Overview
A critical security vulnerability has been identified in specific versions of Palo Alto Networks PAN-OS software, which could allow an unauthenticated attacker to execute arbitrary code with root privileges on affected firewalls. This vulnerability is specifically present in the configurations where both the GlobalProtect gateway and device telemetry are enabled. The affected PAN-OS versions are:
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
Verify Exposure
To determine if your system is at risk, follow these steps:
- GlobalProtect Gateway: Check for active configurations by navigating to Network > GlobalProtect > Gateways in your firewall’s web interface.
- Device Telemetry: Verify that device telemetry is enabled by going to Device > Setup > Telemetry in the firewall interface.
Recommendations for Action
Currently, patches for PAN-OS 10.2, 11.0, and 11.1 are under development with an anticipated release date of April 14, 2024.
Interim Mitigation Measures:
- Threat Prevention: For customers with an active Threat Prevention subscription, it is recommended to block potential attacks related to this vulnerability by enabling Threat ID 95187, which is included in the Applications and Threats content version 8833-8682.
- Disable Device Telemetry: If enabling the Threat ID is not feasible at this moment, another effective interim measure is to temporarily disable device telemetry until your firewall can be updated to a patched version of PAN-OS.
Customers are urged to apply these recommendations promptly to mitigate any potential risks associated with this vulnerability.
Additional Resources:
For additional information, view the links below
https://security.paloaltonetworks.com/CVE-2024-3400
Vulnerability Alert 