Security News > 2024 > April > Exploit released for Palo Alto PAN-OS bug used in attacks, patch now
Exploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software.
While Palo Alto Networks has started releasing hotfixes on Monday to secure unpatched firewalls exposed to attacks, the vulnerability has been exploited in the wild as a zero-day since March 26th to backdoor firewalls using Upstyle malware, pivot to internal networks, and steal data by a threat group believed to be state-sponsored and tracked as UTA0218.
One day after Palo Alto Networks started releasing CVE-2024-3400 hotfixes, watchTowr Labs also released a detailed analysis of the vulnerability and a proof-of-concept exploit that can be used to execute shell commands on unpatched firewalls.
Exploit released for Fortinet RCE bug used in attacks, patch now.
Palo Alto Networks zero-day exploited since March to backdoor firewalls.
Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks.
News URL
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- CISA warns of more Palo Alto Networks bugs exploited in attacks (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- 2,000 Palo Alto Networks devices compromised in latest attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-12 | CVE-2024-3400 | Command Injection vulnerability in Paloaltonetworks Pan-Os A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | 10.0 |