Adrian Johnson
TLDR:
TeamT5 has issued an alert on a critical vulnerability, CVE-2024-3400, in Palo Alto Networks PAN-OS software affecting GlobalProtect portals. Threat actors can exploit this vulnerability to execute arbitrary code and deploy malware with root privilege. Palo Alto has released patches, and TeamT5 recommends upgrading software to mitigate the issue.
Article Summary:
TeamT5, a cybersecurity company, has highlighted a critical vulnerability, CVE-2024-3400, in Palo Alto Networks PAN-OS software. This vulnerability affects GlobalProtect portals in PAN-OS 10.2, 11.0, and 11.1 firewalls. Threat actors can exploit this vulnerability to execute arbitrary code and deploy malware with root privilege. Proof of concepts exploiting this vulnerability have been circulating, and state actors have been reported to exploit it since March 2024. Telemetry has identified at least two APT groups involved in exploiting CVE-2024-3400.
Palo Alto has released official mitigation advisories and patches for the vulnerability in PAN-OS 10.2.9-h1, 11.0.4-h1, 11.1.2-h3, and later versions. TeamT5 recommends its customers to upgrade their PAN-OS software to the corresponding patched version to mitigate the issue. Disabling the GlobalProtect gateway or portal is not an effective solution, and Palo Alto warns against it.
Overall, it is crucial for users of Palo Alto Networks PAN-OS software to be aware of this vulnerability, apply the provided patches, and follow the recommended mitigation guidelines to protect their systems from potential exploitation by threat actors.
