Palo Alto Networks PAN-OS 7.1 < 7.1.25 / 8.0 < 8.0.20 / 8.1 < 8.1.8 / 9.0 < 9.0.2 OpenSSL Vulnerability

medium Nessus Plugin ID 134305

Synopsis

The remote PAN-OS host is affected by a cryptographic vulnerability

Description

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable 'non-stitched' ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway).

PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue, and thus, may also be affected.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to PAN-OS 7.1.25 / 8.0.20 / 8.1.8 / 9.0.2 or later

See Also

https://security.paloaltonetworks.com/CVE-2019-1559

Plugin Details

Severity: Medium

ID: 134305

File Name: palo_alto_PAN-SA-2019-0039.nasl

Version: 1.3

Type: combined

Published: 3/6/2020

Updated: 12/6/2022

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2019-1559

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:paloaltonetworks:pan-os

Required KB Items: Host/Palo_Alto/Firewall/Version, Host/Palo_Alto/Firewall/Full_Version

Exploit Ease: No known exploits are available

Patch Publication Date: 12/4/2019

Vulnerability Publication Date: 12/4/2019

Reference Information

CVE: CVE-2019-1559

CEA-ID: CEA-2021-0004