Operating System:

[Appliance]

Published:

28 June 2019

Protect yourself against future threats.

//Service

AusCERT Education

Enhance your knowledge with our exceptional one day training offerings for individuals and organisations

Read more
Resources > Security Bulletins > ASB-2019.0173 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0173
        Information about Recent Intel Side Channel Vulnerabilities
                               28 June 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Palo Alto WF-500 Wildfire Appliance
Operating System:     Network Appliance
Impact/Access:        Access Privileged Data -- Existing Account
Resolution:           None
CVE Names:            CVE-2019-11091 CVE-2018-12130 CVE-2018-12127
                      CVE-2018-12126  
Member content until: Sunday, July 28 2019
Reference:            ASB-2019.0138
                      ESB-2019.2233
                      ESB-2019.2217
                      ESB-2019.2174
                      ESB-2019.2171
                      ESB-2019.2213.2

OVERVIEW

        Multiple vulnerabilities have been identified in Palo Alto Wildfire
        Appliance (WF-500) running PAN-OS 9.0, PAN-OS 8.1, PAN-OS 8.0 and 
        PAN-OS 7.1. Wildfire Cloud is also affected by these issues. [1]


IMPACT

        The vendor has provided the following details regarding the 
        vulnerabilities:
        
        "Severity: Low
        
        Successful exploitation of this issue may allow reads from a 
        compromised sandbox VM (guest OS) to retrieve data from other VMs 
        (another guest OS) or the PAN-OS operating system (host OS) as a 
        result of breaching the separation between kernel and user address 
        space. The analysis method utilized by the WildFire Appliance 
        (WF-500) and WildFire Cloud helps to mitigate the impact of this 
        issue. Each virtualized file analysis session is unique and each 
        session is terminated and destroyed after analysis is complete. The
        uniqueness of each file analysis session coupled with the limited 
        amount of time allowed to execute an attack within the environment 
        limits the scope of impact that the attacker can have on the sandbox
        VM (guest OS) and the PAN-OS operating system (host OS). PAN-OS and
        Panorama platforms are not directly impacted by these 
        vulnerabilities because successful exploitation on PAN-OS devices 
        requires an attacker to have already compromised the PAN-OS 
        operating system." [1]


MITIGATION

        The vendor advises updates will be issued as more information 
        becomes available. No mitigations have been provided. [1]


REFERENCES

        [1] Palo Alto Networks has determined that WildFire Appliance (WF-500)
            and WildFire Cloud are affected by the recent vulnerability
            disclosures, known as Fallout, RIDL, and Zombieload. We are working
            to validate and implement software updates to address these issues.
            We will provide updates as they become available.
            (PAN-117746/CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and
            CVE-2019-11091)
            https://securityadvisories.paloaltonetworks.com/Home/Detail/150

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXRWLMGaOgq3Tt24GAQg2UQ/9FZBmlzRwWloyqH60PlkEd7tD1AjCXeEX
bA7XWZWv98NEEMOwlAZSTjI7AXLqhKnNdn5K6siZg2CJ66HRrmfDxBPCLlNY/rjv
uv6rIM9CfUBsrmXxmJ6HICMLmZRiWftQvNpQnMktoOYY6Rd40w+lDXsuqNiRro9X
zNWA64X6wqCDLTlQ4MNUywbDU7Gr0ErGSyBB6Bg1HN+2X5lY8tYVfh+bT24UkSfY
v5nfcNrkjMSi9MXnI3lLeZY/Mrq3H5PD0amx0CboX1tOinSkW4Vho90OtSPYUu4N
oJR5YpI72RBhUwAJuGt5BFPjS7EemqdOnBDXTh2+2lZHpSliGTU4xPFWhhJAP4uq
6YrkiJDqTTCgNCmFK0U7602XCmDFW1De79UWt43MXtiMnKSGJ6FO7CA6zwZf9Hi/
g7L6VwCxkkPcx74vO4BT6C6Q6VufzkdZekXN5wOE+iUuBelzqrzZOGEGziCgZzpb
A0EGKikHC+1hrLgEFqXen5Pf7kBUEKBJgH4wOz9GCcl4ZX6PJ5qrEoH+dGakoED8
ZBnxNrWS3F/LT35xBpOF432l+NCMdpcTCLB6gR62dnRlaroQNG0+Idz1JG02x9jd
CZS0+i6YJgC24Try+zyt0mcVbYDaMCcN5yM541hj1xZiqdvEJnmPJ8ZWvGux9pAz
sH31hjmade8=
=oEtT
-----END PGP SIGNATURE-----