An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services.
Cloud NGFW and Panorama are not impacted by this vulnerability.
This issue applies to PAN-OS firewalls with IPv6 enabled on one or more interfaces.
You can verify IPv6 is enabled by checking:
Network -> Interfaces -> [Interface with Layer3 type] -> IPv6 > Enable IPv6 on the interface
Palo Alto Networks is not aware of any malicious exploitation of this issue.