Tue, Apr 23, 2024
CVE-2024-3400: Zero-Day Remote Code Execution Vulnerability Exploited to Attack PAN-OS
Note: This vulnerability remains under active exploitation, and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog.
A command injection vulnerability, being tracked as CVE-2024-3400, was recently discovered in the GlobalProtect feature of Palo Alto Networks PAN-OS software. This vulnerability has a CVSS score of 10 (Critical) and is actively being exploited in the wild. It impacts versions PAN-OS 120.2, PAN-OS 11.0 and PAN-OS 11.1. If exploited on vulnerable PAN-OS versions and distinct feature configurations, an unauthenticated attacker could execute arbitrary code with root privileges on the firewall.
Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 have been developed and were released on April 14, 2024. Cloud NGFW, Panorama appliances and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.
Kroll is aware of increasing cases of exploitation of this vulnerability in the wild. Palo Alto customers who have not patched their GlobalProtect devices should assume compromise.
Cyber Risk
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Cyber Threat Intelligence
Threat intelligence are fueled by frontline incident response intel and elite analysts to effectively hunt and respond to threats.
Digital Risk Protection
Proactively safeguard your organization’s digital assets and accelerate visibility of online threats.
24x7 Incident Response
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Kroll Responder MDR
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
