Palo Alto Networks PAN-OS security vulnerability (CVE-2024-3400)

CVE-2024-3400 is a critical command injection vulnerability in PAN-OS of Palo Alto Networks, specifically affecting devices with the GlobalProtect feature. When GlobalProtect is configured as a gateway or portal, an attacker could exploit this vulnerability remotely, enabling unauthorized command execution with root privileges on the device.
Palo Alto Networks has rated this vulnerability at the highest criticality level, with a CVSS score of 10.0.
For mitigation, patches have been released for several PAN-OS versions, including PAN-OS 10.2.9-h1, 11.0.4-h1, and 11.1.2-h3. Additional patches are expected for other versions soon. Furthermore, customers with a Threat Prevention subscription can apply specific threat signatures (Threat IDs 95187, 95189, and 95191) to block attempts to exploit this vulnerability. However, merely disabling device telemetry will not protect against this attack, so updating to the fixed PAN-OS version is crucial for full mitigation.

For organizations using impacted PAN-OS versions, immediate action is recommended to apply patches or, if possible, enable the Threat Prevention configurations to block this exploit until the patch can be installed.

See more details on: