嗯,用户让我帮忙总结一下这篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头,直接写描述就行。首先,我需要仔细阅读文章,理解主要信息。 文章讲的是Palo Alto Networks修复了一个影响GlobalProtect Gateway和Portal的漏洞,CVE编号是CVE-2026-0227,CVSS评分7.7分。这个漏洞允许未经认证的攻击者导致防火墙进入维护模式,从而引发拒绝服务(DoS)攻击。文章还提到了受影响的版本和一些缓解措施。 接下来,我需要提取关键点:公司名称、漏洞名称、影响的产品、漏洞严重性、攻击者的能力、漏洞后果以及是否有PoC存在。然后,把这些信息浓缩成简短的句子。 要注意字数限制在100字以内,所以每个点都要简洁明了。比如,“Palo Alto Networks修复了GlobalProtect中的高危漏洞”这样开头。然后说明漏洞允许未认证攻击者导致防火墙进入维护模式,造成DoS,并且有PoC存在。 最后检查一下有没有遗漏的重要信息,比如受影响的版本和缓解措施可能不需要详细列出,因为用户只要求总结内容。确保语言流畅自然,不使用复杂的术语。 </think> Palo Alto Networks修复了GlobalProtect中的高危漏洞(CVE-2026-0227),该漏洞允许未认证攻击者使防火墙进入维护模式并引发拒绝服务(DoS)。 2026-1-15 11:26:51 Author: securityaffairs.com(查看原文) 阅读量:1 收藏
Palo Alto Networks addressed a GlobalProtect flaw, PoC exists
Palo Alto Networks addressed a flaw impacting GlobalProtect Gateway and Portal, for which a proof-of-concept (PoC) exploit exists.
Palo Alto Networks addressed a high-severity vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), affecting GlobalProtect Gateway and Portal, for which a proof-of-concept (PoC) exploit exists.
GlobalProtect is Palo Alto Networks’ VPN and secure remote-access solution. It gives users a protected connection to their organization’s network by routing their traffic through a Palo Alto firewall, which applies the same security controls used inside the corporate environment.
The flaw affects Palo Alto Networks PAN-OS and allows an attacker to disrupt a firewall without authentication.
“A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall.” reads the advisory. “Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.”
By repeatedly exploiting the vulnerability, an attacker can force the device into maintenance mode, causing a denial-of-service condition that interrupts network traffic and firewall protection until administrators intervene.
Below is the list of the impacted versions:
| Versions | Affected | Unaffected |
|---|---|---|
| Cloud NGFW | None | All |
| PAN-OS 12.1 | < 12.1.3-h3 < 12.1.4 | >= 12.1.3-h3 >= 12.1.4 |
| PAN-OS 11.2 | < 11.2.4-h15 < 11.2.7-h8 < 11.2.10-h2 | >= 11.2.4-h15 (ETA: 1/14/2026) >= 11.2.7-h8 >= 11.2.10-h2 |
| PAN-OS 11.1 | < 11.1.4-h27 < 11.1.6-h23 < 11.1.10-h9 < 11.1.13 | >= 11.1.4-h27 >= 11.1.6-h23 >= 11.1.10-h9 >= 11.1.13 |
| PAN-OS 10.2 | < 10.2.7-h32 < 10.2.10-h30 < 10.2.13-h18 < 10.2.16-h6 < 10.2.18-h1 | >= 10.2.7-h32 >= 10.2.10-h30 >= 10.2.13-h18 >= 10.2.16-h6 >= 10.2.18-h1 |
| PAN-OS 10.1 | < 10.1.14-h20 | >= 10.1.14-h20 |
| Prisma Access 11.2 | < 11.2.7-h8* | >= 11.2.7-h8* |
| Prisma Access 10.2 | < 10.2.10-h29* | >= 10.2.10-h29* |
The cybersecurity vendor states that the vulnerability affects only PAN-OS or Prisma Access setups where the GlobalProtect gateway or portal is enabled.
The vulnerability doesn’t impact Cloud Next-Generation Firewall (NGFW). At the time of this writing, Palo Alto Networks is not aware of attacks in the wild exploiting this vulnerability.
In December 2025, a hacking campaign started targeting GlobalProtect logins and scanning SonicWall APIs since December 2, 2025.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, GlobalProtect)
如有侵权请联系:admin#unsafe.sh