Critical RCE Vulnerability in Palo Alto Global Protect
Date of Notice: 04/18/2024
Action Level - HIGH
Palo Alto released a critical vulnerability that is currently being tracked as CVE 2024-3400. This vulnerability allows an attacker to remotely execute code on the firewall and requires immediate attention.
Description
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Fixed Versions
Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 were released the past few days. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.
Mitigation/Remediation
Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187 (introduced in Applications and Threats content version 8833-8682).
In addition to enabling Threat ID 95187, customers must ensure vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device.
Resources/Reference Links:
https://security.paloaltonetworks.com/CVE-2024-3400