Fortra’s Alert Logic is investigating a command injection vulnerability in the GlobalProtect Gateway in Palo Alto PAN-OS – CVE-2024-3400. The command injection allows an unauthenticated attacker to execute code on the device with root privileges. The vendor has announced mitigations for this vulnerability and is actively working on patches that are scheduled to be released on 04/14/2024.
Who is affected?
The following versions of PAN-OS are vulnerable to CVE-2024-3400.
- PAN-OS 11.1 before PAN-OS 11.1.2-h3
- PAN-OS 11.0 before PAN-OS 11.0.4-h1
- PAN-OS 10.2 before PAN-OS 10.2.9-h1
What can I do?
Palo Alto customers are advised to upgrade to a fixed version of PAN-OS as soon as possible. This issue is fixed in hotfix releases of PAN-OS 10.2.9-h1, PAN-OS 11.0.1-h1, PAN-OS 11.1.2-h3, and in all later PAN-OS versions. Hotfixes for other commonly deployed maintenance releases will also be made available to address this issue.
Palo Alto customers can also upload their technical support files to the Palo Alto Customer Support Portal to determine if their device logs match known indicators of compromise (IoCs) for the vulnerability.
For a full list of fixed versions (both released and planned) and for more information about the vulnerability, refer to Palo Alto’s advisory.
How is Alert Logic helping me?
Alert Logic is actively researching this threat to build detection capabilities in addition to those listed below.
Network IDS: Alert Logic has released IDS telemetry signatures to aid in detection research.
Vulnerability Scanning: Alert Logic released authenticated scan coverage on April 18, 2024, to identify vulnerable instances. If the vulnerability is found, an exposure (EID: 261077) will be raised for CVE-2024-3400.
Updates
Alert Logic has kicked off the Emerging Threat process for this vulnerability. This article will be updated with new information about this vulnerability and related Alert Logic coverage as it becomes available. To follow updates for this vulnerability, click FOLLOW at the top of this article. You must be signed into the Support Center using your Alert Logic product credentials to follow this article.
04/17/2024: Several hotfixes have been released by Palo Alto, and customers are encouraged to update to a fixed version as soon as possible. Additionally, Alert Logic has released IDS telemetry signatures to aid in detection research.
04/18/2024: Alert Logic released authenticated scan coverage to identify vulnerable instances. If the vulnerability is found, an exposure will be raised for CVE-2024-3400.
Comments
0 comments
Please sign in to leave a comment.