topic CVE-2004-2761 and CVE-2008-5161 vulnerability applicable to PAN 7.0.3 in General Topics https://live.paloaltonetworks.com/t5/general-topics/cve-2004-2761-and-cve-2008-5161-vulnerability-applicable-to-pan/m-p/89095#M43524 <P>Hi all,</P> <P>&nbsp;</P> <P>Hope everyone doing great.</P> <P>&nbsp;</P> <P>I have a Palo alto firewall running in 7.0.3 version. Recently there was an audit happened and submitted some vulnerabilities found in our firewall. I am very curious to know that whether captioned vulnerability appiicable to PAN 7.0 or not.</P> <P>&nbsp;</P> <P>Below are the description for the vulnerabilities:</P> <P>• SSL Certificate Signed Using Weak Hashing Algorithm <BR />• SSH Weak Algorithms Supported (medium)<BR />• SSH Weak MAC Algorithms Enabled<BR />• SSH Server CBC Mode Ciphers Enabled</P> <P>&nbsp;</P> <P>Thanks.</P> <P>&nbsp;</P> <P>Bala</P> <P>&nbsp;</P> Sun, 19 Jun 2016 04:26:34 GMT balamurugan.manavalan 2016-06-19T04:26:34Z CVE-2004-2761 and CVE-2008-5161 vulnerability applicable to PAN 7.0.3 https://live.paloaltonetworks.com/t5/general-topics/cve-2004-2761-and-cve-2008-5161-vulnerability-applicable-to-pan/m-p/89095#M43524 <P>Hi all,</P> <P>&nbsp;</P> <P>Hope everyone doing great.</P> <P>&nbsp;</P> <P>I have a Palo alto firewall running in 7.0.3 version. Recently there was an audit happened and submitted some vulnerabilities found in our firewall. I am very curious to know that whether captioned vulnerability appiicable to PAN 7.0 or not.</P> <P>&nbsp;</P> <P>Below are the description for the vulnerabilities:</P> <P>• SSL Certificate Signed Using Weak Hashing Algorithm <BR />• SSH Weak Algorithms Supported (medium)<BR />• SSH Weak MAC Algorithms Enabled<BR />• SSH Server CBC Mode Ciphers Enabled</P> <P>&nbsp;</P> <P>Thanks.</P> <P>&nbsp;</P> <P>Bala</P> <P>&nbsp;</P> Sun, 19 Jun 2016 04:26:34 GMT https://live.paloaltonetworks.com/t5/general-topics/cve-2004-2761-and-cve-2008-5161-vulnerability-applicable-to-pan/m-p/89095#M43524 balamurugan.manavalan 2016-06-19T04:26:34Z Re: CVE-2004-2761 and CVE-2008-5161 vulnerability applicable to PAN 7.0.3 https://live.paloaltonetworks.com/t5/general-topics/cve-2004-2761-and-cve-2008-5161-vulnerability-applicable-to-pan/m-p/90257#M43558 <P>Was this scan performed on the management interface or 'through' the firewall to see what it would block ?</P> <P>&nbsp;</P> <P>The default management interface certificate should be SHA1-RSA128, but you could opt to generate/install a more robust certificate</P> <P>fot ssl/tls passing through the firewall, you can configure your decryption profile to allow only stronger encryption and enable threat prevention to block weak cyphers or block vulnerabilities</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2016-06-21_09-27-23.jpg"><img src="https://live.paloaltonetworks.com/skins/images/92CC5E9EF8B3A331FB065EB58597BF49/responsive_peak/images/image_not_found.png" alt="2016-06-21_09-27-23.jpg" /></span></P> Tue, 21 Jun 2016 07:27:11 GMT https://live.paloaltonetworks.com/t5/general-topics/cve-2004-2761-and-cve-2008-5161-vulnerability-applicable-to-pan/m-p/90257#M43558 reaper 2016-06-21T07:27:11Z