التنبيهات الأمنية

مستوى الخطورة: Critical

العنوان: 

CVE-2024-3400 PAN-OS

الوقت:

Friday April12, 2024

ملخص:

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

الأنظمة المتأثرة:

 PAN-OS versions 10.2

 PAN-OS versions 11.0

 PAN-OS versions 11.1

التوصيات:

upgrade version to  1.29.3 or Later

updating the affected versions to the fixed or latest versions released by Palo Alto Networks.

For PAN-OS 10.2: : 

- 10.2.9-h1 (Released 4/14/24)

- 10.2.8-h3 (ETA: 4/15/24)

- 10.2.7-h8 (ETA: 4/15/24)

- 10.2.6-h3 (ETA: 4/15/24)

- 10.2.5-h6 (ETA: 4/16/24) -

10.2.3-h13 (ETA: 4/17/24)

- 10.2.1-h2 (ETA: 4/17/24)

- 10.2.2-h5 (ETA: 4/18/24)

- 10.2.0-h3 (ETA: 4/18/24)

- 10.2.4-h16 (ETA: 4/19/24)

For PAN-OS 11.0 :

- 11.0.4-h1 (Released 4/14/24)

- 11.0.3-h10 (ETA: 4/15/24)

- 11.0.2-h4 (ETA: 4/16/24)

- 11.0.1-h4 (ETA: 4/17/24)

- 11.0.0-h3 (ETA: 4/18/24)

For PAN-OS 11.1: 

- 11.1.2-h3 (Released 4/14/24)

- 11.1.1-h1 (ETA: 4/16/24)

- 11.1.0-h3 (ETA: 4/17/24)

:المراجع

 للاطلاع على المراجع , أنقر هنا