QID 731307
Date Published: 2024-04-01
QID 731307: Palo Alto Networks (PAN-OS)Impact of Terrapin SSH Attack Vulnerability (PAN-241547, CGSDW-19542)
PAN OS is the software that runs all Palo Alto Networks next-generation firewalls.
The Terrapin attack allows an attacker with the ability to intercept SSH traffic on affected Palo Alto Networks products (through machine-in-the-middle or MitM attacks) to downgrade connection security and force the usage of less secure client authentication algorithms when an administrator or user connects to the product.
Affected Versions:
PAN-OS 11.1 versions earlier than PAN-OS 11.1.3
PAN-OS 11.0 versions earlier than PAN-OS 11.0.7
PAN-OS 10.2 versions earlier than PAN-OS 10.2.11
QID Detection Logic (Authenticated):
This QID looks for the vulnerable version of PAN-OS
NOTE:The SSH server in PAN-OS software configured with support for the CHACHA20-POLY1305 algorithm or any Encrypt-then-MAC algorithms (ciphers with -etm in the name) enables the Terrapin Attack and is impacted by this issue.
The Terrapin attack allows an attacker with the ability to intercept SSH traffic on affected Palo Alto Networks products (through machine-in-the-middle or MitM attacks) to downgrade connection security and force the usage of less secure client authentication algorithms when an administrator or user connects to the product.
Refer to CVE-2023-48795 for more information about patching this vulnerability.
Workaround:
If using the SSH client provided with PAN-OS to connect from the firewall to an external SSH server, ensure that the SSH server does not support the CHACHA20-POLY1305 algorithm or any Encrypt-then-MAC algorithms.
- PAN-241547 -
security.paloaltonetworks.com/CVE-2023-48795
CVEs related to QID 731307
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| CVE-2023-48795 |
security.paloaltonetworks.com/CVE-2023-48795 |