iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Hackers are already taking advantage of the ability to execute code on compromised firewalls.
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has released an “act now” critical alert regarding a vulnerability affecting several Palo Alto PAN-OS products.
The vulnerability is being tracked as CVE-2024-3400 and affects PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls, though only those with device telemetry and GlobalProtect gateways enabled.
The bug – which the ACSC has said is being exploited in the wild – can allow a malicious actor to execute arbitrary code using root privileges.
According to the ACSC, “Australian organisations [that] have a Palo Alto Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187 (introduced in Applications and Threats content version 8833-8682)”.
“Additionally, customers must ensure vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device,” the ACSC said in its alert notice.
In its own alert notice, Palo Alto said hotfixes would be released over the weekend and offered some additional advice.
“If you are unable to apply the Threat Prevention-based mitigation at this time, you can still mitigate the impact of this vulnerability by temporarily disabling device telemetry until the device is upgraded to a fixed PAN-OS version,” Palo Alto said.
“Once upgraded, device telemetry should be re-enabled on the device.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
