TL;DR

PaloAlto Networks has published additional guidance surrounding CVE-2024-3400. They identified that disabling telemetry does not mitigate the vulnerability. However, hotpatches are now available for some versions. We recommend patching as soon as possible.  

 

The details:

On April 12, 2024, when PaloAlto Networks disclosed that a critical vulnerability (CVSS 10/10) was actively being exploited, they recommended mitigating the vulnerability by disabling device telemetry. It has been determined not to be a sufficient mitigation. Since the original announcement, patches have become available. As of today, April 16, knowledge of how to exploit the vulnerability is readily available. We recommend applying hotpatches ASAP.

 

Recommendations from Palo Alto:

  • Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187 (introduced in Applications and Threats content version 8833-8682).

Reference:

https://security.paloaltonetworks.com/CVE-2024-3400