PanOS 11.1.5 (and others with the fix for CVE-2024-2550) still not preferred?

ccvega — Tue, 11 Feb 2025 15:26:12 GMT

Might anyone know why 11.1.5 and 10.2.10-h10 (or anything newer) are still not marked as preferred 3 months after release?

We're on 10.2.x now and likely would upgrade to 11.1.x, but I figured waiting for the patch for CVE-2024-2550 makes sense.

CVE-2024-2550 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway Using a Specially Crafted Packet

Re: PanOS 11.1.5 (and others with the fix for CVE-2024-2550) still not preferred?

JayGolf — Wed, 12 Feb 2025 07:14:07 GMT

Hi @ccvega ,

The timing of when a PAN-OS version is marked as preferred is determined by the Support organization, but there is no set timeline for this. The process is very comprehensive. If a particular CVE is a significant concern for your organization, I recommend reviewing the release notes of the PAN-OS versions that address the vulnerability and assessing the potential impact of upgrading.

There's no need to delay an upgrade because a version hasn’t been marked as preferred, especially if it contains a fix for a critical CVE. Support preferred versions are determined broadly and does not align with specific deployments or risk profile.

Take a look at the 11.1.5 Known Issues or any releases you would like to jump to and compare them against the potential risk of CVE-2024-2550 to make an informed decision.

topic Re: PanOS 11.1.5 (and others with the fix for CVE-2024-2550) still not preferred? in General Topics

PanOS 11.1.5 (and others with the fix for CVE-2024-2550) still not preferred?

Re: PanOS 11.1.5 (and others with the fix for CVE-2024-2550) still not preferred?