OpenSSH vulnerabilities (PAN-SA-2016-0011)

Last revised: 08/16/2016


OpenSSH contains two vulnerabilities (CVE-2016-0777 and CVE-2016-0778) affecting the SSH client roaming feature when connecting to a malicious server. Exploitation of this issue can leak portions of memory from the SSH client process. (Ref # 90508)

Severity: Low

The Palo Alto Networks firewall outbound SSH client offers only the user/password authentication scheme and, therefore, does not expose a potential SSH private key.

Products Affected

PAN-OS 7.0.9 and earlier; PAN-OS 7.1.2 and earlier

Available Updates

PAN-OS 7.0.10 and later; PAN-OS 7.1.3 and later

Workarounds and Mitigations

These vulnerabilities affect PAN-OS only when initiating a connection to a malicious server. Palo Alto Networks discourages establishing SSH sessions to unknown or untrusted servers.