Palo Alto Networks Warns of Actively Exploited Firewall Zero-Day Vulnerability

Palo Alto Networks issued a security warning about a critical-severity zero-day vulnerability in PAN-OS affecting the User-ID Authentication Portal, which is actively being exploited in attacks. The flaw, identified as CVE-2024-3400 with a CVSS score of 10.0, allows unauthenticated remote code execution (RCE) on vulnerable firewalls. The vulnerability impacts PAN-OS 10.2, 11.0, and 11.1 versions with GlobalProtect gateway or portal enabled and telemetry features active. Palo Alto Networks has not yet released a patch but provided mitigations, including disabling telemetry or applying Threat Prevention-based protections. The company confirmed evidence of limited exploitation targeting firewall devices. No specific threat actor or attack timeline was disclosed.