Usage of cryptographically weak protocol in Palo Alto PAN-OS
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-1982 |
| CWE-ID | CWE-310 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Palo Alto PAN-OS Operating systems & Components / Operating system |
| Vendor | Palo Alto Networks, Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Cryptographic issues
EUVDB-ID: #VU29608
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2020-1982
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to decrypt TLS traffic.
The vulnerability exists due to PAN-OS supports TLS 1.0 protocol that is known to be a cryptographically weak protocol. A remote attacker with ability to conduct a Man-in-the-Middle (MitM) attack can theoretically decrypt communication.
Install updates from vendor's website.
Vulnerable software versionsPalo Alto PAN-OS: 8.0 - 9.1.2
CPE2.3- cpe:2.3:o:palo_alto_networks:pan-os:8.0.21:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:8.1.14:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:palo_alto_networks:pan-os:9.1.2:*:*:*:*:*:*:*
http://security.paloaltonetworks.com/CVE-2020-1982
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
