https://live.paloaltonetworks.com/t5/general-articles/nominated-discussion-what-cloud-services-are-affected-by-cve/ta-p/557560 <DIV class="lia-message-template-content-zone"> <P><SPAN>This Nominated Discussion Article is based on the post "</SPAN><A href="https://live.paloaltonetworks.com/t5/general-topics/what-cloud-services-are-affected-by-cve-2020-1982/m-p/556620" target="_blank" rel="noopener">What cloud services are affected by CVE-2020-1982?</A><SPAN>" by&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/311720">@KyungjunCHOE</a>&nbsp;&nbsp;&nbsp;and</SPAN><SPAN>&nbsp;answered by&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/200155">@AKuzhuppilly</a>. Read on to see his response!</SPAN></P> <P>&nbsp;</P> <BLOCKQUOTE> <P>Dear Team,</P> <P>&nbsp;</P> <P>When checking CVE-2020-1982 in Palo Alto Networks Security Advisories, we found the following text:</P> <P>&gt; These cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure.<BR />URL : <A href="https://security.paloaltonetworks.com/CVE-2020-1982" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2020-1982</A></P> <P>&nbsp;</P> <P>The above phrase includes CSP.</P> <P>&nbsp;</P> <P>So does this mean that dynamic update and software update communicated with CSP are not possible on the OS affected by that vulnerability?</P> <P>&nbsp;</P> <P>I would like to know the extent to which that vulnerability is affected.</P> <P>&nbsp;</P> <P>If anyone knows please share with me</P> <P>&nbsp;</P> <P>Thank you</P> </BLOCKQUOTE> <P>Response:</P> <P>&nbsp;</P> <BLOCKQUOTE> <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/311720">@KyungjunCHOE</a></P> <P>&nbsp;</P> <P>CVE-2020-1982 pertains to a specific issue where PAN-OS communicates with cloud-delivered services using the insecure TLS 1.0 protocol. These cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure.</P> <P>&nbsp;</P> <P>If you check updates.paloaltonetworks.com using tools like ssllabs, you'll notice that TLS 1.0 and TLS 1.1 are enabled.&nbsp;</P> <P>&nbsp;</P> <P>This issue has been resolved in PAN-OS versions 8.1.14, 9.0.9, 9.1.3, and all subsequent releases.</P> <P>&nbsp;</P> <P>Additionally, please be aware that Palo Alto intends to discontinue support for TLS 1.0 in their cloud service endpoints on November 8, 2023. To ensure uninterrupted access to cloud-delivered services and updates, it is necessary to upgrade to PAN-OS 8.1.14, 9.0.9, 9.1.3, or newer versions.</P> </BLOCKQUOTE> <P>&nbsp;</P> </DIV> Thu, 18 Apr 2024 19:39:36 GMT JayGolf 2024-04-18T19:39:36Z https://live.paloaltonetworks.com/t5/general-articles/nominated-discussion-what-cloud-services-are-affected-by-cve/ta-p/557560 <P><SPAN>This Nominated Discussion Article is based on the post "</SPAN><A href="https://live.paloaltonetworks.com/t5/general-topics/what-cloud-services-are-affected-by-cve-2020-1982/m-p/556620" target="_blank" rel="noopener">What cloud services are affected by CVE-2020-1982?</A><SPAN>".</SPAN></P> Thu, 18 Apr 2024 19:39:36 GMT https://live.paloaltonetworks.com/t5/general-articles/nominated-discussion-what-cloud-services-are-affected-by-cve/ta-p/557560 JayGolf 2024-04-18T19:39:36Z