Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks

Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks

April 12, 2024 at 09:32AM

Palo Alto Networks warns of an actively exploited critical command injection vulnerability in PAN-OS firewall, affecting specific versions. The flaw, tracked as CVE-2024-3400, poses significant risk as it allows attackers to execute code with root privileges. Mitigations and temporary fixes are advised until security updates are available to address the issue.

Summary of Meeting Notes:

– Palo Alto Networks has issued a security bulletin warning of an actively exploited critical command injection vulnerability in its PAN-OS firewall.
– The vulnerability, tracked as CVE-2024-3400, has received the maximum severity score of 10.0 and affects specific versions of PAN-OS software when GlobalProtect gateway and device telemetry features are enabled.
– Vulnerable versions are PAN-OS 10.2, 11.0, and 11.1, and fixes are expected by April 14, 2024, with hotfixes to be implemented by Sunday for specific versions.
– Products like Cloud NGFW, Panorama appliances, and Prisma Access are not affected.
– Threat researcher Yutaka Sejiyama reported over 82,000 exposed devices online that might be vulnerable, with 40% in the United States.
– Mitigation measures include activating ‘Threat ID 95187’ for users with ‘Threat Prevention’ subscription, configuring vulnerability protection on ‘GlobalProtect Interfaces,’ and disabling device telemetry until patches are applied.
– Palo Alto Networks devices are often targeted by threat actors, and their exploitation could be far more damaging than previous attacks, requiring prompt action to secure systems.

Full Article