Hey folks,
A critical vulnerability (CVSS: 10) referenced as CVE-2024-3400, impacting a feature in Palo Alto Networks PAN-OS, allows an unauthenticated user to execute code with administrator privileges on the firewall. Please be aware that this vulnerability is actively being exploited.
Affected system:
- PAN-OS 11.1.x versions antérieures à 11.1.2-h3
- PAN-OS 11.0.x versions antérieures à 11.0.4-h1
- PAN-OS 10.2.x antérieures à 10.2.9-h1
Remediation:
Apply security patches, available for certain versions since April 14, 2024.
If the patch is not yet available for the installed version, the workaround is to disable telemetry on the firewall, or enable threat protection with ID 95187 in the "Threat Prevention" function.
More infos: