{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"GHOST: glibc vulnerability"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2015-0235","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-06-13T08:08:35.908Z","generator":{"date":"2026-06-13T08:08:35.908Z","engine":{"name":"Vulnogram","version":"0.0.9"}},"id":"CVE-2015-0235","initial_release_date":"2015-02-02T08:00:00.000Z","revision_history":[{"number":"1","date":"2026-06-13T01:08:35.000Z","summary":"Initial release"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[]}]},"vulnerabilities":[{"cve":"CVE-2015-0235","product_status":{"known_not_affected":["PANW-PAN-OS-478"]},"notes":[{"category":"description","text":"The open source library “glibc” has been found to contain a recently discovered vulnerability (CVE-2015-0235, commonly referred to as “GHOST”) that has been demonstrated to enable remote code execution in some software.  Palo Alto Networks software makes use of the vulnerable library, however there is no known exploitable condition in PAN-OS software enabled by this vulnerability at the time of this advisory.  An update to PAN-OS will be made available that addresses CVE-2015-0235 in a regularly scheduled software maintenance update. (Ref # 74443)\nThe exploitability of CVE-2015-0235 on vulnerable systems is highly dependent on the architecture and design surrounding use of the vulnerable functions within the system, and exploitable conditions found across various open source software libraries have so far been exceedingly rare.  At the time of this advisory, Palo Alto Networks is not aware of any specific remotely exploitable condition enabled by this vulnerability that affects any Palo Alto Networks products.\nThis issue affects PAN-OS versions prior to PAN-OS 7.0.1"}],"references":[{"category":"external","summary":"NVD - CVE-2015-0235","url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0235"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2015-0235","url":"https://security.paloaltonetworks.com/CVE-2015-0235"}],"threats":[{"category":"impact","description":"The open source library “glibc” has been found to contain a recently discovered vulnerability (CVE-2015-0235, commonly referred to as “GHOST”) that has been demonstrated to enable remote code execution in some software.  Palo Alto Networks software makes use of the vulnerable library, however there is no known exploitable condition in PAN-OS software enabled by this vulnerability at the time of this advisory.  An update to PAN-OS will be made available that addresses CVE-2015-0235 in a regularly scheduled software maintenance update. (Ref # 74443)\nThe exploitability of CVE-2015-0235 on vulnerable systems is highly dependent on the architecture and design surrounding use of the vulnerable functions within the system, and exploitable conditions found across various open source software libraries have so far been exceedingly rare.  At the time of this advisory, Palo Alto Networks is not aware of any specific remotely exploitable condition enabled by this vulnerability that affects any Palo Alto Networks products.\nThis issue affects PAN-OS versions prior to PAN-OS 7.0.1"}],"scores":[{"cvss_v3":{"version":"3.1","attackVector":"PHYSICAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE","vectorString":"CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N","baseScore":0,"baseSeverity":"NONE","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE"},"products":[]}]}]}