Description
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- Palo Alto Networks / Cloud NGFWAll – All
- Palo Alto Networks / pan-os9.1.0 – 9.1.0
- Palo Alto Networks / pan-os10.1.0 – 10.1.12
- Palo Alto Networks / pan-os10.2.0 – 10.2.7-h3
- Palo Alto Networks / pan-os10.2.0 – 10.2.8
- Palo Alto Networks / pan-os11.0.0 – 11.0.4
- Palo Alto Networks / pan-os11.1.0 – 11.1.0
- Palo Alto Networks / pan-os9.0.0 – 9.0.0
- Palo Alto Networks / Prisma AccessAll – All