Lucene search

K
paloaltoPalo Alto Networks Product Security Incident Response TeamPAN-SA-2018-0013
HistorySep 19, 2018 - 8:40 p.m.

Information about SegmentSmack findings

2018-09-1920:40:00
Palo Alto Networks Product Security Incident Response Team
securityadvisories.paloaltonetworks.com
605

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.783 High

EPSS

Percentile

98.3%

Palo Alto Networks is aware of recent vulnerability disclousre, known as SegmentSmack, that affects Linux kernel 4.9 and later. At this time, our findings show that Palo Alto Networks PAN-OS devices are not vulnerable to this disclosure (CVE-2018-5390).
PAN-OS/Panorama platforms are not impacted by this vulnerability.

Work around:
Our NGFW users can use the configuration option bypass-exceed-oo-queue with value no which will provide protection from CVE-2018-5390 for devices positioned behind the firewall. For more information on configuration, please refer to the Best Practices for Securing Your Network from Layer 4 and Layer 7 Evasions document: https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/threat-prevention/best-practices-for-securing-your-network-from-layer-4-and-layer-7-evasions .

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.783 High

EPSS

Percentile

98.3%