Defender support for CVE-2024-3400 affecting Palo Alto Networks firewalls

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

On April 12, Palo Alto Networks released a security advisory on CVE-2024-3400, a critical vulnerability affecting several versions of PAN-OS, the operating system that runs on the company’s firewalls. According to the vendor advisory, the vulnerability may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Patches are expected to be available by April 14, 2024.

Note: Palo Alto Networks customers are only vulnerable if they are using PAN-OS 10.2, PAN-OS 11.0, and/or PAN-OS 11.1 firewalls with the configurations for both GlobalProtect gateway and/or GlobalProtect portal and device telemetry enabled.

Palo Alto Networks’ advisory indicates that CVE-2024-3400 has been exploited in the wild in “a limited number of attacks.” The company has given the vulnerability their highest urgency rating. Palo Alto Networks has released an in-depth blog on the scope of the attack, indicators of compromise, and adversary behavior observations. We highly recommend reviewing both the blog and the advisory for latest information. 

Identify affected devices with Defender Vulnerability Management

The following Advanced Hunting query provides a list of the potentially vulnerable devices with PAN-OS affected versions:

DeviceTvmSoftwareInventory

| where SoftwareName has "pan-os"

| where SoftwareVersion startswith "11.1." or SoftwareVersion startswith "11.0." or SoftwareVersion startswith "10.2."

| summarize by DeviceId, DeviceName, SoftwareName, SoftwareVersion

Mitigation guidance

For additional information and the latest remediation guidance, please see Palo Alto Networks’ advisory.

Palo Alto Networks has indicated that hotfix releases of PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, and PAN-OS 11.1.2-h3 are expected to be released by April 14.

We will update this blog with information and guidance as needed.