Palo Alto Networks Warns of Critical SSL VPN Vulnerability
Palo Alto Networks has issued a warning about a critical vulnerability in its PAN-OS GlobalProtect system. Since late September, honeypots have detected thousands of TCP connections probing SSL VPN portals, exploiting a high-severity flaw (CVE-2024-3400).
The vulnerability, discovered by Palo Alto Networks, allows unauthenticated attackers to create arbitrary files on vulnerable firewalls. One IP address, 141.98.82.26, has been repeatedly exploiting the lack of session ID validation. The goal? OS command injection and full root code execution.
Security researchers have observed a significant increase in internet-wide scans targeting this networking issue. To mitigate, administrators are advised to upgrade to the fixed PAN-OS versions immediately. Additionally, Threat Prevention signatures can be deployed to block initial arbitrary file creation interactions at the GlobalProtect interface. Operators should also inspect GPSvc logs for anomalous session ID strings to detect exploitation attempts.
Palo Alto Networks urges administrators to take immediate action to protect their systems. Upgrade to the fixed PAN-OS versions, deploy Threat Prevention signatures, and monitor logs for suspicious activity. Staying vigilant and proactive is crucial in the face of this critical vulnerability.
