PAN-SA-2020-0011 Informational: Impact of OpenSSL vulnerability CVE-2020-1971
Urgency
Not applicable
Response Effort
Not applicable
Recovery
Not applicable
Value Density
Not applicable
Attack Vector
Not applicable
Attack Complexity
Not applicable
Attack Requirements
Not applicable
Automatable
Not applicable
User Interaction
Not applicable
Product Confidentiality
NONE
Product Integrity
NONE
Product Availability
NONE
Privileges Required
Not applicable
Subsequent Confidentiality
NONE
Subsequent Integrity
NONE
Subsequent Availability
NONE
Description
Palo Alto Networks Product Security Assurance team has evaluated the vulnerability CVE-2020-1971 that affects the OpenSSL library.
The vulnerability does not have a security impact on PAN-OS, GlobalProtect App, or Cortex XSOAR. The scenarios required for successful exploitation do not exist on these products.
| CVE | CVSS | Summary |
|---|---|---|
| CVE-2020-1971 | 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) | Denial of service vulnerability in OpenSSL related to EDIPARTYNAME NULL pointer de-reference |
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| Cortex XSOAR | None | All |
| GlobalProtect App | None | All |
| PAN-OS | None | All |
Severity: NONE
CVSSv4.0 Base Score: 0 (CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N)
Weakness Type
Solution
No product updates are required for these issues.
Timeline
Initial publication