Enable signatures for Unique Threat IDs 91820 and 91855 - CVE-2021-3063

Enable signatures for Unique Threat IDs 91820 and 91855 - CVE-2021-3063

13865
Created On 11/15/21 19:30 PM - Last Modified 11/15/21 19:30 PM


Objective


Workaround : Enable signatures for Unique Threat IDs 91820 and 91855 - CVE-2021-3063 until we upgrade PAN OS to 10.1.3, 10.0.8-h4, 9.1.11-h3,9.0.14-h4, 8.1.21

Environment


PAN OS version less then 10.1.3, 10.0.8-h4, 9.1.11-h3,9.0.14-h4, 8.1.21

Procedure


Step1. Clone Vulnerability Protection Profile.
User-added image

Step2. Edit the clone Vulnerability Protection Profile go to exceptions tab check show all signatures.
Search for threat id 91855 and enable signature change action to reset both or drop.
User-added image
Do it same for threat id 91820 and enable signature change action to reset both or drop.
User-added image

Step3. Create security policy with action Allow and apply Vulnerability Protection Profile.
User-added image

Additional Information


PAN-OS 9.1.11-h3 Addressed Issues (CVE-2021-3063).
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-11-h3-addressed-issues
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oMliCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language