PAN-OS GlobalProtect Command Injection Vulnerability

Released: Apr 12, 2024

Updated: Apr 26, 2024


Critical Severity

Palo Alto Vendor

Attack, Vulnerability Type


An actively exploited critical vulnerability in the PAN-OS Global Protect

The attack on PAN-OS GlobalProtect devices identified as CVE-2024-3400 allows a malicious actor to remotely exploit an unauthenticated command injection vulnerability that leads to remote code execution. Once established, the attacker can further collect configurations, deliver malware payloads and move laterally and internally. Learn More »

Common Vulnerabilities and Exposures

CVE-2024-3400

Background

The GlobalProtect Gateway provides security solution for roaming users by extending the same next-generation firewall-based policies.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


The FortiGuard is continuously monitoring and investigating the attack to increase protection coverages and reduce the attack surface.

April 15, 2024: FortiGuard released an IPS signature to detect and block exploitation attempts targetting edge devices.
Also, FortiGuard published an Outbreak walkthrough video.
https://www.fortiguard.com/encyclopedia/ips/55555

April 12, 2024: FortiGuard published this Outbreak Alert report.

April 12, 2024: FortiGuard issued a Threat Signal.
https://www.fortiguard.com/threat-signal-report/5423/pan-os-critical-flaw-in-globalprotect-gateway-cve-2024-3400

April 11, 2024: Palo Alto Networks released a security advisory on their GlobalProtect.
https://security.paloaltonetworks.com/CVE-2024-3400

April 10, 2024: Volexity identified zero-day exploitation of a vulnerability found within the GlobalProtect.
https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT
  • Lure

  • Decoy VM

  • AV

  • Web App Security

  • IPS

DETECT
  • IOC

  • Outbreak Detection

  • Threat Hunting

  • Playbook

RESPOND
  • Automated Response

  • Assisted Response Services

RECOVER
  • NOC/SOC Training

  • End-User Training

IDENTIFY
  • Attack Surface Hardening

  • Business Reputation

  • Attack Surface Monitoring (Inside & Outside)

  • Inventory Management

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Threat Activity

Last 30 days

Chg

Avg 0