Source: Ministry of education information & communication security contingency platform
Publication Number | TACERT-ANA-2024041604040505 | Publication Time | 2024/04/16 16:38 |
Incident Type | ANA-Vulnerability Alert | Discovery Time | 2024/04/16 16:38 |
Impact Level | Medium | ||
[Subject] 【Vulnerability Alert】Palo Alto Networks PAN-OS is affected by a high-risk security vulnerability (CVE-2024-3400). Please promptly verify and apply patches! |
|||
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202404-00000076 Researchers have discovered an operating system command injection (OS Command Injection) vulnerability (CVE-2024-3400) in Palo Alto Networks PAN-OS. Remote attackers without authentication can exploit this vulnerability to execute arbitrary code on the firewall with the highest privilege (root). The vulnerability is currently being exploited by hackers. Please promptly verify and apply patches. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
[Affected Platform] ●PAN-OS 10.2.9-h1 (excluding) ●PAN-OS 11.0.4-h1 (excluding) ●PAN-OS 11.1.2-h3 (excluding) |
|||
[Recommended Actions] Official fixes have been released by the vendor. Please update to the following versions: ●For PAN-OS 10.2 series, update to version 10.2.9-h1 or later. ●For PAN-OS 11.0 series, update to version 11.0.4-h1 or later. ●For PAN-OS 11.1 series, update to version 11.1.2-h3 or later. |
|||
[Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2024-3400 2. https://security.paloaltonetworks.com/CVE-2024-3400 |