Palo Alto Networks Security Advisories / CVE-2019-1559

CVE-2019-1559 OpenSSL vulnerability CVE-2019-1559 has been resolved in PAN-OS

Severity 5.9 · MEDIUM
Attack Vector NETWORK
Attack Complexity HIGH
Confidentiality Impact HIGH
Privileges Required NONE
Integrity Impact NONE
User Interaction NONE
Availability Impact NONE


The OpenSSL library has been updated in PAN-OS to resolve CVE-2019-1559. This is a cryptographic vulnerability that under certain situations may allow a remote attacker to decrypt data by observing server responses to different types of errors.

This issue affects Palo Alto Networks PAN-OS 7.1 versions prior to 7.1.25, 8.0 versions prior to 8.0.20, 8.1 versions prior to 8.1.8, 9.0 versions prior to 9.0.2.

PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.

Product Status

PAN-OS 9.0< 9.0.2>= 9.0.2
PAN-OS 8.1< 8.1.8>= 8.1.8
PAN-OS 8.0< 8.0.20>= 8.0.20
PAN-OS 7.1< 7.1.25>= 7.1.25

Releases <= 7.0 have not been evaluated.


CVSSv3.1 Base Score:5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Weakness Type

CWE-325 Missing Required Cryptographic Step


This issue has been fixed in 7.1.25, 8.0.20, 8.1.8, 9.0.2 and all subsequent releases.

Workarounds and Mitigations

There are no available workarounds.

© 2023 Palo Alto Networks, Inc. All rights reserved.