- Published on
URGENT - Critical zero-day security #vulnerability (CVE-2024-3400) discovered in Palo Alto Networks firewalls.
- Authors
- Name
- AbnAsia.org
- @steven_n_t
"Apr 12, 2024 To ABN Asia's network of partners, customers and companies: Palo Alto Networks is warning that a critical flaw impacting its PAN-OS software used in its GlobalProtect gateways is being exploited in the wild.
Tracked as CVE-2024-3400, the issue has a CVSS score of 10.0, indicating maximum severity.
""A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall,"" the company said in an advisory published today.
The flaw impacts the following versions of PAN-OS, with fixes expected to be released on April 14, 2024 -
PAN-OS < 11.1.2-h3
PAN-OS < 11.0.4-h1
PAN-OS < 10.2.9-h1
The flaw impacts the following versions of PAN-OS, with fixes expected to be released on April 14, 2024 - The company also said that the issue is applicable only to firewalls that have the configurations for both GlobalProtect gateway (Network > GlobalProtect > Gateways) and device telemetry (Device > Setup > Telemetry) enabled.
Cybersecurity firm Volexity has been credited with discovering and reporting the bug.
While there are no other technical details about the nature of the attacks, Palo Alto Networks acknowledged that it's ""aware of a limited number of attacks that leverage the exploitation of this vulnerability.""
In the interim, it's recommending customers with a Threat Prevention subscription to enable Threat ID 95187 to secure against the threat.
The development comes as Chinese threat actors have increasingly relied on zero-day flaws impacting Barracuda Networks, Fortinet, Ivanti, and VMware to breach targets of interest and deploy covert backdoors for persistent access. "
Author
AiUTOMATING PEOPLE, ABN ASIA was founded by people with deep roots in academia, with work experience in the US, Holland, Hungary, Japan, South Korea, Singapore, and Vietnam. ABN Asia is where academia and technology meet opportunity. With our cutting-edge solutions and competent software development services, we're helping businesses level up and take on the global scene. Our commitment: Faster. Better. More reliable. In most cases: Cheaper as well.
Feel free to reach out to us whenever you require IT services, digital consulting, off-the-shelf software solutions, or if you'd like to send us requests for proposals (RFPs). You can contact us at [email protected]. We're ready to assist you with all your technology needs.
© ABN ASIA