Critical vulnerability on Palo Alto Networks PAN-OS (CVE-2024-3400)
The CSSF has been made aware of a recent critical vulnerability: a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software, referred to as CVE-2024-3400. This vulnerability can allow an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
CIRCL, the Computer Incident Center Luxembourg, published a technical report on this subject, including recommendations, available at this URL: https://circl.lu/pub/tr-84/.
The CSSF strongly recommends all supervised entities concerned to take duly note of this report and to take actions as appropriate.