Threat & Vulnerability Discussions

Welcome to the Threat and Vulnerability Discussion Board

Welcome to the Threat and Vulnerability Forum

The purpose of this forum is to discuss security vulnerabilities and threats. Palo Alto Networks believes that understanding todays threat landscape is critical to effectively detecting and preventing cyb

...

False positive - Cisco HyperFlex HX Remote Command Execution - ID: 91836

Beginning this morning we are seeing lots of apparent false positives for threat ID: 91836 - Cisco HyperFlex HX RCE, which was added to the threat database last night. The destination server is in Wells Fargo IP space and we have determined that this

...

01996968

Is there any update ? could not find the case at portal ? Can you navigate ?

Resolved! About threat Prevention Subscriptions version installed offline

I installed a PA220 version 9.1.4. I was wondering how should I install threat Prevention.

I can't connect the perimeter wall to the Internet for some reason.

I have imported the license offline.But I don't know how to install this product offline.

Can

...

Vulnerability found on Firewall Need to address

Hi Team,

We are getting following vulnerabilities on one of our PA Firewall. Kindly suggest the next PoA regarding mentioned vulnerabilities.

Plugin

Plugin Name

Family

Severity

IP Address

Type

84502

HSTS Missing From HTTPS Server

Web Servers

Medium

x.x.x.x

Pa

...

Resolved! DNS Security Service interfering with SPAM filter

I have the DNS Security Service and it is set to sinkhole various malicious domains, including newly registered ones. The problem is that our on-premise spam filter tries to do lookups against the sending domain when we receive email, and I believe t

...

Certificate vulnerabilities

I have found several of my network devices are showing up within our vulnerability management scanner with X.509 Certificate Subject CN does not match the entity name as a vulnerability. This is more than likely a DNS issue as I do not have any netwo

...

CVE 2021-3050 Fix firmware upgrade

Hey guys as we know the above advisory resolve in PANOS 10.0.8 and above so in the solution, Palo alto says they will resolve it in September can I get to know the status of the new firmware or can I download the 10.1.0 but that is not the stable ver

...

Help with Threat log SCAN: Host Sweep

I am looking for assistance interpreting a report that shows “SCAN Host sweep traffic” in my threat log. There are multiple internal sources scanning multiple destination IP addresses that I do not own. The daily number of scans detected from each so

...

Threat : Compromised or manufacturer default password found in HTTP Basic Authentication

we have updated a Firewall last week to version 9.1.13 on July 16, 2021, after this update we have threat alerts = "Compromised or manufacturer default password found in HTTP Basic Authentication >> 50 alerts in 1 hour.

we have forced the users to cha

...

Resolved! Getting SMB brute force logs

hey, guys hope you are doing well One of my customer getting the logs of SMB: User Password Brute Force Attempt for a particular user as the user is connected to Global VPN to LAN the port 445 getting reset both traffic logs in threat logs all things

...

Resolved! Need an threat id .

I need to block these gamarue & avalanche-andromeda malware family please provide me the Thread-ID for this.

Resolved! Malicious IP addresses and High Risk IP addresses objects are not listed in Panorama

Hello,

I would like to add a policy for External Dynamic List in Panorama as a pre-rule for a particular device group. However, I am not able to see the Malicious IP addresses and High-Risk IP addresses in Panorama.

Kindly suggest.

Thanks

Apache Tomcat WebSocket Denial-of-Service Vulnerability' generated by NGFW

RE: 'Apache Tomcat WebSocket Denial-of-Service Vulnerability' generated by PAN NGFW detected on host foo-wrkXXX involving user foo\User.Name

-- Unique Threat ID: 59026

I am wondering if others are seeing this Alert generated due to what appears to be

...

Zone protection flood thresholds

I get ICMP and UDP flood alert messages from my external zone protection profile all the time. It does not seem to impact production - but not totally sure on that though.

We just have 1 - 5220, no Panarama. Anyone have any advise as to how best to co

...

Malicious signature "Virus/Win32.WGeneric.bjpxbe" detected on Cortex XDR

Hi,

Malicious signature "Virus/Win32.WGeneric.bjpxbe" is detected on Cortex XDR.

When dwelled further, details & screen grab from THREAT VAULT are shared for your perusal

Unique Threat ID: 422569341

SHA256 values are (09fb42aa3d9fcb32e2dab5f9e614a1975e

...

Discussions

Welcome to the Threat and Vulnerability Discussion Board

False positive - Cisco HyperFlex HX Remote Command Execution - ID: 91836

01996968

Resolved! About threat Prevention Subscriptions version installed offline

Vulnerability found on Firewall Need to address

Resolved! DNS Security Service interfering with SPAM filter

Certificate vulnerabilities

CVE 2021-3050 Fix firmware upgrade

Help with Threat log SCAN: Host Sweep

Threat : Compromised or manufacturer default password found in HTTP Basic Authentication

Resolved! Getting SMB brute force logs

Resolved! Need an threat id .

Resolved! Malicious IP addresses and High Risk IP addresses objects are not listed in Panorama

Apache Tomcat WebSocket Denial-of-Service Vulnerability' generated by NGFW

Zone protection flood thresholds

Malicious signature "Virus/Win32.WGeneric.bjpxbe" detected on Cortex XDR

Wildfire False Positive for THREAT-ID 614284446

Alert on domain fronting attempt

Threat ID: 640412733 - Virus/Win32.WGeneric.efuusy -> is this also a False Positive?

TID 95187 is not on my signature list

What's the difference between antivirus signatures and WildFire signatures

Unlock your full community experience!

Resolved! About threat Prevention Subscriptions version installed offline

Resolved! DNS Security Service interfering with SPAM filter

Resolved! Getting SMB brute force logs

Resolved! Need an threat id .

Resolved! Malicious IP addresses and High Risk IP addresses objects are not listed in Panorama