OS Command Injection Vulnerability in Palo Alto GlobalProtect Gateway [CVE-2024-3400]

CVE number – CVE-2024-3400

A vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software, found in specific versions and feature setups, could allow an attacker without authentication to run unauthorized code with root privileges on the firewall.

At the time of publication remedies for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are currently being developed and are anticipated to be available by April 14, 2024. This vulnerability does not affect Cloud NGFW, Panorama appliances, or Prisma Access. Additionally, all other versions of PAN-OS remain unaffected.

This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with the configurations for both GlobalProtect gateway and device telemetry enabled.

You can verify whether you have a GlobalProtect gateway configured by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways) and verify whether you have device telemetry enabled by checking your firewall web interface (Device > Setup > Telemetry).

Palo Alto Networks is aware of a limited number of attacks that leverage the exploitation of this vulnerability.

Further information at – https://security.paloaltonetworks.com/CVE-2024-3400