This article was updated on April 16, 2024 to reflect a vendor published hotfix.
This article was further updated on April 17, 2024 to reflect a vendor advisory update.
The NCSC would like to draw your attention to vulnerability CVE-2024-3400(external link) affecting Palo Alto GlobalProtect. The vendor is aware of active exploitation and a proof-of-concept has been published.
CVE-2024-3400(external link) has a CVSS of 10 and is an operating system (OS) command injection vulnerability, allowing an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. This vulnerability affects PAN-OS versions above 10.2.
The vendor has published hotfix releases of PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and in all later PAN-OS versions. Hotfixes for other commonly deployed maintenance releases will also be made available to address this issue.
The NCSC encourages organisations in New Zealand that use the affected product to review vulnerable devices for evidence of compromise and apply the vendor’s recommended mitigations as detailed in the solution section of the vendor advisory(external link) as soon as possible, including applying the relevant threat signature(s).
If your organisation has seen or does see evidence of compromise related to CVE-2024-3400, please contact ncscincidents@ncsc.govt.nz.
Received an alert or advisory from both CERT NZ and NCSC? At present, we use both brands and a range of distribution mechanisms to ensure everyone continues to receive the information they need. Behind the scenes, our teams continue to work together to share insights and align our guidance.
For more NCSC NZ updates, follow us on LinkedIn(external link).