PAN-OS 8.1.20 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
End-of-Life (EoL)
PAN-OS 8.1.20 Addressed Issues
PAN-OS® 8.1.20 addressed issues.
Issue ID | Description |
---|---|
WF500-5568 | Fixed an issue where a firewall in FIPS
mode running PAN-OS 8.1.18 or a later version failed to connect
with a WildFire appliance in normal mode. |
PAN-168921 | Fixed an issue in active/active high availability
(HA) configuration where traffic with complete packets was showing
up as incomplete and being disconnected due to a non-session owner
device closing the session prematurely. |
PAN-167989 | Fixed a timing issue between downloading
and installing threads that occurred when Panorama pushed content
updates and the firewall fetched content updates simultaneously. |
PAN-166836 | Fixed an issue where session failed due
to resource unavailability. |
PAN-166299 | (PA-3000 Series firewalls only)
Fixed an issue where Server Message Block (SMB) sessions failed
due to resource unavailability. |
PAN-166241 | A fix was made to address an improper restriction
of XML external identity (XXE) reference in the PAN-OS web interface
that enabled an authenticated administrator to read any arbitrary
file from the file system and send a specifically crafted request
to the firewall that caused the service to crash (CVE-2021-3055). |
PAN-164922 | Fixed an issue on Panorama where a context
switch to a managed firewall running PAN-OS 8.1.0 to PAN-OS 8.1.19
failed. |
PAN-164846 | Fixed an issue where packet buffers were
depleted. |
PAN-164422 | (VM-Series firewalls only) A fix
was made to address improper access control that enabled an attacker
with authenticated access to GlobalProtect portals and GlobalProtect
gateways to connect to the EC2 instance metadata endpoint for VM-Series
firewalls hosted on Amazon Web Services (AWS) (CVE-2021-3062). |
PAN-160744 | Fixed an issue where the negative time difference
between the dataplane and the management plane during the client
certificate info check prevented the GlobalProtect client from connecting
to the GlobalProtect gateway with the following error message: Required client certificate not found. |
PAN-160708 | Fixed an issue where the dataplane restarted
after configuring a a deny_all policy. |
PAN-158723 | A fix was made to address an improper handling
of exception conditions in the PAN-OS dataplane that enabled an
unauthenticated network-based attacker to send specifically crafted
traffic through the firewall that caused the service to crash (CVE-2021-3053). |
PAN-158262 | A buffer overflow vulnerability in the Telnet-based
administrative management service included with PAN-OS software
allows remote attackers to execute arbitrary code. A fix was
made to address a buffer overflow vulnerability in the Telnet-based
administrative management service included with PAN-OS that allowed
a remote attacker to execute arbitrary code (CVE-2020-10188). |
PAN-157834 | Fixed an issue with missing zone entries
in CSV or PDF export files. |
PAN-157730 | Fixed an issue where, after a firewall reboot,
a commit or auto-commit operation failed with the following error
message: ID population failed. This
issue occurred because the Phase1 ID assignment failure did not
trigger an idmgr reset. |
PAN-157632 | Fixed an intermittent issue where the firewall
dropped GPRS Tunneling Protocol (GTP-U) traffic with the message TEID=0x00000000. |
PAN-157346 | Fixed an issue where HIP custom checks for
plist failed when the HIP exclusion category were configured under
(Mobile User Template > Network > GlobalProtect > Portal<portal-config>
> Agent<agent-config> > HIP Data Collection). |
PAN-156225 | (PA-3200 Series firewalls only)
Fixed an issue where the HA1-B port remained down after an upgrade
from PAN-OS 9.1.4 to later 9.1 releases and from PAN-OS 10.0.0 to
PAN-OS 10.0.4. |
PAN-155532 | Fixed an issue where the mgmtsrv process restarted
due to a missing protective check around access to potentially NULL
pointers. |
PAN-154526 | Fixed an issue where a process (genindex.sh) caused
high memory usage on the management plane. Due to the resulting
out-of-memory (OOM) condition, multiple processes stopped responding. |
PAN-154376 | Fixed an issue where a process (mgmtsrvr) stopped
responding and was inaccessible through SSH or HTTPS until the firewall
was power cycled. |
PAN-153908 | (PA-5000 Series firewalls only)
Fixed an issue where the show vpn flow CLI
command displayed incorrect details. |
PAN-153382 | Fixed an issue where the per-minute resource
monitor was three minutes behind. |
PAN-153261 | Fixed an issue where not all fragmented
packets were transmitted, which caused increased packet buffer usage. |
PAN-153107 | Fixed an issue where a dataplane process
stopped responding while processing fragmented traffic on GTP-U
tunnels. |
PAN-151120 | Fixed an issue where the SYN-ACK packet
matched stale entries in the session flow table and was dropped
on the firewall with the following error message: Inactive flow state 0. |
PAN-150337 | A fix was made to address a reflect cross-site
scripting (XSS) vulnerability in the PAN-OS web interface that enabled
an authenticated network-based attacker to mislead another authenticated
PAN-OS administrator to click on a specially crafted link that performed
arbitrary actions in the web interface as the targeted authenticated
administrator (CVE-2021-3052). |
PAN-149501 | A fix was made to address a memory corruption
vulnerability in the GlobalProtect Clientless VPN that enabled an
authenticated attacker to execute arbitrary code with root user
privileges during SAML authentication (CVE-2021-3056). |
PAN-147221 | Improved QoS scheduling for Bidirectional
Forwarding Detection (BFD) and BGP to address the internal handling
of BGP and BFD packets under high resource constraints |
PAN-146250 | Fixed an issue where, in two separate but
simultaneous sessions, the same software packet buffer was owned
and processed. |
PAN-146107 | Fixed an issue where memory allocation failure
caused a process (pan_comm) to restart several times,
which caused the firewall to restart. |
PAN-143426 | Fixed a memory leak issue where a process (devsrvr)
restarted due to the memory limit being exceeded. |
PAN-138727 | A fix was made to address a time-of-check
to time-of-use (TOCTOU) race condition in the PAN-OS web interface
that enabled an authenticated administrator with permission to upload
plugins to execute arbitrary code with root user privileges (CVE-2021-3054). |
PAN-128634 | A debug command was added to provide more
verbose output when troubleshooting packet processing on the firewall. |
PAN-120013 | Fixed an issue where secure communication
settings were incorrectly synchronized between Panorama appliances
in an HA configuration. |
PAN-119922 | Fixed an issue in Panorama where the show config diff command
was not working correctly and produced unexpected output. |
PAN-118667 | Fixed an issue where firewall policy configurations
displayed [object Object] instead of the
object names. |
PAN-115541 | Fixed an issue where removing a cipher from
an SSL/TLS profile did not take effect if it was attached to the
management interface. |
PAN-110429 | Fixed an issue with firewalls in an HA configuration
where multiple all_pktproc processes stopped responding
due to missing heartbeats, which caused service outages. |