Critical Vulnerability Detected in Palo Alto Networks' GlobalProtect Gateways

Palo Alto Networks’ firewalls are actively under attack due to a critical zero-day vulnerability (CVE-2024-3400) that allows attackers to execute arbitrary code on the company’s PAN-OS firewall software. Palo Alto Networks is now releasing weekly hotfixes to protect vulnerable firewalls from attacks. Firms using affected firewalls should immediately install these patches.

Manner of attack

The command injection flaw, which has a maximum rating of 10.0 on the CVSS scale, is currently under investigation from Unit 42 and Palo Alto networks to secure the unaffected devices while providing support to the compromised platforms.

This vulnerability specifically affects firewalls running certain versions of PAN-OS that had both GlobalProtect gateway and device telemetry features enabled. It leverages a python backdoor, which allows unauthorized personnel to completely take over affected devices with root privileges. Attackers can then manipulate firewall rules, steal sensitive data, disrupt operations with outages, and use the compromised firewall as a springboard to launch further attacks within the network.

Recommended actions

Palo Alto Networks recommends that firms running the impacted versions of PAN-OS immediately take the following steps:

1. Apply the latest security hotfixes and updates provided by Palo Alto Networks if you are running any of the versions at risk.
2. Ensure the latest PAN-OS software update is installed promptly to address the vulnerability, safeguarding your system against potential exploits.
3. Activate the 'Threat ID 95187' mitigation feature if you have an active 'Threat Prevention' subscription to proactively block any ongoing attacks and enhance your system's security posture.
4. Monitor your network for unusual behavior and investigate any unexpected network activity that may align with this threat immediately.
5. Continue to monitor the Palo Alto Networks’ Security Advisory page for additional updates, patches, or necessary remediation steps.

How we help

ACA Aponix^® can help your firm build your cybersecurity program and strengthen your line of defense against cyberattacks. Our services include:

• Aponix Protect^TM is a cybersecurity and technology risk solution that helps you build a comprehensive risk management program tailored to your business needs.
• ACA Signature combines cybersecurity with compliance advisory services,  innovative technology and managed services for a scalable solution that can help you gain expert insight, guidance, and support as you navigate emerging challenges.

Reach out to your ACA consultant, or contact us to find out how ACA can help secure your firm against cyber threats and comply with regulatory expectations.