"Thousands of Palo Alto Firewalls Potentially Impacted by Exploited Vulnerability"
According to the Shadowserver Foundation, a recently addressed vulnerability could affect about 6,000 Internet-accessible Palo Alto Networks firewalls. Palo Alto Networks disclosed the flaw on April 12 and began rolling out patches a few days later. State-sponsored threat actors had exploited the vulnerability, and this activity recently increased after Proof-of-Concept (PoC) code was released. The vulnerability, tracked as CVE-2024-3400 with a CVSS score of 10, is described as a command injection in the GlobalProtect feature of PAN-OS, the operating system that runs on Palo Alto Networks appliances. According to the vendor's updated advisory, the flaw is based on an arbitrary file creation defect. Under certain conditions, it can be exploited without authentication to execute arbitrary code with root privileges on a vulnerable firewall. This article continues to discuss the vulnerability of thousands of Palo Alto Networks firewalls.
Submitted by grigby1