Palo Alto Products Remote Code Execution Vulnerability
Release Date: 15 Apr 2024
RISK: Extremely High Risk
TYPE: Security software and application - Security Software & Appliance
A vulnerability has been identified in Palo Alto Products. A remote attacker can exploit this vulnerability to trigger remote code execution on the targeted system.
Note: CVE-2024-3400 affected GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
[Updated on 2024-04-15 11:56]
Updated solutions as Palo Alto Networks has released hotfix.
Impact
- Remote Code Execution
System / Technologies affected
- PAN-OS 11.1 versions earlier than 11.1.2-h3
- PAN-OS 11.0 versions earlier than 11.0.4-h1
- PAN-OS 10.2 versions earlier than 10.2.9-h1
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor:
https://security.paloaltonetworks.com/CVE-2024-3400
沒有留言:
發佈留言