topic Re: Query regarding CVE-2024-3400 in Advanced Threat Prevention Discussions

Query regarding CVE-2024-3400

M.Sharma415844 — Sun, 14 Apr 2024 15:19:26 GMT

Hi Team,

Please help me to understand the below:

Firewall 1 - 10.2, GP portal & Gateway, Device telemetry enabled

Firewall 2 - 10.2, only GP portal & gateway, no device telemetry enabled

Firewall 3 - 10.2, no GP portal and gateway, only device telemetry enabled.

Firewall 1 will be impacted by this vulnerability.

Please confirm if firewall 2 and firewall 3 will also be impacted due to this vulnerability.

Thanks in advance

Re: Query regarding CVE-2024-3400

Alpalo — Mon, 15 Apr 2024 14:02:19 GMT

No,

Only option 1 is affected...

This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both) and device telemetry enabled.

https://security.paloaltonetworks.com/CVE-2024-3400

Re: Query regarding CVE-2024-3400

TonyDeHart — Wed, 17 Apr 2024 16:35:58 GMT

In case you didn't see it, yesterday Palo updated their guidance and stated that telemetry disabled is NOT enough.

Re: Query regarding CVE-2024-3400

M.Sharma415844 — Thu, 25 Apr 2024 14:13:58 GMT

Based on the updated advisory from palo alto, i understand that Firewall 1 and Firewall 2 will be impacted.

============

Required Configuration for Exposure

This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both). Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.

You can verify whether you have a GlobalProtect gateway or GlobalProtect portal configured by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways or Network > GlobalProtect > Portals).

==================