PAN-OS: OS Command Injection Vulnerability in GlobalProtect
Vulnerability : CVE-2024-3400
For certain PAN-OS versions and feature configurations, a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software may allow an unauthorized attacker to run arbitrary code on the firewall with root capabilities.
Only PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both) are affected by this vulnerability. PAN-OS firewalls are not vulnerable to attacks based on this vulnerability if device telemetry is not enabled.
By looking for entries in your firewall web interface (Network > GlobalProtect > Gateways or Network > GlobalProtect > Portals), you can confirm if you have a GlobalProtect gateway or GlobalProtect portal enabled.
Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
If we are not currently on any of the unaffected versions can we immediately
- Disable Telemetry short term till the hotfixes have been applied or firewall OS upgraded
- Enable Threat ID 95187 on the Edge Firewall security profile for vulnerability management.
- Can we validate the PA management console is not public facing and neither is Global protect web portal
