Skip to main content

A critical vulnerability in Palo Alto Networks PAN-OS CVE-2024-3400

  • April 23, 2024
  • 1 comment
  • 55 views
Stabz
Forum|alt.badge.img+8

Hey folks,
 

A critical vulnerability (CVSS: 10) referenced as CVE-2024-3400, impacting a feature in Palo Alto Networks PAN-OS, allows an unauthenticated user to execute code with administrator privileges on the firewall. Please be aware that this vulnerability is actively being exploited.

Affected system:

  • PAN-OS 11.1.x versions antérieures à 11.1.2-h3
  • PAN-OS 11.0.x versions antérieures à 11.0.4-h1
  • PAN-OS 10.2.x antérieures à 10.2.9-h1

Remediation:
Apply security patches, available for certain versions since April 14, 2024.
If the patch is not yet available for the installed version, the workaround is to disable telemetry on the firewall, or enable threat protection with ID 95187 in the "Threat Prevention" function.

More infos:

https://security.paloaltonetworks.com/CVE-2024-3400

Philippe DUPUIS |Veeam Certified Engineer | https://original-network.com/
marco_s
Link State
MarcoLuvisi

1 comment

Chris.Childerhose
Forum|alt.badge.img+21

Interesting a vendor that you don't hear much about but nice to see they have patched the issue.  Always liked learning about Palo Alto networking firewalls.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
Stabz
Terms & ConditionsAccessibility statement