if we purchase a certificate for the PA from a recognized CA r u sure below issues will b resolved? Pls confirm
1. SSL Certificate - Self-Signed Certificate port 4443/tcp over SSL
2.OpenSSH Local SCP Shell Command Execution Vulnerability (FEDORA-2006-056, Vmware-3069097-Patch,Vmware-9986131-Patch)
3.SSL Certificate - Signature Verification Failed Vulnerability port 443/tcp over SSL
4. SSL Certificate - Self-Signed Certificate
A purchased certificate from an trusted CA will solve numbers 1, 3, 4.
Number 2 you should as for the CVE number. I assume you are running a PAN appliance. So you would then open a support case and request to know what PanOS version fixes this openSSL CVE. These are only fixed by PanOS upgrades that include the patch for the vulnerability.
Unfortunately, PAN does not make public the PanOS vulnerability database. There are some posts about specific CVE but generally you need to open a case to get an official answer on when the CVE is patched.
Ok thanks steven.
1 more question: we have upgraded version 6.1.2 on PA and disable SSLV3 point as per PCI.
But now PCI want to enable PA firewall management console on TSL.
is this done after disabling SSLV3?
I think you are referring to TLS and the POODLE vulnerability. This is patched in versions higher than 6.1.1 and 6.0.8.
Padding-oracle attack on TLS CBC cipher mode (CVE-2014-8730)
|PAN-SA-2015-0001||Low||PAN-OS 6.1.1 and earlier; PAN-OS 6.0.8 and earlier; PAN-OS 5.0.15 and earlier|
How to close below PCI point. Pls help and suggest.
OpenSSH Local SCP Shell Command Execution Vulnerability (FEDORA-2006-056, Vmware-3069097-Patch,
To reliably find this patch in PanOS you really need to get the CVE number from the scanning company. With this information we can see if it is publicly noted as patched in PanOS. And if not public you can open a ticket and get engineering to determine which version includes the patch.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!