08-05-2024 01:38 AM
The addresses issues listed in the release notes ( 1/8/24) for PAN-OS 10.2.9-h9 state:
PAN-252214 A fix was made to address CVE-2024-3400.
However this was previously stated as fixed in 10.2.9-h1.
Is this 'duplicate reporting' or does this address a new exploit variant / scenario, not yet disclosed ?
I note no change in preferred version page or the security advisory page, however seems important to have clarification around such a serious CVE. Anyone in the community already raised this with PAN Support ?
08-06-2024 09:21 AM
Hello,
Since the CVE-2024-3400 was addressed in PANOS 10.2.9-h1, all hotfixes after 10.2.9-h1 will include the fix for the CVE. This means that 10.2.9-h9 also includes the same fix for the CVE issue that was fixed in 10.2.9-h1, but -h9 addressed some other issue that was targeted for that -h9 version. Please reference this list here: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-release-notes/pan-os-10-2-9-known-and-addressed...
Thanks,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
