Palo Alto Networks PAN-OS Command Injection Vulnerability - 20240415001

Overview

Palo Alto Networks PAN-OS GlobalProtect contains a Zero-day command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.

What is vulnerable?

Product(s) Affected	CVE	Severity	CVSS	Exploitable
PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1	CVE-2024-3400	Critical	10	Yes

What has been observed?

This Zero-day has been added to the CISA Known Exploited Vulnerabilities catalog.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer Patch Management):

• Palo Alto Networks Security Advisories-CVE-2024-3400

• PAN-OS 11.0.4-h1 Addressed Issues (paloaltonetworks.com)

• PAN-OS 11.1.2-h3 Addressed Issues (paloaltonetworks.com)

• PAN-OS 10.2.9-h1 Addressed Issues (paloaltonetworks.com)

Hot Fixes for older versions of affetced PAN-OS services will be released with the following Timeline:

PAN-OS 10.2:

• 10.2.9-h1 (Released 4/14/24)
• 10.2.8-h3 (ETA: 4/15/24)
• 10.2.7-h8 (ETA: 4/15/24)
• 10.2.6-h3 (ETA: 4/15/24)
• 10.2.5-h6 (ETA: 4/16/24)
• 10.2.3-h13 (ETA: 4/17/24)
• 10.2.1-h2 (ETA: 4/17/24)
• 10.2.2-h5 (ETA: 4/18/24)
• 10.2.0-h3 (ETA: 4/18/24)
• 10.2.4-h16 (ETA: 4/19/24)

PAN-OS 11.0:

• 11.0.4-h1 (Released 4/14/24)
• 11.0.3-h10 (ETA: 4/15/24)
• 11.0.2-h4 (ETA: 4/16/24)
• 11.0.1-h4 (ETA: 4/17/24)
• 11.0.0-h3 (ETA: 4/18/24)

PAN-OS 11.1:

• 11.1.2-h3 (Released 4/14/24)
• 11.1.1-h1 (ETA: 4/16/24)
• 11.1.0-h3 (ETA: 4/17/24)

Additional Resources

• Known Exploited Vulnerabilities Catalog

• Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400

• Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)