{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"OpenSSL Vulnerabilities in PAN-OS "}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: PAN-SA-2018-0015","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-07-15T09:57:42.021Z","generator":{"date":"2026-07-15T09:57:42.021Z","engine":{"name":"Vulnogram","version":"0.0.9"}},"id":"PAN-SA-2018-0015","initial_release_date":"2018-10-12T02:35:00.000Z","revision_history":[{"number":"1","date":"2026-07-15T02:57:42.000Z","summary":"Initial release"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"PAN-OS","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/PAN-OS<=6.1.20","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-386"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<=7.1.20","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-383"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=7.1.21","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-378"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<=8.0.13","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-384"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=8.0.14","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-334"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<=8.1.3","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-366"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=8.1.4","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-380"}}]}]}]},"vulnerabilities":[{"cve":"CVE-2018-0732","product_status":{"fixed":["PANW-PAN-OS-378","PANW-PAN-OS-334","PANW-PAN-OS-380"],"known_affected":["PANW-PAN-OS-386","PANW-PAN-OS-383","PANW-PAN-OS-384","PANW-PAN-OS-366"]},"notes":[{"category":"description","text":"During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o)."}],"references":[{"category":"external","summary":"NVD - CVE-2018-0732","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0732"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2018-0015","url":"https://security.paloaltonetworks.com/PAN-SA-2018-0015"}],"threats":[{"category":"impact","description":"During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o)."}]},{"cve":"CVE-2018-0737","product_status":{"fixed":["PANW-PAN-OS-378","PANW-PAN-OS-334","PANW-PAN-OS-380"],"known_affected":["PANW-PAN-OS-386","PANW-PAN-OS-383","PANW-PAN-OS-384","PANW-PAN-OS-366"]},"notes":[{"category":"description","text":"The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o)."}],"references":[{"category":"external","summary":"NVD - CVE-2018-0737","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0737"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2018-0015","url":"https://security.paloaltonetworks.com/PAN-SA-2018-0015"}],"threats":[{"category":"impact","description":"The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o)."}]},{"cve":"CVE-2018-0739","product_status":{"fixed":["PANW-PAN-OS-378","PANW-PAN-OS-334","PANW-PAN-OS-380"],"known_affected":["PANW-PAN-OS-386","PANW-PAN-OS-383","PANW-PAN-OS-384","PANW-PAN-OS-366"]},"notes":[{"category":"description","text":"Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)."}],"references":[{"category":"external","summary":"NVD - CVE-2018-0739","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0739"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2018-0015","url":"https://security.paloaltonetworks.com/PAN-SA-2018-0015"}],"threats":[{"category":"impact","description":"Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)."}]}]}