Palo Alto Networks discloses a critical vulnerability, CVE-2024-3400, in PAN-OS actively exploited by threat actors. This intricate flaw combines two bugs in PAN-OS versions 10.2, 11.0, and 11.1, enabling unauthenticated remote shell command execution when chained together. Threat actor UTA0218 conducted a two-stage attack, known as Operation MidnightEclipse, utilizing a backdoor called UPSTYLE. Despite initial requirements, Bishop Fox’s findings reveal bypasses, expanding affected versions. Users are urged to apply hotfixes promptly, as CISA lists it in its Known Exploited Vulnerabilities catalog. Approximately 22,542 internet-exposed firewall devices are potentially vulnerable, primarily in the U.S., Japan, and India. Stay updated for more exclusive content.