Palo Alto Networks Security Advisories / PAN-SA-2021-0002

PAN-SA-2021-0002 Informational: PAN-OS: Impact of NAT Slipstream v1.0 and v2.0 Attacks

047910
Severity 0 · NONE
Attack Vector PHYSICAL
Attack Complexity HIGH
Privileges Required HIGH
User Interaction REQUIRED
Scope UNCHANGED
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact NONE

Description

The Palo Alto Networks Product Security Assurance team evaluated the impact of NAT slipstream v1.0 and v2.0 attacks on PAN-OS software.

The decoder for HTTP (web-browsing) traffic in appliances that run PAN-OS software does not interpret SIP or other application-level gateways. The conditions required for a NAT slipstreaming attack are not possible so there is no impact to PAN-OS software.

Customers with a Threat Prevention subscription can enable the following threat prevention signatures to mitigate the risk of NAT slipstream attacks on other devices protected by appliances running PAN-OS software:

NAT Slipstreaming Detection (59667)

NAT Slipstreaming Detection (59668)

NAT Slipstreaming Detection (59669)

NAT Slipstreaming Detection (59671)

NAT Slipstreaming Detection (59672)

Product Status

VersionsAffectedUnaffected
PAN-OS Noneall

Severity: NONE

CVSSv3.1 Base Score: 0 (CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N)

Weakness Type

Solution

No product updates are required for this vulnerability.

Workarounds and Mitigations

Timeline

Initial publication
© 2020 Palo Alto Networks, Inc. All rights reserved.