Nicol Daňková’s Post

Friday’s developing story in security Palo Alto Networks PAN-OS feature GlobalProtect (CVE 2024-3400 with a CVSSv4 score of 10.0) may enable an unauthenticated attacker to execute arbitrary code with root priveliges on the firewall. Palo Alto is aware of a limited number of attacks, and a patch is coming within two days. In the meantime there is a recommended mitigation:  «Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187 (introduced in Applications and Threats content version 8833-8682). In addition to enabling Threat ID 95187, customers must ensure vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device» https://lnkd.in/dhgFyAAH

Regarding https://lnkd.in/dptAMb7R For all you have already configured your firewall following Best Practices, which includes you have a subscription to Threat Prevention or TP[Advanced], you are probably already applied a security profile to the Rule allowing traffic from Internet to your GP GW/Portal blocking vulnerabilities with High and Critical severity at least. So the only thing you should do by now is force to upgrade the threat signatures to 8834-8684, apply it and get back to sleep :-) If never applied a threat profile for the traffic coming from Internet to your GP GW/Portal now is the time :-) For more references https://lnkd.in/dYpi5gWn

PAN-OS USERS - PATCH NOW OR SEE IMMEDIATE MITIGATION OPTION 🔟 Impact: 10 of 10, allows unauthenticated remote code execution 💣 Exploit: Actively being exploited, attackers have used firewall creds to pivot to internal Active Directory and stole login data and credentials 🎯 Affected: PAN-OS firewalls configured with the GlobalProtect Gateway and/or GlobalProtect Portal and device telemetry, running versions... - PAN-OS 11.1 versions: before 11.1.2-h3 - PAN-OS 11.0 versions: before 11.0.4-h1 - PAN-OS 10.2 versions: before 10.2.7-h8, 10.2.8-h3, and 10.2.9-h1 🛠 Solution: Install hotfix versions PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3 ⌛ Immediate Mitigation: Customers with a Threat Prevention subscription can block attacks for this vulnerability using Threat ID 95187 (available in Applications and Threats content version 8833-8682 and later) https://lnkd.in/eGQed8TX #networksecurity #paloalto #firewall #critical

https://lnkd.in/gMJ5zvhd I recommend upgrading to the patched version of PAN-OS to protect your devices, as the security advisory recently released by Palo Alto Networks has been further updated. Even with the implementation of one of the mitigation measures, there remains a risk of exposure to attacks related to this vulnerability.

Critical RCE vulnerability found in Palo Alto GlobalProtect firewalls! Patch immediately! #PaloAlto #GlobalProtect #RCE #Security Palo Alto Networks released patches to address a critical vulnerability (CVE-2024-2195) impacting GlobalProtect firewalls. This vulnerability could allow attackers to exploit a remote code execution (RCE) flaw and gain unrestricted root access to affected devices. It is important to note that attackers are actively exploiting this vulnerability, and Palo Alto Networks has urged users to patch their devices immediately. While patches have been available since April 14th, there are still over 22,500 devices potentially vulnerable. If you are an administrator of a Palo Alto GlobalProtect firewall, it is critical that you update your devices to the latest available firmware version as soon as possible. Here are some additional tips for protecting yourself from this type of vulnerability: * Keep your software up to date. This includes your operating system, applications, and firmware. * Enable automatic updates whenever possible. * Be cautious about clicking on links or opening attachments from unknown senders. * Use a strong firewall and intrusion detection system. By following these tips, you can help to protect yourself from cyberattacks. https://lnkd.in/gy7rWvD5

❗ ALERT ❗ A command injection vulnerability has been found in the GlobalProtect feature of specific versions of Palo Alto Networks PAN-OS software, including: - PAN-OS 10.2 - PAN-OS 11.0 - PAN-OS 11.1 CVE-2024-3400 is a vulnerability that allows an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. If your organisation has a Palo Alto Threat Prevention subscription, we recommend enabling Threat ID 95187 (introduced in Applications and Threats content version 8833-8682). Read the full alert details and advice 👉 https://lnkd.in/dNyHExrv

🚨 CVE Alert: Urgent Firewall Vulnerability 🚨 Palo Alto Networks has issued an urgent warning about a severe command injection flaw in their PAN-OS firewall software. This vulnerability, identified as CVE-2024-3400, has been rated with a critical severity score of 10.0 and is currently being actively exploited. Key Points: • Affects PAN-OS versions 10.2, 11.0, and 11.1. • Exploitation allows unauthenticated attackers to execute code with root privileges. • Immediate mitigations recommended include activating Threat ID 95187 and configuring vulnerability protection. 🔧 Fixes are expected by April 14, 2024, with interim hotfixes rolling out shortly. Stay informed and ensure your network’s security by updating your systems as soon as patches are available. Exploit link: https://lnkd.in/drKVDr3Q 🔗 More details here: https://lnkd.in/dZqUUwB2 #security #paloalto #cybersecurity

Critical vulnerability in PaloAlto firewalls. If you're running PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with the configurations for both GlobalProtect gateway and device telemetry enabled, please check the advisory for the next steps. This is being actively exploited. Remediation must be immediate. https://lnkd.in/eVfNJfPy

🚨 CVE Alert: Urgent Firewall Vulnerability 🚨 Palo Alto Networks has issued an urgent warning about a severe command injection flaw in their PAN-OS firewall software. This vulnerability, identified as CVE-2024-3400, has been rated with a critical severity score of 10.0 and is currently being actively exploited. Key Points: • Affects PAN-OS versions 10.2, 11.0, and 11.1. • Exploitation allows unauthenticated attackers to execute code with root privileges. • Immediate mitigations recommended include activating Threat ID 95187 and configuring vulnerability protection. 🔧 Fixes are expected by April 14, 2024, with interim hotfixes rolling out shortly. Stay informed and ensure your network’s security by updating your systems as soon as patches are available. 🔗https://lnkd.in/dNyHExrv #incognimous #paloalto #networks #cve #cve-2024-3400

https://lnkd.in/gCbYV9nK ASD’s ACSC is aware of a vulnerability in Palo Alto’s PAN-OS products. This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with the configurations for both GlobalProtect gateway and device telemetry enabled. CVE-2024-3400 allows for an unauthenticated attacker to execute arbitrary code with root privileges on the firewall ASD’s ACSC is aware of exploitation of this CVE Mitigation / How do I stay secure? Australian organisations who have a Palo Alto Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187 (introduced in Applications and Threats content version 8833-8682). Additionally, customers must ensure vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device.