Palo Alto Networks Warns of Exploited Firewall Vulnerability
securityweekPalo Alto Networks warns of limited exploitation of a critical command injection vulnerability leading to code execution on firewalls.
Threat actors are exploiting a critical OS command injection vulnerability to execute arbitrary code on Palo Alto Networks firewalls, the cybersecurity company warns.
Tracked as CVE-2024-3400 and assigned a severity score of 10 out of 10, the security defect was identified in the GlobalProtect feature of PAN-OS, the operating system running on Palo Alto Networks appliances.
“A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall,” the company notes in an advisory.
According to the cybersecurity firm, the vulnerability was identified in PAN-OS versions 10.2, 11.0, and 11.1. The company’s Panorama appliances, Cloud NGFW, and Prisma Access solutions are not ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE