Protect yourself against future threats.
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2024.1334
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
1 March 2024
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: PAN-OS
Publisher: Palo Alto Networks
Operating System: Network Appliance
Resolution: None
CVE Names: CVE-2023-1829 CVE-2023-42753 CVE-2023-4623
CVE-2023-0386 CVE-2023-45284 CVE-2023-45283
CVE-2022-0847 CVE-2022-2588 CVE-2023-45871
CVE-2022-22817 CVE-2022-30634 CVE-2022-29804
CVE-2023-5633 CVE-2023-4622 CVE-2023-4208
CVE-2023-4207 CVE-2023-4206 CVE-2020-25717
CVE-2021-20325 CVE-2023-35001 CVE-2023-6546
CVE-2022-41222 CVE-2023-34059 CVE-2023-34058
CVE-2021-4083 CVE-2021-33034 CVE-2021-32399
CVE-2022-45199 CVE-2021-27365 CVE-2021-27364
CVE-2022-1729 CVE-2021-33909 CVE-2021-33910
CVE-2022-38023 CVE-2022-31676 CVE-2022-2639
CVE-2022-2526 CVE-2021-37576 CVE-2021-22543
CVE-2021-43267 CVE-2021-22555 CVE-2022-25636
CVE-2023-3776 CVE-2023-0461 CVE-2023-23931
CVE-2023-5178 CVE-2022-31628 CVE-2021-44790
CVE-2023-4004 CVE-2021-26708 CVE-2023-35788
CVE-2023-38408 CVE-2022-22942 CVE-2022-0330
CVE-2021-3609 CVE-2020-12362 CVE-2023-40217
CVE-2022-31626 CVE-2022-31625 CVE-2021-25217
CVE-2020-36385 CVE-2022-0185 CVE-2021-4155
CVE-2021-4154 CVE-2021-3501 CVE-2023-3390
CVE-2022-2964 CVE-2023-4921 CVE-2023-3090
CVE-2020-25211 CVE-2017-18342 CVE-2020-13757
CVE-2022-29217 CVE-2023-2235 CVE-2022-32250
CVE-2022-40897 CVE-2022-1158 CVE-2023-51781
CVE-2023-46324 CVE-2021-0920 CVE-2023-6817
CVE-2023-1281 CVE-2023-3812 CVE-2021-3347
CVE-2022-42898 CVE-2022-41716 CVE-2020-12321
CVE-2021-21708 CVE-2023-3611 CVE-2023-3609
CVE-2022-45198 CVE-2017-8923 CVE-2021-0512
CVE-2022-0492 CVE-2022-37454 CVE-2023-32233
CVE-2017-9120 CVE-2021-21706 CVE-2023-31436
CVE-2023-25690 CVE-2022-4378 CVE-2022-4139
CVE-2023-20900 CVE-2021-4028 CVE-2022-0516
CVE-2020-29661 CVE-2020-0466 CVE-2022-27666
Original Bulletin:
https://securityadvisories.paloaltonetworks.com/PAN-SA-2024-0001
Comment: CVSS (Max): 9.8 CVE-2023-5178 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: Google Inc., [NIST], Internet Systems Consortium (ISC), VMware, Microsoft Corporation
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
The following are listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog:
CISA KEV CVE(s): CVE-2022-0847 CVE-2021-0920
CISA KEV URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
*Palo Alto classifies this bulletin as 'Informational' and notes:
"While PAN-OS software may include the affected OSS package, PAN-OS does not
offer any scenarios required for an attacker to successfully exploit these
vulnerabilities and is not impacted."
- --------------------------BEGIN INCLUDED TEXT--------------------
Palo Alto Networks Security Advisories / PAN-SA-2024-0001
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
[INFO]
Informational
JSON
Published 2024-02-14
Updated
Reference
Description
The Palo Alto Networks Product Security Assurance team has evaluated the
following open source software (OSS) CVEs as they relate to PAN-OS software.
While PAN-OS software may include the affected OSS package, PAN-OS does not
offer any scenarios required for an attacker to successfully exploit these
vulnerabilities and is not impacted.
CVE Summary
This issue is only practical to exploit only when the memory
CVE-2017-8923 limit is raised from its default to a value larger than 2 GiB.
PAN-OS limits it to 128MB.
CVE-2017-9120 This only impacts PHP scripts calling mysqli_real_escape_string
(). PAN-OS does not make use of this function.
CVE-2017-18342 Prerequisites for exploitating the vulnerable function do not
exist on PAN-OS.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2020-0466 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
CVE-2020-12321 This only impacts some Intel Wireless Bluetooth devices, which
are not part of any products.
CVE-2020-12362 This only impacts Intel(R) Graphics Drivers for Windows. Does
not affect PAN-OS.
CVE-2020-13757 The vulnerable API isn't used in PAN-OS.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2020-25211 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Though PAN-OS software contains Samba packages, there isn't a
CVE-2020-25717 Samba file and print server that runs in PAN-OS software. This
CVE can not be exploited on PAN-OS.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2020-29661 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2020-36385 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2021-0512 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2021-0920 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2021-3347 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2021-3501 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2021-3609 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2021-4028 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2021-4083 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2021-4154 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2021-4155 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
CVE-2021-20325 The affected components are not present or not used in PAN-OS.
CVE-2021-21706 This is a Windows-specific vulnerability, and does not impact
PAN-OS.
CVE-2021-21708 This only affects PHP scripts that use FILTER_VALIDATE_FLOAT.
PAN-OS does not make use of this function.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2021-22543 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2021-22555 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
CVE-2021-25217 Prerequities for this CVE do not exist on PAN-OS.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2021-26708 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2021-27364 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2021-27365 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2021-32399 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2021-33034 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2021-33909 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
CVE-2021-33910 The vulnerable systemd software is not included in PAN-OS.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2021-37576 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
CVE-2021-43267 The affected functionality does not exist in the kernel version
used by PAN-OS.
CVE-2021-44790 PAN-OS does not use the vulnerable mod_lua or proxy forwarding.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2022-0185 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2022-0330 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2022-0492 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2022-0516 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2022-0847 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2022-1158 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2022-1729 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
CVE-2022-2526 The vulnerable systemd software is not included in PAN-OS.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2022-2588 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2022-2639 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2022-2964 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2022-4139 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2022-4378 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
CVE-2022-22817 PAN-OS does not make use of the ImageMath module. Therefore, its
eval() method is never called.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2022-22942 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2022-25636 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2022-27666 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
CVE-2022-29217 The vulnerable package is not used in PAN-OS.
CVE-2022-29804 The CVE is specific to the Go distribution on Windows. Does not
apply to PAN-OS.
CVE-2022-30634 The CVE is specific to the Go distribution on Windows. Does not
apply to PAN-OS.
CVE-2022-31625 PAN-OS does not use the affected PostgreSQL extension.
CVE-2022-31626 PAN-OS does not make use of the vulnerable PHP PDO MySQL driver
and hence not impacted.
CVE-2022-31628 PAN-OS does not make use of the vulnerable phar functionality.
CVE-2022-31676 There are no scenarios that enable successful exploitation of
this vulnerability on PAN-OS.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2022-32250 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
This issue is only practical to exploit only when the memory
CVE-2022-37454 limit is raised from its default to a value larger than 4 GiB.
PAN-OS has safer and restricted limits that do not enable
exploting this vulnerability.
Though PAN-OS software contains Samba packages, there isn't a
CVE-2022-38023 Samba file and print server that runs in PAN-OS software. This
CVE can not be exploited on PAN-OS.
CVE-2022-40897 PAN-OS does not allow customers to install custom packages.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2022-41222 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
CVE-2022-41716 The CVE is specific to the Go distribution on Windows. Does not
apply to PAN-OS.
CVE-2022-42898 The vulnerable function/feature krb5_pac_parse() is not called
from PAN-OS.
The GIF images that are processed come with PAN-OS and cannot be
CVE-2022-45198 submitted through any form of user input, so this is not
exploitable.
The TIFF images that are processed come with PAN-OS and cannot
CVE-2022-45199 be submitted through any form of user input, so this is not
exploitable.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-0386 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-0461 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-1281 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-1829 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-2235 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-3090 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-3390 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-3609 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-3611 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-3776 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-3812 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-4004 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-4206 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-4207 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-4208 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-4622 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-4623 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-4921 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
CVE-2023-5178 The affected kernel component is not used by PAN-OS.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-5633 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-6546 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-6817 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
CVE-2023-20900 There are no scenarios that enable successful exploitation of
this vulnerability on PAN-OS.
CVE-2023-23931 The vulnerable functions/features are not used in PAN-OS.
Prerequities for this CVE do not exist on PAN-OS.
CVE-2023-25690 PAN-OS does not use the vulnerable component mod_proxy or
mod_rewrite.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-31436 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-32233 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
CVE-2023-34058 There are no scenarios that enable successful exploitation of
this vulnerability on PAN-OS.
CVE-2023-34059 There are no scenarios that enable successful exploitation of
this vulnerability on PAN-OS.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-35001 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-35788 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
CVE-2023-38408 This issue affects ssh-agent, which is not used or enabled in
PAN-OS.
CVE-2023-40217 The vulnerable Python features are not used in PAN-OS.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-42753 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
CVE-2023-45283 The CVE is specific to the Go distribution on Windows. Does not
apply to PAN-OS.
CVE-2023-45284 The CVE is specific to the Go distribution on Windows. Does not
apply to PAN-OS.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-45871 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
CVE-2023-46324 The affected component is not used in PAN-OS.
Exploit requires shell access on PAN-OS, or ability to run
CVE-2023-51781 arbitrary binaries. This is not possible on PAN-OS as only Palo
Alto Network's signed binaries and scripts can be run. System
enters maintenance mode if system files are tampered with.
Product Status
Versions Affected Unaffected
PAN-OS None All
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of these issues
in any of our products.
Solution
No software updates are required at this time.
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure
Policy Report vulnerabilitiesManage subscriptions
(C) 2024 Palo Alto Networks, Inc. All rights reserved.
- --------------------------END INCLUDED TEXT----------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================