Techly NewsGet the app

Get the latest tech news

Palo Alto – Putting the Protecc in GlobalProtect (CVE-2024-3400)


Welcome to April 2024, again. We’re back, again. Over the weekend, we were all greeted by now-familiar news—a nation-state was exploiting a “sophisticated” vulnerability for full compromise in yet another enterprise-grade SSLVPN device. We’ve seen all the commentary around the certification process of these devices for certain

Fun fact: partway through our investigations, Palo Alto took the step of removing the vulnerable version of their software from the AWS Marketplace - so if you’re looking to follow along with our research at home, you may find doing so quite difficult. We can verify this is the case by writing a file to the webroot of the appliance, in a location we can hit from an unauthenticated perspective, with the following HTTP request (and loaded SESSID cookie value). The Twitter account https://twitter.com/year_progress puts our SSLVPN posts in contextAs we said above, we have no doubt that there will be mixed opinions about the release of this analysis - but, patches and mitigations are available from Palo Alto themselves, and we should not be forced to live in a world where only the “bad guys” can figure out if a host is vulnerable, and organisations cannot determine their exposure.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Palo Alto

Palo Alto

Photo of cve-2024

cve-2024

Photo of protecc

protecc

Related news:

News photo

Palo Alto Networks PAN-OS Zero-Day Exploitation

News photo

Unauthenticated, RCE vulnerability in Palo Alto firewalls, exploits in the wild

News photo

Palo Alto Networks Plunges by Most Ever After Cutting Outlook

« Apriora (YC W24) is hiring a founding full-stack engineer
Amazon HQ2 was supposed to add jobs last year. It shed them instead »