CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
73.8%
The Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-6387, known as “regreSSHion”, as it relates to our products.
The SSH features in PAN-OS are not affected by CVE-2024-6387.
At present, no other Palo Alto Networks products are known to contain the vulnerable software packages and be impacted by these issues.
Protecting our customers is our highest priority. Palo Alto Networks and its Unit 42 threat research team are closely monitoring all developments. More information can be found in the Unit 42 threat brief: https://unit42.paloaltonetworks.com/threat-brief-cve-2024-6387-openssh/
Work around:
No work around available.
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
73.8%