https://live.paloaltonetworks.com/t5/general-topics/pan-os-vulnerability/m-p/357501#M87776 <P>I have a Palo Alto (PA-5220) HA pair with software running (SW: 9.0.9-h1, Global-protect version: 5.1.3). I found below vulnerabilities are affecting the current PAN OS. I am planning to upgrade it. Could you please suggest the best recommended software with Global protect version for my firewall.</P><P>&nbsp;</P><P>Model:&nbsp;&nbsp;PA-5220</P><P>Software Version:&nbsp;SW: 9.0.9-h1,&nbsp;global-protect-client-package-version: 5.1.3</P><P>&nbsp;</P><P>Vulnerabilities affecting the current PAN OS:&nbsp;</P><P>---------------------------------------------------------</P><P>CVE-2020-2037 PAN-OS: OS command injection vulnerability in the management web interface</P><P>CVE-2020-2039 PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload</P><P>CVE-2020-2043 PAN-OS: Passwords may be logged in clear text when using after-change-detail custom syslog field for config logs</P><P>CVE-2020-2044 PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history</P><P>&nbsp;</P><P>&nbsp;</P><P>Thanks,</P><P>Manu</P> Tue, 20 Oct 2020 16:31:36 GMT Manu_Shankar 2020-10-20T16:31:36Z https://live.paloaltonetworks.com/t5/general-topics/pan-os-vulnerability/m-p/357501#M87776 <P>I have a Palo Alto (PA-5220) HA pair with software running (SW: 9.0.9-h1, Global-protect version: 5.1.3). I found below vulnerabilities are affecting the current PAN OS. I am planning to upgrade it. Could you please suggest the best recommended software with Global protect version for my firewall.</P><P>&nbsp;</P><P>Model:&nbsp;&nbsp;PA-5220</P><P>Software Version:&nbsp;SW: 9.0.9-h1,&nbsp;global-protect-client-package-version: 5.1.3</P><P>&nbsp;</P><P>Vulnerabilities affecting the current PAN OS:&nbsp;</P><P>---------------------------------------------------------</P><P>CVE-2020-2037 PAN-OS: OS command injection vulnerability in the management web interface</P><P>CVE-2020-2039 PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload</P><P>CVE-2020-2043 PAN-OS: Passwords may be logged in clear text when using after-change-detail custom syslog field for config logs</P><P>CVE-2020-2044 PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history</P><P>&nbsp;</P><P>&nbsp;</P><P>Thanks,</P><P>Manu</P> Tue, 20 Oct 2020 16:31:36 GMT https://live.paloaltonetworks.com/t5/general-topics/pan-os-vulnerability/m-p/357501#M87776 Manu_Shankar 2020-10-20T16:31:36Z https://live.paloaltonetworks.com/t5/general-topics/pan-os-vulnerability/m-p/357722#M87801 <P>Recommended release on 9.0 is 9.0.10:&nbsp;<A href="https://live.paloaltonetworks.com/t5/customer-resources/support-pan-os-software-release-guidance/ta-p/258304" target="_blank">https://live.paloaltonetworks.com/t5/customer-resources/support-pan-os-software-release-guidance/ta-p/258304</A></P> Wed, 21 Oct 2020 12:27:34 GMT https://live.paloaltonetworks.com/t5/general-topics/pan-os-vulnerability/m-p/357722#M87801 erikda 2020-10-21T12:27:34Z