Palo Alto Networks PAN-OS Command Injection Vulnerability
Key Information
- Vendor
- Palo Alto Networks
- Status
- Pan-os
- Cloud Ngfw
- Prisma Access
- Vendor
- CVE Published:
- 12 April 2024
Badges
Summary
A critical command injection vulnerability (CVE-2024-3400) is being exploited in Palo Alto Networks' firewalls, allowing attackers to execute arbitrary code with root privileges. This affects GlobalProtect feature in PAN-OS versions 10.2, 11.0, and 11.1, but not Panorama appliances, Cloud NGFW, and Prisma Access solutions. Hotfixes are expected to be released soon, and customers are urged to implement temporary mitigations and check for compromise. The exploitation of this vulnerability is reported to be automated, and customers with a Threat Prevention subscription can block attacks using a specific tool (Threat ID 95187).It is advised to disable device telemetry until the hotfix is applied. Customers are also urged to check their firewall web interface to see if the GlobalProtect gateway is configured and to verify whether device telemetry has been enabled.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-3400 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.
Affected Version(s)
PAN-OS >= 9.0.0
PAN-OS >= 9.1.0
PAN-OS >= 10.0.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Palo Alto Networks PAN-OS critical 0-day exploited; hotfixes available
The max severity (CVSS 10) bug enables command injection through the GlobalProtect feature.
2 months ago
Active Palo Alto vulnerability exploitation puts over 22K firewalls at risk
BleepingComputer reports that ongoing attacks exploiting the critical Palo Alto Networks PAN-OS command injection flaw, tracked as CVE-2024-3400, could still compromise nearly 22,500 Palo Alto GlobalProtect firewall instances around the world despite the availability of patches.
2 months ago
RedTail Cryptominer Exploits Palo Alto PAN-OS CVE-2024-3400
The operators behind the RedTail cryptominer leverages Palo Alto CVE-2024-3400 vulnerability, exploiting private cryptomining pools.
4 months ago
EPSS Score
96% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🔥
Vulnerability reached the number 1 worldwide trending spot.
Risk change from: 9.8 to: 10 - (CRITICAL)
Vulnerability started trending.
Initial publication
First article discovered by SecurityWeek
Vulnerability published.
Vulnerability Reserved.
- 👾
Exploit exists.