Flash Notice: UPDATE - Palo Alto Vulnerability Exploited in the Wild

overview

This week, Palo Alto discovered a vulnerability within the GlobalProtect feature of Palo Alto Networks PAN-OS Software. Distinct feature configurations within specific versions of PAN-OS may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.  

CVE-2024-3400 (CVSS 10)

The affected versions of PAN-OS are: PAN-OS 10.2, 11.0, AND 11.1. In order for an attacker to exploit this vulnerability, both GlobalProtect gateway must be enabled in the affected version of PAN-OS.  

*UPDATE (8/13/2024)*  Palo Alto has since updated their advisory to say that disabling device telemetry is no longer an effective mitigation, as device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability. 

Users can verify whether you have a GlobalProtect gateway configured by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways). 

Palo Alto recommends users upgrade to a fixed version of PAN-OS to protect their devices as soon as possible. The issue has been fixed in PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and all later versions.  

Palo Alto is aware of a number of attacks that exploit this vulnerability. 

avertium's recommendationS

INDICATORS OF COMPROMISE (IoCs)

How Avertium is Protecting Our CUSTOMERS

• Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 
• Minimizing the impact of a successful ransomware or malware attack requires detecting it as early in the attack as possible. A Security Information and Event Management (SIEM) system can help an organization to accomplish this. Avertium offers a comprehensive SIEM-based approach that increases the potential for detecting a ransomware infection before it deploys. SIEM provides a holistic overview of a company’s IT environment from a single point of view in terms of its specific security events, empowering teams to detect and analyze unusual behavior. 
• Note: We highly value your feedback. Kindly spare a moment to complete our feedback form, allowing us to enhance our services for our valued customers. 

SUPPORTING DOCUMENTATION