Security News > 2024 > April > Exploit released for Palo Alto PAN-OS bug used in attacks, patch now
Exploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software.
While Palo Alto Networks has started releasing hotfixes on Monday to secure unpatched firewalls exposed to attacks, the vulnerability has been exploited in the wild as a zero-day since March 26th to backdoor firewalls using Upstyle malware, pivot to internal networks, and steal data by a threat group believed to be state-sponsored and tracked as UTA0218.
One day after Palo Alto Networks started releasing CVE-2024-3400 hotfixes, watchTowr Labs also released a detailed analysis of the vulnerability and a proof-of-concept exploit that can be used to execute shell commands on unpatched firewalls.
Exploit released for Fortinet RCE bug used in attacks, patch now.
Palo Alto Networks zero-day exploited since March to backdoor firewalls.
Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks.
News URL
Related news
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Palo Alto Networks warns of firewall hijack bugs with public exploit (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-12 | CVE-2024-3400 | Command Injection vulnerability in Paloaltonetworks Pan-Os A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | 10.0 |