Palo Alto Networks Security Advisories / PAN-SA-2021-0002

PAN-SA-2021-0002 Informational: PAN-OS: Impact of NAT Slipstream v1.0 and v2.0 Attacks

047910
Severity 0 · NONE
Attack Vector PHYSICAL
Attack Complexity HIGH
Privileges Required HIGH
User Interaction REQUIRED
Scope UNCHANGED
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact NONE
JSON
Published 2021-02-10
Updated 2021-02-12
Reference PAN-162886 and PAN-158041
Discovered externally

Description

The Palo Alto Networks Product Security Assurance team evaluated the impact of NAT slipstream v1.0 and v2.0 attacks on PAN-OS software.

The decoder for HTTP (web-browsing) traffic in appliances that run PAN-OS software does not interpret SIP or other application-level gateways. The conditions required for a NAT slipstreaming attack are not possible so there is no impact to PAN-OS software.

Customers with a Threat Prevention subscription can enable the following threat prevention signatures to mitigate the risk of NAT slipstream attacks on other devices protected by appliances running PAN-OS software:

NAT Slipstreaming Detection (59667)

NAT Slipstreaming Detection (59668)

NAT Slipstreaming Detection (59669)

NAT Slipstreaming Detection (59671)

NAT Slipstreaming Detection (59672)

Product Status

VersionsAffectedUnaffected
PAN-OS Noneall

Severity: NONE

CVSSv3.1 Base Score: 0 (CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N)

Weakness Type

Solution

No product updates are required for this vulnerability.

Workarounds and Mitigations

Timeline

Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure Policy Report vulnerabilitiesManage subscriptions
© 2020 Palo Alto Networks, Inc. All rights reserved.