topic Re: Vulnerability in PA? in General Topics

Vulnerability in PA?

BigPalo — Tue, 18 Jun 2019 09:53:20 GMT

Hi,

We just received info about this vulneraability:

https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

So we would like to know if PA appliances are impacted?

Thanks

Re: Vulnerability in PA?

Remo — Tue, 18 Jun 2019 10:39:46 GMT

Hi @BigPalo

I have opened a case to ask for this information.

Re: Vulnerability in PA?

Remo — Tue, 18 Jun 2019 12:39:00 GMT

3 hours and this high priority case is still in the support queue ...

Re: Vulnerability in PA?

Remo — Tue, 18 Jun 2019 19:02:06 GMT

The PAN-OS team is curently investigating ... as soon more informations become available I assume PaloAlto will also write an official public statement.

Re: Vulnerability in PA?

rkazala — Tue, 18 Jun 2019 21:23:39 GMT

Plesase let us know if you hear back from support!

Re: Vulnerability in PA?

BigPalo — Wed, 19 Jun 2019 10:47:49 GMT

Please, let me know the response from TAC.

Re: Vulnerability in PA?

Remo — Wed, 19 Jun 2019 20:42:17 GMT

As soon as I receive more information I'll write an update here ...

(This is NOT official: I can not imagine that Paloalto is not affected by this)

Re: Vulnerability in PA?

BigPalo — Thu, 20 Jun 2019 07:57:24 GMT

We will wait until TAC response. Thanks

Re: Vulnerability in PA?

RobinClayton — Thu, 20 Jun 2019 09:15:37 GMT

For Reference.

https://nvd.nist.gov/vuln/detail/CVE-2019-11477

https://nvd.nist.gov/vuln/detail/CVE-2019-11478

https://nvd.nist.gov/vuln/detail/CVE-2019-11479

Re: Vulnerability in PA?

BigPalo — Mon, 24 Jun 2019 07:16:56 GMT

Any update about Palo Alto TAC?

Re: Vulnerability in PA?

Remo — Mon, 24 Jun 2019 09:34:56 GMT

Unfortunately still no news here ... I asked again ...

Re: Vulnerability in PA?

Remo — Thu, 27 Jun 2019 23:12:03 GMT

TAC still did not answer in my support case. But for PAN-OS 7.1 an update (7.1.24) was released some minutes ago where these vulnerabilities are fixed. Because of that I am even more sure that these vulnerabilties also affect the newer PAN-OS versions. I assume in the next hours/days updates for PAN-OS 8.0/8.1 and 9.0 will be released...

Re: Vulnerability in PA?

Remo — Thu, 27 Jun 2019 23:45:13 GMT

And just now the fixes for 8.0 in versino 8.0.19 were released: https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-release-notes/pan-os-8-0-addressed-issues/pan-os-8-0-19-addressed-issues.html#

Re: Vulnerability in PA?

Remo — Thu, 27 Jun 2019 23:47:47 GMT

and also fixed for PAN-OS 8.1 in version 8.1.8-h5: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-8-h5-addressed-issues.html#

Re: Vulnerability in PA?

BPry — Fri, 28 Jun 2019 03:20:00 GMT

Just to go full circle, a fix is also present in 9.0.2-h5 for whoever has jumped the gravy train and is running 9.0 in a production environment.

Re: Vulnerability in PA?

Clay-Legion — Fri, 28 Jun 2019 14:12:13 GMT

Is anybody running PAN-OS 8.1.8-h5 in production yet? If so, any feedback on issues as a result?

Re: Vulnerability in PA?

BPry — Fri, 28 Jun 2019 14:18:04 GMT

@Clay-Legion,

I've started to run it through validation testing and its yet to run into any issues that weren't already present in 8.1.8.