On April 12, Palo Alto Networks released a security advisory on CVE-2024-3400, a critical vulnerability affecting several versions of PAN-OS, the operating system that runs on the company’s firewalls. According to the vendor advisory, the vulnerability may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Starting April 14, 2024, patches are expected to become available.
|
CVE |
Description |
CVSSv4 |
Severity |
|
CVE-2024-3400 |
Command Injection Vulnerability in the GlobalProtect Gateway feature of PAN-OS |
10.0 |
Critical |
Note: Palo Alto Networks customers are only vulnerable if they are using PAN-OS 10.2, PAN-OS 11.0, and/or PAN-OS 11.1 firewalls with the configurations for both GlobalProtect gateway and/or GlobalProtect portal and device telemetry enabled.
Palo Alto Networks’ advisory indicates that CVE-2024-3400 has been exploited in the wild in “a limited number of attacks.” The company has given the vulnerability their highest urgency rating. Palo Alto Networks has released an in-depth blog on the scope of the attack, indicators of compromise, and adversary behavior observations. We highly recommend reviewing both the blog and the advisory for latest information.
Identify affected devices with Defender Vulnerability Management
The following Advanced Hunting query provides a list of the potentially vulnerable devices with PAN-OS affected versions:
DeviceTvmSoftwareInventory
| where SoftwareName has "pan-os"
| where SoftwareVersion startswith "11.1." or SoftwareVersion startswith "11.0." or SoftwareVersion startswith "10.2."
| summarize by DeviceId, DeviceName, SoftwareName, SoftwareVersion
Identify affected multi-cloud resources with Defender for Cloud
To identify affected multi-cloud resources using Defender for Cloud, you can utilize the Security Explorer feature. This will help detect all cloud resources affected by the vulnerability in Azure, AWS, and GCP. To get started, use this query
Cloud security explorer in Defender for Cloud
Mitigation guidance
For additional information and the latest remediation guidance, please see Palo Alto Networks’ advisory.
This issue is fixed in hotfix releases of PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and in all later PAN-OS versions. Hotfixes for other commonly deployed maintenance releases will also be made available to address this issue. Please see details for ETAs regarding the upcoming hotfixes in the security advisory.
We will update this blog with information and guidance as needed.
Updated Apr 15, 2024
Version 2.0
NimrodRoimy
Microsoft
Microsoft
