**Name of the Vulnerable Software and Affected Versions:**

Palo Alto Networks PAN-OS versions 10.2, 11.0, and 11.1

**Description:**

Palo Alto Networks PAN-OS software contains a command injection vulnerability (CVE-2024-3400) in the GlobalProtect feature. This vulnerability allows an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. The vulnerability is due to arbitrary file creation, enabling a path traversal to write files and ultimately execute commands. Exploitation of this vulnerability has been observed in the wild, with some reports indicating activity as early as March 26, 2024. The threat actor, potentially linked to Operation MidnightEclipse, has been observed deploying malicious payloads, including Python-based backdoors. Approximately 24,000 IP addresses have been observed probing for vulnerable systems.

**Recommendations:**

Apply the hotfixes released by Palo Alto Networks to address this vulnerability. Disable device telemetry is no longer an effective mitigation. Preserve full tech support files before patching to aid in compromise detection.