Security News > 2024 > April > Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400)

Attackers are exploiting a command injection vulnerability affecting Palo Alto Networks' firewalls, the company has warned, and urged customers to implement temporary mitigations and get in touch to check whether their devices have been compromised.
"Palo Alto Networks is aware of a limited number of attacks that leverage the exploitation of this vulnerability," they said, and thanked Volexity researchers for flagging the issue.
CVE-2024-3400 is a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software and may allow an unauthenticated attacker to execute arbitrary code with root privileges on vulnerable firewalls.
The vulnerability affects PAN-OS versions 11.1, 11.0 and 10.2 that have configurations for both GlobalProtect gateway and device telemetry enabled.
"You can verify whether you have a GlobalProtect gateway configured by checking for entries in your firewall web interface and verify whether you have device telemetry enabled by checking your firewall web interface," Palo Alto Networks explained.
"Customers are able to open a case in the Customer Support Portal and upload a technical support file to determine if their device logs match known indicators of compromise for this vulnerability," the company added.
News URL
https://www.helpnetsecurity.com/2024/04/12/cve-2024-3400/
Related news
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-04-12 | CVE-2024-3400 | Command Injection vulnerability in Paloaltonetworks Pan-Os A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | 10.0 |