CVE-2016-8610 OpenSSL Vulnerability
Attack Vector
NETWORK
Scope
UNCHANGED
Attack Complexity
LOW
Confidentiality Impact
NONE
Privileges Required
NONE
Integrity Impact
NONE
User Interaction
NONE
Availability Impact
HIGH
Description
The OpenSSL library has been found to contain vulnerability CVE-2016-8610. Palo Alto Networks software makes use of the vulnerable library and may be affected. (Ref # PAN-68543 / CVE-2016-8610)
The OpenSSL library in use by PAN-OS is patched on a regular basis.
This issue affects PAN-OS 6.1.17 and earlier, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.10 and earlier
Product Status
Versions | Affected | Unaffected |
---|---|---|
PAN-OS 7.1 | <= 7.1.10 | >= 7.1.11 |
PAN-OS 7.0 | <= 7.0.15 | >= 7.0.16 |
PAN-OS 6.1 | <= 6.1.17 | >= 6.1.18 |
Severity: HIGH
CVSSv3.0 Base Score: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Weakness Type
CWE-400 Uncontrolled Resource Consumption
Solution
PAN-OS 6.1.18 and later, PAN-OS 7.0.16 and later, PAN-OS 7.1.11 and later
Workarounds and Mitigations
N/A