Critical vulnerability in Palo Alto firewalls

18.04.2024 - The NCSC warns of the security vulnerability in Palo Alto's Next-Generation Firewall (NGFW). These firewalls are mainly used by companies and public authorities. They have a critical vulnerability that is already being exploited by cyber criminals. The attackers exploit the vulnerability to execute commands. The NCSC has already received corresponding reports from organisations in Switzerland. The NCSC recommends installing the security updates as quickly as possible or even reinstalling the NGFW if possible.

Melden Sie Schwachstellen

On April 12 2024, the US manufacturer of firewall solutions Palo Alto publicly disclosed a critical vulnerability in PAN-OS. Palo Alto's products are mainly used in companies. The critical vulnerability allows an attacker to remotely execute arbitrary code on vulnerable devices and thereby compromise them (CVE-2024-3400).

On April 18 2024, the NCSC received several reports from organizations in Switzerland showing widespread attacks on the aforementioned vulnerability. The NCSC therefore strongly advises organizations to apply the security patch released by Palo Alto as soon as possible. Devices that have already been demonstrably compromised or are suspected of being compromised should be urgently reinstalled. We also recommend checking the log files of Palo Alto devices for the last 48 hours for suspicious activity.

Together with national partners, NCSC has taken measures to minimize the risk exposure of Swiss companies. In addition, operators of critical infrastructures that operate a vulnerable Palo Alto device were actively informed by the NCSC.

Palo Alto Advisory:

Vulnerable versions:

  • PAN-OS 10.2 (versions before 10.2.5-h6, 10.2.6-h3, 10.2.7-h8, 10.2.8-h3 and 10.2.9-h1)
  • PAN-OS 11.0 (versions before 11.0.2-h4, 11.0.3-h10 and 11.0.4-h1)
  • PAN-OS 11.1 (versions prior to 11.1.0-h3, 11.1.1-h1 and 11.1.2-h3).