{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"PAN-OS: TLS 1.0 usage for certain communications with Palo Alto Networks cloud delivered services"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2020-1982","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-04-11T00:53:10.056Z","generator":{"date":"2026-04-11T00:53:10.056Z","engine":{"name":"vulnogram","version":"0.1.0-rc1"}},"id":"CVE-2020-1982","initial_release_date":"2020-07-08T16:00:00.000Z","revision_history":[{"number":"1","date":"2020-07-08T09:00:00.000Z","summary":"Initial publication"},{"number":"2","date":"2023-05-10T09:00:00.000Z","summary":"Notice that TLS 1.0 compatibility is ending November 8, 2023 for cloud service endpoints"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"PAN-OS","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/PAN-OS>=8.0.0","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-523"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=7.1.0","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-524"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<9.1.3","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-525"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=9.1.3","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-525"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<9.0.9","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-526"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=9.0.9","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-526"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<8.1.14","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-527"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=8.1.14","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-527"}}]}]}]},"vulnerabilities":[{"cve":"CVE-2020-1982","product_status":{"fixed":["PANW-PAN-OS-525","PANW-PAN-OS-526","PANW-PAN-OS-527"],"known_affected":["PANW-PAN-OS-523","PANW-PAN-OS-525","PANW-PAN-OS-526","PANW-PAN-OS-527"],"known_not_affected":["PANW-PAN-OS-524"]},"notes":[{"category":"description","text":"Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol.\n\nThese cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure.\n\nConditions required for exploitation of known TLS 1.0 weaknesses do not exist for the communication between PAN-OS and cloud-delivered services. We do not believe that any communication is impacted as a result of known attacks against TLS 1.0.\n"}],"references":[{"category":"external","summary":"NVD - CVE-2020-1982","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1982"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2020-1982","url":"https://security.paloaltonetworks.com/CVE-2020-1982"}],"threats":[{"category":"impact","description":"Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol.\n\nThese cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure.\n\nConditions required for exploitation of known TLS 1.0 weaknesses do not exist for the communication between PAN-OS and cloud-delivered services. We do not believe that any communication is impacted as a result of known attacks against TLS 1.0.\n"}],"scores":[{"cvss_v3":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseSeverity":"MEDIUM","baseScore":4.8,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},"products":["PANW-PAN-OS-523","PANW-PAN-OS-525","PANW-PAN-OS-526","PANW-PAN-OS-527"]}]}]}