https://live.paloaltonetworks.com/t5/advanced-threat-prevention/ripple20-vulnerability-group/m-p/337131#M896 <P>Hello Edilang</P><P>Thanks for your reply. Especially the first one helps to easy an administrators mind.</P><P>&nbsp;</P><P>As I understand your answer to the second question, this is more a thing of the future. Nevertheless I ask myself if it would not be possible to identify i.e. the crafted DNS answer-packets as a Threat-Protection Signature: CVE-2020-11901</P><P>&nbsp;</P><P>thanks, regards<BR />Andreas</P> Wed, 08 Jul 2020 09:37:11 GMT AndreasTrautmann 2020-07-08T09:37:11Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/ripple20-vulnerability-group/m-p/336484#M889 <P>Hi there</P><P>About 14 days ago a group of new 19 vulnerabilities were published under the name of "ripple20" by JSOF (<A href="https://www.jsof-tech.com/ripple20/)" target="_blank">https://www.jsof-tech.com/ripple20/)</A>. So far I could not find any information about in the community (which I find very strange... Maybe I missed something?).</P><P>&nbsp;</P><P>The two central questions for me concerning this topic are:</P><P>1. Are any Palo Alto Network Products affected themselves?</P><P>2. Are there any mitigations (Threat-Protections Signatures, Configurations) for these risks, that can be implemented on NGFWs?</P><P>&nbsp;</P><P>Thank you, best</P><P>Andreas</P> Thu, 02 Jul 2020 16:49:35 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/ripple20-vulnerability-group/m-p/336484#M889 AndreasTrautmann 2020-07-02T16:49:35Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/ripple20-vulnerability-group/m-p/336640#M891 <P>Hello Andreas,</P> <P>&nbsp;</P> <P>The two central questions for me concerning this topic are:</P> <P>1. Are any Palo Alto Network Products affected themselves?</P> <P>Answer:&nbsp;<SPAN>Ripple20 vulnerabilities are not applicable nor does it affect PAN-OS as we do not use Treck's TCP/IP software library in PAN-OS.</SPAN></P> <P>&nbsp;</P> <P>2. Are there any mitigations (Threat-Protections Signatures, Configurations) for these risks, that can be implemented on NGFWs?</P> <P>Answer:&nbsp;<SPAN>&nbsp;Currently PAN-OS can't see the layer-4 packets traffic detail in the IPS content engine but a new feature have been proposed&nbsp;in the future release to expose the layer-3/layer-4 traffic to the IPS content engine in order to have visibility to enforced mitigation action for such similar vulnerabilities.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Hoped this addresses your concern.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Regards,</SPAN></P> <P><SPAN>Ed</SPAN></P> Mon, 06 Jul 2020 06:35:59 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/ripple20-vulnerability-group/m-p/336640#M891 edliang 2020-07-06T06:35:59Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/ripple20-vulnerability-group/m-p/337131#M896 <P>Hello Edilang</P><P>Thanks for your reply. Especially the first one helps to easy an administrators mind.</P><P>&nbsp;</P><P>As I understand your answer to the second question, this is more a thing of the future. Nevertheless I ask myself if it would not be possible to identify i.e. the crafted DNS answer-packets as a Threat-Protection Signature: CVE-2020-11901</P><P>&nbsp;</P><P>thanks, regards<BR />Andreas</P> Wed, 08 Jul 2020 09:37:11 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/ripple20-vulnerability-group/m-p/337131#M896 AndreasTrautmann 2020-07-08T09:37:11Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/ripple20-vulnerability-group/m-p/337321#M897 <P>Hi Andreas,</P> <P>&nbsp;</P> <P>A PANW security advisory regarding Ripple20 has been published at&nbsp;<A href="https://security.paloaltonetworks.com/PAN-SA-2020-0007" target="_blank">https://security.paloaltonetworks.com/PAN-SA-2020-0007</A>.</P> <P>&nbsp;</P> <P>Regarding&nbsp;<SPAN>CVE-2020-11901 we are still awaiting a report on this to be released at this year's Black Hat conference regarding the details of the invalid DNS response before we can determine if we can mitigate this vulnerability.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Cheers,</SPAN></P> <P><SPAN>Ed</SPAN></P> Thu, 09 Jul 2020 02:34:22 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/ripple20-vulnerability-group/m-p/337321#M897 edliang 2020-07-09T02:34:22Z