https://live.paloaltonetworks.com/t5/general-topics/orange-attack-on-gp/m-p/279661#M75744 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/62286">@Alex_Samad</a>&nbsp;with 8.1.5 you shouln't be vulnerable.</P><P>&nbsp;</P><P>But what Paloalto did here is a no-go. No matter if there are recommended releases and so far. Only this external discovery of the vulnerability was forcing Paloalto to go public. A security company that tries to keep secret a RCE vulnerability for more than a year ... I can't really find words about how bad this is ...</P><P><A href="https://live.paloaltonetworks.com/t5/General-Topics/PAN-SA-2019-0020-really/m-p/278690/highlight/true#M75667" target="_blank">https://live.paloaltonetworks.com/t5/General-Topics/PAN-SA-2019-0020-really/m-p/278690/highlight/true#M75667</A></P><P>&nbsp;</P><P>&nbsp;</P> Sat, 27 Jul 2019 21:53:21 GMT Remo 2019-07-27T21:53:21Z https://live.paloaltonetworks.com/t5/general-topics/orange-attack-on-gp/m-p/277159#M75425 <P><A href="https://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html?m=1" target="_blank">https://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html?m=1</A></P><P>&nbsp;</P><P>Any word from PA on this ?</P><P>&nbsp;</P> Wed, 17 Jul 2019 23:32:18 GMT https://live.paloaltonetworks.com/t5/general-topics/orange-attack-on-gp/m-p/277159#M75425 Alex_Samad 2019-07-17T23:32:18Z https://live.paloaltonetworks.com/t5/general-topics/orange-attack-on-gp/m-p/277211#M75429 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/62286">@Alex_Samad</a>,</P><P>What exactly were you looking for? The vulnerability was fixed last year, and anyone running a currently recommended release (or really any within the past year) wouldn't be effected by this anymore.&nbsp;</P> Thu, 18 Jul 2019 03:20:57 GMT https://live.paloaltonetworks.com/t5/general-topics/orange-attack-on-gp/m-p/277211#M75429 BPry 2019-07-18T03:20:57Z https://live.paloaltonetworks.com/t5/general-topics/orange-attack-on-gp/m-p/277235#M75434 <P>Oh, I have 8.1.5 and I seem to still be vulnerable.</P><P>&nbsp;</P><P>I will patch up.</P><P>&nbsp;</P><P>thaks</P> Thu, 18 Jul 2019 06:05:27 GMT https://live.paloaltonetworks.com/t5/general-topics/orange-attack-on-gp/m-p/277235#M75434 Alex_Samad 2019-07-18T06:05:27Z https://live.paloaltonetworks.com/t5/general-topics/orange-attack-on-gp/m-p/279661#M75744 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/62286">@Alex_Samad</a>&nbsp;with 8.1.5 you shouln't be vulnerable.</P><P>&nbsp;</P><P>But what Paloalto did here is a no-go. No matter if there are recommended releases and so far. Only this external discovery of the vulnerability was forcing Paloalto to go public. A security company that tries to keep secret a RCE vulnerability for more than a year ... I can't really find words about how bad this is ...</P><P><A href="https://live.paloaltonetworks.com/t5/General-Topics/PAN-SA-2019-0020-really/m-p/278690/highlight/true#M75667" target="_blank">https://live.paloaltonetworks.com/t5/General-Topics/PAN-SA-2019-0020-really/m-p/278690/highlight/true#M75667</A></P><P>&nbsp;</P><P>&nbsp;</P> Sat, 27 Jul 2019 21:53:21 GMT https://live.paloaltonetworks.com/t5/general-topics/orange-attack-on-gp/m-p/279661#M75744 Remo 2019-07-27T21:53:21Z