CVE-2024–3400 Vulnerability in Palo Alto Networks — Severity 10 : Critical
Introduction :
The CVE-2024–3400 vulnerability is a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks’ PAN-OS software.
Vulnerability Details :
This vulnerability could allow an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. It was discovered during production use.
Affected Versions :
The specific versions of PAN-OS affected by this vulnerability are PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1. Patches for these versions are under development and are expected to be released by April 14, 2024.
Required Configuration for Exposure:
This vulnerability applies only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with configurations for the GlobalProtect gateway and device telemetry enabled.
Severity :
The severity of this vulnerability is deemed 10 — CRITICAL.
Exploitation:
Palo Alto Networks is aware of a limited number of attacks exploiting this vulnerability.
Solution :
This vulnerability will be fixed in the patch versions of PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, and PAN-OS 11.1.2-h3, and in all subsequent versions of PAN-OS.
Workarounds and Mitigations :
Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187.
Conclusion :
Users affected are recommended to update their systems as soon as patches are available to mitigate the risks associated with this critical vulnerability.
Source :
[NIST NVD NATIONAL VULNERABILITY DATABASE](https://nvd.nist.gov/vuln/detail/CVE-2024-3400)
[Palo Alto Networks](https://security.paloaltonetworks.com/CVE-2024-3400)
