CVE-2017-17841

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks PAN-OS versions 6.1 through 6.1.19 Palo Alto Networks PAN-OS versions 7.1 through 7.1.14 Palo Alto Networks PAN-OS versions 8.0.x through 8.0.6-h3

Description: The issue might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, also known as a ROBOT attack. This affects the TLS RSA key exchange and could lead to decryption of captured sessions if the TLS server originally serving said captured session is still alive, vulnerable, and using the same private key.

Recommendations: For versions 6.1 through 6.1.19, apply content update 757 and consider configuration changes as described in the workarounds and mitigations. For versions 7.1 through 7.1.14, apply content update 757 and consider configuration changes as described in the workarounds and mitigations. For versions 8.0.x through 8.0.6-h3, apply content update 757 and consider configuration changes as described in the workarounds and mitigations.