The earliest recollection of this bug is traced back to PAN-OS 8.1.16 - January 09, 2024. This bug is fixed in PAN-OS versions 8.1.16. A fix was made to address an insecure configuration of a daemon ( appweb ) that allowed a remote unauthenticated user to send a specifically crafted request to the device that caused the Appweb service to crash. Repeated attempts to send this request resulted in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode ( CVE-2020-2041 ). For more information: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-16-addressed-issues