BugZero | Palo Alto Networks BugID PAN-146048 - Fixed an issue where a satellite firewall was unab...

Palo Alto Networks - Defect ID: PAN-146048

Fixed an issue where a satellite firewall was unable to authenticate to an LSVPN gateway when the issued certificate from Simple Certificate Enrollment Protocol (SCEP) had encryption bits set to 3072. With this fix, the maximum private key size of 3072 bits, along with the 1024-bit size and the 2048-bit size, is able to authenticate when selected to create the SCEP profile.

Palo Alto Networks - Defect ID: PAN-146048

Fixed an issue where a satellite firewall was unable to authenticate to an LSVPN gateway when the issued certificate from Simple Certificate Enrollment Protocol (SCEP) had encryption bits set to 3072. With this fix, the maximum private key size of 3072 bits, along with the 1024-bit size and the 2048-bit size, is able to authenticate when selected to create the SCEP profile.

Last updated on January 1st, 1970

BugZero Risk Score
6.3 Medium

Overall: 6.3

Severity: 6.4

Community: 3.7

Lifecycle: 10.0

What is the BugZero Risk Score?

Palo Alto Networks Integration

Learn more about where this data comes from

Palo Alto Networks Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Views: 5

Description

The earliest recollection of this bug is traced back to PAN-OS 9.1.10 - July 22, 2025. This bug is fixed in PAN-OS versions 9.1.10. Fixed an issue where a satellite firewall was unable to authenticate to an LSVPN gateway when the issued certificate from Simple Certificate Enrollment Protocol (SCEP) had encryption bits set to 3072. With this fix, the maximum private key size of 3072 bits, along with the 1024-bit size and the 2048-bit size, is able to authenticate when selected to create the SCEP profile. For more information: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-10-addressed-issues

Change history

No changes to display

Top Palo Alto Networks Defects

6.3Defect ID: PAN-288001
Fixed an issue where devices with 5G cellular modems did not support the ATT FirstNet auto Access Point Name (APN).
6.3Defect ID: PAN-311285
( Firewalls in HA conditions only ) Fixed an issue where a memory leak occurred related to the ospfd process, which caused RAM usage to continuously increase on active devices in an HA cluster until the device stopped responding, even after an HA failover.
6.3Defect ID: PAN-302790
Fixed an issue where, with Sender Side Loop Detection enabled, BGP WITHDRAWAL updates were not sent to peers after a route was removed, which caused stale routes to persist in the BGP table of neighboring firewalls.
6.3Defect ID: PAN-269228
Fixed an issue where the all_task process stopped responding, which caused a split brain condition.
6.3Defect ID: PAN-302654
( Firewalls in active/passive HA configurations only ) Fixed an issue where, when the HA configuration had multiple logical routers, static or connected routes redistributed into OSPF aged out in the LSDB, which caused the routes to be removed on peer OSPF neighbors.

Ready to prevent the next vendor outage?

Get a demo

Palo Alto Networks - Defect ID: PAN-146048

Palo Alto Networks - Defect ID: PAN-146048

Last updated on January 1st, 1970

BugZero Risk Score6.3 Medium

Bug Details

Links

Top Palo Alto Networks Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.3 Medium