Security News > 2024 > April > Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack
2024-04-12 08:56
Palo Alto Networks is warning that a critical flaw impacting its PAN-OS software used in its GlobalProtect gateways is being exploited in the wild. Tracked as CVE-2024-3400, the issue has a CVSS score of 10.0, indicating maximum severity. "A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature
News URL
https://thehackernews.com/2024/04/zero-day-alert-critical-palo-alto.html
Related news
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- Palo Alto Networks tackles firewall-busting zero-days with critical patches (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-12 | CVE-2024-3400 | Command Injection vulnerability in Paloaltonetworks Pan-Os A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | 10.0 |