Critical PAN-OS flaw in Palo Alto Networks under active attack

ReportApril 12, 2024Editorial DepartmentCybersecurity/Zero-day

Palo Alto Networks is warning that a serious flaw affecting the PAN-OS software used in its GlobalProtect gateways is being exploited maliciously.

Tracked as CVE-2024-3400this issue has a CVSS score of 10.0, indicating the highest severity level.

“A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software targeting specific PAN-OS versions and different feature configurations could allow an unauthenticated attacker to gain access to the firewall as root,” the company said in an advisory. Permission to execute arbitrary code.” Published today.

This flaw affects the following versions of PAN-OS and a fix is ​​expected to be released on April 14, 2024 –

• Pan-OS < 11.1.2-h3
• Pan-OS < 11.0.4-h1
• Pan-OS < 10.2.9-h1

The company also says that the issue only applies to firewalls with both the GlobalProtect gateway (Network > GlobalProtect > Gateway) and device telemetry (Device > Settings > Telemetry) settings enabled.

Cybersecurity company Volexity is believed to have discovered and reported the flaw.

While there were no other technical details about the nature of the attack, Palo Alto Networks acknowledged that it was “aware of a limited number of attacks that exploited this vulnerability.”

In the meantime, it advises customers who subscribe to Threat Protection to enable Threat ID 95187 to protect against threats.

The development comes as Chinese threat actors increasingly rely on zero-day vulnerabilities affecting Barracuda Networks, Fortinet, Ivanti and VMware to compromise targets of interest and deploy hidden backdoors to achieve persistent access.