Security News > 2024 > April > Palo Alto Networks fixes zero-day exploited to backdoor firewalls
Palo Alto Networks has started releasing hotfixes for a zero-day vulnerability that has been actively exploited since March 26th to backdoor PAN-OS firewalls.
This maximum severity security flaw affects PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with device telemetry and GlobalProtect enabled.
"Palo Alto Networks is aware of a limited number of attacks that leverage the exploitation of this vulnerability," the company warned on Friday when it disclosed the zero-day.
According to Palo Alto Networks' advisory, Cloud NGFW, Panorama appliances, and Prisma Access are not exposed to attacks via this vulnerability.
Palo Alto Networks' warning of active exploitation was confirmed by security firm Volexity, which discovered the zero-day flaw and detected threat actors using it to backdoor PAN-OS devices using Upstyle malware, breach networks, and steal data.
Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks.
News URL
Related news
- Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Fortinet warns of auth bypass zero-day exploited to hijack firewalls (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits (source)
- Fortinet warns of new zero-day exploited to hijack firewalls (source)
- Mysterious Palo Alto firewall reboots? You're not alone (source)
- Palo Alto firewalls under attack as miscreants chain flaws for root access (source)
- Attackers are chaining flaws to breach Palo Alto Networks firewalls (source)
- Palo Alto Networks tags new firewall bug as exploited in attacks (source)