PAN-OS 8.0.6-h3 Addressed Issues
This PAN-OS® 8.0.6-h3 release includes fixes for four important issues, including the fix that enables all Palo Alto Networks customers running a PAN-OS 8.0 release to immediately protect their networks from the post-authentication command injection vulnerability covered in CVE-2017-15940 (PAN-81892; see PAN-SA-2017-0028 for more details). Note that the security advisory originally misstated that this vulnerability issue (PAN-81892) was addressed in the PAN-OS 8.0.6 release. We have updated the security advisory with the correct information. We strongly recommend that you upgrade to PAN-OS 8.0.6-h3 or a later release to fix the vulnerability reported in CVE-2017-15940.
Issue ID Description
PAN-85938 Fixed an issue where PAN-OS removed the IP address-to-username mappings of end users who logged in to a GlobalProtect internal gateway within a second of logging out from it.
PAN-85055 Fixed an issue where firewalls dropped TCP/UDP-based application traffic over a GlobalProtect VPN tunnel in high latency networks.
PAN-83687 Fixed an issue on Panorama M-Series appliances where the configd process stopped responding during a Commit > Commit and Push operation in which Panorama pushed configuration changes to Collector Groups.
PAN-81892 A security-related fix was made to prevent a command injection condition through the firewall web interface (CVE-2017-15940).

Related Documentation