Security News > 2024 > April > Palo Alto Networks zero-day exploited since March to backdoor firewalls
Suspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls tracked as CVE-2024-3400 since March 26, using the compromised devices to breach internal networks, steal data and credentials.
Palo Alto Networks warned yesterday that hackers were actively exploiting an unauthenticated remote code execution vulnerability in its PAN-OS firewall software and that patches would be available on April 14.
As the flaw was being used in attacks, Palo Alto Networks decided to disclose the it and release mitigations so customers could protect their devices until patches were complete.
A later report by Volexity, who discovered the zero-day flaw, is providing more details on how hackers exploited the vulnerability since March and installed a custom backdoor to pivot to the target's internal network and steal data.
Volexity says two methods can be used to detect if a Palo Alto Networks firewall was compromised.
Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks.
News URL
Related news
- Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit (source)
- Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474) (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- Palo Alto Networks tackles firewall-busting zero-days with critical patches (source)
- Week in review: 0-days exploited in Palo Alto Networks firewalls, two unknown Linux backdoors identified (source)
- Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Over 2,000 Palo Alto firewalls hacked using recently patched bugs (source)
- 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-04-12 | CVE-2024-3400 | Command Injection vulnerability in Paloaltonetworks Pan-Os A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | 10.0 |