Palo Alto Networks Reveals Further Information About Critical PAN-OS Vulnerability Being Exploited

Published:

spot_img

Critical Exploitation of PAN-OS Security Flaw by Malicious Actors

In a recent report, Palo Alto Networks disclosed a critical security flaw in PAN-OS software that is being actively exploited by cybercriminals. The vulnerability, known as CVE-2024-3400 with a CVSS score of 10.0, is a sophisticated combination of two bugs in PAN-OS versions 10.2, 11.0, and 11.1.

According to Chandan B. N., a senior director at Palo Alto Networks, the first bug allowed attackers to store an empty file with a chosen filename, while the second bug used these filenames to execute commands. When exploited together, these bugs could lead to unauthenticated remote shell command execution.

The threat actor behind the exploitation, identified as UTA0218, conducted a two-stage attack named Operation MidnightEclipse. They utilized a backdoor called UPSTYLE to run specially crafted commands on vulnerable devices.

Palo Alto Networks has released patches for the flaw in several commonly deployed maintenance releases to mitigate the threat. However, recent findings from Bishop Fox revealed that the flaw could be weaponized without requiring telemetry to be enabled on a device.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has listed the vulnerability in its Known Exploited Vulnerabilities catalog, urging federal agencies to secure their devices promptly. The Shadowserver Foundation also highlighted that approximately 22,542 internet-exposed firewall devices are at risk, with a majority located in the U.S., Japan, India, Germany, the U.K., Canada, Australia, France, and China.

Users are advised to apply the provided hotfixes immediately to protect their systems from potential threats. Stay tuned for more updates on this evolving cybersecurity issue.

spot_img

Related articles

Recent articles

UAE’s Khalifa Fund Launches National Program to Strengthen Cybersecurity Startups

UAE's Khalifa Fund Launches National Program to Strengthen Cybersecurity Startups The Khalifa Fund for Enterprise Development (KFED) has unveiled a specialized national initiative aimed at...

Supreme Court Strengthens Fourth Amendment, Mandates Warrant for Cellphone Location Data

Supreme Court Strengthens Fourth Amendment, Mandates Warrant for Cellphone Location Data In a landmark ruling on Monday, the Supreme Court determined that police access to...

Japan’s Aflac, KDDI, Sapporo, and Nidec Hit by Four Cyberattacks Targeting Subsidiaries and Third-Party Infrastructure

Japan's Aflac, KDDI, Sapporo, and Nidec Hit by Four Cyberattacks Targeting Subsidiaries and Third-Party Infrastructure In a concerning trend, four significant cyberattacks reported in Japan...

Frontier AI: Six Critical Questions Enterprises Must Pose to Security Vendors

Frontier AI: Six Critical Questions Enterprises Must Pose to Security Vendors The emergence of Frontier AI has become a focal point in cybersecurity discussions, significantly...