Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack

Palo Alto Networks discloses a critical vulnerability, CVE-2024-3400, in PAN-OS actively exploited by threat actors. This intricate flaw combines two bugs in PAN-OS versions 10.2, 11.0, and 11.1, enabling unauthenticated remote shell command execution when chained together. Threat actor UTA0218 conducted a two-stage attack, known as Operation MidnightEclipse, utilizing a backdoor called UPSTYLE. Despite initial requirements, Bishop Fox’s findings reveal bypasses, expanding affected versions. Users are urged to apply hotfixes promptly, as CISA lists it in its Known Exploited Vulnerabilities catalog. Approximately 22,542 internet-exposed firewall devices are potentially vulnerable, primarily in the U.S., Japan, and India. Stay updated for more exclusive content.

Read more

Sign up to receive daily content in your inbox

We don’t spam! Read our privacy policy for more info.

Share This Article

Leave Comment

Your email address will not be published. Required fields are marked *

Daily Newsletter

Subscribe to our free daily newsletter to get the latest summarized updates