On April 12, 2024, Palo Alto Networks warned that a critical vulnerability in the PAN-OS software used in their GlobalProtect Gateways was being actively exploited. A critical command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. These are the only versions of PAN-OS impacted by this vulnerability. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted.
Status
- This vulnerability has been issued a CVSS score of 10.
- Research is underway to determine whether or not Bitsight can detect this vulnerability.
See the resource center.
Feedback
0 comments
Please sign in to leave a comment.