PAN-OS 10.2.9-h9 release notes and CVE-2024-3400

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PAN-OS 10.2.9-h9 release notes and CVE-2024-3400

L1 Bithead

The addresses issues listed in the release notes ( 1/8/24) for PAN-OS 10.2.9-h9 state: 

PAN-252214 A fix was made to address CVE-2024-3400.

However this was previously stated as fixed in 10.2.9-h1.

 

Is this 'duplicate reporting' or does this address a new exploit variant / scenario, not yet disclosed ?

I note no change in preferred version page or the security advisory page, however seems important to have clarification around such a serious CVE. Anyone in the community already raised this with PAN Support ?

1 REPLY 1

L2 Linker

Hello,

 

Since the CVE-2024-3400 was addressed in PANOS 10.2.9-h1, all hotfixes after 10.2.9-h1 will include the fix for the CVE. This means that 10.2.9-h9 also includes the same fix for the CVE issue that was fixed in 10.2.9-h1, but -h9 addressed some other issue that was targeted for that -h9 version. Please reference this  list here: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-release-notes/pan-os-10-2-9-known-and-addressed...

 

Thanks,

 

Customer Success Engineer, NGFW
  • 830 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!