Apache Zero Day Vulnerability Response – Week One

December 10, 2021 Update

Next-Generation Firewalls with a Threat Prevention security subscription (running Applications and Threat content update version 8498) can automatically block sessions related to this vulnerability using Threat ID 91991. Additionally, attacker infrastructure is continuously being monitored and blocked.

Based on preliminary research,  the following Palo Alto products are NOT affected by this Apache Log4j vulnerability.

  • • Cortex XSOAR
  • • Global Protect
  • • Prisma Cloud
  • • Cortex XDR
  • • PANOS/NGFW Firewall
  • • CloudGenix SDWAN

Panorama does use a version of affected log4j and Palo Alto’s engineering team is still investigating the exposure.

You can see which version of Panorama uses which version of log4j Panorama uses here.  The versions of log4j that are vulnerable can be found here.