A critical command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
This vulnerability only affects devices that have configured Global Protect Gateways and enabled device telemetry, sending data back to Palo Alto Networks. Device telemetry is not enabled by default.'
Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. These are the only versions of PAN-OS impacted by this vulnerability. Cloud NGFW, Panorama appliances, and Prisma Access are also not impacted.
Impacted Systems
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
Remediation & Mitigation
Palo Alto indicates that a patch will be available by Sunday, April 14, 2024.
Bitsight’s 4th party visibility can help you identify third parties leveraging PAN-OS. This does not indicate the version of the product in use or whether the organization is exposed to this vulnerability, but does show with high confidence that a PAN-OS product is in use. We recommend reaching out to affected organizations to determine whether they are running a vulnerable version.
If you have Palo Alto Devices on premises, users can check whether the devices support the affected OS using Palo Alto’s compatibility matrix. If you have a vulnerable device running vulnerable PAN-OS software, you can mitigate the threat by disabling telemetry. Additionally, if you subscribe to Palo Alto’s Threat Detection subscription, they have released a rule to block attempts to exploit this vulnerability.
Feedback
0 comments
Please sign in to leave a comment.