Security News > 2024 > April > Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades

Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades
2024-04-30 12:44

There are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited, the company has confirmed on Monday, but they are "Not aware at this time of any malicious attempts to use these persistence techniques in active exploitation of the vulnerability."

On April 12, Palo Alto Networks warned about limited attacks against internet-exposed firewalls, likely by a state-backed threat actor, who managed to install backdoors, grab sensitive data, and move laterally through target organizations' networks.

Palo Alto Networks has been updating the associated security advisory and Unit 42 Threat Brief, as well as published additional advice for mitigation and remediation.

On April 18, the company said that "An increasing number of attacks that leverage the exploitation of this vulnerability" have been spotted and proof of concepts for the flaw(s) have been publicly disclosed by third parties.

Post-exploitation persistence on Palo Alto firewalls.

On April 25, Palo Alto published remediation recommendations for customers, and on April 29 they confimed that they are aware of "Proof-of-concept by third parties of post-exploit persistence techniques that survive resets and upgrades."


News URL

https://www.helpnetsecurity.com/2024/04/30/palo-alto-firewalls-persistence-cve-2024-3400-exploitation/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-04-12 CVE-2024-3400 Command Injection vulnerability in Paloaltonetworks Pan-Os
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
network
low complexity
paloaltonetworks CWE-77
critical
10.0