Palo CVE-2024-3393 CVE 8.7

I'm sure many of you have seen this CVE:

https://security.paloaltonetworks.com/CVE-2024-3393

At the high level, a crafted packet can reboot your firewall and eventually put it in maintenance mode. The workaround is to disable your anti-spyware DNS policies so that they do not log events.

They do not mention that you cannot change the predefined default value for the spyware policy. So, if you update all your other profiles, make sure to update all your policies not to use your default policy.

Happy patching!