Security advisories

Zero-Day Vulnerability Impacts Palo Alto (CVE-2024-3400)

April 12, 2024 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

On April 12, 2024, Palo Alto Networks disclosed a critical actively exploited vulnerability in Palo Alto Networks’ firewalls. Tracked as CVE-2024-3400 (CVSS: 10), this is a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software. Exploitation of CVE-2024-3400 would allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the firewall.

The vulnerability was reported to Palo Alto by Volexity; the company confirmed that exploitation was observed across multiple organizations. Security patches to address CVE-2024-3400 are not currently available. As such, it is critical that organizations apply the available mitigations immediately.

What we’re doing about it

What you should do about it

Additional information

CVE-2024-3400 resides in the PAN-OS operating system; it specifically impacts PAN-OS versions 10.2, 11.0, and 11.1. The following “hotfixes” are set to be released on April 14th to address the vulnerability: PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, and PAN-OS 11.1.2-h3. Palo Alto Networks Panorama appliances, Cloud NGFW, and Prisma Access solutions are not impacted.

According to Volextity, initial exploitation of the vulnerability was first identified on April 10, although it is possible that attacks were ongoing prior to this date. Details on real-world exploitation have not been publicly shared at this time. As real-world attacks have been confirmed, it is critical that impacted organizations apply the available mitigations immediately, until security patches are made available.

References:

[1] https://security.paloaltonetworks.com/CVE-2024-3400
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-3400
[3] https://twitter.com/stevenadair/status/1778724526274052445
[4] https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/device-telemetry/device-telemetry-configure/device-telemetry-disable
[5] https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184
View Most Recent Advisories