Security - PAN-OS Firewall DoS Vulnerability - Let attacker Reboot Firewall Repeateldly

 (CVE-2025-0128) is affecting multiple versions of their PAN-OS firewall software. 

affected systems:

PAN-OS 11.2 (< 11.2.3)

PAN-OS 11.1 (< 11.1.5)

PAN-OS 11.0 (< 11.0.6)

PAN-OS 10.2 (< 10.2.11)

PAN-OS 10.1 (< 10.1.14-h11)

Mitigation strategies

For PAN-OS 11.2: Upgrade to 11.2.3 or later

For PAN-OS 11.1: Upgrade to 11.1.5 or later

For PAN-OS 11.0: Upgrade to 11.0.6 or later

For PAN-OS 10.2: Upgrade to 10.2.11 or later

For PAN-OS 10.1: Upgrade to 10.1.14-h11 or later

For organizations unable to update immediately, a temporary CLI-based workaround exists. Administrators can run the following command:

> debug sslmgr set disable-scep-auth-cookie yes

All details are here indicated:

https://cybersecuritynews.com/pan-os-firewall-dos-vulnerability/

Citrix #how to push Citrix Workspace app for windows through GPO

Citrix Workspace app has possibility to be pushed through GPO, using proper scripts and ADMX/ADML templates for Group Policy Editor

All details can be found at below link:

https://www.citrix.com/downloads/workspace-app/legacy-workspace-app-for-windows-ltsr/workspace-app-for-windows-2402-LTSR-cu2.html

Consider that PDQ product is not able to push software after reboot/shutdown so, this solution, permit to override this software limit

https://documentation.pdq.com/pdqdeploy/13.0.3.0/index.html?logoff-step.htm

https://www.alessandromazzanti.com/search?q=pdq

Be aware that latter VDI Teams version have to utilize this Citrix WorkSpace setting enabled

So in cmd you need to add this value MTOPBootStrapperInstaller (to properly deploy teams plugin)

set CommandLineOptions=/Silent ALLOWADDSTORE=N /includeSSON /AutoUpdateCheck=Disabled EnableCEIP=false ADDLOCAL=ReceiverInside,ICA_Client,SSON,AM,SELFSERVICE,USB,DesktopViewer,Flash,Vd3d,Webhelper,BrowserEngine,WorkspaceHub,MTOPBootStrapperInstaller

start /wait %DeployDirectory%\CitrixWorkspaceFullInstaller.exe DONOTSTARTCC=1 %CommandLineOptions%

Security #Global protect Portal hacker on going scanning activity

Researchers have detected a scanning activity targeting Palo Alto Networks’ GlobalProtect VPN portals

During last 30 about 24,000 unique IP addresses have attempted to access these critical security gateways

Here you can find complete article:

https://cybersecuritynews.com/hackers-scanning-palo-alto-networks-portals/




Scripting - Get-ADUser - How to retrieve User last logon date

There is an easy and quick way to get .TXT file with all AD Usernames and relatives last logon dates.

  1. You must execute Powershell module with Administrative rights.
  2. Import-Module activedirectory
  3. Get-Help Get-ADComputer
  4. Get-ADUser -filter * -Properties * | Select-Object SamAccountName, Company, @{Name="Manager";Expression={(Get-ADUser $_.Manager).sAMAccountName}}, enabled, LastLogonDate , AccountExpirationDate, displayname, GivenName, surname, custJDEEmployeeID | Export-csv C:\temp\ADUsers.csv

here it is an alternative article related to AD computers

SCRIPTING - HOW TO CHECK SERVER UPTIME WITH SINGLE COMMAND #part 2

In previous article I mentioned a way to check remote client/server uptime.

https://www.alessandromazzanti.com/2022/03/scripting-how-to-check-server-uptime.html

An alternative way is to execute these powershell commands:

$serverName = "NomeDelServer"

$uptime = (Get-WmiObject -Class Win32_OperatingSystem -ComputerName $serverName).ConvertToDateTime((Get-WmiObject -Class Win32_OperatingSystem -ComputerName $serverName).LastBootUpTime)

$uptime