https://live.paloaltonetworks.com/t5/psirt-articles/palo-alto-networks-products-not-vulnerable-to-roca-vulnerable/ta-p/182399 <DIV class="lia-message-template-content-zone"><P>On October 15th 2017, a security researcher announced a new vulnerability "<STRONG>ROCA: Vulnerable RSA generation</STRONG>" [1] affecting&nbsp;<SPAN>smartcards, security tokens and other secure hardware using chips manufactured by Infineon Technologies AG. </SPAN></P> <P>&nbsp;</P> <P><SPAN>Palo Alto Networks <STRONG>does not use</STRONG> these affected chips in any products</SPAN><SPAN>. As a result, the Palo Alto Networks platform is not vulnerable to the attack described in CVE-2017-15361 [2].</SPAN></P> <P>&nbsp;</P> <H1 id="toc-hId--1545100828">Reference</H1> <P>[1] -&nbsp;<SPAN> <A href="https://crocs.fi.muni.cz/public/papers/rsa_ccs17" target="_self">https://crocs.fi.muni.cz/public/papers/rsa_ccs17</A></SPAN></P> <P><SPAN>[2] -&nbsp;<A href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15361" target="_self">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15361</A></SPAN></P> <P><SPAN>&nbsp;</SPAN></P> </DIV> Fri, 03 Nov 2017 23:58:04 GMT emoret 2017-11-03T23:58:04Z https://live.paloaltonetworks.com/t5/psirt-articles/palo-alto-networks-products-not-vulnerable-to-roca-vulnerable/ta-p/182399 <P>ROCA: Vulnerable RSA generation (CVE-2017-15361) will find no place among Palo Alto Networks products.</P> Fri, 03 Nov 2017 23:58:04 GMT https://live.paloaltonetworks.com/t5/psirt-articles/palo-alto-networks-products-not-vulnerable-to-roca-vulnerable/ta-p/182399 emoret 2017-11-03T23:58:04Z