PAN-OS 9.1.11-h2 Addressed Issues

PAN-OS® 9.1.11-h2 addressed issues.
Issue ID
Description
PAN-178814
Fixed an issue where autocommits failed when upgrading from a PAN-OS 8.1 release to a PAN-OS 9.1 release due to large configurations with a high number of policies with reference to IP addresses.
PAN-176661
Fixed an issue in Simple Certificate Enrollment Protocol (SCEP) (CVE-2021-3060).
PAN-176655 and PAN-158334
A fix was made to address an OS command injection vulnerability in the PAN-OS CLI that enabled an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges (CVE-2021-3061).
PAN-176653
A fix was made to address an OS command injection vulnerability in the PAN-OS web interface that enabled an authenticated administrator with permissions to use XML API to execute arbitrary OS commands to escalate privileges (CVE-2021-3058).
PAN-176618
A fix was made to address an OS command injection vulnerability in PAN-OS that existed when performing dynamic updates (CVE-2021-3059).
PAN-176461
Fixed an issue where a process (mdb) stopped responding after downgrading from a PAN-OS 9.1 release to an earlier release due to discrepancies in the mongodb process version.
To utilize this fix, first install a PAN-OS 9.0 release on the web interface, and then, prior to reboot, run the following CLI command:
debug mongo clear instance mdb
. Running this command removes any historical operational data (such as rule hit counts, monitoring data, and so on) collected on Panorama.
PAN-176131
Fixed an issue where the Simple Network Management Protocol (SNMP) object identifier (OID) for
panSessionCps
did not show the correct session count.
PAN-169173
Fixed an issue where, if you continuously performed partial commits of a configuration with a high number of Dynamic Address Groups, Panorama became unresponsive and commits were slower than expected.

Recommended For You