OpenSSL Vulnerabilities (PAN-SA-2016-0030)

Last revised: 10/18/2016

Summary

The OpenSSL library has been found to contain vulnerabilities CVE-2016-0703, CVE-2016-0704, and CVE-2016-0800. Palo Alto Networks software makes use of the vulnerable library. (Ref # PAN-55477/92481)

Severity: High

The OpenSSL library in use by PAN-OS is patched on a regular basis. Severities of the CVEs listed under the summary section range from moderate to high but have not been shown to be exploitable at the time of this advisory.

Products Affected

PAN-OS 5.0; PAN-OS 5.1; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.11 and earlier

Available Updates

PAN-OS 6.0.15 and later; PAN-OS 6.1.12 and later

Workarounds and Mitigations

N/A

Acknowledgements

N/A