InfoSecBulletin Cybersecurity for mankind
A critical zero-day vulnerability in Palo Alto Networks’ PAN-OS software. It is being used by attackers, but there are no patches to fix it yet. Palo Alto Networks issued an alert on April 12, 2024, thanking cybersecurity firm Volexity for discovering the flaw.
There is a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks’ PAN-OS software for certain versions. The zero-day vulnerability is identified as CVE-2024-3400 and has been given the highest severity score of 10.0 (CVSS).
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
“Distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall,” Palo Alto said in the advisory.
Limited Active Exploitation:
The versions concerned are the following:
PAN-OS < 11.1.2-h3
PAN-OS < 11.0.4-h1
PAN-OS < 10.2.9-h1
The company also said that the vulnerability can only be exploited with firewalls that have the configurations for both GlobalProtect gateway (Network > GlobalProtect > Gateways) and device telemetry (Device > Setup > Telemetry) enabled.
The firm has confirmed a limited number of attacks using this vulnerability.
Upcoming Fixes for CVE-2024-3400:
Although there are no fixes available, Palo Alto issued some mitigation recommendations:
Apply a vulnerability protection security profile to the GlobalProtect interface to prevent exploitation
Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187
The firm announced the flaw will be fixed on April 14 during a series of hotfixes for PAN-OS versions 11.1.2-h3, 11.0.4-h1, and 10.2.9-h1.
CVE 2024-3385, Another (Fixed) Flaw in PAN-OS:
This advisory comes two days after another vulnerability was discovered in PAN-OS. This flaw allows a remote attacker to reboot firewalls and can cause a denial of service (DoS) attack. This issue was fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.12, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions.
