Palo Alto Networks Security Advisories / CVE-2018-5390

CVE-2018-5390 Information about SegmentSmack findings

047910
Severity 0 · NONE
Attack Vector NETWORK
Attack Complexity LOW
Privileges Required NONE
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact NONE

Description

Palo Alto Networks is aware of recent vulnerability disclousre, known as SegmentSmack, that affects Linux kernel 4.9 and later. At this time, our findings show that Palo Alto Networks PAN-OS devices are not vulnerable to this disclosure (CVE-2018-5390).

PAN-OS/Panorama platforms are not impacted by this vulnerability.

Product Status

VersionsAffectedUnaffected
PAN-OS Noneall

Severity: NONE

CVSSv3.1 Base Score: 0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)

Weakness Type

CWE-20 Improper Input Validation

Solution

N/A

Workarounds and Mitigations

Our NGFW users can use the configuration option bypass-exceed-oo-queue with value no which will provide protection from CVE-2018-5390 for devices positioned behind the firewall. For more information on configuration, please refer to the Best Practices for Securing Your Network from Layer 4 and Layer 7 Evasions document: https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/threat-prevention/best-practices-for-securing-your-network-from-layer-4-and-layer-7-evasions .

© 2020 Palo Alto Networks, Inc. All rights reserved.