CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
The Palo Alto Networks Product Security Assurance team has evaluated the supply chain compromise impacting versions 5.6.0 and 5.6.1 of XZ tools and libraries. These versions of the software may allow unauthorized access to affected systems.
Based on the information presently known, Palo Alto Networks products and cloud services do not contain affected XZ software packages and are not impacted by these issues.
Please refer to the Unit42 Threat Brief for the latest guidance and product offerings to protect customers from CVE-2024-3094 in their environments: https://unit42.paloaltonetworks.com/threat-brief-xz-utils-cve-2024-3094/
Work around:
No work around available.