UPDATED 14:26 EDT / APRIL 12 2024


Palo Alto Networks discloses critical vulnerability in its firewall operating system

Palo Alto Networks Inc. today disclosed a vulnerability in its Pan-OS firewall operating system that is being actively targeted by hackers.

The exploit, which is tracked as CVE-2024-3400, has received the highest possible score in the CVSS threat severity evaluation system. It’s believed tens of thousands of firewalls could be affected worldwide.

Nasdaq-listed Palo Alto Networks is a major cybersecurity provider with more than 85,000 customers worldwide. It sells a line of firewalls that enterprises use to detect and block malicious traffic in their networks. CVE-2024-3400 was discovered by cybersecurity company Volexity in Pan-OS, the operating system that powers those firewalls.

The vulnerability affects a virtual private network, or VPN, tool called GlobalProtect that ships with Pan-OS. The tool allows workers to log into their company’s business applications via encrypted connections. CVE-2024-3400 can be used by hackers to bypass GlobalProtect’s cybersecurity mechanisms and run malicious commands on Pan-OS.

The exploit is caused by “improper neutralization of special elements used in a command,” Palo Alto Networks detailed. One way hackers can compromise an operating system is by entering input that contains malicious code. Programs typically have mechanisms that filter such as input, but in the case of Pan-OS and GlobalProtect, malicious commands sent by hackers can get through.

CVE-2024-3400 affects three relatively recent versions of Pan-OS that were released after 2022. According o Palo Alto Networks, hackers can only exploit the vulnerability if a Pan-OS firewall has a feature called Device Telemetry enabled. The feature collects technical data about firewall deployments that customers can use to detect technical issues, plan upgrades and spot malicious activity.

CVE-2024-3400 received the maximum 10.0 score in CVSS, a system used to rank the severity of software vulnerabilities. One reason the flaw represents such a major risk is that it’s easy for hackers to exploit. Launching a cyberattack using CVE-2024-3400 requires a limited amount of effort, can be done in an automated manner with scripts and doesn’t require gaining login credentials to the targeted firewall.

Another factor that contributed to the high severity score is the potential impact on customers. Because a company’s firewall is a central pillar of its cybersecurity operations, compromising the system can make it significantly easier for hackers to steal data.

Palo Alto Networks stated in an advisory that it’s “aware of a limited number of attacks that leverage the exploitation of this vulnerability.” BleepingComputer, citing cybersecurity researcher Yutaka Sejiyama, reported that there are currently 82,000 vulnerable firewalls worldwide. About 40% of those systems are located in the U.S.

Palo Alto Networks expects to release a patch for the affected Pan-OS versions by Sunday. In the meantime, it’s possible to neutralize CVE-2024-3400 by disabling the operating system’s Device Telemetry feature. Customers may also use a Palo Alto Networks threat intelligence service called Threat Prevention to mitigate the vulnerability until the patches become available.

CVE-2024-3400 has caught the attention of the U.S. Cybersecurity and Infrastructure Security Agency. In a memo released today, CISA officials instructed federal agencies to patch any affected Pan-OS firewalls they may be using by April 19.

Photo: Palo Alto Networks

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy