PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400)

What is the vulnerability/attack?
A critical unauthenticated remote code injection vulnerability in the PAN-OS GlobalProtect Gateway was discovered. This vulnerability tracked under CVE-2024-3400 has a CVSS rating of 10.0. The GlobalProtect Gateway provides security solution for roaming users by extending the same next-generation firewall-based policies. According to the vendor advisory, active exploitation is on-going.

What is the recommended Mitigation?

The vendor has released a threat prevention signature on April 12th. And, they recently released firmware support withhotfix releases of PAN-OS. …

advisory attack code code injection code injection vulnerability critical critical flaw cve cve-2024 cve-2024-3400 cvss exploitation firewall flaw gateway globalprotect injection next pan pan-os policies rating remote code roaming security solution unauthenticated under vendor vulnerability what is