Critical Vulnerabilities and Exposures: Palo Alto GlobalProtect Vulnerability
On April 12, 2024 Palo Alto Networks announced an OS injection vulnerability in their GlobalProtect solution, and has hotfixes in various stages of development to address it. This document provides an overview of steps you can take to protect your organization and your third-party network, as well as a summary of our investigation and mitigation efforts.
Description
Palo Alto GlobalProtect is a secure remote-access tool that facilitates least-privilege remote access within a network. Palo Alto provides network services and products to organizations of all industries and sizes worldwide, and as a result this vulnerability could have widespread implications for organizations of all sizes and industries across the world.
Severity and Impact
CVE-2024-3400 has been given a CRITICAL Severity, which indicates severe potential impact and is highly likely to be exploitable with potential to unauthorized access, privilege escalation, and data exfiltration.
It is important to quickly assess the impact and risk both internally and within your third-party population. Take action now and follow these steps :
Step 1: Determine if you are at risk.
- Click here to find out if you are running a vulnerable version of Palo Alto GlobalProtect. If so, Palo Alto strongly advises customers to immediately upgrade to a fixed version of PAN-OS to protect their devices even when workarounds and mitigations have been applied.
- To assess whether your third parties are vulnerable, customers can access the Palo Alto GlobalProtect Vulnerability Response Questionnaire in the Whistic platform under our Questionnaire Standards Library by clicking here.
Step 2: Immediately patch systems that have been impacted.
- Make sure your team is aware of the Vulnerability and the rolling release schedule here from April 12-April 19.
- Determine which applications and infrastructure are using affected versions of Palo Alto GlobalProtect.
- Update any vulnerable Palo Alto GlobalProtect installations.
Does This Affect Whistic?
As a result of our investigation, we have determined that this vulnerability (CVE-2024-2400) does not directly impact Whistic. Whistic does not use any Palo Alto services, tools, or technologies. We have a structured approach to vulnerability identification and remediation using technologies in both the development lifecycle and in our stage and production environments.