Are data center instances with two factor authentication -global protect vpn not publically exposed - also at critical risk for this?
@Jay Moczulski, you are at less risk due to the fact that your instance is not publicly accessible, but it still should be addressed as soon as possible.
So are there any workarounds to patch CVE-2023-22518?
I'm running 7.19.1 and no longer have maintenance support. Can I still upgrade to the latest version 7.19.16 for this security fix?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
a. /json/setup-restore.action
b. /json/setup-restore-local.action
c. /json/setup-restore-progress.action
<security-constraint>
<web-resource-collection>
<url-pattern>/json/setup-restore.action</url-pattern>
<url-pattern>/json/setup-restore-local.action</url-pattern>
<url-pattern>/json/setup-restore-progress.action</url-pattern>
<http-method-omission>*</http-method-omission>
</web-resource-collection>
<auth-constraint />
</security-constraint>
Note: These mitigation actions are limited and not a replacement for patching your instance; you must upgrade to following fixed versions as soon as possible.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.