Login

CVE-2024-3400

Cyber Security Alert: GlobalProtect Gateway Zero-Day Vulnerability

Security Vulnerability

Overview: Palo Alto has announced a critical zero-day vulnerability that is actively being used in the wild.

Threat Name: CVE-2024-3400

Risk Factor: Critical

Date: April 2024

Get Help Now

Solace Cyber security specialists can assist with updating your firewall to the latest version.

BOOK A CALL

What We Know

CVE-2024-3400 represents a critical command injection vulnerability impacting the GlobalProtect Gateway functionality within PAN-OS. This flaw could be exploited by a remote, unauthenticated attacker to execute arbitrary code on a targeted firewall, granting them root privileges. The vulnerability has been categorised as critical as it poses a significant risk.

What Has Palo Alto Said?

Palo Alto Networks has acknowledged the issue and is working on a patch for CVE-2024-3400. Fixes are starting to become available. Not all versions of PAN-OS have a patch yet, so the advisory is to keep an eye on the Palo Alto Network official site. 

Palo Alto Networks has also acknowledged that it’s “aware of a limited number of attacks that leverage the exploitation of this vulnerability.”

According to Palo Alto, the issue applies only to firewalls that have the configurations for both GlobalProtect gateway (Network > GlobalProtect > Gateways) and device telemetry (Device > Setup > Telemetry) enabled.

Recommendations For Navigating The Vulnerability.

When a vulnerability is identified, it’s crucial to take swift action to mitigate any potential risks. Specifically, for PAN-OS versions prior to:

  • PAN-OS less than 11.1.2-h3
  • PAN-OS less than 11.0.4-h1
  • PAN-OS less than 10.2.9-h1

It’s highly recommended to prioritise patching as soon as the updates are released. These patches are vital for bolstering the security of your systems and safeguarding against potential exploitation.

As an interim measure, disabling device telemetry can serve as a temporary workaround until an official patch is made available. This step can help minimise exposure to vulnerabilities while awaiting the official fix.

Remaining vigilant is key. Continuously monitor official communications from Palo Alto Networks for any updates regarding the vulnerability and subsequent patches or mitigations. As soon as updates are released, promptly apply them to your systems to ensure optimal security posture.

It’s imperative to update your firewall to the latest version at the earliest opportunity. Solace Cyber stands ready to assist with this process, ensuring your firewall is promptly updated to the most recent version, thereby fortifying your defenses against potential threats.

Need support?

Solace Cyber security specialists can assist with updating your firewall to the latest version

    CVE-2024-21762

    Cyber Security Alert: Fortinet Warns of Critical FortiOS SSL VPN Flaw

    fortinet logo

    Overview: Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation. Immediate action required.

    Threat Name: CVE-2023-20198

    Risk Factor: Critical

    Date: 9th Feb 2024

    Get Help Now

    Solace Cyber security specialists can assist with updating your firewall to the latest version.

    BOOK A CALL

    What We Know

    On February 8, 2023, Fortinet issued a notice addressing a potentially exploited vulnerability in the wild. This vulnerability, found in the SSL VPN component, is classified as a pre-authentication vulnerability, with a critical severity rating of 9.6 CVSSv3. The identified flaw could enable a remote attacker to authenticate remotely by employing carefully crafted HTTP requests. Subsequently, the attacker may execute arbitrary code or commands, as reported by Fortinet.

    What Has Fortinet Said About The Vulnerability?

    Fortinet has emphasised that the only viable solution is to disable the SSL VPN entirely; opting to deactivate webmode is not considered a valid workaround. Urgent action is advised to promptly patch this vulnerability.

    The affected versions and recommended solutions for FortiOS are as follows:

    • FortiOS 7.6 is not affected, and no action is required (Not Applicable).
    • FortiOS 7.4 versions ranging from 7.4.0 through 7.4.2, users are advised to upgrade to version 7.4.3 or above.
    • FortiOS 7.2 with versions between 7.2.0 and 7.2.6, it is recommended to upgrade to 7.2.7 or above.
    • FortiOS 7.0 users with versions from 7.0.0 through 7.0.13 should upgrade to 7.0.14 or above.
    • FortiOS 6.4, versions 6.4.0 through 6.4.14, an upgrade to version 6.4.15 or above is recommended.
    • FortiOS 6.2 users with versions ranging from 6.2.0 through 6.2.15 are advised to upgrade to 6.2.16 or above.
    • FortiOS 6.0 in all versions, it is recommended to migrate to a fixed release.

    What’s The Impact and Implementation Plan?

    The flaw allows an attacker to remotely authenticate using crafted HTTPS requests. According to vuldb.com, technical details are unknown, but an exploit is available.

    Swiftly upgrade your firewall to the most recent update. Solace Cyber is available to help you with the process of updating your firewall to the latest version.

    Need support?

    Solace Cyber security specialists can assist with updating your firewall to the latest version