April 17, 2024 at 09:40AM
Researchers have released proof-of-concept (PoC) exploits for a critical vulnerability in Palo Alto Networks’ PAN-OS used in GlobalProtect gateways. The PoCs were issued shortly after the vendor began releasing hotfixes. Exploits can lead to remote code execution and may affect a large number of organizations. Patching is strongly recommended.
Key takeaways from the meeting notes:
– Proof-of-concept (PoC) exploits for a maximum-severity vulnerability in Palo Alto Networks’ PAN-OS used in GlobalProtect gateways have been released by various infosec researchers. These PoCs surfaced shortly after the vendor started releasing hotfixes for the issue.
– Rapid7 detailed a successful exploit that is dependent on a chain of two vulnerabilities: CVE-2024-3400 and another one not yet assigned a CVE. This entails creating arbitrary files and leveraging a command injection vulnerability in GlobalProtect’s telemetry service to achieve remote code execution.
– It was noted that GlobalProtect’s device telemetry had been vulnerable, prompting Palo Alto Networks to update its official advisory to state that the vulnerability is exploitable regardless of whether telemetry is enabled or not.
– Researchers anticipated the likelihood of mass exploitation, given the availability of published PoCs and the relative ease of execution.
– There are urgent calls for immediate patch application, particularly in light of the vulnerability being exploited as a zero-day. US federal agencies were given a deadline to protect their appliances, and users with a Threat Prevention subscription can also block attacks using specific Threat IDs.
These clear takeaways summarize the significant points discussed in the meeting notes.