Vulnérabilité critique sur Palo Alto Networks PAN-OS (CVE-2024-3400) (uniquement en anglais)

The CSSF has been made aware of a recent critical vulnerability: a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software, referred to as CVE-2024-3400. This vulnerability can allow an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

CIRCL, the Computer Incident Center Luxembourg, published a technical report on this subject, including recommendations, available at this URL: https://circl.lu/pub/tr-84/.

The CSSF strongly recommends all supervised entities concerned to take duly note of this report and to take actions as appropriate.