Palo Alto Networks warns that a critical flaw affecting the PAN-OS software used in its GlobalProtect gateways is being actively exploited in the wild.
Tracked as CVE-2024-3400the issue has a CVSS score of 10.0, which indicates the highest severity.
“A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations could allow an unauthenticated attacker to execute arbitrary code with root privileges on the firewall,” he the company said in a notice released today.
The flaw affects the following versions of PAN-OS, with fixes scheduled for release on April 14, 2024:
- PANOS <11.1.2-h3
- PANOS <11.0.4-h1
- PANOS <10.2.9-h1
The company also said that the issue is only applicable to firewalls that have both GlobalProtect gateway (Network > GlobalProtect > Gateway) and device telemetry (Device > Configuration > Telemetry) configurations enabled.
Threat intelligence and incident response firm Volexity was credited with discovering and reporting the bug.
While no other technical details are available about the nature of the intrusions or the identity of the threat actors behind them, Palo Alto Networks acknowledged that it is “aware of a limited number of attacks exploiting this vulnerability.”
In the meantime, it advises customers with a Threat Prevention subscription to enable Threat ID 95187 to protect themselves from the threat.
The development comes at a time when Chinese threat actors are increasingly relying on zero-day flaws targeting Barracuda Networks, Fortinet, Ivanti and VMware to breach targets of interest and deploy hidden backdoors for persistent access.