Apr 19, 2024

22,500 Palo Alto firewalls “possibly vulnerable” to ongoing attacks

Posted by in category: security

Approximately 22,500 exposed Palo Alto GlobalProtect firewall devices are likely vulnerable to the CVE-2024–3400 flaw, a critical command injection vulnerability that has been actively exploited in attacks since at least March 26, 2024.

CVE-2024–3400 is a critical vulnerability impacting specific Palo Alto Networks’ PAN-OS versions in the GlobalProtect feature that allows unauthenticated attackers to execute commands with root privileges using command injection triggered by arbitrary file creation.

The flaw was disclosed by Palo Alto Networks on April 12, with the security advisory urging system administrators to apply provided mitigations immediately until a patch was made available.

Leave a reply