https://live.paloaltonetworks.com/t5/general-topics/clarification-which-update-to-use-for-cve-2023-38802-vm-100/m-p/559982#M113550 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/180138">@BPSoftware</a></P> <P>&nbsp;</P> <P>the&nbsp;<SPAN>CVE-2023-38802 is addressed in PAN-OS 10.2.6:</SPAN></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PavelK_0-1695962520274.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/54056i0A824E83981494F8/image-size/medium?v=v2&amp;px=400" role="button" title="PavelK_0-1695962520274.png" alt="PavelK_0-1695962520274.png" /></span></P> <P><A href="https://security.paloaltonetworks.com/CVE-2023-38802" target="_blank">https://security.paloaltonetworks.com/CVE-2023-38802</A></P> <P>&nbsp;</P> <P>I think the note information in preferred release page is only reference and not statement that 10.2.5 has addressed that issue.</P> <P>&nbsp;</P> <P>Kind Regards</P> <P>Pavel</P> Fri, 29 Sep 2023 04:44:37 GMT PavelK 2023-09-29T04:44:37Z https://live.paloaltonetworks.com/t5/general-topics/clarification-which-update-to-use-for-cve-2023-38802-vm-100/m-p/559972#M113549 <P>Hi everyone.&nbsp;</P> <P>&nbsp;</P> <P>Just wondering on which update to apply for&nbsp;CVE-2023-38802 on a VM-100.&nbsp;</P> <P>&nbsp;</P> <P>The Palo CVE report <A href="https://security.paloaltonetworks.com/CVE-2023-38802" target="_blank">CVE-2023-38802 PAN-OS: Denial-of-Service (DoS) Vulnerability in BGP Software (paloaltonetworks.com)</A></P> <P>says any version under 10.2.6 is affected.&nbsp;</P> <P>However, the Recommended OS version page&nbsp;<A href="https://live.paloaltonetworks.com/t5/customer-resources/support-pan-os-software-release-guidance/ta-p/258304" target="_blank">Support PAN-OS Software Release Guidance | Palo Alto Networks</A></P> <P>suggested that it will be mitigated by 10.2.5.&nbsp;</P> <P>&nbsp;</P> <P>Am I misunderstanding somehow?&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 29 Sep 2023 02:33:12 GMT https://live.paloaltonetworks.com/t5/general-topics/clarification-which-update-to-use-for-cve-2023-38802-vm-100/m-p/559972#M113549 BPSoftware 2023-09-29T02:33:12Z https://live.paloaltonetworks.com/t5/general-topics/clarification-which-update-to-use-for-cve-2023-38802-vm-100/m-p/559982#M113550 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/180138">@BPSoftware</a></P> <P>&nbsp;</P> <P>the&nbsp;<SPAN>CVE-2023-38802 is addressed in PAN-OS 10.2.6:</SPAN></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PavelK_0-1695962520274.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/54056i0A824E83981494F8/image-size/medium?v=v2&amp;px=400" role="button" title="PavelK_0-1695962520274.png" alt="PavelK_0-1695962520274.png" /></span></P> <P><A href="https://security.paloaltonetworks.com/CVE-2023-38802" target="_blank">https://security.paloaltonetworks.com/CVE-2023-38802</A></P> <P>&nbsp;</P> <P>I think the note information in preferred release page is only reference and not statement that 10.2.5 has addressed that issue.</P> <P>&nbsp;</P> <P>Kind Regards</P> <P>Pavel</P> Fri, 29 Sep 2023 04:44:37 GMT https://live.paloaltonetworks.com/t5/general-topics/clarification-which-update-to-use-for-cve-2023-38802-vm-100/m-p/559982#M113550 PavelK 2023-09-29T04:44:37Z