Patch Now! Critical Flaw Found in Palo Alto Firewalls

Patch Now! Critical Flaw Found in Palo Alto Firewalls

Product and affected versions

The vulnerability affects PAN-OS software used in Palo Alto Networks’ GlobalProtect gateways. Specifically, the following versions are impacted:

  • PAN-OS < 11.1.2-h3
  • PAN-OS < 11.0.4-h1
  • PAN-OS < 10.2.9-h1

Severity and CEV ID

The vulnerability is tracked as CVE-2024-3400 and has a CVSS score of 10.0, indicating maximum severity.

Vulnerability

The flaw is a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software. It may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

How the attack works

The vulnerability allows attackers to exploit PAN-OS configurations for both GlobalProtect gateway (Network > GlobalProtect > Gateways) and device telemetry (Device > Setup > Telemetry) that are enabled. With this exploit, an unauthenticated attacker can execute arbitrary code with root privileges on the affected firewall.

Remediations

Palo Alto Networks is expected to release fixes for the vulnerability on April 14, 2024. In the meantime, customers with a Threat Prevention subscription are advised to enable Threat ID 95187 to protect against this threat.

Reference

The issue was discovered and reported by threat intelligence and incident response company Volexity.