Palo Alto Networks Security Advisories / PAN-SA-2021-0005

PAN-SA-2021-0005 Informational: Impact of OpenSSL Vulnerability CVE-2020-1971

047910
Severity 0 · NONE
Attack Vector PHYSICAL
Attack Complexity HIGH
Privileges Required HIGH
User Interaction REQUIRED
Scope UNCHANGED
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact NONE
JSON
Published 2021-08-11
Updated 2021-08-11
Reference PAN-159783
Discovered externally

Description

The Palo Alto Networks Product Security Assurance team evaluated the OpenSSL vulnerability CVE-2020-1971.

All supported versions of PAN-OS software use a version of OpenSSL that contains this vulnerability but there are no scenarios for successful exploitation of the vulnerability in the applications.

As a result, there is no known security impact for this vulnerability in PAN-OS software. However, out of an abundance of caution, we patched the impacted OpenSSL code in PAN-OS 8.1.19, PAN-OS 9.0.14, PAN-OS 9.1.8, and PAN-OS 10.0.5.

Product Status

VersionsAffectedUnaffected
PAN-OS 10.1None10.1.*
PAN-OS 10.0< 10.0.5>= 10.0.5
PAN-OS 9.1< 9.1.8>= 9.1.8
PAN-OS 9.0< 9.0.14>= 9.0.14
PAN-OS 8.1< 8.1.19>= 8.1.19

Severity: NONE

CVSSv3.1 Base Score: 0 (CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N)

Weakness Type

Solution

This issue is fixed in PAN-OS 8.1.19, PAN-OS 9.0.14, PAN-OS 9.1.8, PAN-OS 10.0.5, and all later PAN-OS versions.

Workarounds and Mitigations

Timeline

Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure Policy Report vulnerabilitiesManage subscriptions
© 2020 Palo Alto Networks, Inc. All rights reserved.