CVE-2024-3400: Zero-Day Vulnerability in Palo Alto Networks PAN-OS GlobalProtect Gateway Exploited in the Wild

On April 12, Palo Alto Networks released a security advisory for a critical command injection vulnerability affecting PAN-OS, the custom operating system (OS) Palo Alto Networks (PAN) uses in their next-generation firewalls. CVE-2024-3400 is a critical command injection vulnerability affecting the GlobalProtect Gateway feature of PAN-OS. An unauthenticated, remote attacker could exploit this vulnerability to execute code on an affected firewall with root privileges. According to the advisory, this vulnerability impacts PAN-OS versions 10.2, 11 and 11.1 only when both GlobalProtect gateway and device telemetry are enabled.

As of April 12, Palo Alto Networks has not provided patches for this vulnerability. However the advisory states that hotfix releases of PAN-OS are expected to be available by April 14. While patches are not yet available, Palo Alto Networks does provide mitigation guidance which can be used until the patches are released.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.