What is it?
GlobalProtect, a feature of the Palo Alto networks PAN-OS, allows remote users to access local and Internet resources.
A weakness in the software allows an attacker to create arbitrary files and inject arbitrary commands.
This issue is applicable to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both). Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.
Why is it a risk?
The risks should be obvious; an attacker can take complete control of your network!
This threat is currently being exploited on the Internet.
The Common Vulnerability Scoring System (CVSS) assigns this threat a score of 10/Critical, the highest score possible.
The link to the paloalto networks website below provides more details about this threat.
How can you mitigate the risk?
You must upgrade your PAN-OS installation.
This issue is fixed in PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and in all later PAN-OS versions. Customers who upgrade to these versions will be fully protected.
Resources:
paloalto networks CVE-2024-3400
