https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2023-38802/m-p/557847#M1998 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/167427">@securehops</a></P> <P>&nbsp;</P> <P>this issue is triggered by sending crafted BGP update message. If you are running BGP internally within your network only and all your BGP devices are in your control, then I would say you are not affected (Unless somebody you are peering internally sends malicious BGP update).</P> <P>&nbsp;</P> <P>This issue is not limited to Palo Alto only. End of last month similar issue was reported by Juniper&nbsp;<A href="https://supportportal.juniper.net/s/article/2023-08-29-Out-of-Cycle-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-crafted-BGP-UPDATE-message-allows-a-remote-attacker-to-de-peer-reset-BGP-sessions-CVE-2023-4481?language=en_US" target="_self">CVE-2023-4481</A>.</P> <P>&nbsp;</P> <P>Kind Regards</P> <P>Pavel</P> Thu, 14 Sep 2023 04:17:57 GMT PavelK 2023-09-14T04:17:57Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2023-38802/m-p/557820#M1997 <P>Hi,</P> <P>&nbsp;</P> <P>Regarding CVE-2023-38802, DDOS in BGP software,&nbsp; would this apply only to public ASNs/BGP sessions established on public internet?&nbsp; &nbsp;I have BGP configured on PAN firewalls but only running BGP over IPSec tunnels using private ASNs</P> <P>&nbsp;</P> <P>I would think this vulnerability would not apply but didn't want to assume</P> <P>&nbsp;</P> <P><A href="https://security.paloaltonetworks.com/CVE-2023-38802" target="_blank">https://security.paloaltonetworks.com/CVE-2023-38802</A></P> Thu, 14 Sep 2023 01:21:22 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2023-38802/m-p/557820#M1997 securehops 2023-09-14T01:21:22Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2023-38802/m-p/557847#M1998 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/167427">@securehops</a></P> <P>&nbsp;</P> <P>this issue is triggered by sending crafted BGP update message. If you are running BGP internally within your network only and all your BGP devices are in your control, then I would say you are not affected (Unless somebody you are peering internally sends malicious BGP update).</P> <P>&nbsp;</P> <P>This issue is not limited to Palo Alto only. End of last month similar issue was reported by Juniper&nbsp;<A href="https://supportportal.juniper.net/s/article/2023-08-29-Out-of-Cycle-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-crafted-BGP-UPDATE-message-allows-a-remote-attacker-to-de-peer-reset-BGP-sessions-CVE-2023-4481?language=en_US" target="_self">CVE-2023-4481</A>.</P> <P>&nbsp;</P> <P>Kind Regards</P> <P>Pavel</P> Thu, 14 Sep 2023 04:17:57 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2023-38802/m-p/557847#M1998 PavelK 2023-09-14T04:17:57Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2023-38802/m-p/565399#M2059 <P>Any reason it says it is fixed in 11.0.3 (<A href="https://security.paloaltonetworks.com/CVE-2023-38802" target="_blank" rel="nofollow noopener noreferrer">https://security.paloaltonetworks.com/CVE-2023-38802</A>), but the 11.0.3 known and addressed issues does not show it?</P> Mon, 13 Nov 2023 18:56:45 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2023-38802/m-p/565399#M2059 knuanes 2023-11-13T18:56:45Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2023-38802/m-p/565417#M2060 <P>11.0.3 is not impacted.&nbsp; &nbsp;The impacted versions are &lt; 11.0.3</P> Mon, 13 Nov 2023 22:00:00 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2023-38802/m-p/565417#M2060 securehops 2023-11-13T22:00:00Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2023-38802/m-p/565418#M2061 <P>For any drive-by browsers, you can secure your BGP connections only to/from specific IP addresses with an allow security policy rule followed by a drop rule.&nbsp; Then your NGFW will only allow BGP packets from configured peers.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp;</P> <P>Tom</P> Mon, 13 Nov 2023 22:05:09 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2023-38802/m-p/565418#M2061 TomYoung 2023-11-13T22:05:09Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2023-38802/m-p/565420#M2062 <P>Thanks, yes the release notes "usually" state that the issue was addressed. In this case it does not. We are on 11.0.2, an affected ver and want to move to 11.0.3, the not impacted ver. But first want to confirm on the release notes that it was a fixed addressed issue.&nbsp;</P> Mon, 13 Nov 2023 22:06:21 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2023-38802/m-p/565420#M2062 knuanes 2023-11-13T22:06:21Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2023-38802/m-p/565421#M2063 <P>true, good point.&nbsp; They had so many addressed issues in 11.0.3, they forgot that one&nbsp;<span class="lia-unicode-emoji" title=":face_with_tears_of_joy:">😂</span></P> Mon, 13 Nov 2023 22:14:50 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2023-38802/m-p/565421#M2063 securehops 2023-11-13T22:14:50Z