OpenSSL Vulnerabilities in PAN-OS (PAN-SA-2018-0015)

Last revised: 11/08/2018

Summary

The OpenSSL library has been found to contain vulnerabilities CVE-2018-0732, CVE-2018-0737, and CVE-2018-0739. Palo Alto Networks software makes use of the vulnerable library and is affected. (Ref # PAN-98504/ CVE-2018-0732, CVE-2018-0737, and CVE-2018-0739)

Severity: Medium

The OpenSSL library in use by PAN-OS is patched on a regular basis for security issues.

Products Affected

PAN-OS 6.1.20 and earlier, PAN-OS 7.1.20 and earlier, PAN-OS 8.0.13 and earlier, and PAN-OS 8.1.3 and earlier. WF-500 running WF-500 software versions PAN-OS 6.1.20 and earlier, PAN-OS 7.1.20 and earlier, PAN-OS 8.0.13 and earlier, and PAN-OS 8.1.3 and earlier

Available Updates

PAN-OS 7.1.21 and later, PAN-OS 8.1.4 and later, and WF-500 running WF-500 software version 8.1.4 and later. We will update this security advisory as soon as fixes are available for PAN-OS 8.0 and WF-500 deployments running WF-500 version 8.0. PAN-OS 6.1 will NOT have a fix. For WF-500 software versions 7.1 and earlier, please consult the WildFire Administrator’s Guide for steps to upgrade the software. An online copy of all available documentation can be found here (https://www.paloaltonetworks.com/documentation).

Workarounds and Mitigations

N/A

Acknowledgements

N/A