[Palo Alto Networks Security Advisories] PAN-SA-2025-0010 Informational Bulletin: No Impact of the Marvin Attack onPAN-OS
Palo Alto Networks Security Advisories /PAN-SA-2025-0010
PAN-SA-2025-0010 Informational Bulletin: No Impact of the Marvin Attack on PAN-OS
Informational
Description
The Palo Alto Networks Product Security Assurance team has evaluated the applicability of CVEs related to the Marvin attack on PAN-OS. While we did not determine that any of these CVEs have significant impact on our PAN-OS software, some were fixed anyway out of an abundance of caution. You can also review more details about the Marvin attack if helpful.
| CVE | Summary |
|---|---|
| CVE-2024-29995 | This CVE does not affect PAN-OS as PAN-OS does not have the vulnerable opensc library. |
| CVE-2024-26306 | This CVE does not affect PAN-OS as PAN-OS does not have the vulnerable iperf3 component. |
| CVE-2024-23170 | This CVE does not affect PAN-OS as PAN-OS does not have the vulnerable Mbed TLS component. |
| CVE-2024-21484 | This CVE does not affect PAN-OS as PAN-OS does not have the vulnerable jsrsasign package. |
| CVE-2024-20952 | This CVE does not affect PAN-OS as PAN-OS does not have the vulnerable openjdk package. |
| CVE-2024-2236 | This CVE does not affect PAN-OS as PAN-OS does not have the vulnerable component of libgcrypt library. |
| CVE-2024-0914 | This CVE does not affect PAN-OS as PAN-OS does not have the vulnerable package. |
| CVE-2024-0202 | This CVE does not affect PAN-OS as PAN-OS does not have the vulnerable cryptlib cryptographic library. |
| CVE-2023-46809 | This CVE does not affect PAN-OS as PAN-OS does not have the vulnerable subcomponent. |
| CVE-2023-6240 | This CVE does not affect PAN-OS as PAN-OS does not have the vulnerable subcomponent. |
| CVE-2023-5992 | This CVE does not affect PAN-OS as PAN-OS does not have the vulnerable opensc library. |
| CVE-2023-5388 | This CVE is fixed in PAN-OS 10.2.11, PAN-OS 11.0.6, PAN-OS 11.1.5 and all later versions of PAN-OS. |
| CVE-2023-4421 | This CVE is fixed in PAN-OS 10.2.11, PAN-OS 11.0.6, PAN-OS 11.1.5 and all later versions of PAN-OS. |
| CVE-2022-4304 | This CVE is fixed in PAN-OS 10.2.5, PAN-OS 11.0.2 and all later versions of PAN-OS. |
Required Configuration for Exposure
No special configuration is required to be affected by this issue.
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type and Impact
CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation
CAPEC-463 Padding Oracle Crypto Attack
Solution
These OSS CVEs are fixed in their respective PAN-OS versions.
Workarounds and Mitigations
No workaround or mitigation is available.
Acknowledgments
Timeline
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
