...
BugZero updated this defect 20112 days ago.
The earliest recollection of this bug is traced back to PAN-OS 8.1.16 - January 09, 2024. This bug is fixed in PAN-OS versions 9.1.3, 8.1.16. A fix was made to address an OS command injection vulnerability in the PAN-OS management interface that allowed authenticated administrators to execute arbitrary OS commands with root privileges ( CVE-2020-2037 ). For more information: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-16-addressed-issues https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-3-addressed-issues
8.95
Fixed an issue where the dataplane restarted repeatedly after a reboot due to an internal path monitoring failures until a power cycle.8.9
Fixed an intermittent issue where commits failed after a commit validation and were modified for custom URL category objects.8.9
Fixed an issue on high availability configurations where, after upgrading to PAN-OS 9.1.10, PAN-OS 10.0.6, or PAN-OS 10.1.0, the HA1 and HA1-Backup link stayed down. This issue occurred when the peer firewall IP address was in a different subnet.8.95
Fixed an issue where `wificlient` in PAN-OS 10.0 and later releases caused processing delays, on-chip descriptor spikes, and buffer usage.8.95
Fixed an issue where the `bcm.log` and `brdagent_stdout.log-<datestamp>` files filled up the root disk space