OpenSSL vulnerability CVE-2019-1559 has been resolved in PAN-OS (PAN-SA-2019-0039)

Last revised: 12/04/2019

Summary

The OpenSSL library has been updated in PAN-OS to resolve CVE-2019-1559. This is a cryptographic vulnerability that under certain situations may allow a remote attacker to decrypt data by observing server responses to different types of errors. This issue was internally tracked as PAN-114984.

Severity: MEDIUM

CVSS Score for this issue is 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Products Affected

This issue affects Palo Alto Networks PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.8; 9.0 versions prior to 9.0.2. PAN-OS 7.0 and prior EOL versions have not been evaluated for this issue.

Available Updates

This issue has been fixed in 7.1.25, 8.0.20, 8.1.8, 9.0.2 and all subsequent releases.

Workarounds and Mitigations

There are no available workarounds.

Acknowledgements

n/a