04-03-2022 07:34 PM
CVE-2022-0778 Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778 (paloaltonetworks.com)
Further to this one, it mentions that Globalprotect is affected but doesnt say whether a client software update is required.
Do you know if the Globalprotect client will need updating?
04-04-2022 08:16 AM
The CVE says they are working on "fixes to remove the vulnerable code from our PAN-OS, GlobalProtect app, and Cortex XDR agent", so i am expecting GP client software as well as the PANOS. But yeah... kind of left us hanging in the initial CVE release saying to update to the "-hf" release... which doesn't exist yet, then later updating the CVE to "ETA April '22".
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
