Security News > 2024 > April > Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack
2024-04-12 08:56
Palo Alto Networks is warning that a critical flaw impacting its PAN-OS software used in its GlobalProtect gateways is being exploited in the wild. Tracked as CVE-2024-3400, the issue has a CVSS score of 10.0, indicating maximum severity. "A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature
News URL
https://thehackernews.com/2024/04/zero-day-alert-critical-palo-alto.html
Related news
- Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks (source)
- Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack (source)
- Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack (source)
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws (source)
- FBI: Critical infrastructure suffers spike in ransomware attacks (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-04-12 | CVE-2024-3400 | Command Injection vulnerability in Paloaltonetworks Pan-Os A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | 10.0 |