Palo Alto Networks issues a warning regarding a critical flaw affecting its PAN-OS software utilized in GlobalProtect gateways, noting active exploitation in the wild. Tracked as CVE-2024-3400 and possessing a CVSS score of 10.0, the vulnerability allows unauthenticated attackers to execute arbitrary code with root privileges on affected firewalls. The impacted PAN-OS versions include < 11.1.2-h3, < 11.0.4-h1, and < 10.2.9-h1, with fixes slated for release on April 14, 2024.
Cybersecurity firm Volexity is credited with discovering and reporting the bug, although specific technical details regarding the attacks remain undisclosed. Nonetheless, Palo Alto Networks acknowledges the existence of a limited number of attacks exploiting the vulnerability. In response, the company advises customers with a Threat Prevention subscription to activate Threat ID 95187 as an interim measure to bolster defenses against this threat.
The emergence of this critical flaw unfolds against a backdrop of increased reliance by Chinese threat actors on zero-day vulnerabilities affecting various network infrastructure providers. Incidents involving Barracuda Networks, Fortinet, Ivanti, and VMware highlight the broader trend of sophisticated attacks aimed at breaching targets and establishing covert backdoors for persistent access. This latest development underscores the ongoing challenges faced by cybersecurity professionals in defending against evolving threats to network security and infrastructure.
