The National Computer Emergency Response Team (NCERT) issued a stark warning about a critical vulnerability in Palo Alto Networks’ PAN-OS firewall software.
This flaw, identified as CVE-2024-3400, allows attackers to remotely take complete control of affected firewalls, bypassing any authentication measures. Firewalls are a vital security layer protecting computer networks, making this vulnerability a significant threat.
The advisory highlights that attackers are actively exploiting CVE-2024-3400. NCERT warns that PAN-OS versions 10.2, 11.0, and 11.1 are susceptible, particularly when both the GlobalProtect gateway and device telemetry features are enabled. Fortunately, Palo Alto Networks has released hotfixes to address the issue. NCERT urges users to install these hotfixes immediately.
While permanent security patches are forthcoming, the advisory outlines additional mitigation strategies. These include activating a specific Threat ID for users with Threat Prevention subscriptions, configuring vulnerability protection on specific interfaces, and disabling a particular telemetry feature.
NCERT emphasizes the importance of proactive network security practices beyond this specific vulnerability. They recommend organizations regularly review and update security configurations, continuously monitor network activity for suspicious behavior, and have a response plan in place to effectively address security incidents. Following these recommendations and applying the available hotfixes can significantly reduce the risk of being compromised.
