CVE-2020-1968 PAN-OS: Impact of the Raccoon Attack Vulnerability CVE-2020-1968
Description
In versions of Palo Alto Networks PAN-OS software earlier than PAN-OS 10.0, the DHE cipher available for use in traffic decryption improperly shares a cryptographic secret across multiple TLS connections, which weakens its cryptographic strength. This is a prerequisite for successful exploitation of the Raccoon attack (CVE-2020-1968), which allows an attacker to eavesdrop on encrypted traffic over those TLS connections.
Components that are known to be impacted by this vulnerability:
SSL Forward-Proxy
SSL Inbound Inspection
GlobalProtect Portal
GlobalProtect Gateway
GlobalProtect Clientless VPN
This issue impacts all versions of PAN-OS 8.1, all versions of PAN-OS 9.0, and all versions of PAN-OS 9.1. This issue does not impact any version of PAN-OS 10.0 or any later PAN-OS versions.
Prisma Access customers that have Prisma Access 2.0 Preferred and Prisma Access 2.1 Preferred firewalls are impacted by this issue.
Product Status
Versions | Affected | Unaffected |
---|---|---|
PAN-OS 10.1 | None | 10.1.* |
PAN-OS 10.0 | None | 10.0.* |
PAN-OS 9.1 | 9.1.* | None |
PAN-OS 9.0 | 9.0.* | None |
PAN-OS 8.1 | 8.1.* | None |
Prisma Access 2.2 | None | Preferred |
Prisma Access 2.1 | Preferred | Innovation |
Prisma Access 2.0 | Preferred | Innovation |
Required Configuration for Exposure
This issue is only applicable to PAN-OS firewalls configured to use SSL Forward Proxy, SSL Inbound Inspection, GlobalProtect Portal, GlobalProtect Gateway, or GlobalProtect Clientless VPN and where the usage of the DHE key exchange is not disabled.
Severity: LOW
CVSSv3.1 Base Score: 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type
CWE-203 Information Exposure Through Discrepancy
CWE-326 Inadequate Encryption Strength
Solution
Apply any of the workarounds to mitigate the risk of CVE-2020-1968.
This issue is fixed in PAN-OS 10.0.0 and all later PAN-OS versions.
This issue is fixed in Prisma Access 2.1 Innovation, Prisma Access 2.2 Preferred, and all later Prisma Access versions.
Workarounds and Mitigations
For all major versions of PAN-OS software earlier than PAN-OS 10.0 that use SSL Forward Proxy or SSL Inbound Proxy:
You must disable the DHE key exchange from the web interface. You can change this setting by selecting ‘Objects > Decryption Profile > SSL Protocol Settings’ and then disable (deselect) the 'DHE’ option.
For all PAN-OS 9.0 and PAN-OS 9.1 versions using GlobalProtect Portal, GlobalProtect Gateway, or GlobalProtect Clientless VPN, you can use the following CLI command to disable the DHE key exchange:
"set shared ssl-tls-service-profile <ssl-tls-service-profile-name> protocol-settings keyxchg-algo-dhe no"
For PAN-OS 8.1.20 and later PAN-OS 8.1 versions using GlobalProtect Portal, GlobalProtect Gateway, or GlobalProtect Clientless VPN, you can use the same CLI command to disable the DHE key exchange:
"set shared ssl-tls-service-profile <ssl-tls-service-profile-name> protocol-settings keyxchg-algo-dhe no"
PAN-OS 10.0 and later PAN-OS versions are not impacted by this issue.