Kevin Beaumont 18 Jul 19
Replying to @GossiTheDog
Palo-Alto have now created a security bulletin for this and requested a CVE (cve-2019-1579 pending assigning). The issue is over a year old and absolutely critical as a 100% reliable preauth RCE VPN exploit using format strings, highly recommend you patch.