cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

TID 95187 is not on my signature list

L5 Sessionator

Hi,
The question is related to following vulnerability: https://security.paloaltonetworks.com/CVE-2024-3400

 

In this it said "Recommended Mitigation: Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187 (introduced in Applications and Threats content version 8833-8682)."

 

However, when I update content signature to the latest ( which is 8833-8682 ), and then try to create new vulnerability profile with specifying 95187 only, it does not shows me 95187.

 

2024-04-12 18 05 53.png

With ID range, the result is as below

2024-04-12 18 06 54.png

 

I'm sure there is ID 95187 because I can check via CLI.

 

admin@PA-410> show system info | match app-version
app-version: 8833-8682
admin@PA-410> show threat id 95187


This signature detects malicious payload in HTTPS request.


critical
Unknown
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention

admin@PA-410>

 

 

NOTE:  I can replicate this condition with other platforms too.

 

How can I create this vulnerability profile for mitigation?

 

 

Who Me Too'd this topic