topic CVE-2023-48795 Vulnerability in General Topics

CVE-2023-48795 Vulnerability

SyafiqBharudin — Tue, 10 Jun 2025 11:28:38 GMT

Hi Community,

I have my firewall been exposed to CVE-2023-48795 Impact of Terrapin SSH Attack. Currently, based on the Palo Alto Security Advisories, I could see that PAN-OS version that are above than 10.1.15 are unaffected to this CVE. Upon checking my firewall model which is PA-820, I couldn't see any version listed for 10.1.15 in the software updates.

I'm not quite sure why it isn't listed for my model. Hope someone can enlighten me regarding this and should I proceed to upgrade to another version chain or proceed with the recommended solutions stated in the Security Advisories?

Model: PA-820

Running Version: 10.1.14-h9

Re: CVE-2023-48795 Vulnerability

kiwi — Tue, 10 Jun 2025 12:19:35 GMT

Hi @SyafiqBharudin ,

You have likely checked "Preferred Releases" or "Base Releases" at the bottom of the Software page.
Uncheck and try again. All available releases should become visible.

Hope this helps,

Kind regards,

-Kim.

Re: CVE-2023-48795 Vulnerability

BPry — Tue, 10 Jun 2025 21:16:13 GMT

@SyafiqBharudin,

10.1.15 doesn't exist, you can verify by looking at the release notes for PAN-OS 10.1 https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-release-notes/. The latest release is 10.1.14-h14 and PAN didn't actually include any detailed release notes in that version. Short of jumping major versions, you would need to reach out to TAC to get an estimate of 10.1.15 release date or verify whether this was one of the issues addressed in 10.1.14-h14 that they didn't feel like detailing.

In other releases, and under normal situations, PAN details CVEs pretty extensively when fixes are made to address them. This leads me to believe that the fix actually isn't out yet for 10.1 for some reason.