CVE-2024-3400: Zero-Day Vulnerability in Palo Alto Networks PAN-OS GlobalProtect Gateway Exploited in the Wild | allinfosecnews.com

April 12, 2024, 5:19 p.m. | Scott Caveza

Cyber Exposure Alerts www.tenable.com

A critical severity command injection vulnerability in Palo Alto Networks PAN-OS has been exploited in limited targeted attacks. While a fix is not yet available, patches are expected to be released on April 14 and mitigation steps are available.

Background

On April 12, Palo Alto Networks released a security advisory for a critical command injection vulnerability affecting PAN-OS, the custom operating system (OS) Palo Alto Networks (PAN) uses in their next-generation firewalls.

CVEDescriptionCVSSv3SeverityCVE-2024-3400Command Injection Vulnerability in …

alto april attacks command command injection critical cve cve-2024 cve-2024-3400 exploited fix gateway globalprotect injection in the wild mitigation networks palo palo alto palo alto networks palo alto networks pan-os pan pan-os patches severity targeted attacks vulnerability zero-day zero-day vulnerability

More from www.tenable.com / Cyber Exposure Alerts

Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040) 4 days, 12 hours ago | www.tenable.com

addresses critical critical vulnerability cve +15

CVE-2024-21793, CVE-2024-26026: Proof of Concept Available for F5 BIG-IP Next Central Manager Vulnerabilities 1 week, 2 days ago | www.tenable.com

big big-ip big-ip next central manager centralized management +18

CVE-2024-20353, CVE-2024-20359: Frequently Asked Questions About ArcaneDoor 3 weeks, 2 days ago | www.tenable.com

adaptive security arcanedoor blog called +15

CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited 3 weeks, 4 days ago | www.tenable.com

advisory april crushftp customers +23

Oracle April 2024 Critical Patch Update Addresses 239 CVEs 1 month ago | www.tenable.com

addresses april cpu critical +12

CVE-2024-3400: Zero-Day Vulnerability in Palo Alto Networks PAN-OS GlobalProtect Gateway Exploited in the Wild 1 month ago | www.tenable.com

alto april attacks command +25

Microsoft’s April 2024 Patch Tuesday Addresses 147 CVEs (CVE-2024-29988) 1 month, 1 week ago | www.tenable.com

addresses april critical critical vulnerabilities +13

Frequently Asked Questions About CVE-2024-3094, A Backdoor in XZ Utils 1 month, 2 weeks ago | www.tenable.com

CVE-2023-48788: Critical Fortinet FortiClientEMS SQL Injection Vulnerability 2 months ago | www.tenable.com

address advisory arbitrary code attacker +20

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Sr. Staff Firmware Engineer – Networking & Firewall

@ Axiado | Bengaluru, India

View on infosec-jobs.com

Compliance Architect / Product Security Sr. Engineer/Expert (f/m/d)

@ SAP | Walldorf, DE, 69190

View on infosec-jobs.com

SAP Security Administrator

@ FARO Technologies | EMEA-Portugal

View on infosec-jobs.com