Zero-Day Alert: Important Palo Alto Networks PAN-OS Flaw Below Lively Assault

Apr 12, 2024NewsroomCommunity Safety / Zero-Day

Palo Alto Networks is warning {that a} important flaw impacting PAN-OS software program utilized in its GlobalProtect gateways is being actively exploited within the wild.

Tracked as CVE-2024-3400, the difficulty has a CVSS rating of 10.0, indicating most severity.

“A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall,” the corporate stated in an advisory printed immediately.

The flaw impacts the next variations of PAN-OS, with fixes anticipated to be launched on April 14, 2024 –

  • PAN-OS < 11.1.2-h3
  • PAN-OS < 11.0.4-h1
  • PAN-OS < 10.2.9-h1

The corporate additionally stated that the difficulty is relevant solely to firewalls which have the configurations for each GlobalProtect gateway (Community > GlobalProtect > Gateways) and machine telemetry (Machine > Setup > Telemetry) enabled.

Cybersecurity

Menace intelligence and incident response firm Volexity has been credited with discovering and reporting the bug.

Whereas there are not any different ttechnical particulars concerning the nature of the intrusions or the identification of risk actors behind them, Palo Alto Networks acknowledged that it is “aware of a limited number of attacks that leverage the exploitation of this vulnerability.”

Within the interim, it is recommending prospects with a Menace Prevention subscription to allow Menace ID 95187 to safe towards the risk.

The event comes as Chinese language risk actors have more and more relied on zero-day flaws impacting Barracuda Networks, Fortinet, Ivanti, and VMware to breach targets of curiosity and deploy covert backdoors for persistent entry.

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we submit.

Recent articles

Patch Alert: Essential Apache Struts Flaw Discovered, Exploitation Makes an attempt Detected

Dec 18, 2024Ravie LakshmananCyber Assault / Vulnerability Risk actors are...

Meta Fined €251 Million for 2018 Knowledge Breach Impacting 29 Million Accounts

Dec 18, 2024Ravie LakshmananKnowledge Breach / Privateness Meta Platforms, the...

LEAVE A REPLY

Please enter your comment!
Please enter your name here