Security News > 2024 > April > 22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks
Approximately 22,500 exposed Palo Alto GlobalProtect firewall devices are likely vulnerable to the CVE-2024-3400 flaw, a critical command injection vulnerability that has been actively exploited in attacks since at least March 26, 2024.
CVE-2024-3400 is a critical vulnerability impacting specific Palo Alto Networks' PAN-OS versions in the GlobalProtect feature that allows unauthenticated attackers to execute commands with root privileges using command injection triggered by arbitrary file creation.
Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks.
Palo Alto Networks fixes zero-day exploited to backdoor firewalls.
Exploit released for Palo Alto PAN-OS bug used in attacks, patch now.
Palo Alto Networks zero-day exploited since March to backdoor firewalls.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-12 | CVE-2024-3400 | Command Injection vulnerability in Paloaltonetworks Pan-Os A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | 10.0 |