Palo Alto Networks PAN-OS 6.1.x <= 6.1.20 / 7.1.x < 7.1.21 / 8.0.x < 8.0.14 / 8.1.x < 8.1.4 Multiple Vulnerabilities (PAN-SA-2018-0015)

medium Nessus Plugin ID 123512


The remote host is affected by multiple vulnerabilities.


The version of Palo Alto Networks PAN-OS running on the remote host is 6.1.x including 6.1.20 or 7.1.x prior to 7.1.21 or 8.0.x prior to 8.0.14 or 8.1.x prior to 8.1.4. It is, therefore, affected by multiple vulnerabilities :

- A denial of service (DoS) vulnerability that exists in OpenSSL due to failure of handling the exception conditions during the TLS handshake. An authenticated, remote attacker can exploit this issue , via malicious server to send large prime value to the client to spend unreasonably long time for generating the key for this prime resulting hang until the client finished. (CVE-2018-0732)

- An information disclosure vulnerability that exists in OpenSSL RSA key generation algorithm due to a cache timing side channel attack. An authenticated, local attacker can exploit this issue, via cache timing attacks during the RSA key generation process, to recover the private key. (CVE-2018-0737)

- A denial of service (DoS) vulnerability that exists in OpenSSL due to a constructed ASN.1 types with a recursive definition. An unauthenticated, remote attacker can exploit this issue, via creating malicious input with excessive recursion, to cause the Denial Of Service attack. (CVE-2018-0739)


Upgrade to Palo Alto Networks PAN-OS version 7.1.21 / 8.0.14 / 8.1.4 or later.

See Also

Plugin Details

Severity: Medium

ID: 123512

File Name: palo_alto_PAN-SA-2018-0015.nasl

Version: 1.3

Type: combined

Published: 3/29/2019

Updated: 4/1/2021

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 4.4


Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2018-0737


Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:paloaltonetworks:pan-os

Required KB Items: Host/Palo_Alto/Firewall/Version, Host/Palo_Alto/Firewall/Full_Version, Host/Palo_Alto/Firewall/Source

Exploit Ease: No known exploits are available

Patch Publication Date: 11/20/2018

Vulnerability Publication Date: 11/20/2018

Reference Information

CVE: CVE-2018-0732, CVE-2018-0737, CVE-2018-0739

BID: 103518, 103766, 104442