Is PAN-OS vulnerable?
PAN-OS is not vulnerable, as we use an older branch of OpenSSL (0.9.8) which is not affected by this issue.
Are Palo Alto Networks public services vulnerable?
We are in the midst of evaluating our own exposure to CVE-2014-0160 within our public-facing infrastructure, including the update service, WildFire, PAN-DB, public web site, etc. We do not yet have the results of this analysis but we will provide an update once our investigation and remediation is complete.
Does Palo Alto Networks provide IPS coverage for this vulnerability?
Our threat research team is researching the vulnerability in an effort to provide coverage ASAP. We hope to have coverage released late today, but we cannot commit to a release timeframe until protections are developed and tested.
What should customers do if they identify vulnerable servers (running OpenSSL 1.0.1 through 1.0.1f)?
Vulnerable servers should be patched to OpenSSL 1.0.1g (available as of April 7th 2014). SSL private keys should be assumed to be compromised and should be replaced after the OpenSSL patch is in place.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!