Right this moment, Palo Alto Networks warns that an unpatched important command injection vulnerability in its PAN-OS firewall is being actively exploited in assaults.
“Palo Alto Networks is aware of a limited number of attacks that leverage the exploitation of this vulnerability,” warns the Palo Alto safety bulletin.
The flaw, which has been found by Volexity and is tracked as CVE-2024-3400, is a command injection vulnerability that acquired the utmost severity rating of 10.0 because it requires no particular privileges or consumer interplay to take advantage of.
The seller clarified that the problem impacts particular variations of PAN-OS software program when each the GlobalProtect gateway and machine telemetry options are enabled.
“A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall,” explains the Palo Alto Networks advisory.
The susceptible variations are PAN-OS 10.2, 11.0, and 11.1, and fixes for these variations are anticipated by April 14, 2024. The seller will implement hotfixes by Sunday with the discharge of the next variations:
- PAN-OS 10.2.9-h1
- PAN-OS 11.0.4-h1
- PAN-OS 11.1.2-h3
Merchandise like Cloud NGFW, Panorama home equipment, and Prisma Entry should not affected. An outline of the influence could be seen within the desk under:
Risk researcher Yutaka Sejiyama reported on X that his scans present there are at the moment 82,000 uncovered units on-line that may be susceptible to CVE-2024-34000, with 40% residing in the USA.
BleepingComputer contacted Volexity and Palo Alto Networks with questions on how the zero-day is being exploited.
Mitigating CVE-2024-3400
Since CVE-2024-3400 is already underneath energetic exploitation, impacted customers should apply mitigations instantly to deal with the danger till safety updates can be found.
The advisory proposes implementing the next measures:
- Customers with an energetic ‘Risk Prevention’ subscription can block assaults by activating ‘Risk ID 95187’ of their system.
- Be sure that vulnerability safety is configured on ‘GlobalProtect Interfaces’ to stop exploitation. Extra data on that’s accessible right here.
- Disable machine telemetry till fixing patches are utilized. Directions on tips on how to do that may be discovered on this webpage.
Palo Alto Networks units usually turn into targets of refined menace actors because of their deployment in company networks.
In August 2022, hackers exploited one other zero-day in PAN-OS to hold out amplified TCP denial-of-service (DoS) assaults.
This time, the problem is way more extreme, and its exploitation can be much more damaging to the targets, so admins should take immediate motion to safe their methods.
