Palo Alto Updates Remediation for Max-Critical Firewall Bug

  /     /     /  
Publicated : 23/11/2024   Category : security


Palo Alto Updates Remediation for Max-Critical Firewall Bug


Though PAN originally described the attacks exploiting the vulnerability as being limited, they are increasingly growing in volume, with more exploits disclosed by outside parties.



Palo Alto Networks (PAN) is sharing updated remediation information regarding a max-critical vulnerability that is actively being exploited in the wild.
The vulnerability, tracked as CVE-2024-3400, has a CVSS vulnerability-severity score of 10 out of 10, and can allow an unauthenticated threat actor to execute arbitrary code with root privileges on the firewall device,
according to the update
.
Present in PAN-OS 10.2, 11.0, and 11.1,
the flaw was originally disclosed
on April 12 after being discovered by researchers at Volexity.
PAN said that the number of attacks exploiting this vulnerability continue to grow and that proof of concepts for this vulnerability have been publicly disclosed by third parties.
The company is recommending that customers upgrade to a fixed version of PAN-OS, such as PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and all later PAN-OS versions, as this will fully protect their devices. PAN has also released additional hotfixes for other deployed maintenance releases.
PAN recommends that in order to mitigate the issue fully, customers should take actions based on suspected activity. For instance, if there has been probing or testing activity, users should update to the latest PAN-OS hotfix, and secure running-configs,
create a master key
and
elect AES-256-GCM
. This is defined as there being either no indication of a compromise, or evidence that the vulnerability being tested for on the device (i.e., a 0-byte file has been created and is resident on the firewall, but theres no indication of any known unauthorized command execution).
PAN-OS hotfixes sufficiently fix the vulnerability, according to the update. Private data reset or factory reset is not suggested as there is no indication of any known unauthorized command execution or exfiltration of files.
However, if a file on the device has been copied to a location accessible via a Web request (in most cases, the file being copied is running_config.xml, according to PAN), users should
perform a private data reset
, which eliminates risks of potential misuse of device data. And if theres evidence of interactive command execution (i.e., the presence of shell-based back doors, introduction of code, pulling files, running commands), PAN suggested doing a full factory reset.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Palo Alto Updates Remediation for Max-Critical Firewall Bug