Palo Alto Networks (PAN-OS) Products April 2024 Security Update Advisory
Overview
Palo Alto Networks(https://www.paloaltonetworks.com/) has released a security update that fixes vulnerabilities in products it has been made. users of affected products are advised to update to the latest version.
Affected Products
- PAN-OS prior to version 11.1.2-h3
- PAN-OS 11.0.4-h1 and prior to version 11.0.4-h1
- PAN-OS prior to version 10.2.9-h1
This vulnerability only applies to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect Gateway or GlobalProtect Portal (or both) and with device telemetry enabled.
Cloud NGFWs, Panorama appliances, and Prisma Access are not affected by this vulnerability; all other versions of PAN-OS are also unaffected.
Resolved Vulnerabilities
Command injection vulnerability in the GlobalProtect feature in PAN-OS, which could allow an unauthenticated attacker to execute arbitrary code with root privileges on the firewall (CVE-2024-3400, CVSS 10) [1]
Vulnerability Patches
The April 12, 2024 update provided the following product-specific Vulnerability Patches information
PAN-OS 11.1.2-h3 (planned patch 4/14) and later versions
PAN-OS 11.0.4-h1 (planned 4/14 patch) and later versions
PAN-OS 10.2.9-h1 (planned 4/14 patch) and later
Referenced Sites
[1] PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway