{"id":6579,"date":"2026-01-16T00:22:31","date_gmt":"2026-01-16T00:22:31","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=6579"},"modified":"2026-01-16T00:22:31","modified_gmt":"2026-01-16T00:22:31","slug":"palo-alto-networks-patches-firewalls-after-discovery-of-a-new-denial-of-service-flaw","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=6579","title":{"rendered":"Palo Alto Networks patches firewalls after discovery of a new denial-of-service flaw"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Palo Alto Networks has issued patches for its PAN-OS firewall platform after a researcher uncovered a high-severity vulnerability which could be exploited by attackers to cause a denial-of-service (DoS).<\/p>\n<p>The flaw, identified as CVE-2026-0227 with a CVSS 7.7 (\u2018high\u2019) severity rating, affects customers running PAN-OS NGFW (Next-Generation Firewall) or Prisma Access configurations with the company\u2019s GlobalProtect remote access gateway or portal enabled.<\/p>\n<p>Unpatched, this would make it possible for \u201can unauthenticated attacker to cause a denial of service to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode,\u201d said <a href=\"https:\/\/security.paloaltonetworks.com\/CVE-2026-0227\" target=\"_blank\" rel=\"noopener\">Palo Alto\u2019s advisory<\/a>.<\/p>\n<p>The company doesn\u2019t spell out the implications of a firewall entering maintenance mode, but it\u2019s hard to imagine it wouldn\u2019t cause network outages as admins scrambled to address the issue.<\/p>\n<p>Although Palo Alto Networks said it wasn\u2019t aware of exploitation in the wild, the advisory also states that the issue was reported to it by an unnamed researcher, and that proof of concept (PoC) code exists.<\/p>\n<p>Given that PoCs have a habit of leaking out or being independently reproduced, this makes Palo Alto\u2019s description of the issue as being of \u201cmoderate urgency\u201d read as optimistic.<\/p>\n<p>This new vulnerability brings to mind an almost identical Palo Alto Networks DoS issue from late 2024, <a href=\"https:\/\/security.paloaltonetworks.com\/CVE-2024-3393\" target=\"_blank\" rel=\"noopener\">CVE-2024-3393<\/a>, that also put affected firewalls into maintenance mode. On that occasion, attackers found out about the issue before patches appeared, making it a zero-day vulnerability.\u00a0<\/p>\n<p>More recently, in December, threat intelligence company <a href=\"https:\/\/www.networkworld.com\/article\/4109637\/attackers-bring-their-own-passwords-to-cisco-and-palo-alto-vpns-2.html\" target=\"_blank\" rel=\"noopener\">GreyNoise noticed<\/a> an uptick in automated login attempts targeting both GlobalProtect and Cisco VPNs, while earlier in 2025, PAN-OS was affected by a serious <a href=\"https:\/\/www.networkworld.com\/article\/3825364\/palo-alto-networks-firewall-bug-being-exploited-by-threat-actors-report.html\" target=\"_blank\" rel=\"noopener\">zero day flaw<\/a>, CVE-2025-0108, that allowed attackers to bypass login authentication.<\/p>\n<p>\u201cAccording to Palo Alto Networks\u2019 <a href=\"https:\/\/security.paloaltonetworks.com\/\" target=\"_blank\" rel=\"noopener\">security advisories<\/a>, the company has reported almost 500 vulnerabilities to date, many of which affected PAN-OS. A significant minority related to DoS issues,\u201d a spokesperson for threat intelligence company Flashpoint observed. \u201c[But] a notable portion of Palo Alto disclosures historically did not receive CVE identifiers, particularly older PAN-OS issues, which can complicate longitudinal comparison across vendors.\u201d<\/p>\n<h2 class=\"wp-block-heading\">Who is affected?<\/h2>\n<p>The good news is that most customers using the company\u2019s cloud-delivered Secure Access Service Edge (SASE) platform, Prisma Access, have already been patched.<\/p>\n<p>\u201cWe have successfully completed the Prisma Access upgrade for most of the customers, with the exception of few in progress due to conflicting upgrade schedules. Remaining customers are being promptly scheduled for an upgrade through our standard upgrade process,\u201d said the advisory.<\/p>\n<p>That leaves a not inconsiderable number of PAN-OS NGFW customers using the GlobalProtect gateway or portal who will need to apply the patch themselves. Although Palo Alto said there are no known workarounds,  to mitigate the issue, it might be possible to temporarily disable the VPN interface at the cost of losing remote access until patching is complete.<\/p>\n<p>Palo Alto Networks has published a <a href=\"https:\/\/security.paloaltonetworks.com\/CVE-2026-0227#:~:text=Solution,later.%2A,-%2A%20See\" target=\"_blank\" rel=\"noopener\">detailed table<\/a> of applicable patches which vary depending on the underlying PAN-OS version (12.1, 11.2, 11.1 10.2) in use. Versions older than 10.2 are unsupported; the fix is to update to a supported patched version.<\/p>\n<h2 class=\"wp-block-heading\">Availability disruption<\/h2>\n<p>According to Flashpoint, a DoS state wouldn\u2019t expose enterprises to a wider security threat. \u201cModern enterprise firewalls are designed to \u2018fail closed\u2019 rather than \u2018fail open\u2019. Entering maintenance mode due to a DoS condition is therefore more accurately characterized as a potential availability disruption than a direct security exposure,\u201d said the spokesperson. \u201cThe core risk here appears to be resilience rather than compromise.\u201d<\/p>\n<p><em>This article originally appeared on <a href=\"https:\/\/www.networkworld.com\/article\/4117630\/palo-alto-networks-patches-firewalls-after-discovery-of-a-new-denial-of-service-flaw.html\" target=\"_blank\" rel=\"noopener\">NetworkWorld<\/a>.<\/em><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Palo Alto Networks has issued patches for its PAN-OS firewall platform after a researcher uncovered a high-severity vulnerability which could be exploited by attackers to cause a denial-of-service (DoS). The flaw, identified as CVE-2026-0227 with a CVSS 7.7 (\u2018high\u2019) severity rating, affects customers running PAN-OS NGFW (Next-Generation Firewall) or Prisma Access configurations with the company\u2019s [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":6580,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-6579","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/6579"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6579"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/6579\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/6580"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6579"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6579"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}