Palo Alto Networks makes use of a the OpenSSH tool. CVE-2016-6210 was recently confirmed to be applicable to the version in use by PAN-OS. (Ref # 100977/CVE-2016-6210).
To exploit this vulnerability, an attacker would have to guess usernames defined as system administrators on the firewall.
This issue affects PAN-OS 5.0.X and earlier; PAN-OS 5.1.X and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier
|PAN-OS 7.1||<= 7.1.5||>= 7.1.6|
|PAN-OS 7.0||<= 7.0.10||>= 7.0.11|
|PAN-OS 6.1||<= 6.1.14||>= 6.1.15|
|PAN-OS 6.0||<= 6.0.14||>= 6.0.15|
CVSSv3.1 Base Score: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.6 and later
Palo Alto Networks recommends following best practices by not relying on hidden usernames and setting unique, long, and complex passwords for each of the firewall users.