A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

Palo Alto Networks has released workaround guidance for CVE-2024-3400 affecting PAN- OS versions 10.2, 11.0, and 11.1. Palo Alto Networks has reported active exploitation of this vulnerability in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Palo Alto Networks Security Advisory, apply the current mitigations, and update the affected software when Palo Alto Networks makes the fixes available. Additionally, CISA has also added this vulnerability to its Known Exploited Vulnerabilities Catalog.

Reporting
The NJCCIC encourages recipients who discover signs of malicious cyber activity to contact the NJCCIC via the cyber incident report form at www.cyber.nj.gov/report.

For any further questions, contact us here at Cyber Command.