‼️ Update of info about #vulnerability with CVSS 10.0 - CVE-2024-3400 - impacting #PaloAlto devices is out! 👇👇 Info from PA to be shared in community: ————————— 👉 We have updated the advisory to reflect a change in our initial understanding of the required configuration for CVE exposure. 👉 Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability. Earlier versions of this advisory, disabling device telemetry was listed as a secondary mitigation action. Disabling device telemetry is no longer an effective mitigation. Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability. 👉 We strongly advise customers to immediately upgrade to a fixed version of PAN-OS to protect their devices even when workarounds and mitigations have been applied. This issue is fixed in hotfix releases of PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and in all later PAN-OS versions. Hotfixes for other commonly deployed maintenance releases will also be made available to address this issue. 🫶 If you can help us get this word out to our customer base, that would be most appreciated. Our SEs are calling customers and they should have all received an email regarding this advice and urgently asking them to patch https://lnkd.in/edG66Cti
Nicol Daňková’s Post
More Relevant Posts
-
Friday’s developing story in security Palo Alto Networks PAN-OS feature GlobalProtect (CVE 2024-3400 with a CVSSv4 score of 10.0) may enable an unauthenticated attacker to execute arbitrary code with root priveliges on the firewall. Palo Alto is aware of a limited number of attacks, and a patch is coming within two days. In the meantime there is a recommended mitigation: «Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187 (introduced in Applications and Threats content version 8833-8682). In addition to enabling Threat ID 95187, customers must ensure vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device» https://lnkd.in/dhgFyAAH
CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
security.paloaltonetworks.com
To view or add a comment, sign in
-
Regarding https://lnkd.in/dptAMb7R For all you have already configured your firewall following Best Practices, which includes you have a subscription to Threat Prevention or TP[Advanced], you are probably already applied a security profile to the Rule allowing traffic from Internet to your GP GW/Portal blocking vulnerabilities with High and Critical severity at least. So the only thing you should do by now is force to upgrade the threat signatures to 8834-8684, apply it and get back to sleep :-) If never applied a threat profile for the traffic coming from Internet to your GP GW/Portal now is the time :-) For more references https://lnkd.in/dYpi5gWn
CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
security.paloaltonetworks.com
To view or add a comment, sign in
-
PAN-OS USERS - PATCH NOW OR SEE IMMEDIATE MITIGATION OPTION 🔟 Impact: 10 of 10, allows unauthenticated remote code execution 💣 Exploit: Actively being exploited, attackers have used firewall creds to pivot to internal Active Directory and stole login data and credentials 🎯 Affected: PAN-OS firewalls configured with the GlobalProtect Gateway and/or GlobalProtect Portal and device telemetry, running versions... - PAN-OS 11.1 versions: before 11.1.2-h3 - PAN-OS 11.0 versions: before 11.0.4-h1 - PAN-OS 10.2 versions: before 10.2.7-h8, 10.2.8-h3, and 10.2.9-h1 🛠 Solution: Install hotfix versions PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3 ⌛ Immediate Mitigation: Customers with a Threat Prevention subscription can block attacks for this vulnerability using Threat ID 95187 (available in Applications and Threats content version 8833-8682 and later) https://lnkd.in/eGQed8TX #networksecurity #paloalto #firewall #critical
CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
security.paloaltonetworks.com
To view or add a comment, sign in
-
https://lnkd.in/gMJ5zvhd I recommend upgrading to the patched version of PAN-OS to protect your devices, as the security advisory recently released by Palo Alto Networks has been further updated. Even with the implementation of one of the mitigation measures, there remains a risk of exposure to attacks related to this vulnerability.
CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
security.paloaltonetworks.com
To view or add a comment, sign in
-
Critical RCE vulnerability found in Palo Alto GlobalProtect firewalls! Patch immediately! #PaloAlto #GlobalProtect #RCE #Security Palo Alto Networks released patches to address a critical vulnerability (CVE-2024-2195) impacting GlobalProtect firewalls. This vulnerability could allow attackers to exploit a remote code execution (RCE) flaw and gain unrestricted root access to affected devices. It is important to note that attackers are actively exploiting this vulnerability, and Palo Alto Networks has urged users to patch their devices immediately. While patches have been available since April 14th, there are still over 22,500 devices potentially vulnerable. If you are an administrator of a Palo Alto GlobalProtect firewall, it is critical that you update your devices to the latest available firmware version as soon as possible. Here are some additional tips for protecting yourself from this type of vulnerability: * Keep your software up to date. This includes your operating system, applications, and firmware. * Enable automatic updates whenever possible. * Be cautious about clicking on links or opening attachments from unknown senders. * Use a strong firewall and intrusion detection system. By following these tips, you can help to protect yourself from cyberattacks. https://lnkd.in/gy7rWvD5
22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks
bleepingcomputer.com
To view or add a comment, sign in
-
❗ ALERT ❗ A command injection vulnerability has been found in the GlobalProtect feature of specific versions of Palo Alto Networks PAN-OS software, including: - PAN-OS 10.2 - PAN-OS 11.0 - PAN-OS 11.1 CVE-2024-3400 is a vulnerability that allows an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. If your organisation has a Palo Alto Threat Prevention subscription, we recommend enabling Threat ID 95187 (introduced in Applications and Threats content version 8833-8682). Read the full alert details and advice 👉 https://lnkd.in/dNyHExrv
CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
security.paloaltonetworks.com
To view or add a comment, sign in
-
Cybersecurity Professional: Delivering a 60% Reduction in Vulnerabilities | Securing Organizations Against 500+ Emerging Threats
🚨 CVE Alert: Urgent Firewall Vulnerability 🚨 Palo Alto Networks has issued an urgent warning about a severe command injection flaw in their PAN-OS firewall software. This vulnerability, identified as CVE-2024-3400, has been rated with a critical severity score of 10.0 and is currently being actively exploited. Key Points: • Affects PAN-OS versions 10.2, 11.0, and 11.1. • Exploitation allows unauthenticated attackers to execute code with root privileges. • Immediate mitigations recommended include activating Threat ID 95187 and configuring vulnerability protection. 🔧 Fixes are expected by April 14, 2024, with interim hotfixes rolling out shortly. Stay informed and ensure your network’s security by updating your systems as soon as patches are available. Exploit link: https://lnkd.in/drKVDr3Q 🔗 More details here: https://lnkd.in/dZqUUwB2 #security #paloalto #cybersecurity
CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway
security.paloaltonetworks.com
To view or add a comment, sign in
-
Cybersecurity & Networking Expert | SecOps | NetOps | Climate Change Advocate | Strategic Leader, Mentor and Team Builder | Fighting For A Better World
Critical vulnerability in PaloAlto firewalls. If you're running PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with the configurations for both GlobalProtect gateway and device telemetry enabled, please check the advisory for the next steps. This is being actively exploited. Remediation must be immediate. https://lnkd.in/eVfNJfPy
CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
security.paloaltonetworks.com
To view or add a comment, sign in
-
🚨 CVE Alert: Urgent Firewall Vulnerability 🚨 Palo Alto Networks has issued an urgent warning about a severe command injection flaw in their PAN-OS firewall software. This vulnerability, identified as CVE-2024-3400, has been rated with a critical severity score of 10.0 and is currently being actively exploited. Key Points: • Affects PAN-OS versions 10.2, 11.0, and 11.1. • Exploitation allows unauthenticated attackers to execute code with root privileges. • Immediate mitigations recommended include activating Threat ID 95187 and configuring vulnerability protection. 🔧 Fixes are expected by April 14, 2024, with interim hotfixes rolling out shortly. Stay informed and ensure your network’s security by updating your systems as soon as patches are available. 🔗https://lnkd.in/dNyHExrv #incognimous #paloalto #networks #cve #cve-2024-3400
CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
security.paloaltonetworks.com
To view or add a comment, sign in
-
Technology Strategist, Researcher, Public Speaker | Product Innovator, Solution Provider, Design thinker | Scaled Agile Specialist, Change Leader | Partnerships, People, Performance
https://lnkd.in/gCbYV9nK ASD’s ACSC is aware of a vulnerability in Palo Alto’s PAN-OS products. This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with the configurations for both GlobalProtect gateway and device telemetry enabled. CVE-2024-3400 allows for an unauthenticated attacker to execute arbitrary code with root privileges on the firewall ASD’s ACSC is aware of exploitation of this CVE Mitigation / How do I stay secure? Australian organisations who have a Palo Alto Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187 (introduced in Applications and Threats content version 8833-8682). Additionally, customers must ensure vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device.
CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
security.paloaltonetworks.com
To view or add a comment, sign in