New Flash volnureability! (CVE-2014-4671)

Reply
Highlighted
L4 Transporter

New Flash volnureability! (CVE-2014-4671)

Hello

According to Adobe Security Bulletin its serious volnureability, when we can expects protection on PAN?

At the moment on https://threatvault.paloaltonetworks.com/ I can't find CVE-2014-4671

Regards

Slawek

Tags (1)
Highlighted
L7 Applicator

Re: New Flash volnureability! (CVE-2014-4671)

Hello Slv,

\When a vulnerability is identified/posted, Palo Alto Networks will do a reverse engineer for that vulnerability, to understand how the vulnerability could possibly be exploited to, and then build possible protection. It’s not an simple task to create an appropriate signature.   Hence, need to  gather the right information about the vulnerability ( as much as possible) to build an IPS vulnerability signature, also Palo Alto Networks should take care about  the false positives and performance implications in creating the signature.

So, please wait for further updates on this.

Thanks

Highlighted
L4 Transporter

Re: New Flash volnureability! (CVE-2014-4671)

Do You thing that we can expect emergency upgrade of therat signatures soon?

Highlighted
L7 Applicator

Re: New Flash volnureability! (CVE-2014-4671)

Hello slv,

You may contact with your PA SE for most recent activity.

Thanks

Highlighted
L7 Applicator

Re: New Flash volnureability! (CVE-2014-4671)

You are watching the correct place to see when the update is available.

As HULK mentions, your sales engineer would be the best source for advance notice.

The sales engineer could also help you craft a manual work around if a vulnerability is a particularly high risk for your environment.  You do need to be careful about these custom signatures as one of the reasons PA takes some time to produce a signature is to avoid a false positive that blocks production necessary traffic.  The quick fixes based on initial information do carry a risk of blocking legitimate work on your network.

You need to measure your exposure risk for the particular vulnerability against the potential time lost in blocking legitimate traffic.

You can review the process in the documentation on creating  a custom threat signature.

Creating Custom Threat Signatures

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!