Share this article on:
Previous mitigation advice no longer stands as hackers continue to take advantage of the flaw in several Palo Alto firewall products.
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has updated its PAN-OS critical alert, which it originally circulated on 15 April.
At the time, Palo Alto and the ACSC advised that CVE-2024-3400 – a vulnerability that can lead to a threat actor running arbitrary code using root privileges – could be mitigated by disabling device telemetry.
However, that is no longer the case.
“In earlier versions of Palo Alto’s advisory, disabling device telemetry was listed as a secondary mitigation action,” the ACSC said in an updated Alert circulated on 17 April.
“Disabling device telemetry is no longer an effective mitigation. Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.”
CVE-2024-3400 affects PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls. Previous advice said that the vulnerability only affected firewalls with device telemetry and GlobalProtect gateways enabled. That, too, is no longer the case.
“Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability,” the ACSC said today.
The ACSC advises that “organisations [that] have a Palo Alto Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187”.
You can read Palo Alto’s full advisory here.
Henry Harrison, Chief Scientist at and Co-Founder of Garrison Technology, feels that while not all vulnerabilities are equal, this one is pretty significant - but it's a sign of a larger issue.
"Every week sees a flood of software vulnerabilities; they are not normally news. Occasionally, as in the past few weeks, some vulnerabilities become newsworthy, and inevitably some software vendors seek to capitalize on their competitors' woes by claiming that they are in some way "better." But vulnerabilities are a plague for all software, whether it’s branded as Zero Trust, AI-enabled, or any number of other buzzwords," Harrison told Cyber Daily via email.
"Only a few initiatives are really trying to address the underlying problems of software vulnerability - generally by looking at different silicon (e.g., FPGAs) and different underlying computer science architectures instead of using traditional CPUs and software approaches – and only a very few of those initiatives have any production-grade security solutions available today."
,
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.