Critical vulnerability on Palo Alto Networks PAN-OS (CVE-2024-3400)

The CSSF has been made aware of a recent critical vulnerability: a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software, referred to as CVE-2024-3400. This vulnerability can allow an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

CIRCL, the Computer Incident Center Luxembourg, published a technical report on this subject, including recommendations, available at this URL:

The CSSF strongly recommends all supervised entities concerned to take duly note of this report and to take actions as appropriate.