Following the CVE-2022-0778 vulnerability, I would like to apply the workaround to reduce the risk of attack until the PAN-OS update is released.
According to the security ticket, you have to activate the Threat IDs 92409 and 92411 but how to do it ?
I found this link but I'm not sure of the procedure: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm4yCAC
Thanks in advance for your help
Yeah, that is not very clear to me either... It looks like threats 92409 and 92411 are already enabled, both are set to "reset-server" connection by default. CVE-2022-0778 affects lots of OpenSSL integrated products, not just PAN-OS, so perhaps the workaround is meant more specifically for blocking exploits against devices behind the PA.
FWIW: PaloAlto just sent out release notices for PAN-OS v9.1.13-h3 and v10.1.5-h1 and they are on the download servers now (weren't there a couple hours ago). The release notes give a single patch:
PAN-190175 and PAN-190223
No updates on the servers yet for GP clients.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!