GlobalProtect Users Beware: Hackers Exploiting Vulnerability Since March – Patch Now or Risk Attack!

Brace yourselves, cyber folks! Palo Alto’s Global Protect just turned “Global Vulnerable.” If you fancy a dash of arbitrary code execution with your network security, keep telemetry on. But why not play it safe and wait for the patch party? #GlobalProtectVulnerability

Hot Take:

Well, isn’t this a cybersecurity plot twist! Palo Alto Networks’ Global Protect is like that friend who offers to guard your fries and then eats them when you’re not looking. It’s always a little awkward when a company that’s supposed to protect you needs protection itself. Cue the sad trombone – another vulnerability has been exploited, and the exploit’s RSVP’d on GitHub for everyone’s hacking party.

Key Points:

  • Palo Alto Networks’ Global Protect has a vulnerability that’s been exploited since March, leading to arbitrary code execution.
  • Volexity discovered the vulnerability post-compromise of a customer.
  • The vulnerability is a party favorite now, with its own PoC exploit available to the public on GitHub.
  • Disabling telemetry in GlobalProtect can act as a temporary band-aid.
  • A patch is fashionably late but expected to make an entrance soon – check for updates with Palo Alto.
Title: PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway
Cve id: CVE-2024-3400
Cve state: PUBLISHED
Cve assigner short name: palo_alto
Cve date updated: 04/12/2024
Cve description: A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.

Need to know more?

The Unwanted Guest

Imagine throwing a house party and finding out that the bouncer you hired is actually letting in all the riffraff. That's essentially what happened with Palo Alto's Global Protect. The software, which is meant to be the digital bouncer for your network, was found with its security pants down, thanks to a vulnerability that's been in the wild since March. And just like that, arbitrary code execution became the uninvited guest that made itself at home in your systems.

Party Favors for Hackers

It's like Volexity was playing a cybersecurity game of Clue and found the vulnerability in the server room with the candlestick. After one of their clients got digitally burgled, they lifted the veil on this sneaky exploit. To make things more interesting, some generous soul posted a proof of concept (PoC) for the exploit on GitHub. It's like leaving the keys to the city under the doormat for all the cyber ne'er-do-wells to find.

Disabling the Disco Ball

If you're using GlobalProtect and have been grooving to the telemetry tunes, it might be time to hit pause. Palo Alto suggests that turning off telemetry is like telling everyone the party is over – it could help send the exploit attempts packing. If you're a subscriber to Palo Alto Threat Prevention, enabling Threat ID 95187 is like having a bouncer on bouncer action to block those exploit crashers.

Waiting for the Patch

The patch is like the cool latecomer to the party that everyone's waiting for. As of the writing of our source, it hasn't shown up yet, which means the vulnerability is still mingling with your network guests. Palo Alto Networks assures that the patch is en route, so keep refreshing your updates page like it's the tracking info for a package you really want.


In the soap opera that is cybersecurity, this episode features Palo Alto Networks in a bit of a pickle, with its Global Protect product not so global and not so protective. It’s a reminder to never take your eye off the security ball, because even the guardians need guarding. Until the patch strides in, disable that telemetry, enable those threat IDs, and keep a watchful eye on your digital shindig. And maybe, just maybe, next time we'll have a security product that's less of a backdoor welcome mat and more of a fortress gate. Until then, stay safe and keep your sense of humor – you're going to need it!

Tags: CVE-2024-3400, Global Protect Vulnerability, Palo Alto Networks, security advisory, Threat Prevention, vulnerability patch, zero-day exploit