April 12, 2024 at 07:36AM
Palo Alto Networks warns of a severe OS command injection vulnerability (CVE-2024-3400) in PAN-OS GlobalProtect, allowing arbitrary code execution with root privileges on affected firewalls. Remediation patches are expected by the end of the week. Customers are advised to check and apply mitigations to prevent exploitation. Volexity is credited for reporting the issue.
Summary of Meeting Notes:
– Palo Alto Networks has alerted of a critical OS command injection vulnerability in the GlobalProtect feature of PAN-OS, with the CVE tracked as CVE-2024-3400 and a severity score of 10 out of 10.
– The vulnerability affects PAN-OS versions 10.2, 11.0, and 11.1 when both the GlobalProtect gateway and device telemetry configurations are enabled.
– Security patches for the flaw are expected to be released as PAN-OS versions 10.2.9-h1, 11.0.4-h1, and 11.1.2-h3 by the end of the week.
– Customers are advised to check and configure settings through the firewall’s web interface and are provided with mitigations to prevent exploitation until fixes are applied.
– A limited number of attacks exploiting the vulnerability have been reported, and customers with Threat Prevention subscriptions have access to mitigations.
– Threat intelligence and incident response firm Volexity reported the CVE-2024-3400 but has not released details about the attacks.
Let me know if you need further assistance!