The vulnerability is GlobalProtect. The vulnerability makes it possible to get root on a PaloAlto device – without any authentication (!). Unauth Command Injection. The manufacturer reports that the vulnerability is being exploited in real-world attacks.
Read more Critical 0day in VPN from PaloAlto. CVSS 10/10.