Attackers exploit critical zero-day flaw in Palo Alto Networks firewalls

April 12, 2024


Network security vendor Palo Alto Networks released mitigation instructions for an actively exploited vulnerability in PAN-OS, the software that powers its next-generation firewall (NGFW) products. The company is still working on developing software patches.

The vulnerability, tracked as CVE-2024-3400, is described as a command injection issue and is located in the GlobalProtect feature of PAN-OS. Successful exploitation allows unauthenticated attackers to execute arbitrary code with root privileges on the system.

Read More on CSO Online