Get supportSecurity advisories
Subscriptions
Report vulnerabilities
Palo Alto Networks Security Advisories / CVE-2019-1559

CVE-2019-1559 OpenSSL vulnerability CVE-2019-1559 has been resolved in PAN-OS


Severity 5.9 · MEDIUM
Attack Vector NETWORK
Attack Complexity HIGH
Privileges Required NONE
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact HIGH
Integrity Impact NONE
Availability Impact NONE
NVD JSON
Published: 2019-12-04
Updated: 2019-12-04
Ref#: PAN-114984 PAN-SA-2019-0039

Description

The OpenSSL library has been updated in PAN-OS to resolve CVE-2019-1559. This is a cryptographic vulnerability that under certain situations may allow a remote attacker to decrypt data by observing server responses to different types of errors.

This issue affects Palo Alto Networks PAN-OS 7.1 versions prior to 7.1.25, 8.0 versions prior to 8.0.20, 8.1 versions prior to 8.1.8, 9.0 versions prior to 9.0.2.

PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.

Product Status

PAN-OS

VersionsAffectedUnaffected
7.1< 7.1.25>= 7.1.25
8.0< 8.0.20>= 8.0.20
8.1< 8.1.8>= 8.1.8
9.0< 9.0.2>= 9.0.2

Releases <= 7.0 have not been evaluated.

Severity: MEDIUM

CVSSv3.1 Base Score: 5.9 ( CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N )

Solution

This issue has been fixed in 7.1.25, 8.0.20, 8.1.8, 9.0.2 and all subsequent releases.

Workarounds and Mitigations

There are no available workarounds.

© 2020 Palo Alto Networks, Inc. All rights reserved.