BugZero | Palo Alto Networks BugID PAN-303954 - Fixed an issue where, when configuring Safenet HSM...

Palo Alto Networks - Defect ID: PAN-303954

Fixed an issue where, when configuring Safenet HSMs in HA and authentication HSM manually, the second HSM server failed to authenticate due to the firewall overwriting the first HSM server's certificate with the second HSM server's certificate.

Palo Alto Networks - Defect ID: PAN-303954

Fixed an issue where, when configuring Safenet HSMs in HA and authentication HSM manually, the second HSM server failed to authenticate due to the firewall overwriting the first HSM server's certificate with the second HSM server's certificate.

Last updated on January 13th, 2026

BugZero Risk Score
6.3 Medium

Overall: 6.3

Severity: 6.4

Community: 3.7

Lifecycle: 10.0

What is the BugZero Risk Score?

Palo Alto Networks Integration

Learn more about where this data comes from

Palo Alto Networks Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Description

The earliest recollection of this bug is traced back to PAN-OS 11.1.10-h10 - January 13, 2026. This bug is fixed in PAN-OS versions 11.1.13-h1, 11.1.6-h23, 11.1.10-h10. Fixed an issue where, when configuring Safenet HSMs in HA and authentication HSM manually, the second HSM server failed to authenticate due to the firewall overwriting the first HSM server's certificate with the second HSM server's certificate. For more information: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-10-known-and-addressed-issues/pan-os-11-1-10-h10-addressed-issues https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-13-known-and-addressed-issues/pan-os-11-1-13-h1-addressed-issues https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-6-known-and-addressed-issues/pan-os-11-1-6-h23-addressed-issues

Change history

2026-01-13 Added: 11.1.13-h1

2025-12-03 Removed: 11.1.10-h10

2025-12-02 Removed: 11.1.10-h10

2025-12-02 Added: 11.1.6-h23, 11.1.10-h10

Top Palo Alto Networks Defects

6.3Defect ID: PAN-294307
Fixed an issue on Panorama where a configd SIGSEGV crash occurred when renaming objects within policy rules, objects, or zones.
6.3Defect ID: PAN-304496
Fixed an issue where, after unregistering an IP tag and registering a different IP tag for the same IP address via XML API, the dynamic address group membership was not updated on the dataplane, which resulted in Security policy rules being enforced incorrectly.
6.3Defect ID: PAN-300637
( VM-Series firewalls on Microsoft Azure environments only ) Fixed an issue where the firewall unexpectedly rebooted due to repeated varrcvr process restarts.
6.3Defect ID: PAN-300548
Fixed an issue where using the IKEv2 multiplier setting for VPN re-authentication resulted in the firewall not re-authenticating at the expected intervals when both sides initiated rekeying. The internal re-authentication counter incremented when the local side triggered the rekey, but not when the peer side triggered it.
6.3Defect ID: PAN-303954
Fixed an issue where, when configuring Safenet HSMs in HA and authentication HSM manually, the second HSM server failed to authenticate due to the firewall overwriting the first HSM server's certificate with the second HSM server's certificate.

Ready to prevent the next vendor outage?

Get a demo

Palo Alto Networks - Defect ID: PAN-303954

Fixed an issue where, when configuring Safenet HSMs in HA and authentication HSM manually, the second HSM server failed to authenticate due to the firewall overwriting the first HSM server's certificate with the second HSM server's certificate.

Palo Alto Networks - Defect ID: PAN-303954

Fixed an issue where, when configuring Safenet HSMs in HA and authentication HSM manually, the second HSM server failed to authenticate due to the firewall overwriting the first HSM server's certificate with the second HSM server's certificate.

Last updated on January 13th, 2026

BugZero Risk Score6.3 Medium

Bug Details

Links

Top Palo Alto Networks Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.3 Medium