Palo Alto Networks PAN-OS < 5.0.14 / 5.1.x < 5.1.9 / 6.0.x < 6.0.4 OpenSSL MitM

Medium Nessus Plugin ID 78586

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 8.5

Synopsis

The remote host is affected by a man-in-the-middle vulnerability.

Description

The remote host is running a version of Palo Alto Networks PAN-OS prior to 5.0.14 / 5.1.9 / 6.0.4. It is, therefore, affected by a flaw in the included OpenSSL library that can cause the client or server to use weak keying material, which a remote attacker can exploit to conduct a man-in-the-middle attack.

Solution

Upgrade to PAN-OS version 5.0.14 / 5.1.9 / 6.0.4 or later.

See Also

https://securityadvisories.paloaltonetworks.com/Home/Detail/23

Plugin Details

Severity: Medium

ID: 78586

File Name: palo_alto_PAN-SA-2014-0003.nasl

Version: 1.6

Type: combined

Published: 2014/10/20

Updated: 2018/07/24

Dependencies: 72816

Risk Information

Risk Factor: Medium

VPR Score: 8.5

CVSS v2.0

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:paloaltonetworks:pan-os

Required KB Items: Host/Palo_Alto/Firewall/Version, Host/Palo_Alto/Firewall/Full_Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/06/09

Vulnerability Publication Date: 2014/06/03

Exploitable With

Core Impact

Reference Information

CVE: CVE-2014-0224

BID: 67899

CERT: 978508