Main Vulnerability Database SB2020070908

SB2020070908 - Usage of cryptographically weak protocol in Palo Alto PAN-OS

Published: July 9, 2020

Security Bulletin ID SB2020070908

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cryptographic issues (CVE-ID: CVE-2020-1982)

The vulnerability allows a remote attacker to decrypt TLS traffic.

The vulnerability exists due to PAN-OS supports TLS 1.0 protocol that is known to be a cryptographically weak protocol. A remote attacker with ability to conduct a Man-in-the-Middle (MitM) attack can theoretically decrypt communication.

Remediation

Install update from vendor's website.

References

https://security.paloaltonetworks.com/CVE-2020-1982