Palo Alto Networks Security Advisories / CVE-2016-8610

CVE-2016-8610 OpenSSL Vulnerability

047910
Severity 7.5 · HIGH
Attack Vector NETWORK
Attack Complexity LOW
Privileges Required NONE
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact HIGH

Description

The OpenSSL library has been found to contain vulnerability CVE-2016-8610. Palo Alto Networks software makes use of the vulnerable library and may be affected. (Ref # PAN-68543 / CVE-2016-8610)

The OpenSSL library in use by PAN-OS is patched on a regular basis.

This issue affects PAN-OS 6.1.17 and earlier, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.10 and earlier

Product Status

VersionsAffectedUnaffected
PAN-OS 7.1<= 7.1.10>= 7.1.11
PAN-OS 7.0<= 7.0.15>= 7.0.16
PAN-OS 6.1<= 6.1.17>= 6.1.18

Severity: HIGH

CVSSv3.1 Base Score: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Weakness Type

CWE-400 Uncontrolled Resource Consumption

Solution

PAN-OS 6.1.18 and later, PAN-OS 7.0.16 and later, PAN-OS 7.1.11 and later

Workarounds and Mitigations

N/A

© 2020 Palo Alto Networks, Inc. All rights reserved.