Attackers can force Palo Alto firewalls into maintenance mode
DoS attacks can compromise the operation of Palo Alto firewalls. Security patches are available for download.
(Image: asharkyu / Shutterstock.com)
Under certain conditions, attackers can exploit a vulnerability in PAN-OS and thus attack Palo Alto Networks firewalls. So far, according to the IT security company, there are no indications of attacks.
The Danger
If attackers successfully exploit the DoS vulnerability (CVE-2026-0227 “high”), they can put devices into maintenance mode. In this state, it can be assumed that the firewall protection is bypassed. In a post, the developers explain that only PAN-OS NGFW and Prisma Access configurations with GlobalProtect gateway/portal enabled are vulnerable.
Videos by heise
Cloud NGFW is reportedly already secured against the described attack. The following security patches have been released for PAN-OS:
- 10.2.7-h32 or 10.2.18-h1
- 10-h30 or 10.2.18-h1
- 10.2.13-h18 or 10.2.18-h1
- 10.2.16-h6 or 10.2.18-h1
- 10.2.18-h1
- 11.1.4-h27 or 11.1.13
- 11.1.6-h23 or 11.1.13
- 11.1.10-h9 or 11.1.13
- 11.1.13
- 11.2.4-h15 or 11.2.10-h2
- 11.2.7-h8 or 11.2.10-h2
- 11.2.10-h2
- 12.1.4
- Prisma Access 10.2.10-h29, 11.2.7-h8
(des)
