【Vulnerability Alert】Palo Alto Networks PAN-OS is affected by a high-risk security vulnerability (CVE-2024-3400). Please promptly verify and apply patches!
publish date :
2024-04-17
update date :
2024-04-17
Source: Ministry of education information & communication security contingency platform
Publication Number | TACERT-ANA-2024041604040505 | Publication Time | 2024/04/16 16:38 |
Incident Type | ANA-Vulnerability Alert | Discovery Time | 2024/04/16 16:38 |
Impact Level | Medium | ||
[Subject] 【Vulnerability Alert】Palo Alto Networks PAN-OS is affected by a high-risk security vulnerability (CVE-2024-3400). Please promptly verify and apply patches! |
|||
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202404-00000076 Researchers have discovered an operating system command injection (OS Command Injection) vulnerability (CVE-2024-3400) in Palo Alto Networks PAN-OS. Remote attackers without authentication can exploit this vulnerability to execute arbitrary code on the firewall with the highest privilege (root). The vulnerability is currently being exploited by hackers. Please promptly verify and apply patches. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
[Affected Platform] ●PAN-OS 10.2.9-h1 (excluding) ●PAN-OS 11.0.4-h1 (excluding) ●PAN-OS 11.1.2-h3 (excluding) |
|||
[Recommended Actions] Official fixes have been released by the vendor. Please update to the following versions: ●For PAN-OS 10.2 series, update to version 10.2.9-h1 or later. ●For PAN-OS 11.0 series, update to version 11.0.4-h1 or later. ●For PAN-OS 11.1 series, update to version 11.1.2-h3 or later. |
|||
[Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2024-3400 2. https://security.paloaltonetworks.com/CVE-2024-3400 |
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center