Good afternoon, all!
Researchers have discovered a trusted root certificate being deployed by Dell on some newer laptops. For reference, see here.
While an official signature from Palo Alto Networks is likely not forthcoming due to legitimate usage of the certificate, customers who do wish to alert when this certificate is detected by their PAN-OS appliance can use the exposed custom signature context "SSL-RSP-CERTIFICATE" to check for it.
The attached signature, exported from a 7.0.3 PAN-OS device, does just that.
Please note that this signature is:
A) Not supported by Palo Alto Networks
B) Just an example to show what can be done with our exposed custom signature contexts, and can definitely be improved upon.
C) This signature was tested by visiting the site researcher Kenn White stood up to show what kind of security concerns may arise by this certificate being trusted. I will not provide the URL here, but it can quickly be found in Google, and is referenced in the Ars Technica article written about the issue.
Additionally, and I cannot stress this enough, it is not a solution for the security vulnerability exposed by the presence of this certificate. Please follow Dell's guidance on the issue.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!