AC3, a secure managed services provider and Palo Alto Network partner, recently identified and resolved vulnerabilities in the Palo Alto product suite. When technical staff encountered issues with the GlobalProtect VPN, engineers dove into the SSL VPN service logs and uncovered a critical “nil pointer dereference” error. This finding shifted the focus from client frontend to backend processing issues. By reproducing the error and escalating the problem to Palo Alto Networks, a software flaw was confirmed and addressed with a published CVE. Lessons learned included the importance of testing procedures, monitoring enhancements, collaboration with vendors, and patch management reviews. The incident highlighted the complexities of managing custom integrations with enterprise security products.
https://www.ac3.com.au/resources/discovery-of-CVE-2024-2550/