topic Question About PA SSL vulnerability in General Topics https://live.paloaltonetworks.com/t5/general-topics/question-about-pa-ssl-vulnerability/m-p/271321#M74813 <P>Hello Team,</P><P>&nbsp;</P><P><SPAN>Can anyone provide a solution&nbsp;</SPAN>resolve below vulnerability in PA.</P><P>&nbsp;</P><P><STRONG>Port no.:</STRONG>&nbsp;443</P><P>&nbsp;</P><P><STRONG>Summary:</STRONG>&nbsp;Weak cipher suites supported</P><P>&nbsp;</P><P><STRONG>Analysis :</STRONG>The remote host running SSL using a weak cipher suite which can be exploited by an attacker to perform man in the middle attacks. All the updated and secured services will be transmitting data over the unencrypted channel.</P><P>Attacker can obtain the keys with factorization in short amount of time. Also vulnerable to various cryptographic flaws like POODLE attack or MITM attack.</P><P>&nbsp;</P><P><STRONG>Recommendations:</STRONG>&nbsp;Remove the weak or guessable cipher suites</P><P>&nbsp;</P><P>Could you please help us here to fix an issue.</P><P>&nbsp;</P><P>Note: PAN-OS 8.0. Platform</P><P>&nbsp;</P><P>Regards,</P><P>Sethupathi M</P> Wed, 19 Jun 2019 13:40:06 GMT Sethupathi 2019-06-19T13:40:06Z Question About PA SSL vulnerability https://live.paloaltonetworks.com/t5/general-topics/question-about-pa-ssl-vulnerability/m-p/271321#M74813 <P>Hello Team,</P><P>&nbsp;</P><P><SPAN>Can anyone provide a solution&nbsp;</SPAN>resolve below vulnerability in PA.</P><P>&nbsp;</P><P><STRONG>Port no.:</STRONG>&nbsp;443</P><P>&nbsp;</P><P><STRONG>Summary:</STRONG>&nbsp;Weak cipher suites supported</P><P>&nbsp;</P><P><STRONG>Analysis :</STRONG>The remote host running SSL using a weak cipher suite which can be exploited by an attacker to perform man in the middle attacks. All the updated and secured services will be transmitting data over the unencrypted channel.</P><P>Attacker can obtain the keys with factorization in short amount of time. Also vulnerable to various cryptographic flaws like POODLE attack or MITM attack.</P><P>&nbsp;</P><P><STRONG>Recommendations:</STRONG>&nbsp;Remove the weak or guessable cipher suites</P><P>&nbsp;</P><P>Could you please help us here to fix an issue.</P><P>&nbsp;</P><P>Note: PAN-OS 8.0. Platform</P><P>&nbsp;</P><P>Regards,</P><P>Sethupathi M</P> Wed, 19 Jun 2019 13:40:06 GMT https://live.paloaltonetworks.com/t5/general-topics/question-about-pa-ssl-vulnerability/m-p/271321#M74813 Sethupathi 2019-06-19T13:40:06Z Re: Question About PA SSL vulnerability https://live.paloaltonetworks.com/t5/general-topics/question-about-pa-ssl-vulnerability/m-p/271435#M74823 <P>Is this when accessing the web UI for managing the firewall?&nbsp; If so, it's an easy fix:</P><P>&nbsp; - Device tab --&gt; Certificate Management --&gt; SSL/TLS Service Profile</P><P>&nbsp; - click on the profile that you use for the web interface (as specified under Device tab --&gt; Setup --&gt; Management sub-tab)</P><P>&nbsp; - change the Min Version to TLSv1.2</P><P>&nbsp; - click OK</P><P>&nbsp; - commit the change</P><P>&nbsp;</P><P>Run the vulnerability scanner again, and it shouldn't show up anymore.</P><P>&nbsp;</P><P>If this is for something else, you'll need to provide more details.</P> Wed, 19 Jun 2019 17:14:11 GMT https://live.paloaltonetworks.com/t5/general-topics/question-about-pa-ssl-vulnerability/m-p/271435#M74823 fjwcash 2019-06-19T17:14:11Z