PAN-OS GlobalProtect Gateway vulnerability
This live blog contains information regarding a PAN-OS GlobalProtect Gateway vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
T-Update
This live blog contains information regarding a PAN-OS GlobalProtect Gateway vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
Last updated on April 18, 2024.
Update April 18 2024
18:00 | Palo Alto has now made updates available to fix the vulnerability. Researchers have also published proof-of-concept (PoC) code that can demonstrate the vulnerability with feature CVE-2024-3400. In addition, Palo Alto has indicated on the website that the proof-of-concept has been made public by third parties.
Palo Alto has indicated on the website that the previously given advice to mitigate the threat by temporarily disabling Device Telemetry is no longer an effective solution. Device Telemetry does not need to be enabled to exploit this vulnerability in PAN-OS. There are also command-line interface (CLI) commands shared on the website that users can use to search for possible attempts at exploitation activity in their systems.
Update April 12 2024
13:30 | On the 12th of April 2024, Palo Alto published an Advisory in which they describe CVE-2024-3400. This vulnerability may allow an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Palo Alto is aware of attacks in the wild that leverage this vulnerability, but no public exploit code is available for this vulnerability. No updates are currently available to fix this vulnerability. Palo Alto has published a mitigation advice until a hotfix is released.
As the vulnerability is already exploited in the wild, combined with the (potential) exposed character of the affected solution, this vulnerability is very critical and must be remediated as soon as possible!
Achtergrond
On the 12th of April 2024, Palo Alto published an Advisory in which they describe CVE-2024-3400. This vulnerability may allow an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Palo Alto has issued mitigation advice and is working on a hotfix. This hotfix is expected to be released on the 14th of April.
Risico
CVE-2024-3400 allows an unauthenticated attacker to execute arbitrary code or commands with root privileges on the firewall. The vulnerability has a CVSSv4-score of 10. The CVSS scale runs from 0 to 10. A score of 9.8 or higher is rare and implies a high risk of exploitation with high impact.
Palo Alto is aware of attacks where these vulnerabilities were exploited in the wild, but no public exploit code is available.
Advies
Vulnerability CVE-2024-3400 in the PAN-OS Global Protect Gateway exists in the following versions and can be solved by upgrading to the given versions:
Bronnen
Schrijf je in voor T-Updates
Ontvang elke woensdag het laatste nieuws over malware of kwetsbaarheden in je mail
More than 1,000 organizations have already joined us.
