Security News > 2024 > April > Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400)
Attackers are exploiting a command injection vulnerability affecting Palo Alto Networks' firewalls, the company has warned, and urged customers to implement temporary mitigations and get in touch to check whether their devices have been compromised.
"Palo Alto Networks is aware of a limited number of attacks that leverage the exploitation of this vulnerability," they said, and thanked Volexity researchers for flagging the issue.
CVE-2024-3400 is a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software and may allow an unauthenticated attacker to execute arbitrary code with root privileges on vulnerable firewalls.
The vulnerability affects PAN-OS versions 11.1, 11.0 and 10.2 that have configurations for both GlobalProtect gateway and device telemetry enabled.
"You can verify whether you have a GlobalProtect gateway configured by checking for entries in your firewall web interface and verify whether you have device telemetry enabled by checking your firewall web interface," Palo Alto Networks explained.
"Customers are able to open a case in the Customer Support Portal and upload a technical support file to determine if their device logs match known indicators of compromise for this vulnerability," the company added.
News URL
https://www.helpnetsecurity.com/2024/04/12/cve-2024-3400/
Related news
- Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) (source)
- Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474) (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) (source)
- CISA warns of more Palo Alto Networks bugs exploited in attacks (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-04-12 | CVE-2024-3400 | Command Injection vulnerability in Paloaltonetworks Pan-Os A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | 10.0 |