OpenSSL Vulnerabilities (PAN-SA-2016-0023)

Last revised: 10/12/2016


The OpenSSL library embedded in the GlobalProtect™ agent, TerminalServer™ agent and UserID™ agent is affected by the following public vulnerabilities: CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, and CVE-2016-2176 (Ref # 100669, 100133, PAN-60833).

Severity: Low

At the time of this advisory and in the context of GlobalProtect, TerminalServer and UserID, no public exploitation of these vulnerabilities are known.

Products Affected

GlobalProtect agent 3.1.0 and earlier; TerminalServer agent 7.0.5 and earlier; UserID agent 7.0.5 and earlier

Available Updates

GlobalProtect agent 3.1.1 and later; TerminalServer agent 7.0.6 and later; UserID agent 7.0.6 and later

Workarounds and Mitigations