Understanding the Recent Palo Alto Networks Vulnerability

What is the recent vulnerability? 

Cybersecurity provider, Palo Alto Networks, announced a Critical vulnerability on April 12th. Initially, in this announcement, they stated that appliances with Device Telemetry disabled were not impacted or at risk. However, on 4/16, Palo Alto discovered that devices with and without device telemetry are all impacted, delaying the response to this vulnerability for many. The vulnerability, labeled CVE-2024-3400 PAN-OS puts Palo Alto Networks devices at risk of potential exploitation by malicious actors. If exploited, the vulnerability can be leveraged to infiltrate networks, exfiltrate sensitive data, or launch disruptive cyberattacks, posing significant operational, financial, and reputational risks for Palo Alto users. This serves as a stark reminder that no business is immune to cyber threats, not even those dedicated to safeguarding others from such dangers. 

What should Palo Alto customers do to keep their business’ safe? 

In response to the vulnerability, Palo Alto Networks acted swiftly to develop and release patches, updates, or workarounds to address the underlying issue. In addition to the efforts from Palo Alto, your organization’s cybersecurity team should enable VPP, perform recommended checks suggested by Palo to find indicators of exploitation, and implement additional security measures to mitigate the risk of exposure. Businesses should also continue to monitor their systems for suspicious activities.  

Entara stands ready to assist your business with immediate support and guidance if you have been impacted by the Palo Alto vulnerability or if you are unsure how to best evaluate your network to confirm you have not been impacted. To proactively aid our community and partners in mitigating potential adverse effects of the recent Palo Alto vulnerability, Entara’s seasoned cybersecurity team is ready to offer you immediate support and guidance.  

If you identify indicators of exploit activity regarding CVE-2024-3400, we recommend that you engage your Incident Response Plan and take the steps recommended in the Security Advisory for CVE-2024-3400 immediately to prevent further risk to your organization. This includes applying the hotfix as soon as possible if you have not already.

If you believe your systems may have been compromised due to the vulnerability, promptly reach out to us here for assistance within 15 minutes. 

 We can assist you with: 

  • Upgrading to the Patched hotfix versions
  • Factory reset of your Palo Alto firewall
  • Forensic investigation including artifact gathering by deploying a log collection tool during a screen-sharing session
  • Restoring your compromised environment back to a stable state
Scroll to Top