Palo Alto Networks has unveiled hotfixes to tackle a utmost-severity security flaw impacting PAN-OS computer software that has appear under energetic exploitation in the wild.
Tracked as CVE-2024-3400 (CVSS score: 10.), the critical vulnerability is a scenario of command injection in the GlobalProtect attribute that an unauthenticated attacker could weaponize to execute arbitrary code with root privileges on the firewall.
Fixes for the shortcoming are offered in the adhering to versions –
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
- PAN-OS 10.2.9-h1
- PAN-OS 11..4-h1, and
- PAN-OS 11.1.2-h3
Patches for other commonly deployed servicing releases are expected to be introduced more than the future several days.
“This issue is relevant only to PAN-OS 10.2, PAN-OS 11., and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or equally) and machine telemetry enabled,” the business clarified in its current advisory.
It also reported that when Cloud NGFW firewalls are not impacted by CVE-2024-3400, unique PAN-OS variations and unique function configurations of firewall VMs deployed and managed by consumers in the cloud are affected.
The precise origins of the risk actor exploiting the flaw are presently mysterious but Palo Alto Networks Unit 42 is monitoring the malicious exercise under the identify Procedure MidnightEclipse.
Volexity, which attributed it to a cluster dubbed UTA0218, explained CVE-2024-3400 has been leveraged since at the very least March 26, 2024, to provide a Python-based backdoor referred to as UPSTYLE on the firewall that lets for the execution of arbitrary commands via specially crafted requests.
It is unclear how prevalent the exploitation has been, but the threat intelligence firm claimed it has “proof of prospective reconnaissance activity involving a lot more popular exploitation aimed at identifying vulnerable units.”
In attacks documented to date, UTA0218 has been observed deploying additional payloads to start reverse shells, exfiltrate PAN-OS configuration information, eliminate log data files, and deploy the Golang tunneling instrument named GOST (GO Uncomplicated Tunnel).
No other follow-up malware or persistence solutions are explained to have been deployed on target networks, although it can be unidentified if it can be by layout or thanks to early detection and reaction.
Discovered this write-up appealing? Adhere to us on Twitter and LinkedIn to read much more exclusive information we publish.
Some sections of this article are sourced from:
thehackernews.com