CVE-2020-1982

There is a situation where certain communication between PAN-OS and cloud-delivered services unintentionally utilize TLS 1.0, which is a weak cryptographic protocol. These cloud services encompass Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure. However, it is important to note that the conditions necessary for exploiting the vulnerabilities of TLS 1.0 in the communication between PAN-OS and cloud-delivered services are not present. Hence, we do not believe that any communication is affected by known attacks on TLS 1.0. This problem affects the following versions: All versions of PAN-OS 8.0; PAN-OS 8.1 versions before PAN-OS 8.1.14; PAN-OS 9.0 versions before PAN-OS 9.0.9; and PAN-OS 9.1 versions before PAN-OS 9.1.3. PAN-OS 7.1 is not affected by this issue.