Palo Alto Networks is warning that a critical flaw impacting its PAN-OS software employed in its GlobalProtect gateways is remaining exploited in the wild.
Tracked as CVE-2024-3400, the issue has a CVSS rating of 10., indicating most severity.
“A command injection vulnerability in the GlobalProtect function of Palo Alto Networks PAN-OS software package for distinct PAN-OS variations and unique element configurations might empower an unauthenticated attacker to execute arbitrary code with root privileges on the firewall,” the company reported in an advisory revealed now.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The flaw impacts the subsequent variations of PAN-OS, with fixes predicted to be unveiled on April 14, 2024 –
- PAN-OS < 11.1.2-h3
- PAN-OS < 11.0.4-h1
- PAN-OS < 10.2.9-h1
The company also said that the issue is relevant only to firewalls that have the configurations for both of those GlobalProtect gateway (Network > GlobalProtect > Gateways) and system telemetry (Product > Set up > Telemetry) enabled.
Cybersecurity firm Volexity has been credited with finding and reporting the bug.
Though there are no other specialized aspects about the nature of the attacks, Palo Alto Networks acknowledged that it is really “informed of a minimal quantity of attacks that leverage the exploitation of this vulnerability.”
In the interim, it truly is recommending consumers with a Danger Avoidance membership to allow Danger ID 95187 to protected in opposition to the risk.
The progress arrives as Chinese menace actors have significantly relied on zero-day flaws impacting Barracuda Networks, Fortinet, Ivanti, and VMware to breach targets of fascination and deploy covert backdoors for persistent entry.
Identified this report exciting? Comply with us on Twitter and LinkedIn to study more exclusive content we publish.
Some components of this write-up are sourced from:
thehackernews.com