Palo Alto Networks provided several recommended workarounds and mitigations for the issue, including temporarily disabling firewall telemetry.
In a statement provided to CRN Friday, Palo Alto Networks said that “upon notification of the vulnerability, we immediately provided mitigations and will provide a permanent fix shortly.”
“We are actively notifying customers and strongly encourage them to implement the mitigations and hotfix as soon as possible,” the company said.
The vulnerability was found in the GlobalProtect feature in PAN-OS firewalls, the company said. The flaw affects the PAN-OS 10.2, PAN-OS 11.0 and PAN-OS 11.1 versions of the firewall software.
“Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability,” the company said. “All other versions of PAN-OS are also not impacted.”
Palo Alto Networks credited researchers at cybersecurity firm Volexity for discovering the vulnerability. In December, Volexity researchers discovered vulnerabilities affecting Ivanti Connect Secure VPN devices, which went on to see mass exploitation by threat actors