CVE-2022-0778 mitigation with Threat Prevention

cancel
Showing results for 
Search instead for 
Did you mean: 

CVE-2022-0778 mitigation with Threat Prevention

L2 Linker

Hi,

 

Following the CVE-2022-0778 vulnerability, I would like to apply the workaround to reduce the risk of attack until the PAN-OS update is released.

 

According to the security ticket, you have to activate the Threat IDs 92409 and 92411 but how to do it ?

 

I found this link but I'm not sure of the procedure: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm4yCAC

 

Thanks in advance for your help

3 REPLIES 3

L4 Transporter

Yeah, that is not very clear to me either... It looks like threats 92409 and 92411 are already enabled, both are set to "reset-server" connection by default. CVE-2022-0778 affects lots of OpenSSL integrated products, not just PAN-OS, so perhaps the workaround is meant more specifically for blocking exploits against devices behind the PA.

L4 Transporter

FWIW: PaloAlto just sent out release notices for PAN-OS v9.1.13-h3 and v10.1.5-h1 and they are on the download servers now  (weren't there a couple hours ago). The release notes give a single patch:

PAN-190175 and PAN-190223
A fix was made to address an OpenSSL infinite loop vulnerability in the PAN-OS software (CVE-2022-0778).

 

No updates on the servers yet for GP clients.

L2 Linker

Thank you for your feedback.

 

Yes, I can see the release on PAN-OS 9.1 and 10.1 on Software Update but not yet 8.1.

 

Thank you for your feedback.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!