Lucene search

K
paloaltoPalo Alto Networks Product Security Incident Response TeamPA-CVE-2021-41617
HistoryNov 30, 2021 - 6:15 p.m.

Informational: Impact of the OpenSSH Vulnerability CVE-2021-41617 on PAN-OS

2021-11-3018:15:00
Palo Alto Networks Product Security Incident Response Team
securityadvisories.paloaltonetworks.com
68
openssh
vulnerability
cve-2021-41617
pan-os
security impact

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

27.7%

The Palo Alto Networks Product Security Assurance team has evaluated the OpenSSH software CVE-2021-41617 vulnerability.

PAN-OS and Prisma SD-WAN ION software does not utilize the ssh configuration options required to exploit this vulnerability. There are no scenarios that enable successful exploitation of the vulnerability in the listed software. As a result, there is no known security impact for this vulnerability.

Work around:
No work around available.

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

27.7%