Palo Alto Networks Alert: Active Exploitation of Zero-Day Vulnerability in PAN-OS Firewall

April 12, 2024

Palo Alto Networks has issued an alert about an unpatched severe command injection vulnerability in its PAN-OS firewall software that is currently being exploited in attacks. The company has acknowledged a limited number of attacks that have taken advantage of this vulnerability. The flaw was identified by Volexity and has been designated as CVE-2024-3400. This vulnerability is particularly concerning as it has received the maximum severity rating of 10.0, indicating that it can be exploited without requiring any special privileges or user interaction.

The vulnerability specifically affects certain versions of the PAN-OS software when both the GlobalProtect gateway and the device telemetry features are enabled. The company's advisory explains, "A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall." The versions of PAN-OS that are vulnerable include 10.2, 11.0, and 11.1. Patches for these versions are expected to be released by April 14, 2024. The company plans to release hotfixes by the following Sunday for the affected versions. It is important to note that products such as Cloud NGFW, Panorama appliances, and Prisma Access are not affected by this vulnerability.

Threat researcher Yutaka Sejiyama has reported that there are currently 82,000 devices online that may be vulnerable to this flaw, with 40% of these devices located in the United States. Both Volexity and Palo Alto Networks have been contacted for more information on how the zero-day is being exploited. Given that CVE-2024-3400 is currently being actively exploited, it is imperative for users to apply mitigations immediately to manage the risk until security updates become available. The advisory has proposed several measures for users to implement.

Palo Alto Networks devices are frequently targeted by sophisticated threat actors due to their widespread use in corporate networks. In August 2022, another zero-day vulnerability in PAN-OS was exploited by hackers to conduct amplified TCP denial-of-service (DoS) attacks. The current issue is much more serious, and its exploitation could result in far greater damage to the targets, making it crucial for administrators to take immediate action to secure their systems.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.