PAN-OS 10.0.10 Addressed Issues
Focus
Focus

PAN-OS 10.0.10 Addressed Issues

Table of Contents
End-of-Life (EoL)

PAN-OS 10.0.10 Addressed Issues

PAN-OS® 10.0.10 addressed issues.
Issue ID
Description
PAN-190175 and PAN-190223
A fix was made to address an OpenSSL infinite loop vulnerability in the PAN-OS software (CVE-2022-0778).
PAN-189665
(FIPS-CC enabled firewalls only) Fixed an issue where the firewall was unable to connect to log collectors after an upgrade due to missing cipher suites.
PAN-185616
Fixed an issue where the firewall sent fewer logs to the system log server than expected. With this fix, the firewall accommodates a larger send queue for syslog forwarding to TCP syslog receivers.
PAN-185163
Fixed an issue where the distributord process hit the FD limit, which caused User-ID redistribution to not function properly.
PAN-184693
Fixed an issue that caused the slotd process to stop responding due to an incorrect response from etcd lock API.
PAN-183862
Fixed an issue where, after a CN-NGFW pod failed-over to the second CN-MGMT pod, the configuration was not synchronized between the new CN-MGMT pod and the CN-NGFW pod.
PAN-183774
Fixed an memory leak issue in the mgmtsrvr process, which resulted in an out-of-memory (OOM) condition and high availability (HA) failover.
PAN-183239
Fixed an issue where the firewall randomly disconnected from the WildFire URL cloud.
PAN-182903
Fixed an issue where SD-WAN failover on a hub or branch in full mesh took longer than expected.
PAN-181839
Fixed an issue where Panorama Global Search reported No Matches found while still returning results for matching entries on large configurations.
PAN-181039
Fixed an issue with DNS cache depletion that caused continuous DNS retries.
PAN-181031
Fixed an issue where the CN-NGFW (DP) folder on the CN-MGMT pod eventually consumed a large amount of space in the /var/log/pan because the old registered stale next-generation firewall logs were not being cleared.
PAN-180916
Fixed an issue where DNS security caused the TTL (time-to-live) value of the pointer record (PTR) to be overwritten with a value of 30 seconds.
PAN-179982
Fixed an issue where an OOM condition occurred due to quarantine list redistribution.
PAN-179976
Fixed an issue where the WildFire Inline Machine Learning (ML) did not detect mlav-test-pe-file.exe when traffic was decrypted.
PAN-179703
Fixed an issue where dataplane interfaces weren't released when the secured application pods were deleted.
PAN-179413
Fixed an issue where GRE tunnels flapped during commit jobs.
PAN-179321
A validation error was added to inform an administrator when a policy field contained the value any.
PAN-179274
Fixed an issue on high availability configurations where, after upgrading to PAN-OS 9.1.10, PAN-OS 10.0.6, or PAN-OS 10.1.0, the HA1 and HA1-Backup link stayed down. This issue occurred when the peer firewall IP address was in a different subnet.
PAN-179164
Fixed an issue where a web-proxy port number was added to the destination URL when captive portal authentication was run.
PAN-179059
Fixed an issue where you were unable to delete dynamic address groups one at a time using XML API.
PAN-178947
Fixed an issue where the useridd process stopped responding when a NULL reference attempted to be dereferenced. This issue occurred to IP address users being added.
PAN-177907
Fixed an issue where, after rebooting the firewall, FQDN address objects referred in rules in a virtual system (vsys) did not resolve when the vsys used a custom DNS proxy.
PAN-177878
Fixed an issue where a role-based admin with Operational Requests enabled under the XML API section was unable to set the License Deactivation API key.
PAN-177626
Fixed an issue where aggressive situations caused on-chip descriptor exhaustion.
PAN-177551
A fix was made to address a vulnerability that enabled an authenticated network-based administrator to upload a specifically created configuration that disrupted system processes and was able to execute arbitrary code with root privileges when the configuration was committed (CVE-2022-0024).
PAN-177187
Fixed an issue where reports using the decryption summary database and Panorama as data sources returned no results.
PAN-177170
Fixed an issue on Panorama where a log collector group commit deleted the proxy settings configured on dedicated log collectors.
PAN-176889
Fixed an issue where the log collector continuously disconnected from Panorama due to high latency and a high number of packets in Send-Q.
PAN-176703
Fixed an issue that occurred after upgrading to a PAN-OS 9.0 or later release where commits to the firewall configuration failed with the following error message: statistics-service is invalid.
PAN-176348
Fixed an issue where scheduled email alerts were not forwarded to all recipients in the override list.
PAN-175716
Fixed an issue where sorting address groups by name, address, or location did not work on a device group that was part of a nested device group.
PAN-175628
(PA-5200 Series firewalls only) Fixed an issue where the firewall was unable to monitor AUX1 and AUX2 interfaces through SNMP.
PAN-175259
Fixed an issue where a Security policy configured with App-ID and set to web-browsing and application-default service allowed clear-text web-browsing on tcp/443.
PAN-175161
Fixed an issue where changing SSL connection validation settings for system logs caused the mgmtsrvr process to stop responding.
PAN-174809
Fixed an issue where a process (all_pktproc) restarted.
PAN-174607
Fixed an intermittent issue where, when Security profiles were attached to a policy, files that were downloaded across TLS sessions decrypted by the firewall were malformed.
PAN-174587
Fixed an issue where, in the case of multiple AWS Partner Network (APN) connections, the GPRS tunneling protocol (GTPv2) Create Session Requests were sent to the firewall within a short interval, which caused the firewall to create the GTP-sessions incorrectly.
PAN-174011
Fixed an issue where Panorama failed to update shared policies during partial commits when a new device group was created but not yet committed.
PAN-171345
Fixed an issue where firewalls experienced high packet descriptor usage due to internal communication associated with WildFire.
PAN-171181
Fixed an issue where the IPSec tunnel configuration didn't load when a double quotation mark was added to the comment section of the IPSec tunnel General tab.
PAN-171104
Fixed an issue where a race-condition check returned a false negative, which caused a process (all_task) to stop responding and generate a core file.
PAN-170952
Fixed script issues that caused diagnostic data to not be collected after path monitor failure.
PAN-168400
Fixed an issue where, after installing Cloud Services plugin 10.2, the Plugin cloud_services status (Dashboard > High Availability) displayed as Mismatch.
PAN-168286
Fixed a memory leak issue in the mgmtsrvr process that was caused by failed commit all operations.
PAN-167849
Fixed an issue where URL Filtering incorrectly identified the firewall serial number in the certificate Common Name field as the IP address.
PAN-164871
(VM-Series firewalls only) Fixed an intermittent issue where deactivating the firewall via XML API using manual mode failed. This occurred because the size of the license token file was incorrect.
PAN-163245
Fixed an issue where a commit-all or push to the firewall from Panorama failed with the following error message: client routed requesting last config in the middle of a commit/validate. Aborting current commit/validate.
PAN-161297
Fixed an interoperability issue with other vendors when IKEv2 used SHA2-based certificate authentication.
PAN-155448
Fixed an issue where credential detection didn't work in IP address-to-username mapping mode because the firewall compared the unnormalized IP-address-to-username mapping format to the normalized username extracted from the payload where the username and password were submitted.