The National Computer Emergency Response Team (NCERT) issued a critical warning today regarding a severe vulnerability in Palo Alto Networks’ PAN-OS firewall software.
This flaw, identified as CVE-2024-3400, grants attackers the ability to remotely hijack affected firewalls, completely bypassing security protocols. Firewalls act as a crucial line of defense for computer networks, making this vulnerability a significant threat.
The advisory emphasizes that attackers are actively exploiting CVE-2024-3400. Notably, PAN-OS versions 10.2, 11.0, and 11.1 are susceptible, especially when both the GlobalProtect gateway and device telemetry features are enabled. Fortunately, Palo Alto Networks has released hotfixes to address the issue. NCERT strongly urges users to install these hotfixes as soon as possible.
While permanent security patches are in development, the advisory offers temporary mitigation strategies. These include activating a specific Threat ID for users with Threat Prevention subscriptions, configuring vulnerability protection on specific interfaces, and disabling a particular telemetry feature.
NCERT stresses the importance of proactive cybersecurity practices beyond this specific vulnerability. They recommend organizations regularly review and update security configurations, maintain constant vigilance for suspicious network activity, and establish a response plan for handling security incidents effectively. Implementing these recommendations and applying the available hotfixes can significantly reduce the risk of compromise.
