Good Afternoon,
Did anyone else receive a bunch of findings for Palo Alto GlobalProtect App this week indicating an HKEY as proof? I verified my devices have an unaffected version greater than what Palo Alto indicates is vulnerable yet I’m still getting hits for all of these findings. I opened a case with Rapid7 as well but looking to see if anyone else is experiencing this recently.
Yes, same on my side. I put in a fp ticket.
I opened a case for it as well, the support folks noted that software updates/uninstalls should remove all remnants of it from the registry keys. I’m assuming something in our update process caused that to not happen during install. Then somehow this reg key was added to the proof of the vulnerability recently because for the past few months I haven’t seen any findings for this. If that isn’t the case then I have no idea. I would be curious @jgoins if you use ManageEngine to install your updates
We have noticed that Palo Alto has been releasing hotfixes more frequently over the past six months to address security issues, instead of updating the full version number. Previously, we did not experience problems with their updates, but this recent change in approach seems different. We are wondering if this shift is related to these still being reported as vuln’s.
Hopefully they realize this is a false positive and issue an update to remove it as a vulnerability.
Has anyone received any updates on this? If not, I’m about to submit an official case. I was hopeful it would have resolved itself by now. Palo released another HF version a few weeks ago, which we deployed, but this issue is still lingering.
They emailed me back and said something along the lines of it was a false positive but I think I just excluded all of the findings because they still recommended I clean up the uninstall HKEYs that were floating about