Product and affected versions
The vulnerability affects PAN-OS software used in Palo Alto Networks’ GlobalProtect gateways. Specifically, the following versions are impacted:
- PAN-OS < 11.1.2-h3
- PAN-OS < 11.0.4-h1
- PAN-OS < 10.2.9-h1
Severity and CEV ID
The vulnerability is tracked as CVE-2024-3400 and has a CVSS score of 10.0, indicating maximum severity.
Vulnerability
The flaw is a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software. It may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
How the attack works
The vulnerability allows attackers to exploit PAN-OS configurations for both GlobalProtect gateway (Network > GlobalProtect > Gateways) and device telemetry (Device > Setup > Telemetry) that are enabled. With this exploit, an unauthenticated attacker can execute arbitrary code with root privileges on the affected firewall.
Remediations
Palo Alto Networks is expected to release fixes for the vulnerability on April 14, 2024. In the meantime, customers with a Threat Prevention subscription are advised to enable Threat ID 95187 to protect against this threat.
Reference
The issue was discovered and reported by threat intelligence and incident response company Volexity.
