Is there an issue with threat ID 54314 - ISC DHCP dhclient Network Configuration Script Command Injection Vulnerability?

Is there an issue with threat ID 54314 - ISC DHCP dhclient Network Configuration Script Command Injection Vulnerability?

3929
Created On 11/01/22 13:02 PM - Last Modified 04/22/24 07:18 AM


Question


Is there a potential issue with threat ID 54314 - ISC DHCP dhclient Network Configuration Script Command Injection Vulnerability? Causing False positive alerts.

Environment


- PAN-OS content update version 8635-7675 and newer.

Answer


We are currently tracking an uptick in customer False positive reports for the Threat ID below:

- Unique Threat ID: 54314
- Name: ISC DHCP dhclient Network Configuration Script Command Injection Vulnerability
- Issue started in Apps and Threat content versions 8635-7675 and newer.

We have an escalation open with our content development teams to remediate the issue.
In the meantime, you may consider creating a threat exception to reduce an interruption to production traffic or excessive alerts. 
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm4yCAC

11-11-2022 UPDATE!
A modified vulnerability signature for Threat id 54314 is pending release. Further soak testing and monitoring is required before release.  We will provide an update immediately upon receiving any updates.  

11-16-2022 UPDATE!
Signature False positive issues remediated in Applications and Threat Content Release version 8644 on Tue, Nov 15, 2022 at 9:36 PM.

Please open a new support case if you are noticing any False positive issues after updating content.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kF0xCAE&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language