https://live.paloaltonetworks.com/t5/general-topics/dns-server-cache-snooping-remote-information-disclosure/m-p/374411#M89053 <DIV>We require our network to be PCI DSS compliant, and our most recent vulnerability scan showed a "DNS Server Cache Snooping Remote Information Disclosure" vulnerability on our PA-820 data interface (10.32.0.17) (report below)</DIV><DIV><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dnsserversnooping.jpg" style="width: 830px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29140i07E1FEF9FCF04541/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="dnsserversnooping.jpg" alt="dnsserversnooping.jpg" /></span></DIV><DIV>We are using model 820 in PANOS 8.1.15. All Dynamic contents are up to date.</DIV><DIV><P>Threat log showing:</P><P>1 15/12/2020 14:21 0002324375 THREAT vulnerability 2049 15/12/2020 14:21 10.32.15.215 10.32.0.17 AzureTemp-IN HR ms-ds-smbv3 vsys1 VPN-RAS Internal tunnel.3 ethernet1/4 15/12/2020 14:21 37955 1 32962 445 0 0 0x2000 tcp alert Windows Local Security Architect LsarQueryInformationPolicy(30858) any informational client-to-server 11164322 0x2000 10.0.0.0-10.255.255.255 10.0.0.0-10.255.255.255 0 0 0 0 0 0 0 0 pa-820 0 0 N/A info-leak AppThreat-8353-6449 0x0 0 4294967295</P><P>&nbsp;</P></DIV><DIV>Could you please advise how to close this vulnerability?</DIV> Tue, 15 Dec 2020 04:08:18 GMT FarzanaMustafa 2020-12-15T04:08:18Z https://live.paloaltonetworks.com/t5/general-topics/dns-server-cache-snooping-remote-information-disclosure/m-p/374411#M89053 <DIV>We require our network to be PCI DSS compliant, and our most recent vulnerability scan showed a "DNS Server Cache Snooping Remote Information Disclosure" vulnerability on our PA-820 data interface (10.32.0.17) (report below)</DIV><DIV><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dnsserversnooping.jpg" style="width: 830px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29140i07E1FEF9FCF04541/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="dnsserversnooping.jpg" alt="dnsserversnooping.jpg" /></span></DIV><DIV>We are using model 820 in PANOS 8.1.15. All Dynamic contents are up to date.</DIV><DIV><P>Threat log showing:</P><P>1 15/12/2020 14:21 0002324375 THREAT vulnerability 2049 15/12/2020 14:21 10.32.15.215 10.32.0.17 AzureTemp-IN HR ms-ds-smbv3 vsys1 VPN-RAS Internal tunnel.3 ethernet1/4 15/12/2020 14:21 37955 1 32962 445 0 0 0x2000 tcp alert Windows Local Security Architect LsarQueryInformationPolicy(30858) any informational client-to-server 11164322 0x2000 10.0.0.0-10.255.255.255 10.0.0.0-10.255.255.255 0 0 0 0 0 0 0 0 pa-820 0 0 N/A info-leak AppThreat-8353-6449 0x0 0 4294967295</P><P>&nbsp;</P></DIV><DIV>Could you please advise how to close this vulnerability?</DIV> Tue, 15 Dec 2020 04:08:18 GMT https://live.paloaltonetworks.com/t5/general-topics/dns-server-cache-snooping-remote-information-disclosure/m-p/374411#M89053 FarzanaMustafa 2020-12-15T04:08:18Z https://live.paloaltonetworks.com/t5/general-topics/dns-server-cache-snooping-remote-information-disclosure/m-p/374451#M89059 <P>This is not really a vulnerability but rather a configurtion option that should not be accessible from the outside: this event is typically triggered if a DNS server allows for recursion while it is reachable from the outside</P><P>&nbsp;</P><P>a fix is to either set an access list on the DNS server so only internal hosts are allowed to use recursion, disable recursion completely, or make the DNS server inaccessible from the outside</P> Tue, 15 Dec 2020 09:14:21 GMT https://live.paloaltonetworks.com/t5/general-topics/dns-server-cache-snooping-remote-information-disclosure/m-p/374451#M89059 reaper 2020-12-15T09:14:21Z