Last revised: 08/16/2016
OpenSSH contains two vulnerabilities (CVE-2016-0777 and CVE-2016-0778) affecting the SSH client roaming feature when connecting to a malicious server. Exploitation of this issue can leak portions of memory from the SSH client process. (Ref # 90508)
The Palo Alto Networks firewall outbound SSH client offers only the user/password authentication scheme and, therefore, does not expose a potential SSH private key.
PAN-OS 7.0.9 and earlier; PAN-OS 7.1.2 and earlier
PAN-OS 7.0.10 and later; PAN-OS 7.1.3 and later
These vulnerabilities affect PAN-OS only when initiating a connection to a malicious server. Palo Alto Networks discourages establishing SSH sessions to unknown or untrusted servers.