How to Remedy CVE-2024-3400
123498
Created On 04/23/24 21:42 PM - Last Modified 05/23/24 20:34 PM
Objective
This article describes the recommended remediation procedure for Palo Alto Networks Security Advisory - CVE-2024-3400 devices that were not remediated on or before April 25th, 2024.
Environment
- Palo Alto Firewalls
- PAN-OS 10.2.x, 11.0.x, 11.1.x (Refer to the Palo Alto Networks Security Advisory for the affected versions)
- GlobalProtect
Procedure
- An enhanced factory reset (“EFR”) procedure can be scheduled by opening a case through Customer Support (TAC). This procedure does not rely on the integrity of a potentially compromised device to initiate a reset, and is recommended for customers that:
- Have not applied the PAN-OS fixes or Threat Prevention signatures with vulnerability protection applied to the Global Protect interface (regardless of level of compromise) on or before April 25, 2024; or
- Are concerned about a persistent risk.
- Customers using a VM series device should follow these remediation steps.
- After an EFR is performed, the following are recommended:
- Change the master key and elect for AES-256-GCM.
- Reset passwords, psk’s, keys, secrets, etc. (See the list of passwords and keys )
- Revoke and reissue all certificates with private-keys on PAN-OS; these certs-keys are on device > certificates (Revoke a certificate and generate a certificate ).
Customers who applied the previous recommended remediation steps on or before April 25, 2024 are believed to be at low risk of a persistent compromise.