PAN-OS 8.0.6-h3 Addressed Issues
PAN-OS® 8.0.6-h3 addressed issues
This PAN-OS® 8.0.6-h3 release includes fixes for four important issues, including the fix that enables all Palo Alto Networks® customers running a PAN-OS 8.0 release to immediately protect their networks from the post-authentication command injection vulnerability covered in CVE-2017-15940 (PAN-81892; see PAN-SA-2017-0028 for more details). Note that the security advisory originally misstated that this vulnerability issue (PAN-81892) was addressed in the PAN-OS 8.0.6 release. We have updated the security advisory with the correct information. We strongly recommend that you upgrade to PAN-OS 8.0.6-h3 or a later release to fix the vulnerability reported in CVE-2017-15940.
Fixed an issue where PAN-OS removed the IP address-to-username mappings of end users who logged in to a GlobalProtect™ internal gateway within a second of logging out from it.
Fixed an issue where firewalls dropped TCP/UDP-based application traffic over a GlobalProtect VPN tunnel in high latency networks.
Fixed an issue on Panorama™ M-Series appliances where the configd process stopped responding during a Commit Commit and Push operation in which Panorama pushed configuration changes to Collector Groups.
A security-related fix was made to prevent a command injection condition through the firewall web interface (CVE-2017-15940).