Palo Alto Networks has disclosed a critical security vulnerabilities in PAN-OS that is actively being exploited by malicious actors. This threat advisory aims to provide comprehensive information on the issue and necessary actions to mitigate risks.
The vulnerability, tracked as CVE-2024-3400, is a combination of two bugs in PAN-OS versions 10.2, 11.0, and 11.1, allowing unauthenticated remote shell command execution.
The threat actor, UTA0218, conducted a two-stage attack named Operation MidnightEclipse, exploiting PAN-OS flaw for command execution on vulnerable devices.
Specially crafted requests containing commands are sent to devices, leveraging a backdoor named UPSTYLE. The attacker uses cron jobs and wget to execute commands and download malicious tools.
Approximately 22,542 internet-exposed firewall devices are vulnerable globally, with the majority located in the U.S., Japan, India, Germany, the U.K., Canada, Australia, France, and China.
Palo Alto Networks has released patches for affected PAN-OS versions. Users are strongly advised to apply hotfixes immediately to prevent exploitation.
If you have any questions or require further information on any other Cyber Security matters, please don’t hesitate to contact our dedicated team at [email protected].
If you want to see more about the SOC service we offer, please follow this link https://maidar.io.
To ask a question, go to our support portal.
We use cookies to improve your experience, personalise content and ads, to provide social media features and to analyse our traffic.By accepting this notice, you agree to our use of cookies.
These cookies are essential for the website to function properly. They help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies. They usually set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, or filling in forms.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. They may be set through our site by our advertising partners. They do not store directly personal information, but are based on uniquely identifying your browser and internet device.
Helps analyze site usage to improve user experience. Assists us to understand how visitors interact with the website by collecting and reporting information anonymously. These may be set by us or by third party providers whose services we have added to our pages.
Used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.