Palo Alto Networks Security Advisories / CVE-2019-1559

CVE-2019-1559 OpenSSL vulnerability CVE-2019-1559 has been resolved in PAN-OS


047910
Severity 5.9 · MEDIUM
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity HIGH
Confidentiality Impact HIGH
Privileges Required NONE
Integrity Impact NONE
User Interaction NONE
Availability Impact NONE
NVD JSON
Published 2019-12-04
Updated
Reference PAN-114984 PAN-SA-2019-0039
Discovered externally

Description

The OpenSSL library has been updated in PAN-OS to resolve CVE-2019-1559. This is a cryptographic vulnerability that under certain situations may allow a remote attacker to decrypt data by observing server responses to different types of errors.

This issue affects Palo Alto Networks PAN-OS 7.1 versions prior to 7.1.25, 8.0 versions prior to 8.0.20, 8.1 versions prior to 8.1.8, 9.0 versions prior to 9.0.2.

PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.

Product Status

VersionsAffectedUnaffected
PAN-OS 9.0< 9.0.2>= 9.0.2
PAN-OS 8.1< 8.1.8>= 8.1.8
PAN-OS 8.0< 8.0.20>= 8.0.20
PAN-OS 7.1< 7.1.25>= 7.1.25

Releases <= 7.0 have not been evaluated.

Severity: MEDIUM

CVSSv3.1 Base Score: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Weakness Type

CWE-325 Missing Required Cryptographic Step

Solution

This issue has been fixed in 7.1.25, 8.0.20, 8.1.8, 9.0.2 and all subsequent releases.

Workarounds and Mitigations

There are no available workarounds.

Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2024 Palo Alto Networks, Inc. All rights reserved.