Palo Alto Networks has issued an advisory warning of a critical OS command injection vulnerability in its GlobalProtect feature affecting PAN-OS versions 10.2, 11.0, and 11.1. Tracked as CVE-2024-3400, the flaw may allow an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Palo Alto Networks is working on patches for the vulnerability to be included in PAN-OS versions 10.2.9-h1, 11.0.4-h1, and 11.1.2-h3, which are expected to be released by the end of the week. In the meantime, customers can check whether a GlobalProtect gateway has been configured and device telemetry enabled.
Read more – Palo Alto Networks Warns of Exploited Firewall Vulnerability
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.