Security News > 2024 > April > Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400)
Attackers are exploiting a command injection vulnerability affecting Palo Alto Networks' firewalls, the company has warned, and urged customers to implement temporary mitigations and get in touch to check whether their devices have been compromised.
"Palo Alto Networks is aware of a limited number of attacks that leverage the exploitation of this vulnerability," they said, and thanked Volexity researchers for flagging the issue.
CVE-2024-3400 is a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software and may allow an unauthenticated attacker to execute arbitrary code with root privileges on vulnerable firewalls.
The vulnerability affects PAN-OS versions 11.1, 11.0 and 10.2 that have configurations for both GlobalProtect gateway and device telemetry enabled.
"You can verify whether you have a GlobalProtect gateway configured by checking for entries in your firewall web interface and verify whether you have device telemetry enabled by checking your firewall web interface," Palo Alto Networks explained.
"Customers are able to open a case in the Customer Support Portal and upload a technical support file to determine if their device logs match known indicators of compromise for this vulnerability," the company added.
News URL
https://www.helpnetsecurity.com/2024/04/12/cve-2024-3400/
Related news
- 5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) (source)
- Palo Alto firewalls under attack as miscreants chain flaws for root access (source)
- Palo Alto Networks tags new firewall bug as exploited in attacks (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- 48,000+ internet-facing Fortinet firewalls still open to attack (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-12 | CVE-2024-3400 | Command Injection vulnerability in Paloaltonetworks Pan-Os A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | 10.0 |