PAN-OS GlobalProtect Gateway vulnerability
This live blog contains information regarding a PAN-OS GlobalProtect Gateway vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
T-Update
This live blog contains information regarding a PAN-OS GlobalProtect Gateway vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
Last updated on April 18, 2024.
Update April 18 2024
18:00 | Palo Alto has now made updates available to fix the vulnerability. Researchers have also published proof-of-concept (PoC) code that can demonstrate the vulnerability with feature CVE-2024-3400. In addition, Palo Alto has indicated on the website that the proof-of-concept has been made public by third parties.
Palo Alto has indicated on the website that the previously given advice to mitigate the threat by temporarily disabling Device Telemetry is no longer an effective solution. Device Telemetry does not need to be enabled to exploit this vulnerability in PAN-OS. There are also command-line interface (CLI) commands shared on the website that users can use to search for possible attempts at exploitation activity in their systems.
Update April 12 2024
13:30 | On the 12th of April 2024, Palo Alto published an Advisory in which they describe CVE-2024-3400. This vulnerability may allow an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Palo Alto is aware of attacks in the wild that leverage this vulnerability, but no public exploit code is available for this vulnerability. No updates are currently available to fix this vulnerability. Palo Alto has published a mitigation advice until a hotfix is released.
As the vulnerability is already exploited in the wild, combined with the (potential) exposed character of the affected solution, this vulnerability is very critical and must be remediated as soon as possible!
Background
On the 12th of April 2024, Palo Alto published an Advisory in which they describe CVE-2024-3400. This vulnerability may allow an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Palo Alto has issued mitigation advice and is working on a hotfix. This hotfix is expected to be released on the 14th of April.
Risk
CVE-2024-3400 allows an unauthenticated attacker to execute arbitrary code or commands with root privileges on the firewall. The vulnerability has a CVSSv4-score of 10. The CVSS scale runs from 0 to 10. A score of 9.8 or higher is rare and implies a high risk of exploitation with high impact.
Palo Alto is aware of attacks where these vulnerabilities were exploited in the wild, but no public exploit code is available.
Advice
Vulnerability CVE-2024-3400 in the PAN-OS Global Protect Gateway exists in the following versions and can be solved by upgrading to the given versions:
Sources
Sign up to receive T-Updates
Receive the latest vulnerabilities in your email every Wednesday
More than 1,000 organisations have already joined us.
