CVE-2025-0128: The PAN-OS Bug That Can Knock Your Network Offline

1. The Bottom Line (Executive Summary)

Listen up: There’s a Denial-of-Service (DoS) vulnerability, tagged CVE-2025-0128, messing with the Simple Certificate Enrollment Protocol (SCEP) feature in a bunch of Palo Alto Networks’ PAN-OS versions.¹ This isn’t just a minor hiccup; it’s a real threat to keeping your network up and running if you’re using their firewalls.

Here’s the deal: A remote attacker, needing zero credentials, can send a specially crafted packet and force your firewall to reboot.¹ Hammer it repeatedly, and they can push the firewall into maintenance mode, meaning extended downtime.¹ And the real kicker? You don’t even need to have SCEP configured or turned on to be vulnerable.² If you’re running an affected PAN-OS version, you’re potentially exposed.

This bug hits PAN-OS versions 10.1, 10.2, 11.0, 11.1, and 11.2 (we’ll get to the specifics). Older, End-of-Life (EoL) versions like 10.0 and below? Assume they’re vulnerable too, and they won’t get fixed.² Good news if you’re on Cloud NGFW – you’re safe.¹ Prisma Access users? Palo Alto already patched you up.¹

The fix? Upgrade your PAN-OS. That’s the main advice.² If you’re certain you don’t use SCEP, there’s a temporary CLI command (debug sslmgr set disable-scep-auth-cookie yes). But warning: this command disappears after a reboot, making it a shaky fix at best.²

Right now, Palo Alto says they haven’t seen this actively exploited in the wild.² But don’t let that fool you. It’s easy to trigger (no auth, low complexity), so the vendor slapped a “MODERATE” urgency on it.² This is especially bad news for places like universities and hospitals that absolutely need their networks running 24/7.

If you’ve got Palo Alto firewalls, read on. You need to know if you’re affected and get patching, pronto.

1. The Nitty-Gritty: What Makes CVE-2025-0128 Tick?
2. How the Attack Works

CVE-2025-0128 is all about messing with the SCEP authentication code in PAN-OS.¹ An attacker sends a bad packet aimed at this feature.¹ The firewall tries to process it, chokes (likely crashes a process), and reboots itself to recover.¹ Keep hitting it with those bad packets, and you can lock it into maintenance mode.¹

Tech details point to CWE-754 (Improper Check for Unusual or Exceptional Conditions) and CAPEC-153 (Input Data Manipulation).² Translation: The firewall code doesn’t properly handle weird or unexpected data in that SCEP packet. It hits an edge case, freaks out because there’s no good error check, and boom – DoS.³ This smells like sloppy input validation in the SCEP code path.

1. Who’s on the Hook? (Affected Software)

This isn’t hitting just one old version. Several major PAN-OS releases are vulnerable. You need to upgrade to get safe. Check Table 1 for the hit list and the safe versions.²

(Table 1: Affected PAN-OS Versions and Fixed Releases – See Section V.A below)

Big Red Flag: Older PAN-OS versions (10.0, 9.1, 9.0, and earlier) are EoL.² PAN-OS 11.0 got a patch before its EoL, but the others won’t be fixed for this CVE.² If you’re running EoL software, you are vulnerable.² Plus, you’re missing patches for tons of other bugs. Running EoL gear is like leaving your front door wide open.

Who’s safe? Cloud NGFW users, you’re good.¹ Prisma Access folks? Palo Alto patched you by March 21, 2025.¹

1. Do I Need SCEP Enabled? (Exposure Conditions)

Here’s the critical part: NO, you DO NOT need SCEP configured or actively used to be vulnerable.² Any unpatched PAN-OS box running an affected version can potentially get hit if the malicious packet reaches an interface where the buggy code can process it.

This blows the attack surface wide open. Just checking your config won’t tell you if you’re safe. The bug likely lives in code that handles SCEP packets early on, even if the full feature isn’t turned on. Assume any unpatched, affected firewall is at risk, regardless of its role or settings. Patching is key.

III. How Widespread is This Problem? (Scope & Prevalence)

1. Palo Alto’s Footprint

Let’s face it, Palo Alto Networks is a giant in the network security world. They own a huge chunk of the market – Omdia says 28.4% of network security in 2024 ¹³, IDC says 22.4% of security appliance revenue in Q2 2024.¹⁴ They’re up there with Fortinet, Cisco, and Check Point.¹³

Their revenue numbers are massive (think $8 billion in FY24, heading towards $9+ billion ¹⁷), which tells you how many of their boxes are out there. They’re in every sector: finance, healthcare, government, education – you name it.¹⁹

So, CVE-2025-0128 isn’t some niche bug. It hits a core piece of network gear used by tons of organizations worldwide. A DoS attack here could cause serious, widespread chaos.

1. Why Firewall DoS Matters

PAN-OS firewalls aren’t just sitting in a corner. They’re your gatekeepers (perimeter), traffic cops (internal segmentation), and secure tunnels (VPNs).²²

Knocking one out with CVE-2025-0128 isn’t just about the firewall being down.

• Perimeter down? Kiss your internet connection or cloud access goodbye.
• Internal segmentation down? Internal traffic grinds to a halt, security zones vanish, business processes break.

This bug is a systemic risk. It’s remote, needs no login, and hits critical infrastructure. The vendor calls it “Medium” severity (because it doesn’t steal data), but taking down your main firewall feels pretty HIGH impact if you ask us.

1. Attacker’s Playbook: Risk & Exploitability
2. The Attack Scenario: Easy Mode

CVE-2025-0128 is worryingly straightforward for an attacker:

• Remote: They can hit you from anywhere online (AV:N).¹
• No Login Needed: Zero authentication required (PR:N).¹
• Low Complexity: Just need to craft the right packet (AC:L).²
• No User Click Needed: Doesn’t rely on phishing or tricking users (UI:N).²
• Automatable: Scripts can likely do the dirty work (AU:Y).²

Put it all together: This is low-hanging fruit for attackers. Even script kiddies could potentially cause disruption once an exploit drops. Perfect for nuisance attacks, hacktivism, or maybe a smokescreen for a bigger intrusion.

1. What’s the Damage? (Impact & Severity)

The only direct hit here is Availability.¹ The firewall reboots, maybe gets stuck in maintenance mode.¹ Your network goes down. That’s why the CVSS scores show High or Complete availability impact (VA:H, A:C, A:H).¹

What it doesn’t do:

• Steal data (Confidentiality Impact: None / VC:N, C:N).²
• Modify data or configs (Integrity Impact: None / VI:N, I:N).²

You’ll see different CVSS scores floating around. Here’s the rundown:

Table 2: CVE-2025-0128 CVSS Score Cheat Sheet

 

Source	CVSS Ver	Vector String	Score	Severity	The Gist
Palo Alto Networks	v4.0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N	8.7	HIGH	Max potential impact (Base Score) 2
Palo Alto Networks	v4.0	(… + E:U/AU:Y/R:U/V:C/RE:M/U:Amber)	6.6	MEDIUM	Current threat level (Threat Score), factoring in no known exploit 2
NVD / Tenable	v3.x	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5	HIGH	Older score, emphasizes high availability impact 1
NVD / Tenable	v2.0	CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C	7.8	HIGH	Even older score, also high due to availability impact 1
Palo Alto Networks	v4.0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L	5.3	MEDIUM	Base Score for Prisma Access (needs auth there) 2
Palo Alto Networks	v4.0	(… Prisma + E:U/AU:Y/R:U/V:C/RE:M/U:Amber)	1.3	LOW	Threat Score for Prisma Access 2

Why the different scores? CVSSv4 tries to separate theoretical risk (Base=HIGH) from current reality (Threat=MEDIUM, because no exploits seen yet). Older versions just saw “firewall down = HIGH risk”. Bottom line: While the current threat might be Medium, the potential pain of an outage is still High.

1. Exploits in the Wild?

Good news for now: Palo Alto Networks says they “are not aware of any malicious exploitation of this issue”.² We couldn’t find any public Proof-of-Concept (PoC) code or ready-to-fire exploits either. Exploit Maturity is officially “Unreported” (E:U).²

Keep in mind, SCEP bugs have been nasty before (like CVE-2021-3060, which allowed root RCE ²⁶). This one (CVE-2025-0128) is just DoS, but it shows SCEP code can be fragile.

No active attacks = lower immediate risk. But the vulnerability details are public.⁴ Smart people (good and bad) can now figure out how to build an exploit. Unauthenticated remote DoS is still a useful tool for causing trouble. The risk is sleeping, not gone. Patching is the smart move.

1. Can Attackers Chain This?

Directly? No. CVE-2025-0128 just causes DoS.¹ It doesn’t give attackers code execution, admin rights, data access, or a way to stick around on your firewall.

Could it be part of a bigger attack? Maybe, but it’s clunky:

• Force a failover to a weaker secondary path? Possible.
• Create a distraction while they hit something else? Sure.
• Exploit sloppy procedures during the reboot/recovery? Perhaps.

But compared to bugs that give direct control, using this DoS as a pivot point seems unlikely. Its main use is disruption. Focus on stopping the DoS itself.

1. Lock It Down: Defense and Detection
2. Patch, Patch, Patch! (Primary Fix)

The best, most reliable way to kill CVE-2025-0128 is to upgrade PAN-OS to a fixed version.² Patching removes the bug entirely.

Here’s the cheat sheet for affected versions and the minimum safe harbor release ²:

Table 1: PAN-OS CVE-2025-0128 Patch Guide

 

Affected Major Version	Vulnerable If Running…	Upgrade To At Least…
PAN-OS 11.2	Below 11.2.3	11.2.3
PAN-OS 11.1	Below 11.1.5	11.1.5
PAN-OS 11.0	Below 11.0.6	11.0.6 (Note: 11.0 is now EoL)
PAN-OS 10.2	Below 10.2.10-h17	10.2.11 (Recommended target) 2
PAN-OS 10.1	Below 10.1.14-h11	10.1.14-h11
EoL Versions	10.0, 9.1, 9.0, earlier	A currently supported, fixed version

Heads-up on 10.2: The official advisory ² says >=10.2.10-h17 is safe, but the solution section and news reports ³ point to 10.2.11. Play it safe, aim for 10.2.11 or later if you’re on that train.

Running EoL PAN-OS? You’re presumed vulnerable.² Upgrading to a supported, patched version is non-negotiable. You’re dodging this bullet and countless others.

1. The Temporary Fix (Use With Extreme Caution)

If you absolutely cannot patch right away, and you are 100% sure you don’t use SCEP, there’s a CLI command ²:

> debug sslmgr set disable-scep-auth-cookie yes ²

BIG WARNING: Palo Alto explicitly states: “This workaround is effective only until the next reboot, after which you must rerun this command to stay protected”.² Debug commands generally don’t stick around after a reboot.²⁹

This makes the workaround highly unreliable for anything other than a very short-term stopgap. A power outage, a crash (maybe from this bug!), or planned maintenance will wipe out the protection without warning. Don’t rely on this. Use it only while you’re actively scheduling the real patch, and be ready to re-run it every single time the box restarts.

1. Spotting Trouble (Detection & Monitoring)

Bad news here: Palo Alto hasn’t released any specific Threat Prevention signatures (like IPS rules) or other dedicated tools to spot CVE-2025-0128 attacks.² While you can import custom Snort/Suricata rules into PAN-OS ³⁸, we didn’t find any community rules specifically for this CVE yet.

So, detection is mostly about watching for the symptoms:

1. Monitor Firewall Health: Keep a close eye on your firewalls. Are they rebooting unexpectedly? Going into maintenance mode frequently? These are red flags.
2. Network Traffic Analysis: Look for weird SCEP traffic. Hard to do without knowing exactly what the malicious packet looks like, so expect false positives. General anomaly detection might catch something, but likely won’t pinpoint this specific attack.
3. Log Everything: Make sure your PAN-OS logs (system, config, maybe traffic) are shipped to a SIEM. If a firewall suddenly reboots, check the logs right before the event for clues. The DoS might limit useful logs, though.

The lack of specific signatures highlights why patching is crucial. You can’t reliably detect this; you need to prevent it.

1. Sector Spotlight: Who Gets Hurt Most?

While any network outage is bad, CVE-2025-0128 could be catastrophic for certain sectors. Let’s look at Higher Education and Healthcare.

1. Higher Education: Campus Chaos

The Scene: Universities run massive, complex networks. Students, faculty, staff, researchers, guests – all needing access to Wi-Fi, Learning Management Systems (LMS), Student Information Systems (SIS), portals, library databases, research networks, you name it.²² Palo Alto gear is common on campuses.¹⁹ Canterbury Christ Church University, for instance, uses PANW NGFWs as core security.²²

The Risk: A firewall DoS here means chaos. LMS down during finals? SIS offline during registration? Research projects halted? Campus Wi-Fi dead? It’s a nightmare scenario. Universities often struggle with tight budgets, old gear, and slow patching cycles tied to academic calendars. Cloud reliance makes firewall uptime even more critical.

Recommendations for Higher Ed IT:

• Patch Now: Don’t wait. Hit internet-facing firewalls first, then those protecting critical systems (LMS, SIS, data centers).
• Know Your Gear: Keep a detailed inventory: what PAN-OS boxes do you have, what versions are they running, what do they protect? Hunt down those EoL devices!
• Plan Your Patching: Use maintenance windows if possible, but don’t delay excessively. This bug warrants moderate urgency.²
• Workaround = Last Resort: Only use the CLI command if SCEP is off and patching is imminent. Document rigorously that it needs re-applying after every reboot.
• Prep for Downtime: Update incident response plans for major network outages. How will you communicate with everyone when systems are down?

Modern education needs the network. An availability hit like this is more than an inconvenience; it’s a direct blow to the core mission. EoL software lurking on campus networks makes it even scarier.

1. Healthcare: Patient Safety on the Line

The Scene: Healthcare networks are high-stakes environments. Downtime isn’t just annoying; it can impact patient care. Think Electronic Health Records (EHR), medical imaging (PACS) ⁴¹, countless connected medical devices (IoT) ²⁵, telehealth platforms ⁴³, billing systems – all critical. Plus, HIPAA regulations demand protection and availability of patient data (PHI).⁴¹ Palo Alto is a big player in healthcare security.¹⁹

The Risk: CVE-2025-0128 taking down a hospital firewall? That’s terrifying. Clinicians locked out of EHRs? Can’t access critical scans? Medical devices disconnected? This leads to care delays, potential safety incidents, and massive operational disruption.⁴² The explosion of connected devices, some old and insecure, segmented by these very firewalls, raises the stakes.²⁵

HIPAA Angle: While this DoS bug doesn’t directly steal PHI, the HIPAA Security Rule requires ensuring data availability [§164.306(a)]. A long outage preventing access to PHI could be seen as a compliance failure. Upcoming HIPAA changes in 2025 further stress robust cybersecurity, risk analysis, and incident response.⁴³ Fixing known bugs like this is part of due diligence.

Recommendations for Healthcare IT/Security:

• Patch Urgently: Treat this with high priority due to patient safety risks. Patch immediately, starting with firewalls protecting clinical networks, EHRs, medical devices, and internet gateways.
• Check Redundancy: Review failover setups. But if both firewalls are vulnerable, failover won’t save you. Patching is better.
• Avoid the Workaround: The non-persistent CLI fix is a terrible idea in healthcare. Unexpected reboots happen, and you can’t risk losing protection. Patching is the only safe route. If forced to use it temporarily, document the re-application process obsessively and accept the risk.
• Plan for Clinical Continuity: Incident response plans must cover how to keep patients safe during major network outages. Think manual processes, backup comms, etc.
• Check Your Vendors: If an MSP manages your firewalls, confirm they know about this CVE and are patching promptly according to healthcare’s higher urgency.⁴³

In healthcare, cybersecurity is patient safety. Availability isn’t optional. This vulnerability needs swift, decisive action.

VII. How Fast Should You Move? (Urgency & Context)

1. Current Threat Level: Quiet… For Now

Right now, the coast seems clear. Palo Alto hasn’t seen CVE-2025-0128 exploited in the wild.² No public exploits are floating around (Exploit Maturity: Unreported / E:U).²

But don’t get complacent. The vulnerability is easy to exploit once someone writes the code: unauthenticated, remote, low complexity, automatable.³ The details are public. It’s only a matter of time before exploit code appears. The threat is dormant, not dead.

1. Setting Priorities

Palo Alto suggests “MODERATE” urgency.² This balances the high potential impact (firewall down = bad) ¹ against the low current threat (no exploits seen).²

Your internal priority might need to be higher, depending on:

• Exposure: Internet-facing firewalls? Patch first.
• What’s Behind It: Protecting critical systems (clinical, financial, core services)? Patch faster.
• Your Sector: Healthcare? Higher Ed? The impact is worse, so urgency goes up.
• Other Defenses: Got amazing network resilience? Maybe slightly less urgent, but patching is still the goal.

1. Patching Speed

We don’t know how quickly people are patching this specific bug. Budget cuts, competing projects, or just plain inertia can slow things down for “Medium” availability bugs.¹³ The longer vulnerable systems stay unpatched, the bigger the target becomes if exploit code surfaces.

1. The Call to Action: Don’t Wait

Be proactive. Don’t wait for attacks to start.

1. Patch: Apply the official PAN-OS updates. This is the real fix.²
2. Prioritize: Hit internet-facing and critical-system firewalls first.
3. Workaround? Only if desperate: If you must use the CLI fix (and SCEP is off), understand it’s temporary and vanishes on reboot. Have a plan to re-apply it constantly until patched.
4. Monitor: Keep watching firewall health and vendor alerts.

VIII. Key Takeaways & Action Plan

• The Threat: CVE-2025-0128 is a remote, unauthenticated DoS in PAN-OS SCEP. Causes reboots, potentially locks firewall in maintenance mode.
• Who’s Vulnerable: PAN-OS 10.1-11.2 (check Table 1). SCEP config doesn’t matter. EoL versions (<=10.0) also vulnerable & unpatched. Cloud NGFW safe, Prisma Access patched.
• The Risk: Rated MODERATE urgency by PANW (CVSSv4 Threat 6.6/Medium), but potential availability impact is HIGH (CVSSv4 Base 8.7/High, CVSSv3 7.5/High). Easy to exploit, no exploits seen yet.
• The Fix: Upgrade PAN-OS to a patched version. This is the only reliable solution.
• The Bad Workaround: CLI command debug sslmgr set disable-scep-auth-cookie yes works only if SCEP is unused, and disappears on reboot. Use only as a very temporary measure with extreme caution.
• Detection: No specific IPS signatures. Monitor for unexpected reboots/maintenance mode.
• Higher Ed Impact: High risk of disrupting learning, research, admin. Patch critical firewalls, inventory assets (kill EoL!), plan for outages.
• Healthcare Impact: Critical risk to patient care/safety. Patch with high urgency, review resilience, avoid the workaround, ensure clinical continuity plans are solid. HIPAA availability rules apply.
• Bottom Line: Patch proactively. Don’t rely on the temporary fix. Prioritize based on exposure and criticality. Assume attackers will eventually weaponize this.

Works cited

1. CVE-2025-0128 | Tenable®, accessed April 15, 2025, https://www.tenable.com/cve/CVE-2025-0128
2. CVE-2025-0128 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet, accessed April 15, 2025, https://security.paloaltonetworks.com/CVE-2025-0128
3. PAN-OS Firewall DoS Vulnerability Allows Repeated Forced Reboots by Attacker – Rewterz, accessed April 15, 2025, https://rewterz.com/threat-advisory/pan-os-firewall-dos-vulnerability-allows-repeated-forced-reboots-by-attacker-2
4. PAN-OS Firewall DoS Vulnerability Let Attacker Reboot Firewall Repeatedly, accessed April 15, 2025, https://cybersecuritynews.com/pan-os-firewall-dos-vulnerability/
5. Palo Alto Networks PAN-OS 10.1.x < 10.1.14-h11 / 10.2.x < 10.2… | Tenable®, accessed April 15, 2025, https://www.tenable.com/plugins/nessus/234090
6. PAN-OS DoS Vulnerability Allows Attackers to Force Repeated Firewall Reboots, accessed April 15, 2025, https://gbhackers.com/pan-os-dos-vulnerability/
7. CVE-2025-0128 : A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Pro – CVE Details, accessed April 15, 2025, https://www.cvedetails.com/cve/CVE-2025-0128/
8. CVE-2025-0128 – NVD, accessed April 15, 2025, https://nvd.nist.gov/vuln/detail/CVE-2025-0128
9. CVE-2025-0116 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted LLDP Frame – Palo Alto Networks Security Advisories, accessed April 15, 2025, https://security.paloaltonetworks.com/CVE-2025-0116
10. CVE-2025-0124 PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface – Palo Alto Networks Security Advisories, accessed April 15, 2025, https://security.paloaltonetworks.com/CVE-2025-0124
11. CVE-2025-0114 PAN-OS: Denial of Service (DoS) in GlobalProtect, accessed April 15, 2025, https://security.paloaltonetworks.com/CVE-2025-0114
12. CVE-2025-0125 PAN-OS: Improper Neutralization of Input in the Management Web Interface – Palo Alto Networks Security Advisories, accessed April 15, 2025, https://security.paloaltonetworks.com/CVE-2025-0125
13. Network Security Market Grows 5.1% Year-Over-Year in Q4 2024, Omdia Reports, accessed April 15, 2025, https://www.stocktitan.net/news/TTGT/network-security-market-grows-5-1-year-over-year-in-q4-2024-omdia-6i4lmerwy3br.html
14. Worldwide Security Appliance Revenues Showed Little Year-Over-Year Growth in Q2 2024, but Grew 5% Compared to Q1 2024, According to IDC, accessed April 15, 2025, https://www.idc.com/getdoc.jsp?containerId=prUS52579424
15. Global $8.6 Bn Next-generation Firewall Market Forecasts 2024-2028 with Palo Alto Networks, Cisco, Fortinet, Check Point, and Juniper Networks Dominating – ResearchAndMarkets.com – Business Wire, accessed April 15, 2025, https://www.businesswire.com/news/home/20240514134119/en/Global-%248.6-Bn-Next-generation-Firewall-Market-Forecasts-2024-2028-with-Palo-Alto-Networks-Cisco-Fortinet-Check-Point-and-Juniper-Networks-Dominating—ResearchAndMarkets.com
16. Next-generation Firewall Market Size, Share, Industry Trends Report – MarketsandMarkets, accessed April 15, 2025, https://www.marketsandmarkets.com/Market-Reports/next-generation-firewall-ngfw-market-32240698.html
17. Palo Alto Networks Reports Fiscal First Quarter 2025 Financial Results, accessed April 15, 2025, https://www.paloaltonetworks.com/company/press/2024/palo-alto-networks-reports-fiscal-first-quarter-2025-financial-results
18. Palo Alto Networks Reports Fiscal Fourth Quarter and Fiscal Year 2024 Financial Results, accessed April 15, 2025, https://www.paloaltonetworks.com/company/press/2024/palo-alto-networks-reports-fiscal-fourth-quarter-and-fiscal-year-2024-financial-results
19. Palo Alto Networks (PANW) – Minerva Investment Management Society, accessed April 15, 2025, https://minervaims.it/wp-content/uploads/2023/01/Palo-Alto-Networks-Equity-Report_compressed.pdf
20. Customer Stories – Palo Alto Networks, accessed April 15, 2025, https://www.paloaltonetworks.ca/customers
21. Companies using Palo Alto Networks and Its Marketshare – TechDataPark Blogs, accessed April 15, 2025, https://blog.techdatapark.com/companies-using-paloalto-networks/
22. Simplifying higher education network security against a rapidly expanding threat landscape, accessed April 15, 2025, https://www.paloaltonetworks.com/customers/canterbury-christ-church-university
23. Network Security – Palo Alto Networks, accessed April 15, 2025, https://www.paloaltonetworks.ca/network-security
24. Palo Alto Networks Cybersecurity Portfolio Review – Datamation, accessed April 15, 2025, https://www.datamation.com/security/palo-alto-networks-products-services-review/
25. Healthcare industry is evolving, and so are cyberattacks, protect patient data and stay ahead of threats. – Palo Alto Networks, accessed April 15, 2025, https://www.paloaltonetworks.com/industry/healthcare
26. PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP) – Rapid7, accessed April 15, 2025, https://www.rapid7.com/db/vulnerabilities/panos-cve-2021-3060/
27. CVE – Search Results – MITRE Corporation, accessed April 15, 2025, https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=SCEP
28. CVE-2021-3060 Detail – NVD, accessed April 15, 2025, https://nvd.nist.gov/vuln/detail/cve-2021-3060
29. Debug Commands – Palo Alto Networks, accessed April 15, 2025, https://docs.paloaltonetworks.com/prisma/prisma-sd-wan/prisma-sd-wan-ion-cli-reference/use-cli-commands/debug-commands
30. Palo Alto Networks PAN-OS – Cortex XSOAR, accessed April 15, 2025, https://xsoar.pan.dev/docs/reference/integrations/panorama
31. CLI Cheat Sheet: Networking – Palo Alto Networks, accessed April 15, 2025, https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-cli-quick-start/cli-cheat-sheets/cli-cheat-sheet-networking
32. Disk Usage Issues : r/paloaltonetworks – Reddit, accessed April 15, 2025, https://www.reddit.com/r/paloaltonetworks/comments/a7oji6/disk_usage_issues/
33. Debug configuration – Nokia Documentation Center, accessed April 15, 2025, https://documentation.nokia.com/sr/22-10/books/basic-system-configuration/debug-configuration.html
34. CLI Commands for Troubleshooting Palo Alto Firewalls – Weberblog.net, accessed April 15, 2025, https://weberblog.net/cli-commands-for-troubleshooting-palo-alto-firewalls/
35. Top 10 Palo Alto CLI Commands You Need to Know – Orhan Ergun, accessed April 15, 2025, https://orhanergun.net/top-10-palo-alto-cli-commands-you-need-to-know
36. Post-Exploitation Activities on PAN-OS Devices: A Network-Based Analysis – Darktrace, accessed April 15, 2025, https://darktrace.com/blog/post-exploitation-activities-on-pan-os-devices-a-network-based-analysis
37. Palo Alto – Putting The Protecc In GlobalProtect (CVE-2024-3400) – watchTowr Labs, accessed April 15, 2025, https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/
38. Translate Suricata IPS signatures into custom Palo Alto Networks threat signatures, accessed April 15, 2025, https://live.paloaltonetworks.com/t5/threat-vulnerability-discussions/translate-suricata-ips-signatures-into-custom-palo-alto-networks/td-p/1000206
39. Cybersecurity Solutions for Higher Education – Palo Alto Networks, accessed April 15, 2025, https://www.paloaltonetworks.com/industry/education/higher-education
40. Palo Alto Networks PAN-OS Reviews, Ratings & Features 2025 | Gartner Peer Insights, accessed April 15, 2025, https://www.gartner.com/reviews/market/sd-wan/vendor/palo-alto-networks/product/pan-os
41. Immediate Patching Required to Address High Severity INFINITT PACS Vulnerability, accessed April 15, 2025, https://www.hipaajournal.com/infinitt-pacs-vulnerabilities-2025/
42. Healthcare – Palo Alto Networks, accessed April 15, 2025, https://www.paloaltonetworks.com/industry/unit42-healthcare
43. How the 2025 HIPAA Changes Impact Cybersecurity in Healthcare – The Charles IT Blog, accessed April 15, 2025, https://blog.charlesit.com/how-the-2025-hipaa-changes-impact-cybersecurity-in-healthcare
44. New HIPAA Regulations for 2025: Security Updates You Need to Know – Cobalt, accessed April 15, 2025, https://www.cobalt.io/blog/hipaa-regulations-2025-security-updates
45. HIPAA Updates and HIPAA Changes in 2025, accessed April 15, 2025, https://www.hipaajournal.com/hipaa-updates-hipaa-changes/
46. Healthcare Cyber Security Market Size, Growth Report 2032, accessed April 15, 2025, https://www.prophecymarketinsights.com/market_insight/Healthcare-Cyber-Security-Market-5059
47. Palo Alto Networks Reviews, Ratings & Features 2025 | Gartner Peer Insights, accessed April 15, 2025, https://www.gartner.com/reviews/market/network-firewalls/vendor/palo-alto-networks
48. Companies Using Palo Alto PAN-OS, Market Share, Customers and Competitors, accessed April 15, 2025, https://discovery.hgdata.com/product/palo-alto-pan-os
49. Frost & Sullivan Recognizes Palo Alto Networks as a Leader in the US Healthcare Cybersecurity Market, accessed April 15, 2025, https://www.frost.com/news/press-releases/frost-sullivan-recognizes-palo-alto-networks-as-a-leader-in-the-us-healthcare-cybersecurity-market/

 

Told you it was deep.