(CVE-2025-0128) is affecting multiple versions of their PAN-OS firewall software.
affected systems:
PAN-OS 11.2 (< 11.2.3)
PAN-OS 11.1 (< 11.1.5)
PAN-OS 11.0 (< 11.0.6)
PAN-OS 10.2 (< 10.2.11)
PAN-OS 10.1 (< 10.1.14-h11)
Mitigation strategies
For PAN-OS 11.2: Upgrade to 11.2.3 or later
For PAN-OS 11.1: Upgrade to 11.1.5 or later
For PAN-OS 11.0: Upgrade to 11.0.6 or later
For PAN-OS 10.2: Upgrade to 10.2.11 or later
For PAN-OS 10.1: Upgrade to 10.1.14-h11 or later
For organizations unable to update immediately, a temporary CLI-based workaround exists. Administrators can run the following command:
> debug sslmgr set disable-scep-auth-cookie yes
All details are here indicated:
https://cybersecuritynews.com/pan-os-firewall-dos-vulnerability/
