setting is enabled: Device > Setup > Session > Decryption Settings > SSL Decryption Settings > Send handshake messages to CTD for inspection.","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue affects only PAN-OS configurations where all of the following are true:\n* Threat Prevention is enabled.\n* The Threat Prevention signature 86467 (\"Possible Domain Fronting Detection-SNI\") is enabled on an Anti-Spyware profile.\n* This setting is enabled: Device > Setup > Session > Decryption Settings > SSL Decryption Settings > Send handshake messages to CTD for inspection."}]}],"workarounds":[{"lang":"en","value":"Customers can block attacks for this vulnerability by disabling this setting: Device > Setup Session > Decryption Settings > SSL Decryption Settings > Send handshake messages to CTD for inspection.\n\nCustomers with a Threat Prevention subscription, who want to keep domain fronting detection enabled, can block attacks for this vulnerability by enabling Threat ID 94971 (introduced in Applications and Threats content version 8854).","supportingMedia":[{"type":"text/html","base64":false,"value":"Customers can block attacks for this vulnerability by disabling this setting: Device > Setup Session > Decryption Settings > SSL Decryption Settings > Send handshake messages to CTD for inspection.\n\nCustomers with a Threat Prevention subscription, who want to keep domain fronting detection enabled, can block attacks for this vulnerability by enabling Threat ID 94971 (introduced in Applications and Threats content version 8854)."}]}],"solutions":[{"lang":"en","value":"This issue is fixed in 10.2.9-h11, 10.2.10-h4, PAN-OS 10.2.11, PAN-OS 11.0.4-h5, PAN-OS 11.0.6, PAN-OS 11.1.3, and all later PAN-OS versions.","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue is fixed in 10.2.9-h11, 10.2.10-h4, PAN-OS 10.2.11, PAN-OS 11.0.4-h5, PAN-OS 11.0.6, PAN-OS 11.1.3, and all later PAN-OS versions."}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2025-04-30T17:45:00.000Z","lang":"en","value":"Updated fix availability for PAN-OS 10.2"},{"time":"2024-10-14T22:40:00.000Z","lang":"eng","value":"Clarified the Required Configuration for Exposure section"},{"time":"2024-10-09T16:00:00.000Z","lang":"eng","value":"Initial publication"}],"credits":[{"lang":"en","value":"This issue was found by Jeff Luo of Palo Alto Networks during internal review.","type":"finder"}],"source":{"defect":["PAN-244840"],"discovery":"INTERNAL"},"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"x_affectedList":["PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 11.0.5-h2","PAN-OS 11.0.5-h1","PAN-OS 11.0.5","PAN-OS 11.0.4-h4","PAN-OS 11.0.4-h3","PAN-OS 11.0.4-h2","PAN-OS 11.0.4-h1","PAN-OS 11.0.4","PAN-OS 11.0.3-h13","PAN-OS 11.0.3-h12","PAN-OS 11.0.3-h11","PAN-OS 11.0.3-h10","PAN-OS 11.0.3-h9","PAN-OS 11.0.3-h8","PAN-OS 11.0.3-h7","PAN-OS 11.0.3-h6","PAN-OS 11.0.3-h5","PAN-OS 11.0.3-h4","PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h5","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h5","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h4","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.10-h1","PAN-OS 10.2.10","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2024-9471","assignerOrgId":"00000000-0000-4000-9000-000000000000","assignerShortName":"palo_alto","dateUpdated":"2024-10-09T00:00:00.000Z","serial":1,"dateReserved":"2024-10-09T07:00:00.000Z","datePublished":"2024-10-09T07:00:00.000Z","state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000","shortName":"palo_alto","dateUpdated":"2024-10-09T17:06:00.000Z"},"title":"PAN-OS: Privilege Escalation (PE) Vulnerability in XML API","datePublic":"2024-10-09T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-269","description":"CWE-269 Improper Privilege Management","type":"CWE"}]}],"impacts":[{"descriptions":[{"lang":"en","value":""}]}],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"status":"unaffected","version":"11.1 All","versionType":"custom"},{"status":"affected","version":"9.1 All","versionType":"custom"},{"status":"unaffected","version":"9.1 None","versionType":"custom"},{"status":"affected","version":"9.0 All","versionType":"custom"},{"status":"unaffected","version":"9.0 None","versionType":"custom"},{"status":"affected","version":"11.0","lessThan":"11.0.3","changes":[{"at":"11.0.3","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1","lessThan":"10.1.11","changes":[{"at":"10.1.11","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2","lessThan":"10.2.8","changes":[{"at":"10.2.8","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator beyond what the XML API permits.","supportingMedia":[{"type":"text/html","base64":true,"value":"<pre>A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator beyond what the XML API permits.</pre>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-9471","tags":["x_refsource_CONFIRM"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN","exploitMaturity":"NOT_DEFINED","baseSeverity":"MEDIUM","baseScore":5.1,"threatSeverity":"MEDIUM","threatScore":5.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green"}}],"configurations":[{"lang":"en","value":"This issue is applicable only to PAN-OS configurations that have XML API access enabled.\n\nYou can find more information about the XML API here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/enable-api-access","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue is applicable only to PAN-OS configurations that have XML API access enabled.\n\nYou can find more information about the XML API here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/enable-api-access"}]}],"workarounds":[{"lang":"en","value":"This issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the effect this issue has on your environment by following the Administrative Access Best Practices in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.\n\nEach XML API key is associated with a specific user. XML API keys are not meant to be shared between users.","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the effect this issue has on your environment by following the Administrative Access Best Practices in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.\n\nEach XML API key is associated with a specific user. XML API keys are not meant to be shared between users."}]}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions.","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions."}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2024-10-09T16:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2024-10-09T18:50:00.000Z","lang":"eng","value":"Clarified the impact and noted that XML API keys should not be shared between users"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks an external reporter for discovering and reporting this issue.","type":"finder"}],"source":{"defect":["PAN-217511","PAN-152631"],"discovery":"EXTERNAL"},"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"x_affectedList":["PAN-OS 11.0.2-h5","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h5","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h4","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 10.2.7-h24","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2024-8686","assignerOrgId":"00000000-0000-4000-9000-000000000000","assignerShortName":"palo_alto","dateUpdated":"2024-09-11T00:00:00.000Z","serial":1,"dateReserved":"2024-09-11T07:00:00.000Z","datePublished":"2024-09-11T07:00:00.000Z","state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000","shortName":"palo_alto","dateUpdated":"2024-09-11T16:34:00.000Z"},"title":"PAN-OS: Command Injection Vulnerability","datePublic":"2024-09-11T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-78","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","type":"CWE"}]}],"impacts":[{"descriptions":[{"lang":"en","value":""}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*"],"versions":[{"status":"unaffected","version":"11.2.0","lessThan":"11.2.2","changes":[{"at":"11.2.2","status":"affected"},{"at":"11.2.3","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.2.2","versionType":"custom"},{"status":"unaffected","version":"11.1.0","versionType":"custom"},{"status":"unaffected","version":"11.0.0","versionType":"custom"},{"status":"unaffected","version":"10.2.0","versionType":"custom"},{"status":"unaffected","version":"10.1.0","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall.","supportingMedia":[{"type":"text/html","base64":true,"value":"<pre>A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall.</pre>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-8686","tags":["x_refsource_CONFIRM"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"NOT_DEFINED","baseSeverity":"HIGH","baseScore":8.6,"threatSeverity":"HIGH","threatScore":8.6,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"TBD","supportingMedia":[{"type":"text/html","base64":false,"value":"TBD"}]}],"workarounds":[{"lang":"en","value":"TBD","supportingMedia":[{"type":"text/html","base64":false,"value":"TBD"}]}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 11.2.3 and all later PAN-OS versions.","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue is fixed in PAN-OS 11.2.3 and all later PAN-OS versions."}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2024-09-11T16:00:00.000Z","lang":"eng","value":"Initial publication"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Louis Lingg for discovering and reporting this issue.","type":"finder"}],"source":{"defect":["PAN-263321"],"discovery":"EXTERNAL"},"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"x_affectedList":["PAN-OS 11.2.2-h2","PAN-OS 11.2.2-h1","PAN-OS 11.2.2"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2024-8691","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2024-09-11T00:00:00","dateReserved":"2024-09-11T00:00:00","dateUpdated":"2024-09-11T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: User Impersonation in GlobalProtect Portal","datePublic":"2024-09-11T16:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-09-11T16:43:30.608Z"},"descriptions":[{"lang":"en","value":"A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker.</pre>"}]}],"x_affectedList":["PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 9.1.16-h5","PAN-OS 9.1.16-h4","PAN-OS 9.1.16-h3","PAN-OS 9.1.16-h2","PAN-OS 9.1.16-h1","PAN-OS 9.1.16","PAN-OS 9.1.15-h1","PAN-OS 9.1.15","PAN-OS 9.1.14-h8","PAN-OS 9.1.14-h7","PAN-OS 9.1.14-h6","PAN-OS 9.1.14-h5","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h5","PAN-OS 9.1.13-h4","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h7","PAN-OS 9.1.12-h6","PAN-OS 9.1.12-h5","PAN-OS 9.1.12-h4","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h5","PAN-OS 9.1.11-h4","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.2 All","status":"unaffected"},{"version":"11.0 All","status":"unaffected"},{"version":"11.1 All","status":"unaffected"},{"version":"11.2 All","status":"unaffected"},{"version":"9.1","status":"affected","lessThan":"9.1.17","versionType":"custom","changes":[{"at":"9.1.17","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.11","versionType":"custom","changes":[{"at":"10.1.11","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2024-8691"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Claudiu Pancotan for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","subConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","subIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subAvailabilityImpact":"LOW","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","baseSeverity":"MEDIUM","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/R:A/V:D/RE:M/U:Amber"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-863 Incorrect Authorization","cweId":"CWE-863"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-219031","PAN-192893"],"discovery":"EXTERNAL"},"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 9.1.17, PAN-OS 10.1.11, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 9.1.17, PAN-OS 10.1.11, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2024-09-11T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2024-8687","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2024-09-11T00:00:00","dateReserved":"2024-09-11T00:00:00","dateUpdated":"2024-09-11T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes","datePublic":"2024-09-11T16:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-09-11T16:40:21.066Z"},"descriptions":[{"lang":"en","value":"An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so.</pre>"}]}],"x_affectedList":["Prisma Access","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.11-h4","PAN-OS 10.0.11-h3","PAN-OS 10.0.11-h2","PAN-OS 10.0.11-h1","PAN-OS 10.0.11","PAN-OS 10.0.10-h1","PAN-OS 10.0.10","PAN-OS 10.0.9","PAN-OS 10.0.8-h11","PAN-OS 10.0.8-h10","PAN-OS 10.0.8-h9","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.15-h1","PAN-OS 9.1.15","PAN-OS 9.1.14-h8","PAN-OS 9.1.14-h7","PAN-OS 9.1.14-h6","PAN-OS 9.1.14-h5","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h5","PAN-OS 9.1.13-h4","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h7","PAN-OS 9.1.12-h6","PAN-OS 9.1.12-h5","PAN-OS 9.1.12-h4","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h5","PAN-OS 9.1.11-h4","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h7","PAN-OS 9.0.16-h6","PAN-OS 9.0.16-h5","PAN-OS 9.0.16-h4","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.24","PAN-OS 8.1.23-h1","PAN-OS 8.1.23","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","GlobalProtect App 6.2","GlobalProtect App 6.1","GlobalProtect App 6.0","GlobalProtect App 5.2","GlobalProtect App 5.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"11.1 All","status":"unaffected"},{"version":"11.2 All","status":"unaffected"},{"version":"11.0","status":"affected","lessThan":"11.0.1","versionType":"custom","changes":[{"at":"11.0.1","status":"unaffected"}]},{"version":"10.2","status":"affected","lessThan":"10.2.4","versionType":"custom","changes":[{"at":"10.2.4","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.9","versionType":"custom","changes":[{"at":"10.1.9","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.12","versionType":"custom","changes":[{"at":"10.0.12","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.16","versionType":"custom","changes":[{"at":"9.1.16","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.17","versionType":"custom","changes":[{"at":"9.0.17","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.25","versionType":"custom","changes":[{"at":"8.1.25","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"GlobalProtect App","versions":[{"version":"6.3 All","status":"unaffected"},{"version":"5.1","status":"affected","lessThan":"5.1.12","versionType":"custom","changes":[{"at":"5.1.12","status":"unaffected"}]},{"version":"5.2","status":"affected","lessThan":"5.2.13","versionType":"custom","changes":[{"at":"5.2.13","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThan":"6.0.7","versionType":"custom","changes":[{"at":"6.0.7","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThan":"6.1.2","versionType":"custom","changes":[{"at":"6.1.2","status":"unaffected"}]},{"version":"6.2","status":"affected","lessThan":"6.2.1","versionType":"custom","changes":[{"at":"6.2.1","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"unspecified","lessThan":"10.2.9 on PAN-OS","status":"affected","versionType":"custom"},{"version":"10.2.9 on PAN-OS","status":"unaffected","lessThan":"unspecified","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2024-8687"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Claudiu Pancotan for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","baseSeverity":"MEDIUM","baseScore":6.9,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere","cweId":"CWE-497"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-204689","GPC-16848"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"Impacted systems are those on which any of the following features are enabled:\n\n* Network > GlobalProtect > Portals > <portal-config> > Agent > <agent-config> > App > Allow User to Disable GlobalProtect App > Allow with Passcode\n* Network > GlobalProtect > Portals > <portal-config> > Agent > <agent-config> > App > Allow user to disconnect GlobalProtect App > Allow with Passcode\n* Network > GlobalProtect > Portals > <portal-config> > Agent > <agent-config> > App > Allow User to Uninstall GlobalProtect App > Allow with Password","supportingMedia":{"value":"Impacted systems are those on which any of the following features are enabled:\n\n* Network > GlobalProtect > Portals > <portal-config> > Agent > <agent-config> > App > Allow User to Disable GlobalProtect App > Allow with Passcode\n* Network > GlobalProtect > Portals > <portal-config> > Agent > <agent-config> > App > Allow user to disconnect GlobalProtect App > Allow with Passcode\n* Network > GlobalProtect > Portals > <portal-config> > Agent > <agent-config> > App > Allow User to Uninstall GlobalProtect App > Allow with Password","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Change the following two settings (if enabled) to \"Allow with Ticket\":\n\n* Network > GlobalProtect > Portals > <portal-config> > Agent > <agent-config> > App > Allow User to Disable GlobalProtect App\n* Network > GlobalProtect > Portals > <portal-config> > Agent > <agent-config> > App > Allow user to disconnect GlobalProtect App\n\nChange the following setting (if enabled) to \"Disallow\":\n\n* Network > GlobalProtect > Portals > <portal-config> > Agent > <agent-config> > App > Allow User to Uninstall GlobalProtect App","supportingMedia":{"value":"Change the following two settings (if enabled) to \"Allow with Ticket\":\n\n* Network > GlobalProtect > Portals > <portal-config> > Agent > <agent-config> > App > Allow User to Disable GlobalProtect App\n* Network > GlobalProtect > Portals > <portal-config> > Agent > <agent-config> > App > Allow user to disconnect GlobalProtect App\n\nChange the following setting (if enabled) to \"Disallow\":\n\n* Network > GlobalProtect > Portals > <portal-config> > Agent > <agent-config> > App > Allow User to Uninstall GlobalProtect App","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.12, PAN-OS 10.1.9, PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions. It is also fixed in Prisma Access 10.2.9 and all later Prisma Access versions. To maintain GlobalProtect app functionality for the vulnerable features, we released a corresponding software update for GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.7, GlobalProtect app 6.1.2, and GlobalProtect app 6.2.1, and all later GlobalProtect app versions.\n\nTo maintain the ability for end users to use the uninstall password feature and the disable or disconnect passcode feature, you must ensure that you upgrade all GlobalProtect app deployments to a fixed version before you upgrade your PAN-OS software to a fixed version.\n\nAll fixed versions of GlobalProtect are backwards compatible with vulnerable versions of PAN-OS software. However, fixed versions of PAN-OS software are not backwards compatible with vulnerable versions of GlobalProtect.\n\nYou can find additional information for PAN-204689 here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-0-known-and-addressed-issues/pan-os-11-1-0-known-issues\n\nPrisma Access customers can open a support case to request an upgrade.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.12, PAN-OS 10.1.9, PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions. It is also fixed in Prisma Access 10.2.9 and all later Prisma Access versions. To maintain GlobalProtect app functionality for the vulnerable features, we released a corresponding software update for GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.7, GlobalProtect app 6.1.2, and GlobalProtect app 6.2.1, and all later GlobalProtect app versions.\n\nTo maintain the ability for end users to use the uninstall password feature and the disable or disconnect passcode feature, you must ensure that you upgrade all GlobalProtect app deployments to a fixed version before you upgrade your PAN-OS software to a fixed version.\n\nAll fixed versions of GlobalProtect are backwards compatible with vulnerable versions of PAN-OS software. However, fixed versions of PAN-OS software are not backwards compatible with vulnerable versions of GlobalProtect.\n\nYou can find additional information for PAN-204689 here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-0-known-and-addressed-issues/pan-os-11-1-0-known-issues\n\nPrisma Access customers can open a support case to request an upgrade.","type":"text/html","base64":false}}],"timeline":[{"time":"2024-09-11T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2024-8688","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2024-09-11T00:00:00","dateReserved":"2024-09-11T00:00:00","dateUpdated":"2024-09-11T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Arbitrary File Read Vulnerability in the Command Line Interface (CLI)","datePublic":"2024-09-11T16:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-09-11T16:48:22.674Z"},"descriptions":[{"lang":"en","value":"An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall.</pre>"}]}],"x_affectedList":["PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.9","PAN-OS 10.0.8-h11","PAN-OS 10.0.8-h10","PAN-OS 10.0.8-h9","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.14-h8","PAN-OS 9.1.14-h7","PAN-OS 9.1.14-h6","PAN-OS 9.1.14-h5","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h5","PAN-OS 9.1.13-h4","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h7","PAN-OS 9.1.12-h6","PAN-OS 9.1.12-h5","PAN-OS 9.1.12-h4","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h5","PAN-OS 9.1.11-h4","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.2 All","status":"unaffected"},{"version":"11.0 All","status":"unaffected"},{"version":"11.1 All","status":"unaffected"},{"version":"11.2 All","status":"unaffected"},{"version":"9.1","status":"affected","lessThan":"9.1.15","versionType":"custom","changes":[{"at":"9.1.15","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.10","versionType":"custom","changes":[{"at":"10.0.10","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.1","versionType":"custom","changes":[{"at":"10.1.1","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2024-8688"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Matei \"Mal\" Badanoiu of Deloitte and Martin Smid of Palo Alto Networks for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","baseSeverity":"MEDIUM","baseScore":6.7,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-155 Improper Neutralization of Wildcards or Matching Symbols","cweId":"CWE-155"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-151792","PAN-82874"],"discovery":"EXTERNAL"},"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 9.1.15, PAN-OS 10.0.10, PAN-OS 10.1.1, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 9.1.15, PAN-OS 10.0.10, PAN-OS 10.1.1, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2024-09-11T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2024-5916","assignerOrgId":"00000000-0000-4000-9000-000000000000","assignerShortName":"palo_alto","dateUpdated":"2024-08-14T00:00:00.000Z","serial":1,"dateReserved":"2024-08-14T07:00:00.000Z","datePublished":"2024-08-14T07:00:00.000Z","state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000","shortName":"palo_alto","dateUpdated":"2024-08-14T16:41:00.000Z"},"title":"PAN-OS: Cleartext Exposure of External System Secrets","datePublic":"2024-08-14T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-313","description":"CWE-313: Cleartext Storage in a File or on Disk","type":"CWE"}]}],"impacts":[{"descriptions":[{"lang":"en","value":""}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*"],"versions":[{"status":"unaffected","version":"11.2.0","versionType":"custom"},{"status":"unaffected","version":"11.1.0","versionType":"custom"},{"status":"affected","version":"11.0.0","lessThan":"11.0.4","changes":[{"at":"11.0.4","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.7-h13","changes":[{"at":"10.2.8","status":"unaffected"},{"at":"10.2.7-h13","status":"unaffected"}],"versionType":"custom"},{"status":"unaffected","version":"10.1.0","versionType":"custom"},{"status":"unaffected","version":"9.1.0","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems.","supportingMedia":[{"type":"text/html","base64":true,"value":"<pre>An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems.</pre>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-5916","tags":["x_refsource_CONFIRM"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","subConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"HIGH","providerUrgency":"AMBER","exploitMaturity":"NOT_DEFINED","baseSeverity":"MEDIUM","baseScore":6,"threatSeverity":"MEDIUM","threatScore":6,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber"}}],"configurations":[{"lang":"en","value":"No special configuration is needed to be affected by this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"No special configuration is needed to be affected by this issue."}]}],"workarounds":[{"lang":"en","value":"No known workarounds or mitigations exist for this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"No known workarounds or mitigations exist for this issue."}]}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 10.2.8, PAN-OS 11.0.4, and all later PAN-OS versions. This issue is fixed in Cloud NGFW on or after 8/15 on Azure, Cloud NGFW on or after 8/23 on AWS, and all later Cloud NGFW versions.\n\nYou should also revoke the secrets, passwords, and tokens that are configured in all server profiles of affected PAN-OS firewalls (Device > Server Profiles) after upgrading PAN-OS.","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue is fixed in PAN-OS 10.2.8, PAN-OS 11.0.4, and all later PAN-OS versions. This issue is fixed in Cloud NGFW on or after 8/15 on Azure, Cloud NGFW on or after 8/23 on AWS, and all later Cloud NGFW versions.\n\nYou should also revoke the secrets, passwords, and tokens that are configured in all server profiles of affected PAN-OS firewalls (Device > Server Profiles) after upgrading PAN-OS."}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2024-08-14T16:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2025-04-30T18:00:00.000Z","lang":"en","value":"Updated fix availability for PAN-OS 10.2"}],"credits":[{"lang":"en","value":"This issue was found by Hari Yadavalli of Palo Alto Networks during an internal security review.","type":"finder"}],"source":{"defect":["PAN-231823"],"discovery":"INTERNAL"},"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"x_affectedList":["PAN-OS 11.0.3-h12","PAN-OS 11.0.3-h11","PAN-OS 11.0.3-h10","PAN-OS 11.0.3-h9","PAN-OS 11.0.3-h8","PAN-OS 11.0.3-h7","PAN-OS 11.0.3-h6","PAN-OS 11.0.3-h5","PAN-OS 11.0.3-h4","PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.2","Cloud NGFW"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2024-3596","assignerOrgId":"00000000-0000-4000-9000-000000000000","assignerShortName":"palo_alto","dateUpdated":"2024-07-26T00:00:00.000Z","serial":1,"dateReserved":"2024-07-10T07:00:00.000Z","datePublished":"2024-07-10T07:00:00.000Z","state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000","shortName":"certcc","dateUpdated":"2024-07-09T14:08:00.000Z"},"title":"PAN-OS: CHAP and PAP When Used with RADIUS Authentication Lead to Privilege Escalation","datePublic":"2024-07-10T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-290","description":"CWE-290 Authentication Bypass by Spoofing","type":"CWE"}]}],"impacts":[{"descriptions":[{"lang":"en","value":""}]}],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"status":"unaffected","version":"11.2.0","versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.3","changes":[{"at":"11.1.3","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.4-h21","changes":[{"at":"10.2.10","status":"unaffected"},{"at":"10.2.9-h8","status":"unaffected"},{"at":"10.2.8-h20","status":"unaffected"},{"at":"10.2.7-h21","status":"unaffected"},{"at":"10.2.4-h21","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.1.0","lessThan":"10.1.14","changes":[{"at":"10.1.14","status":"unaffected"},{"at":"10.1.12-h4","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.0.0","lessThan":"11.0.4-h5","changes":[{"at":"11.0.4-h5","status":"unaffected"},{"at":"11.0.6","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"9.1.0","lessThan":"9.1.19","changes":[{"at":"9.1.19","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h20:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h19:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h18:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h17:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:h3:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:h2:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:9.1.18:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:9.1.17:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:9.1.15:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:9.1.10:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:9.1.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:9.1.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:9.1.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:9.1.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:9.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:9.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:9.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:9.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:9.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:9.1.0:*:*:*:*:*:*:*","cpe:2.3:undefined:paloaltonetworks:palo_alto_networks_pan-os:9.1.7:-:*:*:*:*:*:*"]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected","cpes":[]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected","cpes":[]}],"descriptions":[{"lang":"en","value":"This vulnerability allows an attacker performing a meddler-in-the-middle attack between Palo Alto Networks PAN-OS firewall and a RADIUS server to bypass authentication and escalate privileges to ‘superuser’ when RADIUS authentication is in use and either CHAP or PAP is selected in the RADIUS server profile.\n\nCHAP and PAP are protocols with no Transport Layer Security (TLS), and hence vulnerable to meddler-in-the-middle attacks. Neither protocol should be used unless they are encapsulated by an encrypted tunnel. If they are in use, but are encapsulated within a TLS tunnel, they are not vulnerable to this attack.\n\nFor additional information regarding this vulnerability, please see https://blastradius.fail.","supportingMedia":[{"type":"text/html","base64":true,"value":"<p>This vulnerability allows an attacker performing a meddler-in-the-middle attack between Palo Alto Networks PAN-OS firewall and a RADIUS server to bypass authentication and escalate privileges to ‘superuser’ when RADIUS authentication is in use and either CHAP or PAP is selected in the RADIUS server profile.</p><p>CHAP and PAP are protocols with no Transport Layer Security (TLS), and hence vulnerable to meddler-in-the-middle attacks. Neither protocol should be used unless they are encapsulated by an encrypted tunnel. If they are in use, but are encapsulated within a TLS tunnel, they are not vulnerable to this attack.</p><p>For additional information regarding this vulnerability, please see <a>https://blastradius.fail</a>.</p>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-3596","tags":["x_refsource_CONFIRM"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","subIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"NOT_DEFINED","baseSeverity":"MEDIUM","baseScore":5.3,"threatSeverity":"MEDIUM","threatScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/AU:N/R:A/V:C/RE:M/U:Amber"}}],"configurations":[{"lang":"en","value":"To be vulnerable, Palo Alto Networks PAN-OS firewalls must be configured to use CHAP or PAP as the authentication protocol for a RADIUS server. Note that PAP differs from EAP-TTLS with PAP, which is not vulnerable to this attack.","supportingMedia":[{"type":"text/html","base64":false,"value":"To be vulnerable, Palo Alto Networks PAN-OS firewalls must be configured to use CHAP or PAP as the authentication protocol for a RADIUS server. Note that PAP differs from EAP-TTLS with PAP, which is not vulnerable to this attack."}]}],"workarounds":[{"lang":"en","value":"TBD","supportingMedia":[{"type":"text/html","base64":false,"value":"TBD"}]}],"solutions":[{"lang":"en","value":"The best way to address this issue is by using encrypted and authenticated channels that offer modern cryptographic security guarantees.\n\nConfigure an alternate authentication mechanism if you are using RADIUS with a CHAP or PAP authentication protocol. PAN-OS provides the following alternate RADIUS authentication mechanisms: PEAP-MSCHAPv2 (default), PEAP with GTC, and EAP-TTLS with PAP. For more information, please see https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/authentication/configure-radius-authentication.\n\nIn addition, instead of using RADIUS, you can configure an alternate authentication mechanism using one of the options described here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/authentication.\n\nIf you are a Prisma Access customer using a RADIUS configuration with PAP or CHAP in your profile and have not applied one of the changes described above, please reach out to TAC/CS to schedule an upgrade window.\n\nPAN-OS 9.1.19, PAN-OS 10.1.14, PAN-OS 10.2.10, PAN-OS 11.0.7, PAN-OS 11.1.3, and all later PAN-OS versions add a new feature to enforce an authentication check in RADIUS. This new feature is disabled by default to match the existing behavior. To enable this feature, run the following commands:\n\n> set auth radius-require-msg-authentic yes\n\nTo confirm that the setting was correctly enabled, run the following command:\n\n> show auth radius-require-msg-authentic\n\nIf set correctly, the response will say \"yes\". This setting is persistent across reboots. No ‘commit’ is required for this to take effect.\n\nPlease note that this feature requires that the RADIUS server has been updated to support the new protocol changes, as detailed in https://kb.cert.org/vuls/id/456537. If your RADIUS authentication breaks when radius-require-msg-authentic is set to yes, please work with your RADIUS server vendor for support with the RADIUS server upgrade process.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>The best way to address this issue is by using encrypted and authenticated channels that offer modern cryptographic security guarantees.</p><p>Configure an alternate authentication mechanism if you are using RADIUS with a CHAP or PAP authentication protocol. PAN-OS provides the following alternate RADIUS authentication mechanisms: PEAP-MSCHAPv2 (default), PEAP with GTC, and EAP-TTLS with PAP. For more information, please see <a>https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/authentication/configure-radius-authentication</a>.</p><p>In addition, instead of using RADIUS, you can configure an alternate authentication mechanism using one of the options described here: <a>https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/authentication</a>.</p><p>If you are a Prisma Access customer using a RADIUS configuration with PAP or CHAP in your profile and have not applied one of the changes described above, please reach out to TAC/CS to schedule an upgrade window.</p><p>PAN-OS 9.1.19, PAN-OS 10.1.14, PAN-OS 10.2.10, PAN-OS 11.0.7, PAN-OS 11.1.3, and all later PAN-OS versions add a new feature to enforce an authentication check in RADIUS. This new feature is disabled by default to match the existing behavior. To enable this feature, run the following commands:</p><blockquote><tt>set auth radius-require-msg-authentic yes</tt></blockquote><p>To confirm that the setting was correctly enabled, run the following command:</p><blockquote><tt>show auth radius-require-msg-authentic</tt></blockquote><p>If set correctly, the response will say \"yes\". This setting is persistent across reboots. No ‘commit’ is required for this to take effect.</p><p>Please note that this feature requires that the RADIUS server has been updated to support the new protocol changes, as detailed in <a>https://kb.cert.org/vuls/id/456537</a>. If your RADIUS authentication breaks when radius-require-msg-authentic is set to yes, please work with your RADIUS server vendor for support with the RADIUS server upgrade process.</p>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is aware of proof of concept code demonstrating how to exploit this generic issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is aware of proof of concept code demonstrating how to exploit this generic issue."}]}],"timeline":[{"time":"2024-07-10T16:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2024-07-16T23:00:00.000Z","lang":"eng","value":"Clarified versions for 11.0 branch"},{"time":"2024-07-26T05:00:00.000Z","lang":"eng","value":"Clarified requirements for RADIUS server"},{"time":"2025-04-30T17:45:00.000Z","lang":"en","value":"Updated fix availability for PAN-OS 10.1, 10.2, and Prisma Access"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl for discovering and reporting this issue.","type":"finder"}],"source":{"defect":["PAN-247511"],"discovery":"EXTERNAL"},"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"x_affectedList":["PAN-OS 11.1.2-h18","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 11.0.5-h2","PAN-OS 11.0.5-h1","PAN-OS 11.0.5","PAN-OS 11.0.4-h4","PAN-OS 11.0.4-h3","PAN-OS 11.0.4-h2","PAN-OS 11.0.4-h1","PAN-OS 11.0.4","PAN-OS 11.0.3-h13","PAN-OS 11.0.3-h12","PAN-OS 11.0.3-h11","PAN-OS 11.0.3-h10","PAN-OS 11.0.3-h9","PAN-OS 11.0.3-h8","PAN-OS 11.0.3-h7","PAN-OS 11.0.3-h6","PAN-OS 11.0.3-h5","PAN-OS 11.0.3-h4","PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h5","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h5","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h4","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 9.1.18","PAN-OS 9.1.17","PAN-OS 9.1.16-h5","PAN-OS 9.1.16-h4","PAN-OS 9.1.16-h3","PAN-OS 9.1.16-h2","PAN-OS 9.1.16-h1","PAN-OS 9.1.16","PAN-OS 9.1.15-h1","PAN-OS 9.1.15","PAN-OS 9.1.14-h8","PAN-OS 9.1.14-h7","PAN-OS 9.1.14-h6","PAN-OS 9.1.14-h5","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h5","PAN-OS 9.1.13-h4","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h7","PAN-OS 9.1.12-h6","PAN-OS 9.1.12-h5","PAN-OS 9.1.12-h4","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h5","PAN-OS 9.1.11-h4","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","Palo Alto Networks PAN-OS 9.1.7"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2024-5913","assignerOrgId":"00000000-0000-4000-9000-000000000000","assignerShortName":"palo_alto","dateUpdated":"2024-07-10T00:00:00.000Z","serial":1,"dateReserved":"2024-07-10T07:00:00.000Z","datePublished":"2024-07-10T07:00:00.000Z","state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000","shortName":"palo_alto","dateUpdated":"2024-08-06T04:19:00.000Z"},"title":"PAN-OS: Improper Input Validation Vulnerability in PAN-OS","datePublic":"2024-07-10T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-20","description":"CWE-20 Improper Input Validation","type":"CWE"}]}],"impacts":[{"descriptions":[{"lang":"en","value":""}]}],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*","cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"],"versions":[{"status":"affected","version":"10.1","lessThan":"10.1.14-h2","changes":[{"at":"10.1.14-h2","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"10.2","lessThan":"10.2.10","changes":[{"at":"10.2.10","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.0","lessThan":"11.0.5","changes":[{"at":"11.0.5","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.1","lessThan":"11.1.4","changes":[{"at":"11.1.4","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.2","lessThan":"11.2.1","changes":[{"at":"11.2.1","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"status":"affected","version":"None","versionType":"custom"},{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"affected","version":"None","versionType":"custom"},{"status":"unaffected","version":"All","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.","supportingMedia":[{"type":"text/html","base64":true,"value":"<pre>An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.</pre>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-5913","tags":["x_refsource_CONFIRM"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"NOT_DEFINED","baseSeverity":"MEDIUM","baseScore":5.4,"threatSeverity":"MEDIUM","threatScore":5.4,"vectorString":"CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber"}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 10.1.14-h2, PAN-OS 10.2.10, PAN-OS 11.0.5, PAN-OS 11.1.4, PAN-OS 11.2.1, and all later PAN-OS versions.","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue is fixed in PAN-OS 10.1.14-h2, PAN-OS 10.2.10, PAN-OS 11.0.5, PAN-OS 11.1.4, PAN-OS 11.2.1, and all later PAN-OS versions."}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2024-07-10T16:00:00.000Z","lang":"eng","value":"Initial publication"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Independent Security Researcher Pear1y, Joel Land of CISA Vulnerability Response and Coordination, rqu, Niceclear, Abyss Watcher, and Enrique Castillo of Palo Alto Networks for discovering and reporting this issue.","type":"finder"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"x_affectedList":["PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.2","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.3-h1","PAN-OS 11.1.3","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.2-h8","PAN-OS 11.1.2-h7","PAN-OS 11.1.2-h6","PAN-OS 11.1.2-h5","PAN-OS 11.1.2-h4","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 11.1","PAN-OS 11.0.4-h6","PAN-OS 11.0.4-h5","PAN-OS 11.0.4-h4","PAN-OS 11.0.4-h3","PAN-OS 11.0.4-h2","PAN-OS 11.0.4-h1","PAN-OS 11.0.4","PAN-OS 11.0.3-h13","PAN-OS 11.0.3-h12","PAN-OS 11.0.3-h11","PAN-OS 11.0.3-h10","PAN-OS 11.0.3-h9","PAN-OS 11.0.3-h8","PAN-OS 11.0.3-h7","PAN-OS 11.0.3-h6","PAN-OS 11.0.3-h5","PAN-OS 11.0.3-h4","PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h5","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h5","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h4","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.9-h5","PAN-OS 10.2.9-h4","PAN-OS 10.2.9-h3","PAN-OS 10.2.9-h2","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.8-h9","PAN-OS 10.2.8-h8","PAN-OS 10.2.8-h7","PAN-OS 10.2.8-h6","PAN-OS 10.2.8-h5","PAN-OS 10.2.8-h4","PAN-OS 10.2.8-h3","PAN-OS 10.2.8-h2","PAN-OS 10.2.8-h1","PAN-OS 10.2.8","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.7-h10","PAN-OS 10.2.7-h9","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.4-h24","PAN-OS 10.2.4-h23","PAN-OS 10.2.4-h22","PAN-OS 10.2.4-h21","PAN-OS 10.2.4-h20","PAN-OS 10.2.4-h19","PAN-OS 10.2.4-h18","PAN-OS 10.2.4-h17","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1.14-h1","PAN-OS 10.1.14","PAN-OS 10.1.13-h5","PAN-OS 10.1.13-h4","PAN-OS 10.1.13-h3","PAN-OS 10.1.13-h2","PAN-OS 10.1.13-h1","PAN-OS 10.1.13","PAN-OS 10.1.12-h3","PAN-OS 10.1.12-h2","PAN-OS 10.1.12-h1","PAN-OS 10.1.12","PAN-OS 10.1.11-h10","PAN-OS 10.1.11-h9","PAN-OS 10.1.11-h8","PAN-OS 10.1.11-h7","PAN-OS 10.1.11-h6","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h9","PAN-OS 10.1.10-h8","PAN-OS 10.1.10-h7","PAN-OS 10.1.10-h6","PAN-OS 10.1.10-h5","PAN-OS 10.1.10-h4","PAN-OS 10.1.10-h3","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h14","PAN-OS 10.1.9-h13","PAN-OS 10.1.9-h12","PAN-OS 10.1.9-h11","PAN-OS 10.1.9-h10","PAN-OS 10.1.9-h9","PAN-OS 10.1.9-h8","PAN-OS 10.1.9-h7","PAN-OS 10.1.9-h6","PAN-OS 10.1.9-h5","PAN-OS 10.1.9-h4","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h8","PAN-OS 10.1.8-h7","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7-h1","PAN-OS 10.1.7","PAN-OS 10.1.6-h9","PAN-OS 10.1.6-h8","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h4","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h6","PAN-OS 10.1.4-h5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h4","PAN-OS 10.1.3-h3","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2024-5911","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2024-07-10T00:00:00","dateReserved":"2024-07-10T00:00:00","dateUpdated":"2024-07-10T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: File Upload Vulnerability in the Panorama Web Interface","datePublic":"2024-07-10T16:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-07-10T18:40:02.209Z"},"descriptions":[{"lang":"en","value":"An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which requires manual intervention to bring the Panorama back online.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which requires manual intervention to bring the Panorama back online.</pre>"}]}],"x_affectedList":["PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"11.1 All","status":"unaffected"},{"version":"11.0 All","status":"unaffected"},{"version":"11.2 All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.2","status":"affected","lessThan":"10.2.4","versionType":"custom","changes":[{"at":"10.2.4","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.9","versionType":"custom","changes":[{"at":"10.1.9","status":"unaffected"}]}],"platforms":["Panorama"]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2024-5911"}],"credits":[{"lang":"en","value":"This issue was found by Yasukazu Miyashita of Palo Alto Networks during an internal security review."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","baseSeverity":"HIGH","baseScore":7,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-434 Unrestricted Upload of File with Dangerous Type","cweId":"CWE-434"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-182835"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 10.1.9, PAN-OS 10.2.4, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 10.1.9, PAN-OS 10.2.4, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2024-07-10T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2024-3400","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2024-04-12T00:00:00","dateReserved":"2024-04-12T00:00:00","dateUpdated":"2024-05-03T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect","datePublic":"2024-04-12T06:55:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-04-19T22:27:27.179Z"},"descriptions":[{"lang":"en","value":"A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.\n\nCloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.\n\nCustomers should continue to monitor this security advisory for the latest updates and product guidance.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.\n\nCloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.\n\nCustomers should continue to monitor this security advisory for the latest updates and product guidance.</pre>"}]}],"x_affectedList":["PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 11.1","PAN-OS 11.0.4","PAN-OS 11.0.3-h9","PAN-OS 11.0.3-h8","PAN-OS 11.0.3-h7","PAN-OS 11.0.3-h6","PAN-OS 11.0.3-h5","PAN-OS 11.0.3-h4","PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.9","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.2"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.0 All","status":"unaffected"},{"version":"9.1 All","status":"unaffected"},{"version":"10.0 All","status":"unaffected"},{"version":"10.1 All","status":"unaffected"},{"version":"10.2","status":"affected","lessThan":"10.2.0-h3","versionType":"custom","changes":[{"at":"10.2.0-h3","status":"unaffected"},{"at":"10.2.1-h2","status":"unaffected"},{"at":"10.2.2-h5","status":"unaffected"},{"at":"10.2.3-h13","status":"unaffected"},{"at":"10.2.4-h16","status":"unaffected"},{"at":"10.2.5-h6","status":"unaffected"},{"at":"10.2.6-h3","status":"unaffected"},{"at":"10.2.7-h8","status":"unaffected"},{"at":"10.2.8-h3","status":"unaffected"},{"at":"10.2.9-h1","status":"unaffected"}]},{"version":"11.0","status":"affected","lessThan":"11.0.0-h3","versionType":"custom","changes":[{"at":"11.0.0-h3","status":"unaffected"},{"at":"11.0.1-h4","status":"unaffected"},{"at":"11.0.2-h4","status":"unaffected"},{"at":"11.0.3-h10","status":"unaffected"},{"at":"11.0.4-h1","status":"unaffected"}]},{"version":"11.1","status":"affected","lessThan":"11.1.0-h3","versionType":"custom","changes":[{"at":"11.1.0-h3","status":"unaffected"},{"at":"11.1.1-h1","status":"unaffected"},{"at":"11.1.2-h3","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2024-3400"},{"tags":["x_refsource_CONFIRM"],"url":"https://unit42.paloaltonetworks.com/cve-2024-3400/"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Volexity for detecting and identifying this issue, Capability Development Group at Bishop Fox for helping us improve threat prevention signatures, Nick Wilson, and Louis Lingg for sharing their research into post-exploitation persistence techniques."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"HIGH","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"RED","baseSeverity":"CRITICAL","baseScore":10,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/V:C/RE:M/U:Red"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')","cweId":"CWE-77"}]},{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-252214"],"discovery":"USER"},"configurations":[{"lang":"en","value":"This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both). Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.\n\nYou can verify whether you have a GlobalProtect gateway or GlobalProtect portal configured by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways or Network > GlobalProtect > Portals).","supportingMedia":{"value":"This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both). Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.\n\nYou can verify whether you have a GlobalProtect gateway or GlobalProtect portal configured by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways or Network > GlobalProtect > Portals).","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Recommended Mitigation: Customers with a Threat Prevention subscription can block attacks for this vulnerability using Threat IDs 95187, 95189, and 95191 (available in Applications and Threats content version 8836-8695 and later). Please monitor this advisory and new Threat Prevention content updates for additional Threat Prevention IDs around CVE-2024-3400.\n\nTo apply the Threat IDs, customers must ensure that vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device. Please see https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184 for more information.\n\nIn earlier versions of this advisory, disabling device telemetry was listed as a secondary mitigation action. Disabling device telemetry is no longer an effective mitigation. Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.","supportingMedia":{"value":"Recommended Mitigation: Customers with a Threat Prevention subscription can block attacks for this vulnerability using Threat IDs 95187, 95189, and 95191 (available in Applications and Threats content version 8836-8695 and later). Please monitor this advisory and new Threat Prevention content updates for additional Threat Prevention IDs around CVE-2024-3400.\n\nTo apply the Threat IDs, customers must ensure that vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device. Please see https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184 for more information.\n\nIn earlier versions of this advisory, disabling device telemetry was listed as a secondary mitigation action. Disabling device telemetry is no longer an effective mitigation. Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is aware of an increasing number of attacks that leverage the exploitation of this vulnerability. Proof of concepts for this vulnerability have been publicly disclosed by third parties.\n\nWe are also aware of proof-of-concept by third parties of post-exploit persistence techniques that survive resets and upgrades. We are not aware at this time of any malicious attempts to use these persistence techniques in active exploitation of the vulnerability. These fixes listed below and Threat Prevention signatures completely prevent the initial remote command execution, stopping subsequent post-exploitation or persistence.\n\nMore information about the vulnerability's exploitation in the wild can be found in the Unit 42 threat brief (https://unit42.paloaltonetworks.com/cve-2024-3400/) and the Palo Alto Networks PSIRT blog post (https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/).","supportingMedia":{"value":"Palo Alto Networks is aware of an increasing number of attacks that leverage the exploitation of this vulnerability. Proof of concepts for this vulnerability have been publicly disclosed by third parties.\n\nWe are also aware of proof-of-concept by third parties of post-exploit persistence techniques that survive resets and upgrades. We are not aware at this time of any malicious attempts to use these persistence techniques in active exploitation of the vulnerability. These fixes listed below and Threat Prevention signatures completely prevent the initial remote command execution, stopping subsequent post-exploitation or persistence.\n\nMore information about the vulnerability's exploitation in the wild can be found in the Unit 42 threat brief (https://unit42.paloaltonetworks.com/cve-2024-3400/) and the Palo Alto Networks PSIRT blog post (https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/).","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"We strongly advise customers to immediately upgrade to a fixed version of PAN-OS to protect their devices even when workarounds and mitigations have been applied.\n\nThis issue is fixed in PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and in all later PAN-OS versions. These fixes and those listed below completely prevent the initial remote command execution, stopping subsequent post-exploitation or persistence.\n\nIn addition, to provide the most seamless upgrade path for customers, additional hotfixes have been made available as a courtesy for other commonly deployed maintenance releases.\n\n  PAN-OS 10.2:\n  - 10.2.9-h1 (Released 4/14/24)\n  - 10.2.8-h3 (Released 4/15/24)\n  - 10.2.7-h8 (Released 4/15/24)\n  - 10.2.6-h3 (Released 4/16/24)\n  - 10.2.5-h6 (Released 4/16/24)\n  - 10.2.4-h16 (Released 4/18/24)\n  - 10.2.3-h13 (Released 4/18/24)\n  - 10.2.2-h5 (Released 4/18/24)\n  - 10.2.1-h2 (Released 4/18/24)\n  - 10.2.0-h3 (Released 4/18/24)\n  \n  PAN-OS 11.0:\n  - 11.0.4-h1 (Released 4/14/24)\n  - 11.0.4-h2 (Released 4/17/24)\n  - 11.0.3-h10 (Released 4/16/24)\n  - 11.0.2-h4 (Released 4/16/24)\n  - 11.0.1-h4 (Released 4/18/24)\n  - 11.0.0-h3 (Released 4/18/24)\n  \n  PAN-OS 11.1:\n  - 11.1.2-h3 (Released 4/14/24)\n  - 11.1.1-h1 (Released 4/16/24)\n  - 11.1.0-h3 (Released 4/16/24)\n\nNote: Due to naming convention limitations, “-h” hotfix versions on Azure marketplace are instead named via addition of an extra “0”. Ex: 11.1.2-h3 is published on Azure as 11.1.203.\n\nIf any exploitation was observed on a device, please take the remediation steps suggested here: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CrO6CAK\n\nAn enhanced factory reset (EFR) procedure that does not rely on the integrity of a potentially compromised device can be scheduled by opening a case through Customer Support (TAC). This is recommended for:\n1. Customers who have not applied the PAN-OS fixes or Threat Prevention signatures with vulnerability protection applied to the GlobalProtect interface (regardless of level of compromise) on or before April 25, 2024; or\n2. Customers who are concerned about a persistent risk.\n","supportingMedia":{"value":"We strongly advise customers to immediately upgrade to a fixed version of PAN-OS to protect their devices even when workarounds and mitigations have been applied.\n\nThis issue is fixed in PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and in all later PAN-OS versions. These fixes and those listed below completely prevent the initial remote command execution, stopping subsequent post-exploitation or persistence.\n\nIn addition, to provide the most seamless upgrade path for customers, additional hotfixes have been made available as a courtesy for other commonly deployed maintenance releases.\n\n  PAN-OS 10.2:\n  - 10.2.9-h1 (Released 4/14/24)\n  - 10.2.8-h3 (Released 4/15/24)\n  - 10.2.7-h8 (Released 4/15/24)\n  - 10.2.6-h3 (Released 4/16/24)\n  - 10.2.5-h6 (Released 4/16/24)\n  - 10.2.4-h16 (Released 4/18/24)\n  - 10.2.3-h13 (Released 4/18/24)\n  - 10.2.2-h5 (Released 4/18/24)\n  - 10.2.1-h2 (Released 4/18/24)\n  - 10.2.0-h3 (Released 4/18/24)\n  \n  PAN-OS 11.0:\n  - 11.0.4-h1 (Released 4/14/24)\n  - 11.0.4-h2 (Released 4/17/24)\n  - 11.0.3-h10 (Released 4/16/24)\n  - 11.0.2-h4 (Released 4/16/24)\n  - 11.0.1-h4 (Released 4/18/24)\n  - 11.0.0-h3 (Released 4/18/24)\n  \n  PAN-OS 11.1:\n  - 11.1.2-h3 (Released 4/14/24)\n  - 11.1.1-h1 (Released 4/16/24)\n  - 11.1.0-h3 (Released 4/16/24)\n\nNote: Due to naming convention limitations, “-h” hotfix versions on Azure marketplace are instead named via addition of an extra “0”. Ex: 11.1.2-h3 is published on Azure as 11.1.203.\n\nIf any exploitation was observed on a device, please take the remediation steps suggested here: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CrO6CAK\n\nAn enhanced factory reset (EFR) procedure that does not rely on the integrity of a potentially compromised device can be scheduled by opening a case through Customer Support (TAC). This is recommended for:\n1. Customers who have not applied the PAN-OS fixes or Threat Prevention signatures with vulnerability protection applied to the GlobalProtect interface (regardless of level of compromise) on or before April 25, 2024; or\n2. Customers who are concerned about a persistent risk.\n","type":"text/html","base64":false}}],"timeline":[{"time":"2024-05-03T04:50:00.000Z","lang":"eng","value":"Enhanced Factory Reset (EFR) Procedure is Available Against any Potential Post-Exploit Persistence Techniques."},{"time":"2024-05-01T23:45:00.000Z","lang":"eng","value":"Answered a FAQ about how to verify the fix or threat prevention signature was applied correctly"},{"time":"2024-04-29T17:58:00.000Z","lang":"eng","value":"Updated exploitation status about proof-of-concept by third parties of post-exploit persistence techniques"},{"time":"2024-04-25T01:48:00.000Z","lang":"eng","value":"Added link to KB article for remediating a device"},{"time":"2024-04-20T18:23:00.000Z","lang":"eng","value":"Answered a FAQ about Tech Support File collection and forensic evidence"},{"time":"2024-04-19T22:25:00.000Z","lang":"eng","value":"Added reference to PSIRT blog post about CVE-2024-3400"},{"time":"2024-04-19T01:15:00.000Z","lang":"eng","value":"Clarified vulnerability title and description"},{"time":"2024-04-17T22:00:00.000Z","lang":"eng","value":"Clarified FAQ regarding evidence of attempted exploit activity"},{"time":"2024-04-17T05:10:00.000Z","lang":"eng","value":"Added new Threat Prevention Threat ID to Workarounds and Mitigations"},{"time":"2024-04-17T02:00:00.000Z","lang":"eng","value":"Added a CLI command to search for possible attempts of exploit activity"},{"time":"2024-04-16T20:45:00.000Z","lang":"eng","value":"Updated product and mitigation guidance, exploit status, and PAN-OS fix availability"},{"time":"2024-04-15T02:30:00.000Z","lang":"eng","value":"All necessary PAN-OS fixes are now available, clarified Workarounds and Mitigations when using Panorama templates"},{"time":"2024-04-14T02:50:00.000Z","lang":"eng","value":"Clarified impact on GlobalProtect portal configurations"},{"time":"2024-04-13T05:50:00.000Z","lang":"eng","value":"Added link to Unit42 threat brief and clarified impact to customer-managed VMs in the cloud"},{"time":"2024-04-12T06:55:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2024-3382","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2024-04-10T00:00:00","dateReserved":"2024-04-10T00:00:00","dateUpdated":"2024-04-10T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets","datePublic":"2024-04-10T16:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-04-10T17:05:47.325Z"},"descriptions":[{"lang":"en","value":"A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.</pre>"}]}],"x_affectedList":["PAN-OS 11.1.0","PAN-OS 11.1","PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6","PAN-OS 10.2.5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1","PAN-OS 10.2.0","PAN-OS 10.2"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.0 All","status":"unaffected"},{"version":"9.1 All","status":"unaffected"},{"version":"10.1 All","status":"unaffected"},{"version":"10.2","status":"affected","lessThan":"10.2.7-h3","versionType":"custom","changes":[{"at":"10.2.7-h3","status":"unaffected"}]},{"version":"11.0","status":"affected","lessThan":"11.0.4","versionType":"custom","changes":[{"at":"11.0.4","status":"unaffected"}]},{"version":"11.1","status":"affected","lessThan":"11.1.2","versionType":"custom","changes":[{"at":"11.1.2","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2024-3382"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Celedonio Albarran of Equity Residential and their Infrastructure and Security teams for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER","baseSeverity":"HIGH","baseScore":8.2,"vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Amber"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-770 Allocation of Resources Without Limits or Throttling","cweId":"CWE-770"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-234921"],"discovery":"USER"},"configurations":[{"lang":"en","value":"This issue applies only to PA-5400 Series devices that are running PAN-OS firewall configurations with the SSL Forward Proxy feature enabled. You can verify whether you have the SSL Forward Proxy feature enabled by checking for decryption policy rules in your firewall web interface (Policies > Decryption).","supportingMedia":{"value":"This issue applies only to PA-5400 Series devices that are running PAN-OS firewall configurations with the SSL Forward Proxy feature enabled. You can verify whether you have the SSL Forward Proxy feature enabled by checking for decryption policy rules in your firewall web interface (Policies > Decryption).","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"You can mitigate this issue by disabling decryption on your firewalls. To temporarily disable SSL Decryption, refer to the administrator’s guide for your PAN-OS software (such as PAN-OS 11.1: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/decryption/temporarily-disable-ssl-decryption). Additionally, to ensure that decryption remains disabled after a reboot, configure a policy-based decryption exclusion that excludes all traffic from being decrypted (https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/decryption/decryption-exclusions/create-a-policy-based-decryption-exclusion).","supportingMedia":{"value":"You can mitigate this issue by disabling decryption on your firewalls. To temporarily disable SSL Decryption, refer to the administrator’s guide for your PAN-OS software (such as PAN-OS 11.1: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/decryption/temporarily-disable-ssl-decryption). Additionally, to ensure that decryption remains disabled after a reboot, configure a policy-based decryption exclusion that excludes all traffic from being decrypted (https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/decryption/decryption-exclusions/create-a-policy-based-decryption-exclusion).","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 10.2.7-h3, PAN-OS 11.0.4, PAN-OS 11.1.2, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 10.2.7-h3, PAN-OS 11.0.4, PAN-OS 11.1.2, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2024-04-10T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2024-3383","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2024-04-10T00:00:00","dateReserved":"2024-04-10T00:00:00","dateUpdated":"2024-04-10T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE)","datePublic":"2024-04-10T16:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-04-10T17:06:15.823Z"},"descriptions":[{"lang":"en","value":"A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.</pre>"}]}],"x_affectedList":["PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"11.1 All","status":"unaffected"},{"version":"9.1 All","status":"unaffected"},{"version":"9.0 All","status":"unaffected"},{"version":"11.0","status":"affected","lessThan":"11.0.3","versionType":"custom","changes":[{"at":"11.0.3","status":"unaffected"}]},{"version":"10.2","status":"affected","lessThan":"10.2.5","versionType":"custom","changes":[{"at":"10.2.5","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.11","versionType":"custom","changes":[{"at":"10.1.11","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2024-3383"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Rodgers Moore, CCIE# 8153 of Insight.com, for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER","baseSeverity":"HIGH","baseScore":8.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Amber"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-282: Improper Ownership Management","cweId":"CWE-282"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-211764","PAN-218522"],"discovery":"USER"},"configurations":[{"lang":"en","value":"This issue applies only to PAN-OS firewall configurations with Cloud Identity Engine (CIE) enabled. You should verify whether CIE is configured on your firewall web interface (Device > User Identification > Cloud Identity Engine).","supportingMedia":{"value":"This issue applies only to PAN-OS firewall configurations with Cloud Identity Engine (CIE) enabled. You should verify whether CIE is configured on your firewall web interface (Device > User Identification > Cloud Identity Engine).","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.3, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.3, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2024-04-10T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2024-3387","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2024-04-10T00:00:00","dateReserved":"2024-04-10T00:00:00","dateUpdated":"2024-04-10T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure","datePublic":"2024-04-10T16:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-04-10T17:06:36.676Z"},"descriptions":[{"lang":"en","value":"A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.</pre>"}]}],"x_affectedList":["PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6","PAN-OS 10.2.5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.0 All","status":"unaffected"},{"version":"9.1 All","status":"unaffected"},{"version":"11.1 All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.1","status":"affected","lessThan":"10.1.12","versionType":"custom","changes":[{"at":"10.1.12","status":"unaffected"}]},{"version":"10.2","status":"affected","lessThan":"10.2.7-h3","versionType":"custom","changes":[{"at":"10.2.7-h3","status":"unaffected"},{"at":"10.2.8","status":"unaffected"}]},{"version":"11.0","status":"affected","lessThan":"11.0.4","versionType":"custom","changes":[{"at":"11.0.4","status":"unaffected"}]}],"platforms":["Panorama"]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2024-3387"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks one of our customers for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","baseSeverity":"MEDIUM","baseScore":6,"vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:C/RE:M/U:Amber"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-326 Inadequate Encryption Strength","cweId":"CWE-326"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-200047"],"discovery":"USER"},"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed on Panorama in PAN-OS 10.1.12, PAN-OS 10.2.7-h3, PAN-OS 10.2.8, PAN-OS 11.0.4, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed on Panorama in PAN-OS 10.1.12, PAN-OS 10.2.7-h3, PAN-OS 10.2.8, PAN-OS 11.0.4, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2024-04-10T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"PAN-SA-2024-0004","assignerOrgId":"00000000-0000-4000-9000-000000000000","assignerShortName":"palo_alto","serial":1,"dateReserved":"2024-04-10T16:00:00.000Z","datePublished":"2024-04-10T16:00:00.000Z","state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000","shortName":"Not found","dateUpdated":"2024-11-20T08:00:00.000Z"},"title":"Informational Bulletin: OSS CVEs fixed in PAN-OS","datePublic":"2024-04-10T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","description":""}]}],"impacts":[{"descriptions":[{"lang":"en","value":""}]}],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"status":"affected","version":"","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. While it was not determined that these CVEs have any significant impact on PAN-OS, they have been fixed out of an abundance of caution.","supportingMedia":[{"type":"text/html","base64":true,"value":"<pre>The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. While it was not determined that these CVEs have any significant impact on PAN-OS, they have been fixed out of an abundance of caution.</pre>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/PAN-SA-2024-0004","tags":["x_refsource_CONFIRM"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"PHYSICAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","exploitMaturity":"NOT_DEFINED","baseSeverity":"NONE","baseScore":0,"threatSeverity":"NONE","threatScore":0,"vectorString":"CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of these issues in PAN-OS software.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of these issues in PAN-OS software."}]}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"x_affectedList":["PAN-OS"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2024-3385","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2024-04-10T00:00:00","dateReserved":"2024-04-10T00:00:00","dateUpdated":"2024-04-10T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled","datePublic":"2024-04-10T16:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-04-10T17:06:28.153Z"},"descriptions":[{"lang":"en","value":"A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.\n\nThis affects the following hardware firewall models:\n- PA-5400 Series firewalls\n- PA-7000 Series firewalls","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.\n\nThis affects the following hardware firewall models:\n- PA-5400 Series firewalls\n- PA-7000 Series firewalls</pre>"}]}],"x_affectedList":["PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6","PAN-OS 10.2.5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 9.1.16-h3","PAN-OS 9.1.16-h2","PAN-OS 9.1.16-h1","PAN-OS 9.1.16","PAN-OS 9.1.15-h1","PAN-OS 9.1.15","PAN-OS 9.1.14-h7","PAN-OS 9.1.14-h6","PAN-OS 9.1.14-h5","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h4","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h6","PAN-OS 9.1.12-h5","PAN-OS 9.1.12-h4","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h4","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h5","PAN-OS 9.0.16-h4","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"11.1 All","status":"unaffected"},{"version":"9.0","status":"affected","lessThan":"9.0.17-h4","versionType":"custom","changes":[{"at":"9.0.17-h4","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.17","versionType":"custom","changes":[{"at":"9.1.17","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.12","versionType":"custom","changes":[{"at":"10.1.12","status":"unaffected"}]},{"version":"10.2","status":"affected","lessThan":"10.2.8","versionType":"custom","changes":[{"at":"10.2.8","status":"unaffected"}]},{"version":"11.0","status":"affected","lessThan":"11.0.3","versionType":"custom","changes":[{"at":"11.0.3","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2024-3385"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks an external reporter for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER","baseSeverity":"HIGH","baseScore":8.2,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Amber"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]},{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-476: NULL Pointer Dereference","cweId":"CWE-476"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-221224"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This does not affect VM-Series firewalls, CN-Series firewalls, Cloud NGFWs, or Prisma Access.\n\nThis issue affects only PAN-OS configurations with GTP Security disabled; it does not affect PAN-OS configurations that have GTP Security enabled. You should verify whether GTP Security is disabled by checking your firewall web interface (Device > Setup > Management > General Settings) and take the appropriate actions as needed.","supportingMedia":{"value":"This does not affect VM-Series firewalls, CN-Series firewalls, Cloud NGFWs, or Prisma Access.\n\nThis issue affects only PAN-OS configurations with GTP Security disabled; it does not affect PAN-OS configurations that have GTP Security enabled. You should verify whether GTP Security is disabled by checking your firewall web interface (Device > Setup > Management > General Settings) and take the appropriate actions as needed.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 94993 (introduced in Applications and Threats content version 8832).","supportingMedia":{"value":"Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 94993 (introduced in Applications and Threats content version 8832).","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue. This was encountered by two customers in normal production usage.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue. This was encountered by two customers in normal production usage.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.12, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.12, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2024-04-10T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2024-3384","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2024-04-10T00:00:00","dateReserved":"2024-04-10T00:00:00","dateUpdated":"2024-04-10T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets","datePublic":"2024-04-10T16:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-04-10T17:06:21.704Z"},"descriptions":[{"lang":"en","value":"A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.</pre>"}]}],"x_affectedList":["PAN-OS 10.0.11-h3","PAN-OS 10.0.11-h2","PAN-OS 10.0.11-h1","PAN-OS 10.0.11","PAN-OS 10.0.10-h1","PAN-OS 10.0.10","PAN-OS 10.0.9","PAN-OS 10.0.8-h10","PAN-OS 10.0.8-h9","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.15","PAN-OS 9.1.14-h7","PAN-OS 9.1.14-h6","PAN-OS 9.1.14-h5","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h4","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h6","PAN-OS 9.1.12-h5","PAN-OS 9.1.12-h4","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h4","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h5","PAN-OS 9.0.16-h4","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.23-h1","PAN-OS 8.1.23","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.1 All","status":"unaffected"},{"version":"10.2 All","status":"unaffected"},{"version":"11.0 All","status":"unaffected"},{"version":"11.1 All","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.24","versionType":"custom","changes":[{"at":"8.1.24","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.17","versionType":"custom","changes":[{"at":"9.0.17","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.15-h1","versionType":"custom","changes":[{"at":"9.1.15-h1","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.12","versionType":"custom","changes":[{"at":"10.0.12","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2024-3384"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks rqu for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","baseSeverity":"HIGH","baseScore":8.2,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-1286 Improper Validation of Syntactic Correctness of Input","cweId":"CWE-1286"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-198992"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This issue affects only PAN-OS configurations with NTLM authentication enabled. You should verify whether NTLM authentication is enabled by checking your firewall web interface (Device > User Identification > User Mapping > Palo Alto Networks User-ID Agent Setup > NTLM).","supportingMedia":{"value":"This issue affects only PAN-OS configurations with NTLM authentication enabled. You should verify whether NTLM authentication is enabled by checking your firewall web interface (Device > User Identification > User Mapping > Palo Alto Networks User-ID Agent Setup > NTLM).","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15-h1, PAN-OS 10.0.12, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15-h1, PAN-OS 10.0.12, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2024-04-10T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2024-3388","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2024-04-10T00:00:00","dateReserved":"2024-04-10T00:00:00","dateUpdated":"2024-04-10T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: User Impersonation in GlobalProtect SSL VPN","datePublic":"2024-04-10T16:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-04-10T17:06:40.685Z"},"descriptions":[{"lang":"en","value":"A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.</pre>"}]}],"x_affectedList":["Prisma Access","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6","PAN-OS 10.2.5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 9.1.16-h3","PAN-OS 9.1.16-h2","PAN-OS 9.1.16-h1","PAN-OS 9.1.16","PAN-OS 9.1.15-h1","PAN-OS 9.1.15","PAN-OS 9.1.14-h7","PAN-OS 9.1.14-h6","PAN-OS 9.1.14-h5","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h4","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h6","PAN-OS 9.1.12-h5","PAN-OS 9.1.12-h4","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h4","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h5","PAN-OS 9.0.16-h4","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.24","PAN-OS 8.1.23-h1","PAN-OS 8.1.23","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"11.1 All","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.26","versionType":"custom","changes":[{"at":"8.1.26","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.17-h4","versionType":"custom","changes":[{"at":"9.0.17-h4","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.17","versionType":"custom","changes":[{"at":"9.1.17","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.11-h4","versionType":"custom","changes":[{"at":"10.1.11-h4","status":"unaffected"}]},{"version":"10.2","status":"affected","lessThan":"10.2.7-h3","versionType":"custom","changes":[{"at":"10.2.7-h3","status":"unaffected"}]},{"version":"11.0","status":"affected","lessThan":"11.0.3","versionType":"custom","changes":[{"at":"11.0.3","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"unspecified","lessThan":"10.2.4","status":"affected","versionType":"custom"},{"version":"10.2.4","status":"unaffected","lessThan":"unspecified","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2024-3388"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Ta-Lun Yen of TXOne Networks for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER","baseSeverity":"MEDIUM","baseScore":5.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Amber"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-269 Improper Privilege Management","cweId":"CWE-269"}]},{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-863 Incorrect Authorization","cweId":"CWE-863"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-224964"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This issue applies only to PAN-OS firewall configurations with an enabled GlobalProtect gateway and where you are permitting use of the SSL VPN either as a fallback or as the only available tunnel mode. You should verify whether you have a configured GlobalProtect gateway by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways). You can also verify:\n- Whether SSL VPN fallback is permitted (check to see if the \"Disable Automatic Restoration of SSL VPN\" option is disabled in the GlobalProtect Gateway Configuration dialog by selecting Agent > Connection Settings) or;\n- Whether SSL VPN is the only available tunnel mode (check to see if \"Enable IPSec\" is disabled (unchecked) in the GlobalProtect Gateway Configuration dialog by selecting Agent > Tunnel Settings).\nBy default, both PAN-OS firewalls and Prisma Access use the SSL VPN only when the endpoint fails to successfully establish an IPSec tunnel.","supportingMedia":{"value":"This issue applies only to PAN-OS firewall configurations with an enabled GlobalProtect gateway and where you are permitting use of the SSL VPN either as a fallback or as the only available tunnel mode. You should verify whether you have a configured GlobalProtect gateway by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways). You can also verify:\n- Whether SSL VPN fallback is permitted (check to see if the \"Disable Automatic Restoration of SSL VPN\" option is disabled in the GlobalProtect Gateway Configuration dialog by selecting Agent > Connection Settings) or;\n- Whether SSL VPN is the only available tunnel mode (check to see if \"Enable IPSec\" is disabled (unchecked) in the GlobalProtect Gateway Configuration dialog by selecting Agent > Tunnel Settings).\nBy default, both PAN-OS firewalls and Prisma Access use the SSL VPN only when the endpoint fails to successfully establish an IPSec tunnel.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"You can enable the \"Disable Automatic Restoration of SSL VPN\" (Network > GlobalProtect Gateways > <gateway-config> > GlobalProtect Gateway Configuration > Agent > Connection Settings) on PAN-OS firewalls with the GlobalProtect feature enabled to mitigate this vulnerability.","supportingMedia":{"value":"You can enable the \"Disable Automatic Restoration of SSL VPN\" (Network > GlobalProtect Gateways > <gateway-config> > GlobalProtect Gateway Configuration > Agent > Connection Settings) on PAN-OS firewalls with the GlobalProtect feature enabled to mitigate this vulnerability.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.26, PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11-h4, PAN-OS 10.2.7-h3, PAN-OS 11.0.3, and all later PAN-OS versions. This issue is fixed in Prisma Access 10.2.4 and later.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.26, PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11-h4, PAN-OS 10.2.7-h3, PAN-OS 11.0.3, and all later PAN-OS versions. This issue is fixed in Prisma Access 10.2.4 and later.","type":"text/html","base64":false}}],"timeline":[{"time":"2024-04-10T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2024-3386","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2024-04-10T00:00:00","dateReserved":"2024-04-10T00:00:00","dateUpdated":"2024-04-10T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended","datePublic":"2024-04-10T16:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-04-10T17:06:32.694Z"},"descriptions":[{"lang":"en","value":"An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.</pre>"}]}],"x_affectedList":["PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.12-h3","PAN-OS 10.0.11-h3","PAN-OS 10.0.11-h2","PAN-OS 10.0.11-h1","PAN-OS 10.0.11","PAN-OS 10.0.10-h1","PAN-OS 10.0.10","PAN-OS 10.0.9","PAN-OS 10.0.8-h10","PAN-OS 10.0.8-h9","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.16-h3","PAN-OS 9.1.16-h2","PAN-OS 9.1.16-h1","PAN-OS 9.1.16","PAN-OS 9.1.15-h1","PAN-OS 9.1.15","PAN-OS 9.1.14-h7","PAN-OS 9.1.14-h6","PAN-OS 9.1.14-h5","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h4","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h6","PAN-OS 9.1.12-h5","PAN-OS 9.1.12-h4","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h4","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h5","PAN-OS 9.0.16-h4","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"11.1 All","status":"unaffected"},{"version":"9.0","status":"affected","lessThan":"9.0.17-h2","versionType":"custom","changes":[{"at":"9.0.17-h2","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.17","versionType":"custom","changes":[{"at":"9.1.17","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.13","versionType":"custom","changes":[{"at":"10.0.13","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.9-h3","versionType":"custom","changes":[{"at":"10.1.9-h3","status":"unaffected"},{"at":"10.1.10","status":"unaffected"}]},{"version":"10.2","status":"affected","lessThan":"10.2.4-h2","versionType":"custom","changes":[{"at":"10.2.4-h2","status":"unaffected"},{"at":"10.2.5","status":"unaffected"}]},{"version":"11.0","status":"affected","lessThan":"11.0.1-h2","versionType":"custom","changes":[{"at":"11.0.1-h2","status":"unaffected"},{"at":"11.0.2","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2024-3386"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Frederic De Vlieger for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER","baseSeverity":"MEDIUM","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:L/U:Amber"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-436 Interpretation Conflict","cweId":"CWE-436"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-208155"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"You must configure Predefined Decryption Exclusions on your PAN-OS firewalls. You should check to see whether you have any configured exclusions in your firewall web interface (Device > Certificate Management > SSL Decryption Exclusions).","supportingMedia":{"value":"You must configure Predefined Decryption Exclusions on your PAN-OS firewalls. You should check to see whether you have any configured exclusions in your firewall web interface (Device > Certificate Management > SSL Decryption Exclusions).","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in 9.0.17-h2, 9.0.18, 9.1.17, 10.0.13, 10.1.9-h3, 10.1.10, 10.2.4-h2, 10.2.5, 11.0.1-h2, 11.0.2, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in 9.0.17-h2, 9.0.18, 9.1.17, 10.0.13, 10.1.9-h3, 10.1.10, 10.2.4-h2, 10.2.5, 11.0.1-h2, 11.0.2, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2024-04-10T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2024-2433","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2024-03-13T00:00:00","dateReserved":"2024-03-13T00:00:00","dateUpdated":"2024-03-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Improper Privilege Management Vulnerability in Panorama Software Leads to Availability Loss","datePublic":"2024-03-13T16:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-03-13T17:51:45.578Z"},"descriptions":[{"lang":"en","value":"An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. \n\nThis issue affects only the web interface of the management plane; the dataplane is unaffected.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. \n\nThis issue affects only the web interface of the management plane; the dataplane is unaffected.</pre>"}]}],"x_affectedList":["PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6","PAN-OS 10.2.5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1.11-h5","PAN-OS 10.1.11-h4","PAN-OS 10.1.11-h3","PAN-OS 10.1.11-h2","PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h6","PAN-OS 10.1.8-h5","PAN-OS 10.1.8-h4","PAN-OS 10.1.8-h3","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7","PAN-OS 10.1.6-h7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h3","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3-h2","PAN-OS 10.1.3-h1","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 9.1.16-h3","PAN-OS 9.1.16-h2","PAN-OS 9.1.16-h1","PAN-OS 9.1.16","PAN-OS 9.1.15-h1","PAN-OS 9.1.15","PAN-OS 9.1.14-h7","PAN-OS 9.1.14-h6","PAN-OS 9.1.14-h5","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h4","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h6","PAN-OS 9.1.12-h5","PAN-OS 9.1.12-h4","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h4","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h5","PAN-OS 9.0.16-h4","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.0","status":"affected","lessThan":"9.0.17-h4","versionType":"custom","changes":[{"at":"9.0.17-h4","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.17","versionType":"custom","changes":[{"at":"9.1.17","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.12","versionType":"custom","changes":[{"at":"10.1.12","status":"unaffected"}]},{"version":"10.2","status":"affected","lessThan":"10.2.8","versionType":"custom","changes":[{"at":"10.2.8","status":"unaffected"}]},{"version":"11.0","status":"affected","lessThan":"11.0.3","versionType":"custom","changes":[{"at":"11.0.3","status":"unaffected"}]}],"platforms":["Panorama"]},{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"11.1 All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2024-2433"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Omar Eissa (https://de.linkedin.com/in/oeissa) for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER","baseSeverity":"MEDIUM","baseScore":5.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Amber"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-269 Improper Privilege Management","cweId":"CWE-269"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-181876","PAN-218663"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the effect of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.\n\nPlease see https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLSJCA4 for information about how to clear the affected disk partition from the CLI.","supportingMedia":{"value":"This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the effect of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.\n\nPlease see https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLSJCA4 for information about how to clear the affected disk partition from the CLI.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in Panorama on PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.12, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in Panorama on PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.12, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2024-03-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2024-0009","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2024-02-14T00:00:00","dateReserved":"2024-02-14T00:00:00","dateUpdated":"2024-02-14T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Improper IP Address Verification in GlobalProtect Gateway","datePublic":"2024-02-14T17:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-02-14T17:32:23.171Z"},"descriptions":[{"lang":"en","value":"An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.</pre>"}]}],"x_affectedList":["PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1","PAN-OS 10.2.0","PAN-OS 10.2"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.0 All","status":"unaffected"},{"version":"9.1 All","status":"unaffected"},{"version":"10.1 All","status":"unaffected"},{"version":"11.1 All","status":"unaffected"},{"version":"10.2","status":"affected","lessThan":"10.2.4","versionType":"custom","changes":[{"at":"10.2.4","status":"unaffected"}]},{"version":"11.0","status":"affected","lessThan":"11.0.1","versionType":"custom","changes":[{"at":"11.0.1","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2024-0009"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Matthew Fong for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","subIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"LOW","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN","baseSeverity":"MEDIUM","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/AU:N/R:A/V:D/RE:L/U:Green"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-940 Improper Verification of Source of a Communication Channel","cweId":"CWE-940"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-209787"],"discovery":"USER"},"configurations":[{"lang":"en","value":"This issue is applicable only to PAN-OS firewall configurations with a GlobalProtect gateway enabled. You can verify whether you have a GlobalProtect gateway configured by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways).","supportingMedia":{"value":"This issue is applicable only to PAN-OS firewall configurations with a GlobalProtect gateway enabled. You can verify whether you have a GlobalProtect gateway configured by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways).","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2024-02-14T17:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2024-0010","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2024-02-14T00:00:00","dateReserved":"2024-02-14T00:00:00","dateUpdated":"2024-02-14T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal","datePublic":"2024-02-14T17:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-02-14T17:32:28.818Z"},"descriptions":[{"lang":"en","value":"A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.</pre>"}]}],"x_affectedList":["PAN-OS 10.1.11-h1","PAN-OS 10.1.11","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 9.1.16-h3","PAN-OS 9.1.16-h2","PAN-OS 9.1.16-h1","PAN-OS 9.1.16","PAN-OS 9.1.15-h1","PAN-OS 9.1.15","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.17-h3","PAN-OS 9.0.17-h2","PAN-OS 9.0.17-h1","PAN-OS 9.0.17","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.2 All","status":"unaffected"},{"version":"11.0 All","status":"unaffected"},{"version":"11.1 All","status":"unaffected"},{"version":"9.0","status":"affected","lessThan":"9.0.17-h4","versionType":"custom","changes":[{"at":"9.0.17-h4","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.17","versionType":"custom","changes":[{"at":"9.1.17","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.11-h1","versionType":"custom","changes":[{"at":"10.1.11-h1","status":"unaffected"},{"at":"10.1.12","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2024-0010"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Michał Majchrowicz and Livio Victoriano from Afine Team for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN","baseSeverity":"MEDIUM","baseScore":5.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-216858"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This issue is applicable only to PAN-OS firewall configurations with a GlobalProtect portal enabled. You can verify whether you have a GlobalProtect portal configured by checking for entries in your firewall web interface (Network > GlobalProtect > Portals).","supportingMedia":{"value":"This issue is applicable only to PAN-OS firewall configurations with a GlobalProtect portal enabled. You can verify whether you have a GlobalProtect portal configured by checking for entries in your firewall web interface (Network > GlobalProtect > Portals).","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 94972 (Applications and Threats content update 8810).","supportingMedia":{"value":"Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 94972 (Applications and Threats content update 8810).","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11-h1, PAN-OS 10.1.12, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11-h1, PAN-OS 10.1.12, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2024-02-14T17:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2024-0008","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2024-02-14T00:00:00","dateReserved":"2024-02-14T00:00:00","dateUpdated":"2024-02-14T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface","datePublic":"2024-02-14T17:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-02-14T17:32:17.611Z"},"descriptions":[{"lang":"en","value":"Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.</pre>"}]}],"x_affectedList":["PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1.10","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.12","PAN-OS 10.0.11-h1","PAN-OS 10.0.11","PAN-OS 10.0.10","PAN-OS 10.0.9","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.16-h3","PAN-OS 9.1.16-h2","PAN-OS 9.1.16-h1","PAN-OS 9.1.16","PAN-OS 9.1.15-h1","PAN-OS 9.1.15","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.17-h1","PAN-OS 9.0.17","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"11.1 All","status":"unaffected"},{"version":"9.0","status":"affected","lessThan":"9.0.17-h2","versionType":"custom","changes":[{"at":"9.0.17-h2","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.17","versionType":"custom","changes":[{"at":"9.1.17","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.12-h1","versionType":"custom","changes":[{"at":"10.0.12-h1","status":"unaffected"},{"at":"10.0.13","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.10-h1","versionType":"custom","changes":[{"at":"10.1.10-h1","status":"unaffected"},{"at":"10.1.11","status":"unaffected"}]},{"version":"10.2","status":"affected","lessThan":"10.2.5","versionType":"custom","changes":[{"at":"10.2.5","status":"unaffected"}]},{"version":"11.0","status":"affected","lessThan":"11.0.2","versionType":"custom","changes":[{"at":"11.0.2","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2024-0008"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Brian Yaklin for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN","baseSeverity":"MEDIUM","baseScore":5.4,"vectorString":"CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:L/U:Green"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-613 Insufficient Session Expiration","cweId":"CWE-613"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-211664"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"Ensure that inactivity-based screen locks are enforced on endpoints with access to the PAN-OS web interface.","supportingMedia":{"value":"Ensure that inactivity-based screen locks are enforced on endpoints with access to the PAN-OS web interface.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 9.0.17-h2, PAN-OS 9.1.17, PAN-OS 10.0.12-h1, PAN-OS 10.1.10-h1, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 9.0.17-h2, PAN-OS 9.1.17, PAN-OS 10.0.12-h1, PAN-OS 10.1.10-h1, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2024-02-14T17:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2024-0007","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2024-02-14T00:00:00","dateReserved":"2024-02-14T00:00:00","dateUpdated":"2024-02-14T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface","datePublic":"2024-02-14T17:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-02-14T17:32:08.971Z"},"descriptions":[{"lang":"en","value":"A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator.</pre>"}]}],"x_affectedList":["PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.10","PAN-OS 10.0.9","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.15-h1","PAN-OS 9.1.15","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.24-h1","PAN-OS 8.1.24","PAN-OS 8.1.23-h1","PAN-OS 8.1.23","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.2 All","status":"unaffected"},{"version":"11.0 All","status":"unaffected"},{"version":"11.1 All","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.24-h1","versionType":"custom","changes":[{"at":"8.1.24-h1","status":"unaffected"},{"at":"8.1.25","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.17","versionType":"custom","changes":[{"at":"9.0.17","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.16","versionType":"custom","changes":[{"at":"9.1.16","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.11","versionType":"custom","changes":[{"at":"10.0.11","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.6","versionType":"custom","changes":[{"at":"10.1.6","status":"unaffected"}]}],"platforms":["Panorama"]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2024-0007"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks an external reporter for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","subConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","subIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subAvailabilityImpact":"HIGH","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","baseSeverity":"MEDIUM","baseScore":6.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-173112"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.\n\nCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 94996 (Applications and Threats content update 8810).","supportingMedia":{"value":"This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.\n\nCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 94996 (Applications and Threats content update 8810).","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed on Panorama in PAN-OS 8.1.24-h1, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.11, PAN-OS 10.1.6, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed on Panorama in PAN-OS 8.1.24-h1, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.11, PAN-OS 10.1.6, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2024-02-14T17:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2024-0011","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2024-02-24T00:00:00","dateReserved":"2024-02-24T00:00:00","dateUpdated":"2024-02-24T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication","datePublic":"2024-02-14T17:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-02-14T17:32:34.809Z"},"descriptions":[{"lang":"en","value":"A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user’s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user’s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.</pre>"}]}],"x_affectedList":["PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.10","PAN-OS 10.0.9","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.23-h1","PAN-OS 8.1.23","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.2 All","status":"unaffected"},{"version":"11.0 All","status":"unaffected"},{"version":"11.1 All","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.24","versionType":"custom","changes":[{"at":"8.1.24","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.17","versionType":"custom","changes":[{"at":"9.0.17","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.13","versionType":"custom","changes":[{"at":"9.1.13","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.11","versionType":"custom","changes":[{"at":"10.0.11","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.3","versionType":"custom","changes":[{"at":"10.1.3","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2024-0011"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Darek Jensen and an external reporter for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER","baseSeverity":"MEDIUM","baseScore":5.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Amber"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-175970"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This issue is applicable only to firewalls that are configured to use Captive Portal authentication. You can verify whether you have Captive Portal configured in the Captive Portal Settings page (Device > User Identification > Captive Portal Settings).","supportingMedia":{"value":"This issue is applicable only to firewalls that are configured to use Captive Portal authentication. You can verify whether you have Captive Portal configured in the Captive Portal Settings page (Device > User Identification > Captive Portal Settings).","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 93070 (Applications and Threats content update 8810).","supportingMedia":{"value":"Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 93070 (Applications and Threats content update 8810).","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.13, PAN-OS 10.0.11, PAN-OS 10.1.3, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.13, PAN-OS 10.0.11, PAN-OS 10.1.3, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2024-02-24T17:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2023-48795","assignerOrgId":"00000000-0000-4000-9000-000000000000","assignerShortName":"palo_alto","dateUpdated":"2024-10-14T00:00:00.000Z","serial":1,"dateReserved":"2024-01-09T08:00:00.000Z","datePublished":"2024-01-09T08:00:00.000Z","state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000","shortName":"mitre","dateUpdated":"2024-05-02T01:06:00.000Z"},"title":"Impact of Terrapin SSH Attack","datePublic":"2024-01-09T01:30:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-354","description":"CWE-354 Improper Validation of Integrity Check Value","type":"CWE"}]}],"impacts":[{"descriptions":[{"lang":"en","value":""}]}],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"status":"affected","version":"9.0.0","versionType":"custom"},{"status":"affected","version":"9.1.0","versionType":"custom"},{"status":"affected","version":"10.1.0","versionType":"custom"},{"status":"affected","version":"10.2.0","lessThan":"10.2.14","changes":[{"at":"10.2.14","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.0.0","versionType":"custom"},{"status":"affected","version":"11.1.0","lessThan":"11.1.8","changes":[{"at":"11.1.8","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"11.2.0","lessThan":"11.2.8","changes":[{"at":"11.2.8","status":"unaffected"}],"versionType":"custom"},{"status":"unaffected","version":"12.1.0","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"Prisma SD-WAN ION","versions":[{"status":"affected","version":"5.6","lessThan":"5.6.19","changes":[{"at":"5.6.19","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"6.1","lessThan":"6.1.8","changes":[{"at":"6.1.8","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"6.2","lessThan":"All","versionType":"custom"},{"status":"affected","version":"6.3","lessThan":"6.3.2","changes":[{"at":"6.3.2","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"9.1.0"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.0","versionEndExcluding":"11.1.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:palo_alto_networks:prisma_sd-wan_ion:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndExcluding":"5.6.19"},{"vulnerable":true,"criteria":"cpe:2.3:h:palo_alto_networks:prisma_sd-wan_ion:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"6.1.8"},{"vulnerable":true,"criteria":"cpe:2.3:h:palo_alto_networks:prisma_sd-wan_ion:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2"},{"vulnerable":true,"criteria":"cpe:2.3:h:palo_alto_networks:prisma_sd-wan_ion:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3.0","versionEndExcluding":"6.3.2"}]}]}],"descriptions":[{"lang":"en","value":"The Terrapin attack allows an attacker with the ability to intercept SSH traffic on affected Palo Alto Networks products (through machine-in-the-middle or MitM attacks) to downgrade connection security and force the usage of less secure client authentication algorithms when an administrator or user connects to the product.\n\nThis issue does not impact the SSH server component of PAN-OS software configured to exclusively use strong cipher algorithms or configured to operate in FIPS-CC mode, which removes support for the impacted algorithms.\n\nWhen using the PAN-OS SSH client to connect to an SSH server that supports the CHACHA20-POLY1305 algorithm or any Encrypt-then-MAC algorithms, the traffic is susceptible to this attack.\n\nThis issue affects Prisma SD-WAN ION devices.\n\nAdditional information and technical details about the attack can be found at https://terrapin-attack.com.","supportingMedia":[{"type":"text/html","base64":true,"value":"<p>The Terrapin attack allows an attacker with the ability to intercept SSH traffic on affected Palo Alto Networks products (through machine-in-the-middle or MitM attacks) to downgrade connection security and force the usage of less secure client authentication algorithms when an administrator or user connects to the product.<br><br>This issue does not impact the SSH server component of PAN-OS software configured to exclusively use strong cipher algorithms or configured to operate in FIPS-CC mode, which removes support for the impacted algorithms.<br><br>When using the PAN-OS SSH client to connect to an SSH server that supports the CHACHA20-POLY1305 algorithm or any Encrypt-then-MAC algorithms, the traffic is susceptible to this attack.<br><br>This issue affects Prisma SD-WAN ION devices.<br><br>Additional information and technical details about the attack can be found at <a target=\"_blank\" rel=\"nofollow\" href=\"https://terrapin-attack.com\">https://terrapin-attack.com</a>.</p>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2023-48795","tags":["x_refsource_CONFIRM"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER","exploitMaturity":"NOT_DEFINED","baseSeverity":"MEDIUM","baseScore":6,"threatSeverity":"MEDIUM","threatScore":6,"vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Amber"}}],"configurations":[{"lang":"en","value":"The SSH server in PAN-OS software configured with support for the CHACHA20-POLY1305 algorithm or any Encrypt-then-MAC algorithms (ciphers with -etm in the name) enables the Terrapin Attack and is impacted by this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"The SSH server in PAN-OS software configured with support for the CHACHA20-POLY1305 algorithm or any Encrypt-then-MAC algorithms (ciphers with -etm in the name) enables the Terrapin Attack and is impacted by this issue."}]}],"workarounds":[{"lang":"en","value":"For PAN-OS SSH server\n\nCustomers can workaround this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. Guidance on how to configure strong ciphers and algorithms can be found on the following pages:\n\n * Commands to fix weak ciphers and keys on the mgmt interface for SSH access in PAN-OS 10.0 (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004OOQCA2)\n   \n * Refresh SSH Keys and Configure Key Options for Management Interface Connection (https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-cli-quick-start/get-started-with-the-cli/refresh-ssh-keys-mgt-port-connection)\n   \n\nTo validate the affected ciphers and algorithms are no longer enabled, please see the guidance on checking ciphers enabled on PAN-OS (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kF2eCAE).\n\nThis issue is completely mitigated by following the recommended best practices for deploying PAN-OS (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices).\n\nFor PAN-OS SSH client\n\nIf using the SSH client provided with PAN-OS to connect from the firewall to an external SSH server, ensure that the SSH server does not support the CHACHA20-POLY1305 algorithm or any Encrypt-then-MAC algorithms.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p><b><u>For PAN-OS SSH server</u></b></p>Customers can workaround this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. Guidance on how to configure strong ciphers and algorithms can be found on the following pages:<br><ul><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004OOQCA2\">Commands to fix weak ciphers and keys on the mgmt interface for SSH access in PAN-OS 10.0</a><br></li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-cli-quick-start/get-started-with-the-cli/refresh-ssh-keys-mgt-port-connection\">Refresh SSH Keys and Configure Key Options for Management Interface Connection</a><br></li></ul><p>To validate the affected ciphers and algorithms are no longer enabled, please see the&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kF2eCAE\">guidance on checking ciphers enabled on PAN-OS</a>.<br><br> This issue is completely mitigated by following the recommended <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\">best practices for deploying PAN-OS</a>.</p><p><u><b>For PAN-OS SSH client</b></u></p>If using the SSH client provided with PAN-OS to connect from the firewall to an external SSH server, ensure that the SSH server does not support the CHACHA20-POLY1305 algorithm or any Encrypt-then-MAC algorithms."}]}],"solutions":[{"lang":"en","value":"For PAN-OS SSH server\n\n\n\nThe PAN-OS SSH server is fixed in PAN-OS 10.2.14, PAN-OS 11.1.8, PAN-OS 11.2.8, and all later PAN-OS versions. These versions implement support for the Strict Key Exchange (kex-strict) extension, which prevents the prefix truncation required for the Terrapin attack. Customers are still encouraged to follow best practices for configuring strong ciphers and algorithms.\n\n\n\nFor PAN-OS SSH client\n\nThe PAN-OS SSH client is fixed in PAN-OS 10.2.11, PAN-OS 11.0.6, PAN-OS 11.1.3, and all later PAN-OS versions.\n\n\nFor Prisma SD-WAN ION\n\nThis issue is fixed in Prisma SD-WAN ION 5.6.19, Prisma SD-WAN ION 6.1.8, Prisma SD-WAN ION 6.3.2, and all later Prisma SD-WAN ION versions. If you are using the Prisma SD-WAN ION 6.2 series, evaluate moving to another Prisma SD-WAN ION series number based on the Prisma SD-WAN ION Software Release Guidelines (https://live.paloaltonetworks.com/t5/customer-resources/prisma-sd-wan-ion-software-release-guidelines/ta-p/578685.).\n\n","supportingMedia":[{"type":"text/html","base64":false,"value":"<p></p><p></p><p><b><u>For PAN-OS SSH server</u></b></p><p></p>The PAN-OS SSH server is fixed in PAN-OS 10.2.14, PAN-OS 11.1.8, PAN-OS 11.2.8, and all later PAN-OS versions. These versions implement support for the Strict Key Exchange (kex-strict) extension, which prevents the prefix truncation required for the Terrapin attack. Customers are still encouraged to follow best practices for configuring strong ciphers and algorithms.<p></p><p><b><u>For PAN-OS SSH client</u></b></p><p>The PAN-OS SSH client is fixed in PAN-OS 10.2.11, PAN-OS 11.0.6, PAN-OS 11.1.3, and all later PAN-OS versions.<br></p><p><u><b>For Prisma SD-WAN ION</b></u></p><p>This issue is fixed in Prisma SD-WAN ION 5.6.19, Prisma SD-WAN ION 6.1.8, Prisma SD-WAN ION 6.3.2, and all later Prisma SD-WAN ION versions. If you are using the Prisma SD-WAN ION 6.2 series, evaluate moving to another Prisma SD-WAN ION series number based on the <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/customer-resources/prisma-sd-wan-ion-software-release-guidelines/ta-p/578685.\">Prisma SD-WAN ION Software Release Guidelines</a>.</p><p></p>"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2026-03-10T01:00:00.000Z","lang":"en","value":"Updated fix versions for PAN-OS SSH server; added support for Strict Key Exchange (kex-strict)."},{"time":"2025-07-15T21:25:00.000Z","lang":"en","value":"Improved readability, updated status for PAN-OS 10.1"},{"time":"2024-12-20T19:15:00.000Z","lang":"en","value":"Updated ETA for PAN-OS 10.1.15"},{"time":"2024-10-14T19:50:00.000Z","lang":"eng","value":"Updated Product Status table"},{"time":"2024-03-29T19:00:00.000Z","lang":"eng","value":"Added Prisma SD-WAN ION impact and PAN-OS SSH client impact"},{"time":"2024-01-17T01:30:00.000Z","lang":"eng","value":"Clarified solution"},{"time":"2024-01-09T01:30:00.000Z","lang":"eng","value":"Initial publication"}],"source":{"defect":["PAN-241547","CGSDW-19542"],"discovery":"EXTERNAL"},"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"x_affectedList":["Prisma SD-WAN ION 6.3","Prisma SD-WAN ION 6.2","Prisma SD-WAN ION 6.1","Prisma SD-WAN ION 5.6","PAN-OS 11.1.2-h3","PAN-OS 11.1.2-h2","PAN-OS 11.1.2-h1","PAN-OS 11.1.2","PAN-OS 11.1.1-h1","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 11.1","PAN-OS 11.0.4-h1","PAN-OS 11.0.4","PAN-OS 11.0.3-h10","PAN-OS 11.0.3-h9","PAN-OS 11.0.3-h8","PAN-OS 11.0.3-h7","PAN-OS 11.0.3-h6","PAN-OS 11.0.3-h5","PAN-OS 11.0.3-h4","PAN-OS 11.0.3-h3","PAN-OS 11.0.3-h2","PAN-OS 11.0.3-h1","PAN-OS 11.0.3","PAN-OS 11.0.2-h4","PAN-OS 11.0.2-h3","PAN-OS 11.0.2-h2","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h4","PAN-OS 11.0.1-h3","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0-h3","PAN-OS 11.0.0-h2","PAN-OS 11.0.0-h1","PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.9-h1","PAN-OS 10.2.9","PAN-OS 10.2.8-h3","PAN-OS 10.2.7-h8","PAN-OS 10.2.7-h7","PAN-OS 10.2.7-h6","PAN-OS 10.2.7-h5","PAN-OS 10.2.7-h4","PAN-OS 10.2.7-h3","PAN-OS 10.2.7-h2","PAN-OS 10.2.7-h1","PAN-OS 10.2.7","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h16","PAN-OS 10.2.4-h15","PAN-OS 10.2.4-h14","PAN-OS 10.2.4-h13","PAN-OS 10.2.4-h12","PAN-OS 10.2.4-h11","PAN-OS 10.2.4-h10","PAN-OS 10.2.4-h9","PAN-OS 10.2.4-h8","PAN-OS 10.2.4-h7","PAN-OS 10.2.4-h6","PAN-OS 10.2.4-h5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1","PAN-OS 9.1","PAN-OS 9.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-6791","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2023-12-13T00:00:00","dateReserved":"2023-12-13T00:00:00","dateUpdated":"2023-12-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Plaintext Disclosure of External System Integration Credentials","datePublic":"2023-12-13T17:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2023-12-13T18:30:17.115Z"},"descriptions":[{"lang":"en","value":"A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.</pre>"}]}],"x_affectedList":["PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.11-h1","PAN-OS 10.0.11","PAN-OS 10.0.10","PAN-OS 10.0.9","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.15-h1","PAN-OS 9.1.15","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.24","PAN-OS 8.1.23-h1","PAN-OS 8.1.23","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","Cloud NGFW"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"11.1 All","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.24-h1","versionType":"custom","changes":[{"at":"8.1.24-h1","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.17","versionType":"custom","changes":[{"at":"9.0.17","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.16","versionType":"custom","changes":[{"at":"9.1.16","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.9","versionType":"custom","changes":[{"at":"10.1.9","status":"unaffected"}]},{"version":"10.2","status":"affected","lessThan":"10.2.4","versionType":"custom","changes":[{"at":"10.2.4","status":"unaffected"}]},{"version":"11.0","status":"affected","lessThan":"11.0.1","versionType":"custom","changes":[{"at":"11.0.1","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.12","versionType":"custom","changes":[{"at":"10.0.12","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2023-3285"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Kajetan Rostojek for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","subConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN","baseSeverity":"MEDIUM","baseScore":6.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:D/RE:L/U:Green"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-701: Weakness Introduced During Design","cweId":"CWE-701"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-193370"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.24-h1, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.12, PAN-OS 10.1.9, PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions.\n\nYou should issue new credentials for the impacted external integrations after you upgrade your PAN-OS software to a fixed version to prevent the misuse of previously exposed credentials.\n\nPlease note that customers impacted by the PAN-OS root and default certificate expiration issue must carefully select the fixed version of PAN-OS they upgrade their devices to when addressing this vulnerability to not reintroduce the certificate issue. More information and support for the certificate expiration issue in PAN-OS is available at https://live.paloaltonetworks.com/t5/customer-advisories/emergency-update-required-pan-os-root-and-default-certificate/ta-p/564672.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.24-h1, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.12, PAN-OS 10.1.9, PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions.\n\nYou should issue new credentials for the impacted external integrations after you upgrade your PAN-OS software to a fixed version to prevent the misuse of previously exposed credentials.\n\nPlease note that customers impacted by the PAN-OS root and default certificate expiration issue must carefully select the fixed version of PAN-OS they upgrade their devices to when addressing this vulnerability to not reintroduce the certificate issue. More information and support for the certificate expiration issue in PAN-OS is available at https://live.paloaltonetworks.com/t5/customer-advisories/emergency-update-required-pan-os-root-and-default-certificate/ta-p/564672.","type":"text/html","base64":false}}],"timeline":[{"time":"2023-12-13T17:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-6794","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2023-12-13T00:00:00","dateReserved":"2023-12-13T00:00:00","dateUpdated":"2023-12-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: File Upload Vulnerability in the Web Interface","datePublic":"2023-12-13T17:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2023-12-13T18:16:39.175Z"},"descriptions":[{"lang":"en","value":"An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.</pre>"}]}],"x_affectedList":["PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.17","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.25","PAN-OS 8.1.24-h1","PAN-OS 8.1.24","PAN-OS 8.1.23-h1","PAN-OS 8.1.23","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.1 All","status":"unaffected"},{"version":"10.2 All","status":"unaffected"},{"version":"11.0 All","status":"unaffected"},{"version":"11.1 All","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.26","versionType":"custom","changes":[{"at":"8.1.26","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.17-h1","versionType":"custom","changes":[{"at":"9.0.17-h1","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.14","versionType":"custom","changes":[{"at":"9.1.14","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2023-3288"}],"credits":[{"lang":"en","value":"This issue was found by Palo Alto Networks during an internal security review."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN","baseSeverity":"MEDIUM","baseScore":5.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-434 Unrestricted Upload of File with Dangerous Type","cweId":"CWE-434"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-139152","PAN-131835"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.26, PAN-OS 9.0.17-h1, PAN-OS 9.1.14, and all later PAN-OS versions.\n\nPlease note that customers impacted by the PAN-OS root and default certificate expiration issue must carefully select the fixed version of PAN-OS they upgrade their devices to when addressing this vulnerability to not reintroduce the certificate issue. More information and support for the certificate expiration issue in PAN-OS is available at https://live.paloaltonetworks.com/t5/customer-advisories/emergency-update-required-pan-os-root-and-default-certificate/ta-p/564672.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.26, PAN-OS 9.0.17-h1, PAN-OS 9.1.14, and all later PAN-OS versions.\n\nPlease note that customers impacted by the PAN-OS root and default certificate expiration issue must carefully select the fixed version of PAN-OS they upgrade their devices to when addressing this vulnerability to not reintroduce the certificate issue. More information and support for the certificate expiration issue in PAN-OS is available at https://live.paloaltonetworks.com/t5/customer-advisories/emergency-update-required-pan-os-root-and-default-certificate/ta-p/564672.","type":"text/html","base64":false}}],"timeline":[{"time":"2023-12-13T17:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-6793","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2023-12-13T00:00:00","dateReserved":"2023-12-13T00:00:00","dateUpdated":"2023-12-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator","datePublic":"2023-12-13T17:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2023-12-13T18:40:54.955Z"},"descriptions":[{"lang":"en","value":"An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.</pre>"}]}],"x_affectedList":["PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0","PAN-OS 9.1.16-h3","PAN-OS 9.1.16-h2","PAN-OS 9.1.16-h1","PAN-OS 9.1.16","PAN-OS 9.1.15-h1","PAN-OS 9.1.15","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.17-h3","PAN-OS 9.0.17-h2","PAN-OS 9.0.17-h1","PAN-OS 9.0.17","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1 All","status":"unaffected"},{"version":"11.1 All","status":"unaffected"},{"version":"10.0 All","status":"affected"},{"version":"10.0 None","status":"unaffected"},{"version":"9.0","status":"affected","lessThan":"9.0.17-h4","versionType":"custom","changes":[{"at":"9.0.17-h4","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.17","versionType":"custom","changes":[{"at":"9.1.17","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.11","versionType":"custom","changes":[{"at":"10.1.11","status":"unaffected"}]},{"version":"10.2","status":"affected","lessThan":"10.2.5","versionType":"custom","changes":[{"at":"10.2.5","status":"unaffected"}]},{"version":"11.0","status":"affected","lessThan":"11.0.2","versionType":"custom","changes":[{"at":"11.0.2","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2023-3287"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks an external reporter for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN","baseSeverity":"MEDIUM","baseScore":5.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Green"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-269 Improper Privilege Management","cweId":"CWE-269"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-220267","PAN-220269"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This issue is applicable only to PAN-OS configurations that have XML API access enabled.\n\nYou can find more information about the XML API here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/enable-api-access","supportingMedia":{"value":"This issue is applicable only to PAN-OS configurations that have XML API access enabled.\n\nYou can find more information about the XML API here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/enable-api-access","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"This issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2023-12-13T17:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-6790","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2023-12-13T00:00:00","dateReserved":"2023-12-13T00:00:00","dateUpdated":"2023-12-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface","datePublic":"2023-12-13T17:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2023-12-13T18:15:48.142Z"},"descriptions":[{"lang":"en","value":"A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface.</pre>"}]}],"x_affectedList":["PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.11-h1","PAN-OS 10.0.11","PAN-OS 10.0.10","PAN-OS 10.0.9","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.15-h1","PAN-OS 9.1.15","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.24-h1","PAN-OS 8.1.24","PAN-OS 8.1.23-h1","PAN-OS 8.1.23","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","Cloud NGFW"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"11.1 All","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.25","versionType":"custom","changes":[{"at":"8.1.25","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.17","versionType":"custom","changes":[{"at":"9.0.17","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.16","versionType":"custom","changes":[{"at":"9.1.16","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.9","versionType":"custom","changes":[{"at":"10.1.9","status":"unaffected"}]},{"version":"10.2","status":"affected","lessThan":"10.2.4","versionType":"custom","changes":[{"at":"10.2.4","status":"unaffected"}]},{"version":"11.0","status":"affected","lessThan":"11.0.1","versionType":"custom","changes":[{"at":"11.0.1","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.12","versionType":"custom","changes":[{"at":"10.0.12","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2023-3284"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Kajetan Rostojek for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER","baseSeverity":"HIGH","baseScore":7.5,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:L/U:Amber"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-193367"],"discovery":"EXTERNAL"},"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.12, PAN-OS 10.1.9, PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions.\n\nPlease note that customers impacted by the PAN-OS root and default certificate expiration issue must carefully select the fixed version of PAN-OS they upgrade their devices to when addressing this vulnerability to not reintroduce the certificate issue. More information and support for the certificate expiration issue in PAN-OS is available at https://live.paloaltonetworks.com/t5/customer-advisories/emergency-update-required-pan-os-root-and-default-certificate/ta-p/564672.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.12, PAN-OS 10.1.9, PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions.\n\nPlease note that customers impacted by the PAN-OS root and default certificate expiration issue must carefully select the fixed version of PAN-OS they upgrade their devices to when addressing this vulnerability to not reintroduce the certificate issue. More information and support for the certificate expiration issue in PAN-OS is available at https://live.paloaltonetworks.com/t5/customer-advisories/emergency-update-required-pan-os-root-and-default-certificate/ta-p/564672.","type":"text/html","base64":false}}],"timeline":[{"time":"2023-12-13T17:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-6789","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2023-12-13T00:00:00","dateReserved":"2023-12-13T00:00:00","dateUpdated":"2023-12-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface","datePublic":"2023-12-13T17:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2023-12-13T18:26:30.524Z"},"descriptions":[{"lang":"en","value":"A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.</pre>"}]}],"x_affectedList":["PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0","PAN-OS 9.1.16-h3","PAN-OS 9.1.16-h2","PAN-OS 9.1.16-h1","PAN-OS 9.1.16","PAN-OS 9.1.15-h1","PAN-OS 9.1.15","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.17-h3","PAN-OS 9.0.17-h2","PAN-OS 9.0.17-h1","PAN-OS 9.0.17","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.25","PAN-OS 8.1.24-h1","PAN-OS 8.1.24","PAN-OS 8.1.23-h1","PAN-OS 8.1.23","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"11.1 All","status":"unaffected"},{"version":"10.0 All","status":"affected"},{"version":"10.0 None","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.26","versionType":"custom","changes":[{"at":"8.1.26","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.17-h4","versionType":"custom","changes":[{"at":"9.0.17-h4","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.17","versionType":"custom","changes":[{"at":"9.1.17","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.11","versionType":"custom","changes":[{"at":"10.1.11","status":"unaffected"}]},{"version":"10.2","status":"affected","lessThan":"10.2.5","versionType":"custom","changes":[{"at":"10.2.5","status":"unaffected"}]},{"version":"11.0","status":"affected","lessThan":"11.0.2","versionType":"custom","changes":[{"at":"11.0.2","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2023-3283"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Md Sameull Islam of Beetles Cyber Security LTD, Kajetan Rostojek, and an external reporter for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN","baseSeverity":"MEDIUM","baseScore":4.8,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-216216","PAN-193369","PAN-170882"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.26, PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.26, PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2023-12-13T17:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-6795","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2023-12-13T00:00:00","dateReserved":"2023-12-13T00:00:00","dateUpdated":"2023-12-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: OS Command Injection Vulnerability in the Web Interface","datePublic":"2023-12-13T17:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2023-12-13T18:17:43.368Z"},"descriptions":[{"lang":"en","value":"An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.</pre>"}]}],"x_affectedList":["PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.24","PAN-OS 8.1.23-h1","PAN-OS 8.1.23","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.2 All","status":"unaffected"},{"version":"11.0 All","status":"unaffected"},{"version":"11.1 All","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.24-h1","versionType":"custom","changes":[{"at":"8.1.24-h1","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.17","versionType":"custom","changes":[{"at":"9.0.17","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.12","versionType":"custom","changes":[{"at":"9.1.12","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.3","versionType":"custom","changes":[{"at":"10.1.3","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.9","versionType":"custom","changes":[{"at":"10.0.9","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2023-3289"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks an external reporter for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN","baseSeverity":"MEDIUM","baseScore":5.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:L/U:Green"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 OS Command Injection","cweId":"CWE-78"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-166315"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.24-h1, PAN-OS 9.0.17, PAN-OS 9.1.12, PAN-OS 10.0.9, PAN-OS 10.1.3, and all later PAN-OS versions.\n\nPlease note that customers impacted by the PAN-OS root and default certificate expiration issue must carefully select the fixed version of PAN-OS they upgrade their devices to when addressing this vulnerability to not reintroduce the certificate issue. More information and support for the certificate expiration issue in PAN-OS is available at https://live.paloaltonetworks.com/t5/customer-advisories/emergency-update-required-pan-os-root-and-default-certificate/ta-p/564672.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.24-h1, PAN-OS 9.0.17, PAN-OS 9.1.12, PAN-OS 10.0.9, PAN-OS 10.1.3, and all later PAN-OS versions.\n\nPlease note that customers impacted by the PAN-OS root and default certificate expiration issue must carefully select the fixed version of PAN-OS they upgrade their devices to when addressing this vulnerability to not reintroduce the certificate issue. More information and support for the certificate expiration issue in PAN-OS is available at https://live.paloaltonetworks.com/t5/customer-advisories/emergency-update-required-pan-os-root-and-default-certificate/ta-p/564672.","type":"text/html","base64":false}}],"timeline":[{"time":"2023-12-13T17:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-6792","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2023-12-13T00:00:00","dateReserved":"2023-12-13T00:00:00","dateUpdated":"2023-12-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: OS Command Injection Vulnerability in the XML API","datePublic":"2023-12-13T17:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2023-12-13T18:16:18.893Z"},"descriptions":[{"lang":"en","value":"An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.</pre>"}]}],"x_affectedList":["PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.11-h1","PAN-OS 10.0.11","PAN-OS 10.0.10","PAN-OS 10.0.9","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.23-h1","PAN-OS 8.1.23","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.2 All","status":"unaffected"},{"version":"11.0 All","status":"unaffected"},{"version":"11.1 All","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.24","versionType":"custom","changes":[{"at":"8.1.24","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.17","versionType":"custom","changes":[{"at":"9.0.17","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.15","versionType":"custom","changes":[{"at":"9.1.15","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.6","versionType":"custom","changes":[{"at":"10.1.6","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.12","versionType":"custom","changes":[{"at":"10.0.12","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2023-3286"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Ethan Shackelford of IOActive for discovering and reporting this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN","baseSeverity":"MEDIUM","baseScore":5.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')","cweId":"CWE-88"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-156560"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This issue is applicable only to PAN-OS configurations that have XML API access enabled.\n\nYou can find more information about the XML API here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/enable-api-access","supportingMedia":{"value":"This issue is applicable only to PAN-OS configurations that have XML API access enabled.\n\nYou can find more information about the XML API here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/enable-api-access","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 91715 (introduced in Applications and Threats content update 8473).\n\nThis issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 91715 (introduced in Applications and Threats content update 8473).\n\nThis issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15, PAN-OS 10.0.12, PAN-OS 10.1.6, and all later PAN-OS versions.\n\nPlease note that customers impacted by the PAN-OS root and default certificate expiration issue must carefully select the fixed version of PAN-OS they upgrade their devices to when addressing this vulnerability to not reintroduce the certificate issue. More information and support for the certificate expiration issue in PAN-OS is available at https://live.paloaltonetworks.com/t5/customer-advisories/emergency-update-required-pan-os-root-and-default-certificate/ta-p/564672.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15, PAN-OS 10.0.12, PAN-OS 10.1.6, and all later PAN-OS versions.\n\nPlease note that customers impacted by the PAN-OS root and default certificate expiration issue must carefully select the fixed version of PAN-OS they upgrade their devices to when addressing this vulnerability to not reintroduce the certificate issue. More information and support for the certificate expiration issue in PAN-OS is available at https://live.paloaltonetworks.com/t5/customer-advisories/emergency-update-required-pan-os-root-and-default-certificate/ta-p/564672.","type":"text/html","base64":false}}],"timeline":[{"time":"2023-12-13T17:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-38802","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2023-09-13T16:00:00.000Z","dateReserved":"2023-09-13T16:00:00.000Z","dateUpdated":"2024-01-18T00:00:00.000000Z"},"containers":{"cna":{"title":" PAN-OS: Denial-of-Service (DoS) Vulnerability in BGP Software","datePublic":"2023-09-13T16:00:00.000Z","providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2023-11-15T05:07:02.171314"},"descriptions":[{"lang":"en","value":"BGP software such as FRRouting FRR included as part of the PAN-OS, Prisma SD-WAN ION, and Prisma Access routing features enable a remote attacker to incorrectly reset network sessions though an invalid BGP update. This issue is applicable only to devices and appliances with BGP routing features enabled.\n\nThis issue requires the remote attacker to control at least one established BGP session that is propagated to the router to exploit it. The denial-of-service (DoS) impact on the network is dependent on the network's architecture and fault tolerant design.\n\nPrisma Access ‘Security Processing Node Endpoint Remote Network (SP-RN/Branches)' and 'Service Connections (SCs/CANs)' nodes do not peer with the Internet and do not receive Internet routes directly unless explicitly configured by the customer. Prisma Access Nodes are commonly protected by unaffected customer-premise equipment (CPE router devices). Hence the impact of this issue on Prisma Access is limited.\n\nFurther details about this issue can be found at: https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>BGP software such as FRRouting FRR included as part of the PAN-OS, Prisma SD-WAN ION, and Prisma Access routing features enable a remote attacker to incorrectly reset network sessions though an invalid BGP update. This issue is applicable only to devices and appliances with BGP routing features enabled.\n\nThis issue requires the remote attacker to control at least one established BGP session that is propagated to the router to exploit it. The denial-of-service (DoS) impact on the network is dependent on the network's architecture and fault tolerant design.\n\nPrisma Access ‘Security Processing Node Endpoint Remote Network (SP-RN/Branches)' and 'Service Connections (SCs/CANs)' nodes do not peer with the Internet and do not receive Internet routes directly unless explicitly configured by the customer. Prisma Access Nodes are commonly protected by unaffected customer-premise equipment (CPE router devices). Hence the impact of this issue on Prisma Access is limited.\n\nFurther details about this issue can be found at: https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling\n</pre>"}]}],"x_affectedList":["Prisma SD-WAN ION 6.2","Prisma SD-WAN ION 6.1","Prisma Access","PAN-OS 11.0.2-h1","PAN-OS 11.0.2","PAN-OS 11.0.1-h2","PAN-OS 11.0.1-h1","PAN-OS 11.0.1","PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.5","PAN-OS 10.2.4-h4","PAN-OS 10.2.4-h3","PAN-OS 10.2.4-h2","PAN-OS 10.2.4-h1","PAN-OS 10.2.4","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1.10-h2","PAN-OS 10.1.10-h1","PAN-OS 10.1.10","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 9.1.16-h2","PAN-OS 9.1.16-h1","PAN-OS 9.1.16","PAN-OS 9.1.15-h1","PAN-OS 9.1.15","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"11.0","status":"affected","lessThan":"11.0.3","versionType":"custom","changes":[{"at":"11.0.3","status":"unaffected"}]},{"version":"10.2","status":"affected","lessThan":"10.2.6","versionType":"custom","changes":[{"at":"10.2.6","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.11","versionType":"custom","changes":[{"at":"10.1.11","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.16-h3","versionType":"custom","changes":[{"at":"9.1.16-h3","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.26","versionType":"custom","changes":[{"at":"8.1.26","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.17-h4","versionType":"custom","changes":[{"at":"9.0.17-h4","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"Customers whose most recent software upgrade was before 09/30","status":"affected"},{"version":"Customers who have received a software upgrade or are using new software on or after 09/30","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Prisma SD-WAN ION","versions":[{"version":"5.6 All","status":"unaffected"},{"version":"6.1","status":"affected","lessThan":"6.1.5","versionType":"custom","changes":[{"at":"6.1.5","status":"unaffected"}]},{"version":"6.2","status":"affected","lessThan":"6.2.3","versionType":"custom","changes":[{"at":"6.2.3","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2023-38802"},{"tags":["x_refsource_CONFIRM"],"url":"https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Ben Cartwright-Cox for discovering this issue in BGP implementations."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER","baseSeverity":"HIGH","baseScore":8.2,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:C/RE:L/U:Amber"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-754 Improper Check for Unusual or Exceptional Conditions","cweId":"CWE-754"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-227523"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This issue is applicable only to devices and appliances that are configured with BGP routing features enabled. You can verify whether BGP is enabled for a router by selecting it from 'Network > Virtual Routers’ or 'Network > Logical Routers’ in the web interface of PAN-OS firewalls.\n\nTo exploit this issue, the remote attacker must control at least one established BGP session that is propagated to the router.","supportingMedia":{"value":"This issue is applicable only to devices and appliances that are configured with BGP routing features enabled. You can verify whether BGP is enabled for a router by selecting it from 'Network > Virtual Routers’ or 'Network > Logical Routers’ in the web interface of PAN-OS firewalls.\n\nTo exploit this issue, the remote attacker must control at least one established BGP session that is propagated to the router.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"You can prevent exploitation of this issue by inserting an unaffected BGP router—configured to drop the invalid BGP update instead of propagating it—between the attacker-originated BGP update and PAN-OS, Prisma SD-WAN ION, and Prisma Access devices. This stops the invalid BGP update from reaching the affected router.","supportingMedia":{"value":"You can prevent exploitation of this issue by inserting an unaffected BGP router—configured to drop the invalid BGP update instead of propagating it—between the attacker-originated BGP update and PAN-OS, Prisma SD-WAN ION, and Prisma Access devices. This stops the invalid BGP update from reaching the affected router.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue targeting our customers. However, knowledge of invalid BGP attributes that trigger this issue is publicly available.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue targeting our customers. However, knowledge of invalid BGP attributes that trigger this issue is publicly available.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.26, PAN-OS 9.0.17-h4, PAN-OS 9.1.16-h3, PAN-OS 10.1.11, PAN-OS 10.2.6, PAN-OS 11.0.3, and all later PAN-OS versions.\n\nThis issue is fixed in Prisma SD-WAN ION 6.1.5, Prisma SD-WAN ION 6.2.3, and all later Prisma SD-WAN ION versions. This issue does not impact Prisma SD-WAN ION 5.6 versions.\n\nFor Prisma Access customers, the upgrade to fix this issue will be available on 09/30. Customers should work with their Prisma Access contacts and support to secure a maintenance window for the on-demand software upgrade.\n\nPlease note that full Prisma Access data plane upgrades scheduled on and after 09/30 will have this fix incorporated by default. No additional action is necessary for these customers to remediate this issue.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.26, PAN-OS 9.0.17-h4, PAN-OS 9.1.16-h3, PAN-OS 10.1.11, PAN-OS 10.2.6, PAN-OS 11.0.3, and all later PAN-OS versions.\n\nThis issue is fixed in Prisma SD-WAN ION 6.1.5, Prisma SD-WAN ION 6.2.3, and all later Prisma SD-WAN ION versions. This issue does not impact Prisma SD-WAN ION 5.6 versions.\n\nFor Prisma Access customers, the upgrade to fix this issue will be available on 09/30. Customers should work with their Prisma Access contacts and support to secure a maintenance window for the on-demand software upgrade.\n\nPlease note that full Prisma Access data plane upgrades scheduled on and after 09/30 will have this fix incorporated by default. No additional action is necessary for these customers to remediate this issue.","type":"text/html","base64":false}}],"timeline":[{"time":"2023-12-13T17:00:00.000Z","lang":"eng","value":"Updated the ETA for the fix in Prisma SD-WAN ION 6.2"},{"time":"2023-12-09T00:00:00.000Z","lang":"eng","value":"Updated availability of the fix in PAN-OS 8.1.26 and PAN-OS 9.0.17-h4"},{"time":"2023-11-08T17:00:00.000Z","lang":"eng","value":"Updated availability of the fix in PAN-OS 11.0.3 and added CVSS 4.0 scoring"},{"time":"2023-11-08T17:00:00.000Z","lang":"eng","value":"A fix for this issue is being developed for PAN-OS 8.1 and PAN-OS 9.0"},{"time":"2023-11-02T21:05:00.000Z","lang":"eng","value":"Updated the ETA for the fix in PAN-OS 11.0.3"},{"time":"2023-10-24T02:20:00.000Z","lang":"eng","value":"Updated availability of the fix in Prisma SD-WAN ION 6.1.5"},{"time":"2023-10-16T16:15:00.000Z","lang":"eng","value":"Updated the ETA for the fix in Prisma SD-WAN ION 6.1"},{"time":"2023-10-11T16:00:00.000Z","lang":"eng","value":"Updated the ETA for the fix in PAN-OS 11.0.3"},{"time":"2023-10-04T02:05:00.000Z","lang":"eng","value":"Updated availability of the fix in PAN-OS 9.1.16-h3"},{"time":"2023-09-28T04:45:00.000Z","lang":"eng","value":"Updated availability of the fix in PAN-OS 10.1.11 and 10.2.6"},{"time":"2023-09-22T00:02:00.000Z","lang":"eng","value":"Updated guidance for Prisma Access customers"},{"time":"2023-09-16T00:34:00.000Z","lang":"eng","value":"Prisma SD-WAN ION is confirmed to be impacted"},{"time":"2023-09-15T01:00:00.000Z","lang":"eng","value":"The impact of this issue is under investigation for Prisma Access"},{"time":"2023-09-13T16:00:00.000Z","lang":"eng","value":"Initial Publication"},{"time":"2024-01-18T18:00:00.000Z","lang":"eng","value":"Updated availability of the fix in Prisma SD-WAN ION 6.2.3"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-38046","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2023-07-12T00:00:00","dateReserved":"2023-07-12T00:00:00","dateUpdated":"2023-07-12T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Read System Files and Resources During Configuration Commit","datePublic":"2023-07-12T16:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2023-11-09T05:21:39.901Z"},"descriptions":[{"lang":"en","value":"A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.</pre>"}]}],"x_affectedList":["PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1","PAN-OS 10.2.0","PAN-OS 10.2"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.1 All","status":"unaffected"},{"version":"10.0 All","status":"unaffected"},{"version":"9.1 All","status":"unaffected"},{"version":"9.0 All","status":"unaffected"},{"version":"8.1 All","status":"unaffected"},{"version":"11.0","status":"affected","lessThan":"11.0.1","versionType":"custom","changes":[{"at":"11.0.1","status":"unaffected"}]},{"version":"10.2","status":"affected","lessThan":"10.2.4","versionType":"custom","changes":[{"at":"10.2.4","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2023-38046"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Kajetan Rostojek for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-610 Externally Controlled Reference to a Resource in Another Sphere","cweId":"CWE-610"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-208922"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue requires the attacker to have authenticated access to PAN-OS. You can mitigate the impact of this issue by following best practices for securing PAN-OS. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue requires the attacker to have authenticated access to PAN-OS. You can mitigate the impact of this issue by following best practices for securing PAN-OS. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2023-07-12T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-0010","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2023-06-14T00:00:00","dateReserved":"2023-06-14T00:00:00","dateUpdated":"2023-06-29T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication","datePublic":"2023-06-14T16:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2023-06-14T16:31:35.543Z"},"descriptions":[{"lang":"en","value":"A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link.\n</pre>"}]}],"x_affectedList":["PAN-OS 10.2.1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.10","PAN-OS 10.0.9","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.15-h1","PAN-OS 9.1.15","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.23-h1","PAN-OS 8.1.23","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"11.0 All","status":"unaffected"},{"version":"10.2","status":"affected","lessThan":"10.2.2","versionType":"custom","changes":[{"at":"10.2.2","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.6","versionType":"custom","changes":[{"at":"10.1.6","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.24","versionType":"custom","changes":[{"at":"8.1.24","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.16","versionType":"custom","changes":[{"at":"9.1.16","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.17","versionType":"custom","changes":[{"at":"9.0.17","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.11","versionType":"custom","changes":[{"at":"10.0.11","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2023-0010"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks the Lockheed Martin Red Team for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-191662"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This issue is applicable only to firewalls that are configured to use Captive Portal authentication.\n\nOn PAN-OS 10.0 and later software versions, this issue applies only to firewalls that have also disabled the default token generation for Captive Portal authentication. You can verify that the token is not disabled by running the following command: ‘show deviceconfig setting captive-portal’.\n","supportingMedia":{"value":"This issue is applicable only to firewalls that are configured to use Captive Portal authentication.\n\nOn PAN-OS 10.0 and later software versions, this issue applies only to firewalls that have also disabled the default token generation for Captive Portal authentication. You can verify that the token is not disabled by running the following command: ‘show deviceconfig setting captive-portal’.\n","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 92065 (Applications and Threats content update 8722).","supportingMedia":{"value":"Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 92065 (Applications and Threats content update 8722).","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.11, PAN-OS 10.1.6, PAN-OS 10.2.2, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.11, PAN-OS 10.1.6, PAN-OS 10.2.2, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2023-06-29T05:00:00.000Z","lang":"eng","value":"Updated threat prevention signature coverage"},{"time":"2023-06-14T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-0007","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2023-05-10T00:00:00","dateReserved":"2023-05-10T00:00:00","dateUpdated":"2023-05-10T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface","datePublic":"2023-05-10T16:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2023-05-10T16:30:47.049Z"},"descriptions":[{"lang":"en","value":"A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed.</pre>"}]}],"x_affectedList":["PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.15-h1","PAN-OS 9.1.15","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.24-h1","PAN-OS 8.1.24","PAN-OS 8.1.23-h1","PAN-OS 8.1.23","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.0","status":"affected","lessThan":"9.0.17","versionType":"custom","changes":[{"at":"9.0.17","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.7","versionType":"custom","changes":[{"at":"10.0.7","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.25","versionType":"custom","changes":[{"at":"8.1.25","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.16","versionType":"custom","changes":[{"at":"9.1.16","status":"unaffected"}]}],"platforms":["Panorama"]},{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.2 All","status":"unaffected"},{"version":"11.0 All","status":"unaffected"},{"version":"10.1 All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2023-0007"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Colin McQueen for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)","cweId":"CWE-80"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-166872"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.7, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.7, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2023-05-10T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-0008","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2023-05-10T00:00:00","dateReserved":"2023-05-10T00:00:00","dateUpdated":"2023-05-11T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface","datePublic":"2023-05-10T16:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2023-05-11T17:18:58.787Z"},"descriptions":[{"lang":"en","value":"A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.</pre>"}]}],"x_affectedList":["PAN-OS 11.0.0","PAN-OS 11.0","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1.9-h3","PAN-OS 10.1.9-h2","PAN-OS 10.1.9-h1","PAN-OS 10.1.9","PAN-OS 10.1.8-h2","PAN-OS 10.1.8-h1","PAN-OS 10.1.8","PAN-OS 10.1.7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.11-h1","PAN-OS 10.0.11","PAN-OS 10.0.10","PAN-OS 10.0.9","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.15-h1","PAN-OS 9.1.15","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.24-h1","PAN-OS 8.1.24","PAN-OS 8.1.23-h1","PAN-OS 8.1.23","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.1","status":"affected","lessThan":"10.1.10","versionType":"custom","changes":[{"at":"10.1.10","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.17","versionType":"custom","changes":[{"at":"9.0.17","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.12","versionType":"custom","changes":[{"at":"10.0.12","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.25","versionType":"custom","changes":[{"at":"8.1.25","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.16","versionType":"custom","changes":[{"at":"9.1.16","status":"unaffected"}]},{"version":"10.2","status":"affected","lessThan":"10.2.4","versionType":"custom","changes":[{"at":"10.2.4","status":"unaffected"}]},{"version":"11.0","status":"affected","lessThan":"11.0.1","versionType":"custom","changes":[{"at":"11.0.1","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2023-0008"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Alex Hordijk for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-73: External Control of File Name or Path","cweId":"CWE-73"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-205063"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.12, PAN-OS 10.1.10, PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.12, PAN-OS 10.1.10, PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2023-05-11T17:05:00.000Z","lang":"eng","value":"Clarified that the administrator must have read-write privileges"},{"time":"2023-05-10T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-0005","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2023-04-12T00:00:00","dateReserved":"2023-04-12T00:00:00","dateUpdated":"2023-04-12T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Exposure of Sensitive Information Vulnerability","datePublic":"2023-04-12T16:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2023-04-12T16:41:21.342Z"},"descriptions":[{"lang":"en","value":"A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys.</pre>"}]}],"x_affectedList":["PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1.7","PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.11-h1","PAN-OS 10.0.11","PAN-OS 10.0.10","PAN-OS 10.0.9","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.23-h1","PAN-OS 8.1.23","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"11.0 All","status":"unaffected"},{"version":"10.1","status":"affected","lessThan":"10.1.8","versionType":"custom","changes":[{"at":"10.1.8","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.15","versionType":"custom","changes":[{"at":"9.1.15","status":"unaffected"}]},{"version":"10.2","status":"affected","lessThan":"10.2.3","versionType":"custom","changes":[{"at":"10.2.3","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.24","versionType":"custom","changes":[{"at":"8.1.24","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.12","versionType":"custom","changes":[{"at":"10.0.12","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.17","versionType":"custom","changes":[{"at":"9.0.17","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2023-0005"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks the security researcher rqu for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.1,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere","cweId":"CWE-497"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-198986"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue requires the attacker to have authenticated access to the PAN-OS management interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue requires the attacker to have authenticated access to the PAN-OS management interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue. However, a proof of concept script for this issue is publicly available.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue. However, a proof of concept script for this issue is publicly available.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15, PAN-OS 10.0.12, PAN-OS 10.1.8, PAN-OS 10.2.3, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15, PAN-OS 10.0.12, PAN-OS 10.1.8, PAN-OS 10.2.3, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2023-04-12T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-0004","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2023-04-12T00:00:00","dateReserved":"2023-04-12T00:00:00","dateUpdated":"2023-04-19T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Local File Deletion Vulnerability","datePublic":"2023-04-12T16:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2023-04-12T16:41:02.556Z"},"descriptions":[{"lang":"en","value":"A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges.\n\nThese files can include logs and system components that impact the integrity and availability of PAN-OS software.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges.\n\nThese files can include logs and system components that impact the integrity and availability of PAN-OS software.</pre>"}]}],"x_affectedList":["PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.10","PAN-OS 10.0.9","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.23-h1","PAN-OS 8.1.23","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.2 All","status":"unaffected"},{"version":"11.0 All","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.24","versionType":"custom","changes":[{"at":"8.1.24","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.17","versionType":"custom","changes":[{"at":"9.0.17","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.15","versionType":"custom","changes":[{"at":"9.1.15","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.11","versionType":"custom","changes":[{"at":"10.0.11","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.6","versionType":"custom","changes":[{"at":"10.1.6","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2023-0004"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Wim Barthier and Frank Lycops for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-703: Improper Check or Handling of Exceptional Conditions","cweId":"CWE-703"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-171625"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat IDs 93274 and 93287 (Applications and Threats content update 8698).\n\nThis issue requires the attacker to have authenticated access to the PAN-OS management interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat IDs 93274 and 93287 (Applications and Threats content update 8698).\n\nThis issue requires the attacker to have authenticated access to the PAN-OS management interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15, PAN-OS 10.0.11, PAN-OS 10.1.6, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15, PAN-OS 10.0.11, PAN-OS 10.1.6, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2023-04-12T16:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2023-04-19T04:40:00.000Z","lang":"eng","value":"Updated threat prevention signature coverage"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-0030","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2022-10-12T00:00:00","dateReserved":"2022-10-12T00:00:00","dateUpdated":"2022-10-12T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Authentication Bypass in Web Interface","datePublic":"2022-10-12T16:00:00.000Z","providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2022-10-12T00:00:00"},"descriptions":[{"lang":"en","value":"An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions.</pre>"}]}],"x_affectedList":["PAN-OS 8.1.23-h1","PAN-OS 8.1.23","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.0 All","status":"unaffected"},{"version":"9.1 All","status":"unaffected"},{"version":"10.1 All","status":"unaffected"},{"version":"10.2 All","status":"unaffected"},{"version":"10.0 All","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.24","versionType":"custom","changes":[{"at":"8.1.24","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2022-0030"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks the security researcher that discovered and reported this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-290 Authentication Bypass by Spoofing","cweId":"CWE-290"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-195571"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"Customers with a Threat Prevention subscription can block known attacks for this vulnerability by enabling Threat ID 92720 (Applications and Threats content update 8630-7638).\n\nTo exploit this issue, the attacker must have network access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices.","supportingMedia":{"value":"Customers with a Threat Prevention subscription can block known attacks for this vulnerability by enabling Threat ID 92720 (Applications and Threats content update 8630-7638).\n\nTo exploit this issue, the attacker must have network access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.24 and all later PAN-OS versions.\n\nPlease note that PAN-OS 8.1 has reached its software end-of-life (EoL) and is supported only on PA-200, PA-500, and PA-5000 Series firewalls and on M-100 appliances and only until each of their respective hardware EoL dates:  https://www.paloaltonetworks.com/services/support/end-of-life-announcements/hardware-end-of-life-dates.html.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.24 and all later PAN-OS versions.\n\nPlease note that PAN-OS 8.1 has reached its software end-of-life (EoL) and is supported only on PA-200, PA-500, and PA-5000 Series firewalls and on M-100 appliances and only until each of their respective hardware EoL dates:  https://www.paloaltonetworks.com/services/support/end-of-life-announcements/hardware-end-of-life-dates.html.","type":"text/html","base64":false}}],"timeline":[{"time":"2022-10-12T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-28199","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2022-09-14T00:00:00","dateReserved":"2022-09-14T00:00:00","dateUpdated":"2022-09-14T00:00:00.000000Z"},"containers":{"cna":{"title":"Informational: PAN-OS: Impact of the NVIDIA Dataplane Development Kit (DPDK) Vulnerability CVE-2022-28199","datePublic":"2022-09-14T16:00:00.000Z","providerMetadata":{"dateUpdated":"2022-09-07T17:06:13","orgId":"9576f279-3576-44b5-a4af-b9a8644b2de6","shortName":"nvidia"},"descriptions":[{"lang":"en","value":"The Palo Alto Networks Product Security Assurance team evaluated the NVIDIA Dataplane Development Kit (DPDK) vulnerability (CVE-2022-28199) as it relates to our products.\n\nThis vulnerability causes networking stacks that use the NVIDIA distribution of the DPDK to enter an unrecoverable state when processing traffic and results in a denial-of-service (DoS) to the network interface.\n\nPalo Alto Networks VM-Series (virtual) firewalls that have an enabled NVIDIA network interface card use the affected NVIDIA DPDK module on PAN-OS 10.1 and later versions of PAN-OS software but there are no scenarios that enable successful exploitation of this vulnerability in PAN-OS software. As a result, this vulnerability has no security impact on these firewalls.\n\nThis issue does not impact Palo Alto Networks PA-Series (hardware) firewalls, VM-Series (virtual) firewalls, CN-Series (container) firewalls, Panorama virtual appliances, Panorama M-Series appliances, Cloud NGFW customers, or Prisma Access customers.\n\nTo reiterate, there is no known security impact for this vulnerability in PAN-OS software.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The Palo Alto Networks Product Security Assurance team evaluated the NVIDIA Dataplane Development Kit (DPDK) vulnerability (CVE-2022-28199) as it relates to our products.\n\nThis vulnerability causes networking stacks that use the NVIDIA distribution of the DPDK to enter an unrecoverable state when processing traffic and results in a denial-of-service (DoS) to the network interface.\n\nPalo Alto Networks VM-Series (virtual) firewalls that have an enabled NVIDIA network interface card use the affected NVIDIA DPDK module on PAN-OS 10.1 and later versions of PAN-OS software but there are no scenarios that enable successful exploitation of this vulnerability in PAN-OS software. As a result, this vulnerability has no security impact on these firewalls.\n\nThis issue does not impact Palo Alto Networks PA-Series (hardware) firewalls, VM-Series (virtual) firewalls, CN-Series (container) firewalls, Panorama virtual appliances, Panorama M-Series appliances, Cloud NGFW customers, or Prisma Access customers.\n\nTo reiterate, there is no known security impact for this vulnerability in PAN-OS software.</pre>"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.2 All","status":"unaffected"},{"version":"10.1 All","status":"unaffected"},{"version":"10.0 All","status":"unaffected"},{"version":"9.1 All","status":"unaffected"},{"version":"9.0 All","status":"unaffected"},{"version":"8.1 All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"3.1 All","status":"unaffected"},{"version":"3.0 All","status":"unaffected"},{"version":"2.2 All","status":"unaffected"},{"version":"2.1 All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2022-28199"}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-201578"],"discovery":"EXTERNAL"},"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"No product updates are required for Palo Alto Networks products at this time.","supportingMedia":{"value":"No product updates are required for Palo Alto Networks products at this time.","type":"text/html","base64":false}}],"timeline":[{"time":"2022-09-14T16:00:00.000Z","lang":"eng","value":"Initial publication"}],"metrics":[{"cvssV3_1":{"version":"3.1","attackVector":"PHYSICAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE","vectorString":"CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N","baseScore":0,"baseSeverity":"NONE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-0028","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2022-08-10T00:00:00","dateReserved":"2022-08-10T00:00:00","dateUpdated":"2022-08-19T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering","datePublic":"2022-08-10T16:00:00.000Z","providerMetadata":{"dateUpdated":"2022-08-10T16:00:16","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target.\n\nTo be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a security rule with a source zone that has an external facing network interface. This configuration is not typical for URL filtering and, if set, is likely unintended by the administrator.\n\nIf exploited, this issue would not impact the confidentiality, integrity, or availability of our products. However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack.\n\nWe have taken prompt action to address this issue in our PAN-OS software. All PAN-OS software updates for this issue are now available. This issue does not impact Panorama M-Series or Panorama virtual appliances.\n\nThis issue has been resolved for all Cloud NGFW and Prisma Access customers and no additional action is required from them.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target.\n\nTo be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a security rule with a source zone that has an external facing network interface. This configuration is not typical for URL filtering and, if set, is likely unintended by the administrator.\n\nIf exploited, this issue would not impact the confidentiality, integrity, or availability of our products. However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack.\n\nWe have taken prompt action to address this issue in our PAN-OS software. All PAN-OS software updates for this issue are now available. This issue does not impact Panorama M-Series or Panorama virtual appliances.\n\nThis issue has been resolved for all Cloud NGFW and Prisma Access customers and no additional action is required from them.</pre>"}]}],"x_affectedList":["PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.11","PAN-OS 10.0.10","PAN-OS 10.0.9","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.23","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1","status":"affected","lessThan":"8.1.23-h1","versionType":"custom","changes":[{"at":"8.1.23-h1","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.16-h3","versionType":"custom","changes":[{"at":"9.0.16-h3","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.14-h4","versionType":"custom","changes":[{"at":"9.1.14-h4","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.11-h1","versionType":"custom","changes":[{"at":"10.0.11-h1","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.6-h6","versionType":"custom","changes":[{"at":"10.1.6-h6","status":"unaffected"}]},{"version":"10.2","status":"affected","lessThan":"10.2.2-h2","versionType":"custom","changes":[{"at":"10.2.2-h2","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"2.1 All","status":"unaffected"},{"version":"2.2 All","status":"unaffected"},{"version":"3.0 All","status":"unaffected"},{"version":"3.1 All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2022-0028"}],"credits":[{"lang":"en","value":"This issue was responsibly reported to Palo Alto Networks by Excellium-Services S.A. CSIRT, CERT-XLM."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":8.6,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-406 Insufficient Control of Network Message Volume (Network Amplification)","cweId":"CWE-406"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-192999"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"The firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a security rule with a source zone that has an external facing interface for this issue to be misused by an external attacker. This configuration is not typical for URL filtering and is likely unintended by the administrator.\n\nThis issue is applicable to PA-Series (hardware), VM-Series (virtual), and CN-Series (container) firewalls only when all three of the following conditions are true:\n\n1. The security policy on the firewall that allows traffic to pass from Zone A to Zone B includes a URL filtering profile with one or more blocked categories;\nAND\n2. Packet-based attack protection is not enabled in a Zone Protection profile for Zone A including both (Packet Based Attack Protection > TCP Drop > TCP Syn With Data) and (Packet Based Attack Protection > TCP Drop > Strip TCP Options > TCP Fast Open);\nAND\n3. Flood protection through SYN cookies is not enabled in a Zone Protection profile for Zone A (Flood Protection > SYN > Action > SYN Cookie) with an activation threshold of 0 connections.","supportingMedia":{"value":"The firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a security rule with a source zone that has an external facing interface for this issue to be misused by an external attacker. This configuration is not typical for URL filtering and is likely unintended by the administrator.\n\nThis issue is applicable to PA-Series (hardware), VM-Series (virtual), and CN-Series (container) firewalls only when all three of the following conditions are true:\n\n1. The security policy on the firewall that allows traffic to pass from Zone A to Zone B includes a URL filtering profile with one or more blocked categories;\nAND\n2. Packet-based attack protection is not enabled in a Zone Protection profile for Zone A including both (Packet Based Attack Protection > TCP Drop > TCP Syn With Data) and (Packet Based Attack Protection > TCP Drop > Strip TCP Options > TCP Fast Open);\nAND\n3. Flood protection through SYN cookies is not enabled in a Zone Protection profile for Zone A (Flood Protection > SYN > Action > SYN Cookie) with an activation threshold of 0 connections.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"If you have a URL filtering policy with one or more blocked categories assigned to a security rule with a source zone that has an external facing interface, removing this configuration will prevent this issue from being exploited by remote attackers to conduct reflected DoS.\n\nTo prevent denial-of-service (DoS) attacks resulting from this issue from all sources, you can configure your Palo Alto Networks firewalls by enabling one of two zone protection mitigations on all Security zones with an assigned Security policy that includes a URL filtering profile:\n\n1. Packet-based attack protection including both (Packet Based Attack Protection > TCP Drop > TCP SYN with Data) and (Packet Based Attack Protection > TCP Drop > Strip TCP Options > TCP Fast Open);\nOR\n2. Flood protection (Flood Protection > SYN > Action > SYN Cookie) with an activation threshold of 0 connections.\n\nNOTES:\nIt is not necessary nor advantageous to apply both the attack and flood protections. \n(Palo Alto Networks Aporeto software only) You should not enable either of these protections if using Aporeto software; instead, wait for and install a fixed version of PAN-OS software.\n\nPacket-Based Attack Protection Workaround (Recommended)\n\nFollow the technical documentation to configure packet-based attack protection options for all defined Security zones with URL filtering enabled in the Security profile for that zone:\nhttps://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/zone-protection-and-dos-protection/configure-zone-protection-to-increase-network-security/configure-packet-based-attack-protection\n\nThe packet-based attack protection workaround will prevent the firewall from establishing TCP sessions in impacted zones when the TCP SYN packet contains data in the three-way handshake for a TCP session. Please note that this workaround may disrupt applications that use TCP Fast Open in the zone.\n\nFlood Protection (Alternate) Workaround\n\nIf you instead decide to enable the flood protection workaround, first make sure you understand how  enabling SYN cookies will change traffic flow in the impacted zones:\nhttps://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/zone-protection-and-dos-protection/zone-defense/zone-protection-profiles/flood-protection","supportingMedia":{"value":"If you have a URL filtering policy with one or more blocked categories assigned to a security rule with a source zone that has an external facing interface, removing this configuration will prevent this issue from being exploited by remote attackers to conduct reflected DoS.\n\nTo prevent denial-of-service (DoS) attacks resulting from this issue from all sources, you can configure your Palo Alto Networks firewalls by enabling one of two zone protection mitigations on all Security zones with an assigned Security policy that includes a URL filtering profile:\n\n1. Packet-based attack protection including both (Packet Based Attack Protection > TCP Drop > TCP SYN with Data) and (Packet Based Attack Protection > TCP Drop > Strip TCP Options > TCP Fast Open);\nOR\n2. Flood protection (Flood Protection > SYN > Action > SYN Cookie) with an activation threshold of 0 connections.\n\nNOTES:\nIt is not necessary nor advantageous to apply both the attack and flood protections. \n(Palo Alto Networks Aporeto software only) You should not enable either of these protections if using Aporeto software; instead, wait for and install a fixed version of PAN-OS software.\n\nPacket-Based Attack Protection Workaround (Recommended)\n\nFollow the technical documentation to configure packet-based attack protection options for all defined Security zones with URL filtering enabled in the Security profile for that zone:\nhttps://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/zone-protection-and-dos-protection/configure-zone-protection-to-increase-network-security/configure-packet-based-attack-protection\n\nThe packet-based attack protection workaround will prevent the firewall from establishing TCP sessions in impacted zones when the TCP SYN packet contains data in the three-way handshake for a TCP session. Please note that this workaround may disrupt applications that use TCP Fast Open in the zone.\n\nFlood Protection (Alternate) Workaround\n\nIf you instead decide to enable the flood protection workaround, first make sure you understand how  enabling SYN cookies will change traffic flow in the impacted zones:\nhttps://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/zone-protection-and-dos-protection/zone-defense/zone-protection-profiles/flood-protection","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks recently learned that an attempted reflected denial-of-service (RDoS) attack was identified by a service provider. This attempted attack took advantage of susceptible firewalls from multiple vendors, including Palo Alto Networks. We immediately started to root cause and remediate this issue.\n\nExploitation of this issue does not impact the confidentiality, integrity, or availability of our products.\n","supportingMedia":{"value":"Palo Alto Networks recently learned that an attempted reflected denial-of-service (RDoS) attack was identified by a service provider. This attempted attack took advantage of susceptible firewalls from multiple vendors, including Palo Alto Networks. We immediately started to root cause and remediate this issue.\n\nExploitation of this issue does not impact the confidentiality, integrity, or availability of our products.\n","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"We identified workarounds to prevent the denial-of-service (DoS) attacks that result from this issue in certain Palo Alto Networks firewalls, with this policy configuration.\n\nThis issue is fixed in PAN-OS 8.1.23-h1, PAN-OS 9.0.16-h3, PAN-OS 9.1.14-h4, PAN-OS 10.0.11-h1, PAN-OS 10.1.6-h6, PAN-OS 10.2.2-h2, and all later PAN-OS versions for PA-Series, VM-Series and CN-Series firewalls.\n\nAll PAN-OS software updates for this issue are now available.","supportingMedia":{"value":"We identified workarounds to prevent the denial-of-service (DoS) attacks that result from this issue in certain Palo Alto Networks firewalls, with this policy configuration.\n\nThis issue is fixed in PAN-OS 8.1.23-h1, PAN-OS 9.0.16-h3, PAN-OS 9.1.14-h4, PAN-OS 10.0.11-h1, PAN-OS 10.1.6-h6, PAN-OS 10.2.2-h2, and all later PAN-OS versions for PA-Series, VM-Series and CN-Series firewalls.\n\nAll PAN-OS software updates for this issue are now available.","type":"text/html","base64":false}}],"timeline":[{"time":"2022-08-10T16:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2022-08-10T23:10:00.000Z","lang":"eng","value":"PAN-OS 10.1.6-h6 fixed version is now available. Updated ETA for PAN-OS 8.1.23-h1. Clarified URL filtering assignment language."},{"time":"2022-08-12T02:45:00.000Z","lang":"eng","value":"An update to the acknowledgements section of the advisory."},{"time":"2022-08-16T00:42:00.000Z","lang":"eng","value":"PAN-OS 8.1.23-h1 fixed version is now available."},{"time":"2022-08-18T23:38:00.000Z","lang":"eng","value":"PAN-OS 10.2.2-h2 fixed version is now available."},{"time":"2022-08-19T16:22:00.000Z","lang":"eng","value":"PAN-OS 9.0.16-h3, PAN-OS 9.1.14-h4, and PAN-OS 10.0.11-h1 fixed versions are now available."}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-0024","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2022-05-11T00:00:00","dateReserved":"2022-05-11T00:00:00","dateUpdated":"2022-05-11T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit","datePublic":"2022-05-11T16:00:00.000Z","providerMetadata":{"dateUpdated":"2022-05-11T16:30:22","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls.\n\nThis issue does not impact Panorama appliances or Prisma Access customers.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls.\n\nThis issue does not impact Panorama appliances or Prisma Access customers.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.23;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.16;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.13;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.10;\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.5.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.23;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.16;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.13;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.10;\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.5.\n</pre>"}]}],"x_affectedList":["PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.9","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.1","status":"affected","lessThan":"9.1.13","versionType":"custom","changes":[{"at":"9.1.13","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.5","versionType":"custom","changes":[{"at":"10.1.5","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.16","versionType":"custom","changes":[{"at":"9.0.16","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.23","versionType":"custom","changes":[{"at":"8.1.23","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.10","versionType":"custom","changes":[{"at":"10.0.10","status":"unaffected"}]},{"version":"10.2.0","status":"unaffected","lessThan":"10.2*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2022-0024"}],"credits":[{"lang":"en","value":" This issue was found by Nicholas Newsom of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-138 Improper Neutralization of Special Elements","cweId":"CWE-138"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-177551"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue requires the attacker to have authenticated access to the PAN-OS management interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue requires the attacker to have authenticated access to the PAN-OS management interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.23, PAN-OS 9.0.16, PAN-OS 9.1.13, PAN-OS 10.0.10, PAN-OS 10.1.5, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.23, PAN-OS 9.0.16, PAN-OS 9.1.13, PAN-OS 10.0.10, PAN-OS 10.1.5, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2022-05-11T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-0023","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2022-04-13T00:00:00","dateReserved":"2022-04-13T00:00:00","dateUpdated":"2022-04-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy","datePublic":"2022-04-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2022-04-13T18:35:10","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to send this request result in denial-of-service to all PAN-OS services by restarting the device in maintenance mode.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to send this request result in denial-of-service to all PAN-OS services by restarting the device in maintenance mode.</pre>"}]},{"lang":"en","value":"This issue does not impact Panorama appliances and Prisma Access customers.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue does not impact Panorama appliances and Prisma Access customers.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.22;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.16;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.13;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.10;\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.5.\nThis issue does not impact PAN-OS 10.2.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.22;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.16;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.13;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.10;\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.5.\nThis issue does not impact PAN-OS 10.2.</pre>"}]}],"x_affectedList":["PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.9","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.2.*","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.22","versionType":"custom","changes":[{"at":"8.1.22","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.13","versionType":"custom","changes":[{"at":"9.1.13","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.5","versionType":"custom","changes":[{"at":"10.1.5","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.10","versionType":"custom","changes":[{"at":"10.0.10","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.16","versionType":"custom","changes":[{"at":"9.0.16","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"3.0 Preferred, Innovation","status":"unaffected"},{"version":"2.2 Preferred","status":"unaffected"},{"version":"2.1 Preferred, Innovation","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2022-0023"}],"credits":[{"lang":"en","value":"This issue was found by Nicholas Newsom of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.9,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-755 Improper Handling of Exceptional Conditions","cweId":"CWE-755"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-164264"],"discovery":"INTERNAL"},"configurations":[{"lang":"en","value":"This issue is applicable only to PAN-OS hardware and virtual firewalls with the DNS proxy feature enabled. You can verify whether DNS proxy is enabled by selecting 'Network > DNS Proxy’ from the web interface.","supportingMedia":{"value":"This issue is applicable only to PAN-OS hardware and virtual firewalls with the DNS proxy feature enabled. You can verify whether DNS proxy is enabled by selecting 'Network > DNS Proxy’ from the web interface.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Customers with a Threat Prevention subscription can block attack traffic related to this vulnerability by enabling Threat ID 92406 (Applications and Threats content update 8556).\n\nTo completely mitigate the risk of this issue, temporarily disable the DNS proxy feature until you are able to upgrade your PAN-OS software to a fixed version.","supportingMedia":{"value":"Customers with a Threat Prevention subscription can block attack traffic related to this vulnerability by enabling Threat ID 92406 (Applications and Threats content update 8556).\n\nTo completely mitigate the risk of this issue, temporarily disable the DNS proxy feature until you are able to upgrade your PAN-OS software to a fixed version.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.\n\n","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.\n\n","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.22, PAN-OS 9.0.16, PAN-OS 9.1.13, PAN-OS 10.0.10, PAN-OS 10.1.5, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.22, PAN-OS 9.0.16, PAN-OS 9.1.13, PAN-OS 10.0.10, PAN-OS 10.1.5, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2022-04-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-0778","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2022-03-31T00:00:00","dateReserved":"2022-03-31T00:00:00","dateUpdated":"2022-06-24T00:00:00.000000Z"},"containers":{"cna":{"title":"Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778","datePublic":"2022-03-31T02:30:00.000Z","providerMetadata":{"orgId":"3a12439a-ef3a-4c79-92e6-6081a721f1e5","shortName":"openssl","dateUpdated":"2024-06-21T19:07:01.186352"},"descriptions":[{"lang":"en","value":"The Palo Alto Networks Product Security Assurance team has evaluated the OpenSSL infinite loop vulnerability (CVE-2022-0778) as it relates to our products.\n\nThis vulnerability causes the OpenSSL library to enter an infinite loop when parsing an invalid certificate and can result in a Denial-of-Service (DoS) to the application. An attacker does not need a verified certificate to exploit this vulnerability because parsing a bad certificate triggers the infinite loop before the verification process is completed.\n\nThe Prisma Cloud and Cortex XSOAR products are not impacted by this vulnerability. However, PAN-OS, GlobalProtect app, and Cortex XDR agent software contain a vulnerable version of the OpenSSL library and product availability is impacted by this vulnerability. For PAN-OS software, this includes both hardware and virtual firewalls and Panorama appliances as well as Prisma Access customers. This vulnerability has reduced severity on Cortex XDR agent and GlobalProtect app as successful exploitation requires a meddler-in-the-middle attack (MITM): 5.9 Medium (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).\n\nAll fixed versions of Cortex XDR agent, GlobalProtect app, and PAN-OS are now available.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The Palo Alto Networks Product Security Assurance team has evaluated the OpenSSL infinite loop vulnerability (CVE-2022-0778) as it relates to our products.\n\nThis vulnerability causes the OpenSSL library to enter an infinite loop when parsing an invalid certificate and can result in a Denial-of-Service (DoS) to the application. An attacker does not need a verified certificate to exploit this vulnerability because parsing a bad certificate triggers the infinite loop before the verification process is completed.\n\nThe Prisma Cloud and Cortex XSOAR products are not impacted by this vulnerability. However, PAN-OS, GlobalProtect app, and Cortex XDR agent software contain a vulnerable version of the OpenSSL library and product availability is impacted by this vulnerability. For PAN-OS software, this includes both hardware and virtual firewalls and Panorama appliances as well as Prisma Access customers. This vulnerability has reduced severity on Cortex XDR agent and GlobalProtect app as successful exploitation requires a meddler-in-the-middle attack (MITM): 5.9 Medium (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).\n\nAll fixed versions of Cortex XDR agent, GlobalProtect app, and PAN-OS are now available.</pre>"}]},{"lang":"en","value":"This issue impacts the following versions of PAN-OS:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.23;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.16-h2;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.13-h3;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.10;\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.5-h1;\nPAN-OS 10.2 versions earlier than PAN-OS 10.2.1.\n\n\nThis issue impacts the following versions of GlobalProtect app:\nGlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.11;\nGlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.12;\nGlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.4;\nGlobalProtect app 6.0 versions earlier than GlobalProtect app 6.0.1 on Windows and macOS;\nGlobalProtect app 6.0 versions earlier than GlobalProtect app 6.0.2 on Android and iOS.\n\n\nThis issue impacts the following versions and builds of Cortex XDR agent:\nCortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9 hotfix build 6.1.9.61370 on Windows;\nCortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.7 hotfix build 6.1.7.1690 on macOS;\nCortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.7 hotfix build 6.1.7.60245 on Linux;\nAll versions and builds of Cortex XDR agent 7.4;\nCortex XDR agent 7.5-CE versions earlier than Cortex XDR agent 7.5.100-CE hotfix build 7.5.100.60642 on Windows;\nCortex XDR agent 7.5-CE versions earlier than Cortex XDR agent 7.5.100-CE hotfix build 7.5.100.2276 on macOS;\nCortex XDR agent 7.5-CE versions earlier than Cortex XDR agent 7.5.100-CE hotfix build 7.5.100.59687 on Linux\nCortex XDR agent 7.5 versions earlier than Cortex XDR agent 7.5.3 build 7.5.3.60113 on Windows;\nCortex XDR agent 7.5 versions earlier than Cortex XDR agent 7.5.3 build 7.5.3.2265 on macOS;\nCortex XDR agent 7.5 versions earlier than Cortex XDR agent 7.5.3 build 7.5.3.59465 on Linux;\nCortex XDR agent 7.6 versions earlier than Cortex XDR agent 7.6.2 hotfix build 7.6.2.60545 on Windows;\nCortex XDR agent 7.6 versions earlier than Cortex XDR agent 7.6.2 hotfix build 7.6.2.2311 on macOS;\nCortex XDR agent 7.6 versions earlier than Cortex XDR agent 7.6.2 hotfix build 7.6.2.59612 on Linux;\nCortex XDR agent 7.7 versions earlier than Cortex XDR agent 7.7.0 hotfix build 7.7.0.60725 on Windows;\nCortex XDR agent 7.7 versions earlier than Cortex XDR agent 7.7.0 hotfix build 7.7.0.2356 on macOS;\nCortex XDR agent 7.7 versions earlier than Cortex XDR agent 7.7.0 hotfix build 7.7.0.59559 on Linux.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts the following versions of PAN-OS:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.23;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.16-h2;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.13-h3;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.10;\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.5-h1;\nPAN-OS 10.2 versions earlier than PAN-OS 10.2.1.\n\n\nThis issue impacts the following versions of GlobalProtect app:\nGlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.11;\nGlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.12;\nGlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.4;\nGlobalProtect app 6.0 versions earlier than GlobalProtect app 6.0.1 on Windows and macOS;\nGlobalProtect app 6.0 versions earlier than GlobalProtect app 6.0.2 on Android and iOS.\n\n\nThis issue impacts the following versions and builds of Cortex XDR agent:\nCortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9 hotfix build 6.1.9.61370 on Windows;\nCortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.7 hotfix build 6.1.7.1690 on macOS;\nCortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.7 hotfix build 6.1.7.60245 on Linux;\nAll versions and builds of Cortex XDR agent 7.4;\nCortex XDR agent 7.5-CE versions earlier than Cortex XDR agent 7.5.100-CE hotfix build 7.5.100.60642 on Windows;\nCortex XDR agent 7.5-CE versions earlier than Cortex XDR agent 7.5.100-CE hotfix build 7.5.100.2276 on macOS;\nCortex XDR agent 7.5-CE versions earlier than Cortex XDR agent 7.5.100-CE hotfix build 7.5.100.59687 on Linux\nCortex XDR agent 7.5 versions earlier than Cortex XDR agent 7.5.3 build 7.5.3.60113 on Windows;\nCortex XDR agent 7.5 versions earlier than Cortex XDR agent 7.5.3 build 7.5.3.2265 on macOS;\nCortex XDR agent 7.5 versions earlier than Cortex XDR agent 7.5.3 build 7.5.3.59465 on Linux;\nCortex XDR agent 7.6 versions earlier than Cortex XDR agent 7.6.2 hotfix build 7.6.2.60545 on Windows;\nCortex XDR agent 7.6 versions earlier than Cortex XDR agent 7.6.2 hotfix build 7.6.2.2311 on macOS;\nCortex XDR agent 7.6 versions earlier than Cortex XDR agent 7.6.2 hotfix build 7.6.2.59612 on Linux;\nCortex XDR agent 7.7 versions earlier than Cortex XDR agent 7.7.0 hotfix build 7.7.0.60725 on Windows;\nCortex XDR agent 7.7 versions earlier than Cortex XDR agent 7.7.0 hotfix build 7.7.0.2356 on macOS;\nCortex XDR agent 7.7 versions earlier than Cortex XDR agent 7.7.0 hotfix build 7.7.0.59559 on Linux.</pre>"}]},{"lang":"en","value":"This issue is addressed for Prisma Access customers in the Prisma Access patch rollout that will begin on May 7, 2022 and will be a phased rollout performed based on theaters. Palo Alto Networks will send an additional email notification through Prisma Access Insights one week before the rollout begins for affected tenant(s).","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue is addressed for Prisma Access customers in the Prisma Access patch rollout that will begin on May 7, 2022 and will be a phased rollout performed based on theaters. Palo Alto Networks will send an additional email notification through Prisma Access Insights one week before the rollout begins for affected tenant(s).</pre>"}]}],"x_affectedList":["Prisma Access 3.1","Prisma Access 3.0","Prisma Access 2.2","Prisma Access 2.1","PAN-OS 10.2.0","PAN-OS 10.2","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.9","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","GlobalProtect App 6.0","GlobalProtect App 5.3","GlobalProtect App 5.2","GlobalProtect App 5.1","Cortex XDR Agent 7.7","Cortex XDR Agent 7.6","Cortex XDR Agent 7.5-CE","Cortex XDR Agent 7.5","Cortex XDR Agent 7.4","Cortex XDR Agent 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1","status":"affected","lessThan":"8.1.23","versionType":"custom","changes":[{"at":"8.1.23","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.13-h3","versionType":"custom","changes":[{"at":"9.1.13-h3","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.10","versionType":"custom","changes":[{"at":"10.0.10","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.5-h1","versionType":"custom","changes":[{"at":"10.1.5-h1","status":"unaffected"}]},{"version":"10.2","status":"affected","lessThan":"10.2.1","versionType":"custom","changes":[{"at":"10.2.1","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.16-h2","versionType":"custom","changes":[{"at":"9.0.16-h2","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"2.1 Preferred, Innovation","status":"affected"},{"version":"2.2 Preferred","status":"affected"},{"version":"3.0 Preferred, Innovation","status":"affected"},{"version":"3.1 Preferred, Innovation","status":"affected"}]},{"vendor":"Palo Alto Networks","product":"GlobalProtect App","versions":[{"version":"6.0","status":"affected","lessThan":"6.0.1","versionType":"custom","changes":[{"at":"6.0.1","status":"unaffected"}]}],"platforms":["Windows and macOS"]},{"vendor":"Palo Alto Networks","product":"GlobalProtect App","versions":[{"version":"5.2","status":"affected","lessThan":"5.2.12","versionType":"custom","changes":[{"at":"5.2.12","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThan":"5.1.11","versionType":"custom","changes":[{"at":"5.1.11","status":"unaffected"}]},{"version":"5.3","status":"affected","lessThan":"5.3.4","versionType":"custom","changes":[{"at":"5.3.4","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"GlobalProtect App","versions":[{"version":"6.0","status":"affected","lessThan":"6.0.2","versionType":"custom","changes":[{"at":"6.0.2","status":"unaffected"}]}],"platforms":["Android and iOS"]},{"vendor":"Palo Alto Networks","product":"Cortex XSOAR","versions":[{"version":"All","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cortex XDR Agent","versions":[{"version":"7.4.*","status":"affected"}]},{"vendor":"Palo Alto Networks","product":"Cortex XDR Agent","versions":[{"version":"6.1","status":"affected","lessThan":"6.1.9.61370","versionType":"custom","changes":[{"at":"6.1.9.61370","status":"unaffected"}]},{"version":"7.5-CE","status":"affected","lessThan":"7.5.100.60642","versionType":"custom","changes":[{"at":"7.5.100.60642","status":"unaffected"}]},{"version":"7.5","status":"affected","lessThan":"7.5.3.60113","versionType":"custom","changes":[{"at":"7.5.3.60113","status":"unaffected"}]},{"version":"7.6","status":"affected","lessThan":"7.6.2.60545","versionType":"custom","changes":[{"at":"7.6.2.60545","status":"unaffected"}]},{"version":"7.7","status":"affected","lessThan":"7.7.0.60725","versionType":"custom","changes":[{"at":"7.7.0.60725","status":"unaffected"}]}],"platforms":["Windows"]},{"vendor":"Palo Alto Networks","product":"Cortex XDR Agent","versions":[{"version":"7.5","status":"affected","lessThan":"7.5.3.2265","versionType":"custom","changes":[{"at":"7.5.3.2265","status":"unaffected"}]},{"version":"7.6","status":"affected","lessThan":"7.6.2.2311","versionType":"custom","changes":[{"at":"7.6.2.2311","status":"unaffected"}]},{"version":"7.7","status":"affected","lessThan":"7.7.0.2356","versionType":"custom","changes":[{"at":"7.7.0.2356","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThan":"6.1.7.1690","versionType":"custom","changes":[{"at":"6.1.7.1690","status":"unaffected"}]},{"version":"7.5-CE","status":"affected","lessThan":"7.5.100.2276","versionType":"custom","changes":[{"at":"7.5.100.2276","status":"unaffected"}]}],"platforms":["macOS"]},{"vendor":"Palo Alto Networks","product":"Cortex XDR Agent","versions":[{"version":"7.5","status":"affected","lessThan":"7.5.3.59465","versionType":"custom","changes":[{"at":"7.5.3.59465","status":"unaffected"}]},{"version":"7.6","status":"affected","lessThan":"7.6.2.59612","versionType":"custom","changes":[{"at":"7.6.2.59612","status":"unaffected"}]},{"version":"7.7","status":"affected","lessThan":"7.7.0.59559","versionType":"custom","changes":[{"at":"7.7.0.59559","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThan":"6.1.7.60245","versionType":"custom","changes":[{"at":"6.1.7.60245","status":"unaffected"}]},{"version":"7.5-CE","status":"affected","lessThan":"7.5.100.59687","versionType":"custom","changes":[{"at":"7.5.100.59687","status":"unaffected"}]}],"platforms":["Linux"]},{"vendor":"Palo Alto Networks","product":"Prisma Cloud","versions":[{"version":"All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2022-0778"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.openssl.org/news/secadv/20220315.txt"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-834 Excessive Iteration","cweId":"CWE-834"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-190175","PAN-190223"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"Customers with a Threat Prevention subscription can block known attacks for this vulnerability by enabling Threat IDs 92409 and 92411 (Applications and Threats content update 8552). This mitigation reduces the risk of exploitation from known exploits.\n\nCustomers will need to upgrade their products to a fixed version to completely remove the risk of this issue.\n","supportingMedia":{"value":"Customers with a Threat Prevention subscription can block known attacks for this vulnerability by enabling Threat IDs 92409 and 92411 (Applications and Threats content update 8552). This mitigation reduces the risk of exploitation from known exploits.\n\nCustomers will need to upgrade their products to a fixed version to completely remove the risk of this issue.\n","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue on any of our products.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue on any of our products.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.23, PAN-OS 9.0.16-h2, PAN-OS 9.1.13-h3, PAN-OS 10.0.10, PAN-OS 10.1.5-h1, PAN-OS 10.2.1, and all later PAN-OS versions.\n\nThis issue is fixed in GlobalProtect app 5.1.11, GlobalProtect app 5.2.12, GlobalProtect app 5.3.4, GlobalProtect app 6.0.1 on Window and macOS, GlobalProtect app 6.0.2 on Android and iOS, and all later GlobalProtect app versions.\n\nThis issue is fixed in Cortex XDR agent 6.1.9 hotfix build 6.1.9.61370 on Windows, Cortex XDR agent 6.1.7 hotfix build 6.1.7.1690 on macOS, Cortex XDR agent 6.1.7 hotfix build 6.1.7.60245 on Linux, Cortex XDR agent 7.5.100-CE hotfix build 7.5.100.60642 on Windows, Cortex XDR agent 7.5.100-CE hotfix build 7.5.100.2276 on macOS, Cortex XDR agent 7.5.100-CE hotfix build 7.5.100.59687 on Linux, Cortex XDR agent 7.5.3 build 7.5.3.60113 on Windows, Cortex XDR agent 7.5.3 build 7.5.3.2265 on macOS, Cortex XDR agent 7.5.3 build 7.5.3.59465 on Linux, Cortex XDR agent 7.6.2 hotfix build 7.6.2.60545 on Windows, Cortex XDR agent 7.6.2 hotfix build 7.6.2.2311 on macOS, Cortex XDR agent 7.6.2 hotfix build 7.6.2.59612 hotfix on Linux, Cortex XDR agent 7.7.0 hotfix build 7.7.0.60725 on Windows, Cortex XDR agent 7.7.0 hotfix build 7.7.0.2356 on macOS, Cortex XDR agent 7.7.0 hotfix build 7.7.0.59559 on Linux, and all later versions and builds of Cortex XDR agent. Cortex XDR agent 7.4 is end-of-life on May 24, 2022 and is not expected to receive a fix for this issue.\n\nThis issue is addressed for Prisma Access customers in the Prisma Access patch rollout that will begin on May 7, 2022 and will be a phased rollout performed based on theaters. Palo Alto Networks will send an additional email notification through Prisma Access Insights one week before the rollout begins for affected tenant(s).","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.23, PAN-OS 9.0.16-h2, PAN-OS 9.1.13-h3, PAN-OS 10.0.10, PAN-OS 10.1.5-h1, PAN-OS 10.2.1, and all later PAN-OS versions.\n\nThis issue is fixed in GlobalProtect app 5.1.11, GlobalProtect app 5.2.12, GlobalProtect app 5.3.4, GlobalProtect app 6.0.1 on Window and macOS, GlobalProtect app 6.0.2 on Android and iOS, and all later GlobalProtect app versions.\n\nThis issue is fixed in Cortex XDR agent 6.1.9 hotfix build 6.1.9.61370 on Windows, Cortex XDR agent 6.1.7 hotfix build 6.1.7.1690 on macOS, Cortex XDR agent 6.1.7 hotfix build 6.1.7.60245 on Linux, Cortex XDR agent 7.5.100-CE hotfix build 7.5.100.60642 on Windows, Cortex XDR agent 7.5.100-CE hotfix build 7.5.100.2276 on macOS, Cortex XDR agent 7.5.100-CE hotfix build 7.5.100.59687 on Linux, Cortex XDR agent 7.5.3 build 7.5.3.60113 on Windows, Cortex XDR agent 7.5.3 build 7.5.3.2265 on macOS, Cortex XDR agent 7.5.3 build 7.5.3.59465 on Linux, Cortex XDR agent 7.6.2 hotfix build 7.6.2.60545 on Windows, Cortex XDR agent 7.6.2 hotfix build 7.6.2.2311 on macOS, Cortex XDR agent 7.6.2 hotfix build 7.6.2.59612 hotfix on Linux, Cortex XDR agent 7.7.0 hotfix build 7.7.0.60725 on Windows, Cortex XDR agent 7.7.0 hotfix build 7.7.0.2356 on macOS, Cortex XDR agent 7.7.0 hotfix build 7.7.0.59559 on Linux, and all later versions and builds of Cortex XDR agent. Cortex XDR agent 7.4 is end-of-life on May 24, 2022 and is not expected to receive a fix for this issue.\n\nThis issue is addressed for Prisma Access customers in the Prisma Access patch rollout that will begin on May 7, 2022 and will be a phased rollout performed based on theaters. Palo Alto Networks will send an additional email notification through Prisma Access Insights one week before the rollout begins for affected tenant(s).","type":"text/html","base64":false}}],"timeline":[{"time":"2022-05-11T16:00:00.000Z","lang":"eng","value":"Cortex XDR agent fixes for Cortex XDR agent 6.1 and 7.5-CE are now available."},{"time":"2022-05-04T17:40:00.000Z","lang":"eng","value":"GlobalProtect app fixed version GlobalProtect app 6.0.1 is now available."},{"time":"2022-04-30T01:00:00.000Z","lang":"eng","value":"Updated fix information for Cortex XDR agent. New fix ETA for Prisma Access customers."},{"time":"2022-04-27T17:15:00.000Z","lang":"eng","value":"PAN-OS fixed version PAN-OS 8.1.23 is now available."},{"time":"2022-04-22T03:00:00.000Z","lang":"eng","value":"Added new Cortex XDR agent fix ETAs. Updated ETA for PAN-OS 8.1.23 fix."},{"time":"2022-04-20T17:00:00.000Z","lang":"eng","value":"Added new GlobalProtect app 5.3 fix ETA."},{"time":"2022-04-19T18:15:00.000Z","lang":"eng","value":"PAN-OS fixed version PAN-OS 10.2.1 is now available."},{"time":"2022-04-15T20:30:00.000Z","lang":"eng","value":"Added new GlobalProtect app fix ETAs."},{"time":"2022-04-12T23:45:00.000Z","lang":"eng","value":"PAN-OS fixed version PAN-OS 10.0.10 is now available."},{"time":"2022-04-12T01:00:00.000Z","lang":"eng","value":"PAN-OS fixed version PAN-OS 9.0.16-h2 is now available."},{"time":"2022-04-07T23:45:00.000Z","lang":"eng","value":"PAN-OS fixed versions PAN-OS 9.1.13-h3 and PAN-OS 10.1.5-h1 are now available."},{"time":"2022-04-06T18:00:00.000Z","lang":"eng","value":"Added new PAN-OS fix ETAs, available threat prevention signatures, and additional FAQ."},{"time":"2022-03-31T02:30:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2022-05-12T21:10:00.000Z","lang":"eng","value":"GlobalProtect app fixed version GlobalProtect app 5.1.11 is now available."},{"time":"2022-05-28T01:45:00.000Z","lang":"eng","value":"GlobalProtect app fixed version GlobalProtect app 5.2.12 is now available."},{"time":"2022-05-31T16:40:00.000Z","lang":"eng","value":"GlobalProtect app fixed version GlobalProtect app 5.3.4 is now available."},{"time":"2022-06-24T19:04:00.000Z","lang":"eng","value":"Fixed version clarification for GlobalProtect app on Android and iOS platforms."}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-0022","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2022-03-09T00:00:00","dateReserved":"2022-03-09T00:00:00","dateUpdated":"2022-03-09T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Use of a Weak Cryptographic Algorithm for Stored Password Hashes","datePublic":"2022-03-09T17:00:00.000Z","providerMetadata":{"dateUpdated":"2022-03-09T17:35:09","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode.\n\nAn attacker must have access to the account password hashes to take advantage of this weakness and can acquire those hashes if they are able to gain access to the PAN-OS software configuration.\n\nFixed versions of PAN-OS software use a secure cryptographic algorithm for account password hashes.\n\nThis issue does not impact Prisma Access firewalls.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode.\n\nAn attacker must have access to the account password hashes to take advantage of this weakness and can acquire those hashes if they are able to gain access to the PAN-OS software configuration.\n\nFixed versions of PAN-OS software use a secure cryptographic algorithm for account password hashes.\n\nThis issue does not impact Prisma Access firewalls.\n</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.21;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.17;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.11;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.7.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.21;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.17;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.11;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.7.</pre>"}]}],"x_affectedList":["PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.1.*","status":"unaffected"},{"version":"10.2.*","status":"unaffected"},{"version":"9.1","status":"affected","lessThan":"9.1.11","versionType":"custom","changes":[{"at":"9.1.11","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.21","versionType":"custom","changes":[{"at":"8.1.21","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.7","versionType":"custom","changes":[{"at":"10.0.7","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.17","versionType":"custom","changes":[{"at":"9.0.17","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"3.0 Preferred, Innovation","status":"unaffected"},{"version":"2.2 Preferred","status":"unaffected"},{"version":"2.1 Preferred, Innovation","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2022-0022"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks an external security researcher for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.1,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-916 Use of Password Hash With Insufficient Computational Effort","cweId":"CWE-916"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-127479"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This issue is applicable only to PAN-OS firewalls and Panorama appliances running in normal (non-FIPS-CC) operational mode. PAN-OS software is not affected by this issue when running in FIPS-CC mode.","supportingMedia":{"value":"This issue is applicable only to PAN-OS firewalls and Panorama appliances running in normal (non-FIPS-CC) operational mode. PAN-OS software is not affected by this issue when running in FIPS-CC mode.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Ensure that any exported firewall configuration files are secured and that only trusted users have firewall management access to prevent the exposure of password hashes.\nUsing complex and secure passwords for all administrator and local user accounts makes password cracking infeasible and mitigates the impact of this issue.\n \nSwitching PAN-OS software from normal mode to FIPS-CC mode ensures that appliances use secure cryptography to store hashed credentials for all local user accounts. However, when you enable FIPS-CC mode, the appliance will reset to the factory default settings and the existing configuration is removed.\n\nDocumentation to enable FIPS-CC mode is available here:\nhttps://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/certifications/enable-fips-and-common-criteria-support.html\n","supportingMedia":{"value":"Ensure that any exported firewall configuration files are secured and that only trusted users have firewall management access to prevent the exposure of password hashes.\nUsing complex and secure passwords for all administrator and local user accounts makes password cracking infeasible and mitigates the impact of this issue.\n \nSwitching PAN-OS software from normal mode to FIPS-CC mode ensures that appliances use secure cryptography to store hashed credentials for all local user accounts. However, when you enable FIPS-CC mode, the appliance will reset to the factory default settings and the existing configuration is removed.\n\nDocumentation to enable FIPS-CC mode is available here:\nhttps://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/certifications/enable-fips-and-common-criteria-support.html\n","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.21, PAN-OS 9.0.17, PAN-OS 9.1.11, PAN-OS 10.0.7, and all later PAN-OS versions.\n\nThe passwords for all existing local user and administrator accounts must be changed after PAN-OS is upgraded to a fixed version to leverage the more secure cryptography for password hashes. You cannot update existing password hashes. All new local user and administrator accounts will use secure cryptography.\n\nPAN-OS 9.0 is end-of-life as of March 1, 2022, and is no longer covered by our Product Security Assurance policies.\n","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.21, PAN-OS 9.0.17, PAN-OS 9.1.11, PAN-OS 10.0.7, and all later PAN-OS versions.\n\nThe passwords for all existing local user and administrator accounts must be changed after PAN-OS is upgraded to a fixed version to leverage the more secure cryptography for password hashes. You cannot update existing password hashes. All new local user and administrator accounts will use secure cryptography.\n\nPAN-OS 9.0 is end-of-life as of March 1, 2022, and is no longer covered by our Product Security Assurance policies.\n","type":"text/html","base64":false}}],"timeline":[{"time":"2022-03-09T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-0011","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2022-02-09T17:00:00.000Z","dateReserved":"2022-02-09T17:00:00.000Z","dateUpdated":"2022-03-09T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering","datePublic":"2022-02-09T17:00:00.000Z","providerMetadata":{"dateUpdated":"2022-02-10T18:10:15","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile.\n\nWhen the entries in these lists have a hostname pattern that does not end with a forward slash (/) or a hostname pattern that ends with an asterisk (*), any URL that starts with the specified pattern is considered a match. Entries with a caret (^) at the end of a hostname pattern match any top level domain. This may inadvertently allow or block more URLs than intended and allowing more URLs than intended represents a security risk.\n\nFor example:\n  example.com will match example.com.website.test\n  example.com.* will match example.com.website.test\n  example.com.^ will match example.com.test\n\nYou should take special care when using such entries in policy rules that allow traffic. Where possible, use the exact list of hostname names ending with a forward slash (/) instead of using wildcards.\n\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.3; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 9.1 versions earlier than PAN-OS 9.1.12; all PAN-OS 9.0 versions; PAN-OS 8.1 versions earlier than PAN-OS 8.1.21, and Prisma Access 2.2 and 2.1 versions do not allow customers to change this behavior without changing the URL category list or EDL.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile.\n\nWhen the entries in these lists have a hostname pattern that does not end with a forward slash (/) or a hostname pattern that ends with an asterisk (*), any URL that starts with the specified pattern is considered a match. Entries with a caret (^) at the end of a hostname pattern match any top level domain. This may inadvertently allow or block more URLs than intended and allowing more URLs than intended represents a security risk.\n\nFor example:\n  example.com will match example.com.website.test\n  example.com.* will match example.com.website.test\n  example.com.^ will match example.com.test\n\nYou should take special care when using such entries in policy rules that allow traffic. Where possible, use the exact list of hostname names ending with a forward slash (/) instead of using wildcards.\n\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.3; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 9.1 versions earlier than PAN-OS 9.1.12; all PAN-OS 9.0 versions; PAN-OS 8.1 versions earlier than PAN-OS 8.1.21, and Prisma Access 2.2 and 2.1 versions do not allow customers to change this behavior without changing the URL category list or EDL.</pre>"}]}],"x_affectedList":["Prisma Access 2.2","Prisma Access 2.1","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.0.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.21","versionType":"custom","changes":[{"at":"8.1.21","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.12","versionType":"custom","changes":[{"at":"9.1.12","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.8","versionType":"custom","changes":[{"at":"10.0.8","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.3","versionType":"custom","changes":[{"at":"10.1.3","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"3.0 Preferred, Innovation","status":"unaffected"},{"version":"2.2 Preferred","status":"affected"},{"version":"2.1 Preferred, Innovation","status":"affected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2022-0011"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Chris Johnston of PricewaterhouseCoopers for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-436 Interpretation Conflict","cweId":"CWE-436"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["PAN-174443"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This issue is applicable only when you configure exceptions to URL filtering either by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile as per https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/url-filtering/block-and-allow-lists.html or directly in a security policy.","supportingMedia":{"value":"This issue is applicable only when you configure exceptions to URL filtering either by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile as per https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/url-filtering/block-and-allow-lists.html or directly in a security policy.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Add a forward slash (/) at the end of the hostname pattern for all entries in the custom URL category list or the external dynamic list (EDL).\n\nFor example:\n  example.com/ will not match example.com.website.test\n","supportingMedia":{"value":"Add a forward slash (/) at the end of the hostname pattern for all entries in the custom URL category list or the external dynamic list (EDL).\n\nFor example:\n  example.com/ will not match example.com.website.test\n","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 8.1.21, PAN-OS 9.1.12, PAN-OS 10.0.8, PAN-OS 10.1.3, Prisma Access 3.0 Preferred, and Prisma Access 3.0 Innovation all include a customer configurable option to automatically append a forward slash at the end of the hostname pattern for entries without an ending token in a custom URL category list or in an external dynamic list (EDL).\n\nPrisma Access customers should refer to “STEP 7” in the following Prisma Access 3.0 documentation to enable this feature:\n\nhttps://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prepare-the-prisma-access-infrastructure/prisma-access-service-infrastructure/enable-the-service-infrastructure.html\n\nFor other PAN-OS appliances, this option is enabled by running these CLI commands:\n  debug device-server append-end-token on\n  commit force\n\nNote: This option is disabled by default on PAN-OS 8.1, PAN-OS 9.1, PAN-OS 10.0, and PAN-OS 10.1. This option will be enabled by default starting with the next major version of PAN-OS. This option is not available on PAN-OS 9.0. Customers with PAN-OS 9.0 are advised to apply workarounds or upgrade to PAN-OS 9.1 or a later version.\n\nAdditionally, customers must evaluate their custom URL category list or their external dynamic list (EDL) and any firewall policy rules that depend on them to determine whether this option provides the desired policy rule enforcement.\n\nExample 1: If the firewall policy rule is intended to allow only 'www.example.com' and not to allow access to any other site, such as www.example.com.webiste.test, then use the \"debug device-server append-end-token on\" CLI command.\n\nExample 2: If the firewall policy rule is set to block access to 'www.example.co' and block access to sites such as www.example.com, www.example.co.az, then keep the default setting (\"debug device-server append-end-token off\" CLI command). You should always use the most appropriate token if you need to match multiple hostnames in a policy rule.\n","supportingMedia":{"value":"PAN-OS 8.1.21, PAN-OS 9.1.12, PAN-OS 10.0.8, PAN-OS 10.1.3, Prisma Access 3.0 Preferred, and Prisma Access 3.0 Innovation all include a customer configurable option to automatically append a forward slash at the end of the hostname pattern for entries without an ending token in a custom URL category list or in an external dynamic list (EDL).\n\nPrisma Access customers should refer to “STEP 7” in the following Prisma Access 3.0 documentation to enable this feature:\n\nhttps://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prepare-the-prisma-access-infrastructure/prisma-access-service-infrastructure/enable-the-service-infrastructure.html\n\nFor other PAN-OS appliances, this option is enabled by running these CLI commands:\n  debug device-server append-end-token on\n  commit force\n\nNote: This option is disabled by default on PAN-OS 8.1, PAN-OS 9.1, PAN-OS 10.0, and PAN-OS 10.1. This option will be enabled by default starting with the next major version of PAN-OS. This option is not available on PAN-OS 9.0. Customers with PAN-OS 9.0 are advised to apply workarounds or upgrade to PAN-OS 9.1 or a later version.\n\nAdditionally, customers must evaluate their custom URL category list or their external dynamic list (EDL) and any firewall policy rules that depend on them to determine whether this option provides the desired policy rule enforcement.\n\nExample 1: If the firewall policy rule is intended to allow only 'www.example.com' and not to allow access to any other site, such as www.example.com.webiste.test, then use the \"debug device-server append-end-token on\" CLI command.\n\nExample 2: If the firewall policy rule is set to block access to 'www.example.co' and block access to sites such as www.example.com, www.example.co.az, then keep the default setting (\"debug device-server append-end-token off\" CLI command). You should always use the most appropriate token if you need to match multiple hostnames in a policy rule.\n","type":"text/html","base64":false}}],"timeline":[{"time":"2022-02-09T17:00:00.000Z","lang":"eng","value":"initial publication"},{"time":"2022-03-09T17:00:00.000Z","lang":"eng","value":"Clarified that custom URL categories used directly in security policies are affected"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3064","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-11-10T00:00:00","dateReserved":"2021-11-10T00:00:00","dateUpdated":"2021-11-15T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces","datePublic":"2021-11-10T17:00:00.000Z","providerMetadata":{"dateUpdated":"2021-11-10T17:10:30","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue.</pre>"}]},{"lang":"en","value":"This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17.</pre>"}]},{"lang":"en","value":"Prisma Access customers are not impacted by this issue.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Prisma Access customers are not impacted by this issue.</pre>"}]}],"x_affectedList":["PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.0.*","status":"unaffected"},{"version":"9.1.*","status":"unaffected"},{"version":"10.0.*","status":"unaffected"},{"version":"10.1.*","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.17","versionType":"custom","changes":[{"at":"8.1.17","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"2.2 All","status":"unaffected"},{"version":"2.1 All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2021-3064"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks the Randori Attack Team (https://twitter.com/RandoriAttack) for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-121 Stack-based Buffer Overflow","cweId":"CWE-121"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-96528"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This issue is applicable only to PAN-OS firewall configurations with a GlobalProtect portal or gateway enabled. You can verify whether you have a GlobalProtect portal or gateway configured by checking for entries in 'Network > GlobalProtect > Portals' and in 'Network > GlobalProtect > Gateways' from the web interface.","supportingMedia":{"value":"This issue is applicable only to PAN-OS firewall configurations with a GlobalProtect portal or gateway enabled. You can verify whether you have a GlobalProtect portal or gateway configured by checking for entries in 'Network > GlobalProtect > Portals' and in 'Network > GlobalProtect > Gateways' from the web interface.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Enable signatures for Unique Threat IDs 91820 and 91855 on traffic destined for GlobalProtect portal and gateway interfaces to block attacks against CVE-2021-3064.\n\nIt is not necessary to enable SSL decryption to detect and block attacks against this issue.","supportingMedia":{"value":"Enable signatures for Unique Threat IDs 91820 and 91855 on traffic destined for GlobalProtect portal and gateway interfaces to block attacks against CVE-2021-3064.\n\nIt is not necessary to enable SSL decryption to detect and block attacks against this issue.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.17 and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.17 and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2021-11-10T17:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2021-11-15T20:00:00.000Z","lang":"eng","value":"Added to FAQ to clarify fix timeline"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3061","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-11-10T00:00:00","dateReserved":"2021-11-10T00:00:00","dateUpdated":"2021-11-23T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: OS Command Injection Vulnerability in the Command Line Interface (CLI)","datePublic":"2021-11-10T17:00:00.000Z","providerMetadata":{"dateUpdated":"2021-11-10T17:10:26","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.8;\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.3.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.8;\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.3.</pre>"}]},{"lang":"en","value":"Prisma Access customers are not impacted by this issue.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Prisma Access customers are not impacted by this issue.</pre>"}]}],"x_affectedList":["PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1","status":"affected","lessThan":"8.1.20-h1","versionType":"custom","changes":[{"at":"8.1.20-h1","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.14-h3","versionType":"custom","changes":[{"at":"9.0.14-h3","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.8","versionType":"custom","changes":[{"at":"10.0.8","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.3","versionType":"custom","changes":[{"at":"10.1.3","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.11-h2","versionType":"custom","changes":[{"at":"9.1.11-h2","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"2.2 All","status":"unaffected"},{"version":"2.1 All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2021-3061"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks CJ, an external security researcher, and Ben Nott from Palo Alto Networks for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.4,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 OS Command Injection","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-176655","PAN-158334"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue requires the attacker to have authenticated access to the PAN-OS CLI. You can mitigate the impact of this issue by following best practices for securing PAN-OS software. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue requires the attacker to have authenticated access to the PAN-OS CLI. You can mitigate the impact of this issue by following best practices for securing PAN-OS software. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.20-h1, PAN-OS 9.0.14-h3, PAN-OS 9.1.11-h2, PAN-OS 10.0.8, PAN-OS 10.1.3, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.20-h1, PAN-OS 9.0.14-h3, PAN-OS 9.1.11-h2, PAN-OS 10.0.8, PAN-OS 10.1.3, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2021-11-23T18:00:00.000Z","lang":"eng","value":"Prisma Access customers are not impacted"},{"time":"2021-11-10T17:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3063","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-11-10T00:00:00","dateReserved":"2021-11-10T00:00:00","dateUpdated":"2021-12-09T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Denial-of-Service (DoS) Vulnerability in GlobalProtect Portal and Gateway Interfaces","datePublic":"2021-11-10T17:00:00.000Z","providerMetadata":{"dateUpdated":"2021-11-10T17:10:29","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send specifically crafted traffic to a GlobalProtect interface that causes the service to stop responding. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send specifically crafted traffic to a GlobalProtect interface that causes the service to stop responding. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.21;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h4;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h3;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.8-h4;\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.3.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.21;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h4;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h3;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.8-h4;\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.3.</pre>"}]},{"lang":"en","value":"Prisma Access customers are not impacted by this issue.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Prisma Access customers are not impacted by this issue.</pre>"}]}],"x_affectedList":["PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1","status":"affected","lessThan":"8.1.21","versionType":"custom","changes":[{"at":"8.1.21","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.14-h4","versionType":"custom","changes":[{"at":"9.0.14-h4","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.8-h4","versionType":"custom","changes":[{"at":"10.0.8-h4","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.3","versionType":"custom","changes":[{"at":"10.1.3","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.11-h3","versionType":"custom","changes":[{"at":"9.1.11-h3","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"2.2 All","status":"unaffected"},{"version":"2.1 All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2021-3063"}],"credits":[{"lang":"en","value":" This issue was found by Nicholas Newsom of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-755 Improper Handling of Exceptional Conditions","cweId":"CWE-755"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-180032"],"discovery":"INTERNAL"},"configurations":[{"lang":"en","value":"This issue is applicable only to PAN-OS firewall configurations with a GlobalProtect portal or gateway enabled. You can verify whether you have a GlobalProtect portal or gateway configured by checking for entries in 'Network > GlobalProtect > Portals' and in 'Network > GlobalProtect > Gateways' from the web interface.","supportingMedia":{"value":"This issue is applicable only to PAN-OS firewall configurations with a GlobalProtect portal or gateway enabled. You can verify whether you have a GlobalProtect portal or gateway configured by checking for entries in 'Network > GlobalProtect > Portals' and in 'Network > GlobalProtect > Gateways' from the web interface.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Enable signatures for Unique Threat IDs 91820 and 91855 on traffic destined for GlobalProtect interfaces to block attacks against CVE-2021-3063.\n\nIt is not necessary to enable SSL decryption to detect and block attacks against this issue.","supportingMedia":{"value":"Enable signatures for Unique Threat IDs 91820 and 91855 on traffic destined for GlobalProtect interfaces to block attacks against CVE-2021-3063.\n\nIt is not necessary to enable SSL decryption to detect and block attacks against this issue.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.21, PAN-OS 9.0.14-h4, PAN-OS 9.1.11-h3, PAN-OS 10.0.8-h4, PAN-OS 10.1.3, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.21, PAN-OS 9.0.14-h4, PAN-OS 9.1.11-h3, PAN-OS 10.0.8-h4, PAN-OS 10.1.3, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2021-11-11T02:00:00.000Z","lang":"eng","value":"PAN-OS 10.0.8-h4 is now available"},{"time":"2021-11-10T17:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2021-12-09T17:16:00.000Z","lang":"eng","value":"Fixed the discovery status as this was internally found."}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3058","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-11-10T00:00:00","dateReserved":"2021-11-10T00:00:00","dateUpdated":"2021-11-10T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: OS Command Injection Vulnerability in Web Interface XML API","datePublic":"2021-11-10T17:00:00.000Z","providerMetadata":{"dateUpdated":"2021-11-10T17:10:21","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.8;\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.3.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.8;\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.3.</pre>"}]},{"lang":"en","value":"This issue does not impact Prisma Access firewalls.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue does not impact Prisma Access firewalls.</pre>"}]}],"x_affectedList":["PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.1","status":"affected","lessThan":"10.1.3","versionType":"custom","changes":[{"at":"10.1.3","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.14-h3","versionType":"custom","changes":[{"at":"9.0.14-h3","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.20-h1","versionType":"custom","changes":[{"at":"8.1.20-h1","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.11-h2","versionType":"custom","changes":[{"at":"9.1.11-h2","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.8","versionType":"custom","changes":[{"at":"10.0.8","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"2.1 All","status":"unaffected"},{"version":"2.2 All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2021-3058"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks CJ, an external security researcher, for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 OS Command Injection","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-176653"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This vulnerability is only applicable to PAN-OS firewalls configured to use the XML API.","supportingMedia":{"value":"This vulnerability is only applicable to PAN-OS firewalls configured to use the XML API.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Enable signatures for Unique Threat ID 91715 on traffic processed by the firewall to block attacks against CVE-2021-3058.\n\nThis issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"Enable signatures for Unique Threat ID 91715 on traffic processed by the firewall to block attacks against CVE-2021-3058.\n\nThis issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.20-h1, PAN-OS 9.0.14-h3, PAN-OS 9.1.11-h2, PAN-OS 10.0.8, PAN-OS 10.1.3, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.20-h1, PAN-OS 9.0.14-h3, PAN-OS 9.1.11-h2, PAN-OS 10.0.8, PAN-OS 10.1.3, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2021-11-10T18:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3062","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-11-10T00:00:00","dateReserved":"2021-11-10T00:00:00","dateUpdated":"2021-11-17T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Improper Access Control Vulnerability Exposing AWS Instance Metadata Endpoint to GlobalProtect Users","datePublic":"2021-11-10T17:00:00.000Z","providerMetadata":{"dateUpdated":"2021-11-10T17:10:27","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS.\n\nExploitation of this vulnerability enables an attacker to perform any operations allowed by the EC2 role in AWS.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS.\n\nExploitation of this vulnerability enables an attacker to perform any operations allowed by the EC2 role in AWS.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.20 VM-Series firewalls;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.11 VM-Series firewalls;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14 VM-Series firewalls;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.8 VM-Series firewalls.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.20 VM-Series firewalls;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.11 VM-Series firewalls;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14 VM-Series firewalls;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.8 VM-Series firewalls.</pre>"}]},{"lang":"en","value":"Prisma Access customers are not impacted by this issue.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Prisma Access customers are not impacted by this issue.</pre>"}]}],"x_affectedList":["PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.1.*","status":"unaffected"},{"version":"9.1","status":"affected","lessThan":"9.1.11","versionType":"custom","changes":[{"at":"9.1.11","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.20","versionType":"custom","changes":[{"at":"8.1.20","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.14","versionType":"custom","changes":[{"at":"9.0.14","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.8","versionType":"custom","changes":[{"at":"10.0.8","status":"unaffected"}]}],"platforms":["VM-Series"]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"2.1 All","status":"unaffected"},{"version":"2.2 All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2021-3062"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Matthew Flanagan of Computer Systems Australia (CSA) and Suresh Kumar Ponnusamy of Freshworks for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":8.1,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-284 Improper Access Control","cweId":"CWE-284"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-164422"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This issue is applicable only to PAN-OS firewall configurations with a GlobalProtect portal or gateway enabled. You can verify whether you have a GlobalProtect portal or gateway configured by checking for entries in 'Network > GlobalProtect > Portals' and in 'Network > GlobalProtect > Gateways' on the web interface.","supportingMedia":{"value":"This issue is applicable only to PAN-OS firewall configurations with a GlobalProtect portal or gateway enabled. You can verify whether you have a GlobalProtect portal or gateway configured by checking for entries in 'Network > GlobalProtect > Portals' and in 'Network > GlobalProtect > Gateways' on the web interface.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"There are no known workarounds for this issue.","supportingMedia":{"value":"There are no known workarounds for this issue.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.20, PAN-OS 9.0.14, PAN-OS 9.1.11, PAN-OS 10.0.8, and all later PAN-OS versions","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.20, PAN-OS 9.0.14, PAN-OS 9.1.11, PAN-OS 10.0.8, and all later PAN-OS versions","type":"text/html","base64":false}}],"timeline":[{"time":"2021-11-10T17:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2021-11-17T22:40:00.000Z","lang":"eng","value":"Updated credit"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3060","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-11-10T00:00:00","dateReserved":"2021-11-10T00:00:00","dateUpdated":"2022-08-06T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP)","datePublic":"2021-11-10T17:00:00.000Z","providerMetadata":{"dateUpdated":"2021-11-10T17:10:24","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit this issue.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit this issue.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.8;\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.3.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.8;\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.3.</pre>"}]},{"lang":"en","value":"Prisma Access customers with Prisma Access 2.1 Preferred and Prisma Access 2.1 Innovation firewalls are impacted by this issue.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Prisma Access customers with Prisma Access 2.1 Preferred and Prisma Access 2.1 Innovation firewalls are impacted by this issue.</pre>"}]}],"x_affectedList":["Prisma Access 2.1","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1","status":"affected","lessThan":"8.1.20-h1","versionType":"custom","changes":[{"at":"8.1.20-h1","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.14-h3","versionType":"custom","changes":[{"at":"9.0.14-h3","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.11-h2","versionType":"custom","changes":[{"at":"9.1.11-h2","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.8","versionType":"custom","changes":[{"at":"10.0.8","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.3","versionType":"custom","changes":[{"at":"10.1.3","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"2.1 Preferred","status":"affected"},{"version":"2.2 All","status":"unaffected"},{"version":"2.1 Innovation","status":"affected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2021-3060"},{"tags":["x_refsource_CONFIRM"],"url":"https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/certificate-management/configure-the-master-key.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://docs.paloaltonetworks.com/prisma/prisma-access/innovation/2-1/prisma-access-panorama-admin/prepare-the-prisma-access-infrastructure/get-started-with-prisma-access-overview.html"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks CJ, an external security researcher, for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 OS Command Injection","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-176661"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This issue is applicable only to GlobalProtect portal and gateway configurations that are configured with a SCEP profile and when the default master key was not changed.\n\nYou can determine if your configuration has a SCEP profile by selecting 'Device > Certificate Management > SCEP' from the web interface.\n\nNote: The SCEP profile does not need to be enabled for the firewall to be at risk; it need only exist in the configuration to be a risk even if disabled.\n\nYou know you are using the default master key when the master key was not explicitly configured on the firewall. Review the master key configuration by selecting 'Device > Master Key and Diagnostics' from the web interface and change the key if needed.\n","supportingMedia":{"value":"This issue is applicable only to GlobalProtect portal and gateway configurations that are configured with a SCEP profile and when the default master key was not changed.\n\nYou can determine if your configuration has a SCEP profile by selecting 'Device > Certificate Management > SCEP' from the web interface.\n\nNote: The SCEP profile does not need to be enabled for the firewall to be at risk; it need only exist in the configuration to be a risk even if disabled.\n\nYou know you are using the default master key when the master key was not explicitly configured on the firewall. Review the master key configuration by selecting 'Device > Master Key and Diagnostics' from the web interface and change the key if needed.\n","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Changing the master key for the firewall prevents exploitation of this vulnerability. This is a security best practice for both PAN-OS and Prisma Access customers.\n\nDocumentation for configuring the master key is available at: https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/certificate-management/configure-the-master-key.html. Please note the special requirements for high-availability (HA) and Panorama-managed environments.\n\nAdditional information is available for Prisma Access customers at: https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prepare-the-prisma-access-infrastructure/get-started-with-prisma-access-overview.\n\nRemove all configured SCEP profiles from the firewall to completely eliminate any risk of exploitation related to this issue. You can view any existing SCEP profiles configured on the firewall by selecting 'Device > Certificate Management > SCEP' from the web interface.\n\nThis issue requires the attacker to have network access to the GlobalProtect interface.\n\nIn addition to these workarounds, you should enable signatures for Unique Threat ID 91526 on traffic destined for GlobalProtect interfaces to further mitigate the risk of attacks against CVE-2021-3060. SSL decryption is not necessary to detect attacks against this issue.","supportingMedia":{"value":"Changing the master key for the firewall prevents exploitation of this vulnerability. This is a security best practice for both PAN-OS and Prisma Access customers.\n\nDocumentation for configuring the master key is available at: https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/certificate-management/configure-the-master-key.html. Please note the special requirements for high-availability (HA) and Panorama-managed environments.\n\nAdditional information is available for Prisma Access customers at: https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prepare-the-prisma-access-infrastructure/get-started-with-prisma-access-overview.\n\nRemove all configured SCEP profiles from the firewall to completely eliminate any risk of exploitation related to this issue. You can view any existing SCEP profiles configured on the firewall by selecting 'Device > Certificate Management > SCEP' from the web interface.\n\nThis issue requires the attacker to have network access to the GlobalProtect interface.\n\nIn addition to these workarounds, you should enable signatures for Unique Threat ID 91526 on traffic destined for GlobalProtect interfaces to further mitigate the risk of attacks against CVE-2021-3060. SSL decryption is not necessary to detect attacks against this issue.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue at time of publication. However, a proof of concept script for this issue is publicly available.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue at time of publication. However, a proof of concept script for this issue is publicly available.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.20-h1, PAN-OS 9.0.14-h3, PAN-OS 9.1.11-h2, PAN-OS 10.0.8, PAN-OS 10.1.3, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.20-h1, PAN-OS 9.0.14-h3, PAN-OS 9.1.11-h2, PAN-OS 10.0.8, PAN-OS 10.1.3, and all later PAN-OS versions.","type":"text/html","base64":false}},{"lang":"en","value":"This issue is fixed in Prisma Access 2.2 Preferred and all later Prisma Access versions."}],"timeline":[{"time":"2021-11-10T17:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2022-08-06T00:15:00.000Z","lang":"eng","value":"Updated Prisma Access documentation link; added a note about a public proof of concept script."}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3059","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-11-10T00:00:00","dateReserved":"2021-11-10T00:00:00","dateUpdated":"2021-11-17T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: OS Command Injection Vulnerability When Performing Dynamic Updates","datePublic":"2021-11-10T17:00:00.000Z","providerMetadata":{"dateUpdated":"2021-11-10T17:10:23","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.8;\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.3.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.8;\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.3.</pre>"}]},{"lang":"en","value":"Prisma Access customers are not impacted by this issue.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Prisma Access customers are not impacted by this issue.</pre>"}]}],"x_affectedList":["PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.0","status":"affected","lessThan":"10.0.8","versionType":"custom","changes":[{"at":"10.0.8","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.3","versionType":"custom","changes":[{"at":"10.1.3","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.20-h1","versionType":"custom","changes":[{"at":"8.1.20-h1","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.14-h3","versionType":"custom","changes":[{"at":"9.0.14-h3","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.11-h2","versionType":"custom","changes":[{"at":"9.1.11-h2","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"2.2 All","status":"unaffected"},{"version":"2.1 All","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2021-3059"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks CJ, an external security researcher, for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 OS Command Injection","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-176618"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This issue is applicable only to firewalls and Panoramas that receive dynamic updates from an update server.\n\nTo verify this on firewalls not managed by Panorama ‘Device > Dynamic Updates’ from the web interface.\n\nTo verify this on Panorama review ‘Panorama > Dynamic Updates’ from the web interface.\n\nTo verify this for Panorama managed firewalls review ‘Panorama > Device Deployment > Dynamic Updates’ from the Panorama web interface.\n\nFirewalls that only receive content updates pushed from Panoramas are not susceptible to this issue.","supportingMedia":{"value":"This issue is applicable only to firewalls and Panoramas that receive dynamic updates from an update server.\n\nTo verify this on firewalls not managed by Panorama ‘Device > Dynamic Updates’ from the web interface.\n\nTo verify this on Panorama review ‘Panorama > Dynamic Updates’ from the web interface.\n\nTo verify this for Panorama managed firewalls review ‘Panorama > Device Deployment > Dynamic Updates’ from the Panorama web interface.\n\nFirewalls that only receive content updates pushed from Panoramas are not susceptible to this issue.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Updating dynamic content from a local file will prevent exposure to this vulnerability until you are able to upgrade PAN-OS firewalls and Panorama to a fixed version. You can disable scheduled dynamic updates in the web interface.\n\nPush content updates from Panorama to the managed firewalls until you are able to upgrade PAN-OS to a fixed version. The process of upgrading dynamic content on managed devices is referenced here:\nhttps://docs.paloaltonetworks.com/pan-os/10-0/pan-os-web-interface-help/panorama-web-interface/panorama-managed-devices-summary/firewall-software-and-content-updates.html","supportingMedia":{"value":"Updating dynamic content from a local file will prevent exposure to this vulnerability until you are able to upgrade PAN-OS firewalls and Panorama to a fixed version. You can disable scheduled dynamic updates in the web interface.\n\nPush content updates from Panorama to the managed firewalls until you are able to upgrade PAN-OS to a fixed version. The process of upgrading dynamic content on managed devices is referenced here:\nhttps://docs.paloaltonetworks.com/pan-os/10-0/pan-os-web-interface-help/panorama-web-interface/panorama-managed-devices-summary/firewall-software-and-content-updates.html","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.20-h1, PAN-OS 9.0.14-h3, PAN-OS 9.1.11-h2, PAN-OS 10.0.8, PAN-OS 10.1.3, and all later PAN-OS versions.\n","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.20-h1, PAN-OS 9.0.14-h3, PAN-OS 9.1.11-h2, PAN-OS 10.0.8, PAN-OS 10.1.3, and all later PAN-OS versions.\n","type":"text/html","base64":false}}],"timeline":[{"time":"2021-11-10T18:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2021-11-12T00:00:00.000Z","lang":"eng","value":"Prisma Access is not impacted"},{"time":"2021-11-17T22:20:00.000Z","lang":"eng","value":"Updated workaround and required configuration"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2021-3056","assignerOrgId":"00000000-0000-4000-9000-000000000000","assignerShortName":"palo_alto","dateUpdated":"2021-11-10T00:00:00.000Z","serial":1,"dateReserved":"2021-11-10T08:00:00.000Z","datePublished":"2021-11-10T08:00:00.000Z","state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000","shortName":"palo_alto","dateUpdated":"2021-11-11T01:10:00.000Z"},"title":"PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication","datePublic":"2021-11-10T17:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-120","description":"CWE-120 Buffer Overflow","type":"CWE"}]}],"impacts":[{"descriptions":[{"lang":"en","value":""}]}],"affected":[{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"status":"unaffected","version":"2.2","versionType":"custom"},{"status":"affected","version":"2.1","changes":[{"at":"2.1","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"status":"unaffected","version":"10.1.0","versionType":"custom"},{"status":"affected","version":"10.0.0","lessThan":"10.0.1","changes":[{"at":"10.0.1","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"9.1.0","lessThan":"9.1.9","changes":[{"at":"9.1.9","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"9.0.0","lessThan":"9.0.14","changes":[{"at":"9.0.14","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"8.1.0","lessThan":"8.1.20","changes":[{"at":"8.1.20","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"9.1.0","versionEndExcluding":"9.1.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.0.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0","versionEndExcluding":"8.1.20"}]}]}],"descriptions":[{"lang":"en","value":"A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication.\n\nThis issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.20;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.9;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.1.\n\nPrisma Access customers with Prisma Access 2.1 Preferred firewalls are impacted by this issue.","supportingMedia":[{"type":"text/html","base64":true,"value":"A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication.<br><br>This issue impacts:<br>PAN-OS 8.1 versions earlier than PAN-OS 8.1.20;<br>PAN-OS 9.0 versions earlier than PAN-OS 9.0.14;<br>PAN-OS 9.1 versions earlier than PAN-OS 9.1.9;<br>PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.<br><br>Prisma Access customers with Prisma Access 2.1 Preferred firewalls are impacted by this issue."}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2021-3056","tags":["x_refsource_CONFIRM"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"HIGH","baseScore":8.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}],"configurations":[{"lang":"en","value":"This issue is applicable only to PAN-OS firewall configurations with the Clientless VPN feature and SAML authentication enabled for GlobalProtect Portal.","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue is applicable only to PAN-OS firewall configurations with the Clientless VPN feature and SAML authentication enabled for GlobalProtect Portal."}]}],"workarounds":[{"lang":"en","value":"Enable signatures for Unique Threat ID 91585 on traffic processed by the firewall to block attacks against CVE-2021-3056.","supportingMedia":[{"type":"text/html","base64":false,"value":"Enable signatures for Unique Threat ID 91585 on traffic processed by the firewall to block attacks against CVE-2021-3056."}]}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.20, PAN-OS 9.0.14, PAN-OS 9.1.9, PAN-OS 10.0.1, and all later PAN-OS versions.\nThis issue is fixed in Prisma Access 2.2 Preferred and all later Prisma Access versions.","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue is fixed in PAN-OS 8.1.20, PAN-OS 9.0.14, PAN-OS 9.1.9, PAN-OS 10.0.1, and all later PAN-OS versions.<br>This issue is fixed in Prisma Access 2.2 Preferred and all later Prisma Access versions."}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2021-11-10T17:00:00.000Z","lang":"eng","value":"Initial publication"}],"credits":[{"lang":"en","value":"This issue was found by Nicholas Newsom of Palo Alto Networks during an internal security review.","type":"finder"}],"source":{"defect":["PAN-149501"],"discovery":"INTERNAL"},"x_generator":{"engine":"Vulnogram 0.0.9"},"x_affectedList":["Prisma Access 2.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-1968","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-10-13T00:00:00","dateReserved":"2021-10-13T00:00:00","dateUpdated":"2021-11-01T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Impact of the Raccoon Attack Vulnerability CVE-2020-1968","datePublic":"2021-10-13T16:00:00.000Z","providerMetadata":{"orgId":"3a12439a-ef3a-4c79-92e6-6081a721f1e5","shortName":"openssl","dateUpdated":"2022-10-16T00:00:00"},"descriptions":[{"lang":"en","value":"In versions of Palo Alto Networks PAN-OS software earlier than PAN-OS 10.0, the DHE cipher available for use in traffic decryption improperly shares a cryptographic secret across multiple TLS connections, which weakens its cryptographic strength. This is a prerequisite for successful exploitation of the Raccoon attack (CVE-2020-1968), which allows an attacker to eavesdrop on encrypted traffic over those TLS connections.\n\nComponents that are known to be impacted by this vulnerability:\nSSL Forward-Proxy\nSSL Inbound Inspection\nGlobalProtect Portal\nGlobalProtect Gateway\nGlobalProtect Clientless VPN","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>In versions of Palo Alto Networks PAN-OS software earlier than PAN-OS 10.0, the DHE cipher available for use in traffic decryption improperly shares a cryptographic secret across multiple TLS connections, which weakens its cryptographic strength. This is a prerequisite for successful exploitation of the Raccoon attack (CVE-2020-1968), which allows an attacker to eavesdrop on encrypted traffic over those TLS connections.\n\nComponents that are known to be impacted by this vulnerability:\nSSL Forward-Proxy\nSSL Inbound Inspection\nGlobalProtect Portal\nGlobalProtect Gateway\nGlobalProtect Clientless VPN</pre>"}]},{"lang":"en","value":"This issue impacts all versions of PAN-OS 8.1, all versions of PAN-OS 9.0, and all versions of PAN-OS 9.1. This issue does not impact any version of PAN-OS 10.0 or any later PAN-OS versions.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts all versions of PAN-OS 8.1, all versions of PAN-OS 9.0, and all versions of PAN-OS 9.1. This issue does not impact any version of PAN-OS 10.0 or any later PAN-OS versions.</pre>"}]},{"lang":"en","value":"Prisma Access customers that have Prisma Access 2.0 Preferred and Prisma Access 2.1 Preferred firewalls are impacted by this issue.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Prisma Access customers that have Prisma Access 2.0 Preferred and Prisma Access 2.1 Preferred firewalls are impacted by this issue.</pre>"}]}],"x_affectedList":["Prisma Access 2.1","Prisma Access 2.0","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.23-h1","PAN-OS 8.1.23","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.0.*","status":"unaffected"},{"version":"9.1.*","status":"affected"},{"version":"9.0.*","status":"affected"},{"version":"8.1.*","status":"affected"},{"version":"10.1.*","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","versions":[{"version":"2.2 Preferred","status":"unaffected"},{"version":"2.1 Preferred","status":"affected"},{"version":"2.1 Innovation","status":"unaffected"},{"version":"2.0 Preferred","status":"affected"},{"version":"2.0 Innovation","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-1968"},{"tags":["x_refsource_CONFIRM"],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1968"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.7,"baseSeverity":"LOW"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-203 Information Exposure Through Discrepancy","cweId":"CWE-203"}]},{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-326 Inadequate Encryption Strength","cweId":"CWE-326"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-154936"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This issue is only applicable to PAN-OS firewalls configured to use SSL Forward Proxy, SSL Inbound Inspection, GlobalProtect Portal, GlobalProtect Gateway, or GlobalProtect Clientless VPN and where the usage of the DHE key exchange is not disabled.","supportingMedia":{"value":"This issue is only applicable to PAN-OS firewalls configured to use SSL Forward Proxy, SSL Inbound Inspection, GlobalProtect Portal, GlobalProtect Gateway, or GlobalProtect Clientless VPN and where the usage of the DHE key exchange is not disabled.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"For all major versions of PAN-OS software earlier than PAN-OS 10.0 that use SSL Forward Proxy or SSL Inbound Proxy:\n\nYou must disable the DHE key exchange from the web interface. You can change this setting by selecting ‘Objects > Decryption Profile > SSL Protocol Settings’ and then disable (deselect) the 'DHE’ option.\n\nFor all PAN-OS 9.0 and PAN-OS 9.1 versions using GlobalProtect Portal, GlobalProtect Gateway, or GlobalProtect Clientless VPN, you can use the following CLI command to disable the DHE key exchange:\n\n\"set shared ssl-tls-service-profile <ssl-tls-service-profile-name> protocol-settings keyxchg-algo-dhe no\"\n\nFor PAN-OS 8.1.20 and later PAN-OS 8.1 versions using GlobalProtect Portal, GlobalProtect Gateway, or GlobalProtect Clientless VPN, you can use the same CLI command to disable the DHE key exchange:\n\n\"set shared ssl-tls-service-profile <ssl-tls-service-profile-name> protocol-settings keyxchg-algo-dhe no\"\n\nPAN-OS 10.0 and later PAN-OS versions are not impacted by this issue.","supportingMedia":{"value":"For all major versions of PAN-OS software earlier than PAN-OS 10.0 that use SSL Forward Proxy or SSL Inbound Proxy:\n\nYou must disable the DHE key exchange from the web interface. You can change this setting by selecting ‘Objects > Decryption Profile > SSL Protocol Settings’ and then disable (deselect) the 'DHE’ option.\n\nFor all PAN-OS 9.0 and PAN-OS 9.1 versions using GlobalProtect Portal, GlobalProtect Gateway, or GlobalProtect Clientless VPN, you can use the following CLI command to disable the DHE key exchange:\n\n\"set shared ssl-tls-service-profile <ssl-tls-service-profile-name> protocol-settings keyxchg-algo-dhe no\"\n\nFor PAN-OS 8.1.20 and later PAN-OS 8.1 versions using GlobalProtect Portal, GlobalProtect Gateway, or GlobalProtect Clientless VPN, you can use the same CLI command to disable the DHE key exchange:\n\n\"set shared ssl-tls-service-profile <ssl-tls-service-profile-name> protocol-settings keyxchg-algo-dhe no\"\n\nPAN-OS 10.0 and later PAN-OS versions are not impacted by this issue.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"Apply any of the workarounds to mitigate the risk of CVE-2020-1968.\n\nThis issue is fixed in PAN-OS 10.0.0 and all later PAN-OS versions.\n\nThis issue is fixed in Prisma Access 2.1 Innovation, Prisma Access 2.2 Preferred, and all later Prisma Access versions.","supportingMedia":{"value":"Apply any of the workarounds to mitigate the risk of CVE-2020-1968.\n\nThis issue is fixed in PAN-OS 10.0.0 and all later PAN-OS versions.\n\nThis issue is fixed in Prisma Access 2.1 Innovation, Prisma Access 2.2 Preferred, and all later Prisma Access versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2021-10-15T22:00:00.000Z","lang":"eng","value":"Clarified Prisma Access affected versions"},{"time":"2021-10-13T16:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2021-10-19T21:30:00.000Z","lang":"eng","value":"Clarified Prisma Access affected and solution versions"},{"time":"2021-11-01T06:00:00.000Z","lang":"eng","value":"Updated work around CLI command and impacted components"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3054","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-09-08T00:00:00","dateReserved":"2021-09-08T00:00:00","dateUpdated":"2021-09-12T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Unsigned Code Execution During Plugin Installation Race Condition Vulnerability","datePublic":"2021-09-08T16:00:00.000Z","providerMetadata":{"dateUpdated":"2021-09-08T17:10:21","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.20;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.11;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.7;\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.2.\n\nThis issue does not affect Prisma Access.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.20;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.11;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.7;\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.2.\n\nThis issue does not affect Prisma Access.</pre>"}]}],"x_affectedList":["PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1","status":"affected","lessThan":"8.1.20","versionType":"custom","changes":[{"at":"8.1.20","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.14","versionType":"custom","changes":[{"at":"9.0.14","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.7","versionType":"custom","changes":[{"at":"10.0.7","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.11","versionType":"custom","changes":[{"at":"9.1.11","status":"unaffected"}]},{"version":"10.1","status":"affected","lessThan":"10.1.2","versionType":"custom","changes":[{"at":"10.1.2","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2021-3054"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Praetorian for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition","cweId":"CWE-367"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-138727"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"Enable signatures for Unique Threat ID 91572 on traffic processed by the firewall to block attacks against CVE-2021-3054.\n\nThis issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"Enable signatures for Unique Threat ID 91572 on traffic processed by the firewall to block attacks against CVE-2021-3054.\n\nThis issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.20, PAN-OS 9.0.14, PAN-OS 9.1.11, PAN-OS 10.0.7, PAN-OS 10.1.2, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.20, PAN-OS 9.0.14, PAN-OS 9.1.11, PAN-OS 10.0.7, PAN-OS 10.1.2, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2021-09-08T16:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2021-09-12T16:00:00.000Z","lang":"eng","value":"Added threat prevention workaround for the vulnerability"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-10188","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-09-08T00:00:00","dateReserved":"2021-09-08T00:00:00","dateUpdated":"2021-09-08T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Impact of Telnet Remote-Code-Execution (RCE) Vulnerability (CVE-2020-10188)","datePublic":"2021-09-08T16:00:00.000Z","providerMetadata":{"dateUpdated":"2021-11-08T11:09:32","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A buffer overflow vulnerability in the Telnet-based administrative management service included with PAN-OS software allows remote attackers to execute arbitrary code.\n\nThe Telnet-based administrative management service is disabled by default and this issue is not exploitable if this service is disabled.\n\nThis issue does not impact SSH or HTTPS management interfaces. This issue does not affect Prisma Access.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A buffer overflow vulnerability in the Telnet-based administrative management service included with PAN-OS software allows remote attackers to execute arbitrary code.\n\nThe Telnet-based administrative management service is disabled by default and this issue is not exploitable if this service is disabled.\n\nThis issue does not impact SSH or HTTPS management interfaces. This issue does not affect Prisma Access.</pre>"}]}],"x_affectedList":["PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.1.*","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.20","versionType":"custom","changes":[{"at":"8.1.20","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.14","versionType":"custom","changes":[{"at":"9.0.14","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.9","versionType":"custom","changes":[{"at":"9.1.9","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.6","versionType":"custom","changes":[{"at":"10.0.6","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-10188"}],"credits":[{"lang":"en","value":"This issue was found by an external researcher in the upstream Telnet code."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-120 Buffer Overflow","cweId":"CWE-120"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-158262"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This issue is exploitable only if the Telnet service is enabled and is accessible to attackers.","supportingMedia":{"value":"This issue is exploitable only if the Telnet service is enabled and is accessible to attackers.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Disabling the Telnet-based administrative management service completely eliminates risks of exploitation of this issue.\n\nThis issue requires the attacker to have network access to the PAN-OS Telnet interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.\n\nIf the Telnet-based administrative management service is required and you cannot immediately upgrade your PAN-OS software, enable signatures for Unique Threat ID 59125 on traffic destined for the Telnet interface to block attacks against CVE-2020-10188.","supportingMedia":{"value":"Disabling the Telnet-based administrative management service completely eliminates risks of exploitation of this issue.\n\nThis issue requires the attacker to have network access to the PAN-OS Telnet interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.\n\nIf the Telnet-based administrative management service is required and you cannot immediately upgrade your PAN-OS software, enable signatures for Unique Threat ID 59125 on traffic destined for the Telnet interface to block attacks against CVE-2020-10188.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue targeting Palo Alto Networks products.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue targeting Palo Alto Networks products.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.20, PAN-OS 9.0.14, PAN-OS 9.1.9, PAN-OS 10.0.6, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.20, PAN-OS 9.0.14, PAN-OS 9.1.9, PAN-OS 10.0.6, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2021-09-08T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3053","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-09-08T00:00:00","dateReserved":"2021-09-08T00:00:00","dateUpdated":"2021-09-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Exceptional Condition Denial-of-Service (DoS)","datePublic":"2021-09-08T16:00:00.000Z","providerMetadata":{"dateUpdated":"2021-09-08T17:10:19","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.20;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.9;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.5.\n\nThis issue does not affect Prisma Access.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.20;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.9;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.5.\n\nThis issue does not affect Prisma Access.</pre>"}]}],"x_affectedList":["PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.1.*","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.20","versionType":"custom","changes":[{"at":"8.1.20","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.14","versionType":"custom","changes":[{"at":"9.0.14","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.9","versionType":"custom","changes":[{"at":"9.1.9","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.5","versionType":"custom","changes":[{"at":"10.0.5","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2021-3053"}],"credits":[{"lang":"en","value":"This issue was found by Nicholas Newsom of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-755 Improper Handling of Exceptional Conditions","cweId":"CWE-755"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-158723"],"discovery":"INTERNAL"},"configurations":[{"lang":"en","value":"This issue is applicable only if GTP security is configured on the firewall.","supportingMedia":{"value":"This issue is applicable only if GTP security is configured on the firewall.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Enable signatures for Unique Threat ID 91593 on traffic processed by the firewall to block attacks against CVE-2021-3053.","supportingMedia":{"value":"Enable signatures for Unique Threat ID 91593 on traffic processed by the firewall to block attacks against CVE-2021-3053.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.20, PAN-OS 9.0.14, PAN-OS 9.1.9, PAN-OS 10.0.5, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.20, PAN-OS 9.0.14, PAN-OS 9.1.9, PAN-OS 10.0.5, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2021-09-08T16:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2021-09-13T16:00:00.000Z","lang":"eng","value":"Added required configuration for exposure and threat prevention workaround for the vulnerability"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3052","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-09-08T00:00:00","dateReserved":"2021-09-08T00:00:00","dateUpdated":"2021-09-12T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Reflected Cross-Site Scripting (XSS) in Web Interface","datePublic":"2021-09-08T16:00:00.000Z","providerMetadata":{"dateUpdated":"2021-09-08T17:10:18","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than 8.1.20;\nPAN-OS 9.0 versions earlier than 9.0.14;\nPAN-OS 9.1 versions earlier than 9.1.10;\nPAN-OS 10.0 versions earlier than 10.0.2.\n\nThis issue does not affect Prisma Access.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than 8.1.20;\nPAN-OS 9.0 versions earlier than 9.0.14;\nPAN-OS 9.1 versions earlier than 9.1.10;\nPAN-OS 10.0 versions earlier than 10.0.2.\n\nThis issue does not affect Prisma Access.</pre>"}]}],"x_affectedList":["PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.1.*","status":"unaffected"},{"version":"9.0","status":"affected","lessThan":"9.0.14","versionType":"custom","changes":[{"at":"9.0.14","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.20","versionType":"custom","changes":[{"at":"8.1.20","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.10","versionType":"custom","changes":[{"at":"9.1.10","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.2","versionType":"custom","changes":[{"at":"10.0.2","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2021-3052"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Cristian Mocanu and Dan Marin of Deloitte for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Cross-site Scripting (XSS)","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-150337"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"Enable signatures for Unique Threat IDs 91573, 91574, 91575, 91576 on traffic destined for the web interface to block attacks against CVE-2021-3052.\n\nThis issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"Enable signatures for Unique Threat IDs 91573, 91574, 91575, 91576 on traffic destined for the web interface to block attacks against CVE-2021-3052.\n\nThis issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 9.0.14, PAN-OS 8.1.20, PAN-OS 9.1.10, PAN-OS 10.0.2, PAN-OS 10.1.0, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 9.0.14, PAN-OS 8.1.20, PAN-OS 9.1.10, PAN-OS 10.0.2, PAN-OS 10.1.0, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2021-09-08T16:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2021-09-12T16:00:00.000Z","lang":"eng","value":"Added threat prevention workaround for the vulnerability"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3055","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-09-08T00:00:00","dateReserved":"2021-09-08T00:00:00","dateUpdated":"2021-09-12T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: XML External Entity (XXE) Reference Vulnerability in the PAN-OS Web Interface","datePublic":"2021-09-08T16:00:00.000Z","providerMetadata":{"dateUpdated":"2021-09-08T17:10:22","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.20;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.10;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.6.\nThis issue does not affect Prisma Access.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.20;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.10;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.6.\nThis issue does not affect Prisma Access.</pre>"}]}],"x_affectedList":["PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.1.*","status":"unaffected"},{"version":"9.0","status":"affected","lessThan":"9.0.14","versionType":"custom","changes":[{"at":"9.0.14","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.10","versionType":"custom","changes":[{"at":"9.1.10","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.6","versionType":"custom","changes":[{"at":"10.0.6","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.20","versionType":"custom","changes":[{"at":"8.1.20","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2021-3055"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Cristian Mocanu and Dan Marin of Deloitte for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-611 Improper Restriction of XML External Entity Reference ('XXE')","cweId":"CWE-611"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-166241"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"Enable signatures for Unique Threat ID 91588 on traffic destined for the web interface to block attacks against CVE-2021-3055.\n\nThis issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"Enable signatures for Unique Threat ID 91588 on traffic destined for the web interface to block attacks against CVE-2021-3055.\n\nThis issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.20, PAN-OS 9.0.14, PAN-OS 9.1.10, PAN-OS 10.0.6, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.20, PAN-OS 9.0.14, PAN-OS 9.1.10, PAN-OS 10.0.6, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2021-09-08T16:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2021-09-12T16:00:00.000Z","lang":"eng","value":"Added threat prevention workaround for the vulnerability"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3047","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-08-11T00:00:00","dateReserved":"2021-08-11T00:00:00","dateUpdated":"2021-08-11T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Weak Cryptography Used in Web Interface Authentication","datePublic":"2021-08-11T16:00:00.000Z","providerMetadata":{"dateUpdated":"2021-08-11T17:10:17","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to impersonate another authenticated web interface administrator's session.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to impersonate another authenticated web interface administrator's session.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.19;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.10;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.4.\nPAN-OS 10.1 versions are not impacted.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.19;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.10;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.4.\nPAN-OS 10.1 versions are not impacted.</pre>"}]}],"x_affectedList":["PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.1.*","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.19","versionType":"custom","changes":[{"at":"8.1.19","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.14","versionType":"custom","changes":[{"at":"9.0.14","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.4","versionType":"custom","changes":[{"at":"10.0.4","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.10","versionType":"custom","changes":[{"at":"9.1.10","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2021-3047"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Gabor Acs-Kurucz and Oliver Kunz of Google for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.2,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)","cweId":"CWE-338"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-156240"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"There is no specific configuration required for this exposure—all web interface authentication methods are impacted by this issue.","supportingMedia":{"value":"There is no specific configuration required for this exposure—all web interface authentication methods are impacted by this issue.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"There are no known workarounds for this issue.","supportingMedia":{"value":"There are no known workarounds for this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.19, PAN-OS 9.0.14, PAN-OS 9.1.10, PAN-OS 10.0.4, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.19, PAN-OS 9.0.14, PAN-OS 9.1.10, PAN-OS 10.0.4, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2021-08-11T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3050","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-08-11T00:00:00","dateReserved":"2021-08-11T00:00:00","dateUpdated":"2021-08-11T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: OS Command Injection Vulnerability in Web Interface","datePublic":"2021-08-11T16:00:00.000Z","providerMetadata":{"dateUpdated":"2021-08-11T17:10:20","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges.\n\nThis issue impacts:\nPAN-OS 9.0 version 9.0.10 through PAN-OS 9.0.14;\nPAN-OS 9.1 version 9.1.4 through PAN-OS 9.1.10;\nPAN-OS 10.0 version 10.0.7 and earlier PAN-OS 10.0 versions;\nPAN-OS 10.1 version 10.1.0 through PAN-OS 10.1.1.\n\nPrisma Access firewalls and firewalls running PAN-OS 8.1 versions are not impacted by this issue.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges.\n\nThis issue impacts:\nPAN-OS 9.0 version 9.0.10 through PAN-OS 9.0.14;\nPAN-OS 9.1 version 9.1.4 through PAN-OS 9.1.10;\nPAN-OS 10.0 version 10.0.7 and earlier PAN-OS 10.0 versions;\nPAN-OS 10.1 version 10.1.0 through PAN-OS 10.1.1.\n\nPrisma Access firewalls and firewalls running PAN-OS 8.1 versions are not impacted by this issue.\n</pre>"}]}],"x_affectedList":["PAN-OS 10.1.6-h6","PAN-OS 10.1.6-h5","PAN-OS 10.1.6-h4","PAN-OS 10.1.6-h3","PAN-OS 10.1.6-h2","PAN-OS 10.1.6-h1","PAN-OS 10.1.6","PAN-OS 10.1.5-h2","PAN-OS 10.1.5-h1","PAN-OS 10.1.5","PAN-OS 10.1.4-h4","PAN-OS 10.1.4-h3","PAN-OS 10.1.4-h2","PAN-OS 10.1.4-h1","PAN-OS 10.1.4","PAN-OS 10.1.3","PAN-OS 10.1.2","PAN-OS 10.1.1","PAN-OS 10.1.0","PAN-OS 10.1","PAN-OS 10.0.11-h1","PAN-OS 10.0.11","PAN-OS 10.0.10","PAN-OS 10.0.9","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1.*","status":"unaffected"},{"version":"9.0.10","status":"affected","lessThan":"9.0*","versionType":"custom","changes":[{"at":"9.0.15","status":"unaffected"}]},{"version":"9.1.4","status":"affected","lessThan":"9.1*","versionType":"custom","changes":[{"at":"9.1.11","status":"unaffected"}]},{"version":"10.0.0","status":"affected","lessThan":"10.0*","versionType":"custom","changes":[{"at":"10.0.8","status":"unaffected"}]},{"version":"10.1.0","status":"affected","lessThan":"10.1*","versionType":"custom","changes":[{"at":"10.1.2","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2021-3050"}],"credits":[{"lang":"en","value":"This issue was found by an external security researcher."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 OS Command Injection","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-174326"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"Enable signatures for Unique Threat ID 91439 on traffic destined for the web interface to block attacks against CVE-2021-3050.\n\nThis issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.\n","supportingMedia":{"value":"Enable signatures for Unique Threat ID 91439 on traffic destined for the web interface to block attacks against CVE-2021-3050.\n\nThis issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.\n","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.  However, exploits for this issue are publicly available.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.  However, exploits for this issue are publicly available.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"We intend to fix this issue in PAN-OS 9.0.15 (ETA November 2021), PAN-OS 9.1.11 (ETA September 2021), PAN-OS 10.0.8 (ETA September 2021), PAN-OS 10.1.2 (ETA September 2021) and all later PAN-OS versions.","supportingMedia":{"value":"We intend to fix this issue in PAN-OS 9.0.15 (ETA November 2021), PAN-OS 9.1.11 (ETA September 2021), PAN-OS 10.0.8 (ETA September 2021), PAN-OS 10.1.2 (ETA September 2021) and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2021-08-11T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3045","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-08-11T00:00:00","dateReserved":"2021-08-11T00:00:00","dateUpdated":"2021-08-11T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: OS Command Argument Injection in Web Interface","datePublic":"2021-08-11T16:00:00.000Z","providerMetadata":{"dateUpdated":"2021-08-11T17:10:14","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.19;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.10.\nPAN-OS 10.0 and later versions are not impacted.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.19;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.10.\nPAN-OS 10.0 and later versions are not impacted.</pre>"}]}],"x_affectedList":["PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.0.*","status":"unaffected"},{"version":"10.1.*","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.19","versionType":"custom","changes":[{"at":"8.1.19","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.14","versionType":"custom","changes":[{"at":"9.0.14","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.10","versionType":"custom","changes":[{"at":"9.1.10","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2021-3045"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Brandon Vincent for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.9,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-88 Argument Injection or Modification","cweId":"CWE-88"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-147781"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.19, PAN-OS 9.0.14, PAN-OS 9.1.10, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.19, PAN-OS 9.0.14, PAN-OS 9.1.10, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2021-08-11T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3048","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-08-11T00:00:00","dateReserved":"2021-08-11T00:00:00","dateUpdated":"2021-08-11T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Invalid URLs in an External Dynamic List (EDL) can Lead to Firewall Outage","datePublic":"2021-08-11T16:00:00.000Z","providerMetadata":{"dateUpdated":"2021-08-11T17:10:19","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding.\n\nThis condition causes subsequent commits on the firewall to fail and prevents administrators from performing commits and configuration changes even though the firewall remains otherwise functional. If the firewall then restarts, it results in a denial-of-service (DoS) condition and the firewall stops processing traffic.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding.\n\nThis condition causes subsequent commits on the firewall to fail and prevents administrators from performing commits and configuration changes even though the firewall remains otherwise functional. If the firewall then restarts, it results in a denial-of-service (DoS) condition and the firewall stops processing traffic.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.9;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.5.\nPAN-OS 8.1 and PAN-OS 10.1 versions are not impacted.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.9;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.5.\nPAN-OS 8.1 and PAN-OS 10.1 versions are not impacted.</pre>"}]}],"x_affectedList":["PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.1.*","status":"unaffected"},{"version":"8.1.*","status":"unaffected"},{"version":"9.0","status":"affected","lessThan":"9.0.14","versionType":"custom","changes":[{"at":"9.0.14","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.9","versionType":"custom","changes":[{"at":"9.1.9","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.5","versionType":"custom","changes":[{"at":"10.0.5","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-3048"}],"credits":[{"lang":"en","value":"This issue was encountered by some customers of Palo Alto Networks during regular operation."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.9,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-160455"],"discovery":"USER"},"configurations":[{"lang":"en","value":"This issue is applicable only if an External Dynamic List (EDL) is configured on the firewall.\nAn EDL that contains only domain names or IP addresses will not cause this issue.","supportingMedia":{"value":"This issue is applicable only if an External Dynamic List (EDL) is configured on the firewall.\nAn EDL that contains only domain names or IP addresses will not cause this issue.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"You can prevent this issue by removing all invalid URL entries from source EDLs or removing the EDL from your configuration.\n\nAdditionally, do not configure EDLs from websites that you do not trust.","supportingMedia":{"value":"You can prevent this issue by removing all invalid URL entries from source EDLs or removing the EDL from your configuration.\n\nAdditionally, do not configure EDLs from websites that you do not trust.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 9.0.14, PAN-OS 9.1.9, PAN-OS 10.0.5, and all later PAN-OS versions.\n\nIf a firewall encounters this problem, you will require TAC assistance to make the firewall operational again.","supportingMedia":{"value":"This issue is fixed in PAN-OS 9.0.14, PAN-OS 9.1.9, PAN-OS 10.0.5, and all later PAN-OS versions.\n\nIf a firewall encounters this problem, you will require TAC assistance to make the firewall operational again.","type":"text/html","base64":false}}],"timeline":[{"time":"2021-08-11T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3046","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-08-11T00:00:00","dateReserved":"2021-08-11T00:00:00","dateUpdated":"2021-08-11T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Improper SAML Authentication Vulnerability in GlobalProtect Portal","datePublic":"2021-08-11T16:00:00.000Z","providerMetadata":{"dateUpdated":"2021-08-11T17:10:16","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway when they are configured to use SAML authentication.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway when they are configured to use SAML authentication.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.19;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.9;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.5.\nPAN-OS 10.1 versions are not impacted.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.19;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.9;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.5.\nPAN-OS 10.1 versions are not impacted.\n</pre>"}]}],"x_affectedList":["PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.1.*","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.19","versionType":"custom","changes":[{"at":"8.1.19","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.14","versionType":"custom","changes":[{"at":"9.0.14","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.9","versionType":"custom","changes":[{"at":"9.1.9","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.5","versionType":"custom","changes":[{"at":"10.0.5","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2021-3046"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Alexander Harvey for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.8,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-287 Improper Authentication","cweId":"CWE-287"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-150023"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This vulnerability applies only to PAN-OS firewalls configured to have a GlobalProtect portal or gateway with SAML authentication enabled.","supportingMedia":{"value":"This vulnerability applies only to PAN-OS firewalls configured to have a GlobalProtect portal or gateway with SAML authentication enabled.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"You can disable SAML authentication for any impacted GlobalProtect portal or gateway until you upgrade the PAN-OS firewall to a fixed version.","supportingMedia":{"value":"You can disable SAML authentication for any impacted GlobalProtect portal or gateway until you upgrade the PAN-OS firewall to a fixed version.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.19, PAN-OS 9.0.14, PAN-OS 9.1.9, PAN-OS 10.0.5, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.19, PAN-OS 9.0.14, PAN-OS 9.1.9, PAN-OS 10.0.5, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2021-08-11T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3037","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-04-14T00:00:00","dateReserved":"2021-04-14T00:00:00","dateUpdated":"2021-04-14T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Secrets for scheduled configuration exports are logged in system logs","datePublic":"2021-04-14T16:00:00.000Z","providerMetadata":{"dateUpdated":"2021-04-20T03:15:17","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs.\n\nLogged information includes the cleartext username,  password, and IP address used to export the PAN-OS configuration to the destination server.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs.\n\nLogged information includes the cleartext username,  password, and IP address used to export the PAN-OS configuration to the destination server.\n</pre>"}]}],"x_affectedList":["PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1","status":"affected","lessThan":"8.1.19","versionType":"custom","changes":[{"at":"8.1.19","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.13","versionType":"custom","changes":[{"at":"9.0.13","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.4","versionType":"custom","changes":[{"at":"9.1.4","status":"unaffected"}]},{"version":"10.0.0","status":"unaffected","lessThan":"10.0*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2021-3037"}],"credits":[{"lang":"en","value":"This issue was found by a customer of Palo Alto Networks during a security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.3,"baseSeverity":"LOW"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-534 Information Exposure Through Debug Log Files","cweId":"CWE-534"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-131474"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This issue is only applicable to PAN-OS devices that have been configured to use scheduled configuration exports at any time.","supportingMedia":{"value":"This issue is only applicable to PAN-OS devices that have been configured to use scheduled configuration exports at any time.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.\n","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.\n","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.19, PAN-OS 9.0.13, PAN-OS 9.1.4, and all later PAN-OS versions.\n\nAfter you upgrade the PAN-OS appliance, you must change the connection details used in scheduled configuration exports. You should also change the credentials on the destination server that are used to export the configuration.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.19, PAN-OS 9.0.13, PAN-OS 9.1.4, and all later PAN-OS versions.\n\nAfter you upgrade the PAN-OS appliance, you must change the connection details used in scheduled configuration exports. You should also change the credentials on the destination server that are used to export the configuration.","type":"text/html","base64":false}}],"timeline":[{"time":"2021-04-14T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3036","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-04-14T00:00:00","dateReserved":"2021-04-14T00:00:00","dateUpdated":"2021-04-14T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Administrator secrets are logged in web server logs when using the PAN-OS XML API incorrectly","datePublic":"2021-04-14T16:00:00.000Z","providerMetadata":{"dateUpdated":"2021-04-20T03:15:17","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly.\n\nThis vulnerability applies only to PAN-OS appliances that are configured to use the PAN-OS XML API and exists only when a client includes a duplicate API parameter in API requests.\n\nLogged information includes the cleartext username, password, and API key of the administrator making the PAN-OS XML API request.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly.\n\nThis vulnerability applies only to PAN-OS appliances that are configured to use the PAN-OS XML API and exists only when a client includes a duplicate API parameter in API requests.\n\nLogged information includes the cleartext username, password, and API key of the administrator making the PAN-OS XML API request.\n</pre>"}]}],"x_affectedList":["PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1","status":"affected","lessThan":"8.1.19","versionType":"custom","changes":[{"at":"8.1.19","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.12","versionType":"custom","changes":[{"at":"9.0.12","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.6","versionType":"custom","changes":[{"at":"9.1.6","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.1","versionType":"custom","changes":[{"at":"10.0.1","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2021-3036"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks David Tien of Cyber Risk for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-532 Information Exposure Through Log Files","cweId":"CWE-532"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-154114"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This vulnerability applies only to PAN-OS appliances that are configured to use the PAN-OS XML API. ","supportingMedia":{"value":"This vulnerability applies only to PAN-OS appliances that are configured to use the PAN-OS XML API. ","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"You must change the passwords and generate a new API key for all impacted PAN-OS administrators. Confirm that there aren’t any PAN-OS XML API requests that repeat API parameters in the request.","supportingMedia":{"value":"You must change the passwords and generate a new API key for all impacted PAN-OS administrators. Confirm that there aren’t any PAN-OS XML API requests that repeat API parameters in the request.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.19, PAN-OS 9.0.12, PAN-OS 9.1.6, PAN-OS 10.0.1, and all later PAN-OS versions.\n\nAfter you upgrade the PAN-OS appliance, you must change the passwords and generate a new API key for all impacted PAN-OS administrators.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.19, PAN-OS 9.0.12, PAN-OS 9.1.6, PAN-OS 10.0.1, and all later PAN-OS versions.\n\nAfter you upgrade the PAN-OS appliance, you must change the passwords and generate a new API key for all impacted PAN-OS administrators.","type":"text/html","base64":false}}],"timeline":[{"time":"2021-04-14T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3032","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-01-13T00:00:00","dateReserved":"2021-01-13T00:00:00","dateUpdated":"2021-01-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Configuration secrets for log forwarding may be logged in system logs","datePublic":"2021-01-13T17:00:00.000Z","providerMetadata":{"dateUpdated":"2021-01-13T18:10:13","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log.\n\nLogged information may include up to 1024 bytes of the configuration including the username and password in an encrypted form and private keys used in any certificate profiles set for log forwarding server profiles.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log.\n\nLogged information may include up to 1024 bytes of the configuration including the username and password in an encrypted form and private keys used in any certificate profiles set for log forwarding server profiles.\n</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.18;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.12;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.4;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.1.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.18;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.12;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.4;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.1.</pre>"}]}],"x_affectedList":["PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1","status":"affected","lessThan":"8.1.18","versionType":"custom","changes":[{"at":"8.1.18","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.12","versionType":"custom","changes":[{"at":"9.0.12","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.4","versionType":"custom","changes":[{"at":"9.1.4","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.1","versionType":"custom","changes":[{"at":"10.0.1","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2021-3032"}],"credits":[{"lang":"en","value":"This issue was found by My Tran, Mai Phan, and Claire Zhou of Palo Alto Networks during internal security testing."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-532 Information Exposure Through Log Files","cweId":"CWE-532"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-149377"],"discovery":"INTERNAL"},"configurations":[{"lang":"en","value":"This issue is only applicable to PAN-OS devices configured to use log forwarding. You can verify this in the management web interface: Device -> Log Settings.","supportingMedia":{"value":"This issue is only applicable to PAN-OS devices configured to use log forwarding. You can verify this in the management web interface: Device -> Log Settings.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"This issue requires access to PAN-OS log files generated in the system. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue requires access to PAN-OS log files generated in the system. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"If the PAN-OS firewall is impacted, then you must clear the configuration file (/var/log/pan/logrcvr.log). This can be accomplished by running the following CLI command:\n  \"delete debug-log mp-log file logrcvr.log\".\n\nThis issue is fixed in PAN-OS 8.1.18, PAN-OS 9.0.12, PAN-OS 9.1.4, PAN-OS 10.0.1, and all later PAN-OS versions.","supportingMedia":{"value":"If the PAN-OS firewall is impacted, then you must clear the configuration file (/var/log/pan/logrcvr.log). This can be accomplished by running the following CLI command:\n  \"delete debug-log mp-log file logrcvr.log\".\n\nThis issue is fixed in PAN-OS 8.1.18, PAN-OS 9.0.12, PAN-OS 9.1.4, PAN-OS 10.0.1, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2021-01-13T17:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3031","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2021-01-13T00:00:00","dateReserved":"2021-01-13T00:00:00","dateUpdated":"2021-01-19T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Information exposure in Ethernet data frame construction (Etherleak)","datePublic":"2021-01-13T17:00:00.000Z","providerMetadata":{"dateUpdated":"2021-01-13T18:10:13","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-5000 Series, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets.\n\nThis issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-5000 Series, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets.\n\nThis issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 version earlier than PAN-OS 8.1.18;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.12;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.5;\nAll versions of PAN-OS 8.0 and PAN-OS 7.1.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 version earlier than PAN-OS 8.1.18;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.12;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.5;\nAll versions of PAN-OS 8.0 and PAN-OS 7.1.</pre>"}]}],"x_affectedList":["PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.26","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.18","versionType":"custom"}],"platforms":["PA-200, PA-220, PA-500, PA-5000 Series, PA-800, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series"]},{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.0","status":"affected","lessThan":"9.0.12","versionType":"custom"},{"version":"9.1","status":"affected","lessThan":"9.1.5","versionType":"custom"}],"platforms":["PA-220, PA-800, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series"]},{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.0.*","status":"unaffected"},{"version":"8.1.18","status":"unaffected","lessThan":"8.1*","versionType":"custom"},{"version":"9.0.12","status":"unaffected","lessThan":"9.0*","versionType":"custom"},{"version":"9.1.5","status":"unaffected","lessThan":"9.1*","versionType":"custom"}]},{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1.*","status":"affected"}],"platforms":["PA-200, PA-220, PA-500, PA-5000 Series, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series"]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2021-3031"}],"credits":[{"lang":"en","value":"This issue was found by a customer of Palo Alto Networks during a security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-200 Information Exposure","cweId":"CWE-200"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-124681"],"discovery":"USER"},"workarounds":[{"lang":"en","value":"There is no workaround to prevent the information leak in the Ethernet packets; however, restricting access to the networks mitigates the risk of this issue.","supportingMedia":{"value":"There is no workaround to prevent the information leak in the Ethernet packets; however, restricting access to the networks mitigates the risk of this issue.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.18, PAN-OS 9.0.12, PAN-OS 9.1.5, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.18, PAN-OS 9.0.12, PAN-OS 9.1.5, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2021-01-13T17:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2021-01-14T14:44:00.000Z","lang":"eng","value":"Update affected hardware series names for compatible PAN-OS versions."},{"time":"2021-01-19T23:30:00.000Z","lang":"eng","value":"Update affected hardware series names for compatible PAN-OS versions."}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2022","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-11-11T00:00:00","dateReserved":"2020-11-11T00:00:00","dateUpdated":"2020-11-11T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Panorama session disclosure during context switch into managed device","datePublic":"2020-11-11T17:00:00.000Z","providerMetadata":{"dateUpdated":"2020-11-12T00:05:20","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacker to gain privileged access to the Panorama web interface. An attacker requires some knowledge of managed firewalls to exploit this issue.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacker to gain privileged access to the Panorama web interface. An attacker requires some knowledge of managed firewalls to exploit this issue.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.17;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.11;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.5.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.17;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.11;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.5.</pre>"}]}],"x_affectedList":["PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.0.*","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.17","versionType":"custom","changes":[{"at":"8.1.17","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.11","versionType":"custom","changes":[{"at":"9.0.11","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.5","versionType":"custom","changes":[{"at":"9.1.5","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2022"}],"credits":[{"lang":"en","value":"This issue was found by Ben Nott of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-200 Information Exposure","cweId":"CWE-200"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-125218"],"discovery":"INTERNAL"},"configurations":[{"lang":"en","value":"This issue is not applicable when custom certificate authentication is enabled between Panorama and managed firewalls. See https://docs.paloaltonetworks.com/panorama/10-0/panorama-admin/set-up-panorama/set-up-authentication-using-custom-certificates.html","supportingMedia":{"value":"This issue is not applicable when custom certificate authentication is enabled between Panorama and managed firewalls. See https://docs.paloaltonetworks.com/panorama/10-0/panorama-admin/set-up-panorama/set-up-authentication-using-custom-certificates.html","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"This issue can be completely mitigated by enabling custom certificate authentication between Panorama and managed firewalls. See https://docs.paloaltonetworks.com/panorama/10-0/panorama-admin/set-up-panorama/set-up-authentication-using-custom-certificates.html","supportingMedia":{"value":"This issue can be completely mitigated by enabling custom certificate authentication between Panorama and managed firewalls. See https://docs.paloaltonetworks.com/panorama/10-0/panorama-admin/set-up-panorama/set-up-authentication-using-custom-certificates.html","type":"text/html","base64":false}},{"lang":"en","value":"This issue impacts the management web interface of appliances running PAN-OS software and is strongly mitigated by following best practices for securing the interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com/best-practices"}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.17, PAN-OS 9.0.11, PAN-OS 9.1.5, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.17, PAN-OS 9.0.11, PAN-OS 9.1.5, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-11-11T17:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2048","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-11-11T00:00:00","dateReserved":"2020-11-11T00:00:00","dateUpdated":"2020-11-11T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: System proxy passwords may be logged in clear text while viewing system state","datePublic":"2020-11-11T17:00:00.000Z","providerMetadata":{"dateUpdated":"2020-11-12T00:05:21","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.17;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.11;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.2.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.17;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.11;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.2.</pre>"}]}],"x_affectedList":["PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"10.0.*","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.17","versionType":"custom","changes":[{"at":"8.1.17","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.11","versionType":"custom","changes":[{"at":"9.0.11","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.2","versionType":"custom","changes":[{"at":"9.1.2","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2048"}],"credits":[{"lang":"en","value":"This issue was found by a customer of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.3,"baseSeverity":"LOW"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-532 Information Exposure Through Log Files","cweId":"CWE-532"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-140157"],"discovery":"USER"},"configurations":[{"lang":"en","value":"This issue is only applicable when a system proxy server is configured on the firewall. You can verify this in the management web interface: Setup -> Services -> Proxy Server.","supportingMedia":{"value":"This issue is only applicable when a system proxy server is configured on the firewall. You can verify this in the management web interface: Setup -> Services -> Proxy Server.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"This issue impacts the management web interface. You can mitigate the impact of this issue by following best practices for securing the interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue impacts the management web interface. You can mitigate the impact of this issue by following best practices for securing the interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.17, PAN-OS 9.0.11, PAN-OS 9.1.2, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.17, PAN-OS 9.0.11, PAN-OS 9.1.2, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-11-11T17:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2050","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-11-11T00:00:00","dateReserved":"2020-11-11T00:00:00","dateUpdated":"2020-11-19T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Authentication bypass vulnerability in GlobalProtect client certificate verification","datePublic":"2020-11-11T17:00:00.000Z","providerMetadata":{"dateUpdated":"2020-11-12T00:05:22","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to restricted VPN network resources when the gateway or portal is configured to rely entirely on certificate-based authentication.\n\nImpacted features that use SSL VPN with client certificate verification are:\n  GlobalProtect Gateway,\n  GlobalProtect Portal,\n  GlobalProtect Clientless VPN,\n  GlobalProtect Large Scale VPN\n\nIn configurations where client certificate verification is used in conjunction with other authentication methods, the protections added by the certificate check are ignored as a result of this issue.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to restricted VPN network resources when the gateway or portal is configured to rely entirely on certificate-based authentication.\n\nImpacted features that use SSL VPN with client certificate verification are:\n  GlobalProtect Gateway,\n  GlobalProtect Portal,\n  GlobalProtect Clientless VPN,\n  GlobalProtect Large Scale VPN\n\nIn configurations where client certificate verification is used in conjunction with other authentication methods, the protections added by the certificate check are ignored as a result of this issue.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.17;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.11;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.5;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.1.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.17;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.11;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.5;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.1.</pre>"}]}],"x_affectedList":["PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1","status":"affected","lessThan":"8.1.17","versionType":"custom","changes":[{"at":"8.1.17","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.11","versionType":"custom","changes":[{"at":"9.0.11","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.5","versionType":"custom","changes":[{"at":"9.1.5","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.1","versionType":"custom","changes":[{"at":"10.0.1","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2050"}],"credits":[{"lang":"en","value":"This issue was found by Nicholas Newsom of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":8.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-285 Improper Authorization","cweId":"CWE-285"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-146650"],"discovery":"INTERNAL"},"configurations":[{"lang":"en","value":"This issue is only applicable to PAN-OS appliances using the GlobalProtect VPN, gateway, or portal configured to allow users to authenticate with client certificate authentication.\n\nThis issue can not be exploited if client certificate authentication is not in use.\n\nOther forms of authentication are not impacted by this issue.\n","supportingMedia":{"value":"This issue is only applicable to PAN-OS appliances using the GlobalProtect VPN, gateway, or portal configured to allow users to authenticate with client certificate authentication.\n\nThis issue can not be exploited if client certificate authentication is not in use.\n\nOther forms of authentication are not impacted by this issue.\n","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Until PAN-OS software is upgraded to a fixed version, enabling signatures for Unique Threat ID 59884 on traffic destined for the GlobalProtect portal, gateway, or VPN will block attacks against CVE-2020-2050.\n\nThis issue can be mitigated by configuring GlobalProtect to require users to authenticate with their credentials. Other authentication methods are not impacted by this issue.","supportingMedia":{"value":"Until PAN-OS software is upgraded to a fixed version, enabling signatures for Unique Threat ID 59884 on traffic destined for the GlobalProtect portal, gateway, or VPN will block attacks against CVE-2020-2050.\n\nThis issue can be mitigated by configuring GlobalProtect to require users to authenticate with their credentials. Other authentication methods are not impacted by this issue.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.17, PAN-OS 9.0.11, PAN-OS 9.1.5, PAN-OS 10.0.1, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.17, PAN-OS 9.0.11, PAN-OS 9.1.5, PAN-OS 10.0.1, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-11-11T17:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2020-11-13T00:42:00.000Z","lang":"eng","value":"New workaround is available."},{"time":"2020-11-19T21:00:00.000Z","lang":"eng","value":"Updated to mention LSVPN and IPSec based VPN is not affected."}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-1999","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-11-11T00:00:00","dateReserved":"2020-11-11T00:00:00","dateUpdated":"2020-11-11T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Threat signatures are evaded by specifically crafted packets","datePublic":"2020-11-11T17:00:00.000Z","providerMetadata":{"dateUpdated":"2020-11-12T00:05:19","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to evade threat prevention signatures using specifically crafted TCP packets.\n\nThis CVE has no impact on the confidentiality and availability of PAN-OS. This issue does not let an attacker access resources blocked by firewall policies and it has no impact on the service availability. There could be an impact on the accuracy of firewall threat prevention with some signatures, but there is no impact on the integrity of other security features.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to evade threat prevention signatures using specifically crafted TCP packets.\n\nThis CVE has no impact on the confidentiality and availability of PAN-OS. This issue does not let an attacker access resources blocked by firewall policies and it has no impact on the service availability. There could be an impact on the accuracy of firewall threat prevention with some signatures, but there is no impact on the integrity of other security features.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than 8.1.17;\nPAN-OS 9.0 versions earlier than 9.0.11;\nPAN-OS 9.1 versions earlier than 9.1.5;\nAll versions of PAN-OS 7.1 and PAN-OS 8.0.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than 8.1.17;\nPAN-OS 9.0 versions earlier than 9.0.11;\nPAN-OS 9.1 versions earlier than 9.1.5;\nAll versions of PAN-OS 7.1 and PAN-OS 8.0.</pre>"}]}],"x_affectedList":["PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.26","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1.*","status":"affected"},{"version":"8.0.*","status":"affected"},{"version":"10.0.*","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.17","versionType":"custom","changes":[{"at":"8.1.17","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.11","versionType":"custom","changes":[{"at":"9.0.11","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.5","versionType":"custom","changes":[{"at":"9.1.5","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-1999"}],"credits":[{"lang":"en","value":"This issue was found by Vijay Prakash of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-754 Improper Check for Unusual or Exceptional Conditions","cweId":"CWE-754"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-145133"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"There are no known workarounds for this issue.","supportingMedia":{"value":"There are no known workarounds for this issue.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.17, PAN-OS 9.0.11, PAN-OS 9.1.5, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.17, PAN-OS 9.0.11, PAN-OS 9.1.5, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-11-11T17:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2000","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-11-11T00:00:00","dateReserved":"2020-11-11T00:00:00","dateUpdated":"2020-11-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: OS command injection and memory corruption vulnerability","datePublic":"2020-11-11T17:00:00.000Z","providerMetadata":{"dateUpdated":"2020-11-12T00:05:20","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.16;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.10;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.4;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.1.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.16;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.10;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.4;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.1.\n</pre>"}]}],"x_affectedList":["PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1","status":"affected","lessThan":"8.1.16","versionType":"custom","changes":[{"at":"8.1.16","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.10","versionType":"custom","changes":[{"at":"9.0.10","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.4","versionType":"custom","changes":[{"at":"9.1.4","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.1","versionType":"custom","changes":[{"at":"10.0.1","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2000"}],"credits":[{"lang":"en","value":"This issue was found by Nicholas Newsom of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]},{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 OS Command Injection","cweId":"CWE-78"}]},{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-121 Stack-based Buffer Overflow","cweId":"CWE-121"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-149822","PAN-150013","PAN-150170","CYR-14134","CYR-14135"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"Until PAN-OS software is upgraded to a fixed version, enabling signatures for Unique Threat ID 59888, and 59891 on a firewall protecting the management interface will block attacks against CVE-2020-2000.\n\nThis issue impacts the PAN-OS management web interface but you can mitigate the impact of this issue by following best practices for securing the interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"Until PAN-OS software is upgraded to a fixed version, enabling signatures for Unique Threat ID 59888, and 59891 on a firewall protecting the management interface will block attacks against CVE-2020-2000.\n\nThis issue impacts the PAN-OS management web interface but you can mitigate the impact of this issue by following best practices for securing the interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.16, PAN-OS 9.0.10, PAN-OS 9.1.4, PAN-OS 10.0.1, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.16, PAN-OS 9.0.10, PAN-OS 9.1.4, PAN-OS 10.0.1, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-11-11T17:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2020-11-13T00:47:00.000Z","lang":"eng","value":"Added a new workaround"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2042","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-09-09T00:00:00","dateReserved":"2020-09-09T00:00:00","dateUpdated":"2020-09-09T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Buffer overflow in the management web interface","datePublic":"2020-09-09T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-09-09T16:45:28","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges.</pre>"}]},{"lang":"en","value":"This issue impacts only PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts only PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.\n</pre>"}]}],"x_affectedList":["PAN-OS 10.0.0","PAN-OS 10.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.1.*","status":"unaffected"},{"version":"9.0.*","status":"unaffected"},{"version":"8.1.*","status":"unaffected"},{"version":"10.0","status":"affected","lessThan":"10.0.1","versionType":"custom","changes":[{"at":"10.0.1","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2042"}],"credits":[{"lang":"en","value":"This issue was found by Nicholas Newsom of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-121 Stack-based Buffer Overflow","cweId":"CWE-121"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-145797","PAN-150409"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue impacts the PAN-OS management web interface but you can mitigate the impact of this issue by following best practices for securing the PAN-OS management web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue impacts the PAN-OS management web interface but you can mitigate the impact of this issue by following best practices for securing the PAN-OS management web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.\n","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.\n","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 10.0.1 and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 10.0.1 and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-09-09T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2039","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-09-09T00:00:00","dateReserved":"2020-09-09T00:00:00","dateUpdated":"2021-02-12T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload","datePublic":"2020-09-09T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-09-09T16:45:27","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. It is possible for an attacker to disrupt the availability of the management web interface by repeatedly uploading files until available disk space is exhausted.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. It is possible for an attacker to disrupt the availability of the management web interface by repeatedly uploading files until available disk space is exhausted.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.16;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.10;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.4;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.1.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.16;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.10;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.4;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.1.\n</pre>"}]}],"x_affectedList":["PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.1","status":"affected","lessThan":"9.1.4","versionType":"custom","changes":[{"at":"9.1.4","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.16","versionType":"custom","changes":[{"at":"8.1.16","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.10","versionType":"custom","changes":[{"at":"9.0.10","status":"unaffected"}]},{"version":"10.0","status":"affected","lessThan":"10.0.1","versionType":"custom","changes":[{"at":"10.0.1","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2039"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Mikhail Klyuchnikov and Nikita Abramov of Positive Technologies for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-400 Uncontrolled Resource Consumption","cweId":"CWE-400"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-148806"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"Until PAN-OS software is upgraded to a fixed version, enabling signatures for Unique Threat ID 59957 on traffic destined for the GlobalProtect portal, gateway, or VPN will block attacks against CVE-2020-2039.\n\nThis issue impacts the PAN-OS management web interface but you can mitigate the impact of this issue by following best practices for securing the PAN-OS management web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"Until PAN-OS software is upgraded to a fixed version, enabling signatures for Unique Threat ID 59957 on traffic destined for the GlobalProtect portal, gateway, or VPN will block attacks against CVE-2020-2039.\n\nThis issue impacts the PAN-OS management web interface but you can mitigate the impact of this issue by following best practices for securing the PAN-OS management web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.\n\nPalo Alto Networks is aware of publicly available information that may help construct proof of concept exploits for these issues.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.\n\nPalo Alto Networks is aware of publicly available information that may help construct proof of concept exploits for these issues.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.16, PAN-OS 9.0.10, PAN-OS 9.1.4, PAN-OS 10.0.1, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.16, PAN-OS 9.0.10, PAN-OS 9.1.4, PAN-OS 10.0.1, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-09-09T16:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2021-02-12T20:00:00.000Z","lang":"eng","value":"Updated the availability of exploitation resources"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2043","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-09-09T00:00:00","dateReserved":"2020-09-09T00:00:00","dateUpdated":"2020-09-09T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Passwords may be logged in clear text when using after-change-detail custom syslog field for config logs","datePublic":"2020-09-09T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-09-09T16:45:29","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple times in one log entry. The first instance of the sensitive field is masked but subsequent instances are left in clear text.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple times in one log entry. The first instance of the sensitive field is masked but subsequent instances are left in clear text.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.16;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.10;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.4.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.16;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.10;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.4.</pre>"}]}],"x_affectedList":["PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1","status":"affected","lessThan":"8.1.16","versionType":"custom","changes":[{"at":"8.1.16","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.10","versionType":"custom","changes":[{"at":"9.0.10","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.4","versionType":"custom","changes":[{"at":"9.1.4","status":"unaffected"}]},{"version":"10.0.0","status":"unaffected","lessThan":"10.0*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2043"}],"credits":[{"lang":"en","value":"This issue was found by a customer of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.3,"baseSeverity":"LOW"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-532 Information Exposure Through Log Files","cweId":"CWE-532"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-146837"],"discovery":"INTERNAL"},"configurations":[{"lang":"en","value":"This issue is only applicable when when the after-change-detail custom syslog field is enabled for config logs.","supportingMedia":{"value":"This issue is only applicable when when the after-change-detail custom syslog field is enabled for config logs.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"This issue requires access to PAN-OS log files generated in the system. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue requires access to PAN-OS log files generated in the system. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.16, PAN-OS 9.0.10, PAN-OS 9.1.4, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.16, PAN-OS 9.0.10, PAN-OS 9.1.4, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-09-09T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2038","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-09-09T00:00:00","dateReserved":"2020-09-09T00:00:00","dateUpdated":"2021-02-12T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: OS command injection vulnerability in the management web interface","datePublic":"2020-09-09T16:00:00.000Z","providerMetadata":{"dateUpdated":"2022-09-16T15:06:18","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 9.0 versions earlier than 9.0.10;\nPAN-OS 9.1 versions earlier than 9.1.4;\nPAN-OS 10.0 versions earlier than 10.0.1.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 9.0 versions earlier than 9.0.10;\nPAN-OS 9.1 versions earlier than 9.1.4;\nPAN-OS 10.0 versions earlier than 10.0.1.</pre>"}]}],"x_affectedList":["PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1.*","status":"unaffected"},{"version":"10.0","status":"affected","lessThan":"10.0.1","versionType":"custom","changes":[{"at":"10.0.1","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.10","versionType":"custom","changes":[{"at":"9.0.10","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.4","versionType":"custom","changes":[{"at":"9.1.4","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2038"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Mikhail Klyuchnikov and Nikita Abramov of Positive Technologies for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 OS Command Injection","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-101484"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"Until PAN-OS software is upgraded to a fixed version, enabling signatures for Unique Threat ID 59954 on traffic destined for the GlobalProtect portal, gateway, or VPN will block attacks against CVE-2020-2038.\n\nThis issue impacts the PAN-OS management web interface but you can mitigate the impact of this issue by following best practices for securing the PAN-OS management web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"Until PAN-OS software is upgraded to a fixed version, enabling signatures for Unique Threat ID 59954 on traffic destined for the GlobalProtect portal, gateway, or VPN will block attacks against CVE-2020-2038.\n\nThis issue impacts the PAN-OS management web interface but you can mitigate the impact of this issue by following best practices for securing the PAN-OS management web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.\n\nPalo Alto Networks is aware of publicly available information that may help construct proof of concept exploits for these issues.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.\n\nPalo Alto Networks is aware of publicly available information that may help construct proof of concept exploits for these issues.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 9.0.10, PAN-OS 9.1.4, PAN-OS 10.0.1, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 9.0.10, PAN-OS 9.1.4, PAN-OS 10.0.1, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2021-02-12T20:00:00.000Z","lang":"eng","value":"Updated the availability of exploitation resources"},{"time":"2020-09-09T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2044","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-09-09T00:00:00","dateReserved":"2020-09-09T00:00:00","dateUpdated":"2020-09-09T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history","datePublic":"2020-09-09T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-09-09T16:45:30","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command (op-command) usage but did not mask all sensitive information.\n\nThe opcmdhistory.log file is removed in PAN-OS 9.1 and later PAN-OS versions. Command usage is recorded, instead, in the req_stats.log file in PAN-OS 9.1 and later PAN-OS versions.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command (op-command) usage but did not mask all sensitive information.\n\nThe opcmdhistory.log file is removed in PAN-OS 9.1 and later PAN-OS versions. Command usage is recorded, instead, in the req_stats.log file in PAN-OS 9.1 and later PAN-OS versions.\n</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.16;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.10;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.3.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.16;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.10;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.3.</pre>"}]}],"x_affectedList":["PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.16","versionType":"custom","changes":[{"at":"8.1.16","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.10","versionType":"custom","changes":[{"at":"9.0.10","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.3","versionType":"custom","changes":[{"at":"9.1.3","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2044"}],"credits":[{"lang":"en","value":"This issue was found by Yamata Li of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.3,"baseSeverity":"LOW"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-532 Information Exposure Through Log Files","cweId":"CWE-532"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-135262"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue requires access to PAN-OS log files generated in the system. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue requires access to PAN-OS log files generated in the system. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.16, PAN-OS 9.0.10, PAN-OS 9.1.3, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.16, PAN-OS 9.0.10, PAN-OS 9.1.3, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-09-09T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2037","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-09-09T00:00:00","dateReserved":"2020-09-09T00:00:00","dateUpdated":"2021-02-12T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: OS command injection vulnerability in the management web interface","datePublic":"2020-09-09T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-09-09T16:45:26","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.16;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.10;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.3.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.16;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.10;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.3.</pre>"}]}],"x_affectedList":["PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1","status":"affected","lessThan":"8.1.16","versionType":"custom","changes":[{"at":"8.1.16","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.10","versionType":"custom","changes":[{"at":"9.0.10","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.3","versionType":"custom","changes":[{"at":"9.1.3","status":"unaffected"}]},{"version":"10.0.0","status":"unaffected","lessThan":"10.0*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2037"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Mikhail Klyuchnikov of Positive Technologies, and Nicholas Newsom of Palo Alto Networks for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 OS Command Injection","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-128761"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"Until PAN-OS software is upgraded to a fixed version, enabling signatures for Unique Threat ID 59971 on traffic destined for the GlobalProtect portal, gateway, or VPN will block attacks against CVE-2020-2037.\n\nThis issue impacts the PAN-OS management web interface but you can mitigate the impact of this issue by following best practices for securing the PAN-OS management web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"Until PAN-OS software is upgraded to a fixed version, enabling signatures for Unique Threat ID 59971 on traffic destined for the GlobalProtect portal, gateway, or VPN will block attacks against CVE-2020-2037.\n\nThis issue impacts the PAN-OS management web interface but you can mitigate the impact of this issue by following best practices for securing the PAN-OS management web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.\n\nPalo Alto Networks is aware of publicly available information that may help construct proof of concept exploits for these issues.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.\n\nPalo Alto Networks is aware of publicly available information that may help construct proof of concept exploits for these issues.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.16, PAN-OS 9.0.10, PAN-OS 9.1.3, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.16, PAN-OS 9.0.10, PAN-OS 9.1.3, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-09-09T16:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2021-02-12T20:00:00.000Z","lang":"eng","value":"Updated the availability of exploitation resources"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2036","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-09-09T00:00:00","dateReserved":"2020-09-09T00:00:00","dateUpdated":"2021-02-12T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface","datePublic":"2020-09-09T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-09-09T18:16:56","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.16;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.9.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.16;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.9.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.0","status":"affected","lessThan":"9.0.9","versionType":"custom","changes":[{"at":"9.0.9","status":"unaffected"}]},{"version":"9.1.0","status":"unaffected","lessThan":"9.1*","versionType":"custom"},{"version":"8.1","status":"affected","lessThan":"8.1.16","versionType":"custom","changes":[{"at":"8.1.16","status":"unaffected"}]},{"version":"10.0.0","status":"unaffected","lessThan":"10.0*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2036"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Mikhail Klyuchnikov and Nikita Abramov of Positive Technologies and Ben Nott of Palo Alto Networks for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Cross-site Scripting (XSS)","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-116720"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"Until PAN-OS software is upgraded to a fixed version, enabling signatures for Unique Threat ID 59968 on traffic destined for the GlobalProtect portal, gateway, or VPN will block attacks against CVE-2020-2036.\n\nAdministrators should use caution when they are authenticated to the firewall management web interface and not click or open links from unsolicited sources.  \n\nThis issue impacts the management web interface of PAN-OS. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management web interface. \nPlease review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"Until PAN-OS software is upgraded to a fixed version, enabling signatures for Unique Threat ID 59968 on traffic destined for the GlobalProtect portal, gateway, or VPN will block attacks against CVE-2020-2036.\n\nAdministrators should use caution when they are authenticated to the firewall management web interface and not click or open links from unsolicited sources.  \n\nThis issue impacts the management web interface of PAN-OS. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management web interface. \nPlease review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.\n\nPalo Alto Networks is aware of publicly available information that may help construct proof of concept exploits for these issues.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.\n\nPalo Alto Networks is aware of publicly available information that may help construct proof of concept exploits for these issues.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.16, PAN-OS 9.0.9, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.16, PAN-OS 9.0.9, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-09-09T16:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2021-02-12T20:00:00.000Z","lang":"eng","value":"Updated the availability of exploitation resources"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2040","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-09-09T00:00:00","dateReserved":"2020-09-09T00:00:00","dateUpdated":"2020-09-09T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled","datePublic":"2020-09-09T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-09-09T16:45:27","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface.\nThis issue impacts:\nAll versions of PAN-OS 8.0;\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.15;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.9;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.3.\n\nThis issue does not impact the GlobalProtect VPN or the PAN-OS management web interfaces.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface.\nThis issue impacts:\nAll versions of PAN-OS 8.0;\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.15;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.9;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.3.\n\nThis issue does not impact the GlobalProtect VPN or the PAN-OS management web interfaces.</pre>"}]}],"x_affectedList":["PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"9.0","status":"affected","lessThan":"9.0.9","versionType":"custom","changes":[{"at":"9.0.9","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.3","versionType":"custom","changes":[{"at":"9.1.3","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.15","versionType":"custom","changes":[{"at":"8.1.15","status":"unaffected"}]},{"version":"10.0.0","status":"unaffected","lessThan":"10.0*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2040"}],"credits":[{"lang":"en","value":"This issue was found by Yamata Li of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-120 Buffer Overflow","cweId":"CWE-120"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-145149","PAN-145150","PAN-145151","PAN-145195"],"discovery":"INTERNAL"},"configurations":[{"lang":"en","value":"This issue is applicable only where either Captive Portal is enabled or Multi-Factor Authentication (MFA) is configured as per https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/authentication/configure-multi-factor-authentication.html","supportingMedia":{"value":"This issue is applicable only where either Captive Portal is enabled or Multi-Factor Authentication (MFA) is configured as per https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/authentication/configure-multi-factor-authentication.html","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Until PAN-OS software is upgraded to a fixed version, enabling signatures in content update version 8317 will block attacks against CVE-2020-2040.","supportingMedia":{"value":"Until PAN-OS software is upgraded to a fixed version, enabling signatures in content update version 8317 will block attacks against CVE-2020-2040.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.15, PAN-OS 9.0.9, PAN-OS 9.1.3, and all later PAN-OS versions.\n\nAll Prisma Access services are now upgraded to resolve this issue and are no longer vulnerable.\n\nPAN-OS 7.1 and 8.0 are end-of-life and are no longer covered by our Product Security Assurance policies.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.15, PAN-OS 9.0.9, PAN-OS 9.1.3, and all later PAN-OS versions.\n\nAll Prisma Access services are now upgraded to resolve this issue and are no longer vulnerable.\n\nPAN-OS 7.1 and 8.0 are end-of-life and are no longer covered by our Product Security Assurance policies.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-09-09T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2041","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-09-09T00:00:00","dateReserved":"2020-09-09T00:00:00","dateUpdated":"2020-09-09T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Management web interface denial-of-service (DoS)","datePublic":"2020-09-09T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-09-09T16:45:28","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.\n\nThis issue impacts all versions of PAN-OS 8.0, and PAN-OS 8.1 versions earlier than 8.1.16.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.\n\nThis issue impacts all versions of PAN-OS 8.0, and PAN-OS 8.1 versions earlier than 8.1.16.</pre>"}]}],"x_affectedList":["PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.0.*","status":"unaffected"},{"version":"9.1.*","status":"unaffected"},{"version":"10.0.*","status":"unaffected"},{"version":"8.0.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.16","versionType":"custom","changes":[{"at":"8.1.16","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2041"}],"credits":[{"lang":"en","value":"This issue was found by Nicholas Newsom of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-16 Configuration","cweId":"CWE-16"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-151978"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue impacts the management web interface of PAN-OS. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue impacts the management web interface of PAN-OS. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.16 and all later PAN-OS versions.\n\nPAN-OS 7.1 and PAN-OS 8.0 are end-of-life and are no longer covered by our Product Security Assurance policies.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.16 and all later PAN-OS versions.\n\nPAN-OS 7.1 and PAN-OS 8.0 are end-of-life and are no longer covered by our Product Security Assurance policies.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-09-09T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2020-2035","assignerOrgId":"00000000-0000-4000-9000-000000000000","assignerShortName":"palo_alto","dateUpdated":"2021-07-20T00:00:00.000Z","serial":1,"dateReserved":"2020-08-12T07:00:00.000Z","datePublished":"2020-08-12T07:00:00.000Z","state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000","shortName":"palo_alto","dateUpdated":"2021-06-10T19:33:00.000Z"},"title":"PAN-OS: URL filtering policy is not enforced on TLS handshakes for decrypted HTTPS sessions","datePublic":"2020-08-12T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-20","description":"CWE-20 Improper Input Validation","type":"CWE"}]}],"impacts":[{"descriptions":[{"lang":"en","value":""}]}],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"status":"affected","version":"10.1.0","versionType":"custom"},{"status":"affected","version":"10.0.0","versionType":"custom"},{"status":"affected","version":"9.1.0","versionType":"custom"},{"status":"affected","version":"9.0.0","versionType":"custom"},{"status":"affected","version":"8.1.0","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"When SSL/TLS Forward Proxy Decryption mode has been configured to decrypt the web transactions, the PAN-OS URL filtering feature inspects the HTTP Host and URL path headers for policy enforcement on the decrypted HTTPS web transactions but does not consider Server Name Indication (SNI) field within the TLS Client Hello handshake.\n\nThis allows a compromised host in a protected network to evade any security policy that uses URL filtering on a firewall configured with SSL Decryption in the Forward Proxy mode. A malicious actor can then use this technique to evade detection of communication on the TLS handshake phase between a compromised host and a remote malicious server.\n\nThis technique does not increase the risk of a host being compromised in the network. It does not impact the confidentiality or availability of a firewall. This is considered to have a low impact on the integrity of the firewall because the firewall fails to enforce a policy on certain traffic that should have been blocked.\n\nThis issue does not impact the URL filtering policy enforcement on clear text or encrypted web transactions.\n\nThis technique can be used only after a malicious actor has compromised a host in the protected network and the TLS/SSL Decryption feature is enabled for the traffic that the attacker controls.\n\nPalo Alto Networks is not aware of any malware that uses this technique to exfiltrate data.\n\nThis issue is applicable to all current versions of PAN-OS.\n\nThis issue does not impact Panorama or WF-500 appliances.\n\nThis issue does not impact PAN-OS appliances running PAN-OS 10.1 (and later versions of PAN-OS) when CTD inspection is enabled in the appliance configuration.","supportingMedia":[{"type":"text/html","base64":true,"value":"<pre>When SSL/TLS Forward Proxy Decryption mode has been configured to decrypt the web transactions, the PAN-OS URL filtering feature inspects the HTTP Host and URL path headers for policy enforcement on the decrypted HTTPS web transactions but does not consider Server Name Indication (SNI) field within the TLS Client Hello handshake.\n\nThis allows a compromised host in a protected network to evade any security policy that uses URL filtering on a firewall configured with SSL Decryption in the Forward Proxy mode. A malicious actor can then use this technique to evade detection of communication on the TLS handshake phase between a compromised host and a remote malicious server.\n\nThis technique does not increase the risk of a host being compromised in the network. It does not impact the confidentiality or availability of a firewall. This is considered to have a low impact on the integrity of the firewall because the firewall fails to enforce a policy on certain traffic that should have been blocked.\n\nThis issue does not impact the URL filtering policy enforcement on clear text or encrypted web transactions.\n\nThis technique can be used only after a malicious actor has compromised a host in the protected network and the TLS/SSL Decryption feature is enabled for the traffic that the attacker controls.\n\nPalo Alto Networks is not aware of any malware that uses this technique to exfiltrate data.\n\nThis issue is applicable to all current versions of PAN-OS.\n\nThis issue does not impact Panorama or WF-500 appliances.\n\nThis issue does not impact PAN-OS appliances running PAN-OS 10.1 (and later versions of PAN-OS) when CTD inspection is enabled in the appliance configuration.</pre>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2020-2035","tags":["x_refsource_CONFIRM"]},{"url":"https://www.mnemonic.no/blog/introducing-snicat/","tags":["x_refsource_CONFIRM"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseSeverity":"LOW","baseScore":3,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N"}}],"configurations":[{"lang":"en","value":"This URL filtering policy evasion situation is only applicable when the following conditions are true:\n\n1. A host in the network is already compromised by a malicious actor.\n\n2. The PAN-OS configuration must have the SSL/TLS Decryption Forward Proxy feature enabled for the specific traffic that the attacker controls.\n\n3. There is no other security device in the chain that performs URL Filtering or can block access to malicious URLs or IP-addresses on the encrypted SSL/TLS traffic.\n\nPAN-OS appliances running PAN-OS 10.1 (and later versions of PAN-OS) with CTD inspection enabled are not impacted by this vulnerability.","supportingMedia":[{"type":"text/html","base64":false,"value":"This URL filtering policy evasion situation is only applicable when the following conditions are true:\n\n1. A host in the network is already compromised by a malicious actor.\n\n2. The PAN-OS configuration must have the SSL/TLS Decryption Forward Proxy feature enabled for the specific traffic that the attacker controls.\n\n3. There is no other security device in the chain that performs URL Filtering or can block access to malicious URLs or IP-addresses on the encrypted SSL/TLS traffic.\n\nPAN-OS appliances running PAN-OS 10.1 (and later versions of PAN-OS) with CTD inspection enabled are not impacted by this vulnerability."}]}],"workarounds":[{"lang":"en","value":"Customers concerned about the risk described in this advisory are encouraged to review the KB article https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008V4J for more information on background and mitigation options. To enforce URL filtering policy on TLS handshakes for decrypted HTTPS sessions, we suggest you use any one of the following workarounds:\n\n1. Route outbound traffic between two virtual systems (vsys) on PAN-OS firewalls that have vsys capability and perform URL Filtering on one vsys and perform SSL/TLS Decryption on the other vsys.\n\n2. Add two additional Security Zones and route outbound traffic between the two zones so that you can apply both \"Decrypt\" and \"No Decrypt\" Decryption policy rules. For example, configure your next-generation firewall so that traffic travels from the Inside zone to the Internal-DMZ zone where you applied a “No Decrypt” rule along with URL Filtering and then the traffic passes to the External-DMZ zone and from External-DMZ to the Internet zone where you applied a \"Decrypt\" rule. Be aware that this workaround configuration may significantly increase the load on your firewall.\n\n3. Use the additional security device in the traffic chain. \nThe SSL/TLS Decryption and URL Filtering functions should be separated (for example, the first device is performing URL Filtering and the second device is performing SSL/TLS Decryption).\n\nThese workarounds are described in detail at https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008V4J\n\nWe recommend you use an endpoint protection solution such as the Cortex XDR agent to significantly reduce the potential risk of hosts being compromised. See https://www.paloaltonetworks.com/cortex/endpoint-protection.\n\nCaution: We recommend that you do not disable SSL/TLS Decryption as a workaround to this issue. There are additional risks associated with this action. \n","supportingMedia":[{"type":"text/html","base64":false,"value":"Customers concerned about the risk described in this advisory are encouraged to review the KB article https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008V4J for more information on background and mitigation options. To enforce URL filtering policy on TLS handshakes for decrypted HTTPS sessions, we suggest you use any one of the following workarounds:\n\n1. Route outbound traffic between two virtual systems (vsys) on PAN-OS firewalls that have vsys capability and perform URL Filtering on one vsys and perform SSL/TLS Decryption on the other vsys.\n\n2. Add two additional Security Zones and route outbound traffic between the two zones so that you can apply both \"Decrypt\" and \"No Decrypt\" Decryption policy rules. For example, configure your next-generation firewall so that traffic travels from the Inside zone to the Internal-DMZ zone where you applied a “No Decrypt” rule along with URL Filtering and then the traffic passes to the External-DMZ zone and from External-DMZ to the Internet zone where you applied a \"Decrypt\" rule. Be aware that this workaround configuration may significantly increase the load on your firewall.\n\n3. Use the additional security device in the traffic chain. \nThe SSL/TLS Decryption and URL Filtering functions should be separated (for example, the first device is performing URL Filtering and the second device is performing SSL/TLS Decryption).\n\nThese workarounds are described in detail at https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008V4J\n\nWe recommend you use an endpoint protection solution such as the Cortex XDR agent to significantly reduce the potential risk of hosts being compromised. See https://www.paloaltonetworks.com/cortex/endpoint-protection.\n\nCaution: We recommend that you do not disable SSL/TLS Decryption as a workaround to this issue. There are additional risks associated with this action. \n"}]}],"solutions":[{"lang":"en","value":"Palo Alto Networks is currently working to improve our inspection engines by adding a URL filtering policy check on both the TLS SNI field and the HTTP Host and URL headers for decrypted HTTPS transactions.\n\nIf your appliance is using PAN-OS 10.1 (or a later version of PAN-OS), enabling CTD inspection removes the security impact of this issue.\n\nYou can enable CTD inspection from the CLI with the following command:\nset deviceconfig setting ssl-decrypt scan-handshake yes\n\nYou can enable CTD inspection from the web management interface through the following menu:\nDevice > Setup > Session > Decryption Settings > SSL Decryption Settings > Send handshake messages to CTD for inspection\n\nIf using other impacted PAN-OS appliances, or unable to enable CTD inspection in appliances using PAN-OS 10.1 (or later versions of PAN-OS), apply any of the workarounds to completely mitigate the risk of evasion.\n\nThere are currently no other PAN-OS updates available for this issue.\n\n","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is currently working to improve our inspection engines by adding a URL filtering policy check on both the TLS SNI field and the HTTP Host and URL headers for decrypted HTTPS transactions.\n\nIf your appliance is using PAN-OS 10.1 (or a later version of PAN-OS), enabling CTD inspection removes the security impact of this issue.\n\nYou can enable CTD inspection from the CLI with the following command:\nset deviceconfig setting ssl-decrypt scan-handshake yes\n\nYou can enable CTD inspection from the web management interface through the following menu:\nDevice > Setup > Session > Decryption Settings > SSL Decryption Settings > Send handshake messages to CTD for inspection\n\nIf using other impacted PAN-OS appliances, or unable to enable CTD inspection in appliances using PAN-OS 10.1 (or later versions of PAN-OS), apply any of the workarounds to completely mitigate the risk of evasion.\n\nThere are currently no other PAN-OS updates available for this issue.\n\n"}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malware that uses this technique to exfiltrate data.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malware that uses this technique to exfiltrate data."}]}],"timeline":[{"time":"2021-07-20T16:00:00.000Z","lang":"eng","value":"Updated solution to include enabling CTD inspection for PAN-OS 10.1 appliances"},{"time":"2021-06-09T16:00:00.000Z","lang":"eng","value":"Updated impacted versions to include PAN-OS 10.1"},{"time":"2021-03-03T17:00:00.000Z","lang":"eng","value":"Added clarification that Panorama and WF-500 appliances are not impacted"},{"time":"2020-08-12T16:00:00.000Z","lang":"eng","value":"Initial publication"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Morten Marstrander and Matteo Malvica from mnemonic AS for discovering and reporting this issue.","type":"finder"}],"source":{"defect":["PAN-140086"],"discovery":"EXTERNAL"},"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"x_affectedList":["PAN-OS 10.1","PAN-OS 10.0.11-h1","PAN-OS 10.0.11","PAN-OS 10.0.10","PAN-OS 10.0.9","PAN-OS 10.0.8-h8","PAN-OS 10.0.8-h7","PAN-OS 10.0.8-h6","PAN-OS 10.0.8-h5","PAN-OS 10.0.8-h4","PAN-OS 10.0.8-h3","PAN-OS 10.0.8-h2","PAN-OS 10.0.8-h1","PAN-OS 10.0.8","PAN-OS 10.0.7","PAN-OS 10.0.6","PAN-OS 10.0.5","PAN-OS 10.0.4","PAN-OS 10.0.3","PAN-OS 10.0.2","PAN-OS 10.0.1","PAN-OS 10.0.0","PAN-OS 10.0","PAN-OS 9.1.14-h4","PAN-OS 9.1.14-h3","PAN-OS 9.1.14-h2","PAN-OS 9.1.14-h1","PAN-OS 9.1.14","PAN-OS 9.1.13-h3","PAN-OS 9.1.13-h2","PAN-OS 9.1.13-h1","PAN-OS 9.1.13","PAN-OS 9.1.12-h3","PAN-OS 9.1.12-h2","PAN-OS 9.1.12-h1","PAN-OS 9.1.12","PAN-OS 9.1.11-h3","PAN-OS 9.1.11-h2","PAN-OS 9.1.11-h1","PAN-OS 9.1.11","PAN-OS 9.1.10","PAN-OS 9.1.9","PAN-OS 9.1.8","PAN-OS 9.1.7","PAN-OS 9.1.6","PAN-OS 9.1.5","PAN-OS 9.1.4","PAN-OS 9.1.3-h1","PAN-OS 9.1.3","PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.16-h3","PAN-OS 9.0.16-h2","PAN-OS 9.0.16-h1","PAN-OS 9.0.16","PAN-OS 9.0.15","PAN-OS 9.0.14-h4","PAN-OS 9.0.14-h3","PAN-OS 9.0.14-h2","PAN-OS 9.0.14-h1","PAN-OS 9.0.14","PAN-OS 9.0.13","PAN-OS 9.0.12","PAN-OS 9.0.11","PAN-OS 9.0.10","PAN-OS 9.0.9-h1","PAN-OS 9.0.9","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.23-h1","PAN-OS 8.1.23","PAN-OS 8.1.22","PAN-OS 8.1.21-h1","PAN-OS 8.1.21","PAN-OS 8.1.20-h1","PAN-OS 8.1.20","PAN-OS 8.1.19","PAN-OS 8.1.18","PAN-OS 8.1.17","PAN-OS 8.1.16","PAN-OS 8.1.15-h3","PAN-OS 8.1.15-h2","PAN-OS 8.1.15-h1","PAN-OS 8.1.15","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2031","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-07-08T00:00:00","dateReserved":"2020-07-08T00:00:00","dateUpdated":"2020-07-08T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Integer underflow in the management interface","datePublic":"2020-07-08T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-07-08T16:35:17","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrators to issue a command from the command line interface that causes the component to stop responding. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrators to issue a command from the command line interface that causes the component to stop responding. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.</pre>"}]},{"lang":"en","value":"This issue impacts:\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.3.\n\nThis issue does not impact PAN-OS 8.1, PAN-OS 9.0, or Prisma Access services.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts:\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.3.\n\nThis issue does not impact PAN-OS 8.1, PAN-OS 9.0, or Prisma Access services.</pre>"}]}],"x_affectedList":["PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.0.*","status":"unaffected"},{"version":"8.1.*","status":"unaffected"},{"version":"9.1","status":"affected","lessThan":"9.1.3","versionType":"custom","changes":[{"at":"9.1.3","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2031"}],"credits":[{"lang":"en","value":"This issue was discovered by Jin Chen of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":4.9,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-191 Integer Underflow (Wrap or Wraparound)","cweId":"CWE-191"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-100000"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue impacts the PAN-OS management interface but you can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue impacts the PAN-OS management interface but you can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 9.1.3 and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 9.1.3 and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-07-08T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2034","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-07-08T00:00:00","dateReserved":"2020-07-08T00:00:00","dateUpdated":"2020-07-10T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: OS command injection vulnerability in GlobalProtect portal","datePublic":"2020-07-08T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-07-08T16:35:17","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network-based attacker to execute arbitrary OS commands with root privileges. An attacker would require some level of specific information about the configuration of an impacted firewall or perform brute-force attacks to exploit this issue. This issue cannot be exploited if the GlobalProtect portal feature is not enabled.\nThis issue impacts PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; all versions of PAN-OS 8.0 and PAN-OS 7.1.\nPrisma Access services are not impacted by this vulnerability. Firewalls that were upgraded to the latest versions of PAN-OS to resolve CVE-2020-2021 are not vulnerable to this issue.\nPalo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network-based attacker to execute arbitrary OS commands with root privileges. An attacker would require some level of specific information about the configuration of an impacted firewall or perform brute-force attacks to exploit this issue. This issue cannot be exploited if the GlobalProtect portal feature is not enabled.\nThis issue impacts PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; all versions of PAN-OS 8.0 and PAN-OS 7.1.\nPrisma Access services are not impacted by this vulnerability. Firewalls that were upgraded to the latest versions of PAN-OS to resolve CVE-2020-2021 are not vulnerable to this issue.\nPalo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.\n</pre>"}]}],"x_affectedList":["PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.26","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"7.1.*","status":"affected"},{"version":"9.1","status":"affected","lessThan":"9.1.3","versionType":"custom","changes":[{"at":"9.1.3","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.9","versionType":"custom","changes":[{"at":"9.0.9","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.15","versionType":"custom","changes":[{"at":"8.1.15","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2034"}],"credits":[{"lang":"en","value":"This issue was found by Yamata Li of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 OS Command Injection","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-145587"],"discovery":"INTERNAL"},"configurations":[{"lang":"en","value":"This issue is applicable only where GlobalProtect portal is enabled.","supportingMedia":{"value":"This issue is applicable only where GlobalProtect portal is enabled.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Until PAN-OS software is upgraded to a fixed version, enabling signatures for Unique Threat ID 58658 on traffic destined for the GlobalProtect portal will block attacks against CVE-2020-2034.","supportingMedia":{"value":"Until PAN-OS software is upgraded to a fixed version, enabling signatures for Unique Threat ID 58658 on traffic destined for the GlobalProtect portal will block attacks against CVE-2020-2034.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.15, PAN-OS 9.0.9, PAN-OS 9.1.3, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.15, PAN-OS 9.0.9, PAN-OS 9.1.3, and all later PAN-OS versions.","type":"text/html","base64":false}},{"lang":"en","value":"PAN-OS 7.1 and PAN-OS 8.0 are end-of-life (as of June 30, 2020 and October 31, 2019 respectively) and are no longer covered by our Product Security Assurance policies."}],"timeline":[{"time":"2020-07-08T16:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2020-07-10T06:07:00.000Z","lang":"eng","value":"Updated workaround section with Threat Prevention signature."}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2030","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-07-08T00:00:00","dateReserved":"2020-07-08T00:00:00","dateUpdated":"2020-07-08T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: OS command injection vulnerability in the management interface","datePublic":"2020-07-08T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-07-08T16:35:16","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.</pre>"}]},{"lang":"en","value":"This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; and all versions of PAN-OS 7.1 and PAN-OS 8.0.\n\nThis issue does not impact PAN-OS 9.0, PAN-OS 9.1, or Prisma Access services.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; and all versions of PAN-OS 7.1 and PAN-OS 8.0.\n\nThis issue does not impact PAN-OS 9.0, PAN-OS 9.1, or Prisma Access services.</pre>"}]}],"x_affectedList":["PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.26","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"7.1.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.15","versionType":"custom","changes":[{"at":"8.1.15","status":"unaffected"}]},{"version":"9.0.0","status":"unaffected","lessThan":"9.0*","versionType":"custom"},{"version":"9.1.0","status":"unaffected","lessThan":"9.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2030"}],"credits":[{"lang":"en","value":"This issue was found by Jin Chen of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 OS Command Injection","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-100226","PAN-102677"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue impacts the PAN-OS management interface but you can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue impacts the PAN-OS management interface but you can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.15 and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.15 and all later PAN-OS versions.","type":"text/html","base64":false}},{"lang":"en","value":"PAN-OS 7.1 and PAN-OS 8.0 are end-of-life (as of June 30, 2020 and October 31, 2019 respectively) and are no longer covered by our Product Security Assurance policies."}],"timeline":[{"time":"2020-07-08T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2020-1982","assignerOrgId":"00000000-0000-4000-9000-000000000000","assignerShortName":"palo_alto","dateUpdated":"2023-05-10T00:00:00.000Z","serial":1,"dateReserved":"2020-07-08T07:00:00.000Z","datePublished":"2020-07-08T07:00:00.000Z","state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000","shortName":"palo_alto","dateUpdated":"2020-07-08T23:35:00.000Z"},"title":"PAN-OS: TLS 1.0 usage for certain communications with Palo Alto Networks cloud delivered services","datePublic":"2020-07-08T16:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-326","description":"CWE-326 Inadequate Encryption Strength","type":"CWE"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"status":"affected","version":"8.0.0","versionType":"custom"},{"status":"unaffected","version":"7.1.0","versionType":"custom"},{"status":"affected","version":"9.1.0","lessThan":"9.1.3","changes":[{"at":"9.1.3","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"9.0.0","lessThan":"9.0.9","changes":[{"at":"9.0.9","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"8.1.0","lessThan":"8.1.14","changes":[{"at":"8.1.14","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol.\n\nThese cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure.\n\nConditions required for exploitation of known TLS 1.0 weaknesses do not exist for the communication between PAN-OS and cloud-delivered services. We do not believe that any communication is impacted as a result of known attacks against TLS 1.0.\n","supportingMedia":[{"type":"text/html","base64":true,"value":"<pre>Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol.\n\nThese cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure.\n\nConditions required for exploitation of known TLS 1.0 weaknesses do not exist for the communication between PAN-OS and cloud-delivered services. We do not believe that any communication is impacted as a result of known attacks against TLS 1.0.\n</pre>"}]},{"lang":"en","value":"This issue impacts:\nAll versions of PAN-OS 8.0;\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.14;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.9;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.3.\n\nPAN-OS 7.1 is not impacted by this issue.","supportingMedia":[{"type":"text/html","base64":true,"value":"<pre>This issue impacts:\nAll versions of PAN-OS 8.0;\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.14;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.9;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.3.\n\nPAN-OS 7.1 is not impacted by this issue.</pre>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2020-1982","tags":["x_refsource_CONFIRM"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseSeverity":"MEDIUM","baseScore":4.8,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}}],"workarounds":[{"lang":"en","value":"Since TLS 1.0 weaknesses are exploited by the man-in-the-middle type of attackers, ensuring security of the networks reduces risks of exploitation of these issues.","supportingMedia":[{"type":"text/html","base64":false,"value":"Since TLS 1.0 weaknesses are exploited by the man-in-the-middle type of attackers, ensuring security of the networks reduces risks of exploitation of these issues."}]}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.9, PAN-OS 9.1.3, and all later PAN-OS versions.\n\nWe intend to end support for TLS 1.0 in our cloud service endpoints on November 8, 2023. You must upgrade to PAN-OS 8.1.14, PAN-OS 9.0.9, PAN-OS 9.1.3, or later PAN-OS versions to continue uninterrupted access to cloud-delivered services and updates.\n\nPAN-OS 7.1 and PAN-OS 8.0 are end-of-life (as of June 30, 2020 and October 31, 2019 respectively) and are no longer covered by our Product Security Assurance policies.","supportingMedia":[{"type":"text/html","base64":false,"value":"This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.9, PAN-OS 9.1.3, and all later PAN-OS versions.\n\nWe intend to end support for TLS 1.0 in our cloud service endpoints on November 8, 2023. You must upgrade to PAN-OS 8.1.14, PAN-OS 9.0.9, PAN-OS 9.1.3, or later PAN-OS versions to continue uninterrupted access to cloud-delivered services and updates.\n\nPAN-OS 7.1 and PAN-OS 8.0 are end-of-life (as of June 30, 2020 and October 31, 2019 respectively) and are no longer covered by our Product Security Assurance policies."}]}],"exploits":[{"lang":"en","value":"Conditions required for exploitation of known TLS 1.0 weaknesses do not exist for the communication between PAN-OS and cloud delivered services. Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Conditions required for exploitation of known TLS 1.0 weaknesses do not exist for the communication between PAN-OS and cloud delivered services. Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"timeline":[{"time":"2023-05-10T16:00:00.000Z","lang":"eng","value":"Notice that TLS 1.0 compatibility is ending November 8, 2023 for cloud service endpoints"},{"time":"2020-07-08T16:00:00.000Z","lang":"eng","value":"Initial publication"}],"credits":[{"lang":"en","value":"This issue was found by a customer.","type":"finder"}],"source":{"defect":["PAN-141122","PAN-141579"],"discovery":"USER"},"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"x_affectedList":["PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2021","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-06-29T00:00:00","dateReserved":"2020-06-29T00:00:00","dateUpdated":"2020-06-29T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Authentication Bypass in SAML Authentication","datePublic":"2020-06-29T15:00:00.000Z","providerMetadata":{"dateUpdated":"2020-06-29T15:10:11","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability.\n\nThis issue affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0 (EOL). This issue does not affect PAN-OS 7.1.\n\nThis issue cannot be exploited if SAML is not used for authentication. \n\nThis issue cannot be exploited if the 'Validate Identity Provider Certificate' option is enabled (checked) in the SAML Identity Provider Server Profile.\n\nResources that can be protected by SAML-based single sign-on (SSO) authentication are: \n  GlobalProtect Gateway,\n  GlobalProtect Portal,\n  GlobalProtect Clientless VPN,\n  Authentication and Captive Portal,\n  PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces,\n  Prisma Access\n\nIn the case of GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, and Prisma Access, an unauthenticated attacker with network access to the affected servers can gain access to protected resources if allowed by configured authentication and Security policies. There is no impact on the integrity and availability of the gateway, portal, or VPN server. An attacker cannot inspect or tamper with sessions of regular users. In the worst case, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N).\n\nIn the case of PAN-OS and Panorama web interfaces, this issue allows an unauthenticated attacker with network access to the PAN-OS or Panorama web interfaces to log in as an administrator and perform administrative actions. In the worst-case scenario, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). If the web interfaces are only accessible to a restricted management network, then the issue is lowered to a CVSS Base Score of 9.6 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).\n\nPalo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability.\n\nThis issue affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0 (EOL). This issue does not affect PAN-OS 7.1.\n\nThis issue cannot be exploited if SAML is not used for authentication. \n\nThis issue cannot be exploited if the 'Validate Identity Provider Certificate' option is enabled (checked) in the SAML Identity Provider Server Profile.\n\nResources that can be protected by SAML-based single sign-on (SSO) authentication are: \n  GlobalProtect Gateway,\n  GlobalProtect Portal,\n  GlobalProtect Clientless VPN,\n  Authentication and Captive Portal,\n  PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces,\n  Prisma Access\n\nIn the case of GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, and Prisma Access, an unauthenticated attacker with network access to the affected servers can gain access to protected resources if allowed by configured authentication and Security policies. There is no impact on the integrity and availability of the gateway, portal, or VPN server. An attacker cannot inspect or tamper with sessions of regular users. In the worst case, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N).\n\nIn the case of PAN-OS and Panorama web interfaces, this issue allows an unauthenticated attacker with network access to the PAN-OS or Panorama web interfaces to log in as an administrator and perform administrative actions. In the worst-case scenario, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). If the web interfaces are only accessible to a restricted management network, then the issue is lowered to a CVSS Base Score of 9.6 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).\n\nPalo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.\n</pre>"}]}],"x_affectedList":["PAN-OS 9.1.2-h1","PAN-OS 9.1.2","PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.14-h2","PAN-OS 8.1.14-h1","PAN-OS 8.1.14","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1.*","status":"unaffected"},{"version":"8.0.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.15","versionType":"custom","changes":[{"at":"8.1.15","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.9","versionType":"custom","changes":[{"at":"9.0.9","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.3","versionType":"custom","changes":[{"at":"9.1.3","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2021"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Salman Khan from the Cyber Risk and Resilience Team and Cameron Duck from the Identity Services Team at Monash University for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":10,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-347 Improper Verification of Cryptographic Signature","cweId":"CWE-347"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-148988"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This issue is applicable only where SAML authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked) in the SAML Identity Provider Server Profile.\nThis issue cannot be exploited if SAML is not used for authentication.\nThis issue cannot be exploited if the 'Validate Identity Provider Certificate' option is enabled in the SAML Identity Provider Server Profile.\nDetailed descriptions of how to check for the configuration required for exposure and mitigate them are listed in the knowledge base article https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UXK.\nTo check whether SAML authentication is enabled on a firewall, see the configuration under Device > Server Profiles > SAML Identity Provider.\nTo check whether SAML authentication is enabled for Panorama administrator authentication, see the configuration under Panorama> Server Profiles > SAML Identity Provider\nTo check whether SAML authentication is enabled for firewalls managed by Panorama, see the configuration under Device > [template]> Server Profiles > SAML Identity Provider.\nAny unauthorized access is logged in the system logs based on the configuration; however, it can be difficult to distinguish between valid and malicious logins or sessions.\n","supportingMedia":{"value":"This issue is applicable only where SAML authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked) in the SAML Identity Provider Server Profile.\nThis issue cannot be exploited if SAML is not used for authentication.\nThis issue cannot be exploited if the 'Validate Identity Provider Certificate' option is enabled in the SAML Identity Provider Server Profile.\nDetailed descriptions of how to check for the configuration required for exposure and mitigate them are listed in the knowledge base article https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UXK.\nTo check whether SAML authentication is enabled on a firewall, see the configuration under Device > Server Profiles > SAML Identity Provider.\nTo check whether SAML authentication is enabled for Panorama administrator authentication, see the configuration under Panorama> Server Profiles > SAML Identity Provider\nTo check whether SAML authentication is enabled for firewalls managed by Panorama, see the configuration under Device > [template]> Server Profiles > SAML Identity Provider.\nAny unauthorized access is logged in the system logs based on the configuration; however, it can be difficult to distinguish between valid and malicious logins or sessions.\n","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Using a different authentication method and disabling SAML authentication will completely mitigate the issue.\nUntil an upgrade can be performed, applying both these mitigations (a) and (b) eliminates the configuration required for exposure to this vulnerability:\n\n(a) Ensure that the 'Identity Provider Certificate' is configured. Configuring the 'Identity Provider Certificate' is an essential part of a secure SAML authentication configuration.\n\n(b) If the identity provider (IdP) certificate is a certificate authority (CA) signed certificate, then ensure that the 'Validate Identity Provider Certificate' option is enabled in the SAML Identity Provider Server Profile. Many popular IdPs  generate self-signed IdP certificates by default and the 'Validate Identity Provider Certificate' option cannot be enabled. Additional steps may be required to use a certificate signed by a CA. This certificate can be signed by an internal enterprise CA, the CA on the PAN-OS, or a public CA. Instructions to configure a CA-issued certificate on IdPs are available at https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UXP.\n\nUpgrading to a fixed version of PAN-OS software prevents any future configuration changes related to SAML that inadvertently expose protected services to attacks.\n","supportingMedia":{"value":"Using a different authentication method and disabling SAML authentication will completely mitigate the issue.\nUntil an upgrade can be performed, applying both these mitigations (a) and (b) eliminates the configuration required for exposure to this vulnerability:\n\n(a) Ensure that the 'Identity Provider Certificate' is configured. Configuring the 'Identity Provider Certificate' is an essential part of a secure SAML authentication configuration.\n\n(b) If the identity provider (IdP) certificate is a certificate authority (CA) signed certificate, then ensure that the 'Validate Identity Provider Certificate' option is enabled in the SAML Identity Provider Server Profile. Many popular IdPs  generate self-signed IdP certificates by default and the 'Validate Identity Provider Certificate' option cannot be enabled. Additional steps may be required to use a certificate signed by a CA. This certificate can be signed by an internal enterprise CA, the CA on the PAN-OS, or a public CA. Instructions to configure a CA-issued certificate on IdPs are available at https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UXP.\n\nUpgrading to a fixed version of PAN-OS software prevents any future configuration changes related to SAML that inadvertently expose protected services to attacks.\n","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.\n","supportingMedia":{"value":"Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.\n","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.15, PAN-OS 9.0.9, PAN-OS 9.1.3, and all later versions.\n\nImportant: Ensure that the signing certificate for your SAML Identity Provider is configured as the 'Identity Provider Certificate' before you upgrade to a fixed version to ensure that your users can continue to authenticate successfully. Configuring the 'Identity Provider Certificate' is an essential part of a secure SAML authentication configuration. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/authentication/configure-saml-authentication\n\nDetails of all actions required before and after upgrading PAN-OS are available in https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UXK. \n\nTo eliminate unauthorized sessions on GlobalProtect portals and gateways, Prisma Access managed through Panorama, change the certificate used to encrypt and decrypt the Authentication Override cookie on the GlobalProtect portal and gateways using the Panorama or firewall web interface. Refer to this article for configuring Authentication override cookies: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UXy\n\nRestarting firewalls and Panorama eliminates any unauthorized sessions on the web interface.\nTo clear any unauthorized user sessions in Captive Portal take the following steps: \nRun the following command \n    show user ip-user-mapping all type SSO\nFor all the IPs returned, run these two commands to clear the users:\n    clear user-cache-mp <above ips>\n    clear user-cache <above ips>\nPAN-OS 8.0 is end-of-life (as of October 31, 2019) and is no longer covered by our Product Security Assurance policies.\nAll Prisma Access services have been upgraded to resolve this issue and are no longer vulnerable. Prisma Access customers do not require any changes to SAML or IdP configurations.\n","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.15, PAN-OS 9.0.9, PAN-OS 9.1.3, and all later versions.\n\nImportant: Ensure that the signing certificate for your SAML Identity Provider is configured as the 'Identity Provider Certificate' before you upgrade to a fixed version to ensure that your users can continue to authenticate successfully. Configuring the 'Identity Provider Certificate' is an essential part of a secure SAML authentication configuration. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/authentication/configure-saml-authentication\n\nDetails of all actions required before and after upgrading PAN-OS are available in https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UXK. \n\nTo eliminate unauthorized sessions on GlobalProtect portals and gateways, Prisma Access managed through Panorama, change the certificate used to encrypt and decrypt the Authentication Override cookie on the GlobalProtect portal and gateways using the Panorama or firewall web interface. Refer to this article for configuring Authentication override cookies: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UXy\n\nRestarting firewalls and Panorama eliminates any unauthorized sessions on the web interface.\nTo clear any unauthorized user sessions in Captive Portal take the following steps: \nRun the following command \n    show user ip-user-mapping all type SSO\nFor all the IPs returned, run these two commands to clear the users:\n    clear user-cache-mp <above ips>\n    clear user-cache <above ips>\nPAN-OS 8.0 is end-of-life (as of October 31, 2019) and is no longer covered by our Product Security Assurance policies.\nAll Prisma Access services have been upgraded to resolve this issue and are no longer vulnerable. Prisma Access customers do not require any changes to SAML or IdP configurations.\n","type":"text/html","base64":false}}],"timeline":[{"time":"2020-06-29T15:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2027","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-06-10T00:00:00","dateReserved":"2020-06-10T00:00:00","dateUpdated":"2020-06-10T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Buffer overflow in authd authentication response","datePublic":"2020-06-10T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-06-10T17:28:15","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges.</pre>"}]},{"lang":"en","value":"This issue affects:\nAll versions of PAN-OS 7.1 and PAN-OS 8.0;\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.13;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.7.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue affects:\nAll versions of PAN-OS 7.1 and PAN-OS 8.0;\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.13;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.7.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.26","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1.*","status":"affected"},{"version":"8.0.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.13","versionType":"custom","changes":[{"at":"8.1.13","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.7","versionType":"custom","changes":[{"at":"9.0.7","status":"unaffected"}]},{"version":"9.1.0","status":"unaffected","lessThan":"9.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2027"}],"credits":[{"lang":"en","value":"This issue was found by Nicholas Newsom of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-121 Stack-based Buffer Overflow","cweId":"CWE-121"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["CYR-10833"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of PAN-OS and you can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue affects the management interface of PAN-OS and you can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.0, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.0, and all later PAN-OS versions.","type":"text/html","base64":false}},{"lang":"en","value":"PAN-OS 8.0 is end-of-life (as of October 31, 2019) and is no longer covered by our Product Security Assurance policies.\nPAN-OS 7.1 is on extended support until June 30, 2020, and we are considering updates only for critical security vulnerability fixes.\n"}],"timeline":[{"time":"2020-06-10T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2028","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-06-10T00:00:00","dateReserved":"2020-06-10T00:00:00","dateUpdated":"2020-06-10T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: OS command injection vulnerability in FIPS-CC mode certificate verification","datePublic":"2020-06-10T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-06-10T17:28:28","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode.</pre>"}]},{"lang":"en","value":"This issue affects:\nAll versions of PAN-OS 7.1 and PAN-OS 8.0;\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.13;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.7.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue affects:\nAll versions of PAN-OS 7.1 and PAN-OS 8.0;\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.13;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.7.\n</pre>"}]}],"x_affectedList":["PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.26","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1.*","status":"affected"},{"version":"8.0.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.13","versionType":"custom","changes":[{"at":"8.1.13","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.7","versionType":"custom","changes":[{"at":"9.0.7","status":"unaffected"}]},{"version":"9.1.0","status":"unaffected","lessThan":"9.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2028"}],"credits":[{"lang":"en","value":"This issue was found by Nicholas Newsom of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 OS Command Injection","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-125804"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of PAN-OS and you can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue affects the management interface of PAN-OS and you can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.0, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.0, and all later PAN-OS versions.","type":"text/html","base64":false}},{"lang":"en","value":"PAN-OS 8.0 is end-of-life (as of October 31, 2019) and is no longer covered by our Product Security Assurance policies.\nPAN-OS 7.1 is on extended support until June 30, 2020, and we are considering updates only for critical security vulnerability fixes."}],"timeline":[{"time":"2020-06-10T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2029","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-06-10T00:00:00","dateReserved":"2020-06-10T00:00:00","dateUpdated":"2020-06-10T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: OS command injection vulnerability in management interface certificate generator","datePublic":"2020-06-10T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-06-10T17:28:40","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request to generate new certificates for use in the PAN-OS configuration.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request to generate new certificates for use in the PAN-OS configuration.</pre>"}]},{"lang":"en","value":"This issue affects:\nAll versions of PAN-OS 8.0;\nPAN-OS 7.1 versions earlier than PAN-OS 7.1.26;\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.13.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue affects:\nAll versions of PAN-OS 8.0;\nPAN-OS 7.1 versions earlier than PAN-OS 7.1.26;\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.13.</pre>"}]}],"x_affectedList":["PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"7.1","status":"affected","lessThan":"7.1.26","versionType":"custom","changes":[{"at":"7.1.26","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.13","versionType":"custom","changes":[{"at":"8.1.13","status":"unaffected"}]},{"version":"9.0.0","status":"unaffected","lessThan":"9.0*","versionType":"custom"},{"version":"9.1.0","status":"unaffected","lessThan":"9.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2029"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Przemysław Kowalski of STM Solutions for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 OS Command Injection","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-124621"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of PAN-OS and you can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue affects the management interface of PAN-OS and you can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, and all later PAN-OS versions.","type":"text/html","base64":false}},{"lang":"en","value":"PAN-OS 8.0 is end-of-life (as of October 31, 2019) and is no longer covered by our Product Security Assurance policies.\nPAN-OS 7.1 is on extended support until June 30, 2020, and we are considering updates only for critical security vulnerability fixes.\n"}],"timeline":[{"time":"2020-06-10T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-1995","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Management server rasmgr denial of service","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-05-13T19:07:13","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.</pre>"}]},{"lang":"en","value":"This issue affects:\n\nPAN-OS 9.1 versions earlier than 9.1.2.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue affects:\n\nPAN-OS 9.1 versions earlier than 9.1.2.</pre>"}]}],"x_affectedList":["PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.1","status":"affected","lessThan":"9.1.2","versionType":"custom","changes":[{"at":"9.1.2","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-1995"}],"credits":[{"lang":"en","value":"This issue was found by Nicholas Newsom of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":4.9,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-476 NULL Pointer Dereference","cweId":"CWE-476"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-133527"],"discovery":"INTERNAL"},"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 9.1.2 and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 9.1.2 and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-1997","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: GlobalProtect registration open redirect","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-05-13T19:07:14","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website.</pre>"}]},{"lang":"en","value":"This issue affects:\n\nPAN-OS 7.1 versions earlier than 7.1.26;\n\nPAN-OS 8.0 versions earlier than 8.0.14.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue affects:\n\nPAN-OS 7.1 versions earlier than 7.1.26;\n\nPAN-OS 8.0 versions earlier than 8.0.14.\n</pre>"}]}],"x_affectedList":["PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1","status":"affected","lessThan":"7.1.26","versionType":"custom","changes":[{"at":"7.1.26","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThan":"8.0.14","versionType":"custom","changes":[{"at":"8.0.14","status":"unaffected"}]},{"version":"8.1.0","status":"unaffected","lessThan":"8.1*","versionType":"custom"},{"version":"9.0.0","status":"unaffected","lessThan":"9.0*","versionType":"custom"},{"version":"9.1.0","status":"unaffected","lessThan":"9.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-1997"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-601 URL Redirection to Untrusted Site ('Open Redirect')","cweId":"CWE-601"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-82052"],"discovery":"INTERNAL"},"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.0.14, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.0.14, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2012","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Panorama: XML external entity reference ('XXE') vulnerability leads the to information leak","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-06-10T17:23:19","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system.\n\nThis issue affects:\nAll versions of PAN-OS for Panorama 7.1 and 8.0;\nPAN-OS for Panorama 8.1 versions earlier than 8.1.13;\nPAN-OS for Panorama 9.0 versions earlier than 9.0.7.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system.\n\nThis issue affects:\nAll versions of PAN-OS for Panorama 7.1 and 8.0;\nPAN-OS for Panorama 8.1 versions earlier than 8.1.13;\nPAN-OS for Panorama 9.0 versions earlier than 9.0.7.\n</pre>"}]}],"x_affectedList":["PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.26","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"7.1.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.13","versionType":"custom","changes":[{"at":"8.1.13","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.7","versionType":"custom","changes":[{"at":"9.0.7","status":"unaffected"}]},{"version":"9.1.0","status":"unaffected","lessThan":"9.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2012"}],"credits":[{"lang":"en","value":"This issue was found by Ben Nott of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-611 Improper Restriction of XML External Entity Reference ('XXE')","cweId":"CWE-611"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-119810"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com","supportingMedia":{"value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2010","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Authenticated user command injection vulnerability","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-06-10T17:22:50","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges.</pre>"}]},{"lang":"en","value":"This issue affects:\nAll versions of PAN-OS 7.1 and 8.0;\nPAN-OS 8.1 versions earlier than 8.1.14;\nPAN-OS 9.0 versions earlier than 9.0.7.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue affects:\nAll versions of PAN-OS 7.1 and 8.0;\nPAN-OS 8.1 versions earlier than 8.1.14;\nPAN-OS 9.0 versions earlier than 9.0.7.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.26","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"7.1.*","status":"affected"},{"version":"9.0","status":"affected","lessThan":"9.0.7","versionType":"custom","changes":[{"at":"9.0.7","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.14","versionType":"custom","changes":[{"at":"8.1.14","status":"unaffected"}]},{"version":"9.1.0","status":"unaffected","lessThan":"9.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2010"}],"credits":[{"lang":"en","value":"This issue was discovered by Nicholas Newsom of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 OS Command Injection","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-126362"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com.","supportingMedia":{"value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.7, PAN-OS 9.1.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.7, PAN-OS 9.1.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2009","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Panorama SD WAN arbitrary file creation","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-05-13T19:07:14","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases this results in arbitrary code execution with root permissions.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases this results in arbitrary code execution with root permissions.</pre>"}]},{"lang":"en","value":"This issue affects:\n\nAll versions of PAN-OS 7.1 and 8.0;\n\nPAN-OS 8.1 versions earlier than 8.1.14;\n\nPAN-OS 9.0 versions earlier than 9.0.7.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue affects:\n\nAll versions of PAN-OS 7.1 and 8.0;\n\nPAN-OS 8.1 versions earlier than 8.1.14;\n\nPAN-OS 9.0 versions earlier than 9.0.7.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.26","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1.*","status":"affected"},{"version":"8.0.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.14","versionType":"custom","changes":[{"at":"8.1.14","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.7","versionType":"custom","changes":[{"at":"9.0.7","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2009"}],"credits":[{"lang":"en","value":"This issue was found by Nicholas Newsom and Jin Chen of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-73 External Control of File Name or Path","cweId":"CWE-73"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-130361"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com","supportingMedia":{"value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.7, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.7, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2013","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Panorama context switch session cookie disclosure","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-05-14T15:40:56","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account and further manipulate devices managed by Panorama.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account and further manipulate devices managed by Panorama.</pre>"}]},{"lang":"en","value":"This issue affects:\n\nPAN-OS 7.1 versions earlier than 7.1.26;\n\nPAN-OS 8.1 versions earlier than 8.1.13;\n\nPAN-OS 9.0 versions earlier than 9.0.6;\n\nPAN-OS 9.1 versions earlier than 9.1.1;\n\nAll version of PAN-OS 8.0;","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue affects:\n\nPAN-OS 7.1 versions earlier than 7.1.26;\n\nPAN-OS 8.1 versions earlier than 8.1.13;\n\nPAN-OS 9.0 versions earlier than 9.0.6;\n\nPAN-OS 9.1 versions earlier than 9.1.1;\n\nAll version of PAN-OS 8.0;</pre>"}]}],"x_affectedList":["PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"9.0","status":"affected","lessThan":"9.0.6","versionType":"custom","changes":[{"at":"9.0.6","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThan":"7.1.26","versionType":"custom","changes":[{"at":"7.1.26","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.13","versionType":"custom","changes":[{"at":"8.1.13","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.1","versionType":"custom","changes":[{"at":"9.1.1","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2013"}],"credits":[{"lang":"en","value":"This issue was found by Ben Nott of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.3,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-319 Cleartext Transmission of Sensitive Information","cweId":"CWE-319"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-125122"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"One possible vulnerability mitigation is to shorten the length of administrator session idle timeout. This reduces the likelihood the exposed administrator’s session cookie is valid at time of attack.","supportingMedia":{"value":"One possible vulnerability mitigation is to shorten the length of administrator session idle timeout. This reduces the likelihood the exposed administrator’s session cookie is valid at time of attack.","type":"text/html","base64":false}},{"lang":"en","value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com"}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.6, PAN-OS 9.1.1, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","supportingMedia":{"value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.6, PAN-OS 9.1.1, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2018","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Panorama authentication bypass vulnerability","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-05-14T15:40:56","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. An attacker requires some knowledge of managed firewalls to exploit this issue. \nThis issue does not affect Panorama configured with custom certificates authentication for communication between Panorama and managed devices.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. An attacker requires some knowledge of managed firewalls to exploit this issue. \nThis issue does not affect Panorama configured with custom certificates authentication for communication between Panorama and managed devices.</pre>"}]},{"lang":"en","value":"This issue affects:\n\nPAN-OS 7.1 versions earlier than 7.1.26;\n\nPAN-OS 8.1 versions earlier than 8.1.12;\n\nPAN-OS 9.0 versions earlier than 9.0.6;\n\nAll versions of PAN-OS 8.0.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue affects:\n\nPAN-OS 7.1 versions earlier than 7.1.26;\n\nPAN-OS 8.1 versions earlier than 8.1.12;\n\nPAN-OS 9.0 versions earlier than 9.0.6;\n\nAll versions of PAN-OS 8.0.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"7.1","status":"affected","lessThan":"7.1.26","versionType":"custom","changes":[{"at":"7.1.26","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.12","versionType":"custom","changes":[{"at":"8.1.12","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.6","versionType":"custom","changes":[{"at":"9.0.6","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2018"}],"credits":[{"lang":"en","value":"This issue was found by Ben Nott of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-287 Improper Authentication","cweId":"CWE-287"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-123661"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue can be completely mitigated by enabling custom certificates authentication between Panorama and managed firewalls. See https://docs.paloaltonetworks.com/panorama/8-0/panorama-admin/set-up-panorama/set-up-authentication-using-custom-certificates.html\n\nThis issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com","supportingMedia":{"value":"This issue can be completely mitigated by enabling custom certificates authentication between Panorama and managed firewalls. See https://docs.paloaltonetworks.com/panorama/8-0/panorama-admin/set-up-panorama/set-up-authentication-using-custom-certificates.html\n\nThis issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.12, PAN-OS 9.0.6, and all later PAN-OS versions.\n\nUpgrading Panorama to a fixed version is sufficient to resolve the issue.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","supportingMedia":{"value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.12, PAN-OS 9.0.6, and all later PAN-OS versions.\n\nUpgrading Panorama to a fixed version is sufficient to resolve the issue.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-1993","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: GlobalProtect Portal PHP session fixation vulnerability","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-05-13T19:07:13","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID.</pre>"}]},{"lang":"en","value":"This issue affects:\nAll PAN-OS 7.1 and 8.0 versions;\nPAN-OS 8.1 versions earlier than 8.1.14;\nPAN-OS 9.0 versions earlier than 9.0.8.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue affects:\nAll PAN-OS 7.1 and 8.0 versions;\nPAN-OS 8.1 versions earlier than 8.1.14;\nPAN-OS 9.0 versions earlier than 9.0.8.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.26","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"7.1.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.14","versionType":"custom","changes":[{"at":"8.1.14","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.8","versionType":"custom","changes":[{"at":"9.0.8","status":"unaffected"}]},{"version":"9.1.0","status":"unaffected","lessThan":"9.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-1993"}],"credits":[{"lang":"en","value":"This issue was found by a customer."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":3.7,"baseSeverity":"LOW"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-384 Session Fixation","cweId":"CWE-384"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-124039"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"There are no known workarounds for this issue.","supportingMedia":{"value":"There are no known workarounds for this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.8, PAN-OS 9.1.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.8, PAN-OS 9.1.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-1994","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Predictable temporary file vulnerability","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-06-10T17:22:01","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system.\n\nThis issue affects:\nAll versions of PAN-OS 7.1 and 8.0;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.7.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system.\n\nThis issue affects:\nAll versions of PAN-OS 7.1 and 8.0;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.7.\n</pre>"}]}],"x_affectedList":["PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.26","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1.*","status":"affected"},{"version":"8.0.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.13","versionType":"custom","changes":[{"at":"8.1.13","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.7","versionType":"custom","changes":[{"at":"9.0.7","status":"unaffected"}]},{"version":"9.1.0","status":"unaffected","lessThan":"9.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-1994"}],"credits":[{"lang":"en","value":"This issue was found by a customer."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":4.1,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-377 Insecure Temporary File","cweId":"CWE-377"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-123391"],"discovery":"USER"},"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2002","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Spoofed Kerberos key distribution center authentication bypass","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-05-14T15:40:56","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. ","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. </pre>"}]},{"lang":"en","value":"This issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.6;\nAll version of PAN-OS 8.0.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.6;\nAll version of PAN-OS 8.0.\n</pre>"}]}],"x_affectedList":["PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.13","versionType":"custom","changes":[{"at":"8.1.13","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.6","versionType":"custom","changes":[{"at":"9.0.6","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThan":"7.1.26","versionType":"custom","changes":[{"at":"7.1.26","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2002"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Yoav Iellin, Yaron Kassner, and Rotem Zach from Silverfort for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-290 Authentication Bypass by Spoofing","cweId":"CWE-290"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-118957"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"Ensure that PAN-OS communicates to Kerberos server over a secured network with access restricted to trusted users.\n\nPlease review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com.","supportingMedia":{"value":"Ensure that PAN-OS communicates to Kerberos server over a secured network with access restricted to trusted users.\n\nPlease review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.6, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","supportingMedia":{"value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.6, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2017","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: DOM-Based cross site scripting vulnerability in management web interface","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-06-10T17:24:05","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces.\nA remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's browser and perform administrative actions.\n\nThis issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.6;\nAll versions of PAN-OS 8.0.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces.\nA remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's browser and perform administrative actions.\n\nThis issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.6;\nAll versions of PAN-OS 8.0.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"7.1","status":"affected","lessThan":"7.1.26","versionType":"custom","changes":[{"at":"7.1.26","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.13","versionType":"custom","changes":[{"at":"8.1.13","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.6","versionType":"custom","changes":[{"at":"9.0.6","status":"unaffected"}]},{"version":"9.1.0","status":"unaffected","lessThan":"9.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2017"}],"credits":[{"lang":"en","value":"This issue was found by Chris Ganas of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Cross-site Scripting (XSS)","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-121058"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com.","supportingMedia":{"value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.6, PAN-OS 9.1.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","supportingMedia":{"value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.6, PAN-OS 9.1.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2001","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-09-11T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Panorama External control of file vulnerability leads to privilege escalation","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-05-14T15:40:56","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges.</pre>"}]},{"lang":"en","value":"This issue affects:\n\nAll PAN-OS 7.1 Panorama and 8.0 Panorama versions;\n\nPAN-OS 8.1 versions earlier than 8.1.12 on Panorama;\n\nPAN-OS 9.0 versions earlier than 9.0.6 on Panorama.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue affects:\n\nAll PAN-OS 7.1 Panorama and 8.0 Panorama versions;\n\nPAN-OS 8.1 versions earlier than 8.1.12 on Panorama;\n\nPAN-OS 9.0 versions earlier than 9.0.6 on Panorama.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.26","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"7.1.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.12","versionType":"custom","changes":[{"at":"8.1.12","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.6","versionType":"custom","changes":[{"at":"9.0.6","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2001"}],"credits":[{"lang":"en","value":"This issue was found by Ben Nott of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-123 Write-what-where Condition","cweId":"CWE-123"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-120397"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue impacts the management web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","supportingMedia":{"value":"This issue impacts the management web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.12, PAN-OS 9.0.6, and all later PAN-OS versions.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.12, PAN-OS 9.0.6, and all later PAN-OS versions.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2020-09-11T22:06:00.000Z","lang":"eng","value":"Added workaround section"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-1996","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-29T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Panorama management server log injection","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-05-13T19:07:13","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log file","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log file</pre>"}]},{"lang":"en","value":"This issue affects:\n\nAll versions of PAN-OS 7.1 and 8.0;\n\nPAN-OS 8.1 versions earlier than 8.1.14;\n\nPAN-OS 9.0 versions earlier than 9.0.9.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue affects:\n\nAll versions of PAN-OS 7.1 and 8.0;\n\nPAN-OS 8.1 versions earlier than 8.1.14;\n\nPAN-OS 9.0 versions earlier than 9.0.9.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.8","PAN-OS 9.0.7","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.26","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1.*","status":"affected"},{"version":"8.0.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.14","versionType":"custom","changes":[{"at":"8.1.14","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.9","versionType":"custom","changes":[{"at":"9.0.9","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-1996"}],"credits":[{"lang":"en","value":"This issue was found by Ben Nott of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-862 Missing Authorization","cweId":"CWE-862"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-117955"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"Attacks against this issue can be blocked with signatures for Unique Threat ID 58197 enabled on a different firewall configured to protect the vulnerable management interfaces.\n\nThis issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com.","supportingMedia":{"value":"Attacks against this issue can be blocked with signatures for Unique Threat ID 58197 enabled on a different firewall configured to protect the vulnerable management interfaces.\n\nThis issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.9 (pending release), and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.9 (pending release), and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2020-05-29T16:00:00.000Z","lang":"eng","value":"Added the workaround of using Unique Threat ID 58197 signatures."}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-7529","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Nginx integer overflow may lead to information leak","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2021-09-21T23:07:12","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"descriptions":[{"lang":"en","value":"Nginx web-server included with PAN-OS is vulnerable to an integer overflow vulnerability that can leak potentially a cache file header if a response was returned from cache.\n\nThis issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.6;\nAll versions of PAN-OS 8.0.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Nginx web-server included with PAN-OS is vulnerable to an integer overflow vulnerability that can leak potentially a cache file header if a response was returned from cache.\n\nThis issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.6;\nAll versions of PAN-OS 8.0.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"7.1","status":"affected","lessThan":"7.1.26","versionType":"custom","changes":[{"at":"7.1.26","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.13","versionType":"custom","changes":[{"at":"8.1.13","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.6","versionType":"custom","changes":[{"at":"9.0.6","status":"unaffected"}]},{"version":"9.1.0","status":"unaffected","lessThan":"9.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-7529"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-190 Integer Overflow or Wraparound","cweId":"CWE-190"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-117479"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"Attacks against CVE-2017-7529 can be blocked with signatures for Unique Threat ID 33070 enabled on a different firewall configured to protect the vulnerable management interfaces.","supportingMedia":{"value":"Attacks against CVE-2017-7529 can be blocked with signatures for Unique Threat ID 33070 enabled on a different firewall configured to protect the vulnerable management interfaces.","type":"text/html","base64":false}},{"lang":"en","value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface.\n\nPlease review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com"}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.6, PAN-OS 9.1.0, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.6, PAN-OS 9.1.0, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2020-0006","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Nginx software upgraded to resolve multiple vulnerabilities","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"Nginx software included with PAN-OS has been upgraded to resolve multiple vulnerabilities.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Nginx software included with PAN-OS has been upgraded to resolve multiple vulnerabilities.</pre>"}]},{"lang":"en","value":"This issue affects:\n\nAll PAN-OS 7.1 and 8.0 versions;\n\nPAN-OS 8.1 versions earlier than 8.1.14;\n\nPAN-OS 9.0 versions earlier than 9.0.7.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue affects:\n\nAll PAN-OS 7.1 and 8.0 versions;\n\nPAN-OS 8.1 versions earlier than 8.1.14;\n\nPAN-OS 9.0 versions earlier than 9.0.7.</pre>"}]},{"lang":"en","value":"The resolved vulnerabilities include:","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The resolved vulnerabilities include:</pre>"}]}],"x_affectedList":["PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.26","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1.*","status":"affected"},{"version":"8.0.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.14","versionType":"custom","changes":[{"at":"8.1.14","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.7","versionType":"custom","changes":[{"at":"9.0.7","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2012"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-476 NULL Pointer Dereference","cweId":"CWE-476"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-117480"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"Issues that affect the management interface of PAN-OS are strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com.","supportingMedia":{"value":"Issues that affect the management interface of PAN-OS are strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"These issues are fixed in PAN-OS 8.1.14, PAN-OS 9.0.7, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","supportingMedia":{"value":"These issues are fixed in PAN-OS 8.1.14, PAN-OS 9.0.7, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2014","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: OS injection vulnerability in PAN-OS management server","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-05-13T19:07:14","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges.\n\nThis issue affects:\nAll versions of PAN-OS 7.1 and 8.0;\nPAN-OS 8.1 versions earlier than 8.1.14;\nPAN-OS 9.0 versions earlier than 9.0.7.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges.\n\nThis issue affects:\nAll versions of PAN-OS 7.1 and 8.0;\nPAN-OS 8.1 versions earlier than 8.1.14;\nPAN-OS 9.0 versions earlier than 9.0.7.\n</pre>"}]}],"x_affectedList":["PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.26","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"7.1.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.14","versionType":"custom","changes":[{"at":"8.1.14","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.7","versionType":"custom","changes":[{"at":"9.0.7","status":"unaffected"}]},{"version":"9.1.0","status":"unaffected","lessThan":"9.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2014"}],"credits":[{"lang":"en","value":"This issue was found by Ben Nott of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 OS Command Injection","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-127118"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com.","supportingMedia":{"value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.7, PAN-OS 9.1.0 and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.7, PAN-OS 9.1.0 and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2020-0005","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: OpenSSH software upgraded to resolve multiple vulnerabilities","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"OpenSSH software included with PAN-OS has been upgraded to resolve security vulnerability CVE-2016-10012. Additionally, code changes have been made to the server component of the OpenSSH software included in PAN-OS in response to CVE-2015-8325 and CVE-2016-1908 though PAN-OS is not impacted by these issues.\n\nThis issues affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.1;\nAll versions of PAN-OS 8.0.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>OpenSSH software included with PAN-OS has been upgraded to resolve security vulnerability CVE-2016-10012. Additionally, code changes have been made to the server component of the OpenSSH software included in PAN-OS in response to CVE-2015-8325 and CVE-2016-1908 though PAN-OS is not impacted by these issues.\n\nThis issues affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.1;\nAll versions of PAN-OS 8.0.\n</pre>"}]}],"x_affectedList":["PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"7.1","status":"affected","lessThan":"7.1.26","versionType":"custom","changes":[{"at":"7.1.26","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.13","versionType":"custom","changes":[{"at":"8.1.13","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.1","versionType":"custom","changes":[{"at":"9.0.1","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2020-0005"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer","cweId":"CWE-119"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-111061"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com.","supportingMedia":{"value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.1, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","supportingMedia":{"value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.1, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2007","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: OS command injection in management server","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-05-13T19:07:14","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges.</pre>"}]},{"lang":"en","value":"This issue affects:\n\nAll PAN-OS 7.1 and 8.0 versions;\n\nPAN-OS 8.1 versions earlier than 8.1.14;\n\nPAN-OS 9.0 versions earlier than 9.0.7. ","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue affects:\n\nAll PAN-OS 7.1 and 8.0 versions;\n\nPAN-OS 8.1 versions earlier than 8.1.14;\n\nPAN-OS 9.0 versions earlier than 9.0.7. </pre>"}]}],"x_affectedList":["PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.26","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1.*","status":"affected"},{"version":"8.0.*","status":"affected"},{"version":"9.0","status":"affected","lessThan":"9.0.7","versionType":"custom","changes":[{"at":"9.0.7","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.14","versionType":"custom","changes":[{"at":"8.1.14","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2007"}],"credits":[{"lang":"en","value":"This issue was found by Jin Chen of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 OS Command Injection","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-102682"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com.","supportingMedia":{"value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 9.0.7 and later PAN-OS 9.0 versions; PAN-OS 8.1.14 and later PAN-OS 8.1 versions; and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","supportingMedia":{"value":"This issue is fixed in PAN-OS 9.0.7 and later PAN-OS 9.0 versions; PAN-OS 8.1.14 and later PAN-OS 8.1 versions; and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-1998","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Improper SAML SSO authorization of shared local users","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-05-14T15:40:56","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user.</pre>"}]},{"lang":"en","value":"This issue affects:\n\nPAN-OS 7.1 versions earlier than 7.1.26;\n\nPAN-OS 8.1 versions earlier than 8.1.13;\n\nPAN-OS 9.0 versions earlier than 9.0.6;\n\nPAN-OS 9.1 versions earlier than 9.1.1;\n\nAll versions of PAN-OS 8.0.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue affects:\n\nPAN-OS 7.1 versions earlier than 7.1.26;\n\nPAN-OS 8.1 versions earlier than 8.1.13;\n\nPAN-OS 9.0 versions earlier than 9.0.6;\n\nPAN-OS 9.1 versions earlier than 9.1.1;\n\nAll versions of PAN-OS 8.0.</pre>"}]}],"x_affectedList":["PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.13","versionType":"custom","changes":[{"at":"8.1.13","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThan":"7.1.26","versionType":"custom","changes":[{"at":"7.1.26","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.6","versionType":"custom","changes":[{"at":"9.0.6","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.1","versionType":"custom","changes":[{"at":"9.1.1","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-1998"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Maurice Lok-Hin for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-285 Improper Authorization","cweId":"CWE-285"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-108992"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"The impact of this vulnerability can be mitigated by removing shared usernames between local linux users and SAML enabled users.","supportingMedia":{"value":"The impact of this vulnerability can be mitigated by removing shared usernames between local linux users and SAML enabled users.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.6, PAN-OS 9.1.1, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","supportingMedia":{"value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.6, PAN-OS 9.1.1, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2006","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Buffer overflow in management server payload parser","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-05-13T19:07:14","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges.</pre>"}]},{"lang":"en","value":"This issue affects:\n\nAll versions of PAN-OS 7.1 and 8.0;\n\nPAN-OS 8.1 versions earlier than 8.1.14.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue affects:\n\nAll versions of PAN-OS 7.1 and 8.0;\n\nPAN-OS 8.1 versions earlier than 8.1.14.</pre>"}]}],"x_affectedList":["PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.26","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1.*","status":"affected"},{"version":"8.0.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.14","versionType":"custom","changes":[{"at":"8.1.14","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2006"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks Jin Chen of Palo Alto Networks for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-121 Stack-based Buffer Overflow","cweId":"CWE-121"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-100855"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com.","supportingMedia":{"value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.14 and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.14 and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2015","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Buffer overflow in the management server","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-06-10T17:23:49","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges.\n\nThis issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.7;\nPAN-OS 9.1 versions earlier than 9.1.1;\nAll versions of PAN-OS 8.0.\n\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges.\n\nThis issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.7;\nPAN-OS 9.1 versions earlier than 9.1.1;\nAll versions of PAN-OS 8.0.\n\n</pre>"}]}],"x_affectedList":["PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"9.0","status":"affected","lessThan":"9.0.7","versionType":"custom","changes":[{"at":"9.0.7","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThan":"7.1.26","versionType":"custom","changes":[{"at":"7.1.26","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.13","versionType":"custom","changes":[{"at":"8.1.13","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.1","versionType":"custom","changes":[{"at":"9.1.1","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2015"}],"credits":[{"lang":"en","value":"This issue was discovered by Nicholas Newsom of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-120 Buffer Overflow","cweId":"CWE-120"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-100734"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com","supportingMedia":{"value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.1, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","supportingMedia":{"value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.1, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2008","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: OS command injection or arbitrary file deletion vulnerability","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-05-13T19:07:14","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition.</pre>"}]},{"lang":"en","value":"This issue affects:\nAll versions of PAN-OS 7.1 and 8.0;\nPAN-OS 8.1 versions earlier than 8.1.14.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue affects:\nAll versions of PAN-OS 7.1 and 8.0;\nPAN-OS 8.1 versions earlier than 8.1.14.</pre>"}]}],"x_affectedList":["PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.26","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"7.1.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.14","versionType":"custom","changes":[{"at":"8.1.14","status":"unaffected"}]},{"version":"9.0.0","status":"unaffected","lessThan":"9.0*","versionType":"custom"},{"version":"9.1.0","status":"unaffected","lessThan":"9.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2008"}],"credits":[{"lang":"en","value":"This issue was found by Jin Chen of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-73 External Control of File Name or Path","cweId":"CWE-73"}]},{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 OS Command Injection","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-102688"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com","supportingMedia":{"value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.14 and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.14 and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2005","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: GlobalProtect Clientless VPN session hijacking","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-05-14T15:40:56","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session.\nThis issue affects:\n\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.7;\nAll versions of PAN-OS 8.0.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session.\nThis issue affects:\n\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.7;\nAll versions of PAN-OS 8.0.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"7.1","status":"affected","lessThan":"7.1.26","versionType":"custom","changes":[{"at":"7.1.26","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.13","versionType":"custom","changes":[{"at":"8.1.13","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.7","versionType":"custom","changes":[{"at":"9.0.7","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2005"}],"credits":[{"lang":"en","value":"This issue was discovered by Ron Masas of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":7.1,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Cross-site Scripting (XSS)","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["GPCON-551"],"discovery":"INTERNAL"},"configurations":[{"lang":"en","value":"This issue only affects firewalls configured with GlobalProtect Clientless VPN.","supportingMedia":{"value":"This issue only affects firewalls configured with GlobalProtect Clientless VPN.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Configure GlobalProtect Clientless VPN to only access known trusted websites, and block access all other websites.","supportingMedia":{"value":"Configure GlobalProtect Clientless VPN to only access known trusted websites, and block access all other websites.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.7, and all later versions of PAN-OS.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","supportingMedia":{"value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.7, and all later versions of PAN-OS.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2003","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Authenticated administrator can delete arbitrary system file","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-05-14T15:40:56","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services.\n\nThis issue affects:\nAll versions of PAN-OS 7.1 and 8.0;\nPAN-OS 8.1 versions before 8.1.14;\nPAN-OS 9.0 versions before 9.0.7;\nPAN-OS 9.1 versions before 9.1.1.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services.\n\nThis issue affects:\nAll versions of PAN-OS 7.1 and 8.0;\nPAN-OS 8.1 versions before 8.1.14;\nPAN-OS 9.0 versions before 9.0.7;\nPAN-OS 9.1 versions before 9.1.1.</pre>"}]}],"x_affectedList":["PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.26","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1.*","status":"affected"},{"version":"8.0.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.14","versionType":"custom","changes":[{"at":"8.1.14","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.7","versionType":"custom","changes":[{"at":"9.0.7","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.1","versionType":"custom","changes":[{"at":"9.1.1","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2003"}],"credits":[{"lang":"en","value":"This issue was found by Jin Chen of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-73 External Control of File Name or Path","cweId":"CWE-73"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-100415"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com","supportingMedia":{"value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.7, PAN-OS 9.1.1, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.7, PAN-OS 9.1.1, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2011","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-20T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Panorama registration denial of service","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-05-13T19:07:14","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS Panorama services by restarting the device and putting it into maintenance mode.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS Panorama services by restarting the device and putting it into maintenance mode.</pre>"}]},{"lang":"en","value":"This issue affects:\n\nAll versions of PAN-OS 7.1 and 8.0;\n\nPAN-OS 8.1 versions earlier than 8.1.14;\n\nPAN-OS 9.0 versions earlier than 9.0.7;","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue affects:\n\nAll versions of PAN-OS 7.1 and 8.0;\n\nPAN-OS 8.1 versions earlier than 8.1.14;\n\nPAN-OS 9.0 versions earlier than 9.0.7;</pre>"}]}],"x_affectedList":["PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.13","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.26","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1.*","status":"affected"},{"version":"8.0.*","status":"affected"},{"version":"8.1","status":"affected","lessThan":"8.1.14","versionType":"custom","changes":[{"at":"8.1.14","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.7","versionType":"custom","changes":[{"at":"9.0.7","status":"unaffected"}]},{"version":"9.1.0","status":"unaffected","lessThan":"9.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2011"}],"credits":[{"lang":"en","value":"This issue was found by Ben Nott of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-118226"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issues affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com","supportingMedia":{"value":"This issues affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.7, PAN-OS 9.1.0 and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.7, PAN-OS 9.1.0 and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2020-05-20T19:00:00.000Z","lang":"eng","value":"Removed 9.1.0 from affected releases"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-2016","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-05-13T00:00:00","dateReserved":"2020-05-13T00:00:00","dateUpdated":"2020-05-13T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Temporary file race condition vulnerability in PAN-OS leads to local privilege escalation","datePublic":"2020-05-13T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-06-10T17:24:03","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account.\n\nThis allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root user.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account.\n\nThis allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root user.</pre>"}]},{"lang":"en","value":"This issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.6;\nAll versions of PAN-OS 8.0.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>This issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.6;\nAll versions of PAN-OS 8.0.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"7.1","status":"affected","lessThan":"7.1.26","versionType":"custom","changes":[{"at":"7.1.26","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.13","versionType":"custom","changes":[{"at":"8.1.13","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.6","versionType":"custom","changes":[{"at":"9.0.6","status":"unaffected"}]},{"version":"9.1.0","status":"unaffected","lessThan":"9.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-2016"}],"credits":[{"lang":"en","value":"Palo Alto Networks thanks the UK's National Cyber Security Centre (NCSC) for discovering and reporting this issue."},{"lang":"en","value":"Palo Alto Networks thanks the NCC Group for finding this issue independently during a contracted PAN-OS security assessment."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-377 Insecure Temporary File","cweId":"CWE-377"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-128248"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com.","supportingMedia":{"value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any exploitation of this issue.","supportingMedia":{"value":"Palo Alto Networks is not aware of any exploitation of this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.6, PAN-OS 9.1.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","supportingMedia":{"value":"This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.6, PAN-OS 9.1.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-05-13T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-1992","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-04-08T00:00:00","dateReserved":"2020-04-08T00:00:00","dateUpdated":"2020-04-08T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS on PA-7000 Series: Varrcvr daemon network-based denial of service or privilege escalation","datePublic":"2020-04-08T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-04-08T18:41:58","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges.\n\nThis issue affects Palo Alto Networks PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.2 on PA-7000 Series devices with an LFC installed and configured.\n\nThis issue requires WildFire services to be configured and enabled.\n\nThis issue does not affect PAN-OS 8.1 and earlier releases.\n\nThis issue does not affect any other PA Series firewalls.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges.\n\nThis issue affects Palo Alto Networks PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.2 on PA-7000 Series devices with an LFC installed and configured.\n\nThis issue requires WildFire services to be configured and enabled.\n\nThis issue does not affect PAN-OS 8.1 and earlier releases.\n\nThis issue does not affect any other PA Series firewalls.</pre>"}]}],"x_affectedList":["PAN-OS 9.1.1","PAN-OS 9.1.0-h3","PAN-OS 9.1.0-h2","PAN-OS 9.1.0-h1","PAN-OS 9.1.0","PAN-OS 9.1","PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.0","status":"affected","lessThan":"9.0.7","versionType":"custom","changes":[{"at":"9.0.7","status":"unaffected"}]},{"version":"9.1","status":"affected","lessThan":"9.1.2","versionType":"custom","changes":[{"at":"9.1.2","status":"unaffected"}]}],"platforms":["PA-7000 series with LFC"]},{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1.*","status":"unaffected"},{"version":"8.0.*","status":"unaffected"},{"version":"7.1.*","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-1992"}],"credits":[{"lang":"en","value":"This issue was found by a customer."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-134 Use of Externally-Controlled Format String","cweId":"CWE-134"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-135103"],"discovery":"USER"},"configurations":[{"lang":"en","value":"This issue requires WildFire services to be configured and enabled.","supportingMedia":{"value":"This issue requires WildFire services to be configured and enabled.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"There are no viable workarounds for this issue.","supportingMedia":{"value":"There are no viable workarounds for this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 9.0.7, PAN-OS 9.1.2 and all later versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 9.0.7, PAN-OS 9.1.2 and all later versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-04-08T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2020-0002","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-04-08T16:00:00.000Z","dateReserved":"2020-04-08T16:00:00.000Z"},"containers":{"cna":{"title":"PAN-OS: OpenSSH software upgraded to resolve multiple vulnerabilities","datePublic":"2020-04-08T16:00:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"OpenSSH software included with PAN-OS has been upgraded to resolve multiple vulnerabilities.\n\nThese issue affects Palo Alto Networks PAN-OS 7.1 versions before 7.1.26; 8.1 versions before 8.1.13; 9.0 versions before 9.0.7.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>OpenSSH software included with PAN-OS has been upgraded to resolve multiple vulnerabilities.\n\nThese issue affects Palo Alto Networks PAN-OS 7.1 versions before 7.1.26; 8.1 versions before 8.1.13; 9.0 versions before 9.0.7.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.20","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.25","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0.*","status":"affected"},{"version":"7.1","status":"affected","lessThan":"7.1.26","versionType":"custom","changes":[{"at":"7.1.26","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.13","versionType":"custom","changes":[{"at":"8.1.13","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.7","versionType":"custom","changes":[{"at":"9.0.7","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685"},{"tags":["x_refsource_CONFIRM"],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109"},{"tags":["x_refsource_CONFIRM"],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-706","cweId":"CWE-706"}]},{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-284 Improper Access Control","cweId":"CWE-284"}]},{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-111636"],"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of PAN-OS and is mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.","supportingMedia":{"value":"This issue affects the management interface of PAN-OS and is mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"These issues are fixed in PAN-OS 7.1.26 (pending release), PAN-OS 8.1.13, PAN-OS 9.0.7 and all later versions.","supportingMedia":{"value":"These issues are fixed in PAN-OS 7.1.26 (pending release), PAN-OS 8.1.13, PAN-OS 9.0.7 and all later versions.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-1990","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-04-08T00:00:00","dateReserved":"2020-04-08T00:00:00","dateUpdated":"2020-04-08T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Buffer overflow in the management server","datePublic":"2020-04-08T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-04-08T18:41:58","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges.\n\nThis issue affects Palo Alto Networks PAN-OS 8.1 versions before 8.1.13; 9.0 versions before 9.0.7.\nThis issue does not affect PAN-OS 7.1.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges.\n\nThis issue affects Palo Alto Networks PAN-OS 8.1 versions before 8.1.13; 9.0 versions before 9.0.7.\nThis issue does not affect PAN-OS 7.1.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.6","PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1.*","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.13","versionType":"custom","changes":[{"at":"8.1.13","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.7","versionType":"custom","changes":[{"at":"9.0.7","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-1990"}],"credits":[{"lang":"en","value":"This issue was discovered by Nicholas Newsom of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-121 Stack-based Buffer Overflow","cweId":"CWE-121"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-121319"],"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"These issues affect the management interface of PAN-OS and are strongly mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 9.0 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.html.","supportingMedia":{"value":"These issues affect the management interface of PAN-OS and are strongly mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 9.0 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.html.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.13, PAN-OS 9.0.7 and all later versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.13, PAN-OS 9.0.7 and all later versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-04-08T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-1979","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-03-11T00:00:00","dateReserved":"2020-03-11T00:00:00","dateUpdated":"2020-05-12T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: A format string vulnerability in PAN-OS log daemon (logd) on Panorama allows local privilege escalation","datePublic":"2020-03-11T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-05-13T19:07:13","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges.\nThis issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama.\nThis issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges.\nThis issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama.\nThis issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.</pre>"}]}],"x_affectedList":["PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1","status":"affected","lessThan":"8.1.13","versionType":"custom","changes":[{"at":"8.1.13","status":"unaffected"}]},{"version":"9.0.0","status":"unaffected","lessThan":"9.0*","versionType":"custom"},{"version":"7.1.0","status":"unaffected","lessThan":"7.1*","versionType":"custom"},{"version":"9.1.0","status":"unaffected","lessThan":"9.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-1979"}],"credits":[{"lang":"en","value":"This issue was discovered by Nicholas Newsom of Palo Alto Networks during an internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-134 Use of Externally-Controlled Format String","cweId":"CWE-134"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-97584"],"discovery":"INTERNAL"},"configurations":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"This issue affects the management interface of Panorama and is mitigated by following best practices for securing the Panorama management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.","supportingMedia":{"value":"This issue affects the management interface of Panorama and is mitigated by following best practices for securing the Panorama management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.13 and all later PAN-OS 8.1 versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.13 and all later PAN-OS 8.1 versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-03-11T16:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2020-05-12T16:00:00.000Z","lang":"eng","value":"Updated attack vector, description and acknowledgement."}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-1980","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-03-11T00:00:00","dateReserved":"2020-03-11T00:00:00","dateUpdated":"2020-03-11T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Shell injection vulnerability in PAN-OS CLI allows execution of shell commands","datePublic":"2020-03-11T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-03-11T18:58:17","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges.\nThis issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13.\nThis issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges.\nThis issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13.\nThis issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.</pre>"}]}],"x_affectedList":["PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1","status":"affected","lessThan":"8.1.13","versionType":"custom","changes":[{"at":"8.1.13","status":"unaffected"}]},{"version":"9.0.0","status":"unaffected","lessThan":"9.0*","versionType":"custom"},{"version":"9.1.0","status":"unaffected","lessThan":"9.1*","versionType":"custom"},{"version":"7.1.0","status":"unaffected","lessThan":"7.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-1980"}],"credits":[{"lang":"en","value":"This issue was discovered during an internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')","cweId":"CWE-77"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-102674"],"discovery":"INTERNAL"},"configurations":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"This issue affects the management interface of PAN-OS and is mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.","supportingMedia":{"value":"This issue affects the management interface of PAN-OS and is mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.13, and all later versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.13, and all later versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-03-11T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-1981","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-03-11T00:00:00","dateReserved":"2020-03-11T00:00:00","dateUpdated":"2020-03-11T00:00:00.000000Z"},"containers":{"cna":{"title":"PAN-OS: Predictable temporary filename vulnerability allows local privilege escalation","datePublic":"2020-03-11T16:00:00.000Z","providerMetadata":{"dateUpdated":"2020-03-11T18:58:14","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation.\nThis issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance.\nThis issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13.\nThis issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation.\nThis issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance.\nThis issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13.\nThis issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.</pre>"}]}],"x_affectedList":["PAN-OS 8.1.12","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1","status":"affected","lessThan":"8.1.13","versionType":"custom","changes":[{"at":"8.1.13","status":"unaffected"}]},{"version":"7.1.0","status":"unaffected","lessThan":"7.1*","versionType":"custom"},{"version":"9.0.0","status":"unaffected","lessThan":"9.0*","versionType":"custom"},{"version":"9.1.0","status":"unaffected","lessThan":"9.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-1981"}],"credits":[{"lang":"en","value":"This issue was found during an internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-377 Insecure Temporary File","cweId":"CWE-377"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-103038"],"discovery":"INTERNAL"},"configurations":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"This issue affects the management interface of PAN-OS and is mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.","supportingMedia":{"value":"This issue affects the management interface of PAN-OS and is mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.13 and all later PAN-OS 8.1 versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.13 and all later PAN-OS 8.1 versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2020-03-11T16:00:00.000Z","lang":"eng","value":"Initial publication"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-1975","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2020-02-12T17:00:00.000Z","dateReserved":"2020-02-12T17:00:00.000Z"},"containers":{"cna":{"title":"Missing XML Validation in PAN-OS Web Interface","datePublic":"2020-02-12T17:00:00.000Z","providerMetadata":{"dateUpdated":"2020-02-12T22:57:08","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation.\nThis issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6.\nThis issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation.\nThis issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6.\nThis issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.11","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1.*","status":"unaffected"},{"version":"8.0.*","status":"unaffected"},{"version":"8.1","status":"affected","lessThan":"8.1.12","versionType":"custom","changes":[{"at":"8.1.12","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.6","versionType":"custom","changes":[{"at":"9.0.6","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2020-1975"}],"credits":[{"lang":"en","value":"This issue was found during a security assessment performed by a customer."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-112 Missing XML Validation","cweId":"CWE-112"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-124593"],"discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This issue requires that the web-based management interface is enabled on the hardware or virtual appliance.","supportingMedia":{"value":"This issue requires that the web-based management interface is enabled on the hardware or virtual appliance.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"This issue affects the web-based management interface of the appliance. Access to the web-based management interface of the appliance should be limited strictly to only trusted users, hosts, and networks.\n","supportingMedia":{"value":"This issue affects the web-based management interface of the appliance. Access to the web-based management interface of the appliance should be limited strictly to only trusted users, hosts, and networks.\n","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 8.1.12, PAN-OS 9.0.6, and all later versions.\n","supportingMedia":{"value":"This issue is fixed in PAN-OS 8.1.12, PAN-OS 9.0.6, and all later versions.\n","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2019-17440","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2019-12-19T19:35:00.000Z","dateReserved":"2019-12-19T19:35:00.000Z"},"containers":{"cna":{"title":"PAN-OS on PA-7000 Series: Improper restriction of communication to Log Forwarding Card (LFC) allows root access","datePublic":"2019-12-19T19:35:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:48","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS.\nThis issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured.\nThis issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC).\nThis issue does not affect any other PA series devices.\nThis issue does not affect devices without an LFC.\nThis issue does not affect PAN-OS 8.1 or prior releases.\nThis issue only affected a very limited number of customers and we undertook individual outreach to help them upgrade. At the time of publication, all identified customers have upgraded SW or content and are not impacted.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS.\nThis issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured.\nThis issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC).\nThis issue does not affect any other PA series devices.\nThis issue does not affect devices without an LFC.\nThis issue does not affect PAN-OS 8.1 or prior releases.\nThis issue only affected a very limited number of customers and we undertook individual outreach to help them upgrade. At the time of publication, all identified customers have upgraded SW or content and are not impacted.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.5","PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.0","status":"affected","lessThan":"9.0.5-h3","versionType":"custom","changes":[{"at":"9.0.6, 9.0.5-h3","status":"unaffected"}]}],"platforms":["PA-7000 Series with 2nd Generation SMC"]},{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0","status":"unaffected"},{"version":"8.1","status":"unaffected"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2019-17440"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Ayad (Ed) Sleiman, Head of Information Security at King Abdullah University of Science and Technology (KAUST) and his team for discovering and responsibly reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":10,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-923 Improper Restriction of Communication Channel to Intended Endpoints","cweId":"CWE-923"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-134242"],"advisory":"PAN-SA-2019-0040","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"(1) Content update 8218-5815 can be applied without requiring a software update. Once the content update is installed please ensure that next PAN-OS upgrade is to a fixed version (9.0.5-h3 or later). Do not upgrade or downgrade to an affected release, as it can reintroduce the vulnerability.\n(2) Configure security policies to prevent network sessions destined to LFC.\n(3) Ensure that LFC is only connected to a secured administrative network with access restricted to trusted users.\n(4) Disable or disconnect LFC from the network until fixes can be applied.","supportingMedia":{"value":"(1) Content update 8218-5815 can be applied without requiring a software update. Once the content update is installed please ensure that next PAN-OS upgrade is to a fixed version (9.0.5-h3 or later). Do not upgrade or downgrade to an affected release, as it can reintroduce the vulnerability.\n(2) Configure security policies to prevent network sessions destined to LFC.\n(3) Ensure that LFC is only connected to a secured administrative network with access restricted to trusted users.\n(4) Disable or disconnect LFC from the network until fixes can be applied.","type":"text/html","base64":false}}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any exploitation of this issue.\n","supportingMedia":{"value":"Palo Alto Networks is not aware of any exploitation of this issue.\n","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in 9.0.5-h3 and all subsequent releases. Content update 8218-5815 also fixes the issue.","supportingMedia":{"value":"This issue is fixed in 9.0.5-h3 and all subsequent releases. Content update 8218-5815 also fixes the issue.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2019-17437","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2019-12-04T17:00:00.000Z","dateReserved":"2019-12-04T17:00:00.000Z"},"containers":{"cna":{"title":"PAN-OS: Custom-role users may escalate privileges","datePublic":"2019-12-04T17:00:00.000Z","providerMetadata":{"dateUpdated":"2019-12-05T14:11:11","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser.\nThis issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5.\nPAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser.\nThis issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5.\nPAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.\n</pre>"}]}],"x_affectedList":["PAN-OS 9.0.4","PAN-OS 9.0.3-h3","PAN-OS 9.0.3-h2","PAN-OS 9.0.3-h1","PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.10","PAN-OS 8.1.9-h4","PAN-OS 8.1.9-h3","PAN-OS 8.1.9-h2","PAN-OS 8.1.9-h1","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1","status":"affected","lessThan":"7.1.25","versionType":"custom","changes":[{"at":"7.1.25","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThan":"8.0.20","versionType":"custom","changes":[{"at":"8.0.20","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.11","versionType":"custom","changes":[{"at":"8.1.11","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.5","versionType":"custom","changes":[{"at":"9.0.5","status":"unaffected"}]},{"version":"unspecified","status":"unknown","lessThanOrEqual":"7.0","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2019-17437"}],"credits":[{"lang":"en","value":"Christophe Schleypen of NCIA / NCIRC"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-280 Improper Handling of Insufficient Permissions or Privileges ","cweId":"CWE-280"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-115697"],"advisory":"PAN-SA-2019-0038","discovery":"EXTERNAL"},"configurations":[{"lang":"en","value":"This issue only affects devices configured with a low privileged custom role user with any combination of roles or privileges.","supportingMedia":{"value":"This issue only affects devices configured with a low privileged custom role user with any combination of roles or privileges.","type":"text/html","base64":false}}],"workarounds":[{"lang":"en","value":"Remove any untrusted custom-role users from the device or disable their access until fixes can be applied. Restrict access to the device to only trusted users.","supportingMedia":{"value":"Remove any untrusted custom-role users from the device or disable their access until fixes can be applied. Restrict access to the device to only trusted users.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue has been resolved in 7.1.25, 8.0.20, 8.1.11, 9.0.5 and all subsequent versions.","supportingMedia":{"value":"This issue has been resolved in 7.1.25, 8.0.20, 8.1.11, 9.0.5 and all subsequent versions.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2019-1559","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2019-12-04T17:00:00.000Z","dateReserved":"2019-12-04T17:00:00.000Z"},"containers":{"cna":{"title":"OpenSSL vulnerability CVE-2019-1559 has been resolved in PAN-OS","datePublic":"2019-12-04T17:00:00.000Z","providerMetadata":{"dateUpdated":"2021-01-20T14:42:01","orgId":"3a12439a-ef3a-4c79-92e6-6081a721f1e5","shortName":"openssl"},"descriptions":[{"lang":"en","value":"The OpenSSL library has been updated in PAN-OS to resolve CVE-2019-1559. This is a cryptographic vulnerability that under certain situations may allow a remote attacker to decrypt data by observing server responses to different types of errors.\nThis issue affects Palo Alto Networks PAN-OS 7.1 versions prior to 7.1.25, 8.0 versions prior to 8.0.20, 8.1 versions prior to 8.1.8, 9.0 versions prior to 9.0.2.\nPAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The OpenSSL library has been updated in PAN-OS to resolve CVE-2019-1559. This is a cryptographic vulnerability that under certain situations may allow a remote attacker to decrypt data by observing server responses to different types of errors.\nThis issue affects Palo Alto Networks PAN-OS 7.1 versions prior to 7.1.25, 8.0 versions prior to 8.0.20, 8.1 versions prior to 8.1.8, 9.0 versions prior to 9.0.2.\nPAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.\n</pre>"}]}],"x_affectedList":["PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.19-h1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.24-h1","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"unspecified","lessThanOrEqual":"7.0","status":"unknown","versionType":"custom"},{"version":"7.1","status":"affected","lessThan":"7.1.25","versionType":"custom","changes":[{"at":"7.1.25","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThan":"8.0.20","versionType":"custom","changes":[{"at":"8.0.20","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThan":"8.1.8","versionType":"custom","changes":[{"at":"8.1.8","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThan":"9.0.2","versionType":"custom","changes":[{"at":"9.0.2","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2019-1559"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.9,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-325 Missing Required Cryptographic Step","cweId":"CWE-325"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-114984"],"advisory":"PAN-SA-2019-0039","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"There are no available workarounds.","supportingMedia":{"value":"There are no available workarounds.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue has been fixed in 7.1.25, 8.0.20, 8.1.8, 9.0.2 and all subsequent releases.\n","supportingMedia":{"value":"This issue has been fixed in 7.1.25, 8.0.20, 8.1.8, 9.0.2 and all subsequent releases.\n","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2019-1582","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2019-08-21T22:13:00.000Z","dateReserved":"2019-08-21T22:13:00.000Z"},"containers":{"cna":{"title":"Memory Corruption in PAN-OS","datePublic":"2019-08-21T22:13:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:48","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"Palo Alto Networks is aware of a memory corruption vulnerability in PAN-OS. (Ref: # PAN-123700/ CVE-2019-1582).\nSuccessful exploitation of this issue may allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session.\nThis issue affects PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier.  PAN-OS 7.1 and 8.0 are NOT affected.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks is aware of a memory corruption vulnerability in PAN-OS. (Ref: # PAN-123700/ CVE-2019-1582).\nSuccessful exploitation of this issue may allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session.\nThis issue affects PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier.  PAN-OS 7.1 and 8.0 are NOT affected.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1","status":"affected","lessThanOrEqual":"8.1.9","versionType":"custom","changes":[{"at":"8.1.9-h4","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThanOrEqual":"9.0.3","versionType":"custom","changes":[{"at":"9.0.3-h3","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2019-1582"}],"credits":[{"lang":"en","value":"This issue was discovered by Nicholas Newsom of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer","cweId":"CWE-119"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-123700"],"advisory":"PAN-SA-2019-0023","discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"These issues affect the management interface of PAN-OS and are strongly mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 9.0 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.html.","supportingMedia":{"value":"These issues affect the management interface of PAN-OS and are strongly mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 9.0 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.html.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 8.1.9-h4 and later, and PAN-OS 9.0.3-h3 and later.  ","supportingMedia":{"value":"PAN-OS 8.1.9-h4 and later, and PAN-OS 9.0.3-h3 and later.  ","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2019-1581","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2019-08-21T22:13:00.000Z","dateReserved":"2019-08-21T22:13:00.000Z"},"containers":{"cna":{"title":"Remote code execution in PAN-OS SSH management interface","datePublic":"2019-08-21T22:13:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:48","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"Palo Alto Networks is aware of a remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS.  (Ref: # PAN-123564/ CVE-2019-1581).\nSuccessful exploitation will allow a remote, unauthenticated user to execute arbitrary code by crafting and sending a malicious message to the SSH device management interface.  \nThis issue affects PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks is aware of a remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS.  (Ref: # PAN-123564/ CVE-2019-1581).\nSuccessful exploitation will allow a remote, unauthenticated user to execute arbitrary code by crafting and sending a malicious message to the SSH device management interface.  \nThis issue affects PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.24","versionType":"custom","changes":[{"at":"7.1.24-h1","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.19","versionType":"custom","changes":[{"at":"8.0.19-h1","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThanOrEqual":"8.1.9","versionType":"custom","changes":[{"at":"8.1.9-h4","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThanOrEqual":"9.0.3","versionType":"custom","changes":[{"at":"9.0.3-h3","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2019-1581"}],"credits":[{"lang":"en","value":"The UK's National Cyber Security Centre (NCSC)"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-123564"],"advisory":"PAN-SA-2019-0022","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the SSH management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interfaces. Our best practices guidelines reduce the exposure of device management interfaces to potential attacke...","supportingMedia":{"value":"This issue affects the SSH management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interfaces. Our best practices guidelines reduce the exposure of device management interfaces to potential attacke...","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.1.24-h1 and later, PAN-OS 8.0.19-h1 and later, PAN-OS 8.1.9-h4 and later, and PAN-OS 9.0.3-h3 and later.","supportingMedia":{"value":"PAN-OS 7.1.24-h1 and later, PAN-OS 8.0.19-h1 and later, PAN-OS 8.1.9-h4 and later, and PAN-OS 9.0.3-h3 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2019-1580","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2019-08-21T22:13:00.000Z","dateReserved":"2019-08-21T22:13:00.000Z"},"containers":{"cna":{"title":"Memory Corruption in PAN-OS","datePublic":"2019-08-21T22:13:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:48","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"Palo Alto Networks is aware of a memory corruption vulnerability in PAN-OS (Ref: # PAN-123603/CVE-2019-1580).\nSuccessful exploitation will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.\nThis issue affects PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks is aware of a memory corruption vulnerability in PAN-OS (Ref: # PAN-123603/CVE-2019-1580).\nSuccessful exploitation will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.\nThis issue affects PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.3","PAN-OS 9.0.2-h4","PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.9","PAN-OS 8.1.8-h5","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.19","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.24","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.24","versionType":"custom","changes":[{"at":"7.1.24-h1","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.19","versionType":"custom","changes":[{"at":"8.0.19-h1","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThanOrEqual":"8.1.9","versionType":"custom","changes":[{"at":"8.1.9-h4","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThanOrEqual":"9.0.3","versionType":"custom","changes":[{"at":"9.0.3-h3","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2019-1580"}],"credits":[{"lang":"en","value":"This issue was discovered by Nicholas Newsom of Palo Alto Networks during internal security review."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer","cweId":"CWE-119"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-123603"],"advisory":"PAN-SA-2019-0021","discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"These issues affect the management interface of PAN-OS and are strongly mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 9.0 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.html.","supportingMedia":{"value":"These issues affect the management interface of PAN-OS and are strongly mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 9.0 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.html.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.1.24-h1 and later, PAN-OS 8.0.19-h1 and later, PAN-OS 8.1.9-h4 and later, and PAN-OS 9.0.3-h3 and later.","supportingMedia":{"value":"PAN-OS 7.1.24-h1 and later, PAN-OS 8.0.19-h1 and later, PAN-OS 8.1.9-h4 and later, and PAN-OS 9.0.3-h3 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2019-1579","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2019-07-18T20:39:00.000Z","dateReserved":"2019-07-18T20:39:00.000Z"},"containers":{"cna":{"title":"Remote Code Execution in GlobalProtect Portal/Gateway Interface ","datePublic":"2019-07-18T20:39:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:48","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"Palo Alto Networks is aware of the reported remote code execution (RCE) vulnerability in its GlobalProtect portal and GlobalProtect Gateway interface products.  The issue is already addressed in prior maintenance releases.  (Ref: CVE-2019-1579)\nSuccessful exploitation of this issue allows an unauthenticated attacker to execute arbitrary code.  \nThis issue affects PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and  PAN-OS 8.1.2  and earlier releases.  PAN-OS 9.0 is not affected.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks is aware of the reported remote code execution (RCE) vulnerability in its GlobalProtect portal and GlobalProtect Gateway interface products.  The issue is already addressed in prior maintenance releases.  (Ref: CVE-2019-1579)\nSuccessful exploitation of this issue allows an unauthenticated attacker to execute arbitrary code.  \nThis issue affects PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and  PAN-OS 8.1.2  and earlier releases.  PAN-OS 9.0 is not affected.</pre>"}]}],"x_affectedList":["PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.18","versionType":"custom","changes":[{"at":"7.1.19","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.11-h1","versionType":"custom","changes":[{"at":"8.0.12","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThanOrEqual":"8.1.2","versionType":"custom","changes":[{"at":"8.1.3","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2019-1579"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-100913"],"advisory":"PAN-SA-2019-0020","discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"If you have not already upgraded to the available updates listed above and cannot do so now, we recommend that you update to content release 8173, or the latest version, and confirm threat prevention is enabled and enforced on traffic that passes through the GlobalProtect portal and GlobalProtect Gateway interface.  \n\nPlease see the customer advisory for more details here: https://live.paloaltonetworks.com/t5/Customer-Advisories/Action-Recommended-Recent-Security-Advisory-PAN-SA-2019-0020-Ref/ta-p/278505 .  \n\nYou are not affected if you do not have GlobalProtect enabled.\n","supportingMedia":{"value":"If you have not already upgraded to the available updates listed above and cannot do so now, we recommend that you update to content release 8173, or the latest version, and confirm threat prevention is enabled and enforced on traffic that passes through the GlobalProtect portal and GlobalProtect Gateway interface.  \n\nPlease see the customer advisory for more details here: https://live.paloaltonetworks.com/t5/Customer-Advisories/Action-Recommended-Recent-Security-Advisory-PAN-SA-2019-0020-Ref/ta-p/278505 .  \n\nYou are not affected if you do not have GlobalProtect enabled.\n","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.1.19 and later, PAN-OS 8.0.12 and later, and PAN-OS 8.1.3 and later releases.","supportingMedia":{"value":"PAN-OS 7.1.19 and later, PAN-OS 8.0.12 and later, and PAN-OS 8.1.3 and later releases.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2019-1576","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2019-07-15T22:15:00.000Z","dateReserved":"2019-07-15T22:15:00.000Z"},"containers":{"cna":{"title":"Command Injection in PAN-OS ","datePublic":"2019-07-15T22:15:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:48","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A command injection vulnerability exists in the Palo Alto Networks PAN-OS Command Line Interface (CLI). (Ref PAN-111872/ CVE-2019-1576)\nSuccessful exploitation of this issue may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated  user’s permissions.\nThis issue affects PAN-OS 9.0.2 and earlier.  PAN-OS 7.1, PAN-OS 8.0 and PAN-OS 8.1 are NOT affected.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A command injection vulnerability exists in the Palo Alto Networks PAN-OS Command Line Interface (CLI). (Ref PAN-111872/ CVE-2019-1576)\nSuccessful exploitation of this issue may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated  user’s permissions.\nThis issue affects PAN-OS 9.0.2 and earlier.  PAN-OS 7.1, PAN-OS 8.0 and PAN-OS 8.1 are NOT affected.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.0","status":"affected","lessThanOrEqual":"9.0.2","versionType":"custom","changes":[{"at":"9.0.3","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2019-1576"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Joe Graham at Rochester Institute of Technology for reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')","cweId":"CWE-77"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-111872"],"advisory":"PAN-SA-2019-0018","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 9.0.3 and later","supportingMedia":{"value":"PAN-OS 9.0.3 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2019-1575","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2019-07-15T22:15:00.000Z","dateReserved":"2019-07-15T22:15:00.000Z"},"containers":{"cna":{"title":"Information Disclosure in PAN-OS Management API Usage","datePublic":"2019-07-15T22:15:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:48","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An Information Disclosure vulnerability exists in PAN-OS Management API usage (Ref # PAN-107239 and PAN-118869 / CVE-2019-1575)\nSuccessful exploitation may allow for an authenticated user with read-only privileges to extract the API key of the device and the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them.\nThis issue affects PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An Information Disclosure vulnerability exists in PAN-OS Management API usage (Ref # PAN-107239 and PAN-118869 / CVE-2019-1575)\nSuccessful exploitation may allow for an authenticated user with read-only privileges to extract the API key of the device and the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them.\nThis issue affects PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.23","versionType":"custom","changes":[{"at":"7.1.24","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.18","versionType":"custom","changes":[{"at":"8.0.19","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThanOrEqual":"8.1.8-h4","versionType":"custom","changes":[{"at":"8.1.8","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThanOrEqual":"9.0.2","versionType":"custom","changes":[{"at":"9.0.2","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2019-1575"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Bartłomiej Stasiek of ING Tech Poland, Ruben Jacobi of ON2IT Group, Michael E. Davis - University of Arkansas, and Alycia N. Carey - University of Arkansas for reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-200 Information Exposure","cweId":"CWE-200"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-107239","PAN-118869"],"advisory":"PAN-SA-2019-0019","discovery":"USER"},"workarounds":[{"lang":"en","value":"Please see the detailed FAQ here: https://live.paloaltonetworks.com/t5/Customer-Advisories/Palo-Alto-Networks-Security-Advisory-PAN-SA-2019-0019/ta-p/276661.","supportingMedia":{"value":"Please see the detailed FAQ here: https://live.paloaltonetworks.com/t5/Customer-Advisories/Palo-Alto-Networks-Security-Advisory-PAN-SA-2019-0019/ta-p/276661.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.1.24 and later, PAN-OS 8.0.19 and later, PAN-OS 8.1.8-h5 and later, and PAN-OS 9.0.2-h4 and later.  ","supportingMedia":{"value":"PAN-OS 7.1.24 and later, PAN-OS 8.0.19 and later, PAN-OS 8.1.8-h5 and later, and PAN-OS 9.0.2-h4 and later.  ","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2019-8912","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2019-07-15T22:15:00.000Z","dateReserved":"2019-07-15T22:15:00.000Z"},"containers":{"cna":{"title":"Privilege Escalation in PAN-OS","datePublic":"2019-07-15T22:15:00.000Z","providerMetadata":{"dateUpdated":"2020-01-21T19:06:20","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"Palo Alto Networks is aware of a use-after-free (UAF) vulnerability in the Linux kernel's sockfs_setattr. (Ref: PAN-113631/ CVE-2019-8912)\nSuccessful exploitation of this issue may allow an unprivileged local user to escalate their privileges on the system.\nThis issue affects PAN-OS 7.1.23 and earlier, PAN-OS 8.0.17 and earlier, PAN-OS 8.1.8 and earlier, and PAN-OS 9.0.2 and earlier. ","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks is aware of a use-after-free (UAF) vulnerability in the Linux kernel's sockfs_setattr. (Ref: PAN-113631/ CVE-2019-8912)\nSuccessful exploitation of this issue may allow an unprivileged local user to escalate their privileges on the system.\nThis issue affects PAN-OS 7.1.23 and earlier, PAN-OS 8.0.17 and earlier, PAN-OS 8.1.8 and earlier, and PAN-OS 9.0.2 and earlier. </pre>"}]}],"x_affectedList":["PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.23","versionType":"custom","changes":[{"at":"7.1.24","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.17","versionType":"custom","changes":[{"at":"8.0.18","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThanOrEqual":"8.1.8","versionType":"custom","changes":[{"at":"8.1.9","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThanOrEqual":"9.0.2","versionType":"custom","changes":[{"at":"9.0.3","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2019-8912"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-416 Use After Free","cweId":"CWE-416"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-113631"],"advisory":"PAN-SA-2019-0017","discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.1.24 and later, PAN-OS 8.0.18 and later, PAN-OS 8.1.9 and later, and PAN-OS 9.0.3 and later.","supportingMedia":{"value":"PAN-OS 7.1.24 and later, PAN-OS 8.0.18 and later, PAN-OS 8.1.9 and later, and PAN-OS 9.0.3 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2019-0013","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2019-06-27T23:50:00.000Z","dateReserved":"2019-06-27T23:50:00.000Z"},"containers":{"cna":{"title":"Information about TCP SACK Panic Findings in PAN-OS ","datePublic":"2019-06-27T23:50:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"Palo Alto Networks is aware of recent vulnerability disclosures known as TCP SACK Panic vulnerabilities.  (Ref: PAN-119745/ CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)\nSuccessful exploitation of these issues could allow an unprivileged remote user to trigger a kernel panic in systems running the affected software, resulting in a denial of service.\n\nWhile these issues primary affect the PAN-OS Management Plane (MP),  it is possible for MP services to be exposed via Data Plane (DP) interfaces as a result of Service Route or and Interface Management Profile configurations. Examples include Management Profiles permitting HTTP/HTTPS access to the WebGUI, SSH, or response pages.  In these cases, it is possible that malicious traffic could arrive at the MP kernel through the DP interface.  Devices with unrestricted connectivity to the MP, such as internal hosts, may be able to leverage this issue to impact device performance. \n\nPalo Alto Networks is not affected by CVE-2019-5599.\nThis issue affects PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2-h3 and earlier.  \n\nGlobalProtect Gateway and GlobalProtect portal are NOT affected by these issues.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks is aware of recent vulnerability disclosures known as TCP SACK Panic vulnerabilities.  (Ref: PAN-119745/ CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)\nSuccessful exploitation of these issues could allow an unprivileged remote user to trigger a kernel panic in systems running the affected software, resulting in a denial of service.\n\nWhile these issues primary affect the PAN-OS Management Plane (MP),  it is possible for MP services to be exposed via Data Plane (DP) interfaces as a result of Service Route or and Interface Management Profile configurations. Examples include Management Profiles permitting HTTP/HTTPS access to the WebGUI, SSH, or response pages.  In these cases, it is possible that malicious traffic could arrive at the MP kernel through the DP interface.  Devices with unrestricted connectivity to the MP, such as internal hosts, may be able to leverage this issue to impact device performance. \n\nPalo Alto Networks is not affected by CVE-2019-5599.\nThis issue affects PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2-h3 and earlier.  \n\nGlobalProtect Gateway and GlobalProtect portal are NOT affected by these issues.</pre>"}]}],"x_affectedList":["PAN-OS 9.0.2-h3","PAN-OS 9.0.2-h2","PAN-OS 9.0.2-h1","PAN-OS 9.0.2","PAN-OS 9.0.1","PAN-OS 9.0.0","PAN-OS 9.0","PAN-OS 8.1.8-h4","PAN-OS 8.1.8-h3","PAN-OS 8.1.8-h2","PAN-OS 8.1.8-h1","PAN-OS 8.1.8","PAN-OS 8.1.7","PAN-OS 8.1.6-h2","PAN-OS 8.1.6-h1","PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.18","PAN-OS 8.0.17","PAN-OS 8.0.16","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.23","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.23","versionType":"custom","changes":[{"at":"7.1.24","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.18","versionType":"custom","changes":[{"at":"8.0.19","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThanOrEqual":"8.1.8-h4","versionType":"custom","changes":[{"at":"8.1.8-h5","status":"unaffected"}]},{"version":"9.0","status":"affected","lessThanOrEqual":"9.0.2-h3","versionType":"custom","changes":[{"at":"9.0.2-h4","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2019-0013"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-190 Integer Overflow or Wraparound","cweId":"CWE-190"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-119745"],"advisory":"PAN-SA-2019-0013","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"These issues affect the management interface of PAN-OS and are strongly mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 9.0 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.html.","supportingMedia":{"value":"These issues affect the management interface of PAN-OS and are strongly mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 9.0 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.html.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.1.24 and later, PAN-OS 8.0.19 and later, PAN-OS 8.1.8-h5 and later, and PAN-OS 9.0.2-h4 and later","supportingMedia":{"value":"PAN-OS 7.1.24 and later, PAN-OS 8.0.19 and later, PAN-OS 8.1.8-h5 and later, and PAN-OS 9.0.2-h4 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"PAN-SA-2019-0011","assignerOrgId":"00000000-0000-4000-9000-000000000000","assignerShortName":"palo_alto","serial":1,"dateReserved":"2019-05-15T22:37:00.000Z","datePublished":"2019-05-15T22:37:00.000Z","state":"PUBLISHED"},"containers":{"cna":{"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000","shortName":"Not found","dateUpdated":"2024-11-20T08:00:00.000Z"},"title":"Informational: PAN-OS unexpected open ports","datePublic":"2019-05-15T22:37:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-668","description":"CWE-668 Exposure of Resource to Wrong Sphere","type":"CWE"}]}],"impacts":[{"descriptions":[{"lang":"en","value":""}]}],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","platforms":["with GlobalProtect"],"versions":[{"status":"affected","version":"8.0.0","lessThan":"8.0.12","changes":[{"at":"8.0.12","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"8.1.0","lessThan":"8.1.2","changes":[{"at":"8.1.2","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","platforms":["without GlobalProtect"],"versions":[{"status":"affected","version":"8.0","lessThanOrEqual":"8.0.13","changes":[{"at":"8.0.14","status":"unaffected"}],"versionType":"custom"},{"status":"affected","version":"8.1","lessThanOrEqual":"8.1.3","changes":[{"at":"8.1.4","status":"unaffected"}],"versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"status":"unaffected","version":"7.1.*","versionType":"custom"},{"status":"unaffected","version":"9.0.*","versionType":"custom"}],"defaultStatus":"unaffected"}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0","versionEndExcluding":"8.1.2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0","versionEndExcluding":"8.1.4"}]}]}],"descriptions":[{"lang":"en","value":"An issue was resolved in PAN-OS that resulted in a configured Layer 3 interface erroneously opening ports 28869/tcp and 28870/tcp on the IP address assigned to the Layer 3 interface. These ports bind to an internal service that performs an HTTP 301 redirect to the HTTPS port (443/tcp) on the same interface IP address. After redirection, a web client will attempt to connect to the original destination IP address on 443/tcp and, if any such service is configured on the interface by the administrator (such as on the GlobalProtect portal or the device management interface), the client will connect successfully. In the absence of a configured service, any connection to 443/tcp will time out as expected. \n\nThis security advisory is rated as “informational” because there are no known vulnerabilities or immediate security risks posed by this issue; however, because unexpected open ports (28869/tcp and 28870/tcp) may appear in routine scans or audits, we advise you to review this issue and determine appropriate next steps for your environment.  (Refer to PAN-94058 and PAN-101704 in the release notes associated with your release: https://docs.paloaltonetworks.com/pan-os.html.)\n\nThis issue affects Firewalls with GlobalProtect enabled and running PAN-OS 8.0.8 to PAN-OS 8.0.11-h1 or PAN-OS 8.1.0 to PAN-OS 8.1.1. \nFirewalls without GlobalProtect enabled and running PAN-OS 8.0.8 to PAN-OS 8.0.13 or PAN-OS 8.1.0 to PAN-OS 8.1.3.\nFirewalls running PAN-OS 7.1 or PAN-OS 9.0 are NOT affected.\n\n","supportingMedia":[{"type":"text/html","base64":true,"value":"<pre>An issue was resolved in PAN-OS that resulted in a configured Layer 3 interface erroneously opening ports 28869/tcp and 28870/tcp on the IP address assigned to the Layer 3 interface. These ports bind to an internal service that performs an HTTP 301 redirect to the HTTPS port (443/tcp) on the same interface IP address. After redirection, a web client will attempt to connect to the original destination IP address on 443/tcp and, if any such service is configured on the interface by the administrator (such as on the GlobalProtect portal or the device management interface), the client will connect successfully. In the absence of a configured service, any connection to 443/tcp will time out as expected. \n\nThis security advisory is rated as “informational” because there are no known vulnerabilities or immediate security risks posed by this issue; however, because unexpected open ports (28869/tcp and 28870/tcp) may appear in routine scans or audits, we advise you to review this issue and determine appropriate next steps for your environment.  (Refer to PAN-94058 and PAN-101704 in the release notes associated with your release: https://docs.paloaltonetworks.com/pan-os.html.)\n\nThis issue affects Firewalls with GlobalProtect enabled and running PAN-OS 8.0.8 to PAN-OS 8.0.11-h1 or PAN-OS 8.1.0 to PAN-OS 8.1.1. \nFirewalls without GlobalProtect enabled and running PAN-OS 8.0.8 to PAN-OS 8.0.13 or PAN-OS 8.1.0 to PAN-OS 8.1.3.\nFirewalls running PAN-OS 7.1 or PAN-OS 9.0 are NOT affected.\n\n</pre>"}]}],"references":[{"url":"https://security.paloaltonetworks.com/PAN-SA-2019-0011","tags":["x_refsource_CONFIRM"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE","baseSeverity":"NONE","baseScore":0,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"}}],"workarounds":[{"lang":"en","value":"Firewall administrators can create an explicit deny policy that blocks ports 28869/tcp and 28870/tcp on the affected L3 interface addresses. For more information on configuration, please refer to https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLxl","supportingMedia":[{"type":"text/html","base64":false,"value":"Firewall administrators can create an explicit deny policy that blocks ports 28869/tcp and 28870/tcp on the affected L3 interface addresses. For more information on configuration, please refer to https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLxl"}]}],"solutions":[{"lang":"en","value":"Firewalls with GlobalProtect enabled: PAN-OS 8.0.12, PAN-OS 8.1.2 or a later release. \nFirewalls without GlobalProtect enabled: PAN-OS 8.0.14, 8.1.4 or a later release.","supportingMedia":[{"type":"text/html","base64":false,"value":"Firewalls with GlobalProtect enabled: PAN-OS 8.0.12, PAN-OS 8.1.2 or a later release. \nFirewalls without GlobalProtect enabled: PAN-OS 8.0.14, 8.1.4 or a later release."}]}],"exploits":[{"lang":"en","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}],"source":{"defect":["PDV-747"],"advisory":"PAN-SA-2019-0011","discovery":"USER"},"x_generator":{"engine":"Vulnogram 0.0.9"},"x_affectedList":["PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0"]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2019-1572","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2019-03-28T20:05:00.000Z","dateReserved":"2019-03-28T20:05:00.000Z"},"containers":{"cna":{"title":"Authentication Bypass in PAN-OS Management Web Interface","datePublic":"2019-03-28T20:05:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:48","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"An Authentication Bypass vulnerability exists in the PAN-OS Management Web Interface.  (Ref # PAN-113675, CVE-2019-1572)\nSuccessful exploitation of this issue may allow an unauthenticated remote user to access php files.\nThis issue affects Only PAN-OS 9.0.0","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An Authentication Bypass vulnerability exists in the PAN-OS Management Web Interface.  (Ref # PAN-113675, CVE-2019-1572)\nSuccessful exploitation of this issue may allow an unauthenticated remote user to access php files.\nThis issue affects Only PAN-OS 9.0.0</pre>"}]}],"x_affectedList":["PAN-OS 9.0.0","PAN-OS 9.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"9.0.0","status":"affected"},{"version":"9.0.1","status":"unaffected","lessThan":"9.0*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2019-1572"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-287 Improper Authentication","cweId":"CWE-287"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-113675"],"advisory":"PAN-SA-2019-0005","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the management interface of PAN-OS. Our best practices guidelines reduce the exposure of the management interface to potential attackers. We recommend that the management interface be isolated and strictly limited only to security administration personnel through either network segmentation or using the IP access control list restriction feature within PAN-OS.  Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.html.","supportingMedia":{"value":"This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the management interface of PAN-OS. Our best practices guidelines reduce the exposure of the management interface to potential attackers. We recommend that the management interface be isolated and strictly limited only to security administration personnel through either network segmentation or using the IP access control list restriction feature within PAN-OS.  Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.html.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 9.0.1 and later","supportingMedia":{"value":"PAN-OS 9.0.1 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2018-18065","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2019-03-20T21:20:00.000Z","dateReserved":"2019-03-20T21:20:00.000Z"},"containers":{"cna":{"title":"Denial of Service in PAN-OS Management Interface ","datePublic":"2019-03-20T21:20:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:47","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A Denial of Service vulnerability exists in the SNMP library that affects PAN-OS Management Interface. (Ref # PAN-106922, CVE-2018-18065).\nSuccessful exploitation of this issue would allow a remote unauthenticated user to cause the SNMP daemon to crash, resulting in a denial of service. The unauthenticated user would already have to have access to the management interface to make this vulnerability work.\nThis issue affects PAN-OS 7.1.22 and earlier, PAN-OS 8.0.15 and earlier, PAN-OS 8.1.6 and earlier.  PAN-OS 9.0 is NOT affected","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A Denial of Service vulnerability exists in the SNMP library that affects PAN-OS Management Interface. (Ref # PAN-106922, CVE-2018-18065).\nSuccessful exploitation of this issue would allow a remote unauthenticated user to cause the SNMP daemon to crash, resulting in a denial of service. The unauthenticated user would already have to have access to the management interface to make this vulnerability work.\nThis issue affects PAN-OS 7.1.22 and earlier, PAN-OS 8.0.15 and earlier, PAN-OS 8.1.6 and earlier.  PAN-OS 9.0 is NOT affected</pre>"}]}],"x_affectedList":["PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.22","versionType":"custom","changes":[{"at":"7.1.23","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.15","versionType":"custom","changes":[{"at":"8.0.16","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThanOrEqual":"8.1.6","versionType":"custom","changes":[{"at":"8.1.7","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2018-18065"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-476 NULL Pointer Dereference","cweId":"CWE-476"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-106922"],"advisory":"PAN-SA-2019-0007","discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 9.0 technical documentation, available at: \nhttps://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.html.\n","supportingMedia":{"value":"This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 9.0 technical documentation, available at: \nhttps://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.html.\n","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.1.23 and later, PAN-OS 8.0.16 and later, and PAN-OS 8.1.7 and later.","supportingMedia":{"value":"PAN-OS 7.1.23 and later, PAN-OS 8.0.16 and later, and PAN-OS 8.1.7 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2018-14634","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2019-03-20T21:20:00.000Z","dateReserved":"2019-03-20T21:20:00.000Z"},"containers":{"cna":{"title":"Privilege Escalation in PAN-OS","datePublic":"2019-03-20T21:20:00.000Z","providerMetadata":{"dateUpdated":"2021-07-20T14:06:15","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"descriptions":[{"lang":"en","value":"Palo Alto Networks is aware of an integer overflow vulnerability in the Linux kernel's create_elf_tables() function.  (Ref # PAN-105966, CVE-2018-14634)\nSuccessful exploitation of this issue may allow an unprivileged local user to escalate their privileges on the system.  \n\nTo successfully exploit this vulnerability, an attacker would need local user account to access CLI, as well as, an unrelated vulnerability allowing the local user to execute arbitrary code in a chained attack. This combination would result in the execution of malicious code and achieving complete control of the affected system.\n\nThis issue does not affect 32-bit systems as they do not have a large enough address space to exploit this flaw. \nThis issue affects This only affects 64bit systems with more than 32 GB of available memory.  \n\nThe affected platform and versions are  PAN-OS 7.1.22 and earlier running on M-500 and WF-500;   PAN-OS 8.0.15 and earlier running on PA-5220, PA-5250, PA-5260, M-500 and WF-500;  and PAN-OS 8.1.6 and earlier running on PA-5220, PA-5250, PA-5260, PA-5280, M-500, M-600 and WF-500.   PAN-OS 9.0 is NOT affected.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks is aware of an integer overflow vulnerability in the Linux kernel's create_elf_tables() function.  (Ref # PAN-105966, CVE-2018-14634)\nSuccessful exploitation of this issue may allow an unprivileged local user to escalate their privileges on the system.  \n\nTo successfully exploit this vulnerability, an attacker would need local user account to access CLI, as well as, an unrelated vulnerability allowing the local user to execute arbitrary code in a chained attack. This combination would result in the execution of malicious code and achieving complete control of the affected system.\n\nThis issue does not affect 32-bit systems as they do not have a large enough address space to exploit this flaw. \nThis issue affects This only affects 64bit systems with more than 32 GB of available memory.  \n\nThe affected platform and versions are  PAN-OS 7.1.22 and earlier running on M-500 and WF-500;   PAN-OS 8.0.15 and earlier running on PA-5220, PA-5250, PA-5260, M-500 and WF-500;  and PAN-OS 8.1.6 and earlier running on PA-5220, PA-5250, PA-5260, PA-5280, M-500, M-600 and WF-500.   PAN-OS 9.0 is NOT affected.</pre>"}]}],"x_affectedList":["PAN-OS 8.1.6","PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.15","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.22","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.22","versionType":"custom","changes":[{"at":"7.1.23","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.15","versionType":"custom","changes":[{"at":"8.0.16","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThanOrEqual":"8.1.6","versionType":"custom","changes":[{"at":"8.1.7","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2018-14634"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-190 Integer Overflow or Wraparound","cweId":"CWE-190"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-105966"],"advisory":"PAN-SA-2019-0006","discovery":"INTERNAL"},"solutions":[{"lang":"en","value":"PAN-OS 7.1.23 and later, PAN-OS 8.0.16 and later, and PAN-OS 8.1.7 and later. ","supportingMedia":{"value":"PAN-OS 7.1.23 and later, PAN-OS 8.0.16 and later, and PAN-OS 8.1.7 and later. ","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2019-1566","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2019-01-23T19:15:00.000Z","dateReserved":"2019-01-23T19:15:00.000Z"},"containers":{"cna":{"title":"Cross-Site Scripting (XSS) in PAN-OS Management Web Interface","datePublic":"2019-01-23T19:15:00.000Z","providerMetadata":{"dateUpdated":"2020-02-12T22:57:08","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A Cross-Site Scripting (XSS) vulnerability exists in the PAN-OS Management Web Interface. (Ref. # PAN-107262; CVE-2019-1566)\nSuccessful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.\nThis issue affects PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier.  ","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A Cross-Site Scripting (XSS) vulnerability exists in the PAN-OS Management Web Interface. (Ref. # PAN-107262; CVE-2019-1566)\nSuccessful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.\nThis issue affects PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier.  </pre>"}]}],"x_affectedList":["PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.21","versionType":"custom","changes":[{"at":"7.1.22","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.14","versionType":"custom","changes":[{"at":"8.0.15","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThanOrEqual":"8.1.5","versionType":"custom","changes":[{"at":"8.1.6","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2019-1566"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Purplemet Security for reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-107262"],"advisory":"PAN-SA-2019-0002","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at: https://www.paloaltonetworks.com/documentation/81/pan-os/pan-os/getting-started/best-practices-for-securing-administrative-access.","supportingMedia":{"value":"This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at: https://www.paloaltonetworks.com/documentation/81/pan-os/pan-os/getting-started/best-practices-for-securing-administrative-access.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.1.22 and later, PAN-OS 8.0.15 and later, and PAN-OS 8.1.6 and later.","supportingMedia":{"value":"PAN-OS 7.1.22 and later, PAN-OS 8.0.15 and later, and PAN-OS 8.1.6 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2019-1565","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2019-01-23T19:15:00.000Z","dateReserved":"2019-01-23T19:15:00.000Z"},"containers":{"cna":{"title":"Cross-Site Scripting (XSS) in PAN-OS External Dynamic Lists ","datePublic":"2019-01-23T19:15:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:48","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A Cross-Site Scripting (XSS) vulnerability exists in the PAN-OS External Dynamic Lists. (Ref. # PAN-106776; CVE-2019-1565)\nSuccessful exploitation of this issue may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML.\nThis issue affects PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A Cross-Site Scripting (XSS) vulnerability exists in the PAN-OS External Dynamic Lists. (Ref. # PAN-106776; CVE-2019-1565)\nSuccessful exploitation of this issue may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML.\nThis issue affects PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 8.1.5","PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.14","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.21","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.21","versionType":"custom","changes":[{"at":"7.1.22","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.14","versionType":"custom","changes":[{"at":"8.0.15","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThanOrEqual":"8.1.5","versionType":"custom","changes":[{"at":"8.1.6","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2019-1565"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Mina Mohsen Edwar of Verizon for reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-106776"],"advisory":"PAN-SA-2019-0001","discovery":"USER"},"workarounds":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.1.22 and later, PAN-OS 8.0.15 and later, and PAN-OS 8.1.6 and later.","supportingMedia":{"value":"PAN-OS 7.1.22 and later, PAN-OS 8.0.15 and later, and PAN-OS 8.1.6 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2018-10141","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2018-10-12T02:35:00.000Z","dateReserved":"2018-10-12T02:35:00.000Z"},"containers":{"cna":{"title":"Cross-Site Scripting (XSS) in GlobalProtect Portal Login Page ","datePublic":"2018-10-12T02:35:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:46","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A Cross-Site Scripting (XSS) vulnerability exists in the PAN-OS GlobalProtect Portal Login page. (Ref. # PAN-99830; CVE-2018-10141)\nSuccessful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.\nThis issue affects PAN-OS 8.1.3 and earlier.  PAN-OS 8.0, PAN-OS 7.1 and PAN-OS 6.1 are NOT affected.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A Cross-Site Scripting (XSS) vulnerability exists in the PAN-OS GlobalProtect Portal Login page. (Ref. # PAN-99830; CVE-2018-10141)\nSuccessful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.\nThis issue affects PAN-OS 8.1.3 and earlier.  PAN-OS 8.0, PAN-OS 7.1 and PAN-OS 6.1 are NOT affected.</pre>"}]}],"x_affectedList":["PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1","status":"affected","lessThanOrEqual":"8.1.3","versionType":"custom","changes":[{"at":"8.1.4","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2018-10141"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Vladimir Egorov, Team of cyberhouse.ge, okradze, and Mina Mohsen Edwar with Verizon for reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-99830"],"advisory":"PAN-SA-2018-0014","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"Customers not using GlobalProtect feature of PAN-OS are not impacted by this vulnerability.","supportingMedia":{"value":"Customers not using GlobalProtect feature of PAN-OS are not impacted by this vulnerability.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 8.1.4 and later","supportingMedia":{"value":"PAN-OS 8.1.4 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2018-0015","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2018-10-12T02:35:00.000Z","dateReserved":"2018-10-12T02:35:00.000Z"},"containers":{"cna":{"title":"OpenSSL Vulnerabilities in PAN-OS ","datePublic":"2018-10-12T02:35:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"The OpenSSL library has been found to contain vulnerabilities CVE-2018-0732, CVE-2018-0737, and CVE-2018-0739.  Palo Alto Networks software makes use of the vulnerable library and is affected. (Ref # PAN-98504/ CVE-2018-0732, CVE-2018-0737, and CVE-2018-0739)\nThe OpenSSL library in use by PAN-OS is patched on a regular basis for security issues.\nThis issue affects PAN-OS 6.1.20 and earlier, PAN-OS 7.1.20 and earlier, PAN-OS 8.0.13 and earlier, and PAN-OS 8.1.3 and earlier.  WF-500 running WF-500 software versions PAN-OS 6.1.20 and earlier, PAN-OS 7.1.20 and earlier, PAN-OS 8.0.13 and earlier, and PAN-OS 8.1.3 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The OpenSSL library has been found to contain vulnerabilities CVE-2018-0732, CVE-2018-0737, and CVE-2018-0739.  Palo Alto Networks software makes use of the vulnerable library and is affected. (Ref # PAN-98504/ CVE-2018-0732, CVE-2018-0737, and CVE-2018-0739)\nThe OpenSSL library in use by PAN-OS is patched on a regular basis for security issues.\nThis issue affects PAN-OS 6.1.20 and earlier, PAN-OS 7.1.20 and earlier, PAN-OS 8.0.13 and earlier, and PAN-OS 8.1.3 and earlier.  WF-500 running WF-500 software versions PAN-OS 6.1.20 and earlier, PAN-OS 7.1.20 and earlier, PAN-OS 8.0.13 and earlier, and PAN-OS 8.1.3 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.13","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.20","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 6.1.20","PAN-OS 6.1.19","PAN-OS 6.1.18","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.20","versionType":"custom"},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.20","versionType":"custom","changes":[{"at":"7.1.21","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.13","versionType":"custom","changes":[{"at":"8.0.14","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThanOrEqual":"8.1.3","versionType":"custom","changes":[{"at":"8.1.4","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2018-0015"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-320","cweId":"CWE-320"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-98504"],"advisory":"PAN-SA-2018-0015","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.1.21 and later, PAN-OS 8.0.14 and later, PAN-OS 8.1.4 and later, WF-500 running WF-500 software version 8.0.14 and later, and WF-500 running WF-500 software version 8.1.4 and later.  PAN-OS 6.1 will NOT have a fix.    For WF-500 software versions 7.1 and earlier, please consult the WildFire Administrator’s Guide for steps to upgrade the software. An online copy of all available documentation can be found here (https://www.paloaltonetworks.com/documentation).","supportingMedia":{"value":"PAN-OS 7.1.21 and later, PAN-OS 8.0.14 and later, PAN-OS 8.1.4 and later, WF-500 running WF-500 software version 8.0.14 and later, and WF-500 running WF-500 software version 8.1.4 and later.  PAN-OS 6.1 will NOT have a fix.    For WF-500 software versions 7.1 and earlier, please consult the WildFire Administrator’s Guide for steps to upgrade the software. An online copy of all available documentation can be found here (https://www.paloaltonetworks.com/documentation).","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2018-5391","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2018-09-19T20:40:00.000Z","dateReserved":"2018-09-19T20:40:00.000Z"},"containers":{"cna":{"title":"Information about FragmentSmack findings","datePublic":"2018-09-19T20:40:00.000Z","providerMetadata":{"dateUpdated":"2020-04-14T12:06:39","orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc"},"descriptions":[{"lang":"en","value":"Palo Alto Networks is aware of recent vulnerability disclosure, known as FragmentSmack, that affects Linux kernel 3.9 and later. At this time, our findings show that some Palo Alto Networks devices running specific versions of PAN-OS are vulnerable to this disclosure. (CVE-2018-5391). This security advisory will be updated as more information becomes available or if there are changes in the impact of these vulnerabilities.\nA flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. To exploit this vulnerability a remote attacker could send specially crafted packets that trigger time and calculation expensive fragment reassembly algorithms and cause CPU saturation (a denial of service on the system).  This only affects the Management Plane of PAN-OS.\nThis issue affects PAN-OS 6.1.21 and earlier running on PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series, PA-7050.     PAN-OS 7.1.19 and earlier running on PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series, PA-7050 and PA-7080.     PAN-OS 8.0.12 and earlier running on PA-200, PA-220, PA-500, PA-800 Series, PA-3000 Series, PA-5000 Series, PA-5220, PA-5250, PA-5260, PA-7050 and PA-7080.     PAN-OS 8.1.4 and earlier running on PA-200, PA-220, PA-220R, PA-500, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5000 Series, PA-5220, PA-5250, PA-5260, PA-5280, PA-7050 and PA-7080.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks is aware of recent vulnerability disclosure, known as FragmentSmack, that affects Linux kernel 3.9 and later. At this time, our findings show that some Palo Alto Networks devices running specific versions of PAN-OS are vulnerable to this disclosure. (CVE-2018-5391). This security advisory will be updated as more information becomes available or if there are changes in the impact of these vulnerabilities.\nA flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. To exploit this vulnerability a remote attacker could send specially crafted packets that trigger time and calculation expensive fragment reassembly algorithms and cause CPU saturation (a denial of service on the system).  This only affects the Management Plane of PAN-OS.\nThis issue affects PAN-OS 6.1.21 and earlier running on PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series, PA-7050.     PAN-OS 7.1.19 and earlier running on PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series, PA-7050 and PA-7080.     PAN-OS 8.0.12 and earlier running on PA-200, PA-220, PA-500, PA-800 Series, PA-3000 Series, PA-5000 Series, PA-5220, PA-5250, PA-5260, PA-7050 and PA-7080.     PAN-OS 8.1.4 and earlier running on PA-200, PA-220, PA-220R, PA-500, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5000 Series, PA-5220, PA-5250, PA-5260, PA-5280, PA-7050 and PA-7080.</pre>"}]}],"x_affectedList":["PAN-OS 8.1.4","PAN-OS 8.1.3","PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.12","PAN-OS 8.0.11-h1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.19","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 6.1.21","PAN-OS 6.1.20","PAN-OS 6.1.19","PAN-OS 6.1.18","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.21","versionType":"custom","changes":[{"at":"6.1.22","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.19","versionType":"custom","changes":[{"at":"7.1.20","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.12","versionType":"custom","changes":[{"at":"8.0.13","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThanOrEqual":"8.1.4","versionType":"custom","changes":[{"at":"8.1.5","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2018-5391"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-103132"],"advisory":"PAN-SA-2018-0012","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of PAN-OS. Our best practices guidelines strongly mitigate exposure to this vulnerability and reduce the exposure of the management interface to other potential threats. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://www.paloaltonetworks.com/documentation/81/pan-os/pan-os/getting-started/best-practices-for-securing-administrative-access.","supportingMedia":{"value":"This issue affects the management interface of PAN-OS. Our best practices guidelines strongly mitigate exposure to this vulnerability and reduce the exposure of the management interface to other potential threats. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://www.paloaltonetworks.com/documentation/81/pan-os/pan-os/getting-started/best-practices-for-securing-administrative-access.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.22, PAN-OS 7.1.20 and later, PAN-OS 8.0.13 and later, and PAN-OS 8.1.5 and later. ","supportingMedia":{"value":"PAN-OS 6.1.22, PAN-OS 7.1.20 and later, PAN-OS 8.0.13 and later, and PAN-OS 8.1.5 and later. ","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2018-10140","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2018-08-15T22:10:00.000Z","dateReserved":"2018-08-15T22:10:00.000Z"},"containers":{"cna":{"title":"Denial of Service in PAN-OS Management Web Interface ","datePublic":"2018-08-15T22:10:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:46","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A Denial of Service exists in PAN-OS Management Web Interface that allows an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. (Ref # PAN-100189, CVE-2018-10140)\nThis vulnerability can be triggered by an authenticated user sending malformed searching parameters through the Filter bar on the PAN-OS Management Web Interface. \nThis issue affects PAN-OS 8.1.2 and earlier.  PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A Denial of Service exists in PAN-OS Management Web Interface that allows an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. (Ref # PAN-100189, CVE-2018-10140)\nThis vulnerability can be triggered by an authenticated user sending malformed searching parameters through the Filter bar on the PAN-OS Management Web Interface. \nThis issue affects PAN-OS 8.1.2 and earlier.  PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected.</pre>"}]}],"x_affectedList":["PAN-OS 8.1.2","PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1","status":"affected","lessThanOrEqual":"8.1.2","versionType":"custom","changes":[{"at":"8.1.3","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2018-10140"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Mario Aaron Lopez Payes for reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW","baseScore":4.3,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-100189"],"advisory":"PAN-SA-2018-0010","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the management interface of PAN-OS. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://www.paloaltonetworks.com/documentation/81/pan-os/pan-os/getting-started/best-practices-for-securing-administrative-access ","supportingMedia":{"value":"This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the management interface of PAN-OS. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://www.paloaltonetworks.com/documentation/81/pan-os/pan-os/getting-started/best-practices-for-securing-administrative-access ","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 8.1.3 and later","supportingMedia":{"value":"PAN-OS 8.1.3 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2018-10139","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2018-08-15T22:10:00.000Z","dateReserved":"2018-08-15T22:10:00.000Z"},"containers":{"cna":{"title":"Cross-Site Scripting (XSS) in GlobalProtect Gateway","datePublic":"2018-08-15T22:10:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:46","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"descriptions":[{"lang":"en","value":"A Cross-Site Scripting (XSS) vulnerability exists in a PAN-OS response for GlobalProtect Gateway. (Ref. # PAN-84836; CVE-2018-10139)\nSuccessful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.  \nThis issue affects PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier.  PAN-OS 8.1.0 is NOT affected.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A Cross-Site Scripting (XSS) vulnerability exists in a PAN-OS response for GlobalProtect Gateway. (Ref. # PAN-84836; CVE-2018-10139)\nSuccessful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.  \nThis issue affects PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier.  PAN-OS 8.1.0 is NOT affected.</pre>"}]}],"x_affectedList":["PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.18","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 6.1.21","PAN-OS 6.1.20","PAN-OS 6.1.19","PAN-OS 6.1.18","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.21","versionType":"custom","changes":[{"at":"6.1.21","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.18","versionType":"custom","changes":[{"at":"7.1.19","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.11","versionType":"custom","changes":[{"at":"8.0.12","status":"unaffected"}]},{"version":"8.1.0","status":"unaffected","lessThan":"8.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2018-10139"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Brandon Freshour for reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-84836"],"advisory":"PAN-SA-2018-0009","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"Customers not using PAN-OS GlobalProtect gateway are not impacted by this vulnerability.","supportingMedia":{"value":"Customers not using PAN-OS GlobalProtect gateway are not impacted by this vulnerability.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.1.19 and later, PAN-OS 8.0.12 and later.  PAN-OS 8.1.0 and later are NOT affected. PAN-OS 6.1.21 and later will NOT have a fix.  Please contact your support team.","supportingMedia":{"value":"PAN-OS 7.1.19 and later, PAN-OS 8.0.12 and later.  PAN-OS 8.1.0 and later are NOT affected. PAN-OS 6.1.21 and later will NOT have a fix.  Please contact your support team.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2018-8715","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2018-07-20T00:30:00.000Z","dateReserved":"2018-07-20T00:30:00.000Z"},"containers":{"cna":{"title":"Denial of Service in PAN-OS Management Web Interface ","datePublic":"2018-07-20T00:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:47","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"Palo Alto Networks makes use of a 3rd-party component impacted by CVE-2018-8715. This issue has been confirmed to present a risk for denial of service to the PAN-OS Management Web Interface. (Ref # PAN-93089, CVE-2018-8715)\nA specially crafted HTTP POST request with an invalid “If-modified\" header field may cause a NULL dereference and cause a denial of service condition. This vulnerability can be triggered without login or authentication and could result in a crash of the management service.\nThis issue affects PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.0.  Global Protect is NOT affected.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks makes use of a 3rd-party component impacted by CVE-2018-8715. This issue has been confirmed to present a risk for denial of service to the PAN-OS Management Web Interface. (Ref # PAN-93089, CVE-2018-8715)\nA specially crafted HTTP POST request with an invalid “If-modified\" header field may cause a NULL dereference and cause a denial of service condition. This vulnerability can be triggered without login or authentication and could result in a crash of the management service.\nThis issue affects PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.0.  Global Protect is NOT affected.</pre>"}]}],"x_affectedList":["PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 6.1.20","PAN-OS 6.1.19","PAN-OS 6.1.18","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.20","versionType":"custom","changes":[{"at":"6.1.21","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.16","versionType":"custom","changes":[{"at":"7.1.17","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.9","versionType":"custom","changes":[{"at":"8.0.10","status":"unaffected"}]},{"version":"8.1.1","status":"unaffected","lessThan":"8.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2018-8715"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-287 Improper Authentication","cweId":"CWE-287"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-93089"],"advisory":"PAN-SA-2018-0008","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the management interface of PAN-OS.  Our best practices guidelines reduce the exposure of the management interface to potential attackers.  Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-started/best-practices-for-securing-administrative-access.","supportingMedia":{"value":"This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the management interface of PAN-OS.  Our best practices guidelines reduce the exposure of the management interface to potential attackers.  Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-started/best-practices-for-securing-administrative-access.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.21 and later, PAN-OS 7.1.17 and later, PAN-OS 8.0.10 and later, and PAN-OS 8.1.1 and later.   ","supportingMedia":{"value":"PAN-OS 6.1.21 and later, PAN-OS 7.1.17 and later, PAN-OS 8.0.10 and later, and PAN-OS 8.1.1 and later.   ","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2018-9335","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2018-06-29T00:00:00.000Z","dateReserved":"2018-06-29T00:00:00.000Z"},"containers":{"cna":{"title":"Cross-Site Scripting (XSS) in PAN-OS Management Web Interface","datePublic":"2018-06-29T00:00:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:47","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A Cross-Site Scripting (XSS) vulnerability exists in the PAN-OS session browser. (Ref. # PAN-93244; CVE-2018-9335)\nSuccessful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML.  An attacker would need to successfully authenticate prior to exploiting this issue.\nThis issue affects PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A Cross-Site Scripting (XSS) vulnerability exists in the PAN-OS session browser. (Ref. # PAN-93244; CVE-2018-9335)\nSuccessful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML.  An attacker would need to successfully authenticate prior to exploiting this issue.\nThis issue affects PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 6.1.20","PAN-OS 6.1.19","PAN-OS 6.1.18","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.20","versionType":"custom","changes":[{"at":"6.1.21","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.16","versionType":"custom","changes":[{"at":"7.1.17","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.9","versionType":"custom","changes":[{"at":"8.0.10","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThanOrEqual":"8.1.1","versionType":"custom","changes":[{"at":"8.1.2","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2018-9335"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Davide 'Peru' Peruzzi - GoSecure!for reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-93244"],"advisory":"PAN-SA-2018-0007","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the management interface of PAN-OS.  Our best practices guidelines reduce the exposure of the management interface to potential attackers.  Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-started/best-practices-for-securing-administrative-access.","supportingMedia":{"value":"This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the management interface of PAN-OS.  Our best practices guidelines reduce the exposure of the management interface to potential attackers.  Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-started/best-practices-for-securing-administrative-access.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.21 and later, PAN-OS 7.1.17 and later, PAN-OS 8.0.10 and later, and PAN-OS 8.1.2 and later","supportingMedia":{"value":"PAN-OS 6.1.21 and later, PAN-OS 7.1.17 and later, PAN-OS 8.0.10 and later, and PAN-OS 8.1.2 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2018-9334","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2018-06-29T00:00:00.000Z","dateReserved":"2018-06-29T00:00:00.000Z"},"containers":{"cna":{"title":"Information Disclosure in the PAN-OS Management Web Interface","datePublic":"2018-06-29T00:00:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:47","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A local privilege escalation vulnerability exists in the PAN-OS management web interface that allows the administrator to access the password hashes of local users by manipulating the HTML markup. (Ref. # PAN-91564; CVE-2018-9334)\nSuccessful exploitation of this issue requires the attacker to be authenticated.\nThis issue affects PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 ","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A local privilege escalation vulnerability exists in the PAN-OS management web interface that allows the administrator to access the password hashes of local users by manipulating the HTML markup. (Ref. # PAN-91564; CVE-2018-9334)\nSuccessful exploitation of this issue requires the attacker to be authenticated.\nThis issue affects PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 </pre>"}]}],"x_affectedList":["PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 6.1.20","PAN-OS 6.1.19","PAN-OS 6.1.18","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.20","versionType":"custom","changes":[{"at":"6.1.21","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.16","versionType":"custom","changes":[{"at":"7.1.17","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.8","versionType":"custom","changes":[{"at":"8.0.9","status":"unaffected"}]},{"version":"8.1.1","status":"unaffected","lessThan":"8.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2018-9334"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Bill Chaison from GCI Inc. for reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-269 Improper Privilege Management","cweId":"CWE-269"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-91564"],"advisory":"PAN-SA-2018-0005","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the management interface of PAN-OS.  Our best practices guidelines reduce the exposure of the management interface to potential attackers.  Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-started/best-practices-for-securing-administrative-access.","supportingMedia":{"value":"This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the management interface of PAN-OS.  Our best practices guidelines reduce the exposure of the management interface to potential attackers.  Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-started/best-practices-for-securing-administrative-access.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.21 and later, PAN-OS 7.1.17 and later, PAN-OS 8.0.9 and later, and PAN-OS 8.1.1 and later","supportingMedia":{"value":"PAN-OS 6.1.21 and later, PAN-OS 7.1.17 and later, PAN-OS 8.0.9 and later, and PAN-OS 8.1.1 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2018-9337","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2018-06-29T00:00:00.000Z","dateReserved":"2018-06-29T00:00:00.000Z"},"containers":{"cna":{"title":"Cross-Site Scripting (XSS) in PAN-OS Management Web Interface","datePublic":"2018-06-29T00:00:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:47","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A Cross-Site Scripting (XSS) vulnerability exists in a PAN-OS web interface administration page. (Ref. # PAN-93242; CVE-2018-9337)\nSuccessful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML  An attacker would need to successfully authenticate prior to exploiting this issue.\nThis issue affects PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A Cross-Site Scripting (XSS) vulnerability exists in a PAN-OS web interface administration page. (Ref. # PAN-93242; CVE-2018-9337)\nSuccessful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML  An attacker would need to successfully authenticate prior to exploiting this issue.\nThis issue affects PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 8.1.1","PAN-OS 8.1.0","PAN-OS 8.1","PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.17","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 6.1.20","PAN-OS 6.1.19","PAN-OS 6.1.18","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.20","versionType":"custom","changes":[{"at":"6.1.21","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.17","versionType":"custom","changes":[{"at":"7.1.18","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.10","versionType":"custom","changes":[{"at":"8.0.11-h1","status":"unaffected"}]},{"version":"8.1","status":"affected","lessThanOrEqual":"8.1.1","versionType":"custom","changes":[{"at":"8.1.2","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2018-9337"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Davide 'Peru' Peruzzi - GoSecure!for reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-93242"],"advisory":"PAN-SA-2018-0006","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at:https://www.paloaltonetworks.com/documentation/81/pan-os/pan-os/getting-started/best-practices-for-securing-administrative-access.","supportingMedia":{"value":"This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at:https://www.paloaltonetworks.com/documentation/81/pan-os/pan-os/getting-started/best-practices-for-securing-administrative-access.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.21 and later, PAN-OS 7.1.18 and later, PAN-OS 8.0.11-h1 and later, and PAN-OS 8.1.2 and later","supportingMedia":{"value":"PAN-OS 6.1.21 and later, PAN-OS 7.1.18 and later, PAN-OS 8.0.11-h1 and later, and PAN-OS 8.1.2 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2018-9242","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2018-06-29T00:00:00.000Z","dateReserved":"2018-06-29T00:00:00.000Z"},"containers":{"cna":{"title":"Local Privilege Escalation in Management Web Interface","datePublic":"2018-06-29T00:00:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:47","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists in the Management web interface that could allow local privilege escalation. The Management web interface does not properly validate specific request parameters, which can potentially allow deletion of files in the system.  (Ref. # PAN-90954; CVE-2018-9242)\nSuccessful exploitation of this issue requires the attacker to be authenticated.\nThis issue affects PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier.  PAN-OS 8.1 is not affected.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in the Management web interface that could allow local privilege escalation. The Management web interface does not properly validate specific request parameters, which can potentially allow deletion of files in the system.  (Ref. # PAN-90954; CVE-2018-9242)\nSuccessful exploitation of this issue requires the attacker to be authenticated.\nThis issue affects PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier.  PAN-OS 8.1 is not affected.</pre>"}]}],"x_affectedList":["PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.16","PAN-OS 7.1.15","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 6.1.20","PAN-OS 6.1.19","PAN-OS 6.1.18","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.20","versionType":"custom","changes":[{"at":"6.1.21","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.16","versionType":"custom","changes":[{"at":"7.1.17","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.9","versionType":"custom","changes":[{"at":"8.0.10","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2018-9242"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Xinming Nie with Aisinfo-Secfor reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-90954"],"advisory":"PAN-SA-2018-0004","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the web-based management interface of PAN-OS andis strongly mitigated by following best practices for securing the management interface of PAN-OS.  Our best practices guidelines reduce the exposure of the management interface to potential attackers.  Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-started/best-practices-for-securing-administrative-access.","supportingMedia":{"value":"This issue affects the web-based management interface of PAN-OS andis strongly mitigated by following best practices for securing the management interface of PAN-OS.  Our best practices guidelines reduce the exposure of the management interface to potential attackers.  Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-started/best-practices-for-securing-administrative-access.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.21 and later, PAN-OS 7.1.17 and later, PAN-OS 8.0.10 and later","supportingMedia":{"value":"PAN-OS 6.1.21 and later, PAN-OS 7.1.17 and later, PAN-OS 8.0.10 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2018-7636","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2018-06-27T04:45:00.000Z","dateReserved":"2018-06-27T04:45:00.000Z"},"containers":{"cna":{"title":"Cross Site Scripting in PAN-OS","datePublic":"2018-06-27T04:45:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:47","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A Cross-Site Scripting (XSS) vulnerability exists in the PAN-OS URL filtering “continue page” (Ref # PAN-OS 90835, CVE-2018-7636).  PAN-OS software does not properly validate specific request parameters.\nSuccessful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML in specially crafted URLs that link to a URL filtering “continue page” hosted by the firewall.\nThis issue affects PAN-OS major release PAN-OS 8.0 is affected (PAN-OS 8.0.10 and earlier).  Other PAN-OS major releases are not affected (8.1.x, 7.1.x, 6.1.x).","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A Cross-Site Scripting (XSS) vulnerability exists in the PAN-OS URL filtering “continue page” (Ref # PAN-OS 90835, CVE-2018-7636).  PAN-OS software does not properly validate specific request parameters.\nSuccessful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML in specially crafted URLs that link to a URL filtering “continue page” hosted by the firewall.\nThis issue affects PAN-OS major release PAN-OS 8.0 is affected (PAN-OS 8.0.10 and earlier).  Other PAN-OS major releases are not affected (8.1.x, 7.1.x, 6.1.x).</pre>"}]}],"x_affectedList":["PAN-OS 8.0.10","PAN-OS 8.0.9","PAN-OS 8.0.8","PAN-OS 8.0.7","PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.1.*","status":"unaffected"},{"version":"7.1.*","status":"unaffected"},{"version":"6.1.*","status":"unaffected"},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.10","versionType":"custom","changes":[{"at":"8.0.11-h1","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2018-7636"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Ayushman Dutta for reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-90835"],"advisory":"PAN-SA-2018-0003","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue impacts the continue page and admin override page, but does not impact the block page.  URL filtering configurations that only use the “block” page but not the continue page or admin override feature are not impacted.","supportingMedia":{"value":"This issue impacts the continue page and admin override page, but does not impact the block page.  URL filtering configurations that only use the “block” page but not the continue page or admin override feature are not impacted.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 8.0.11-h1 and later.  PAN-OS major releases 8.1.x, 7.1.x, and 6.1.x are not impacted.","supportingMedia":{"value":"PAN-OS 8.0.11-h1 and later.  PAN-OS major releases 8.1.x, 7.1.x, and 6.1.x are not impacted.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-16878","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2018-01-02T18:09:00.000Z","dateReserved":"2018-01-02T18:09:00.000Z"},"containers":{"cna":{"title":"Cross Site Scripting in PAN-OS Captive Portal","datePublic":"2018-01-02T18:09:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:45","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists in PAN-OS Captive Portal that could allow for a cross-site scripting (XSS) attack to be performed against clients viewing the captive portal page when configured in a certain way. (Ref # PAN-85238  / CVE-2017-16878)\nSuccessful exploitation of this issue may allow an attacker to inject arbitrary javascript or HTML.\nThis issue affects PAN-OS 8.0.6-h3 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in PAN-OS Captive Portal that could allow for a cross-site scripting (XSS) attack to be performed against clients viewing the captive portal page when configured in a certain way. (Ref # PAN-85238  / CVE-2017-16878)\nSuccessful exploitation of this issue may allow an attacker to inject arbitrary javascript or HTML.\nThis issue affects PAN-OS 8.0.6-h3 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.6-h3","versionType":"custom","changes":[{"at":"8.0.7","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-16878"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Shaun Wheelhouse for reporting this issue to us."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-85238"],"advisory":"PAN-SA-2017-0031","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"Customers not using the Captive Portal function within PAN-OS are not impacted by this vulnerability.","supportingMedia":{"value":"Customers not using the Captive Portal function within PAN-OS are not impacted by this vulnerability.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 8.0.7 and later.","supportingMedia":{"value":"PAN-OS 8.0.7 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-15941","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2018-01-02T18:09:00.000Z","dateReserved":"2018-01-02T18:09:00.000Z"},"containers":{"cna":{"title":"Cross Site Scripting Vulnerability in PAN-OS GlobalProtect","datePublic":"2018-01-02T18:09:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:45","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists in PAN-OS  GlobalProtect when either the gateway or the portal are configured. This issue could allow for a cross-site scripting (XSS) attack. (Ref # PAN-81586 / CVE-2017-15941)\nSuccessful exploitation of this issue may allow an attacker to inject arbitrary javascript or HTML.\nThis issue affects PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.13 and earlier, PAN-OS 8.0.6-h3 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in PAN-OS  GlobalProtect when either the gateway or the portal are configured. This issue could allow for a cross-site scripting (XSS) attack. (Ref # PAN-81586 / CVE-2017-15941)\nSuccessful exploitation of this issue may allow an attacker to inject arbitrary javascript or HTML.\nThis issue affects PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.13 and earlier, PAN-OS 8.0.6-h3 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.18","PAN-OS 7.0.17","PAN-OS 7.0.16","PAN-OS 7.0.15","PAN-OS 7.0.14","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.18","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.18","versionType":"custom","changes":[{"at":"6.1.19","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.18","versionType":"custom","changes":[{"at":"7.0.19","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.13","versionType":"custom","changes":[{"at":"7.1.14","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.6-h3","versionType":"custom","changes":[{"at":"8.0.7","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-15941"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Oliver Briem  from Paypal Inc. for reporting this issue to us."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-81586"],"advisory":"PAN-SA-2017-0030","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"Customers not using PAN-OS GlobalProtect portal or gateway are not impacted by this vulnerability.","supportingMedia":{"value":"Customers not using PAN-OS GlobalProtect portal or gateway are not impacted by this vulnerability.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.19 and later, PAN-OS 7.0.19 and later, PAN-OS 7.1.14 and later, PAN-OS 8.0.7 and later.","supportingMedia":{"value":"PAN-OS 6.1.19 and later, PAN-OS 7.0.19 and later, PAN-OS 7.1.14 and later, PAN-OS 8.0.7 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-17841","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2018-01-02T18:09:00.000Z","dateReserved":"2018-01-02T18:09:00.000Z","dateUpdated":"2022-06-24T00:00:00.000000Z"},"containers":{"cna":{"title":"ROBOT attack against PAN-OS","datePublic":"2018-01-02T18:09:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:45","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"ROBOT is an attack that affects the TLS RSA key exchange and could lead to decryption of captured sessions if the TLS server originally serving said captured session is still alive, vulnerable and using the same private key. (PAN-89936 / CVE-2017-17841)\nWhile SSL Decryption and GlobalProtect are susceptible to this issue, PAN-OS can be protected with use of content update 757, and further mitigated through the configuration changes described below under \"Workarounds and Mitigations\".\nThis issue affects PAN-OS 6.1.19 and earlier, PAN-OS 7.1.14 and earlier, PAN-OS 8.0.6-h3 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>ROBOT is an attack that affects the TLS RSA key exchange and could lead to decryption of captured sessions if the TLS server originally serving said captured session is still alive, vulnerable and using the same private key. (PAN-89936 / CVE-2017-17841)\nWhile SSL Decryption and GlobalProtect are susceptible to this issue, PAN-OS can be protected with use of content update 757, and further mitigated through the configuration changes described below under \"Workarounds and Mitigations\".\nThis issue affects PAN-OS 6.1.19 and earlier, PAN-OS 7.1.14 and earlier, PAN-OS 8.0.6-h3 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 8.0.6-h3","PAN-OS 8.0.6-h2","PAN-OS 8.0.6-h1","PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.14","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 6.1.19","PAN-OS 6.1.18","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.19","versionType":"custom","changes":[{"at":"6.1.20","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.14","versionType":"custom","changes":[{"at":"7.1.15","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.6-h3","versionType":"custom","changes":[{"at":"8.0.7","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-17841"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.9,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"NVD-CWE-noinfo"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-89936"],"advisory":"PAN-SA-2017-0032","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"Customers running PAN-OS 7.1 or later can configure their SSL Decryption profiles to disable RSA. If the GlobalProtect server certificate is using RSA, customers running PAN-OS 7.1 or later can opt to replace this certificate with one implementing the Elliptic Curve DSA algorithm as a safer alternative. In addition, Palo Alto Networks has released content update 757 which includes a vulnerability signature (\"TLS Network Security Protocol Information Disclosure Vulnerability - ROBOT\", #38407) that can be used as an interim mitigation to protect PAN-OS devices until the software is upgraded. For complete protection, signature #38407 must be applied upstream from any interfaces implementing SSL Decryption, or hosting a GlobalProtect portal or a GlobalProtect gateway.","supportingMedia":{"value":"Customers running PAN-OS 7.1 or later can configure their SSL Decryption profiles to disable RSA. If the GlobalProtect server certificate is using RSA, customers running PAN-OS 7.1 or later can opt to replace this certificate with one implementing the Elliptic Curve DSA algorithm as a safer alternative. In addition, Palo Alto Networks has released content update 757 which includes a vulnerability signature (\"TLS Network Security Protocol Information Disclosure Vulnerability - ROBOT\", #38407) that can be used as an interim mitigation to protect PAN-OS devices until the software is upgraded. For complete protection, signature #38407 must be applied upstream from any interfaces implementing SSL Decryption, or hosting a GlobalProtect portal or a GlobalProtect gateway.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"This issue is fixed in PAN-OS 6.1.20, PAN-OS 7.1.15, PAN-OS 8.0.7, and all later PAN-OS versions.","supportingMedia":{"value":"This issue is fixed in PAN-OS 6.1.20, PAN-OS 7.1.15, PAN-OS 8.0.7, and all later PAN-OS versions.","type":"text/html","base64":false}}],"timeline":[{"time":"2022-06-24T03:45:00.000Z","lang":"eng","value":"Clarified that this issue is fixed in all later PAN-OS versions."}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-15940","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-12-06T00:15:10.000Z","dateReserved":"2017-12-06T00:15:10.000Z"},"containers":{"cna":{"title":"Command Injection in PAN-OS ","datePublic":"2017-12-06T00:15:10.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:45","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists in the PAN-OS web interface packet capture management that could allow an authenticated user to inject arbitrary commands. (Ref # PAN-81892 / CVE-2017-15940)\nPAN-OS contains a vulnerability that may allow for post authentication command injection\nThis issue affects PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.13 and earlier, PAN-OS 8.0.6 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in the PAN-OS web interface packet capture management that could allow an authenticated user to inject arbitrary commands. (Ref # PAN-81892 / CVE-2017-15940)\nPAN-OS contains a vulnerability that may allow for post authentication command injection\nThis issue affects PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.13 and earlier, PAN-OS 8.0.6 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 8.0.6","PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.18","PAN-OS 7.0.17","PAN-OS 7.0.16","PAN-OS 7.0.15","PAN-OS 7.0.14","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.18","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.18","versionType":"custom","changes":[{"at":"6.1.19","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.18","versionType":"custom","changes":[{"at":"7.0.19","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.13","versionType":"custom","changes":[{"at":"7.1.14","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.6","versionType":"custom","changes":[{"at":"8.0.6","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-15940"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Won Lae Lee and Hwang, Gyu Won from Samsung for reporting this issue"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')","cweId":"CWE-77"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-81892"],"advisory":"PAN-SA-2017-0028","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Palo Alto Networks has released content update 765 including vulnerability signatures #30998 that can be used as an interim mitigation to protect PAN-OS devices until the device software is upgraded. Note that signatures 30998 must be applied to a firewall rule securing traffic destined for the Management interface. This issue affects the management interface of the device and is strongly mitigated by following best practices for the isolation of management interfaces for security appliances. We recommend that the management interface be isolated and strictly limited only to security administration personnel through either network segmentation or using the IP access control list restriction feature within PAN-OS. An alternative mitigation includes the use of a Panorama central manager and disabling of http and https management on each of the vulnerable appliance, then use the Panorama context switching feature to remotely access the web interface of the device.","supportingMedia":{"value":"Palo Alto Networks has released content update 765 including vulnerability signatures #30998 that can be used as an interim mitigation to protect PAN-OS devices until the device software is upgraded. Note that signatures 30998 must be applied to a firewall rule securing traffic destined for the Management interface. This issue affects the management interface of the device and is strongly mitigated by following best practices for the isolation of management interfaces for security appliances. We recommend that the management interface be isolated and strictly limited only to security administration personnel through either network segmentation or using the IP access control list restriction feature within PAN-OS. An alternative mitigation includes the use of a Panorama central manager and disabling of http and https management on each of the vulnerable appliance, then use the Panorama context switching feature to remotely access the web interface of the device.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.19 and later, PAN-OS 7.0.19 and later, PAN-OS 7.1.14 and later, PAN-OS 8.0.6-h3 and later","supportingMedia":{"value":"PAN-OS 6.1.19 and later, PAN-OS 7.0.19 and later, PAN-OS 7.1.14 and later, PAN-OS 8.0.6-h3 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-15944","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-12-06T00:05:10.000Z","dateReserved":"2017-12-06T00:05:10.000Z"},"containers":{"cna":{"title":"Vulnerability in PAN-OS and Panorama on Management Interface","datePublic":"2017-12-06T00:05:10.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:45","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"Through the exploitation of a combination of unrelated vulnerabilities, and via the management interface of the device, an attacker could remotely execute code on PAN-OS or Panorama in the context of the highest privileged user. (Ref # PAN-61094 / PAN-80990 / PAN-80993 / PAN-80994 / CVE-2017-15944)\nPAN-OS and Panorama contains multiple vulnerabilities that, when exploited in conjunction could lead to remote code execution prior to authentication.\nThis issue affects PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, and PAN-OS 7.1.13 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Through the exploitation of a combination of unrelated vulnerabilities, and via the management interface of the device, an attacker could remotely execute code on PAN-OS or Panorama in the context of the highest privileged user. (Ref # PAN-61094 / PAN-80990 / PAN-80993 / PAN-80994 / CVE-2017-15944)\nPAN-OS and Panorama contains multiple vulnerabilities that, when exploited in conjunction could lead to remote code execution prior to authentication.\nThis issue affects PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, and PAN-OS 7.1.13 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.18","PAN-OS 7.0.17","PAN-OS 7.0.16","PAN-OS 7.0.15","PAN-OS 7.0.14","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.18","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.18","versionType":"custom","changes":[{"at":"6.1.19","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.18","versionType":"custom","changes":[{"at":"7.0.19","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.13","versionType":"custom","changes":[{"at":"7.1.14","status":"unaffected"}]},{"version":"8.0.6","status":"unaffected","lessThan":"8.0*","versionType":"custom","changes":[{"at":"8.0","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-15944"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Philip Pettersson for reporting this issue"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"NVD-CWE-noinfo"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-61094","PAN-80990","PAN-80993","PAN-80994"],"advisory":"PAN-SA-2017-0027","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Palo Alto Networks has released content update 756 including vulnerability signatures #40483 and #40484 that can be used as an interim mitigation to protect PAN-OS devices until the device software is upgraded. Note that signatures 40483 and 40484 must be applied to a firewall rule securing traffic destined for the Management interface. This issue affects the management interface of the device and is strongly mitigated by following best practices for the isolation of management interfaces for security appliances. We recommend that the management interface be isolated and strictly limited only to security administration personnel through either network segmentation or using the IP access control list restriction feature within PAN-OS.  An alternative mitigation includes the use of a Panorama central manager and disabling of http and https management on each of the vulnerable appliance, then use the Panorama context switching feature to remotely access the web interface of the device.","supportingMedia":{"value":"Palo Alto Networks has released content update 756 including vulnerability signatures #40483 and #40484 that can be used as an interim mitigation to protect PAN-OS devices until the device software is upgraded. Note that signatures 40483 and 40484 must be applied to a firewall rule securing traffic destined for the Management interface. This issue affects the management interface of the device and is strongly mitigated by following best practices for the isolation of management interfaces for security appliances. We recommend that the management interface be isolated and strictly limited only to security administration personnel through either network segmentation or using the IP access control list restriction feature within PAN-OS.  An alternative mitigation includes the use of a Panorama central manager and disabling of http and https management on each of the vulnerable appliance, then use the Panorama context switching feature to remotely access the web interface of the device.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.19 and later, PAN-OS 7.0.19 and later, PAN-OS 7.1.14 and later.  An update in PAN-OS 8.0.6 also includes patches related to this vulnerability, however PAN-OS 8.0 is not remotely exploitable by an unauthenticated user using this vulnerability.","supportingMedia":{"value":"PAN-OS 6.1.19 and later, PAN-OS 7.0.19 and later, PAN-OS 7.1.14 and later.  An update in PAN-OS 8.0.6 also includes patches related to this vulnerability, however PAN-OS 8.0 is not remotely exploitable by an unauthenticated user using this vulnerability.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-15943","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-12-06T00:05:01.000Z","dateReserved":"2017-12-06T00:05:01.000Z"},"containers":{"cna":{"title":"Server-Side Request Forgery in PAN-OS","datePublic":"2017-12-06T00:05:01.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:45","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists in the PAN-OS web interface in the configuration file import for applications, spyware and vulnerability objects. Exploitation of this vulnerability allows for the parsing of external entities and could lead a PAN-OS device to connect to and disclose limited information to the attacker's server. (Ref # PAN-80452  / CVE-2017-15943)\nPAN-OS contains a vulnerability that may allow for an attacker to perform Server-Side Request Forgery. Successful exploitation of this issue may allow an attacker to disclose limited information to an attacker's server.\nThis issue affects PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.13 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in the PAN-OS web interface in the configuration file import for applications, spyware and vulnerability objects. Exploitation of this vulnerability allows for the parsing of external entities and could lead a PAN-OS device to connect to and disclose limited information to the attacker's server. (Ref # PAN-80452  / CVE-2017-15943)\nPAN-OS contains a vulnerability that may allow for an attacker to perform Server-Side Request Forgery. Successful exploitation of this issue may allow an attacker to disclose limited information to an attacker's server.\nThis issue affects PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.13 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 7.1.13","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.18","PAN-OS 7.0.17","PAN-OS 7.0.16","PAN-OS 7.0.15","PAN-OS 7.0.14","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.18","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.18","versionType":"custom","changes":[{"at":"6.1.19","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.18","versionType":"custom","changes":[{"at":"7.0.19","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.13","versionType":"custom","changes":[{"at":"7.1.14","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-15943"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Ekzhin Ear from NATO for reporting this issue"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-918 Server-Side Request Forgery (SSRF)","cweId":"CWE-918"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-80452"],"advisory":"PAN-SA-2017-0026","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device and is strongly mitigated by following best practices for the isolation of management interfaces for security appliances.  We recommend that the management interface be isolated and strictly limited only to security administration personnel through either network segmentation or using the IP access control list restriction feature within PAN-OS.","supportingMedia":{"value":"This issue affects the management interface of the device and is strongly mitigated by following best practices for the isolation of management interfaces for security appliances.  We recommend that the management interface be isolated and strictly limited only to security administration personnel through either network segmentation or using the IP access control list restriction feature within PAN-OS.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.19 and later, PAN-OS 7.0.19 and later, PAN-OS 7.1.14 and later","supportingMedia":{"value":"PAN-OS 6.1.19 and later, PAN-OS 7.0.19 and later, PAN-OS 7.1.14 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-15942","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-12-06T00:00:00","dateReserved":"2017-12-06T00:00:00","dateUpdated":"2020-05-18T00:00:00.000000Z"},"containers":{"cna":{"title":"Denial of Service Against GlobalProtect","datePublic":"2017-12-06T00:00:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:45","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists in PAN-OS that could lead to denying access to GlobalProtect portal, GlobalProtect gateway or preventing configuration commits. (Ref # PAN-78127 / CVE-2017-15942)\nPAN-OS contains a vulnerability in GlobalProtect that may allow a non-authenticated third party to mount a Denial of Service attack against the GlobalProtect portal, GlobalProtect gateway or preventing configuration commits. This vulnerability is only available when the GlobalProtect gateway or portal is running.\nThis issue affects PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.12 and earlier, PAN-OS 8.0.5 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in PAN-OS that could lead to denying access to GlobalProtect portal, GlobalProtect gateway or preventing configuration commits. (Ref # PAN-78127 / CVE-2017-15942)\nPAN-OS contains a vulnerability in GlobalProtect that may allow a non-authenticated third party to mount a Denial of Service attack against the GlobalProtect portal, GlobalProtect gateway or preventing configuration commits. This vulnerability is only available when the GlobalProtect gateway or portal is running.\nThis issue affects PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.12 and earlier, PAN-OS 8.0.5 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 8.0.5","PAN-OS 8.0.4","PAN-OS 8.0.3-h4","PAN-OS 8.0.3-h3","PAN-OS 8.0.3-h2","PAN-OS 8.0.3-h1","PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.12","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.18","PAN-OS 7.0.17","PAN-OS 7.0.16","PAN-OS 7.0.15","PAN-OS 7.0.14","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.18","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.18","versionType":"custom","changes":[{"at":"6.1.19","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.18","versionType":"custom","changes":[{"at":"7.0.19","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.12","versionType":"custom","changes":[{"at":"7.1.13","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.5","versionType":"custom","changes":[{"at":"8.0.6","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-15942"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Craig Stephen and Martin Ferris from Net Consulting for reporting this issue to us."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-399 Resource Management Errors","cweId":"CWE-399"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-78127"],"advisory":"PAN-SA-2017-0025","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This vulnerability is only available when the GlobalProtect gateway or portal is running.","supportingMedia":{"value":"This vulnerability is only available when the GlobalProtect gateway or portal is running.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.19 and later, PAN-OS 7.0.19 and later, PAN-OS 7.1.13 and later, PAN-OS 8.0.6 and later","supportingMedia":{"value":"PAN-OS 6.1.19 and later, PAN-OS 7.0.19 and later, PAN-OS 7.1.13 and later, PAN-OS 8.0.6 and later","type":"text/html","base64":false}}],"timeline":[{"time":"2017-12-06T00:00:00.000Z","lang":"eng","value":"Initial publication"},{"time":"2020-05-18T16:00:00.000Z","lang":"eng","value":"Updated credit statement"}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-9458","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-08-30T23:00:03.000Z","dateReserved":"2017-08-30T23:00:03.000Z"},"containers":{"cna":{"title":"XML External Entity (XXE) in PAN-OS ","datePublic":"2017-08-30T23:00:03.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:46","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists in PAN-OS’s GlobalProtect internal and external gateway interface that could allow for XML External Entity (XXE) attack. PAN-OS does not properly parse XML input. (Ref # PAN-75688 / CVE-2017-9458)\nSuccessful exploitation of this issue may allow disclosure of information, denial of service or server side request forgery.\r\nThis issue affects PAN-OS 6.1.17 and earlier, PAN-OS 7.0.16 and earlier, PAN-OS 7.1.11 and earlier, PAN-OS 8.0.2 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in PAN-OS’s GlobalProtect internal and external gateway interface that could allow for XML External Entity (XXE) attack. PAN-OS does not properly parse XML input. (Ref # PAN-75688 / CVE-2017-9458)\nSuccessful exploitation of this issue may allow disclosure of information, denial of service or server side request forgery.\r\nThis issue affects PAN-OS 6.1.17 and earlier, PAN-OS 7.0.16 and earlier, PAN-OS 7.1.11 and earlier, PAN-OS 8.0.2 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.16","PAN-OS 7.0.15","PAN-OS 7.0.14","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.17","versionType":"custom","changes":[{"at":"6.1.18","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.16","versionType":"custom","changes":[{"at":"7.0.17","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.11","versionType":"custom","changes":[{"at":"7.1.12","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.2","versionType":"custom","changes":[{"at":"8.0.3","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-9458"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Alejandro Iacobelli and Nicolas Videla from Mercadolibre for reporting (CVE-2017-9458).  \r"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-611 Improper Restriction of XML External Entity Reference","cweId":"CWE-611"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-75688"],"advisory":"PAN-SA-2017-0024","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Customers that have not configured GlobalProtect are not affected by this issue.\r","supportingMedia":{"value":"Customers that have not configured GlobalProtect are not affected by this issue.\r","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.18 and later, PAN-OS 7.0.17 and later, PAN-OS 7.1.12 and later, PAN-OS 8.0.3 and later\r","supportingMedia":{"value":"PAN-OS 6.1.18 and later, PAN-OS 7.0.17 and later, PAN-OS 7.1.12 and later, PAN-OS 8.0.3 and later\r","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-12416","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-08-30T23:00:02.000Z","dateReserved":"2017-08-30T23:00:02.000Z"},"containers":{"cna":{"title":"Cross-Site Scripting in PAN-OS ","datePublic":"2017-08-30T23:00:02.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:45","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists in PAN-OS’s GlobalProtect internal and external gateway interface. This issue could allow for a cross-site scripting (XSS) attack. PAN-OS does not properly validate specific request parameters.  (Ref # PAN-76003 / CVE-2017-12416)\nSuccessful exploitation of this issue may allow an attacker to inject arbitrary Java script or HTML.\r\nThis issue affects PAN-OS 6.1.17 and earlier, PAN-OS 7.0.16 and earlier, PAN-OS 7.1.11 and earlier, PAN-OS 8.0.2 and earlier\r","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in PAN-OS’s GlobalProtect internal and external gateway interface. This issue could allow for a cross-site scripting (XSS) attack. PAN-OS does not properly validate specific request parameters.  (Ref # PAN-76003 / CVE-2017-12416)\nSuccessful exploitation of this issue may allow an attacker to inject arbitrary Java script or HTML.\r\nThis issue affects PAN-OS 6.1.17 and earlier, PAN-OS 7.0.16 and earlier, PAN-OS 7.1.11 and earlier, PAN-OS 8.0.2 and earlier\r</pre>"}]}],"x_affectedList":["PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.16","PAN-OS 7.0.15","PAN-OS 7.0.14","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.17","versionType":"custom","changes":[{"at":"6.1.18","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.16","versionType":"custom","changes":[{"at":"7.0.17","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.11","versionType":"custom","changes":[{"at":"7.1.12","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.2","versionType":"custom","changes":[{"at":"8.0.3","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-12416"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Sonal Shrivastava of PayPal for reporting this issue to us."}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-76003"],"advisory":"PAN-SA-2017-0023","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Customers that have not configured GlobalProtect are not affected by this issue.","supportingMedia":{"value":"Customers that have not configured GlobalProtect are not affected by this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.18 and later, PAN-OS 7.0.17 and later, PAN-OS 7.1.12 and later, PAN-OS 8.0.3 and later\r","supportingMedia":{"value":"PAN-OS 6.1.18 and later, PAN-OS 7.0.17 and later, PAN-OS 7.1.12 and later, PAN-OS 8.0.3 and later\r","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-6460","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-07-27T17:15:00.000Z","dateReserved":"2017-07-27T17:15:00.000Z"},"containers":{"cna":{"title":"NTP Vulnerability","datePublic":"2017-07-27T17:15:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:46","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"The Network Time Protocol (NTP) library has been found to contain a vulnerability CVE-2017-6460. Palo Alto Networks software makes use of the vulnerable library and may be affected. This issue only affects the management plane of the firewall. (Ref # PAN-76130 / CVE-2017-6460)\nSuccessful exploitation of this issue requires an attacker to be on the management interface.\nThis issue affects PAN-OS 6.1, PAN-OS 7.0.17 and earlier, PAN-OS 7.1.11 and earlier, PAN-OS 8.0.3 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The Network Time Protocol (NTP) library has been found to contain a vulnerability CVE-2017-6460. Palo Alto Networks software makes use of the vulnerable library and may be affected. This issue only affects the management plane of the firewall. (Ref # PAN-76130 / CVE-2017-6460)\nSuccessful exploitation of this issue requires an attacker to be on the management interface.\nThis issue affects PAN-OS 6.1, PAN-OS 7.0.17 and earlier, PAN-OS 7.1.11 and earlier, PAN-OS 8.0.3 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 8.0.3","PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.11","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.17","PAN-OS 7.0.16","PAN-OS 7.0.15","PAN-OS 7.0.14","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.22","PAN-OS 6.1.21","PAN-OS 6.1.20","PAN-OS 6.1.19","PAN-OS 6.1.18","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1.*","status":"affected"},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.11","versionType":"custom","changes":[{"at":"7.1.12","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.3","versionType":"custom","changes":[{"at":"8.0.4","status":"unaffected"}]},{"version":"7.0.18","status":"unaffected","lessThan":"7.0*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-6460"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer","cweId":"CWE-119"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-76130"],"advisory":"PAN-SA-2017-0022","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.\n","supportingMedia":{"value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.\n","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.0.18 or later, PAN-OS 7.1.12 or later, PAN-OS 8.0.4 or later\n","supportingMedia":{"value":"PAN-OS 7.0.18 or later, PAN-OS 7.1.12 or later, PAN-OS 8.0.4 or later\n","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-8390","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-07-20T20:10:04.000Z","dateReserved":"2017-07-20T20:10:04.000Z"},"containers":{"cna":{"title":"Vulnerability in the PAN-OS DNS Proxy","datePublic":"2017-07-20T20:10:04.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:46","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A Remote Code Execution vulnerability exists in the PAN-OS DNS Proxy. This issue affects customers who have DNS Proxy enabled in PAN-OS. This issue affects both the Data and Management planes of the firewall. When DNS Proxy processes a specially crafted fully qualified domain names (FQDN), it is possible to execute code on the firewall. (ref # PAN-77516 / CVE-2017-8390).\nSuccessful exploitation of this issue could allow an attacker to execute code on the firewall.\nThis issue affects PAN-OS 6.1.17 and earlier, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.9 and earlier, PAN-OS 8.0.2 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A Remote Code Execution vulnerability exists in the PAN-OS DNS Proxy. This issue affects customers who have DNS Proxy enabled in PAN-OS. This issue affects both the Data and Management planes of the firewall. When DNS Proxy processes a specially crafted fully qualified domain names (FQDN), it is possible to execute code on the firewall. (ref # PAN-77516 / CVE-2017-8390).\nSuccessful exploitation of this issue could allow an attacker to execute code on the firewall.\nThis issue affects PAN-OS 6.1.17 and earlier, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.9 and earlier, PAN-OS 8.0.2 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.15","PAN-OS 7.0.14","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.17","versionType":"custom","changes":[{"at":"6.1.18","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.15","versionType":"custom","changes":[{"at":"7.0.16","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.9","versionType":"custom","changes":[{"at":"7.1.10","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.2","versionType":"custom","changes":[{"at":"8.0.3","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-8390"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-77516"],"advisory":"PAN-SA-2017-0021","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Palo Alto Networks recommends disabling DNS Proxy for those customers who are affected and are unable to apply the update.","supportingMedia":{"value":"Palo Alto Networks recommends disabling DNS Proxy for those customers who are affected and are unable to apply the update.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.18 and later, PAN-OS 7.0.16 and later, PAN-OS 7.1.10 and later, PAN-OS 8.0.3 and later","supportingMedia":{"value":"PAN-OS 6.1.18 and later, PAN-OS 7.0.16 and later, PAN-OS 7.1.10 and later, PAN-OS 8.0.3 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-9467","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-07-20T20:10:03.000Z","dateReserved":"2017-07-20T20:10:03.000Z"},"containers":{"cna":{"title":"Cross-Site Scripting in PAN-OS","datePublic":"2017-07-20T20:10:03.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:46","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for a cross-site scripting (XSS) attack. PAN-OS does not properly validate specific request parameters.  (Ref # PAN-77294 / CVE-2017-9467)\nSuccessful exploitation of this issue may allow an attacker to inject arbitrary Java script or HTML.\nThis issue affects PAN-OS 6.1.17 and earlier, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.10 and earlier, PAN-OS 8.0.2 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for a cross-site scripting (XSS) attack. PAN-OS does not properly validate specific request parameters.  (Ref # PAN-77294 / CVE-2017-9467)\nSuccessful exploitation of this issue may allow an attacker to inject arbitrary Java script or HTML.\nThis issue affects PAN-OS 6.1.17 and earlier, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.10 and earlier, PAN-OS 8.0.2 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.15","PAN-OS 7.0.14","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.17","versionType":"custom","changes":[{"at":"6.1.18","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.15","versionType":"custom","changes":[{"at":"7.0.16","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.10","versionType":"custom","changes":[{"at":"7.1.11","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.2","versionType":"custom","changes":[{"at":"8.0.3","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-9467"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Jarrod Phelps from Uber for reporting this issue to us."}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-77294"],"advisory":"PAN-SA-2017-0020","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Customers that have not configured GlobalProtect are not affected by this issue.","supportingMedia":{"value":"Customers that have not configured GlobalProtect are not affected by this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.18 and later, PAN-OS 7.0.16 and later, PAN-OS 7.1.11 and later, PAN-OS 8.0.3 and later","supportingMedia":{"value":"PAN-OS 6.1.18 and later, PAN-OS 7.0.16 and later, PAN-OS 7.1.11 and later, PAN-OS 8.0.3 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-9459","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-07-20T20:10:02.000Z","dateReserved":"2017-07-20T20:10:02.000Z"},"containers":{"cna":{"title":"Cross-Site Scripting in the Management Web Interface","datePublic":"2017-07-20T20:10:02.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:46","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A reflected cross-site scripting (XSS) vulnerability exists in the management web interface. PAN-OS contains an unauthenticated vulnerability that may allow for a reflected cross-site scripting (XSS) attack of the management web interface. (ref # PAN-76455 / CVE-2017-9459).\nSuccessful exploitation of this issue may allow an attacker to inject arbitrary Java script or HTML.\nThis issue affects PAN-OS 6.1.17 and earlier, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.10 and earlier, PAN-OS 8.0.2 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A reflected cross-site scripting (XSS) vulnerability exists in the management web interface. PAN-OS contains an unauthenticated vulnerability that may allow for a reflected cross-site scripting (XSS) attack of the management web interface. (ref # PAN-76455 / CVE-2017-9459).\nSuccessful exploitation of this issue may allow an attacker to inject arbitrary Java script or HTML.\nThis issue affects PAN-OS 6.1.17 and earlier, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.10 and earlier, PAN-OS 8.0.2 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.15","PAN-OS 7.0.14","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.17","versionType":"custom","changes":[{"at":"6.1.18","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.15","versionType":"custom","changes":[{"at":"7.0.16","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.10","versionType":"custom","changes":[{"at":"7.1.11","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.2","versionType":"custom","changes":[{"at":"8.0.3","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-9459"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Juan Lopez of Inqwest for reporting this issue to us."}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-76455"],"advisory":"PAN-SA-2017-0019","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.","supportingMedia":{"value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.18 and later, PAN-OS 7.0.16 and later, PAN-OS 7.1.11 and later, PAN-OS 8.0.3 and later","supportingMedia":{"value":"PAN-OS 6.1.18 and later, PAN-OS 7.0.16 and later, PAN-OS 7.1.11 and later, PAN-OS 8.0.3 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2016-10229","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-06-19T20:30:00.000Z","dateReserved":"2017-06-19T20:30:00.000Z"},"containers":{"cna":{"title":"Kernel Vulnerability","datePublic":"2017-06-19T20:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:44","orgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","shortName":"google_android"},"descriptions":[{"lang":"en","value":"A vulnerability exists in the Linux kernel of PAN-OS that may result in Remote Code Execution. A vulnerability in the Linux kernel networking subsystem for UDP could enable an attacker to execute arbitrary code within the context of the kernel. The Data Plane (DP) of PAN-OS is not affected by this issue since it does not use the vulnerable Linux kernel code. (ref # PAN-77173 / CVE-2016-10229).\nSuccessful exploitation of this issue requires an attacker to be on the management network.\nThis issue affects PAN-OS 6.1.17 and earlier, PAN-OS 7.0, PAN-OS 7.1.10 and earlier, PAN-OS 8.0.2 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in the Linux kernel of PAN-OS that may result in Remote Code Execution. A vulnerability in the Linux kernel networking subsystem for UDP could enable an attacker to execute arbitrary code within the context of the kernel. The Data Plane (DP) of PAN-OS is not affected by this issue since it does not use the vulnerable Linux kernel code. (ref # PAN-77173 / CVE-2016-10229).\nSuccessful exploitation of this issue requires an attacker to be on the management network.\nThis issue affects PAN-OS 6.1.17 and earlier, PAN-OS 7.0, PAN-OS 7.1.10 and earlier, PAN-OS 8.0.2 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 8.0.2","PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.19","PAN-OS 7.0.18","PAN-OS 7.0.17","PAN-OS 7.0.16","PAN-OS 7.0.15","PAN-OS 7.0.14","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.0.*","status":"affected"},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.17","versionType":"custom","changes":[{"at":"6.1.18","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.10","versionType":"custom","changes":[{"at":"7.1.11","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.2","versionType":"custom","changes":[{"at":"8.0.3","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2016-10229"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-358 Improperly Implemented Security Check for Standard","cweId":"CWE-358"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-77173"],"advisory":"PAN-SA-2017-0018","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.","supportingMedia":{"value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.18 and later, PAN-OS 7.1.11 and later, PAN-OS 8.0.3 and later\n","supportingMedia":{"value":"PAN-OS 6.1.18 and later, PAN-OS 7.1.11 and later, PAN-OS 8.0.3 and later\n","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2016-8610","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-06-07T00:25:00.000Z","dateReserved":"2017-06-07T00:25:00.000Z"},"containers":{"cna":{"title":"OpenSSL Vulnerability ","datePublic":"2017-06-07T00:25:00.000Z","providerMetadata":{"dateUpdated":"2020-10-20T21:14:51","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"descriptions":[{"lang":"en","value":"The OpenSSL library has been found to contain vulnerability CVE-2016-8610. Palo Alto Networks software makes use of the vulnerable library and may be affected. (Ref # PAN-68543 / CVE-2016-8610)\r\nThe OpenSSL library in use by PAN-OS is patched on a regular basis.\nThis issue affects PAN-OS 6.1.17 and earlier, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.10 and earlier\r","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The OpenSSL library has been found to contain vulnerability CVE-2016-8610. Palo Alto Networks software makes use of the vulnerable library and may be affected. (Ref # PAN-68543 / CVE-2016-8610)\r\nThe OpenSSL library in use by PAN-OS is patched on a regular basis.\nThis issue affects PAN-OS 6.1.17 and earlier, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.10 and earlier\r</pre>"}]}],"x_affectedList":["PAN-OS 7.1.10","PAN-OS 7.1.9-h4","PAN-OS 7.1.9-h3","PAN-OS 7.1.9-h2","PAN-OS 7.1.9-h1","PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.15","PAN-OS 7.0.14","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.17","versionType":"custom","changes":[{"at":"6.1.18","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.15","versionType":"custom","changes":[{"at":"7.0.16","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.10","versionType":"custom","changes":[{"at":"7.1.11","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2016-8610"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-400 Uncontrolled Resource Consumption","cweId":"CWE-400"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-68543"],"advisory":"PAN-SA-2017-0017","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.18 and later, PAN-OS 7.0.16 and later, PAN-OS 7.1.11 and later\r","supportingMedia":{"value":"PAN-OS 6.1.18 and later, PAN-OS 7.0.16 and later, PAN-OS 7.1.11 and later\r","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2016-4971","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-05-23T03:00:03.000Z","dateReserved":"2017-05-23T03:00:03.000Z"},"containers":{"cna":{"title":"WGET Vulnerability","datePublic":"2017-05-23T03:00:03.000Z","providerMetadata":{"dateUpdated":"2021-04-30T16:06:24","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"descriptions":[{"lang":"en","value":"The wget library has been found to contain a vulnerability (CVE 2016-4971). wget allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. Palo Alto Networks software makes use of the vulnerable library and may be affected. (Ref # PAN-59677/ CVE 2016-4971)\nSuccessfully exploiting this issue would require an attacker to be authenticated on the Management Interface.\nThis issue affects PAN-OS 6.1.16 and earlier, PAN-OS 7.0.14 and earlier, PAN-OS 7.1.9 and earlier, PAN-OS 8.0","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The wget library has been found to contain a vulnerability (CVE 2016-4971). wget allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. Palo Alto Networks software makes use of the vulnerable library and may be affected. (Ref # PAN-59677/ CVE 2016-4971)\nSuccessfully exploiting this issue would require an attacker to be authenticated on the Management Interface.\nThis issue affects PAN-OS 6.1.16 and earlier, PAN-OS 7.0.14 and earlier, PAN-OS 7.1.9 and earlier, PAN-OS 8.0</pre>"}]}],"x_affectedList":["PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.14","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.16","versionType":"custom","changes":[{"at":"6.1.17","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.14","versionType":"custom","changes":[{"at":"7.0.15","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.9","versionType":"custom","changes":[{"at":"7.1.10","status":"unaffected"}]},{"version":"8.0.1","status":"unaffected","lessThan":"8.0*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2016-4971"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-254","cweId":"CWE-254"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-59677","2016-4971"],"advisory":"PAN-SA-2017-0016","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.","supportingMedia":{"value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.17 and later, PAN-OS 7.0.15 and later, PAN-OS 7.1.10 and later, PAN-OS 8.0.1 and later","supportingMedia":{"value":"PAN-OS 6.1.17 and later, PAN-OS 7.0.15 and later, PAN-OS 7.1.10 and later, PAN-OS 8.0.1 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2016-5696","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-05-23T03:00:00.000Z","dateReserved":"2017-05-23T03:00:00.000Z"},"containers":{"cna":{"title":"Kernel Vulnerability","datePublic":"2017-05-23T03:00:00.000Z","providerMetadata":{"dateUpdated":"2021-11-05T17:29:51","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists in the kernel of PAN-OS that may result in Information Disclosure. The challenge ACK rate limiting in the kernel's networking subsystem may allow an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. (ref # PAN-62500 / CVE-2016-5696).\nSuccessful exploitation of this issue may allow an attacker to terminate a TCP connection or inject a payload into non-secured TCP connection between two endpoints on the network.\nThis issue affects PAN-OS 6.1, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.9 and earlier\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in the kernel of PAN-OS that may result in Information Disclosure. The challenge ACK rate limiting in the kernel's networking subsystem may allow an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. (ref # PAN-62500 / CVE-2016-5696).\nSuccessful exploitation of this issue may allow an attacker to terminate a TCP connection or inject a payload into non-secured TCP connection between two endpoints on the network.\nThis issue affects PAN-OS 6.1, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.9 and earlier\n</pre>"}]}],"x_affectedList":["PAN-OS 7.1.9","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.15","PAN-OS 7.0.14","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.22","PAN-OS 6.1.21","PAN-OS 6.1.20","PAN-OS 6.1.19","PAN-OS 6.1.18","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1.*","status":"affected"},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.9","versionType":"custom","changes":[{"at":"7.1.10","status":"unaffected"}]},{"version":"7.0.16","status":"unaffected","lessThan":"7.0*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2016-5696"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW","baseScore":4.8,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-200 Information Exposure","cweId":"CWE-200"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-62500"],"advisory":"PAN-SA-2017-0015","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.0.16 and later, PAN-OS 7.1.10 and later\n","supportingMedia":{"value":"PAN-OS 7.0.16 and later, PAN-OS 7.1.10 and later\n","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-7945","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-04-28T16:45:03.000Z","dateReserved":"2017-04-28T16:45:03.000Z"},"containers":{"cna":{"title":"Brute force attack on the PAN-OS GlobalProtect external interface ","datePublic":"2017-04-28T16:45:03.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:46","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for an attacker to brute force a username on PAN-OS GlobalProtect external Interface. The vulnerability is caused by\rPAN-OS provided different responses when supplying login credentials. (Ref # PAN-72769 / CVE-2017-7945)\r\nSuccessful exploitation of this issue may allow a malicious user to conduct a brute force attack against PAN-OS GlobalProtect external interface.\nThis issue affects PAN-OS 6.1.16 and earlier, PAN-OS 7.0.14 and earlier, PAN-OS 7.1.8 and earlier, PAN-OS 8.0.1 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for an attacker to brute force a username on PAN-OS GlobalProtect external Interface. The vulnerability is caused by\rPAN-OS provided different responses when supplying login credentials. (Ref # PAN-72769 / CVE-2017-7945)\r\nSuccessful exploitation of this issue may allow a malicious user to conduct a brute force attack against PAN-OS GlobalProtect external interface.\nThis issue affects PAN-OS 6.1.16 and earlier, PAN-OS 7.0.14 and earlier, PAN-OS 7.1.8 and earlier, PAN-OS 8.0.1 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 8.0.1","PAN-OS 8.0.0","PAN-OS 8.0","PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.14","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.16","versionType":"custom","changes":[{"at":"6.1.17","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.14","versionType":"custom","changes":[{"at":"7.0.15","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.8","versionType":"custom","changes":[{"at":"7.1.9","status":"unaffected"}]},{"version":"8.0","status":"affected","lessThanOrEqual":"8.0.1","versionType":"custom","changes":[{"at":"8.0.2","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-7945"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Rich Hansen from Plexus for reporting this issue to us."}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-209 Information Exposure Through an Error Message","cweId":"CWE-209"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-72769"],"advisory":"PAN-SA-2017-0014","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Customers that have not configured GlobalProtect are not affected by this issue.\r","supportingMedia":{"value":"Customers that have not configured GlobalProtect are not affected by this issue.\r","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.17 and later, PAN-OS 7.0.15 and later, PAN-OS 7.1.9 and later, PAN-OS 8.0.2 and later","supportingMedia":{"value":"PAN-OS 6.1.17 and later, PAN-OS 7.0.15 and later, PAN-OS 7.1.9 and later, PAN-OS 8.0.2 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-7644","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-04-28T16:45:02.000Z","dateReserved":"2017-04-28T16:45:02.000Z"},"containers":{"cna":{"title":"Information Disclosure in the Management Web Interface ","datePublic":"2017-04-28T16:45:02.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:46","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists in the Management Web Interface of PAN-OS, that could allow for Information Disclosure. The Management Web Interface does not properly validate certain permissions which could allow for Information Disclosure.  (Ref # PAN-70541 / CVE-2017-7644)\r\nSuccessfully exploiting this issue would require an attacker to be authenticated.\nThis issue affects PAN-OS 6.1.16 and earlier, PAN-OS 7.0.14 and earlier, PAN-OS 7.1.8 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in the Management Web Interface of PAN-OS, that could allow for Information Disclosure. The Management Web Interface does not properly validate certain permissions which could allow for Information Disclosure.  (Ref # PAN-70541 / CVE-2017-7644)\r\nSuccessfully exploiting this issue would require an attacker to be authenticated.\nThis issue affects PAN-OS 6.1.16 and earlier, PAN-OS 7.0.14 and earlier, PAN-OS 7.1.8 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.14","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.16","versionType":"custom","changes":[{"at":"6.1.17","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.14","versionType":"custom","changes":[{"at":"7.0.15","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.8","versionType":"custom","changes":[{"at":"7.1.9","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-7644"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Christophe Schleypen from NATO Communications and Information Agency for reporting this issue to us.  "}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-200 Information Exposure","cweId":"CWE-200"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-70541"],"advisory":"PAN-SA-2017-0013","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.\r","supportingMedia":{"value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.\r","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.17 and later, PAN-OS 7.0.15 and later, PAN-OS 7.1.9 and later\r","supportingMedia":{"value":"PAN-OS 6.1.17 and later, PAN-OS 7.0.15 and later, PAN-OS 7.1.9 and later\r","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-7409","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-04-20T18:00:01.000Z","dateReserved":"2017-04-20T18:00:01.000Z"},"containers":{"cna":{"title":"Cross-Site Scripting in PAN-OS ","datePublic":"2017-04-20T18:00:01.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:46","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for a cross-site scripting (XSS) attack. PAN-OS does not properly validate specific request parameters.  (Ref # PAN-70674 / CVE-2017-7409)\nSuccessful exploitation of this issue may allow an attacker to inject arbitrary Javascript or HTML.\nThis issue affects PAN-OS 7.0.14 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for a cross-site scripting (XSS) attack. PAN-OS does not properly validate specific request parameters.  (Ref # PAN-70674 / CVE-2017-7409)\nSuccessful exploitation of this issue may allow an attacker to inject arbitrary Javascript or HTML.\nThis issue affects PAN-OS 7.0.14 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 7.0.14","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.14","versionType":"custom","changes":[{"at":"7.0.15","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-7409"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Jarrod Phelps from Uber for reporting this issue to us.  "}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-70674"],"advisory":"PAN-SA-2017-0011","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Customers that have not configured GlobalProtect are not affected by this issue.","supportingMedia":{"value":"Customers that have not configured GlobalProtect are not affected by this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.0.15 and later","supportingMedia":{"value":"PAN-OS 7.0.15 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-3731","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-04-20T18:00:00.000Z","dateReserved":"2017-04-20T18:00:00.000Z"},"containers":{"cna":{"title":"OpenSSL Vulnerability","datePublic":"2017-04-20T18:00:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:45","orgId":"3a12439a-ef3a-4c79-92e6-6081a721f1e5","shortName":"openssl"},"descriptions":[{"lang":"en","value":"The OpenSSL library has been found to contain vulnerability CVE-2017-3731. Palo Alto Networks software makes use of the vulnerable library and may be affected. (Ref # PAN-73914 / CVE-2017-3731)\nThe OpenSSL library in use by PAN-OS is patched on a regular basis. \nThis issue affects PAN-OS 6.1, PAN-OS 7.0.14 and earlier, PAN-OS 7.1, PAN-OS 8.0\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The OpenSSL library has been found to contain vulnerability CVE-2017-3731. Palo Alto Networks software makes use of the vulnerable library and may be affected. (Ref # PAN-73914 / CVE-2017-3731)\nThe OpenSSL library in use by PAN-OS is patched on a regular basis. \nThis issue affects PAN-OS 6.1, PAN-OS 7.0.14 and earlier, PAN-OS 7.1, PAN-OS 8.0\n</pre>"}]}],"x_affectedList":["PAN-OS 7.0.14","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1","versionType":"custom"},{"version":"7.0.15","status":"unaffected","lessThan":"7.0*","versionType":"custom"},{"version":"7.1.10","status":"unaffected","lessThan":"7.1*","versionType":"custom"},{"version":"8.0.2","status":"unaffected","lessThan":"8.0*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-3731"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-125 Out-of-bounds Read","cweId":"CWE-125"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-73914"],"advisory":"PAN-SA-2017-0012","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.0.15 and later; PAN-OS 7.1.10 and later; PAN-OS 8.0.2 and later\n","supportingMedia":{"value":"PAN-OS 7.0.15 and later; PAN-OS 7.1.10 and later; PAN-OS 8.0.2 and later\n","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-7216","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-04-10T17:30:02.000Z","dateReserved":"2017-04-10T17:30:02.000Z"},"containers":{"cna":{"title":"Information Disclosure in the Management Web Interface ","datePublic":"2017-04-10T17:30:02.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:46","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists in the Management Web Interface that could allow for Information Disclosure. The Management Web Interface does not properly validate specific request parameters which can potentially allow for Information Disclosure.  (Ref # PAN-70434 / CVE-2017-7216)\nSuccessfully exploiting this issue would require an attacker to be authenticated.\nThis issue affects PAN-OS 7.1.8 and earlier\r","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in the Management Web Interface that could allow for Information Disclosure. The Management Web Interface does not properly validate specific request parameters which can potentially allow for Information Disclosure.  (Ref # PAN-70434 / CVE-2017-7216)\nSuccessfully exploiting this issue would require an attacker to be authenticated.\nThis issue affects PAN-OS 7.1.8 and earlier\r</pre>"}]}],"x_affectedList":["PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.8","versionType":"custom","changes":[{"at":"7.1.9","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-7216"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Christophe Schleypen from NATO Communications and Information Agency for reporting this issue to us.  \r"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-200 Information Exposure","cweId":"CWE-200"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-70434"],"advisory":"PAN-SA-2017-0010","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.","supportingMedia":{"value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.1.9 and later","supportingMedia":{"value":"PAN-OS 7.1.9 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-7218","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-04-10T17:30:01.000Z","dateReserved":"2017-04-10T17:30:01.000Z"},"containers":{"cna":{"title":"Local Privilege Escalation in the Management Web Interface ","datePublic":"2017-04-10T17:30:01.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:46","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists in the Management Web Interface that could allow for local privilege escalation. The Management Web Interface does not properly validate specific request parameters which can potentially allow executing code with higher privileges.  (Ref # PAN-70426/ CVE-2017-7218)\nSuccessfully exploiting this issue would require an attacker to be authenticated.\nThis issue affects PAN-OS 7.1.8 and earlier\r","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in the Management Web Interface that could allow for local privilege escalation. The Management Web Interface does not properly validate specific request parameters which can potentially allow executing code with higher privileges.  (Ref # PAN-70426/ CVE-2017-7218)\nSuccessfully exploiting this issue would require an attacker to be authenticated.\nThis issue affects PAN-OS 7.1.8 and earlier\r</pre>"}]}],"x_affectedList":["PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.8","versionType":"custom","changes":[{"at":"7.1.9","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-7218"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Christophe Schleypen from NATO Communications and Information Agency for reporting this issue to us.  \r"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-70426"],"advisory":"PAN-SA-2017-0009","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.","supportingMedia":{"value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.1.9 and later","supportingMedia":{"value":"PAN-OS 7.1.9 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-7217","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-04-10T17:30:00.000Z","dateReserved":"2017-04-10T17:30:00.000Z"},"containers":{"cna":{"title":"Tampering of temporary export files in the Management Web Interface ","datePublic":"2017-04-10T17:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:46","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists in the Management Web Interface that could allow an attacker to tamper with export files. The Management Web Interface does not properly validate specific request parameters which can potentially allow arbitrary data to be written to export files.  (Ref # PAN- 70436 / CVE-2017-7217)\nSuccessfully exploiting this issue would require an attacker to be authenticated. Tampering of files is limited to temporary files used for exporting\nThis issue affects PAN-OS 7.0.13 and earlier, PAN-OS 7.1.8 and earlier\r","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in the Management Web Interface that could allow an attacker to tamper with export files. The Management Web Interface does not properly validate specific request parameters which can potentially allow arbitrary data to be written to export files.  (Ref # PAN- 70436 / CVE-2017-7217)\nSuccessfully exploiting this issue would require an attacker to be authenticated. Tampering of files is limited to temporary files used for exporting\nThis issue affects PAN-OS 7.0.13 and earlier, PAN-OS 7.1.8 and earlier\r</pre>"}]}],"x_affectedList":["PAN-OS 7.1.8","PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.13","versionType":"custom","changes":[{"at":"7.0.14","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.8","versionType":"custom","changes":[{"at":"7.1.9","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-7217"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Christophe Schleypen from NATO Communications and Information Agency for reporting this issue to us.  \r"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["70436"],"advisory":"PAN-SA-2017-0008","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network","supportingMedia":{"value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.0.14 and later, PAN-OS 7.1.9 and later","supportingMedia":{"value":"PAN-OS 7.0.14 and later, PAN-OS 7.1.9 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-5583","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-02-21T19:32:00.000Z","dateReserved":"2017-02-21T19:32:00.000Z"},"containers":{"cna":{"title":"Information Disclosure in the Management Web Interface ","datePublic":"2017-02-21T19:32:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:45","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists in the Management Web Interface that could result in Information Disclosure. (Ref # PAN-70428 / CVE-2017-5583)\r\nPAN-OS contains a post-authentication vulnerability that may allow for Information Disclosure. Successful exploitation allows an attacker to download arbitrary files from a folder.\r\nThis issue affects PAN-OS 6.1.15 and earlier, PAN-OS 7.0.12 and earlier, PAN-OS 7.1.7 and earlier\r","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in the Management Web Interface that could result in Information Disclosure. (Ref # PAN-70428 / CVE-2017-5583)\r\nPAN-OS contains a post-authentication vulnerability that may allow for Information Disclosure. Successful exploitation allows an attacker to download arbitrary files from a folder.\r\nThis issue affects PAN-OS 6.1.15 and earlier, PAN-OS 7.0.12 and earlier, PAN-OS 7.1.7 and earlier\r</pre>"}]}],"x_affectedList":["PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.15","versionType":"custom","changes":[{"at":"6.1.16","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.12","versionType":"custom","changes":[{"at":"7.0.13","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.7","versionType":"custom","changes":[{"at":"7.1.8","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-5583"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Christophe Schleypen from NATO Communications and Information Agency for reporting this issue to us."}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-200 Information Exposure","cweId":"CWE-200"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-70428"],"advisory":"PAN-SA-2017-0005","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.","supportingMedia":{"value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.16 and later, PAN-OS 7.0.13 and later, PAN-OS 7.1.8 and later\r","supportingMedia":{"value":"PAN-OS 6.1.16 and later, PAN-OS 7.0.13 and later, PAN-OS 7.1.8 and later\r","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2017-5584","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-02-21T19:31:00.000Z","dateReserved":"2017-02-21T19:31:00.000Z"},"containers":{"cna":{"title":"Cross-Site Scripting in the Management Web Interface","datePublic":"2017-02-21T19:31:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:45","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A persistent cross-site scripting (XSS) vulnerability exists in the management web interface (ref # PAN-66838 / CVE-2017-5584).\nPAN-OS contains a post-authentication vulnerability that may allow for a persistent cross-site scripting (XSS) attack of the management web interface. Successful exploitation of this issue may allow an attacker to inject arbitrary Java script or HTML.\nThis issue affects PAN-OS 5.1, PAN-OS 6.0, PAN-OS 6.1.15 and earlier, PAN-OS 7.0.12 and earlier, PAN-OS 7.1.7 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A persistent cross-site scripting (XSS) vulnerability exists in the management web interface (ref # PAN-66838 / CVE-2017-5584).\nPAN-OS contains a post-authentication vulnerability that may allow for a persistent cross-site scripting (XSS) attack of the management web interface. Successful exploitation of this issue may allow an attacker to inject arbitrary Java script or HTML.\nThis issue affects PAN-OS 5.1, PAN-OS 6.0, PAN-OS 6.1.15 and earlier, PAN-OS 7.0.12 and earlier, PAN-OS 7.1.7 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.15","PAN-OS 6.0.14","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.1.*","status":"affected"},{"version":"6.0.*","status":"affected"},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.12","versionType":"custom","changes":[{"at":"7.0.13","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.7","versionType":"custom","changes":[{"at":"7.1.8","status":"unaffected"}]},{"version":"6.1.16","status":"unaffected","lessThan":"6.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-5584"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Mohamed Keffous for reporting this issue to us.  "}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-66838"],"advisory":"PAN-SA-2017-0004","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.\n","supportingMedia":{"value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.\n","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.16 and later, PAN-OS 7.0.13 and later, PAN-OS 7.1.8 and later\n","supportingMedia":{"value":"PAN-OS 6.1.16 and later, PAN-OS 7.0.13 and later, PAN-OS 7.1.8 and later\n","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2016-5195","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2017-02-21T19:30:00.000Z","dateReserved":"2017-02-21T19:30:00.000Z"},"containers":{"cna":{"title":"Kernel Vulnerability ","datePublic":"2017-02-21T19:30:00.000Z","providerMetadata":{"dateUpdated":"2022-08-15T11:06:10","orgId":"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28","shortName":"Chrome"},"descriptions":[{"lang":"en","value":"A vulnerability exists in the kernel of PAN-OS that may result in an elevation of privilege. This issue is publicly known as Dirty COW (ref # PAN-68074 / CVE-2016-5195).\nPAN-OS may be impacted by the Dirty COW (CVE-2016-5195) attack. A race condition was found in the way the Linux kernel's memory subsystem handles the copy-on-write breakage of private read-only memory mappings.  An attacker would first require access to a shell on the device before they could use this exploit. Shell access is significantly restricted on the device. The Command Line Interface (CLI) is not shell access and therefore this issue cannot be exploited by the CLI.\nThis issue affects PAN-OS 5.1, PAN-OS 6.0, PAN-OS 6.1, PAN-OS 7.0.13, PAN-OS 7.1.7 and earlier\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists in the kernel of PAN-OS that may result in an elevation of privilege. This issue is publicly known as Dirty COW (ref # PAN-68074 / CVE-2016-5195).\nPAN-OS may be impacted by the Dirty COW (CVE-2016-5195) attack. A race condition was found in the way the Linux kernel's memory subsystem handles the copy-on-write breakage of private read-only memory mappings.  An attacker would first require access to a shell on the device before they could use this exploit. Shell access is significantly restricted on the device. The Command Line Interface (CLI) is not shell access and therefore this issue cannot be exploited by the CLI.\nThis issue affects PAN-OS 5.1, PAN-OS 6.0, PAN-OS 6.1, PAN-OS 7.0.13, PAN-OS 7.1.7 and earlier\n</pre>"}]}],"x_affectedList":["PAN-OS 7.1.7","PAN-OS 7.1.6","PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.22","PAN-OS 6.1.21","PAN-OS 6.1.20","PAN-OS 6.1.19","PAN-OS 6.1.18","PAN-OS 6.1.17","PAN-OS 6.1.16","PAN-OS 6.1.15","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.15","PAN-OS 6.0.14","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.1.*","status":"affected"},{"version":"6.0.*","status":"affected"},{"version":"6.1.*","status":"affected"},{"version":"7.0.14","status":"unaffected","lessThan":"7.0*","versionType":"custom"},{"version":"7.1.8","status":"unaffected","lessThan":"7.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2016-5195"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweId":"CWE-362"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-68074"],"advisory":"PAN-SA-2017-0003","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.\n","supportingMedia":{"value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.\n","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":" PAN-OS 7.0.14 and later, PAN-OS 7.1.8 and later\n","supportingMedia":{"value":" PAN-OS 7.0.14 and later, PAN-OS 7.1.8 and later\n","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2016-9149","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-11-17T17:03:00.000Z","dateReserved":"2016-11-17T17:03:00.000Z"},"containers":{"cna":{"title":"XPath Injection","datePublic":"2016-11-17T17:03:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:45","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"The Addresses Object parsing function does not properly escape single quotes. (Ref # PAN-55237/92073/CVE-2016-9149)\nThis post-authentication vulnerability could allow XPath manipulation.\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The Addresses Object parsing function does not properly escape single quotes. (Ref # PAN-55237/92073/CVE-2016-9149)\nThis post-authentication vulnerability could allow XPath manipulation.\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier\n</pre>"}]}],"x_affectedList":["PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.14","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.19","versionType":"custom","changes":[{"at":"5.0.20","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.12","versionType":"custom","changes":[{"at":"5.1.13","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.14","versionType":"custom","changes":[{"at":"6.0.15","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.14","versionType":"custom","changes":[{"at":"6.1.15","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.10","versionType":"custom","changes":[{"at":"7.0.11","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.5","versionType":"custom","changes":[{"at":"7.1.6","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2016-9149"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Khalilov Mukhammad from HelpAG for reporting this issue to us. "}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-19","cweId":"CWE-19"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-55237","PAN-92073"],"advisory":"PAN-SA-2016-0037","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.6 and later","supportingMedia":{"value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.6 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2016-6210","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-11-17T17:02:00.000Z","dateReserved":"2016-11-17T17:02:00.000Z"},"containers":{"cna":{"title":"OpenSSH Vulnerability","datePublic":"2016-11-17T17:02:00.000Z","providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2022-12-13T00:00:00"},"descriptions":[{"lang":"en","value":"Palo Alto Networks makes use of a the OpenSSH tool. CVE-2016-6210 was recently confirmed to be applicable to the version in use by PAN-OS. (Ref # 100977/CVE-2016-6210).\nTo exploit this vulnerability, an attacker would have to guess usernames defined as system administrators on the firewall.\nThis issue affects PAN-OS 5.0.X and earlier; PAN-OS 5.1.X and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks makes use of a the OpenSSH tool. CVE-2016-6210 was recently confirmed to be applicable to the version in use by PAN-OS. (Ref # 100977/CVE-2016-6210).\nTo exploit this vulnerability, an attacker would have to guess usernames defined as system administrators on the firewall.\nThis issue affects PAN-OS 5.0.X and earlier; PAN-OS 5.1.X and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.14","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0.*","status":"affected"},{"version":"5.1.*","status":"affected"},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.14","versionType":"custom","changes":[{"at":"6.0.15","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.14","versionType":"custom","changes":[{"at":"6.1.15","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.10","versionType":"custom","changes":[{"at":"7.0.11","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.5","versionType":"custom","changes":[{"at":"7.1.6","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2016-6210"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.9,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-200 Information Exposure","cweId":"CWE-200"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["100977"],"advisory":"PAN-SA-2016-0036","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Palo Alto Networks recommends following best practices by not relying on hidden usernames and setting unique, long, and complex passwords for each of the firewall users.","supportingMedia":{"value":"Palo Alto Networks recommends following best practices by not relying on hidden usernames and setting unique, long, and complex passwords for each of the firewall users.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.6 and later","supportingMedia":{"value":"PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.6 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2016-9150","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-11-17T17:01:00.000Z","dateReserved":"2016-11-17T17:01:00.000Z"},"containers":{"cna":{"title":"Buffer Overflow in the Management Web Interface","datePublic":"2016-11-17T17:01:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:45","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"Palo Alto Networks web management server improperly handles a buffer overflow. This can result in a possible remote code execution (RCE). (Ref # PAN-63073/102953/CVE-2016-9150)\nAn attacker with network access to the management web interface may be able to perform a remote code execution (RCE) or denial-of-service (DoS).  \r\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier\r","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks web management server improperly handles a buffer overflow. This can result in a possible remote code execution (RCE). (Ref # PAN-63073/102953/CVE-2016-9150)\nAn attacker with network access to the management web interface may be able to perform a remote code execution (RCE) or denial-of-service (DoS).  \r\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier\r</pre>"}]}],"x_affectedList":["PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.14","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.19","versionType":"custom","changes":[{"at":"5.0.20","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.12","versionType":"custom","changes":[{"at":"5.1.13","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.14","versionType":"custom","changes":[{"at":"6.0.15","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.14","versionType":"custom","changes":[{"at":"6.1.15","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.10","versionType":"custom","changes":[{"at":"7.0.11","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.5","versionType":"custom","changes":[{"at":"7.1.6","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2016-9150"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Tavis Ormandy from the Google Security Team for reporting this issue to us.\r"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer","cweId":"CWE-119"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-63073","102953"],"advisory":"PAN-SA-2016-0035","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network. \r","supportingMedia":{"value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network. \r","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.6 and later\r","supportingMedia":{"value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.6 and later\r","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2016-9151","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-11-17T17:00:00.000Z","dateReserved":"2016-11-17T17:00:00.000Z"},"containers":{"cna":{"title":"Local Privilege Escalation","datePublic":"2016-11-17T17:00:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:45","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"Palo Alto Networks firewalls do not properly validate certain environment variables which can potentially allow executing code with higher privileges (Ref # PAN-61104/100499/CVE-2016-9151)\r\nA potential attacker with local shell access could manipulate arbitrary environment variables which could result in a process running with higher privileges.\r\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier\r","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks firewalls do not properly validate certain environment variables which can potentially allow executing code with higher privileges (Ref # PAN-61104/100499/CVE-2016-9151)\r\nA potential attacker with local shell access could manipulate arbitrary environment variables which could result in a process running with higher privileges.\r\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier\r</pre>"}]}],"x_affectedList":["PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.14","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.19","versionType":"custom","changes":[{"at":"5.0.20","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.12","versionType":"custom","changes":[{"at":"5.1.13","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.14","versionType":"custom","changes":[{"at":"6.0.15","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.14","versionType":"custom","changes":[{"at":"6.1.15","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.10","versionType":"custom","changes":[{"at":"7.0.11","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.5","versionType":"custom","changes":[{"at":"7.1.6","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2016-9151"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Tavis Ormandy from the Google Security Team for reporting this issue to us."}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-264","cweId":"CWE-264"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-61104","100499"],"advisory":"PAN-SA-2016-0034","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Exploitation of this privilege escalation is restricted to local users. Potential attackers would have to first obtain a shell on the device before they could attempt to escalate privileges through this vulnerability. ","supportingMedia":{"value":"Exploitation of this privilege escalation is restricted to local users. Potential attackers would have to first obtain a shell on the device before they could attempt to escalate privileges through this vulnerability. ","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.6 and later\r","supportingMedia":{"value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.6 and later\r","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2016-0033","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-10-31T16:03:00.000Z","dateReserved":"2016-10-31T16:03:00.000Z"},"containers":{"cna":{"title":"Cross-Site Scripting in Captive Portal","datePublic":"2016-10-31T16:03:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"Palo Alto Networks firewalls can be configured to identify users through a captive portal. This process is vulnerable to a cross-site scripting attack. (Ref # PAN-56221/93759).\nThe captive portal is reserved to identify internal users, thus should not be exposed to the Internet.\n\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.4 and earlier\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks firewalls can be configured to identify users through a captive portal. This process is vulnerable to a cross-site scripting attack. (Ref # PAN-56221/93759).\nThe captive portal is reserved to identify internal users, thus should not be exposed to the Internet.\n\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.4 and earlier\n</pre>"}]}],"x_affectedList":["PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.14","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.19","versionType":"custom","changes":[{"at":"5.0.20","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.12","versionType":"custom","changes":[{"at":"5.1.13","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.14","versionType":"custom","changes":[{"at":"6.0.15","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.14","versionType":"custom","changes":[{"at":"6.1.15","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.10","versionType":"custom","changes":[{"at":"7.0.11","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.4","versionType":"custom","changes":[{"at":"7.1.5","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2016-0033"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank David Vassallo for reporting this issue to us."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Cross-site Scripting (XSS)","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-56221","PAN-93759"],"advisory":"PAN-SA-2016-0033","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"The captive portal is typically deployed to internal user population as a way to identify local users and should therefore not be exposed to the wider Internet.\n","supportingMedia":{"value":"The captive portal is typically deployed to internal user population as a way to identify local users and should therefore not be exposed to the wider Internet.\n","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.5 and later\n","supportingMedia":{"value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.5 and later\n","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2016-0032","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-10-31T16:02:00.000Z","dateReserved":"2016-10-31T16:02:00.000Z"},"containers":{"cna":{"title":"Insecure Browser API Token Generation ","datePublic":"2016-10-31T16:02:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"The Palo Alto Networks firewalls API browser does not properly use the REST API tokens. In a specific scenario, an attacker could steal the authentication token and perform calls to the firewall’s API. (Ref # PAN-61046/PAN-100428)\nThis post-authentication issue requires the attacker to have access to a logged-in administrator’s browser.\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.4 and earlier\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The Palo Alto Networks firewalls API browser does not properly use the REST API tokens. In a specific scenario, an attacker could steal the authentication token and perform calls to the firewall’s API. (Ref # PAN-61046/PAN-100428)\nThis post-authentication issue requires the attacker to have access to a logged-in administrator’s browser.\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.4 and earlier\n</pre>"}]}],"x_affectedList":["PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.14","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.19","versionType":"custom","changes":[{"at":"5.0.20","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.12","versionType":"custom","changes":[{"at":"5.1.13","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.14","versionType":"custom","changes":[{"at":"6.0.15","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.14","versionType":"custom","changes":[{"at":"6.1.15","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.10","versionType":"custom","changes":[{"at":"7.0.11","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.4","versionType":"custom","changes":[{"at":"7.1.5","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2016-0032"}],"credits":[{"lang":"en","value":"Palo Alto Networks would like to thank Travis Christianson for reporting this issue to us."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.8,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Insecure Browser API Token Generation"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-61046","PAN-100428"],"advisory":"PAN-SA-2016-0032","discovery":"EXTERNAL"},"solutions":[{"lang":"en","value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.5 and later\n","supportingMedia":{"value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.5 and later\n","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2016-0031","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-10-18T18:36:00.000Z","dateReserved":"2016-10-18T18:36:00.000Z"},"containers":{"cna":{"title":"Cross-Site Scripting in Web Interface","datePublic":"2016-10-18T18:36:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"The Palo Alto Networks web management interface is vulnerable to a post-authentication persistent cross-site scripting condition in the monitor tab. (Ref # PAN-57659/95895).\nThis issue affects the management interface of the device, where an authenticated administrator could inject malicious JavaScript into the web interface.\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.13 and earlier; PAN-OS 7.0.9 and earlier; PAN-OS 7.1.4 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The Palo Alto Networks web management interface is vulnerable to a post-authentication persistent cross-site scripting condition in the monitor tab. (Ref # PAN-57659/95895).\nThis issue affects the management interface of the device, where an authenticated administrator could inject malicious JavaScript into the web interface.\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.13 and earlier; PAN-OS 7.0.9 and earlier; PAN-OS 7.1.4 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.14","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.19","versionType":"custom","changes":[{"at":"5.0.20","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.12","versionType":"custom","changes":[{"at":"5.1.13","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.14","versionType":"custom","changes":[{"at":"6.0.15","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.13","versionType":"custom","changes":[{"at":"6.1.14","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.9","versionType":"custom","changes":[{"at":"7.0.10","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.4","versionType":"custom","changes":[{"at":"7.1.5","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2016-0031"}],"credits":[{"lang":"en","value":"Juan Sacco, Exploit Pack."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":5.8,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Cross-site Scripting (XSS)","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-57659","PAN-95895"],"advisory":"PAN-SA-2016-0031","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.14 and later; PAN-OS 7.0.10 and later; PAN-OS 7.1.5 and later","supportingMedia":{"value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.14 and later; PAN-OS 7.0.10 and later; PAN-OS 7.1.5 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2016-0030","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-10-18T18:35:00.000Z","dateReserved":"2016-10-18T18:35:00.000Z"},"containers":{"cna":{"title":"OpenSSL Vulnerabilities","datePublic":"2016-10-18T18:35:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"The OpenSSL library has been found to contain vulnerabilities CVE-2016-0703, CVE-2016-0704, and CVE-2016-0800. Palo Alto Networks software makes use of the vulnerable library. (Ref # PAN-55477/92481)\nThe OpenSSL library in use by PAN-OS is patched on a regular basis. Severities of the CVEs listed under the summary section range from moderate to high but have not been shown to be exploitable at the time of this advisory. \nThis issue affects PAN-OS 5.0; PAN-OS 5.1; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.11 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The OpenSSL library has been found to contain vulnerabilities CVE-2016-0703, CVE-2016-0704, and CVE-2016-0800. Palo Alto Networks software makes use of the vulnerable library. (Ref # PAN-55477/92481)\nThe OpenSSL library in use by PAN-OS is patched on a regular basis. Severities of the CVEs listed under the summary section range from moderate to high but have not been shown to be exploitable at the time of this advisory. \nThis issue affects PAN-OS 5.0; PAN-OS 5.1; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.11 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.14","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.14","versionType":"custom","changes":[{"at":"6.0.15","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.11","versionType":"custom","changes":[{"at":"6.1.12","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2016-0030"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.9,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-200 Information Exposure","cweId":"CWE-200"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-55477","92481"],"advisory":"PAN-SA-2016-0030","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.0.15 and later; PAN-OS 6.1.12 and later","supportingMedia":{"value":"PAN-OS 6.0.15 and later; PAN-OS 6.1.12 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2016-0029","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-10-18T18:31:00.000Z","dateReserved":"2016-10-18T18:31:00.000Z"},"containers":{"cna":{"title":"Insecure Server Configuration","datePublic":"2016-10-18T18:31:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"An incorrect Web management server configuration was identified in PAN-OS. (Ref # PAN-52038/86767).\nThis post-authentication issue affects the management interface of the device, where an incorrect configuration could lead to JavaScript execution.\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.7 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An incorrect Web management server configuration was identified in PAN-OS. (Ref # PAN-52038/86767).\nThis post-authentication issue affects the management interface of the device, where an incorrect configuration could lead to JavaScript execution.\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.7 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.14","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.19","versionType":"custom","changes":[{"at":"5.0.20","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.12","versionType":"custom","changes":[{"at":"5.1.13","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.14","versionType":"custom","changes":[{"at":"6.0.15","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.12","versionType":"custom","changes":[{"at":"6.1.13","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.7","versionType":"custom","changes":[{"at":"7.0.8","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2016-0029"}],"credits":[{"lang":"en","value":"ringzero"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Insecure Server Configuration"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-52038","86767"],"advisory":"PAN-SA-2016-0029","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue is available only to authenticated users on the web interface. Palo Alto Networks recommends implementing best practices, only allowing management access to a restricted set of IP address, and dedicating management of the device to the management interface only.","supportingMedia":{"value":"This issue is available only to authenticated users on the web interface. Palo Alto Networks recommends implementing best practices, only allowing management access to a restricted set of IP address, and dedicating management of the device to the management interface only.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.13 and later; PAN-OS 7.0.8 and later","supportingMedia":{"value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.13 and later; PAN-OS 7.0.8 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2016-0028","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-10-18T18:30:00.000Z","dateReserved":"2016-10-18T18:30:00.000Z"},"containers":{"cna":{"title":"OpenSSL Vulnerabilities","datePublic":"2016-10-18T18:30:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"The OpenSSL library has been found to contain several vulnerabilities CVE-2015-4000, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2014-8176. Palo Alto Networks software makes use of the vulnerable library. (Ref # PAN-48954/81411)\nThe OpenSSL library in use by PAN-OS is patched on a regular basis. Severities of the CVEs listed under the summary section range from low to moderate but have not been shown to be exploitable at the time of this advisory.\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.7 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The OpenSSL library has been found to contain several vulnerabilities CVE-2015-4000, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2014-8176. Palo Alto Networks software makes use of the vulnerable library. (Ref # PAN-48954/81411)\nThe OpenSSL library in use by PAN-OS is patched on a regular basis. Severities of the CVEs listed under the summary section range from low to moderate but have not been shown to be exploitable at the time of this advisory.\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.7 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.19","versionType":"custom","changes":[{"at":"5.0.20","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.12","versionType":"custom","changes":[{"at":"5.1.13","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.13","versionType":"custom","changes":[{"at":"6.0.14","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.12","versionType":"custom","changes":[{"at":"6.1.13","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.7","versionType":"custom","changes":[{"at":"7.0.8","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2016-0028"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer","cweId":"CWE-119"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-48954","81411"],"advisory":"PAN-SA-2016-0028","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.13 and later; PAN-OS 7.0.8 and later","supportingMedia":{"value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.13 and later; PAN-OS 7.0.8 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2014-9708","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-10-11T19:00:00.000Z","dateReserved":"2016-10-11T19:00:00.000Z"},"containers":{"cna":{"title":"Web interface denial of service","datePublic":"2016-10-11T19:00:00.000Z","providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2023-06-13T00:00:00"},"descriptions":[{"lang":"en","value":"Palo Alto Networks web management server is vulnerable to a denial-of-service attack. (Ref # PAN-64917/105311) (CVE-2014-9708)\nThis pre-authenticated denial-of-service attack could disrupt the web management interface.\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier\n","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks web management server is vulnerable to a denial-of-service attack. (Ref # PAN-64917/105311) (CVE-2014-9708)\nThis pre-authenticated denial-of-service attack could disrupt the web management interface.\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier\n</pre>"}]}],"x_affectedList":["PAN-OS 7.1.5","PAN-OS 7.1.4-h2","PAN-OS 7.1.4-h1","PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.14","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.19","versionType":"custom","changes":[{"at":"5.0.20","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.12","versionType":"custom","changes":[{"at":"5.1.13","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.14","versionType":"custom","changes":[{"at":"6.0.15","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.14","versionType":"custom","changes":[{"at":"6.1.15","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.10","versionType":"custom","changes":[{"at":"7.0.11","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.5","versionType":"custom","changes":[{"at":"7.1.6","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2014-9708"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"NVD-CWE-Other"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-64917","105311"],"advisory":"PAN-SA-2016-0027","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.","supportingMedia":{"value":"Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.6 and later","supportingMedia":{"value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.6 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2016-0026","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-10-04T16:30:00.000Z","dateReserved":"2016-10-04T16:30:00.000Z"},"containers":{"cna":{"title":"GlobalProtect Portal Version Disclosure","datePublic":"2016-10-04T16:30:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"A Palo Alto Networks firewall configured to host the GlobalProtect Portal advertises its running PAN-OS version. (Ref # PAN-60568/99786)\nThis information disclosure does not lead to a device compromise or a disallowed access.\nThis issue affects PAN-OS 7.0.9 and earlier; PAN-OS 7.1.4 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A Palo Alto Networks firewall configured to host the GlobalProtect Portal advertises its running PAN-OS version. (Ref # PAN-60568/99786)\nThis information disclosure does not lead to a device compromise or a disallowed access.\nThis issue affects PAN-OS 7.0.9 and earlier; PAN-OS 7.1.4 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.9","versionType":"custom","changes":[{"at":"7.0.10","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.4","versionType":"custom","changes":[{"at":"7.1.5","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2016-0026"}],"credits":[{"lang":"en","value":"Mikail Tunç"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"GlobalProtect Portal Version Disclosure"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-60568","99786"],"advisory":"PAN-SA-2016-0026","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"The GlobalProtect Portal requires installation on only a single device of the entire security architecture. Customers concerned by this information disclosure can choose to disable the web interface portal in order to deflect attention away from the presence of GlobalProtect.","supportingMedia":{"value":"The GlobalProtect Portal requires installation on only a single device of the entire security architecture. Customers concerned by this information disclosure can choose to disable the web interface portal in order to deflect attention away from the presence of GlobalProtect.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.0.10 and later; PAN-OS 7.1.5 and later","supportingMedia":{"value":"PAN-OS 7.0.10 and later; PAN-OS 7.1.5 and later","type":"text/html","base64":false}}],"timeline":[],"metrics":[{"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N","baseScore":0,"baseSeverity":"NONE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2016-0025","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-10-04T01:00:00.000Z","dateReserved":"2016-10-04T01:00:00.000Z"},"containers":{"cna":{"title":"Kernel Vulnerabilities","datePublic":"2016-10-04T01:00:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"The kernel in use by the Management Plane of PAN-OS is vulnerable to CVE-2015-5364 and CVE-2015-5366.\n (Ref # PAN-52379/87408)\nThe CVSS Score of CVE-2015-5364 is 7.8, High; while the CVSS Score of CVE-2015-5366 is 5.0, Medium. Those could lead to a Denial of Service attack.\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.4 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The kernel in use by the Management Plane of PAN-OS is vulnerable to CVE-2015-5364 and CVE-2015-5366.\n (Ref # PAN-52379/87408)\nThe CVSS Score of CVE-2015-5364 is 7.8, High; while the CVSS Score of CVE-2015-5366 is 5.0, Medium. Those could lead to a Denial of Service attack.\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.4 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 7.1.4","PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.14","PAN-OS 6.1.13","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.14","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.19","versionType":"custom","changes":[{"at":"5.0.20","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.12","versionType":"custom","changes":[{"at":"5.1.13","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.14","versionType":"custom","changes":[{"at":"6.0.15","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.14","versionType":"custom","changes":[{"at":"6.1.15","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.10","versionType":"custom","changes":[{"at":"7.0.11","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.4","versionType":"custom","changes":[{"at":"7.1.5","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2016-0025"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-399","cweId":"CWE-399"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PAN-52379","87408"],"advisory":"PAN-SA-2016-0025","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.5 and later\n","supportingMedia":{"value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.5 and later\n","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2016-0024","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-09-08T17:00:00.000Z","dateReserved":"2016-09-08T17:00:00.000Z"},"containers":{"cna":{"title":"Web interface denial of service","datePublic":"2016-09-08T17:00:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"Palo Alto Networks firewalls offer a web interface to manage all aspects of the device. A denial of service condition was identified in this process (Ref # 89984).\nA third party could remotely disrupt the web management process and cause a management delay before the device resumes normal management operations.\nThis issue affects PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.8 and earlier; PAN-OS 7.1.2 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks firewalls offer a web interface to manage all aspects of the device. A denial of service condition was identified in this process (Ref # 89984).\nA third party could remotely disrupt the web management process and cause a management delay before the device resumes normal management operations.\nThis issue affects PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.8 and earlier; PAN-OS 7.1.2 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.11","versionType":"custom","changes":[{"at":"5.1.12","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.13","versionType":"custom","changes":[{"at":"6.0.14","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.12","versionType":"custom","changes":[{"at":"6.1.13","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.8","versionType":"custom","changes":[{"at":"7.0.9","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.2","versionType":"custom","changes":[{"at":"7.1.3","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2016-0024"}],"credits":[{"lang":"en","value":"Itzik Chen"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Web interface denial of service"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["89984"],"advisory":"PAN-SA-2016-0024","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Palo Alto Networks recommends implementing a best practice of allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.","supportingMedia":{"value":"Palo Alto Networks recommends implementing a best practice of allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 5.1.12 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.13 and later; PAN-OS 7.0.9 and later; PAN-OS 7.1.3 and later","supportingMedia":{"value":"PAN-OS 5.1.12 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.13 and later; PAN-OS 7.0.9 and later; PAN-OS 7.1.3 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2015-7547","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-08-15T19:00:00.000Z","dateReserved":"2016-08-15T19:00:00.000Z"},"containers":{"cna":{"title":"Glibc DNS Resolver Vulnerability","datePublic":"2016-08-15T19:00:00.000Z","providerMetadata":{"dateUpdated":"2022-06-20T18:06:34","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"descriptions":[{"lang":"en","value":"A vulnerability in the GNU libc (glibc) DNS resolver allows remote code execution (CVE-2015-7547). However, this issue can be exploited only from a DNS server that is under the control of an attacker. (Ref # 91886).\nThis glibc issue is only exploitable by an attacker controlling the DNS server configured for the device. Furthermore, the attacker must overcome additional anti-exploitation mitigations, such as ASLR, to mount a successful attack.\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.7 and earlier; PAN-OS 7.1.3 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability in the GNU libc (glibc) DNS resolver allows remote code execution (CVE-2015-7547). However, this issue can be exploited only from a DNS server that is under the control of an attacker. (Ref # 91886).\nThis glibc issue is only exploitable by an attacker controlling the DNS server configured for the device. Furthermore, the attacker must overcome additional anti-exploitation mitigations, such as ASLR, to mount a successful attack.\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.7 and earlier; PAN-OS 7.1.3 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.14","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.19","versionType":"custom","changes":[{"at":"5.0.20","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.12","versionType":"custom","changes":[{"at":"5.1.13","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.14","versionType":"custom","changes":[{"at":"6.0.15","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.12","versionType":"custom","changes":[{"at":"6.1.13","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.7","versionType":"custom","changes":[{"at":"7.0.8","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.3","versionType":"custom","changes":[{"at":"7.1.4","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2015-7547"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer","cweId":"CWE-119"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["91886"],"advisory":"PAN-SA-2016-0021","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This vulnerability can affect PAN-OS software only when the device is configured with a DNS server that is under the control of an attacker. Palo Alto Networks discourages configuring the device with untrusted DNS servers.","supportingMedia":{"value":"This vulnerability can affect PAN-OS software only when the device is configured with a DNS server that is under the control of an attacker. Palo Alto Networks discourages configuring the device with untrusted DNS servers.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.13 and later; PAN-OS 7.0.8 and later; PAN-OS 7.1.4 and later","supportingMedia":{"value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.13 and later; PAN-OS 7.0.8 and later; PAN-OS 7.1.4 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2016-0020","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-08-15T18:30:00.000Z","dateReserved":"2016-08-15T18:30:00.000Z"},"containers":{"cna":{"title":"OpenSSL Vulnerabilities","datePublic":"2016-08-15T18:30:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"The OpenSSL library has been found to contain several vulnerabilities CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1794, CVE-2015-3195, CVE-2015-4000, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2842. Palo Alto Networks software makes use of the vulnerable library. (Ref # 95622).\nThe OpenSSL library in use by PAN-OS is patched on a regular basis. Severities of the CVEs listed under the summary section range from low to high but, have not been shown to be exploitable at the time of this advisory.\nThis issue affects PAN-OS 5.0.X; PAN-OS-5.1.X; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.8 and earlier; PAN-OS 7.1.3 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The OpenSSL library has been found to contain several vulnerabilities CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1794, CVE-2015-3195, CVE-2015-4000, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2842. Palo Alto Networks software makes use of the vulnerable library. (Ref # 95622).\nThe OpenSSL library in use by PAN-OS is patched on a regular basis. Severities of the CVEs listed under the summary section range from low to high but, have not been shown to be exploitable at the time of this advisory.\nThis issue affects PAN-OS 5.0.X; PAN-OS-5.1.X; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.8 and earlier; PAN-OS 7.1.3 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.13","versionType":"custom","changes":[{"at":"6.0.14","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.12","versionType":"custom","changes":[{"at":"6.1.13","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.8","versionType":"custom","changes":[{"at":"7.0.9","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.3","versionType":"custom","changes":[{"at":"7.1.4","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2016-0020"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer","cweId":"CWE-119"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["95622"],"advisory":"PAN-SA-2016-0020","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.0.14 and later; PAN-OS 6.1.13 and later; PAN-OS 7.0.9 and later; PAN-OS 7.1.4 and later","supportingMedia":{"value":"PAN-OS 6.0.14 and later; PAN-OS 6.1.13 and later; PAN-OS 7.0.9 and later; PAN-OS 7.1.4 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2016-0019","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-08-15T18:00:00.000Z","dateReserved":"2016-08-15T18:00:00.000Z"},"containers":{"cna":{"title":"NTP Vulnerabilities","datePublic":"2016-08-15T18:00:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"The open source ntp project has been found to contain several vulnerabilities (CVE-2015-8158, CVE-2015-8138, CVE-2015-7979, CVE-2015-7978, CVE-2015-7977, CVE-2015-7976, CVE-2015-7975, CVE-2015-7974, CVE-2015-7973, all released in January 2016). Palo Alto...\nAlso Palo Alto Networks make use of the affected version of ntp, no exploitation condition are known at the time of this advisory\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.1 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.8 and earlier; PAN-OS 7.1.3 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The open source ntp project has been found to contain several vulnerabilities (CVE-2015-8158, CVE-2015-8138, CVE-2015-7979, CVE-2015-7978, CVE-2015-7977, CVE-2015-7976, CVE-2015-7975, CVE-2015-7974, CVE-2015-7973, all released in January 2016). Palo Alto...\nAlso Palo Alto Networks make use of the affected version of ntp, no exploitation condition are known at the time of this advisory\nThis issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.1 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.8 and earlier; PAN-OS 7.1.3 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 7.1.3","PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.12","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.19","versionType":"custom","changes":[{"at":"5.0.20","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.12","versionType":"custom","changes":[{"at":"5.1.13","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.1","versionType":"custom","changes":[{"at":"6.0.15","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.12","versionType":"custom","changes":[{"at":"6.1.13","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.8","versionType":"custom","changes":[{"at":"7.0.9","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.3","versionType":"custom","changes":[{"at":"7.1.4","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2016-0019"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-400 Uncontrolled Resource Consumption","cweId":"CWE-400"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["92106"],"advisory":"PAN-SA-2016-0019","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.13 and later; PAN-OS 7.0.9 and later; PAN-OS 7.1.4 and later","supportingMedia":{"value":"PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.13 and later; PAN-OS 7.0.9 and later; PAN-OS 7.1.4 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2016-0016","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-07-15T00:00:00.000Z","dateReserved":"2016-07-15T00:00:00.000Z"},"containers":{"cna":{"title":"Web Interface Privilege Escalation","datePublic":"2016-07-15T00:00:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"Palo Alto Networks Panorama administrators have the ability to assign predefined permissions to users created on PAN-OS. A read-only user with CLI access could elevate web interface privileges. (Ref. 88191)\nA user could elevate privileges by impersonating another user with higher permissions.\nThis issue affects PAN-OS 5.0.18 and earlier; PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.10 and earlier; PAN-OS 7.0.4 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks Panorama administrators have the ability to assign predefined permissions to users created on PAN-OS. A read-only user with CLI access could elevate web interface privileges. (Ref. 88191)\nA user could elevate privileges by impersonating another user with higher permissions.\nThis issue affects PAN-OS 5.0.18 and earlier; PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.10 and earlier; PAN-OS 7.0.4 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.18","versionType":"custom","changes":[{"at":"5.0.19","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.11","versionType":"custom","changes":[{"at":"5.1.12","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.13","versionType":"custom","changes":[{"at":"6.0.14","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.10","versionType":"custom","changes":[{"at":"6.1.11","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.4","versionType":"custom","changes":[{"at":"7.0.5","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2016-0016"}],"credits":[{"lang":"en","value":"John Perry, the Boeing Company"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Web Interface Privilege Escalation"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["88191"],"advisory":"PAN-SA-2016-0016","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Customers running versions of Panorama affected by this issue could create a custom admin role that does not allow CLI access and to avoid any privilege escalation. Firewalls running PAN-OS are not affected by this issue.","supportingMedia":{"value":"Customers running versions of Panorama affected by this issue could create a custom admin role that does not allow CLI access and to avoid any privilege escalation. Firewalls running PAN-OS are not affected by this issue.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 5.0.19 and later; PAN-OS 5.1.12 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.11 and later; PAN-OS 7.0.5 and later","supportingMedia":{"value":"PAN-OS 5.0.19 and later; PAN-OS 5.1.12 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.11 and later; PAN-OS 7.0.5 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2016-0015","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-07-14T23:30:00.000Z","dateReserved":"2016-07-14T23:30:00.000Z"},"containers":{"cna":{"title":"Cron local privilege escalation","datePublic":"2016-07-14T23:30:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"Palo Alto Networks firewalls use the cron infrastructure to perform household system cleanup at regular intervals. Due to an error in user input normalization, a file locally created by an end user and placed in a specific directory could be executed in a higher privilege context (Ref. 93612).\nBecause no shell access is available to end-users, exploitation of this issue is unlikely.\nThis issue affects PAN-OS 5.0.18 and prior; PAN-OS 5.1.11 and prior; PAN-OS 6.0.13 and prior; PAN-OS 6.1.11 and prior; PAN-OS 7.0.6 and prior; PAN-OS 7.1.1 and prior","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks firewalls use the cron infrastructure to perform household system cleanup at regular intervals. Due to an error in user input normalization, a file locally created by an end user and placed in a specific directory could be executed in a higher privilege context (Ref. 93612).\nBecause no shell access is available to end-users, exploitation of this issue is unlikely.\nThis issue affects PAN-OS 5.0.18 and prior; PAN-OS 5.1.11 and prior; PAN-OS 6.0.13 and prior; PAN-OS 6.1.11 and prior; PAN-OS 7.0.6 and prior; PAN-OS 7.1.1 and prior</pre>"}]}],"x_affectedList":["PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.18","versionType":"custom","changes":[{"at":"5.0.19","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.11","versionType":"custom","changes":[{"at":"5.1.12","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.13","versionType":"custom","changes":[{"at":"6.0.14","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.11","versionType":"custom","changes":[{"at":"6.1.12","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.6","versionType":"custom","changes":[{"at":"7.0.7","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.1","versionType":"custom","changes":[{"at":"7.1.2","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2016-0015"}],"credits":[{"lang":"en","value":"Felix Wilhelm, ERNW Research"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.4,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Cron local privilege escalation"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["93612"],"advisory":"PAN-SA-2016-0015","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 5.0.19 and later; PAN-OS 5.1.12 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.12 and later; PAN-OS 7.0.7 and later; PAN-OS 7.1.2 and later","supportingMedia":{"value":"PAN-OS 5.0.19 and later; PAN-OS 5.1.12 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.12 and later; PAN-OS 7.0.7 and later; PAN-OS 7.1.2 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2016-0014","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-07-14T23:00:00.000Z","dateReserved":"2016-07-14T23:00:00.000Z"},"containers":{"cna":{"title":"Cross-site scripting issue in policy","datePublic":"2016-07-14T23:00:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"Palo Alto Networks firewalls running the PAN-OS web interface are subject to a cross-site scripting vulnerability (Ref. 93072).\nExploitation of this problem is available only to interactive users logged in to the management interface with read and write privileges.\nThis issue affects PAN-OS 5.0.18 and earlier; PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.11 and earlier; PAN-OS 7.0.7 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks firewalls running the PAN-OS web interface are subject to a cross-site scripting vulnerability (Ref. 93072).\nExploitation of this problem is available only to interactive users logged in to the management interface with read and write privileges.\nThis issue affects PAN-OS 5.0.18 and earlier; PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.11 and earlier; PAN-OS 7.0.7 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.18","versionType":"custom","changes":[{"at":"5.0.19","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.11","versionType":"custom","changes":[{"at":"5.1.12","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.13","versionType":"custom","changes":[{"at":"6.0.14","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.11","versionType":"custom","changes":[{"at":"6.1.12","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.7","versionType":"custom","changes":[{"at":"7.0.8","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2016-0014"}],"credits":[{"lang":"en","value":"Travis Christianson"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.6,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Cross-site scripting issue in policy"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["93072"],"advisory":"PAN-SA-2016-0014","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue is available only to web interface authenticated users. Palo Alto Networks recommends implementing best practices, only allowing management access to a restricted set of IP addresses, and dedicating management of the device to the management interface only.","supportingMedia":{"value":"This issue is available only to web interface authenticated users. Palo Alto Networks recommends implementing best practices, only allowing management access to a restricted set of IP addresses, and dedicating management of the device to the management interface only.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 5.0.19 and later; PAN-OS 5.1.12 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.12 and later; PAN-OS 7.0.8 and later","supportingMedia":{"value":"PAN-OS 5.0.19 and later; PAN-OS 5.1.12 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.12 and later; PAN-OS 7.0.8 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2016-0013","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-07-14T22:30:00.000Z","dateReserved":"2016-07-14T22:30:00.000Z"},"containers":{"cna":{"title":"Captive Portal denial of service","datePublic":"2016-07-14T22:30:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"You can configure Palo Alto Networks firewalls to host a web-based Captive Portal to authenticate users. A denial of service condition was identified in this subsystem (Ref. 92413).\nA third party user could remotely disrupt the captive portal’s operation, provoking a delay before it resumes normal operations.\nThis issue affects PAN-OS 5.0.18 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.11 and earlier; PAN-OS 7.0.6 and earlier; PAN-OS 7.1.1 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>You can configure Palo Alto Networks firewalls to host a web-based Captive Portal to authenticate users. A denial of service condition was identified in this subsystem (Ref. 92413).\nA third party user could remotely disrupt the captive portal’s operation, provoking a delay before it resumes normal operations.\nThis issue affects PAN-OS 5.0.18 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.11 and earlier; PAN-OS 7.0.6 and earlier; PAN-OS 7.1.1 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.18","versionType":"custom","changes":[{"at":"5.0.19","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.13","versionType":"custom","changes":[{"at":"6.0.14","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.11","versionType":"custom","changes":[{"at":"6.1.12","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.6","versionType":"custom","changes":[{"at":"7.0.7","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.1","versionType":"custom","changes":[{"at":"7.1.2","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2016-0013"}],"credits":[{"lang":"en","value":"Felix Wilhelm, ERNW Research"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Captive Portal denial of service"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["92413"],"advisory":"PAN-SA-2016-0013","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 5.0.19 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.12 and later; PAN-OS 7.0.7 and later; PAN-OS 7.1.2 and later","supportingMedia":{"value":"PAN-OS 5.0.19 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.12 and later; PAN-OS 7.0.7 and later; PAN-OS 7.1.2 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2016-1712","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-07-13T18:30:00.000Z","dateReserved":"2016-07-13T18:30:00.000Z"},"containers":{"cna":{"title":"Local privilege escalation","datePublic":"2016-07-13T18:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:44","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"Palo Alto Networks firewalls do not properly sanitize the root_reboot local invocation which can potentially allow executing code with higher privileges (Ref. 92293) (CVE-2016-1712).\nExploitation of this privilege escalation is restricted to local users. Potential attackers would have to first obtain a shell on the device before they could attempt to escalate privileges through this vulnerability.\nThis issue affects PAN-OS 5.0.18 and earlier; PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.11 and earlier; PAN-OS 7.0.7 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks firewalls do not properly sanitize the root_reboot local invocation which can potentially allow executing code with higher privileges (Ref. 92293) (CVE-2016-1712).\nExploitation of this privilege escalation is restricted to local users. Potential attackers would have to first obtain a shell on the device before they could attempt to escalate privileges through this vulnerability.\nThis issue affects PAN-OS 5.0.18 and earlier; PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.11 and earlier; PAN-OS 7.0.7 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.11","PAN-OS 6.1.10","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.18","versionType":"custom","changes":[{"at":"5.0.19","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.11","versionType":"custom","changes":[{"at":"5.1.12","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.13","versionType":"custom","changes":[{"at":"6.0.14","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.11","versionType":"custom","changes":[{"at":"6.1.12","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.7","versionType":"custom","changes":[{"at":"7.0.8","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2016-1712"}],"credits":[{"lang":"en","value":"Kasif Dekel, CheckPoint Security Team"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["92293"],"advisory":"PAN-SA-2016-0012","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 5.0.19 and later; PAN-OS 5.1.12 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.12 and later; PAN-OS 7.0.8 and later","supportingMedia":{"value":"PAN-OS 5.0.19 and later; PAN-OS 5.1.12 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.12 and later; PAN-OS 7.0.8 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2016-0011","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-07-12T17:30:00.000Z","dateReserved":"2016-07-12T17:30:00.000Z"},"containers":{"cna":{"title":"OpenSSH vulnerabilities","datePublic":"2016-07-12T17:30:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"OpenSSH contains two vulnerabilities (CVE-2016-0777 and CVE-2016-0778) affecting the SSH client roaming feature when connecting to a malicious server. Exploitation of this issue can leak portions of memory from the SSH client process. (Ref # 90508)\nThe Palo Alto Networks firewall outbound SSH client offers only the user/password authentication scheme and, therefore, does not expose a potential SSH private key.\nThis issue affects PAN-OS 7.0.9 and earlier; PAN-OS 7.1.2 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>OpenSSH contains two vulnerabilities (CVE-2016-0777 and CVE-2016-0778) affecting the SSH client roaming feature when connecting to a malicious server. Exploitation of this issue can leak portions of memory from the SSH client process. (Ref # 90508)\nThe Palo Alto Networks firewall outbound SSH client offers only the user/password authentication scheme and, therefore, does not expose a potential SSH private key.\nThis issue affects PAN-OS 7.0.9 and earlier; PAN-OS 7.1.2 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 7.1.2","PAN-OS 7.1.1","PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.9","versionType":"custom","changes":[{"at":"7.0.10","status":"unaffected"}]},{"version":"7.1","status":"affected","lessThanOrEqual":"7.1.2","versionType":"custom","changes":[{"at":"7.1.3","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2016-0011"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer","cweId":"CWE-119"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["90508"],"advisory":"PAN-SA-2016-0011","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"These vulnerabilities affect PAN-OS only when initiating a connection to a malicious server. Palo Alto Networks discourages establishing SSH sessions to unknown or untrusted servers.","supportingMedia":{"value":"These vulnerabilities affect PAN-OS only when initiating a connection to a malicious server. Palo Alto Networks discourages establishing SSH sessions to unknown or untrusted servers.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.0.10 and later; PAN-OS 7.1.3 and later","supportingMedia":{"value":"PAN-OS 7.0.10 and later; PAN-OS 7.1.3 and later","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2016-0006","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-04-18T16:00:00.000Z","dateReserved":"2016-04-18T16:00:00.000Z"},"containers":{"cna":{"title":"HTTP Header Evasion","datePublic":"2016-04-18T16:00:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"An evasion was identified whereby a user could specially craft an HTTP header to evade URL filtering on Palo Alto Networks firewalls. (Ref #93838)\nThe HTTP header evasion technique can be used by a malicious insider to bypass URL filtering policy.  It is not a product vulnerability that affects the security or integrity of the firewall itself. Most legitimate web servers will not accept such incoming packets. The evasion is only possible if the destination web server does not perform basic checks on the request. Note that this evasion cannot be used to attack and penetrate a network from the outside. It can only be used by a malicious insider to evade URL filtering from the inside of the protected network.\nThis issue affects PAN-OS releases 5.0.X; 6.0.X; 6.1.X; 7.0.X and 7.1.0","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An evasion was identified whereby a user could specially craft an HTTP header to evade URL filtering on Palo Alto Networks firewalls. (Ref #93838)\nThe HTTP header evasion technique can be used by a malicious insider to bypass URL filtering policy.  It is not a product vulnerability that affects the security or integrity of the firewall itself. Most legitimate web servers will not accept such incoming packets. The evasion is only possible if the destination web server does not perform basic checks on the request. Note that this evasion cannot be used to attack and penetrate a network from the outside. It can only be used by a malicious insider to evade URL filtering from the inside of the protected network.\nThis issue affects PAN-OS releases 5.0.X; 6.0.X; 6.1.X; 7.0.X and 7.1.0</pre>"}]}],"x_affectedList":["PAN-OS 7.1.0","PAN-OS 7.1","PAN-OS 7.0.19","PAN-OS 7.0.18","PAN-OS 7.0.17","PAN-OS 7.0.16","PAN-OS 7.0.15","PAN-OS 7.0.14","PAN-OS 7.0.13","PAN-OS 7.0.12","PAN-OS 7.0.11","PAN-OS 7.0.10","PAN-OS 7.0.9","PAN-OS 7.0.8","PAN-OS 7.0.7","PAN-OS 7.0.6","PAN-OS 7.0.5-h2","PAN-OS 7.0.5-h1","PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.0.15","PAN-OS 6.0.14","PAN-OS 6.0.13","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0.*","status":"affected"},{"version":"6.0.*","status":"affected"},{"version":"7.0.*","status":"affected"},{"version":"7.1.0","status":"affected"},{"version":"7.1.1","status":"unaffected","lessThan":"7.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2016-0006"}],"credits":[{"lang":"en","value":"Matthew Pozun - Senior Engineer – Information Security, Verisign. Stas Volfus, Bugsec"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.6,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"HTTP Header Evasion"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["93838"],"advisory":"PAN-SA-2016-0006","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Customers concerned with this evasion that do not deploy the solution available in PAN-OS 7.1.1 are advised to take the following actions to help mitigate the potential impact of malicious insiders or compromised hosts that may choose to use this evasion technique: (1) Enable SSL certificate checking even for non-decrypted traffic and enforce certificates issued by trusted CAs only. (2) Make sure antivirus, vulnerability, and anti-spyware profiles are applied to all allowed web traffic. (3) Ensure that content packages containing antivirus, vulnerability and anti-spyware protections are up-to-date and configured to update frequently.","supportingMedia":{"value":"Customers concerned with this evasion that do not deploy the solution available in PAN-OS 7.1.1 are advised to take the following actions to help mitigate the potential impact of malicious insiders or compromised hosts that may choose to use this evasion technique: (1) Enable SSL certificate checking even for non-decrypted traffic and enforce certificates issued by trusted CAs only. (2) Make sure antivirus, vulnerability, and anti-spyware profiles are applied to all allowed web traffic. (3) Ensure that content packages containing antivirus, vulnerability and anti-spyware protections are up-to-date and configured to update frequently.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS releases 7.1.1 and newer. Customers concerned with this evasion technique are advised to upgrade to PAN-OS 7.1.1 and to enable threat signatures #14984 and #14978.  The use of the DNS proxy feature is also recommended for improved accuracy.  More details can be found at https://live.paloaltonetworks.com/t5/Notices-and-Service/Information-regarding-TLS-HTTP-header-evasion/ta-p/76562","supportingMedia":{"value":"PAN-OS releases 7.1.1 and newer. Customers concerned with this evasion technique are advised to upgrade to PAN-OS 7.1.1 and to enable threat signatures #14984 and #14978.  The use of the DNS proxy feature is also recommended for improved accuracy.  More details can be found at https://live.paloaltonetworks.com/t5/Notices-and-Service/Information-regarding-TLS-HTTP-header-evasion/ta-p/76562","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2016-3657","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-02-24T18:30:00.000Z","dateReserved":"2016-02-24T18:30:00.000Z"},"containers":{"cna":{"title":"Unauthenticated Buffer Overflow in GlobalProtect/SSL VPN Web Interface","datePublic":"2016-02-24T18:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:44","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"When a PAN-OS device is configured as a GlobalProtect portal, a vulnerability exists where an improper handling of a buffer involved in the processing of SSL VPN requests can result in device crash and possible remote code execution.  (Ref. #89752) (CVE-2016-3657)\nAn attacker with network access to the vulnerable GlobalProtect portal may be able to perform a denial-of-service (DoS) attack on the device, and may be able to perform remote code execution on the affected device.\nThis issue affects PAN-OS releases 5.0.17 and prior; 6.0.12 and prior; 6.1.9 and prior; 7.0.4 and prior","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>When a PAN-OS device is configured as a GlobalProtect portal, a vulnerability exists where an improper handling of a buffer involved in the processing of SSL VPN requests can result in device crash and possible remote code execution.  (Ref. #89752) (CVE-2016-3657)\nAn attacker with network access to the vulnerable GlobalProtect portal may be able to perform a denial-of-service (DoS) attack on the device, and may be able to perform remote code execution on the affected device.\nThis issue affects PAN-OS releases 5.0.17 and prior; 6.0.12 and prior; 6.1.9 and prior; 7.0.4 and prior</pre>"}]}],"x_affectedList":["PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.17","versionType":"custom","changes":[{"at":"5.0.18","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.12","versionType":"custom","changes":[{"at":"6.0.13","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.9","versionType":"custom","changes":[{"at":"6.1.10","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.4","versionType":"custom","changes":[{"at":"7.0.5","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2016-3657"}],"credits":[{"lang":"en","value":"Felix Wilhelm, ERNW Research"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer","cweId":"CWE-119"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["89752"],"advisory":"PAN-SA-2016-0005","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Emergency content update 563 contains an IPS signature (#38902) that can be used as an interim mitigation to protect PAN-OS devices until the device software is upgraded.  Note that signatures 38902 must be applied to a firewall rule securing traffic destined for the GlobalProtect portal.  The GlobalProtect portal should only be present once per installation, limiting the organization’s exposure to this issue. This issue can be further mitigated by disabling the affected optional “login page” in the GlobalProtect portal configuration, and distribution of the client side software may be performed through alternative means such as GPO or network share while the PAN-OS patch is applied.","supportingMedia":{"value":"Emergency content update 563 contains an IPS signature (#38902) that can be used as an interim mitigation to protect PAN-OS devices until the device software is upgraded.  Note that signatures 38902 must be applied to a firewall rule securing traffic destined for the GlobalProtect portal.  The GlobalProtect portal should only be present once per installation, limiting the organization’s exposure to this issue. This issue can be further mitigated by disabling the affected optional “login page” in the GlobalProtect portal configuration, and distribution of the client side software may be performed through alternative means such as GPO or network share while the PAN-OS patch is applied.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS releases 5.0.18 and newer; 6.0.13 and newer; 6.1.10 and newer; 7.0.5 and newer","supportingMedia":{"value":"PAN-OS releases 5.0.18 and newer; 6.0.13 and newer; 6.1.10 and newer; 7.0.5 and newer","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2016-3655","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-02-24T18:30:00.000Z","dateReserved":"2016-02-24T18:30:00.000Z"},"containers":{"cna":{"title":"Unauthenticated Command Injection in Management Web Interface","datePublic":"2016-02-24T18:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:44","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"Palo Alto Networks PAN-OS implements an API to enable programmatic device configuration and administration of the device. An issue was identified where the management API incorrectly parses input to a specific API call, leading to execution of arbitrary OS commands without authentication via the management interface. (Ref. #89717) (CVE-2016-3655)\nThis issue can be exploited remotely by an unauthenticated user with network access to the device management web-based API\nThis issue affects PAN-OS releases 5.0.17 and prior; 6.0.12 and prior; 6.1.9 and prior; 7.0.4 and prior","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks PAN-OS implements an API to enable programmatic device configuration and administration of the device. An issue was identified where the management API incorrectly parses input to a specific API call, leading to execution of arbitrary OS commands without authentication via the management interface. (Ref. #89717) (CVE-2016-3655)\nThis issue can be exploited remotely by an unauthenticated user with network access to the device management web-based API\nThis issue affects PAN-OS releases 5.0.17 and prior; 6.0.12 and prior; 6.1.9 and prior; 7.0.4 and prior</pre>"}]}],"x_affectedList":["PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.17","versionType":"custom","changes":[{"at":"5.0.18","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.12","versionType":"custom","changes":[{"at":"6.0.13","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.9","versionType":"custom","changes":[{"at":"6.1.10","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.4","versionType":"custom","changes":[{"at":"7.0.5","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2016-3655"}],"credits":[{"lang":"en","value":"Felix Wilhelm, ERNW Research"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["89717"],"advisory":"PAN-SA-2016-0003","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Emergency content update 563 contains an IPS signature (#38904) that can be used as an interim mitigation to protect PAN-OS devices until the device software is upgraded.  Note that signatures 38904 must be applied to a firewall rule securing traffic destined for the device management web interface, and decryption must be applied. This issue is further mitigated by following security appliance management best practices, requiring that network access to the management interfaces be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"Emergency content update 563 contains an IPS signature (#38904) that can be used as an interim mitigation to protect PAN-OS devices until the device software is upgraded.  Note that signatures 38904 must be applied to a firewall rule securing traffic destined for the device management web interface, and decryption must be applied. This issue is further mitigated by following security appliance management best practices, requiring that network access to the management interfaces be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS releases 5.0.18 and newer; 6.0.13 and newer; 6.1.10 and newer; 7.0.5 and newer","supportingMedia":{"value":"PAN-OS releases 5.0.18 and newer; 6.0.13 and newer; 6.1.10 and newer; 7.0.5 and newer","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2016-3654","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-02-24T18:30:00.000Z","dateReserved":"2016-02-24T18:30:00.000Z"},"containers":{"cna":{"title":"Command Injection in Command Line Interface","datePublic":"2016-02-24T18:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:44","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"Palo Alto Networks firewalls implement a command line interface for interactive configuration through a serial interface or a remote SSH session. An issue was identified that can cause incorrect parsing of a specific SSH command parameter, leading to arbitrary command execution on the OS level. This vulnerability requires successful authentication but can be used to execute OS commands with root privileges if the logged on user has administrative privileges. (Ref #89706) (CVE-2016-3654)\nThis vulnerability is exploitable only by authenticated administrators that are granted access to the device management CLI.\nThis issue affects PAN-OS releases 5.0.17 and prior; 5.1.10 and prior; 6.0.12 and prior; 6.1.9 and prior; 7.0.5 and prior","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks firewalls implement a command line interface for interactive configuration through a serial interface or a remote SSH session. An issue was identified that can cause incorrect parsing of a specific SSH command parameter, leading to arbitrary command execution on the OS level. This vulnerability requires successful authentication but can be used to execute OS commands with root privileges if the logged on user has administrative privileges. (Ref #89706) (CVE-2016-3654)\nThis vulnerability is exploitable only by authenticated administrators that are granted access to the device management CLI.\nThis issue affects PAN-OS releases 5.0.17 and prior; 5.1.10 and prior; 6.0.12 and prior; 6.1.9 and prior; 7.0.5 and prior</pre>"}]}],"x_affectedList":["PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.17","versionType":"custom","changes":[{"at":"5.0.18","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.10","versionType":"custom","changes":[{"at":"5.1.11","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.12","versionType":"custom","changes":[{"at":"6.0.13","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.9","versionType":"custom","changes":[{"at":"6.1.10","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.5","versionType":"custom","changes":[{"at":"7.0.5H2","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2016-3654"}],"credits":[{"lang":"en","value":"Felix Wilhelm, ERNW Research"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["89706"],"advisory":"PAN-SA-2016-0002","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue only affects authenticated device users and Panorama users with CLI access enabled. Deployments making use of Role-Based Access Control (RBAC) do not offer CLI access by default. As a best practice, CLI access should be carefully considered, and granted only when necessary to privileged administrators.","supportingMedia":{"value":"This issue only affects authenticated device users and Panorama users with CLI access enabled. Deployments making use of Role-Based Access Control (RBAC) do not offer CLI access by default. As a best practice, CLI access should be carefully considered, and granted only when necessary to privileged administrators.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS releases 5.0.18 and newer; 5.1.11 and newer; 6.0.13 and newer; 6.1.10 and newer; 7.0.5H2 and newer","supportingMedia":{"value":"PAN-OS releases 5.0.18 and newer; 5.1.11 and newer; 6.0.13 and newer; 6.1.10 and newer; 7.0.5H2 and newer","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2016-3656","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2016-02-24T18:30:00.000Z","dateReserved":"2016-02-24T18:30:00.000Z"},"containers":{"cna":{"title":"Unauthenticated Stack Exhaustion in GlobalProtect/SSL VPN Web Interface","datePublic":"2016-02-24T18:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:44","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"When a PAN-OS device is configured as a GlobalProtect web portal, a specially crafted request to the portal could result in a crash of the service.  (Ref. #89750) (CVE-2016-3656)\nThis issue can be exploited remotely by an attacker with network access to the GlobalProtect portal in order to cause a denial-of-service (DoS) via a service crash.\nThis issue affects PAN-OS releases 5.0.17 and prior; 6.0.12 and prior; 6.1.9 and prior; 7.0.5 and prior","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>When a PAN-OS device is configured as a GlobalProtect web portal, a specially crafted request to the portal could result in a crash of the service.  (Ref. #89750) (CVE-2016-3656)\nThis issue can be exploited remotely by an attacker with network access to the GlobalProtect portal in order to cause a denial-of-service (DoS) via a service crash.\nThis issue affects PAN-OS releases 5.0.17 and prior; 6.0.12 and prior; 6.1.9 and prior; 7.0.5 and prior</pre>"}]}],"x_affectedList":["PAN-OS 7.0.5","PAN-OS 7.0.4","PAN-OS 7.0.3","PAN-OS 7.0.2","PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.9","PAN-OS 6.1.8","PAN-OS 6.1.7","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.12","PAN-OS 6.0.11","PAN-OS 6.0.10","PAN-OS 6.0.9","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.17","versionType":"custom","changes":[{"at":"5.0.18","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.12","versionType":"custom","changes":[{"at":"6.0.13","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.9","versionType":"custom","changes":[{"at":"6.1.10","status":"unaffected"}]},{"version":"7.0","status":"affected","lessThanOrEqual":"7.0.5","versionType":"custom","changes":[{"at":"7.0.5H2","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2016-3656"}],"credits":[{"lang":"en","value":"Felix Wilhelm, ERNW Research"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer","cweId":"CWE-119"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["89750"],"advisory":"PAN-SA-2016-0004","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Emergency content update 563 contains an IPS signature (#38903) that can be used as an interim mitigation to protect PAN-OS devices until the device software is upgraded.  Note that signatures 38903 must be applied to a firewall rule securing traffic destined for the GlobalProtect portal.  The GlobalProtect portal should only be present once per installation, limiting the organization’s exposure to this issue. This issue can be further mitigated by disabling the affected optional “login page” in the GlobalProtect portal configuration, and distribution of the client side software may be performed through alternative means such as GPO or network share while the PAN-OS patch is applied.","supportingMedia":{"value":"Emergency content update 563 contains an IPS signature (#38903) that can be used as an interim mitigation to protect PAN-OS devices until the device software is upgraded.  Note that signatures 38903 must be applied to a firewall rule securing traffic destined for the GlobalProtect portal.  The GlobalProtect portal should only be present once per installation, limiting the organization’s exposure to this issue. This issue can be further mitigated by disabling the affected optional “login page” in the GlobalProtect portal configuration, and distribution of the client side software may be performed through alternative means such as GPO or network share while the PAN-OS patch is applied.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS releases 5.0.18 and newer; 6.0.13 and newer; 6.1.10 and newer; 7.0.5H2 and newer","supportingMedia":{"value":"PAN-OS releases 5.0.18 and newer; 6.0.13 and newer; 6.1.10 and newer; 7.0.5H2 and newer","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2015-0006","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2015-11-09T08:00:00.000Z","dateReserved":"2015-11-09T08:00:00.000Z"},"containers":{"cna":{"title":"API key automatic revocation","datePublic":"2015-11-09T08:00:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"An issue has been identified in PAN-OS that prevents old management API keys for local administrator accounts from being invalidated upon password change until the device is rebooted. This issue can create a period of time during which an administrator changes the account password, thus creating a new API key, but the old API key is still valid until device reboot.\nThis issue affects the management interface of the device. Network security best practices suggest administering security devices from an out-of-band network, reducing the exposed attack surface.\nThis issue affects PAN-OS versions prior to PAN-OS 7.0.2 and PAN-OS 6.1.7","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An issue has been identified in PAN-OS that prevents old management API keys for local administrator accounts from being invalidated upon password change until the device is rebooted. This issue can create a period of time during which an administrator changes the account password, thus creating a new API key, but the old API key is still valid until device reboot.\nThis issue affects the management interface of the device. Network security best practices suggest administering security devices from an out-of-band network, reducing the exposed attack surface.\nThis issue affects PAN-OS versions prior to PAN-OS 7.0.2 and PAN-OS 6.1.7</pre>"}]}],"x_affectedList":["PAN-OS 7.0.1","PAN-OS 7.0","PAN-OS 6.1.6","PAN-OS 6.1.5","PAN-OS 6.1.4","PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.0.2","status":"unaffected","lessThan":"7.0*","versionType":"custom"},{"version":"6.1.7","status":"unaffected","lessThan":"6.1*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2015-0006"}],"credits":[{"lang":"en","value":"Raul Garcia, Dell SecureWorks"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":2.2,"baseSeverity":"LOW"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"API key automatic revocation"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"advisory":"PAN-SA-2015-0006","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue only affects local device administrator accounts, not remote accounts such as LDAP or RADIUS.  Administrators are advised to upgrade to PAN-OS 7.0.2 or 6.1.7 to correct the issue. As a mitigation for affected software versions, administrators may restart the management server of the device after administrator account password changes using the below cli command:\n> debug software restart process management-server","supportingMedia":{"value":"This issue only affects local device administrator accounts, not remote accounts such as LDAP or RADIUS.  Administrators are advised to upgrade to PAN-OS 7.0.2 or 6.1.7 to correct the issue. As a mitigation for affected software versions, administrators may restart the management server of the device after administrator account password changes using the below cli command:\n> debug software restart process management-server","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.0.2, PAN-OS 6.1.7 and subsequent releases.","supportingMedia":{"value":"PAN-OS 7.0.2, PAN-OS 6.1.7 and subsequent releases.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2015-0005","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2015-07-24T07:00:00.000Z","dateReserved":"2015-07-24T07:00:00.000Z"},"containers":{"cna":{"title":"Device management authentication bypass","datePublic":"2015-07-24T07:00:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"Devices running PAN-OS 7.0.0 (including Panorama) that are configured to use LDAP for captive portal or device management authentication do not properly perform authentication against the LDAP server in specific cases, leading to an authentication bypass.  There is no issue if you are using Radius or local authentication instead of LDAP or prior versions of PAN-OS; nor does this affect authentication attempts from GlobalProtect clients.\nThis vulnerability can lead to authentication bypass for captive portal or device management login attempts.\nThis issue only affects PAN-OS 7.0.0","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Devices running PAN-OS 7.0.0 (including Panorama) that are configured to use LDAP for captive portal or device management authentication do not properly perform authentication against the LDAP server in specific cases, leading to an authentication bypass.  There is no issue if you are using Radius or local authentication instead of LDAP or prior versions of PAN-OS; nor does this affect authentication attempts from GlobalProtect clients.\nThis vulnerability can lead to authentication bypass for captive portal or device management login attempts.\nThis issue only affects PAN-OS 7.0.0</pre>"}]}],"x_affectedList":["PAN-OS 7.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.0.0","status":"affected"},{"version":"7.0.1","status":"unaffected","lessThan":"7.0*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2015-0005"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Device management authentication bypass"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"advisory":"PAN-SA-2015-0005","discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"This issue only affects devices and Panorama configured to use LDAP for captive portal or device management authentication.  This issue is strongly mitigated by following security appliance management best practices, requiring that network access to the management interfaces be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue only affects devices and Panorama configured to use LDAP for captive portal or device management authentication.  This issue is strongly mitigated by following security appliance management best practices, requiring that network access to the management interfaces be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.0.1 and subsequent.","supportingMedia":{"value":"PAN-OS 7.0.1 and subsequent.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2015-4162","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2015-05-29T07:00:00.000Z","dateReserved":"2015-05-29T07:00:00.000Z"},"containers":{"cna":{"title":"XML External Entity (XXE) Vulnerability","datePublic":"2015-05-29T07:00:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:44","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"An XML parsing vulnerability exists in PAN-OS allowing a malicious user within PAN-OS to inject malicious XML data into the web-based device management front-end allowing the user to retrieve arbitrary content from the device.  The user must be an authenticated user issuing the request.  (Ref #71273)\nThis issue affects the management interface of the device, where an authenticated administrator injects malicious XML data into the web UI interface.\nThis issue affects PAN-OS 5.0.15 and earlier; PAN-OS 6.0.7 and earlier; PAN-OS 6.1.3 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An XML parsing vulnerability exists in PAN-OS allowing a malicious user within PAN-OS to inject malicious XML data into the web-based device management front-end allowing the user to retrieve arbitrary content from the device.  The user must be an authenticated user issuing the request.  (Ref #71273)\nThis issue affects the management interface of the device, where an authenticated administrator injects malicious XML data into the web UI interface.\nThis issue affects PAN-OS 5.0.15 and earlier; PAN-OS 6.0.7 and earlier; PAN-OS 6.1.3 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 6.1.3","PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.15","versionType":"custom","changes":[{"at":"5.0.16","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.7","versionType":"custom","changes":[{"at":"6.0.8","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.3","versionType":"custom","changes":[{"at":"6.1.4","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2015-4162"}],"credits":[{"lang":"en","value":"Iñaki Rodríguez"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"NVD-CWE-Other"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["71273"],"advisory":"PAN-SA-2015-0004","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 5.0.16; PAN-OS 6.0.8; PAN-OS 6.1.4","supportingMedia":{"value":"PAN-OS 5.0.16; PAN-OS 6.0.8; PAN-OS 6.1.4","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2015-0003","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2015-05-14T07:00:00.000Z","dateReserved":"2015-05-14T07:00:00.000Z"},"containers":{"cna":{"title":"Cross-site Scripting Vulnerability","datePublic":"2015-05-14T07:00:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"A cross-site scripting vulnerability exists in the web-based device management interface whereby data provided by the user is echoed back to the user without sanitization.  (Ref# 73638) \nThis issue affects the management interface of the device, where an authenticated administrator may be tricked into injecting malicious javascript into the web UI interface.\nThis issue affects PAN-OS 6.1.2 and earlier; PAN-OS 6.0.8 and earlier; PAN-OS 5.0.15 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A cross-site scripting vulnerability exists in the web-based device management interface whereby data provided by the user is echoed back to the user without sanitization.  (Ref# 73638) \nThis issue affects the management interface of the device, where an authenticated administrator may be tricked into injecting malicious javascript into the web UI interface.\nThis issue affects PAN-OS 6.1.2 and earlier; PAN-OS 6.0.8 and earlier; PAN-OS 5.0.15 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 6.1.2","PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.2","versionType":"custom","changes":[{"at":"6.1.3","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.8","versionType":"custom","changes":[{"at":"6.0.9","status":"unaffected"}]},{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.15","versionType":"custom","changes":[{"at":"5.0.16","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2015-0003"}],"credits":[{"lang":"en","value":"Avi Gimpel, Oded Vanunu, and Liad Mizrachi from Check Point Security Research Team; and Mohamed Keffous, Sogeti"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":5.7,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Cross-site Scripting (XSS)","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["73638"],"advisory":"PAN-SA-2015-0003","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.1.3; PAN-OS 6.0.9; PAN-OS 5.0.16","supportingMedia":{"value":"PAN-OS 6.1.3; PAN-OS 6.0.9; PAN-OS 5.0.16","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2015-0235","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2015-02-02T08:00:00.000Z","dateReserved":"2015-02-02T08:00:00.000Z"},"containers":{"cna":{"title":"GHOST: glibc vulnerability","datePublic":"2015-02-02T08:00:00.000Z","providerMetadata":{"dateUpdated":"2022-06-20T18:06:40","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"descriptions":[{"lang":"en","value":"The open source library “glibc” has been found to contain a recently discovered vulnerability (CVE-2015-0235, commonly referred to as “GHOST”) that has been demonstrated to enable remote code execution in some software.  Palo Alto Networks software makes use of the vulnerable library, however there is no known exploitable condition in PAN-OS software enabled by this vulnerability at the time of this advisory.  An update to PAN-OS will be made available that addresses CVE-2015-0235 in a regularly scheduled software maintenance update. (Ref # 74443)\nThe exploitability of CVE-2015-0235 on vulnerable systems is highly dependent on the architecture and design surrounding use of the vulnerable functions within the system, and exploitable conditions found across various open source software libraries have so far been exceedingly rare.  At the time of this advisory, Palo Alto Networks is not aware of any specific remotely exploitable condition enabled by this vulnerability that affects any Palo Alto Networks products.\nThis issue affects PAN-OS versions prior to PAN-OS 7.0.1","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The open source library “glibc” has been found to contain a recently discovered vulnerability (CVE-2015-0235, commonly referred to as “GHOST”) that has been demonstrated to enable remote code execution in some software.  Palo Alto Networks software makes use of the vulnerable library, however there is no known exploitable condition in PAN-OS software enabled by this vulnerability at the time of this advisory.  An update to PAN-OS will be made available that addresses CVE-2015-0235 in a regularly scheduled software maintenance update. (Ref # 74443)\nThe exploitability of CVE-2015-0235 on vulnerable systems is highly dependent on the architecture and design surrounding use of the vulnerable functions within the system, and exploitable conditions found across various open source software libraries have so far been exceedingly rare.  At the time of this advisory, Palo Alto Networks is not aware of any specific remotely exploitable condition enabled by this vulnerability that affects any Palo Alto Networks products.\nThis issue affects PAN-OS versions prior to PAN-OS 7.0.1</pre>"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"7.0.1","status":"unaffected","lessThan":"7.0*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2015-0235"}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer","cweId":"CWE-119"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["74443"],"advisory":"PAN-SA-2015-0002","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"N/A","supportingMedia":{"value":"N/A","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 7.0.1","supportingMedia":{"value":"PAN-OS 7.0.1","type":"text/html","base64":false}}],"timeline":[],"metrics":[{"cvssV3_1":{"version":"3.1","attackVector":"PHYSICAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE","vectorString":"CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N","baseScore":0,"baseSeverity":"NONE","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2014-8730","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2015-01-12T08:00:00.000Z","dateReserved":"2015-01-12T08:00:00.000Z"},"containers":{"cna":{"title":"Padding-oracle attack on TLS CBC cipher mode","datePublic":"2015-01-12T08:00:00.000Z","providerMetadata":{"dateUpdated":"2016-12-30T16:57:01","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability affecting some implementations of TLS 1.x with CBC cipher modes has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions (CVE-2014-8730). This padding-oracle attack on TLS CBC cipher modes is a variant of the POODLE vulnerability, commonly known as “POODLE Bites”.  This issue is confirmed to affect PAN-OS implementation of TLS 1.x.  (Ref #72544)\nThe conditions of successful exploitation are similar to the POODLE and BEAST attacks, which require several conditions to be met for successful exploitation (i.e. the attacker requires a man-in-the-middle position in the network and must also be able to direct the victim client to send many repeated requests to the vulnerable server on behalf of the attacker via scripting, web sockets, or similar mechanism). Due to the conditions required of a successful attack scenario, the risk of exploitation is not particularly high. More information can be found in Microsoft Security Advisory 3009008 (https://technet.microsoft.com/library/security/3009008).\nThis issue affects PAN-OS 6.1.1 and earlier; PAN-OS 6.0.8 and earlier; PAN-OS 5.0.15 and earlier","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability affecting some implementations of TLS 1.x with CBC cipher modes has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions (CVE-2014-8730). This padding-oracle attack on TLS CBC cipher modes is a variant of the POODLE vulnerability, commonly known as “POODLE Bites”.  This issue is confirmed to affect PAN-OS implementation of TLS 1.x.  (Ref #72544)\nThe conditions of successful exploitation are similar to the POODLE and BEAST attacks, which require several conditions to be met for successful exploitation (i.e. the attacker requires a man-in-the-middle position in the network and must also be able to direct the victim client to send many repeated requests to the vulnerable server on behalf of the attacker via scripting, web sockets, or similar mechanism). Due to the conditions required of a successful attack scenario, the risk of exploitation is not particularly high. More information can be found in Microsoft Security Advisory 3009008 (https://technet.microsoft.com/library/security/3009008).\nThis issue affects PAN-OS 6.1.1 and earlier; PAN-OS 6.0.8 and earlier; PAN-OS 5.0.15 and earlier</pre>"}]}],"x_affectedList":["PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.8","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.1","versionType":"custom"},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.8","versionType":"custom"},{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.15","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2014-8730"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":3.7,"baseSeverity":"LOW"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-310","cweId":"CWE-310"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["72544"],"advisory":"PAN-SA-2015-0001","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Customers can enable signature 37144 (“POODLE Bites Vulnerability”) to block attempted TLS sessions using CBC mode on firewall policy securing traffic to sensitive services (e.g. device management). Support for deprecated cipher suites should be disabled on all clients where possible. Device management services should also be restricted to a dedicated vlan or otherwise segmented trusted network to prevent exposure to untrusted hosts where possible.","supportingMedia":{"value":"Customers can enable signature 37144 (“POODLE Bites Vulnerability”) to block attempted TLS sessions using CBC mode on firewall policy securing traffic to sensitive services (e.g. device management). Support for deprecated cipher suites should be disabled on all clients where possible. Device management services should also be restricted to a dedicated vlan or otherwise segmented trusted network to prevent exposure to untrusted hosts where possible.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"A patch for the issue described in this bulletin will be made available in a regularly scheduled maintenance update for each supported release of PAN-OS.  This bulletin will be updated as the releases are made available.","supportingMedia":{"value":"A patch for the issue described in this bulletin will be made available in a regularly scheduled maintenance update for each supported release of PAN-OS.  This bulletin will be updated as the releases are made available.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2014-3764","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2014-12-22T08:00:00.000Z","dateReserved":"2014-12-22T08:00:00.000Z"},"containers":{"cna":{"title":"Cross-site scripting vulnerability","datePublic":"2014-12-22T08:00:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:44","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A cross-site scripting vulnerability exists in the web-based device management interface whereby data provided by the user is echoed back to the user without sanitization. (Ref # 64563).  This vulnerability has been assigned CVE-2014-3764.\nThis issue affects the management interface of the device, where an authenticated administrator may be tricked into injecting malicious javascript into the web UI interface.\nThis issue affects PAN-OS version 6.0.5 and earlier; 5.1.9 and earlier; 5.0.14 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A cross-site scripting vulnerability exists in the web-based device management interface whereby data provided by the user is echoed back to the user without sanitization. (Ref # 64563).  This vulnerability has been assigned CVE-2014-3764.\nThis issue affects the management interface of the device, where an authenticated administrator may be tricked into injecting malicious javascript into the web UI interface.\nThis issue affects PAN-OS version 6.0.5 and earlier; 5.1.9 and earlier; 5.0.14 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.5","versionType":"custom","changes":[{"at":"6.0.6","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.9","versionType":"custom","changes":[{"at":"5.1.10","status":"unaffected"}]},{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.14","versionType":"custom","changes":[{"at":"5.0.15","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2014-3764"}],"credits":[{"lang":"en","value":"Avi Gimpel & Oded Vanunu, Check Point Security Research Team"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["64563"],"advisory":"PAN-SA-2014-0007","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device. Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device. Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.0.6; PAN-OS 5.0.15; PAN-OS 5.1.10","supportingMedia":{"value":"PAN-OS 6.0.6; PAN-OS 5.0.15; PAN-OS 5.1.10","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2014-3566","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2014-10-20T07:00:00.000Z","dateReserved":"2014-10-20T07:00:00.000Z"},"containers":{"cna":{"title":"SSL 3.0 MITM Attack","datePublic":"2014-10-20T07:00:00.000Z","providerMetadata":{"dateUpdated":"2021-11-05T16:29:26","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"descriptions":[{"lang":"en","value":"A vulnerability affecting most implementations of SSL 3.0 has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions (CVE-2014-3566).  The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.  More information can be found at: https://www.openssl.org/~bodo/ssl-poodle.pdf.  SSL 3.0 is a supported protocol in PAN-OS services including device management and SSL VPN.\nThe conditions of successful exploitation are somewhat similar to the BEAST attack, which requires several conditions to be met for successful exploitation (i.e. the attacker requires a man-in-the-middle position in the network and must also be able to direct the victim client to send many repeated requests to the vulnerable server on behalf of the attacker via scripting, web sockets, or similar mechanism).  Due to the conditions required of a successful attack scenario, the risk of exploitation is not particularly high.  More information can be found in Microsoft Security Advisory 3009008 (https://technet.microsoft.com/library/security/3009008).\nThis issue affects PAN-OS 6.1.1 and earlier; PAN-OS 6.0.7 and earlier; PAN-OS 5.1.x and PAN-OS 5.0.x.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability affecting most implementations of SSL 3.0 has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions (CVE-2014-3566).  The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.  More information can be found at: https://www.openssl.org/~bodo/ssl-poodle.pdf.  SSL 3.0 is a supported protocol in PAN-OS services including device management and SSL VPN.\nThe conditions of successful exploitation are somewhat similar to the BEAST attack, which requires several conditions to be met for successful exploitation (i.e. the attacker requires a man-in-the-middle position in the network and must also be able to direct the victim client to send many repeated requests to the vulnerable server on behalf of the attacker via scripting, web sockets, or similar mechanism).  Due to the conditions required of a successful attack scenario, the risk of exploitation is not particularly high.  More information can be found in Microsoft Security Advisory 3009008 (https://technet.microsoft.com/library/security/3009008).\nThis issue affects PAN-OS 6.1.1 and earlier; PAN-OS 6.0.7 and earlier; PAN-OS 5.1.x and PAN-OS 5.0.x.</pre>"}]}],"x_affectedList":["PAN-OS 6.1.1","PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.7","PAN-OS 6.0.6","PAN-OS 6.0.5-h3","PAN-OS 6.0.5-h2","PAN-OS 6.0.5-h1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.1","versionType":"custom","changes":[{"at":"6.1.2.","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.7","versionType":"custom","changes":[{"at":"6.0.8","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2014-3566"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.4,"baseSeverity":"LOW"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-310","cweId":"CWE-310"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"advisory":"PAN-SA-2014-0005","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Customers can enable signature 36815 (“SSLv3 Found in Server Response”) to block attempted SSL 3.0 sessions, and apply this IPS policy to sensitive traffic including device management services.\n\nSupport for SSL 3.0 should be disabled on all clients where possible.\n\nDevice management services should also be restricted to a dedicated vlan or otherwise segmented trusted network to prevent exposure to untrusted hosts where possible.","supportingMedia":{"value":"Customers can enable signature 36815 (“SSLv3 Found in Server Response”) to block attempted SSL 3.0 sessions, and apply this IPS policy to sensitive traffic including device management services.\n\nSupport for SSL 3.0 should be disabled on all clients where possible.\n\nDevice management services should also be restricted to a dedicated vlan or otherwise segmented trusted network to prevent exposure to untrusted hosts where possible.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"Patches are available for this issue in PAN-OS 6.0.8 and 6.1.2.","supportingMedia":{"value":"Patches are available for this issue in PAN-OS 6.0.8 and 6.1.2.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2014-0004","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2014-09-24T07:00:00.000Z","dateReserved":"2014-09-24T07:00:00.000Z"},"containers":{"cna":{"title":"Bash Shell remote code execution (CVE-2014-6271, CVE-2014-7169)","datePublic":"2014-09-24T07:00:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"Palo Alto Networks has become aware of a remote code execution vulnerability in the Bash shell utility.  This vulnerability (CVE-2014-6271) allows for remote code execution through multiple vectors due to the way Bash is often used on linux systems for processing commands.   Additional information can be found here:  http://seclists.org/oss-sec/2014/q3/650\n\nSuccessful attack requires that a user be able to add environmental variables to the bash environment.  This is possible only for PAN-OS users that successfully authenticate to PAN-OS via SSH.  Exploitation does not directly result in root access to the device, as injected commands are run with the OS privileges of the logged in user.  Critical PAN-OS data is only writeable by the root user.\nThis issue affects This issue affects PAN-OS and Panorama 5.0.14 and earlier; 5.1.9 and earlier; 6.0.5 and earlier; and 6.1.0 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Palo Alto Networks has become aware of a remote code execution vulnerability in the Bash shell utility.  This vulnerability (CVE-2014-6271) allows for remote code execution through multiple vectors due to the way Bash is often used on linux systems for processing commands.   Additional information can be found here:  http://seclists.org/oss-sec/2014/q3/650\n\nSuccessful attack requires that a user be able to add environmental variables to the bash environment.  This is possible only for PAN-OS users that successfully authenticate to PAN-OS via SSH.  Exploitation does not directly result in root access to the device, as injected commands are run with the OS privileges of the logged in user.  Critical PAN-OS data is only writeable by the root user.\nThis issue affects This issue affects PAN-OS and Panorama 5.0.14 and earlier; 5.1.9 and earlier; 6.0.5 and earlier; and 6.1.0 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 6.1.0","PAN-OS 6.1","PAN-OS 6.0.5","PAN-OS 6.0.4","PAN-OS 6.0.3","PAN-OS 6.0.2","PAN-OS 6.0.1","PAN-OS 6.0.0","PAN-OS 6.0","PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.14","versionType":"custom","changes":[{"at":"5.0.15","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.9","versionType":"custom","changes":[{"at":"5.1.10","status":"unaffected"}]},{"version":"6.0","status":"affected","lessThanOrEqual":"6.0.5","versionType":"custom","changes":[{"at":"6.0.6","status":"unaffected"}]},{"version":"6.1","status":"affected","lessThanOrEqual":"6.1.0","versionType":"custom","changes":[{"at":"6.1.1.","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2014-0004"}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"advisory":"PAN-SA-2014-0004","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This attack is mitigated by the fact that successful attack can only be performed by authenticated ssh PAN-OS users.  As an additional mitigation, administrators can disable SSH access on any/all management interfaces configured on the device.","supportingMedia":{"value":"This attack is mitigated by the fact that successful attack can only be performed by authenticated ssh PAN-OS users.  As an additional mitigation, administrators can disable SSH access on any/all management interfaces configured on the device.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS and Panorama 5.0.15; PAN-OS and Panorama 5.1.10; PAN-OS and Panorama 6.0.6; PAN-OS and Panorama 6.1.1.","supportingMedia":{"value":"PAN-OS and Panorama 5.0.15; PAN-OS and Panorama 5.1.10; PAN-OS and Panorama 6.0.6; PAN-OS and Panorama 6.1.1.","type":"text/html","base64":false}}],"timeline":[],"metrics":[{"cvssV3_1":{"version":"3.1","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N","baseScore":0,"baseSeverity":"NONE","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2014-0224","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2014-06-09T07:00:00.000Z","dateReserved":"2014-06-09T07:00:00.000Z"},"containers":{"cna":{"title":"OpenSSL Man-in-the-middle vulnerability","datePublic":"2014-06-09T07:00:00.000Z","providerMetadata":{"dateUpdated":"2021-11-05T16:47:29","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"descriptions":[{"lang":"en","value":"The Palo Alto Networks product security engineering team has completed analysis of our products' exposure to the vulnerabilities described in the OpenSSL Security Advisory dated June 5th, 2014.  Of the 7 CVEs highlighted in the advisory, only CVE-2014-0224 is relevant to our software.  The remaining vulnerabilities to not apply because we do not use or support use of Datagram Transport Layer Security (DTLS), nor do we use anonymous Elliptic curve Diffie-Hellman (ECDH) on our software clients.  Our exposure to CVE-2014-0224 is limited because both client and server must be vulnerable.  While our client-side is vulnerable, the server-side is not.  This limits exposure to potential man-in-the-middle (MITM) attacks only to sessions our software initiates with servers outside of our control that are running a vulnerable version of OpenSSL (OpenSSL 1.0.1 and 1.0.2-beta1).  As such, services that may be vulnerable to MITM depending on customer configuration include: firewall services using SSL configured to use a proxy running a vulnerable OpenSSL server, syslog over SSL to a syslog server running a  vulnerable OpenSSL server, and the User-ID agent connecting to a directory server running a vulnerable OpenSSL server.  GlobalProtect is not vulnerable because our portal and gateway servers are not vulnerable.\n\nIn response to these issues, Palo Alto Networks is including a patch to the OpenSSL software used across our products with the next scheduled maintenance release for all supported versions of PAN-OS / Panorama, User-ID agent, and GlobalProtect.  Users can mitigate their exposure by ensuring that any servers described above are not running vulnerable versions of OpenSSL (1.0.1 and 1.0.2-beta1).  If customers have any further questions related to product exposure to this OpenSSL security advisory, they can contact support.\nThis issue requires an attacker to be able to act as a man-in-the-middle to certain firewall services, such as syslog, User-ID agent, or services between PAN-OS / Panorama and a proxy.  The issue further requires that the servers that PAN-OS / Panorama initiates connections with to perform these services are also vulnerable to CVE-2014-0224.\n\nGlobalProtect VPN is not vulnerable, as the PAN-OS Portal and Gateway servers are not vulnerable.\nThis issue affects All versions of PAN-OS / Panorama.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The Palo Alto Networks product security engineering team has completed analysis of our products' exposure to the vulnerabilities described in the OpenSSL Security Advisory dated June 5th, 2014.  Of the 7 CVEs highlighted in the advisory, only CVE-2014-0224 is relevant to our software.  The remaining vulnerabilities to not apply because we do not use or support use of Datagram Transport Layer Security (DTLS), nor do we use anonymous Elliptic curve Diffie-Hellman (ECDH) on our software clients.  Our exposure to CVE-2014-0224 is limited because both client and server must be vulnerable.  While our client-side is vulnerable, the server-side is not.  This limits exposure to potential man-in-the-middle (MITM) attacks only to sessions our software initiates with servers outside of our control that are running a vulnerable version of OpenSSL (OpenSSL 1.0.1 and 1.0.2-beta1).  As such, services that may be vulnerable to MITM depending on customer configuration include: firewall services using SSL configured to use a proxy running a vulnerable OpenSSL server, syslog over SSL to a syslog server running a  vulnerable OpenSSL server, and the User-ID agent connecting to a directory server running a vulnerable OpenSSL server.  GlobalProtect is not vulnerable because our portal and gateway servers are not vulnerable.\n\nIn response to these issues, Palo Alto Networks is including a patch to the OpenSSL software used across our products with the next scheduled maintenance release for all supported versions of PAN-OS / Panorama, User-ID agent, and GlobalProtect.  Users can mitigate their exposure by ensuring that any servers described above are not running vulnerable versions of OpenSSL (1.0.1 and 1.0.2-beta1).  If customers have any further questions related to product exposure to this OpenSSL security advisory, they can contact support.\nThis issue requires an attacker to be able to act as a man-in-the-middle to certain firewall services, such as syslog, User-ID agent, or services between PAN-OS / Panorama and a proxy.  The issue further requires that the servers that PAN-OS / Panorama initiates connections with to perform these services are also vulnerable to CVE-2014-0224.\n\nGlobalProtect VPN is not vulnerable, as the PAN-OS Portal and Gateway servers are not vulnerable.\nThis issue affects All versions of PAN-OS / Panorama.</pre>"}]}],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"6.0.4","status":"unaffected","lessThan":"6.0*","versionType":"custom"},{"version":"5.1.9","status":"unaffected","lessThan":"5.1*","versionType":"custom"},{"version":"5.0.14.","status":"unaffected","lessThan":"5.0*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2014-0224"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.4,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-310","cweId":"CWE-310"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"advisory":"PAN-SA-2014-0003","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Services running over SSL from PAN-OS / Panorama to 3rd party servers (i.e. syslog server, directory services server) are only vulnerable to a possible MITM attack if the server is also vulnerable to CVE-2014-0224.  Ensure that the 3rd party service's server is not running a vulnerable version of OpenSSL (1.0.1 and 1.0.2-beta1).","supportingMedia":{"value":"Services running over SSL from PAN-OS / Panorama to 3rd party servers (i.e. syslog server, directory services server) are only vulnerable to a possible MITM attack if the server is also vulnerable to CVE-2014-0224.  Ensure that the 3rd party service's server is not running a vulnerable version of OpenSSL (1.0.1 and 1.0.2-beta1).","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 6.0.4; PAN-OS 5.1.9; PAN-OS 5.0.14.","supportingMedia":{"value":"PAN-OS 6.0.4; PAN-OS 5.1.9; PAN-OS 5.0.14.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2014-0002","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2014-01-29T23:00:00.000Z","dateReserved":"2014-01-29T23:00:00.000Z"},"containers":{"cna":{"title":"Cross-site Scripting Vulnerability","datePublic":"2014-01-29T23:00:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"A cross-site scripting vulnerability exists in the web-based device management interface whereby data provided by the user is echoed back to the user without sanitization.  (Ref # 59010)\nThis issue affects the management interface of the device, requiring a malicious administrator to upload malicious script to the device.\nThis issue affects PAN-OS version 5.0.9 and earlier; 5.1.4 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A cross-site scripting vulnerability exists in the web-based device management interface whereby data provided by the user is echoed back to the user without sanitization.  (Ref # 59010)\nThis issue affects the management interface of the device, requiring a malicious administrator to upload malicious script to the device.\nThis issue affects PAN-OS version 5.0.9 and earlier; 5.1.4 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 5.1","PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.9","versionType":"custom","changes":[{"at":"5.0.10","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.4","versionType":"custom","changes":[{"at":"5.1.5","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2014-0002"}],"credits":[{"lang":"en","value":"Anton Ziukin, Check Point Vulnerability Research Team"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Cross-site Scripting (XSS)","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["59010"],"advisory":"PAN-SA-2014-0002","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device. Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device. Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 5.0.10 and 5.1.5 address this issue.","supportingMedia":{"value":"PAN-OS 5.0.10 and 5.1.5 address this issue.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"PAN-SA-2014-0001","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2014-01-29T23:00:00.000Z","dateReserved":"2014-01-29T23:00:00.000Z"},"containers":{"cna":{"title":"Management API Key Bypass","datePublic":"2014-01-29T23:00:00.000Z","providerMetadata":{"orgId":"Not found","shortName":"Not found","dateUpdated":"2024-11-20T00:00:00"},"descriptions":[{"lang":"en","value":"An XML API key can be bypassed if a session has been authorized. This can be used in a CSRF or XSS attack.  (Ref # 58976)\nThis issue requires an authenticated administrator session to be successful.\nThis issue affects PAN-OS version 4.1.15 and earlier; 5.0.9 and earlier; 5.1.4 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An XML API key can be bypassed if a session has been authorized. This can be used in a CSRF or XSS attack.  (Ref # 58976)\nThis issue requires an authenticated administrator session to be successful.\nThis issue affects PAN-OS version 4.1.15 and earlier; 5.0.9 and earlier; 5.1.4 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 5.1","PAN-OS 5.0","PAN-OS 4.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"4.1","status":"affected","lessThanOrEqual":"4.1.15","versionType":"custom","changes":[{"at":"4.1.16","status":"unaffected"}]},{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.9","versionType":"custom","changes":[{"at":"5.0.10","status":"unaffected"}]},{"version":"5.1","status":"affected","lessThanOrEqual":"5.1.4","versionType":"custom","changes":[{"at":"5.1.5","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/PAN-SA-2014-0001"}],"credits":[{"lang":"en","value":"Anton Ziukin, Check Point Vulnerability Research Team"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Management API Key Bypass"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["58976"],"advisory":"PAN-SA-2014-0001","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device. Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device. Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 4.1.16; 5.0.10 and 5.1.5 address this issue.","supportingMedia":{"value":"PAN-OS 4.1.16; 5.0.10 and 5.1.5 address this issue.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2013-5664","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2013-07-22T07:00:00.000Z","dateReserved":"2013-07-22T07:00:00.000Z"},"containers":{"cna":{"title":"Cross-site Scripting Vulnerability ","datePublic":"2013-07-22T07:00:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:44","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A cross-site scripting vulnerability exists in the web-based device management API browser whereby data provided by the user is echoed back to the user without sanitization.  (Ref #50908)\nThis issue affects the management interface of the device where the API browser is exposed.\nThis issue affects PAN-OS version 4.1.12 and earlier; 5.0.5 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A cross-site scripting vulnerability exists in the web-based device management API browser whereby data provided by the user is echoed back to the user without sanitization.  (Ref #50908)\nThis issue affects the management interface of the device where the API browser is exposed.\nThis issue affects PAN-OS version 4.1.12 and earlier; 5.0.5 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 5.0","PAN-OS 4.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"4.1","status":"affected","lessThanOrEqual":"4.1.12","versionType":"custom","changes":[{"at":"4.1.13","status":"unaffected"}]},{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.5","versionType":"custom","changes":[{"at":"5.0.6","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2013-5664"}],"credits":[{"lang":"en","value":"Jungo Katsuyama, NTT Communications"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.7,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["50908"],"advisory":"PAN-SA-2013-0002","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue only affects the web-based device management API browser.  ","supportingMedia":{"value":"This issue only affects the web-based device management API browser.  ","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 4.1.13 and PAN-OS 5.0.6 address this issue.","supportingMedia":{"value":"PAN-OS 4.1.13 and PAN-OS 5.0.6 address this issue.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2013-5663","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2013-01-07T08:00:00.000Z","dateReserved":"2013-01-07T08:00:00.000Z"},"containers":{"cna":{"title":"App-ID Cache Poisoning","datePublic":"2013-01-07T08:00:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:44","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"An evasion technique that takes advantage of the App-ID cache function has recently been published. In certain circumstances, a knowledgeable user can bypass security policy that restricts the use of certain applications by sending numerous specially crafted requests over the network in order to poison the firewall’s App-ID cache.  This can result in the use of a blocked application for a period of time. If the App-ID cache pollution evasion technique is a potential problem for your network, we recommend using one or both of the mitigation steps noted below while we further enhance the App-ID cache feature to resist all possible pollution techniques.  (Ref #47195)\nThis issue affects the ability of the firewall to block certain applications when specially crafted requests are passed through the firewall.\nThis issue affects All versions of PAN-OS 5.0.1 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An evasion technique that takes advantage of the App-ID cache function has recently been published. In certain circumstances, a knowledgeable user can bypass security policy that restricts the use of certain applications by sending numerous specially crafted requests over the network in order to poison the firewall’s App-ID cache.  This can result in the use of a blocked application for a period of time. If the App-ID cache pollution evasion technique is a potential problem for your network, we recommend using one or both of the mitigation steps noted below while we further enhance the App-ID cache feature to resist all possible pollution techniques.  (Ref #47195)\nThis issue affects the ability of the firewall to block certain applications when specially crafted requests are passed through the firewall.\nThis issue affects All versions of PAN-OS 5.0.1 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 5.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"5.0","status":"affected","lessThanOrEqual":"5.0.1","versionType":"custom","changes":[{"at":"5.0.2","status":"unaffected"}]},{"version":"4.1.11","status":"unaffected","lessThan":"4.1*","versionType":"custom"},{"version":"4.0.14","status":"unaffected","lessThan":"4.0*","versionType":"custom"}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2013-5663"}],"credits":[{"lang":"en","value":"None"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":3.7,"baseSeverity":"LOW"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-264","cweId":"CWE-264"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["47195"],"advisory":"PAN-SA-2013-0001","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"Upgrade to the available updates for the 5.0, 4.1, and 4.0 PAN-OS releases.  This update changes the way the App-ID cache is used to prevent App-ID cache poisoning.\n\nAdditionally, Palo Alto Networks recommends using the “application-default” or specific ports in the service field of the security policies. This prevents applications from running on unusual ports and protocols, which if not intentional, can be a sign of undesired application behavior and usage. Many of the evasion variants observed using the App-ID cache pollution would have failed if “application-default” had been used in the security policies. All security rules with “any” in the service field should be double-checked and in most cases, should be modified to use a specific port or “application-default”. Note that the device still checks for all applications on all ports, but with this configuration, applications are only allowed on their default ports/protocols.","supportingMedia":{"value":"Upgrade to the available updates for the 5.0, 4.1, and 4.0 PAN-OS releases.  This update changes the way the App-ID cache is used to prevent App-ID cache poisoning.\n\nAdditionally, Palo Alto Networks recommends using the “application-default” or specific ports in the service field of the security policies. This prevents applications from running on unusual ports and protocols, which if not intentional, can be a sign of undesired application behavior and usage. Many of the evasion variants observed using the App-ID cache pollution would have failed if “application-default” had been used in the security policies. All security rules with “any” in the service field should be double-checked and in most cases, should be modified to use a specific port or “application-default”. Note that the device still checks for all applications on all ports, but with this configuration, applications are only allowed on their default ports/protocols.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 5.0.2 and later; PAN-OS 4.1.11 and later; PAN-OS 4.0.14 and later.","supportingMedia":{"value":"PAN-OS 5.0.2 and later; PAN-OS 4.1.11 and later; PAN-OS 4.0.14 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2012-6602","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2012-04-27T23:30:00.000Z","dateReserved":"2012-04-27T23:30:00.000Z"},"containers":{"cna":{"title":"Command Injection Vulnerability","datePublic":"2012-04-27T23:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:43","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface.  (Ref #30122)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.\nThis issue affects PAN-OS 4.0.3 and earlier; PAN-OS 3.1.9 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface.  (Ref #30122)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.\nThis issue affects PAN-OS 4.0.3 and earlier; PAN-OS 3.1.9 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 4.0","PAN-OS 3.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"4.0","status":"affected","lessThanOrEqual":"4.0.3","versionType":"custom","changes":[{"at":"4.0.4","status":"unaffected"}]},{"version":"3.1","status":"affected","lessThanOrEqual":"3.1.9","versionType":"custom","changes":[{"at":"3.1.10","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2012-6602"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["30122"],"advisory":"PAN-SA-2012-0013","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 4.0.4 and later; PAN-OS 3.1.10 and later.","supportingMedia":{"value":"PAN-OS 4.0.4 and later; PAN-OS 3.1.10 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2012-6595","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2012-04-27T23:30:00.000Z","dateReserved":"2012-04-27T23:30:00.000Z"},"containers":{"cna":{"title":"Command Injection Vulnerability","datePublic":"2012-04-27T23:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:43","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface.  (Ref #34595)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.  The attacker must still be an authenticated administrator of the device.\nThis issue affects PAN-OS 4.1.1 and earlier; PAN-OS 4.0.8 and earlier;  PAN-OS 3.0.x is not affected.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface.  (Ref #34595)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.  The attacker must still be an authenticated administrator of the device.\nThis issue affects PAN-OS 4.1.1 and earlier; PAN-OS 4.0.8 and earlier;  PAN-OS 3.0.x is not affected.</pre>"}]}],"x_affectedList":["PAN-OS 4.1","PAN-OS 4.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"4.1","status":"affected","lessThanOrEqual":"4.1.1","versionType":"custom","changes":[{"at":"4.1.2","status":"unaffected"}]},{"version":"4.0","status":"affected","lessThanOrEqual":"4.0.8","versionType":"custom","changes":[{"at":"4.0.9","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2012-6595"}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"HIGH","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","baseSeverity":"HIGH","baseScore":8.4,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweId":"CWE-78"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"defect":["34595"],"advisory":"PAN-SA-2012-0006","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 4.1.2 and later. PAN-OS 4.0.9 and later.","supportingMedia":{"value":"PAN-OS 4.1.2 and later. PAN-OS 4.0.9 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2012-6594","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2012-04-27T23:30:00.000Z","dateReserved":"2012-04-27T23:30:00.000Z"},"containers":{"cna":{"title":"Command Injection Vulnerability","datePublic":"2012-04-27T23:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:43","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface.  (Ref #34299)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.  The attacker must still be an authenticated administrator of the device.\nThis issue affects PAN-OS 4.1.0 and earlier; PAN-OS 4.0.7 and earlier; PAN-OS 3.1.10 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface.  (Ref #34299)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.  The attacker must still be an authenticated administrator of the device.\nThis issue affects PAN-OS 4.1.0 and earlier; PAN-OS 4.0.7 and earlier; PAN-OS 3.1.10 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 4.1","PAN-OS 4.0","PAN-OS 3.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"4.1","status":"affected","lessThanOrEqual":"4.1.0","versionType":"custom","changes":[{"at":"4.1.1","status":"unaffected"}]},{"version":"4.0","status":"affected","lessThanOrEqual":"4.0.7","versionType":"custom","changes":[{"at":"4.0.8","status":"unaffected"}]},{"version":"3.1","status":"affected","lessThanOrEqual":"3.1.10","versionType":"custom","changes":[{"at":"3.1.11","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2012-6594"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["34299"],"advisory":"PAN-SA-2012-0005","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 4.1.1 and later; PAN-OS 4.0.8 and later; PAN-OS 3.1.11 and later.","supportingMedia":{"value":"PAN-OS 4.1.1 and later; PAN-OS 4.0.8 and later; PAN-OS 3.1.11 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2011-4108","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2012-04-27T23:30:00.000Z","dateReserved":"2012-04-27T23:30:00.000Z"},"containers":{"cna":{"title":"OpenSSL Plain Text Recovery Attack Vulnerability","datePublic":"2012-04-27T23:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:43","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"descriptions":[{"lang":"en","value":"The OpenSSL library implementation is vulnerable to a plain text recovery attack by performing timing analysis of the time required to decrypt encrypted data.  A detailed report of this issue is available at http://www.isg.rhul.ac.uk/~kp/dtls.pdf.  (Ref #36017)\nThis vulnerability can theoretically result in plain text recovery of a web management UI session, leading to possible session hijack and control of the device.\nThis issue affects PAN-OS 4.1.2 and earlier; PAN-OS 4.0.9 and earlier; PAN-OS 3.1.11 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>The OpenSSL library implementation is vulnerable to a plain text recovery attack by performing timing analysis of the time required to decrypt encrypted data.  A detailed report of this issue is available at http://www.isg.rhul.ac.uk/~kp/dtls.pdf.  (Ref #36017)\nThis vulnerability can theoretically result in plain text recovery of a web management UI session, leading to possible session hijack and control of the device.\nThis issue affects PAN-OS 4.1.2 and earlier; PAN-OS 4.0.9 and earlier; PAN-OS 3.1.11 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 4.1","PAN-OS 4.0","PAN-OS 3.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"4.1","status":"affected","lessThanOrEqual":"4.1.2","versionType":"custom","changes":[{"at":"4.1.3","status":"unaffected"}]},{"version":"4.0","status":"affected","lessThanOrEqual":"4.0.9","versionType":"custom","changes":[{"at":"4.0.10","status":"unaffected"}]},{"version":"3.1","status":"affected","lessThanOrEqual":"3.1.11","versionType":"custom","changes":[{"at":"3.1.12","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2011-4108"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.7,"baseSeverity":"LOW"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-310 Cryptographic Issues","cweId":"CWE-310"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["36017"],"advisory":"PAN-SA-2012-0017","discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 4.1.3 and later; PAN-OS 4.0.10 and later; PAN-OS 3.1.12 and later.","supportingMedia":{"value":"PAN-OS 4.1.3 and later; PAN-OS 4.0.10 and later; PAN-OS 3.1.12 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2012-6605","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2012-04-27T23:30:00.000Z","dateReserved":"2012-04-27T23:30:00.000Z"},"containers":{"cna":{"title":"Command Injection Vulnerability","datePublic":"2012-04-27T23:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:43","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists whereby an authenticated user can execute arbitrary code as root using the device management command line interface.  (Ref #34896)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.\nThis issue affects PAN-OS 4.0.8 and earlier; PAN-OS 3.1.10 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists whereby an authenticated user can execute arbitrary code as root using the device management command line interface.  (Ref #34896)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.\nThis issue affects PAN-OS 4.0.8 and earlier; PAN-OS 3.1.10 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 4.0","PAN-OS 3.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"4.0","status":"affected","lessThanOrEqual":"4.0.8","versionType":"custom","changes":[{"at":"4.0.9","status":"unaffected"}]},{"version":"3.1","status":"affected","lessThanOrEqual":"3.1.10","versionType":"custom","changes":[{"at":"3.1.10","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2012-6605"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["34896"],"advisory":"PAN-SA-2012-0016","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 4.0.9 and later; PAN-OS 3.1.10 and later.","supportingMedia":{"value":"PAN-OS 4.0.9 and later; PAN-OS 3.1.10 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2012-6603","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2012-04-27T23:30:00.000Z","dateReserved":"2012-04-27T23:30:00.000Z"},"containers":{"cna":{"title":"Credential Bypass Vulnerability","datePublic":"2012-04-27T23:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:43","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists whereby an unauthenticated user can get administrator access to the device via the web management UI without supplying credentials.  (Ref #37034)\nThis vulnerability can result in total compromise of the device.\nThis issue affects PAN-OS 4.1.3 and earlier; PAN-OS 4.0.9 and earlier; PAN-OS 3.1.11 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists whereby an unauthenticated user can get administrator access to the device via the web management UI without supplying credentials.  (Ref #37034)\nThis vulnerability can result in total compromise of the device.\nThis issue affects PAN-OS 4.1.3 and earlier; PAN-OS 4.0.9 and earlier; PAN-OS 3.1.11 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 4.1","PAN-OS 4.0","PAN-OS 3.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"4.1","status":"affected","lessThanOrEqual":"4.1.3","versionType":"custom","changes":[{"at":"4.1.4","status":"unaffected"}]},{"version":"4.0","status":"affected","lessThanOrEqual":"4.0.9","versionType":"custom","changes":[{"at":"4.0.10","status":"unaffected"}]},{"version":"3.1","status":"affected","lessThanOrEqual":"3.1.11","versionType":"custom","changes":[{"at":"3.1.12","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2012-6603"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-287 Improper Authentication","cweId":"CWE-287"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["37034"],"advisory":"PAN-SA-2012-0014","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 4.1.4 and later; PAN-OS 4.0.10 and later; PAN-OS 3.1.12 and later.","supportingMedia":{"value":"PAN-OS 4.1.4 and later; PAN-OS 4.0.10 and later; PAN-OS 3.1.12 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2012-6604","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2012-04-27T23:30:00.000Z","dateReserved":"2012-04-27T23:30:00.000Z"},"containers":{"cna":{"title":"Command Injection Vulnerability","datePublic":"2012-04-27T23:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:43","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists whereby an authenticated user can execute arbitrary code as root using the device management command line interface.  (Ref #35249)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.\nThis issue affects PAN-OS 4.0.8 and earlier; PAN-OS 3.1.10 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists whereby an authenticated user can execute arbitrary code as root using the device management command line interface.  (Ref #35249)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.\nThis issue affects PAN-OS 4.0.8 and earlier; PAN-OS 3.1.10 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 4.0","PAN-OS 3.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"4.0","status":"affected","lessThanOrEqual":"4.0.8","versionType":"custom","changes":[{"at":"4.0.9","status":"unaffected"}]},{"version":"3.1","status":"affected","lessThanOrEqual":"3.1.10","versionType":"custom","changes":[{"at":"3.1.10","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2012-6604"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["35249"],"advisory":"PAN-SA-2012-0015","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 4.0.9 and later; PAN-OS 3.1.10 and later.","supportingMedia":{"value":"PAN-OS 4.0.9 and later; PAN-OS 3.1.10 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2012-6601","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2012-04-27T23:30:00.000Z","dateReserved":"2012-04-27T23:30:00.000Z"},"containers":{"cna":{"title":"Command Injection Vulnerability","datePublic":"2012-04-27T23:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:43","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists whereby an unauthenticated user can execute arbitrary code as root on the device.  (Ref #36983)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.\nThis issue affects PAN-OS 4.1.3 and earlier; PAN-OS 4.0.9 and earlier; PAN-OS 3.1.11 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists whereby an unauthenticated user can execute arbitrary code as root on the device.  (Ref #36983)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.\nThis issue affects PAN-OS 4.1.3 and earlier; PAN-OS 4.0.9 and earlier; PAN-OS 3.1.11 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 4.1","PAN-OS 4.0","PAN-OS 3.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"4.1","status":"affected","lessThanOrEqual":"4.1.3","versionType":"custom","changes":[{"at":"4.1.4","status":"unaffected"}]},{"version":"4.0","status":"affected","lessThanOrEqual":"4.0.9","versionType":"custom","changes":[{"at":"4.0.10","status":"unaffected"}]},{"version":"3.1","status":"affected","lessThanOrEqual":"3.1.11","versionType":"custom","changes":[{"at":"3.1.12","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2012-6601"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["36983"],"advisory":"PAN-SA-2012-0012","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 4.1.4 and later; PAN-OS 4.0.10 and later; PAN-OS 3.1.12 and later.","supportingMedia":{"value":"PAN-OS 4.1.4 and later; PAN-OS 4.0.10 and later; PAN-OS 3.1.12 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2012-6598","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2012-04-27T23:30:00.000Z","dateReserved":"2012-04-27T23:30:00.000Z"},"containers":{"cna":{"title":"Command Injection Vulnerability","datePublic":"2012-04-27T23:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:43","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface.  (Ref #33080)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.\nThis issue affects PAN-OS 4.0.7 and earlier;  PAN-OS 3.0.x is not affected.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface.  (Ref #33080)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.\nThis issue affects PAN-OS 4.0.7 and earlier;  PAN-OS 3.0.x is not affected.</pre>"}]}],"x_affectedList":["PAN-OS 4.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"4.0","status":"affected","lessThanOrEqual":"4.0.7","versionType":"custom","changes":[{"at":"4.0.8","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2012-6598"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["33080"],"advisory":"PAN-SA-2012-0009","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 4.0.8 and later.","supportingMedia":{"value":"PAN-OS 4.0.8 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2012-6599","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2012-04-27T23:30:00.000Z","dateReserved":"2012-04-27T23:30:00.000Z"},"containers":{"cna":{"title":"Command Injection Vulnerability","datePublic":"2012-04-27T23:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:43","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface.  (Ref #33476)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.\nThis issue affects PAN-OS 4.1.0 and earlier; PAN-OS 4.0.7 and earlier; PAN-OS 3.0.x is not affected.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface.  (Ref #33476)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.\nThis issue affects PAN-OS 4.1.0 and earlier; PAN-OS 4.0.7 and earlier; PAN-OS 3.0.x is not affected.</pre>"}]}],"x_affectedList":["PAN-OS 4.1","PAN-OS 4.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"4.1","status":"affected","lessThanOrEqual":"4.1.0","versionType":"custom","changes":[{"at":"4.1.1","status":"unaffected"}]},{"version":"4.0","status":"affected","lessThanOrEqual":"4.0.7","versionType":"custom","changes":[{"at":"4.0.8","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2012-6599"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["33476"],"advisory":"PAN-SA-2012-0010","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 4.1.1 and later; PAN-OS 4.0.8 and later.","supportingMedia":{"value":"PAN-OS 4.1.1 and later; PAN-OS 4.0.8 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2012-6597","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2012-04-27T23:30:00.000Z","dateReserved":"2012-04-27T23:30:00.000Z"},"containers":{"cna":{"title":"Management Server DOS Vulnerability","datePublic":"2012-04-27T23:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:43","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"An issue exists whereby the management server of the device can be crashed when an authenticated users sends a specially crafted command via the command line interface.  (Ref #35254)\nThis issue results in the unavailability of the management server of the device.  The attacker must be an authenticated user of the device.\nThis issue affects PAN-OS 4.0.8 and earlier; PAN-OS 3.1.10 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An issue exists whereby the management server of the device can be crashed when an authenticated users sends a specially crafted command via the command line interface.  (Ref #35254)\nThis issue results in the unavailability of the management server of the device.  The attacker must be an authenticated user of the device.\nThis issue affects PAN-OS 4.0.8 and earlier; PAN-OS 3.1.10 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 4.0","PAN-OS 3.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"4.0","status":"affected","lessThanOrEqual":"4.0.8","versionType":"custom","changes":[{"at":"4.0.9","status":"unaffected"}]},{"version":"3.1","status":"affected","lessThanOrEqual":"3.1.10","versionType":"custom","changes":[{"at":"3.1.11","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2012-6597"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["35254"],"advisory":"PAN-SA-2012-0008","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 4.0.9 and later; PAN-OS 3.1.11 and later.","supportingMedia":{"value":"PAN-OS 4.0.9 and later; PAN-OS 3.1.11 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2012-6600","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2012-04-27T23:30:00.000Z","dateReserved":"2012-04-27T23:30:00.000Z"},"containers":{"cna":{"title":"Command Injection Vulnerability","datePublic":"2012-04-27T23:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:43","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface.  (Ref #34502)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.\nThis issue affects PAN-OS 4.1.1 and earlier; PAN-OS 4.0.8 and earlier; PAN-OS 3.0.x is not affected.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface.  (Ref #34502)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.\nThis issue affects PAN-OS 4.1.1 and earlier; PAN-OS 4.0.8 and earlier; PAN-OS 3.0.x is not affected.</pre>"}]}],"x_affectedList":["PAN-OS 4.1","PAN-OS 4.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"4.1","status":"affected","lessThanOrEqual":"4.1.1","versionType":"custom","changes":[{"at":"4.1.2","status":"unaffected"}]},{"version":"4.0","status":"affected","lessThanOrEqual":"4.0.8","versionType":"custom","changes":[{"at":"4.0.9","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2012-6600"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["34502"],"advisory":"PAN-SA-2012-0011","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 4.1.2 and later; PAN-OS 4.0.9 and later.","supportingMedia":{"value":"PAN-OS 4.1.2 and later; PAN-OS 4.0.9 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2012-6596","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2012-04-27T23:30:00.000Z","dateReserved":"2012-04-27T23:30:00.000Z"},"containers":{"cna":{"title":"LDAP Passwords Logged in Clear Text","datePublic":"2012-04-27T23:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:43","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"An issue exists whereby LDAP bind passwords are logged to authd.log in clear text when using the default logging level of 'debug'.  (Ref #35493)\nThis issue results in administrator passwords being logged and stored in clear text.  Inappropriate access to this information can lead to unauthorized administration of the device.\nThis issue affects PAN-OS 4.1.2 and earlier; PAN-OS 4.0.8 and earlier; PAN-OS 3.1 is not affected.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>An issue exists whereby LDAP bind passwords are logged to authd.log in clear text when using the default logging level of 'debug'.  (Ref #35493)\nThis issue results in administrator passwords being logged and stored in clear text.  Inappropriate access to this information can lead to unauthorized administration of the device.\nThis issue affects PAN-OS 4.1.2 and earlier; PAN-OS 4.0.8 and earlier; PAN-OS 3.1 is not affected.</pre>"}]}],"x_affectedList":["PAN-OS 4.1","PAN-OS 4.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"4.1","status":"affected","lessThanOrEqual":"4.1.2","versionType":"custom","changes":[{"at":"4.1.3","status":"unaffected"}]},{"version":"4.0","status":"affected","lessThanOrEqual":"4.0.8","versionType":"custom","changes":[{"at":"4.0.9","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2012-6596"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.2,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-255","cweId":"CWE-255"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["35493"],"advisory":"PAN-SA-2012-0007","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 4.1.3 and later; PAN-OS 4.0.9 and later.","supportingMedia":{"value":"PAN-OS 4.1.3 and later; PAN-OS 4.0.9 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2012-6590","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2012-04-27T23:30:00.000Z","dateReserved":"2012-04-27T23:30:00.000Z"},"containers":{"cna":{"title":"Verbose Error Messages","datePublic":"2012-04-27T23:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:43","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"Under certain conditions, when unexpected input is provided to the web-based management UI, overly verbose error information is delivered back to the client.  This does not directly result in any specific vulnerability, however this information is helpful to an attacker.  (Ref #33139)\nThis issue results in verbose error messages in specific cases, and does not directly result in an exploitable condition or product vulnerability.  Overly verbose error messages can be helpful to an attacker looking to collect information on how a system is architected.\nThis issue affects PAN-OS 4.0.7 and earlier;  PAN-OS 3.0.x is not affected.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>Under certain conditions, when unexpected input is provided to the web-based management UI, overly verbose error information is delivered back to the client.  This does not directly result in any specific vulnerability, however this information is helpful to an attacker.  (Ref #33139)\nThis issue results in verbose error messages in specific cases, and does not directly result in an exploitable condition or product vulnerability.  Overly verbose error messages can be helpful to an attacker looking to collect information on how a system is architected.\nThis issue affects PAN-OS 4.0.7 and earlier;  PAN-OS 3.0.x is not affected.</pre>"}]}],"x_affectedList":["PAN-OS 4.0"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"3.0.*","status":"unaffected"},{"version":"4.0","status":"affected","lessThanOrEqual":"4.0.7","versionType":"custom","changes":[{"at":"4.0.8","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2012-6590"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.1,"baseSeverity":"LOW"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-200 Information Exposure","cweId":"CWE-200"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["33139"],"advisory":"PAN-SA-2012-0001","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 4.0.8 and later.","supportingMedia":{"value":"PAN-OS 4.0.8 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2012-6593","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2012-04-27T23:30:00.000Z","dateReserved":"2012-04-27T23:30:00.000Z"},"containers":{"cna":{"title":"Command Injection Vulnerability","datePublic":"2012-04-27T23:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:43","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists whereby an unauthenticated user can inject commands as root on the device.  (Ref #30088)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.\nThis issue affects PAN-OS 4.0.3 and earlier; PAN-OS 3.1.9 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists whereby an unauthenticated user can inject commands as root on the device.  (Ref #30088)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.\nThis issue affects PAN-OS 4.0.3 and earlier; PAN-OS 3.1.9 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 4.0","PAN-OS 3.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"4.0","status":"affected","lessThanOrEqual":"4.0.3","versionType":"custom","changes":[{"at":"4.0.4","status":"unaffected"}]},{"version":"3.1","status":"affected","lessThanOrEqual":"3.1.9","versionType":"custom","changes":[{"at":"3.1.10","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2012-6593"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["30088"],"advisory":"PAN-SA-2012-0004","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 4.0.4 and later; PAN-OS 3.1.10 and later.","supportingMedia":{"value":"PAN-OS 4.0.4 and later; PAN-OS 3.1.10 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2012-6591","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2012-04-27T23:30:00.000Z","dateReserved":"2012-04-27T23:30:00.000Z"},"containers":{"cna":{"title":"Command Injection Vulnerability","datePublic":"2012-04-27T23:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:43","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface.  (Ref #31116)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.  The attacker must still be an authenticated administrator of the device.\nThis issue affects PAN-OS 4.0.4 and earlier; PAN-OS 3.1.9 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface.  (Ref #31116)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.  The attacker must still be an authenticated administrator of the device.\nThis issue affects PAN-OS 4.0.4 and earlier; PAN-OS 3.1.9 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 4.0","PAN-OS 3.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"4.0","status":"affected","lessThanOrEqual":"4.0.4","versionType":"custom","changes":[{"at":"4.0.5","status":"unaffected"}]},{"version":"3.1","status":"affected","lessThanOrEqual":"3.1.9","versionType":"custom","changes":[{"at":"3.1.10","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2012-6591"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["31116"],"advisory":"PAN-SA-2012-0002","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 4.0.5 and later; PAN-OS 3.1.10 and later.","supportingMedia":{"value":"PAN-OS 4.0.5 and later; PAN-OS 3.1.10 and later.","type":"text/html","base64":false}}],"timeline":[]}}},{"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2012-6592","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","datePublished":"2012-04-27T23:30:00.000Z","dateReserved":"2012-04-27T23:30:00.000Z"},"containers":{"cna":{"title":"Command Injection Vulnerability","datePublic":"2012-04-27T23:30:00.000Z","providerMetadata":{"dateUpdated":"2020-02-17T16:03:43","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"descriptions":[{"lang":"en","value":"A vulnerability exists whereby an unauthenticated user can inject commands as root on the device.  (Ref #31091)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.\nThis issue affects PAN-OS 4.0.4 and earlier; PAN-OS 3.1.9 and earlier.","supportingMedia":[{"type":"text/html","base64":"false","value":"<pre>A vulnerability exists whereby an unauthenticated user can inject commands as root on the device.  (Ref #31091)\nThis vulnerability can result in arbitrary command execution, and can result in total compromise of the device.\nThis issue affects PAN-OS 4.0.4 and earlier; PAN-OS 3.1.9 and earlier.</pre>"}]}],"x_affectedList":["PAN-OS 4.0","PAN-OS 3.1"],"affected":[{"vendor":"Palo Alto Networks","product":"PAN-OS","versions":[{"version":"4.0","status":"affected","lessThanOrEqual":"4.0.4","versionType":"custom","changes":[{"at":"4.0.5","status":"unaffected"}]},{"version":"3.1","status":"affected","lessThanOrEqual":"3.1.9","versionType":"custom","changes":[{"at":"3.1.10","status":"unaffected"}]}]}],"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2012-6592"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweId":"CWE-78"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["31091"],"advisory":"PAN-SA-2012-0003","discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","supportingMedia":{"value":"This issue affects the management interface of the device.  Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.","type":"text/html","base64":false}}],"solutions":[{"lang":"en","value":"PAN-OS 4.0.5 and later; PAN-OS 3.1.10 and later.","supportingMedia":{"value":"PAN-OS 4.0.5 and later; PAN-OS 3.1.10 and later.","type":"text/html","base64":false}}],"timeline":[]}}}]}