The Palo Alto Networks Product Security Assurance team evaluated the impact of NAT slipstream v1.0 and v2.0 attacks on PAN-OS software.
The decoder for HTTP (web-browsing) traffic in appliances that run PAN-OS software does not interpret SIP or other application-level gateways. The conditions required for a NAT slipstreaming attack are not possible so there is no impact to PAN-OS software.
Customers with a Threat Prevention subscription can enable the following threat prevention signatures to mitigate the risk of NAT slipstream attacks on other devices protected by appliances running PAN-OS software:
NAT Slipstreaming Detection (59667)
NAT Slipstreaming Detection (59668)
NAT Slipstreaming Detection (59669)
NAT Slipstreaming Detection (59671)
NAT Slipstreaming Detection (59672)
CVSSv3.1 Base Score: 0 (CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N)
No product updates are required for this vulnerability.