CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
97.9%
The Palo Alto Networks Product Security Assurance team has evaluated the recently disclosed critical libwebp vulnerability (CVE-2023-4863) as it relates to our products. While PAN-OS 10.2 and later versions include this library, PAN-OS software does not offer any scenarios required for the successful exploitation of this vulnerability and is not impacted.
No other Palo Alto Networks products are known to contain the vulnerable library and be impacted by this issue at this time.
Work around:
Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 94394 (Applications and Threats content update 8757).