Attention Tech Users: Urgent Warning from Palo Alto Networks on Devastating PAN-OS Firewall Zero-Day Attacks!

    Protect Your Network: Palo Alto Networks Unveils Critical Vulnerability Under Active Attack

    Palo Alto Networks

    In a recent security bulletin, Palo Alto Networks has issued a warning regarding an unpatched critical command injection vulnerability in its PAN-OS firewall that is being actively exploited by attackers.

    The Palo Alto security team has stated, “We are aware of a limited number of attacks exploiting this vulnerability.” The flaw, known as CVE-2024-3400, was discovered by Volexity and has received the maximum severity score of 10.0 for its ability to be exploited without any special privileges or user interaction.

    According to Palo Alto Networks, the vulnerability affects specific versions of PAN-OS software when both the GlobalProtect gateway and device telemetry features are enabled. This command injection vulnerability allows an unauthorized attacker to execute malicious code with root privileges on the firewall.

    The impacted versions of PAN-OS include 10.2, 11.0, and 11.1, and fixes are expected to be released on April 14, 2024. In the meantime, the vendor will be implementing hotfixes for these versions through the release of PAN-OS 10.2.9-h1, 11.0.4-h1, and 11.1.2-h3 on Sunday.

    It is important to note that products such as Cloud NGFW, Panorama appliances, and Prisma Access are not affected by this vulnerability. A table depicting the affected versions can be seen below:

    Overview of impacted versions

    Risk researcher Yutaka Sejiyama shared on X that there are currently 82,000 exposed devices online that may be susceptible to CVE-2024-3400, with 40% of them located in the United States.

    BleepingComputer has reached out to Volexity and Palo Alto Networks for more details on the exploitation of this zero-day vulnerability.

    Protect Your Network Now: Mitigating CVE-2024-3400

    Considering that this vulnerability is already being actively exploited, it is crucial for affected users to implement mitigations immediately to reduce the risk until security updates are available.

    Palo Alto Networks’ advisory suggests taking the following measures:

    • If you have an active “Threat Prevention” subscription, block attacks by activating “Threat ID 95187” in your system.
    • Configure vulnerability protection on “GlobalProtect Interfaces” to prevent exploitation. More information on how to do this is available here.
    • Temporarily disable device telemetry until patches can be applied. Instructions on how to do this can be found on this webpage.

    It should be noted that Palo Alto Networks devices are often targeted by sophisticated threat actors due to their deployment in corporate networks. In fact, in August 2022, hackers exploited another zero-day vulnerability in PAN-OS to launch amplified TCP denial-of-service (DoS) attacks.

    This recent vulnerability is much more severe, and its exploitation could have significantly damaging consequences. Therefore, administrators are urged to take urgent action to secure their systems.

    Update 4/12 – CISA has added CVE-2024-3400 to its Known Exploited Vulnerabilities (KEV) catalog, and all federal agencies must apply patches by April 19, 2024.

    Latest articles

    Related articles

    Leave a reply

    Please enter your comment!
    Please enter your name here