The earliest recollection of this bug is traced back to PAN-OS 8.1.19 - January 09, 2024.
This bug is fixed in PAN-OS versions 9.1.10, 8.1.19.
A fix was made to address an issue where a cryptographically weak pseudo-random number (PRNG) was used during authentication to the PAN-OS interface. As a result, attackers with the capability to observe their own authentication secrets over a long duration on the firewall had the ability to impersonate another authenticated web interface administratorâs session ( CVE-2021-3047 ).
For more information:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-19-addressed-issues
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-10-addressed-issues
