05-06-2026 02:03 PM - edited 05-06-2026 02:05 PM
@chrise_coh - The CVE article discusses an Interface Management profile attached to an interface ("User-ID" under Network Services in the profile). This is what would run the User-ID Authentication Portal on that interface (and shouldn't generally be available on a "public" interface).
The Reddit thread I was looking at was claiming that having "User-ID" enabled in the Zone (Network->Zones->[zonename]->User Identification ACL->Enable User Identification) also exposed the vulnerability. I believe this is incorrect as the NGFW manual states:
If you configured User-ID... the best practice is to Enable User Identification to apply the mapping information to traffic in this zone. If you disable this option, firewall logs, reports, and policies will exclude user mapping information for traffic within the zone.
By default, if you select this option, the firewall applies user mapping information to the traffic of all subnetworks in the zone...
The Zone User-ID use would seem to only apply to its use in Security/NAT Policies, logging, etc. The vulnerability would seem to apply only to the User-ID Authentication Portal (where a user is required to identify themselves for further access), not to anywhere User-ID is used in the firewall. Or at least the best I can figure.
