Pan-OS

2024: Recognition of the existence of a critical hole. Tens of thousands of firewalls hacked

On April 12, 2024, Palo Alto Networks announced the discovery of a critical zero-day vulnerability in its Pan-OS firewalls. The breach, which is actively exploited by cybercriminals, allows you to seize full control of the device and then penetrate the victim's IT infrastructure.

Information about the problem is contained in the CVE-2024-3400 bulletin. The vulnerability received a maximum hazard rating of 10 points out of 10 (CVSS), since it does not require any special privileges or actions on the part of the victim to use it. The hole is present in Palo Alto Networks firewalls running Pan-OS 10.2, Pan-OS 11.0 and Pan-OS 11.1 operating systems. As of mid-April 2024, about 82 thousand such devices were installed worldwide, of which about 40% are in the United States.

Unsplash

The problem affects a virtual private network (VPN) module called GlobalProtect, which is part of Pan-OS. An attack is possible only if telemetry is enabled on the device. This system allows you to collect certain data that can be used to detect technical problems, schedule updates and detect malicious activity.

Since the firewall is one of the key components of the cybersecurity platform, hacking such a system can result in huge losses for the victim company. Attackers, having penetrated the internal network of the organization, are able to steal confidential information or encrypt it for the purpose of subsequently obtaining a ransom. Palo Alto Networks specialists are developing a patch to fix the hole. As a temporary protection measure, users of vulnerable devices are advised to disable telemetry tools.^[1]

Notes