04.18.2024

Critical RCE Vulnerability in Palo Alto Global Protect

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 04/18/2024

Action Level - HIGH

Palo Alto released a critical vulnerability that is currently being tracked as CVE 2024-3400. This vulnerability allows an attacker to remotely execute code on the firewall and requires immediate attention.

Description

A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

Fixed Versions

Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 were released the past few days. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.

Mitigation/Remediation

Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187 (introduced in Applications and Threats content version 8833-8682).

In addition to enabling Threat ID 95187, customers must ensure vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device.

https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184

Resources/Reference Links:

https://security.paloaltonetworks.com/CVE-2024-3400

https://unit42.paloaltonetworks.com/cve-2024-3400/

<-- Return to Cybersecurity Alerts...

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC