BugZero | Palo Alto Networks BugID PAN-124039 - A fix was made to address an issue where the Globa...

Palo Alto Networks - Defect ID: PAN-124039

A fix was made to address an issue where the GlobalProtect Portal feature in PAN-OS did not set a new session identifier after a successful user login ( CVE-2020-1993 ).

Palo Alto Networks - Defect ID: PAN-124039

A fix was made to address an issue where the GlobalProtect Portal feature in PAN-OS did not set a new session identifier after a successful user login ( CVE-2020-1993 ).

Last updated on Invalid date

BugZero Risk Score
6.3 Medium

Overall: 6.3

Severity: 6.4

Community: 3.7

Lifecycle: 10.0

What is the BugZero Risk Score?

Palo Alto Networks Integration

Learn more about where this data comes from

Palo Alto Networks Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Description

The earliest recollection of this bug is traced back to PAN-OS 8.1.14 - July 22, 2025. This bug is fixed in PAN-OS versions 8.1.14. A fix was made to address an issue where the GlobalProtect Portal feature in PAN-OS did not set a new session identifier after a successful user login ( CVE-2020-1993 ). For more information: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-14-addressed-issues

Change history

No changes to display

Top Palo Alto Networks Defects

6.8Defect ID: PAN-264680
( PA-220 firewalls only ) Fixed an issue where Device > Setup was not displayed on the web interface.
6.6Defect ID: PAN-263226
Fixed an issue where, when SSL decryption was enabled and Client Hello messages spanned multiple TCP segments, some SSL decrypted sessions failed.
6.6Defect ID: PAN-270549
Fixed an issue where some TLS connections were not handled correctly, which led to instability in the dataplane.
6.6Defect ID: PAN-251035
Fixed an issue where selective push operations did not push certificate changes to the firewall.
6.5Defect ID: PAN-251895
Fixed an issue where enabling inline Cloud Analysis features caused a slow packet buffer leak, which resulted in performance issues and dropped traffic.

Ready to prevent the next vendor outage?

Get a demo

Palo Alto Networks - Defect ID: PAN-124039

A fix was made to address an issue where the GlobalProtect Portal feature in PAN-OS did not set a new session identifier after a successful user login ( CVE-2020-1993 ).

Palo Alto Networks - Defect ID: PAN-124039

A fix was made to address an issue where the GlobalProtect Portal feature in PAN-OS did not set a new session identifier after a successful user login ( CVE-2020-1993 ).

Last updated on Invalid date

BugZero Risk Score6.3 Medium

Bug Details

Links

Top Palo Alto Networks Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.3 Medium