Understanding the Vulnerability
CVE-2024-3400
Tracked as CVE-2024-3400 and rated with the maximum CVSS score of 10.0, this is a command injection vulnerability that could allow unauthorized cybercriminals to execute arbitrary code with root privileges on affected firewalls.
The specific PAN-OS versions affected by this issue are:
- PAN-OS < 11.1.2-h3
- PAN-OS < 11.0.4-h1
- PAN-OS < 10.2.9-h1
Exploitation Status
It's crucial to underscore that this vulnerability is only exploitable on firewalls with both GlobalProtect gateway and device telemetry configurations enabled.
Extent of the Attacks
Palo Alto has acknowledged exploitation of this flaw on a limited number of instances. However, no additional technical details about the nature of the attacks have been shared to date.
Remediation
In response to this threat, Palo Alto Networks advises customers with Threat Prevention subscriptions to activate Threat ID 95187 as a protective measure.
The company will release fixes for these versions on April 14, 2024.
Find this vulnerability with Holm Security VMP
Holm Security has developed a vulnerability test to check if a vulnerable version is present on the host:
- HID-2-1-5357082 PAN-OS Command Injection Vulnerability (CVE-2024-3400)
Read More in Our Knowledge Base
Belgium
Denmark
Finland
Germany
Malaysia
Netherlands
Norway
Poland
Sweden
UK
February 27, 2024 — Hacker attacks & exploits
Critical Vulnerabilities Discovered in ConnectWise ScreenConnect
Read more
January 24, 2024 — Hacker attacks & exploits
Critical Security Flaw in GoAnywhere MFT: Users Exposed to Unauthorized Admin Access
Read more
January 23, 2024 — Hacker attacks & exploits
Exploited Vulnerabilities in Ivanti: Connect Secure and Policy Secure Pose Serious Threats
Read more