A critical vulnerability has been identified in Palo Alto Networks PAN-OS, specifically affecting the GlobalProtect gateways and portals. Designated as CVE-2024-3400, this command injection flaw enables unauthenticated attackers to execute arbitrary code with root privileges. The vulnerability, holding a CVSS severity score of 10.0, is actively being exploited, as confirmed by Palo Alto Networks.
Affected Versions
The vulnerability impacts the following versions of PAN-OS, configured with either GlobalProtect gateway or portal (or both), and device telemetry enabled:
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
Mitigation
- PAN-OS 10.2: Update to 10.2.9-h1
- PAN-OS 11.0: Update to 11.0.4-h1
- PAN-OS 11.1: Update to 11.1.2-h3
TechCERT strongly encourages the application of these updates immediately.
More Information
- Palo Alto Networks Security Advisory: CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect – https://security.paloaltonetworks.com/CVE-2024-3400
- Threat Brief on Operation MidnightEclipse: Detailing post-exploitation activity related to CVE-2024-3400, available at Unit 42 – Palo Alto Networks – https://unit42.paloaltonetworks.com/cve-2024-3400/
The post Critical Command Injection Vulnerability Found in Palo Alto Networks GlobalProtect appeared first on TechCERT.