April 12, 2024 at 06:15AM
Palo Alto Networks warns of critical flaw (CVE-2024-3400) in GlobalProtect gateways, allowing unauthenticated attackers to execute code with root privileges. Affected PAN-OS versions are < 11.1.2-h3, < 11.0.4-h1, < 10.2.9-h1. Fixes expected on April 14, 2024. Customers advised to enable Threat ID 95187 for protection. Volexity credited with discovery. Chinese threat actors targeting other network security providers. Key takeaways from the meeting notes on Apr 12, 2024: 1. Palo Alto Networks has issued a warning about a critical flaw (CVE-2024-3400) in its PAN-OS software used in GlobalProtect gateways, with a maximum severity CVSS score of 10.0. 2. The command injection vulnerability in the GlobalProtect feature may allow an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. 3. Affected versions of PAN-OS are < 11.1.2-h3, < 11.0.4-h1, and < 10.2.9-h1, and fixes are expected to be released on April 14, 2024. 4. The vulnerability is applicable only to firewalls with both GlobalProtect gateway and device telemetry configurations enabled. 5. Cybersecurity firm Volexity discovered and reported the bug. 6. While specific details about the attacks are not provided, Palo Alto Networks is aware of a limited number of attacks leveraging the vulnerability. 7. Customers with a Threat Prevention subscription are recommended to enable Threat ID 95187 to secure against the threat. 8. Chinese threat actors have been observed exploiting zero-day flaws impacting other companies like Barracuda Networks, Fortinet, Ivanti, and VMware for covert backdoors. Please let me know if you need further information or details. [alkpt]1[/alkpt]