PAN-OS_Security_Advisories_Enrichment

This script enriches CVEs published by Palo Alto Networks with detailed vulnerability information from the official Palo Alto Networks Security Advisories website https://security.paloaltonetworks.com.

python · PAN-OS by Palo Alto Networks

README

PANOSSecurityAdvisories_Enrichment

This script enriches CVEs published by Palo Alto Networks with detailed vulnerability information from the official Palo Alto Networks Security Advisories website https://security.paloaltonetworks.com.

Description

The script retrieves comprehensive vulnerability data including CVSS scores, affected products, version information, exploits, workarounds, and solutions from Palo Alto Networks’ security advisories. It supports both CVE identifiers and PAN-SA advisory IDs, automatically determining the appropriate data source and format.

Inputs

Argument Name Description Required
cve_id CVE ID(s) or PAN-SA advisory ID(s) to enrich (array) Required

Outputs

Path Type Description
PANOSSecurityAdvisories.Advisory.cve_id String CVE ID
PANOSSecurityAdvisories.Advisory.title String CVE Title
PANOSSecurityAdvisories.Advisory.description String Vulnerability description
PANOSSecurityAdvisories.Advisory.cve_url String Link to the PANW Security Advisories page
PANOSSecurityAdvisories.Advisory.cvss_score Number Base score of CVE
PANOSSecurityAdvisories.Advisory.cvss_severity String Base severity of CVE (LOW, MEDIUM, HIGH, CRITICAL)
PANOSSecurityAdvisories.Advisory.cvethreatscore Number Threat Score of the CVE
PANOSSecurityAdvisories.Advisory.cvethreatseverity String Threat Severity of CVE (LOW, MEDIUM, HIGH, CRITICAL)
PANOSSecurityAdvisories.Advisory.cvss_vector_string String CVSS Vector indicating metrics of attack
PANOSSecurityAdvisories.Advisory.cvss_table Unknown Metrics of the vulnerability
PANOSSecurityAdvisories.Advisory.affected_list Unknown List of affected products, their versions and changes introduced with fixes
PANOSSecurityAdvisories.Advisory.cveproductstatus Unknown List of affected products with platform information and fixed versions
PANOSSecurityAdvisories.Advisory.cpes Unknown Affected products defined by CPE
PANOSSecurityAdvisories.Advisory.published_date Date Date when it was published to the advisories page
PANOSSecurityAdvisories.Advisory.last_updated_date Date Date when it was last updated on the advisories page
PANOSSecurityAdvisories.Advisory.solution String Solution provided for the CVE
PANOSSecurityAdvisories.Advisory.workaround String Workaround for the CVE
PANOSSecurityAdvisories.Advisory.configurations String Required configurations for exploit
PANOSSecurityAdvisories.Advisory.exploits String Known exploits of this vulnerability in the field
PANOSSecurityAdvisories.Advisory.impact String Impact description of the vulnerability
PANOSSecurityAdvisories.Advisory.external_cve_list Unknown If input CVE is a PAN-SA advisory then list of related non-PANW CVEs

Context Example

{
    "PANOSSecurityAdvisories": {
        "Advisory": {
            "cve_id": "CVE-2024-1234",
            "title": "OS Command Injection Vulnerability in PAN-OS",
            "description": "A command injection vulnerability in PAN-OS allows...",
            "cve_url": "https://security.paloaltonetworks.com/CVE-2024-1234",
            "cvss_score": 9.8,
            "cvss_severity": "CRITICAL",
            "cvethreatscore": 9.8,
            "cvethreatseverity": "CRITICAL",
            "cvss_vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "affected_list": [
                {
                    "product": "PAN-OS",
                    "platforms": [""],
                    "versions": [
                        {
                            "version": "10.2.0",
                            "lessThan": "10.2.4-h16",
                            "status": "affected",
                            "changes": [
                                {
                                    "at": "10.2.4-h16",
                                    "status": "unaffected"
                                }
                            ]
                        }
                    ]
                }
            ],
            "published_date": "2024-04-10T16:00:00.000Z",
            "last_updated_date": "2024-04-10T16:00:00.000Z",
            "solution": "This issue is fixed in PAN-OS 10.2.4-h16, PAN-OS 11.0.1, and all later PAN-OS versions.",
            "workaround": "Enable Threat Prevention on all security rules...",
            "external_cve_list": []
        }
    }
}

Human Readable Output

Field Value
CVE ID CVE-2024-1234
Title OS Command Injection Vulnerability in PAN-OS
CVSS Score 9.8
Severity CRITICAL
Published Date 2024-04-10T16:00:00.000Z
Solution This issue is fixed in PAN-OS 10.2.4-h16, PAN-OS 11.0.1, and all later PAN-OS versions.

Notes

  • The script automatically handles both CVE and PAN-SA format inputs.
  • For PAN-SA advisories, the script attempts to retrieve additional CSAF (Common Security Advisory Framework) data.
  • Version information is parsed and sorted to provide clear affected/unaffected status.
  • CVSS metrics are prioritized by score (highest first) when multiple metrics are available.
  • External CVE references are included for PAN-SA advisories when available.
  • The script connects to the Palo Alto Networks Security Advisories page for data retrieval.