Palo Alto Networks on Friday issued a critical warning about a vulnerability under attack in the PAN-OS software used in its firewall-slash-VPN products.
The Zero Day Bug was found in popular firewalls
The command injection flaw, with an unwelcome peak CVSS severity score of 10 out of 10, could allow an unauthenticated attacker to execute remote code with root privileges on an affected gateway, which is not ideal, to say the least. It can essentially be exploited to take complete control of the equipment and drill into the victims' networks.
Updates to fully fix this serious hole will arrive by Sunday, April 14, we're told.
CVE-2024-3400 affects PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewall configurations with a GlobalProtect gateway and device telemetry enabled.