CVE-2024-3400£üPalo Alto Networks PAN-OS ÃüÁî×¢È멶´

0x00 Ç°ÑÔ

ÅÉÍØÍøÂ磨Palo Alto Networks£©ÊÇÒ»¼ÒÍøÂ簲ȫ¹«Ë¾£¬×ܲ¿Î»ÓÚÃÀ¹ú¼ÓÀû¸£ÄáÑÇÖÝÊ¥¿ËÀ­À­ÊС£¹«Ë¾µÄºËÐIJúƷΪ¡°ÏÂÒ»´ú·À»ðǽ¡±£¨Next-Generation Firewall£©Æ½Ì¨£¬ÌṩÍøÂç»î¶¯µÄ¿ÉÊÓ»¯ÄÜÁ¦£¬¿É»ùÓÚÓ¦Óã¨App-ID£©¡¢Óû§£¨User-ID£©ÓëÄÚÈÝ£¨Content-ID£©½øÐÐÍøÂç»î¶¯µÄ¾«Ï¸»¯¿ØÖÆ£¬Í¬Ê±Ìṩ»ùÓÚÔƵݲȫ·þÎñ£¨GlobalProtectÓëWildFire£©À´ÍØÕ¹·À»ðǽµÄ°²È«ÐÔ¡£

0x01 ©¶´ÃèÊö

Palo Alto NetworksÕë¶ÔÌض¨PAN-OS°æ±¾ºÍ²»Í¬¹¦ÄÜÅäÖõÄPAN-OSÈí¼þµÄGlobalProtect¹¦ÄÜÖдæÔÚÃüÁî×¢È멶´£¬Õâ¿ÉÄÜʹδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷ÕßÄܹ»ÔÚ·À»ðǽÉÏÒÔrootȨÏÞÖ´ÐÐÈÎÒâ´úÂë¡£

½öÊÊÓÃÓÚÆôÓÃÁËGlobalProtect gateway(Network > GlobalProtect > Gateways)ºÍdevice telemetry(Device > Setup > Telemetry)µÄPAN-OS 10.2¡¢PAN-OS 11.0ºÍPAN-OS 11.1·À»ðǽ¡£

0x02 CVE񅧏 CVE-2024-3400

0x03 Ó°Ïì°æ±¾

PAN-OS 11.1 < 11.1.2-h3

PAN-OS 11.0 < 11.0.4-h1

PAN-OS 10.2 < 10.2.9-h1

0x04 ©¶´ÏêÇé

https://security.paloaltonetworks.com/CVE-2024-3400

0x05 ²Î¿¼Á´½Ó

https://security.paloaltonetworks.com/CVE-2024-3400