I would like to know this as well. I was thinking about trying to do this but I think this is big enough Palo Alto should do this if it is possible. This would be great to buy us some time on mitigating this.
Is PAN-OS vulnerable?
PAN-OS is not vulnerable, as we use an older branch of OpenSSL (0.9.8) which is not affected by this issue.
Are Palo Alto Networks public services vulnerable?
We are in the midst of evaluating our own exposure to CVE-2014-0160 within our public-facing infrastructure, including the update service, WildFire, PAN-DB, public web site, etc. We do not yet have the results of this analysis but we will provide an update once our investigation and remediation is complete.
Does Palo Alto Networks provide IPS coverage for this vulnerability?
Our threat research team is researching the vulnerability in an effort to provide coverage ASAP. We hope to have coverage released late today, but we cannot commit to a release timeframe until protections are developed and tested.
What should customers do if they identify vulnerable servers (running OpenSSL 1.0.1 through 1.0.1f)?
Vulnerable servers should be patched to OpenSSL 1.0.1g (available as of April 7th 2014). SSL private keys should be assumed to be compromised and should be replaced after the OpenSSL patch is in place.
Notes: A critical vulnerability in OpenSSL (CVE-2014-0160: OpenSSL Private Key Disclosure Vulnerability) was recently disclosed, affecting servers running OpenSSL 1.0.1 through 1.0.1f. This vulnerability allows arbitrary memory readout, which effectively exposes primary key material and compromises the integrity of the secure channel.
To address this vulnerability, Palo Alto Networks has released an emergency content update that provides detection of attempted exploitation of CVE-2014-0160 with IPS vulnerability signature ID 36416 ("OpenSSL TLS Heartbeat Information Disclosure Vulnerability") with critical severity and a default action of block. Palo Alto Networks customers with a Threat Prevention subscription are advised to verify that they are running the latest content version on their devices. If you have any questions about coverage for this advisory, please contact Support.
Minimum PAN-OS Version
OpenSSL TLS Heartbeat Information Disclosure Vulnerability
I have installed Application and Threat Content Release 429 but I cannot find the Signature....?
Anyone else ?
I just checked on the Dynamic Updates Website on Support, it's not there.... Withdrawal ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!