Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5776
CVE-2022-42889 Impact of Apache Text Commons Vulnerability CVE-2022-42889
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Palo Alto Products
Publisher: Palo Alto Networks
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Network Appliance
Virtualisation
Resolution: Mitigation
CVE Names: CVE-2022-42889
Original Bulletin:
https://securityadvisories.paloaltonetworks.com/CVE-2022-42889
Comment: CVSS (Max): 9.8 CVE-2022-42889 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
Palo Alto Networks Security Advisories / CVE-2022-42889
CVE-2022-42889 Impact of Apache Text Commons Vulnerability CVE-2022-42889
[INFO]
Informational
NVD JSON
Published 2022-11-09
Updated 2022-11-09
Reference CVE-2022-42889
Discovered externally
Description
Palo Alto Networks has evaluated the Apache Commons Text library vulnerability
CVE-2022-42889, known as Text4Shell, for all products and services.
The Palo Alto Networks Product Security Assurance team has confirmed that all
products and services are not impacted by this vulnerability.
Product Status
Versions Affected Unaffected
AutoFocus None all
Bridgecrew None all
Cloud NGFW None all
Cortex Data Lake None all
Cortex XDR None all
Cortex XDR Agent None all
Cortex Xpanse None all
Cortex XSOAR None all
Enterprise Data Loss Prevention None all
Exact Data Matching CLI None all
Expanse None all
Expedition Migration Tool None all
GlobalProtect App None all
IoT Security None all
Okyo Garde None all
Palo Alto Networks App for Splunk None all
PAN-OS None all
Prisma Access None all
Prisma Cloud None all
Prisma Cloud Compute None all
Prisma SD-WAN (CloudGenix) None all
Prisma SD-WAN ION None all
SaaS Security None all
User-ID Agent None all
WildFire Appliance (WF-500) None all
WildFire Cloud None all
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue on
any of our products.
Weakness Type
CWE-94 Improper Control of Generation of Code ('Code Injection')
Solution
No software updates are required at this time.
Workarounds and Mitigations
Customers with a Threat Prevention subscription can block known attacks for
CVE-2022-42889 by enabling Threat ID 93157 (Applications and Threats content
update 8632). This mitigation reduces the risk of exploitation from known
exploits.
Timeline
2022-11-09 Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure
Policy Report vulnerabilitiesManage subscriptions
(C) 2022 Palo Alto Networks, Inc. All rights reserved.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2yFWckNZI30y1K9AQianA/7BnRPOP+mGDw+2kSPFv40tY8o4vlRPid8
hrLArFHjaoygN9S07kOeQKWAEQEY9vJR1AeqDtMn3Pfuwymi+5IZ9Aniid/QVlIY
/jD2N4PJQWyk2N0Zp/7YlC9XwWp5ws82o0/qh4xEn16RHn0V3y9CMrnRUP0ymzxh
92dV54F6l6dLdGVbLdOKBjzs6MbtYVkkzpdNFYQzEFBWUX/sTaebwgEp/U0hhRGz
oFKi4hw0jqoT9qPbNZ5HjrtM7Ub1xyHSEW5tiYVpPq48a/hwKXcH7L0AZFLvENyd
dGl0LM93ua8c5jje47buPG0gv8u6cFRf8oBe7oI3OdXqa/ItwIJeWhGk8z7eFX69
8dTKDB9c7AjV6N7GYknDTSi2gqhF51LEyNNdMOWa9IqEw/XLvo+iUtQRYYQthNfU
llsBGIKiGxvkeVlnMJwf0Rv77Dsd6SDvkrHiKBhVf/V/b0Ir7aJ4Vvs/2Ev8yasp
67bibA12ROmFSNjZE3wuy5yGIUXTgg+b6xG4J3l9rnb0jpCDFV9ubXAlq+SY/yDK
nVw8bjX/23Mi485h3/yj/AEl0Zgr0Qd/rXwXT1xDZnkyQyp5pGYtyMHqFsYGqh+k
vm1CKw55B1u0hvNwVVP/EVD7d0oAmU4CyYmR+kYFs7xCJoI+GRXOQwMjjt4EyvCG
EU9WF6WHMHo=
=Ze+o
-----END PGP SIGNATURE-----