28 June 2019
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0173 Information about Recent Intel Side Channel Vulnerabilities 28 June 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Palo Alto WF-500 Wildfire Appliance Operating System: Network Appliance Impact/Access: Access Privileged Data -- Existing Account Resolution: None CVE Names: CVE-2019-11091 CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 Member content until: Sunday, July 28 2019 Reference: ASB-2019.0138 ESB-2019.2233 ESB-2019.2217 ESB-2019.2174 ESB-2019.2171 ESB-2019.2213.2 OVERVIEW Multiple vulnerabilities have been identified in Palo Alto Wildfire Appliance (WF-500) running PAN-OS 9.0, PAN-OS 8.1, PAN-OS 8.0 and PAN-OS 7.1. Wildfire Cloud is also affected by these issues.  IMPACT The vendor has provided the following details regarding the vulnerabilities: "Severity: Low Successful exploitation of this issue may allow reads from a compromised sandbox VM (guest OS) to retrieve data from other VMs (another guest OS) or the PAN-OS operating system (host OS) as a result of breaching the separation between kernel and user address space. The analysis method utilized by the WildFire Appliance (WF-500) and WildFire Cloud helps to mitigate the impact of this issue. Each virtualized file analysis session is unique and each session is terminated and destroyed after analysis is complete. The uniqueness of each file analysis session coupled with the limited amount of time allowed to execute an attack within the environment limits the scope of impact that the attacker can have on the sandbox VM (guest OS) and the PAN-OS operating system (host OS). PAN-OS and Panorama platforms are not directly impacted by these vulnerabilities because successful exploitation on PAN-OS devices requires an attacker to have already compromised the PAN-OS operating system."  MITIGATION The vendor advises updates will be issued as more information becomes available. No mitigations have been provided.  REFERENCES  Palo Alto Networks has determined that WildFire Appliance (WF-500) and WildFire Cloud are affected by the recent vulnerability disclosures, known as Fallout, RIDL, and Zombieload. We are working to validate and implement software updates to address these issues. We will provide updates as they become available. (PAN-117746/CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091) https://securityadvisories.paloaltonetworks.com/Home/Detail/150 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXRWLMGaOgq3Tt24GAQg2UQ/9FZBmlzRwWloyqH60PlkEd7tD1AjCXeEX bA7XWZWv98NEEMOwlAZSTjI7AXLqhKnNdn5K6siZg2CJ66HRrmfDxBPCLlNY/rjv uv6rIM9CfUBsrmXxmJ6HICMLmZRiWftQvNpQnMktoOYY6Rd40w+lDXsuqNiRro9X zNWA64X6wqCDLTlQ4MNUywbDU7Gr0ErGSyBB6Bg1HN+2X5lY8tYVfh+bT24UkSfY v5nfcNrkjMSi9MXnI3lLeZY/Mrq3H5PD0amx0CboX1tOinSkW4Vho90OtSPYUu4N oJR5YpI72RBhUwAJuGt5BFPjS7EemqdOnBDXTh2+2lZHpSliGTU4xPFWhhJAP4uq 6YrkiJDqTTCgNCmFK0U7602XCmDFW1De79UWt43MXtiMnKSGJ6FO7CA6zwZf9Hi/ g7L6VwCxkkPcx74vO4BT6C6Q6VufzkdZekXN5wOE+iUuBelzqrzZOGEGziCgZzpb A0EGKikHC+1hrLgEFqXen5Pf7kBUEKBJgH4wOz9GCcl4ZX6PJ5qrEoH+dGakoED8 ZBnxNrWS3F/LT35xBpOF432l+NCMdpcTCLB6gR62dnRlaroQNG0+Idz1JG02x9jd CZS0+i6YJgC24Try+zyt0mcVbYDaMCcN5yM541hj1xZiqdvEJnmPJ8ZWvGux9pAz sH31hjmade8= =oEtT -----END PGP SIGNATURE-----