Due to a vulnerability discovered on Wednesday (CVE-2024-3400), Palo Alto Networks is working on releasing a critical security hotfix for the following versions of PAN-OS : 10.2.9-h1, 11.0.4-h1, and 11.1.2-h3. This critical security hotfix is to patch a vulnerability that was discovered with a CVSS severity score of 10 out of 10.
The exploit allows an attacker remote code execution (RCE) with root privileges which would allow them to take control of the affected gateway. This potentially gives an attacker unauthorised access to sensitive networks, data and the potential to further compromise the network.
The current advice from Palo Alto Networks is to enable the threat prevention based mitigation for Threat ID 95187 if you have an active “threat prevention” subscription. If you do not have the Threat Prevention service, then it is recommended to temporarily disable device telemetry until the system is updated to a patched version of PAN-OS.
As always, Indelible Data recommends signing up to newsletter bulletins to keep ahead of any attackers looking to exploit such vulnerabilities. As well as ensuring to install critical and high risk security patches as soon as possible but within a maximum of 14 days.