A dangerous software vulnerability has been discovered in certain Palo Alto Networks products. Read on to determine if you are affected and how to remediate any issues. Forward this email to your IT department if you're not sure you use Palo Alto firewalls! This vulnerability may lead to ransomware or other malware.
What happened?
On April 10, 2024, experts identified a zero-day vulnerability within the GlobalProtect feature of Palo Alto Networks PAN-OS. The critical command injection vulnerability enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. The vulnerability (CVE-2024-3400) has a CVSS score of 10.0.
What is affected?
This issue applies to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both) and device telemetry enabled.
You can verify whether you have a GlobalProtect gateway or GlobalProtect portal configured by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways or Network > GlobalProtect > Portals) and confirm whether telemetry is enabled by checking your firewall web interface (Device > Setup > Telemetry).
This issue does not affect cloud firewalls (Cloud NGFW), Panorama appliances or Prisma Access.
For up-to-date information about affected products and versions, please see the Palo Alto Networks Security Advisory.
What should you do?
We recommend Palo Alto Networks GlobalProtect users read the advisory to ensure their firewall devices are properly protected, or otherwise take actions to mitigate any issues so that you are no longer vulnerable. If you are affected, immediately investigate systems and networks for compromise. Any mitigations or fixes will not remediate an existing compromise.
Questions?
Please contact the experts for prepaid help understanding this important information and whether it impacts you.