FREAK vulnerability/PAN-OS support for "export" level cypher suites

L4 Transporter

The latest MiM SSL/TLS vulnerability was in the news on Tuesday, March 3rd:

http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html

http://arstechnica.com/security/2015/03/freak-flaw-in-android-and-apple-devices-cripples-https-crypt.../

 

We have confirmed that PAN-OS is not vulnerable to FREAK. Palo Alto Networks does not support export-grade ciphers and we are planning to release an IPS signature with next week's regular content release.

Comments
L3 Networker

Hi,

Any ETA about vulnerbility protection?

Regards,

Kevin

L1 Bithead

Hi

Is the release of an IPS signature next week (2015/03/08 ~ 2015/03/14) still scheduled?

Thanks, Jim

L7 Applicator

Now that IE on windows is added to the vulnerability list a signature should be a higher priority.

L1 Bithead

All

Microsoft has released a patch.

Microsoft Security Bulletin MS15-031 - Important

Regards, Jim

L7 Applicator

Listed in the updates for Content version 490

37493    Export RSA cipher suite detected    CVE-2015-0204

Ask Questions Get Answers Join the Live Community
Labels