Firewall Fiasco: CVE-2024-3400

Share This Post

Palo Alto Networks has issued a warning about a severe command injection flaw in their PAN-OS firewall software, currently under active exploitation. The vulnerability is designated as CVE-2024-3400 and has been assigned the maximum severity score of 10.0, due to its ability to be exploited without requiring special privileges or user interaction. This flaw impacts specific versions of PAN-OS, specifically when the GlobalProtect gateway and device telemetry features are activated.

To address this urgent security risk, Palo Alto Networks advises the following mitigation steps:

Users who subscribe to ‘Threat Prevention’ should activate ‘Threat ID 95187’ to block attacks.
It is recommended to configure vulnerability protection on ‘GlobalProtect Interfaces’ to fend off exploits.
Users should disable device telemetry until the security patches are applied.
The versions affected by this vulnerability are PAN-OS 10.2, 11.0, and 11.1. Palo Alto Networks plans to release fixes on April 14, 2024, but will provide immediate hotfixes: PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, and PAN-OS 11.1.2-h3.

The exploitation of this vulnerability allows unauthorized attackers to execute arbitrary code with root privileges on compromised firewalls. Given the critical role Palo Alto Networks devices play in corporate networks, they are attractive targets for advanced threat actors.

Additionally, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recognized the seriousness of CVE-2024-3400 by adding it to its Known Exploited Vulnerabilities catalog, mandating federal agencies to implement the patches by April 19, 2024.

As always, if you have an impacted device please threat-hunt to ensure that attackers have not been able to place any additional persistence mechanisms that would allow access to your environment after patching/mitigating.

Links:

https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-pan-os-firewall-zero-day-used-in-attacks

https://security.paloaltonetworks.com/CVE-2024-3400

https://nvd.nist.gov/vuln/detail/CVE-2024-3400

https://www.cisa.gov/news-events/alerts/2024/04/12/palo-alto-networks-releases-guidance-vulnerability-pan-os-cve-2024-3400



Reach out to our incident response team for help

More To Explore

Information Security News – 2/3/2025

Phishing Campaign Baits Hook with Malicious Amazon PDFs Article Link: https://www.darkreading.com/cyberattacks-data-breaches/phishing-campaign-malicious-amazon-pdfs Cybersecurity Crisis in Numbers Article Link: https://www.helpnetsecurity.com/2025/01/29/data-breach-notices/ Google Forced to Step Up Phishing Defenses

Information Security News – 1/27/2025

Ransomware Attackers Are “Vishing” Organizations Via Microsoft Teams Article Link: https://www.helpnetsecurity.com/2025/01/21/ransomware-attackers-are-vishing-organizations-via-microsoft-teams-email-bombing/ FTC Orders GM to Stop Collecting and Selling Driver’s Data Article Link: https://www.bleepingcomputer.com/news/legal/ftc-orders-gm-to-stop-collecting-and-selling-drivers-data/ Brave

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.