Topic starter
13/04/2024 5:53 pm
Palo Alto Networks has published a security advisory detailing a command injection flaw, tracked as CVE-2024-3400, in the GlobalProtect gateway feature of the vendor's PAN-OS software for next-generation firewalls. The zero-day vulnerability affects specific versions of the OS and "distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall," the company said.
The remote code injection (RCE) vulnerability, which was discovered by cybersecurity vendor Volexity, received a CVSS score of 10.