Network security vendor Palo Alto Networks released mitigation instructions for an actively exploited vulnerability in PAN-OS, the software that powers its next-generation firewall (NGFW) products. The company is still working on developing software patches.
The vulnerability, tracked as CVE-2024-3400, is described as a command injection issue and is located in the GlobalProtect feature of PAN-OS. Successful exploitation allows unauthenticated attackers to execute arbitrary code with root privileges on the system.