This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

New Flash volnureability! (CVE-2014-4671)

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

New Flash volnureability! (CVE-2014-4671)

_slv_
L4 Transporter

‎07-10-2014 12:07 AM

Hello

According to Adobe Security Bulletin its serious volnureability, when we can expects protection on PAN?

At the moment on https://threatvault.paloaltonetworks.com/ I can't find CVE-2014-4671

Regards

Slawek

Labels:
0 Likes Likes
4 REPLIES 4

HULK
L7 Applicator

‎07-10-2014 12:20 AM

Hello Slv,

\When a vulnerability is identified/posted, Palo Alto Networks will do a reverse engineer for that vulnerability, to understand how the vulnerability could possibly be exploited to, and then build possible protection. It’s not an simple task to create an appropriate signature.   Hence, need to  gather the right information about the vulnerability ( as much as possible) to build an IPS vulnerability signature, also Palo Alto Networks should take care about  the false positives and performance implications in creating the signature.

So, please wait for further updates on this.

Thanks

0 Likes Likes

_slv_
L4 Transporter
In response to HULK

‎07-10-2014 12:42 AM

Do You thing that we can expect emergency upgrade of therat signatures soon?

0 Likes Likes

HULK
L7 Applicator
In response to _slv_

‎07-10-2014 12:47 AM

Hello slv,

You may contact with your PA SE for most recent activity.

Thanks

0 Likes Likes

pulukas
L7 Applicator
In response to _slv_

‎07-10-2014 07:47 AM

You are watching the correct place to see when the update is available.

As HULK mentions, your sales engineer would be the best source for advance notice.

The sales engineer could also help you craft a manual work around if a vulnerability is a particularly high risk for your environment.  You do need to be careful about these custom signatures as one of the reasons PA takes some time to produce a signature is to avoid a false positive that blocks production necessary traffic.  The quick fixes based on initial information do carry a risk of blocking legitimate work on your network.

You need to measure your exposure risk for the particular vulnerability against the potential time lost in blocking legitimate traffic.

You can review the process in the documentation on creating  a custom threat signature.

Creating Custom Threat Signatures

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes Likes
  • 1955 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks