Palo Alto Networks Security Advisories / CVE-2019-1559

CVE-2019-1559 OpenSSL vulnerability CVE-2019-1559 has been resolved in PAN-OS

047910
Severity 5.9 · MEDIUM
Attack Vector NETWORK
Attack Complexity HIGH
Privileges Required NONE
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact HIGH
Integrity Impact NONE
Availability Impact NONE

Description

The OpenSSL library has been updated in PAN-OS to resolve CVE-2019-1559. This is a cryptographic vulnerability that under certain situations may allow a remote attacker to decrypt data by observing server responses to different types of errors.

This issue affects Palo Alto Networks PAN-OS 7.1 versions prior to 7.1.25, 8.0 versions prior to 8.0.20, 8.1 versions prior to 8.1.8, 9.0 versions prior to 9.0.2.

PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.

Product Status

VersionsAffectedUnaffected
PAN-OS 9.0< 9.0.2>= 9.0.2
PAN-OS 8.1< 8.1.8>= 8.1.8
PAN-OS 8.0< 8.0.20>= 8.0.20
PAN-OS 7.1< 7.1.25>= 7.1.25

Releases <= 7.0 have not been evaluated.

Severity: MEDIUM

CVSSv3.1 Base Score: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Weakness Type

CWE-325 Missing Required Cryptographic Step

Solution

This issue has been fixed in 7.1.25, 8.0.20, 8.1.8, 9.0.2 and all subsequent releases.

Workarounds and Mitigations

There are no available workarounds.

© 2020 Palo Alto Networks, Inc. All rights reserved.