Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.5776 CVE-2022-42889 Impact of Apache Text Commons Vulnerability CVE-2022-42889 10 November 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Palo Alto Products Publisher: Palo Alto Networks Operating System: Windows UNIX variants (UNIX, Linux, OSX) Network Appliance Virtualisation Resolution: Mitigation CVE Names: CVE-2022-42889 Original Bulletin: https://securityadvisories.paloaltonetworks.com/CVE-2022-42889 Comment: CVSS (Max): 9.8 CVE-2022-42889 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- Palo Alto Networks Security Advisories / CVE-2022-42889 CVE-2022-42889 Impact of Apache Text Commons Vulnerability CVE-2022-42889 [INFO] Informational NVD JSON Published 2022-11-09 Updated 2022-11-09 Reference CVE-2022-42889 Discovered externally Description Palo Alto Networks has evaluated the Apache Commons Text library vulnerability CVE-2022-42889, known as Text4Shell, for all products and services. The Palo Alto Networks Product Security Assurance team has confirmed that all products and services are not impacted by this vulnerability. Product Status Versions Affected Unaffected AutoFocus None all Bridgecrew None all Cloud NGFW None all Cortex Data Lake None all Cortex XDR None all Cortex XDR Agent None all Cortex Xpanse None all Cortex XSOAR None all Enterprise Data Loss Prevention None all Exact Data Matching CLI None all Expanse None all Expedition Migration Tool None all GlobalProtect App None all IoT Security None all Okyo Garde None all Palo Alto Networks App for Splunk None all PAN-OS None all Prisma Access None all Prisma Cloud None all Prisma Cloud Compute None all Prisma SD-WAN (CloudGenix) None all Prisma SD-WAN ION None all SaaS Security None all User-ID Agent None all WildFire Appliance (WF-500) None all WildFire Cloud None all Exploitation Status Palo Alto Networks is not aware of any malicious exploitation of this issue on any of our products. Weakness Type CWE-94 Improper Control of Generation of Code ('Code Injection') Solution No software updates are required at this time. Workarounds and Mitigations Customers with a Threat Prevention subscription can block known attacks for CVE-2022-42889 by enabling Threat ID 93157 (Applications and Threats content update 8632). This mitigation reduces the risk of exploitation from known exploits. Timeline 2022-11-09 Initial publication Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure Policy Report vulnerabilitiesManage subscriptions (C) 2022 Palo Alto Networks, Inc. All rights reserved. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBY2yFWckNZI30y1K9AQianA/7BnRPOP+mGDw+2kSPFv40tY8o4vlRPid8 hrLArFHjaoygN9S07kOeQKWAEQEY9vJR1AeqDtMn3Pfuwymi+5IZ9Aniid/QVlIY /jD2N4PJQWyk2N0Zp/7YlC9XwWp5ws82o0/qh4xEn16RHn0V3y9CMrnRUP0ymzxh 92dV54F6l6dLdGVbLdOKBjzs6MbtYVkkzpdNFYQzEFBWUX/sTaebwgEp/U0hhRGz oFKi4hw0jqoT9qPbNZ5HjrtM7Ub1xyHSEW5tiYVpPq48a/hwKXcH7L0AZFLvENyd dGl0LM93ua8c5jje47buPG0gv8u6cFRf8oBe7oI3OdXqa/ItwIJeWhGk8z7eFX69 8dTKDB9c7AjV6N7GYknDTSi2gqhF51LEyNNdMOWa9IqEw/XLvo+iUtQRYYQthNfU llsBGIKiGxvkeVlnMJwf0Rv77Dsd6SDvkrHiKBhVf/V/b0Ir7aJ4Vvs/2Ev8yasp 67bibA12ROmFSNjZE3wuy5yGIUXTgg+b6xG4J3l9rnb0jpCDFV9ubXAlq+SY/yDK nVw8bjX/23Mi485h3/yj/AEl0Zgr0Qd/rXwXT1xDZnkyQyp5pGYtyMHqFsYGqh+k vm1CKw55B1u0hvNwVVP/EVD7d0oAmU4CyYmR+kYFs7xCJoI+GRXOQwMjjt4EyvCG EU9WF6WHMHo= =Ze+o -----END PGP SIGNATURE-----