Lucene search

Palo Alto Networks Product Security Incident Response TeamPA-CVE-2024-47076

HistorySep 26, 2024 - 8:15 p.m.

Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products

2024-09-2620:15:00

Palo Alto Networks Product Security Incident Response Team

securityadvisories.paloaltonetworks.com

palo alto networks

cups

cve-2024-47076

cve-2024-47177

security policy rule

cloud services

vulnerabilities

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

6.3

Confidence

Low

EPSS

0.001

Percentile

28.0%

JSON

The Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-47076, CVE-2024-47177, CVE-2024-47175, and CVE-2024-47176 in the Common UNIX Printing System (CUPS) as they relate to our products.

Based on current information, Palo Alto Networks products and cloud services do not contain affected CUPS-related software packages and are not impacted by these issues.

Work around:
Customers who decide to block CUPS traffic can create a Security policy rule (Policies > Security) that targets the “cups” application. Refer to the information about creating Security policy rules: https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/policy/security-policy/create-a-security-policy-rule

Affected configurations

Vulners

Node

softwarecloud_ngfw

softwarecortex_xdr

softwarecortex_xdr_agent

softwareglobalprotect_app

softwarecortex_xsiam

softwarecortex_xsoar

softwarepan-os

softwareprisma_access

softwareprisma_access_browser

VendorProductVersionCPE
softwarecloud_ngfw*cpe:2.3:a:software:cloud_ngfw:*:*:*:*:*:*:*:*
softwarecortex_xdr*cpe:2.3:a:software:cortex_xdr:*:*:*:*:*:*:*:*
softwarecortex_xdr_agent*cpe:2.3:a:software:cortex_xdr_agent:*:*:*:*:*:*:*:*
softwareglobalprotect_app*cpe:2.3:a:software:globalprotect_app:*:*:*:*:*:*:*:*
softwarecortex_xsiam*cpe:2.3:a:software:cortex_xsiam:*:*:*:*:*:*:*:*
softwarecortex_xsoar*cpe:2.3:a:software:cortex_xsoar:*:*:*:*:*:*:*:*
softwarepan-os*cpe:2.3:a:software:pan-os:*:*:*:*:*:*:*:*
softwareprisma_access*cpe:2.3:a:software:prisma_access:*:*:*:*:*:*:*:*
softwareprisma_access_browser*cpe:2.3:a:software:prisma_access_browser:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
software	cloud_ngfw	*	cpe:2.3:a:software:cloud_ngfw::::::::
software	cortex_xdr	*	cpe:2.3:a:software:cortex_xdr::::::::
software	cortex_xdr_agent	*	cpe:2.3:a:software:cortex_xdr_agent::::::::
software	globalprotect_app	*	cpe:2.3:a:software:globalprotect_app::::::::
software	cortex_xsiam	*	cpe:2.3:a:software:cortex_xsiam::::::::
software	cortex_xsoar	*	cpe:2.3:a:software:cortex_xsoar::::::::
software	pan-os	*	cpe:2.3:a:software:pan-os::::::::
software	prisma_access	*	cpe:2.3:a:software:prisma_access::::::::
software	prisma_access_browser	*	cpe:2.3:a:software:prisma_access_browser::::::::