Last revised: 12/04/2019
The OpenSSL library has been updated in PAN-OS to resolve CVE-2019-1559. This is a cryptographic vulnerability that under certain situations may allow a remote attacker to decrypt data by observing server responses to different types of errors. This issue was internally tracked as PAN-114984.
CVSS Score for this issue is 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
This issue affects Palo Alto Networks PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.8; 9.0 versions prior to 9.0.2. PAN-OS 7.0 and prior EOL versions have not been evaluated for this issue.
This issue has been fixed in 7.1.25, 8.0.20, 8.1.8, 9.0.2 and all subsequent releases.
There are no available workarounds.