Attackers are exploiting a command injection vulnerability affecting Palo Alto Networks’ firewalls, the company has warned, and urged customers to implement temporary mitigations and get in touch to check whether their devices have been compromised.
“Palo Alto Networks is aware of a limited number of attacks that leverage the exploitation of this vulnerability,” they said, and thanked Volexity researchers for flagging the issue.
CVE-2024-3400 is a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software and may allow an unauthenticated attacker to execute arbitrary code with root privileges on vulnerable firewalls.
The vulnerability affects PAN-OS versions 11.1, 11.0 and 10.2 that have configurations for both GlobalProtect gateway and device telemetry enabled.
“You can verify whether you have a GlobalProtect gateway configured by checking for entries in your firewall web interface and verify whether you have device telemetry enabled by checking your firewall web interface,” Palo Alto Networks explained.
“Customers are able to open a case in the Customer Support Portal and upload a technical support file to determine if their device logs match known indicators of compromise for this vulnerability,” the company added.