Palo Alto recently announced a critical vulnerability we wanted to make everyone aware of. CVE-2024-3400 is a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software. It could allow an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. To mitigate this risk, patches for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development, expected to be released by April 14, 2024. It’s crucial to monitor Palo Alto Networks security advisories for updates and apply the patches as soon as they become available. Other PAN-OS versions and products like Cloud NGFW, Panorama appliances, and Prisma Access are not affected.
While waiting for the patches to be released, you can take the following precautionary steps:
- Restrict Access: Limit network access to the GlobalProtect interface to known IPs only.
- Monitor Traffic: Vigilantly monitor network traffic for any unusual activity or unauthorized attempts to access the GlobalProtect portal.
- Implement Firewall Rules: Enhance firewall rules to detect and block potential exploitation attempts.
