CVE-2024-3400: Critical Command Injection Vulnerability in Palo Alto Networks Firewalls


On Friday, April 12, Palo Alto Networks published an advisory on CVE-2024-3400, a CVSS 10 zero-day vulnerability in several versions of PAN-OS, the operating system that runs on the company’s firewalls.

According to the vendor advisory, if conditions for exploitability are met, the vulnerability may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Patches are available for some versions as of Sunday, April 14, 2024.

Read more…
Source: Rapid7


Sign up for our Newsletter


Related:

  • AMD Acknowledges Newly Disclosed Flaws In Its Processors — Patches Coming Soon

    March 20, 2018

    MD has finally acknowledged 13 critical vulnerabilities, and exploitable backdoors in its Ryzen and EPYC processors disclosed earlier this month by Israel-based CTS Labs and promised to roll out firmware patches for millions of affected devices ‘in the coming weeks.’ According to CTS-Labs researchers, critical vulnerabilities (RyzenFall, MasterKey, Fallout, and Chimera) that affect AMD’s Platform Security ...

  • Spring break! Critical vuln in Pivotal framework’s Data parts plugged

    March 5, 2018

    Pivotal’s Spring Data REST project has a serious security hole that needs patching. Pivotal’s Spring Framework is a popular platform for building web apps. Spring Data REST is a collection of additional components for devs to build Java applications that offer RESTful APIs to underlying Spring Data repositories. These interfaces are widely used. Read more… Source: The Register  

  • Bug in HP Remote Management Tool Leaves Servers Open to Attack

    March 1, 2018

    Hewlett Packard Enterprise has patched a vulnerability in its remote management hardware called Integrated Lights-Out 3 that is used in its popular line of HP ProLiant servers. The bug allows an attacker to launch an unauthenticated remote denial of service attack that could contribute to a crippling on vulnerable datacenters under some conditions. The vulnerability (CVE-2017-8987) ...

  • Massive Malspam Campaign Targets Unpatched Systems

    February 27, 2018

    Cybercriminals are leveraging a recently patched critical Adobe Flash Player vulnerability in a massive spam campaign targeting unpatched computers. According to the research firm Morphisec, cybercriminals are blasting spam messages that urge recipients to click a link to download a Word document. And when a victim opens the document and enables macros, malware attempts to exploit an ...

  • Smart meters could leave British homes vulnerable to cyber attacks, experts have warned

    February 18, 2018

    New smart energy meters that the Government wants to be installed in millions of homes will leave householders vulnerable to cyber attacks, ministers have been warned. The intelligence agency GCHQ is said to have raised concerns over the security of the meters, which could enable hackers to steal personal details and defraud consumers by tampering with ...

  • Word-based Malware Attack Doesn’t Use Macros

    February 15, 2018

    Typically, inbox-based attacks that include malicious Microsoft Office attachments require adversaries to trick users into enabling macros. But researchers say they have identified a new malicious email campaign that uses booby-trapped Office attachments that are macro-free. The attacks do not generate the same type of default warning from Microsoft associated with macro-based attacks, according to research ...