04-14-2024 08:19 AM
Hi Team,
Please help me to understand the below:
Firewall 1 - 10.2, GP portal & Gateway, Device telemetry enabled
Firewall 2 - 10.2, only GP portal & gateway, no device telemetry enabled
Firewall 3 - 10.2, no GP portal and gateway, only device telemetry enabled.
Firewall 1 will be impacted by this vulnerability.
Please confirm if firewall 2 and firewall 3 will also be impacted due to this vulnerability.
Thanks in advance
04-15-2024 07:02 AM
No,
Only option 1 is affected...
This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both) and device telemetry enabled.
https://security.paloaltonetworks.com/CVE-2024-3400
04-17-2024 09:35 AM
In case you didn't see it, yesterday Palo updated their guidance and stated that telemetry disabled is NOT enough.
04-25-2024 07:13 AM
Based on the updated advisory from palo alto, i understand that Firewall 1 and Firewall 2 will be impacted.
============
This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both). Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.
You can verify whether you have a GlobalProtect gateway or GlobalProtect portal configured by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways or Network > GlobalProtect > Portals).
==================
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
