Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965

The Palo Alto Networks Product Security Assurance team has completed its evaluation of the Spring Cloud Function vulnerability CVE-2022-22963 and Spring Core vulnerability CVE-2022-22965 for all products and services. All Palo Alto Networks cloud services with possible impact have been mitigated and remediated.

The following products and services are not impacted by these Spring vulnerabilities: AutoFocus, Bridgecrew, Cortex Data Lake, Cortex XDR agent, Cortex Xpanse, Cortex XSOAR, Enterprise Data Loss Prevention, Exact Data Matching (EDM) CLI, Expanse, Expedition Migration Tool, GlobalProtect app, IoT Security, Okyo Garde, Palo Alto Networks App for Splunk, PAN-OS hardware and virtual firewalls and Panorama appliances, Prisma Cloud, Prisma Cloud Compute, Prisma SD-WAN (CloudGenix), Prisma SD-WAN ION, SaaS Security, User-ID Agent, WildFire Appliance (WF-500), and WildFire Cloud.

Work around:
No workarounds or mitigations are required for Palo Alto Networks products at this time.

Customers with a Threat Prevention subscription can block the attack traffic related to these vulnerabilities by enabling Threat IDs 92393, 92394, and 83239 for CVE-2022-22965 and Threat ID 92389 for CVE-2022-22963.

See https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/ for more details on Palo Alto Networks product capabilities to protect against attacks that exploit this issue.