Security Advisories April 2024 #2
Immediate Actions Required:
In earlier versions of this advisory, disabling device telemetry was listed as a secondary mitigation action. Disabling device telemetry is no longer an effective mitigation. Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability. Affected Systems:- PAN-OS Firewalls running version 10.2 or higher with GlobalProtect Portal or Gateway configured.
- Navigate to Device -> Support -> Generate Tech Support File to create and download the support file.
- Preferably, upgrade your firewall to a version that is documented in the CVE.
If upgrading is not immediately possible, enhance your security by:
- Enabling the vulnerability protection profile for rules allowing traffic to the portal/gateway.
- Ensuring the signatures 95187, 95189, and 95191 are set to reset or drop.
- Run the following command to detect potential command injection attacks: grep pattern "failed to unmarshal session(.+./" mp-log gpsvc.log*
- If there are any results, open a case with NTS OC immediately by email support@nts.eu