Palo Alto Networks makes use of a the OpenSSH tool. CVE-2016-6210 was recently confirmed to be applicable to the version in use by PAN-OS. (Ref # 100977/CVE-2016-6210).
To exploit this vulnerability, an attacker would have to guess usernames defined as system administrators on the firewall.
This issue affects PAN-OS 5.0.X and earlier; PAN-OS 5.1.X and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier
| Versions | Affected | Unaffected |
|---|---|---|
| PAN-OS 7.1 | <= 7.1.5 | >= 7.1.6 |
| PAN-OS 7.0 | <= 7.0.10 | >= 7.0.11 |
| PAN-OS 6.1 | <= 6.1.14 | >= 6.1.15 |
| PAN-OS 6.0 | <= 6.0.14 | >= 6.0.15 |
| PAN-OS 5.1 | 5.1.* | |
| PAN-OS 5.0 | 5.0.* |
CVSSv3.1 Base Score: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.6 and later
Palo Alto Networks recommends following best practices by not relying on hidden usernames and setting unique, long, and complex passwords for each of the firewall users.