Palo Alto Networks has released workaround guidance for a command injection vulnerability (CVE-2024-3400) affecting PAN-OS versions 10.2, 11.0, and 11.1. Palo Alto Networks has reported active exploitation of this vulnerability in the wild.
CVE-2024-3400 (CVSS v4.0 Score 10.0) засяга firewall-и конфигурирани с GlobalProtect gateway и/или GlobalProtect portal, и имат включена телеметрия.
CERT Bulgaria encourages users and administrators to review Palo Alto Networks Security Advisoryapply the current mitigations, and update the affected software.