April 22, 2024 at 08:03AM
Palo Alto Networks disclosed a critical vulnerability (CVE-2024-3400) affecting 6,000 internet-accessible firewalls, allowing unauthenticated remote code execution. Exploited by threat actors, the flaw affected GlobalProtect in PAN-OS devices, leading to sensitive data theft and malware deployment. Mitigations initially included disabling device telemetry, but the vendor later released patches effectively eliminating the vulnerabilities.
Key takeaways from the meeting notes:
– Approximately 6,000 Palo Alto Networks firewalls are potentially affected by an exploited vulnerability known as CVE-2024-3400, with a CVSS score of 10/10.
– The vulnerability allows for unauthenticated remote shell command execution with root privileges.
– Palo Alto Networks initially recommended disabling device telemetry as a mitigation, but later discovered additional methods of exploiting the vulnerability, rendering that solution ineffective.
– The company released patches and updated Threat Prevention signatures to address the issue, with roughly 90% of customers applying the mitigation.
– Shadowserver Foundation observed more than 22,000 potentially vulnerable instances, and as of April 21, roughly 6,000 instances remain vulnerable.