Paloalto Prisma Sd-Wan Ion vulnerabilities

CVE-2023-48795 [MEDIUM] CWE-354 Impact of Terrapin SSH Attack Impact of Terrapin SSH Attack The Terrapin attack allows an attacker with the ability to intercept SSH traffic on affected Palo Alto Networks products (through machine-in-the-middle or MitM attacks) to downgrade connection security and force the usage of less secure client authentication algorithms when an administrator or user connects to the product. This issue does not impact the SSH server component of PAN-OS software configured

CVE-2023-38545 [CRITICAL] CWE-120 Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546) Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546) The Palo Alto Networks Product Security Assurance team has evaluated the curl and libcurl vulnerabilities (CVE-2023-38545, CVE-2023-38546) that were disclosed on October 11, 2023 as they relate to our products. At this time, there are no demonstrated scenarios that enable successful exploitation of these vulner

CVE-2023-38802 [HIGH] CWE-754 PAN-OS: Denial-of-Service (DoS) Vulnerability in BGP Software PAN-OS: Denial-of-Service (DoS) Vulnerability in BGP Software BGP software such as FRRouting FRR included as part of the PAN-OS, Prisma SD-WAN ION, and Prisma Access routing features enable a remote attacker to incorrectly reset network sessions though an invalid BGP update. This issue is applicable only to devices and appliances with BGP routing features enabled. This issue requires the remote attacker

CVE-2023-22809 [HIGH] Impact of Sudo Vulnerability CVE-2023-22809 Impact of Sudo Vulnerability CVE-2023-22809 The Palo Alto Networks Product Security Assurance team has evaluated the sudo software vulnerability CVE-2023-22809 and has determined that the following Palo Alto Networks products do not expose the sudo program and, therefore, do not offer any scenarios required for successful exploitation of this vulnerability. Affected products: Cloud NGFW, PAN-OS, Prisma Access, Prisma SD-WAN ION

CVE-2022-22963 [CRITICAL] CWE-497 Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965 Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965 The Palo Alto Networks Product Security Assurance team has completed its evaluation of the Spring Cloud Function vulnerability CVE-2022-22963 and Spring Core vulnerability CVE-2022-22965 for all products and services. All Palo Alto Networks cloud services with possible impact have been mitigated and

CVE-2021-41617 [HIGH] CWE-250 Informational: Impact of the OpenSSH Vulnerability CVE-2021-41617 on PAN-OS Informational: Impact of the OpenSSH Vulnerability CVE-2021-41617 on PAN-OS The Palo Alto Networks Product Security Assurance team has evaluated the OpenSSH software CVE-2021-41617 vulnerability. PAN-OS and Prisma SD-WAN ION software does not utilize the ssh configuration options required to exploit this vulnerability. There are no scenarios that enable successful exploitation of the vulne