PAN-SA-2020-0011 Informational: Impact of OpenSSL vulnerability CVE-2020-1971
Urgency Not applicable
Response Effort Not applicable
Recovery Not applicable
Value Density Not applicable
Attack Vector Not applicable
Attack Complexity Not applicable
Attack Requirements Not applicable
Automatable Not applicable
User Interaction Not applicable
Product Confidentiality NONE
Product Integrity NONE
Product Availability NONE
Privileges Required Not applicable
Subsequent Confidentiality NONE
Subsequent Integrity NONE
Subsequent Availability NONE
Description
Palo Alto Networks Product Security Assurance team has evaluated the vulnerability CVE-2020-1971 that affects the OpenSSL library.
The vulnerability does not have a security impact on PAN-OS, GlobalProtect App, or Cortex XSOAR. The scenarios required for successful exploitation do not exist on these products.
CVE | CVSS | Summary |
---|---|---|
CVE-2020-1971 | 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) | Denial of service vulnerability in OpenSSL related to EDIPARTYNAME NULL pointer de-reference |
Product Status
Versions | Affected | Unaffected |
---|---|---|
Cortex XSOAR | None | all |
GlobalProtect App | None | all |
PAN-OS | None | all |
Severity: NONE
CVSSv4.0 Base Score: 0 (CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N)
Weakness Type
Solution
No product updates are required for these issues.
Timeline
Initial publication