It seems fast to cure decades of ancient vulnerabilities in a few weeks.
As long as you have the newly released code updates, yes it’s patched (for now). If your box was compromised, then you could either do a factory default and reload your configuration. Or you could do a code upgrade to the fixed version which wiped out the file system anyway and any compromised files.
I’m not sure about your definition of fully patched.
Have they patched the known vulnerabilities? Maybe (though their track record and this current debacle makes that fairly questionable).
It seems fast to cure decades of ancient vulnerabilities in a few weeks.
There’s likely plenty still there (like a lot of other vendors) that are still waiting to be found.
I can’t imagine any of them ever coming back online.
Fully patched meaning getting up to date to the point that all the vulnerabilities from EOL versions of embedded products are remediated and only “new” vulnerabilities that other vendors could also have might remain.
Apparently, it’s supposed to be OK if you wipe the devices, reset all your keys and passwords, load a supported software version, and import a known good configuration.
It just seems too fast for them to have fixed so many issues.
Almost certainly not.
Stuff is still coming out affected by the Apache Struts vulns from years ago “oh we didn’t realise it had struts in it”.
At that point you might as well deploy some other solution
That’s what we’re doing
Same here. We quickly got some PA1410s and deployed Global Protect.