Palo Alto Networks has unveiled hotfixes to tackle a utmost-severity security flaw impacting PAN-OS computer software that has appear under energetic exploitation in the wild.
Tracked as CVE-2024-3400 (CVSS score: 10.), the critical vulnerability is a scenario of command injection in the GlobalProtect attribute that an unauthenticated attacker could weaponize to execute arbitrary code with root privileges on the firewall.
Fixes for the shortcoming are offered in the adhering to versions –
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
- PAN-OS 10.2.9-h1
- PAN-OS 11..4-h1, and
- PAN-OS 11.1.2-h3
Patches for other commonly deployed servicing releases are expected to be introduced more than the future several days.
“This issue is relevant only to PAN-OS 10.2, PAN-OS 11., and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or equally) and machine telemetry enabled,” the business clarified in its current advisory.
It also reported that when Cloud NGFW firewalls are not impacted by CVE-2024-3400, unique PAN-OS variations and unique function configurations of firewall VMs deployed and managed by consumers in the cloud are affected.
The precise origins of the risk actor exploiting the flaw are presently mysterious but Palo Alto Networks Unit 42 is monitoring the malicious exercise under the identify Procedure MidnightEclipse.
Volexity, which attributed it to a cluster dubbed UTA0218, explained CVE-2024-3400 has been leveraged since at the very least March 26, 2024, to provide a Python-based backdoor referred to as UPSTYLE on the firewall that lets for the execution of arbitrary commands via specially crafted requests.
It is unclear how prevalent the exploitation has been, but the threat intelligence firm claimed it has “proof of prospective reconnaissance activity involving a lot more popular exploitation aimed at identifying vulnerable units.”
In attacks documented to date, UTA0218 has been observed deploying additional payloads to start reverse shells, exfiltrate PAN-OS configuration information, eliminate log data files, and deploy the Golang tunneling instrument named GOST (GO Uncomplicated Tunnel).
No other follow-up malware or persistence solutions are explained to have been deployed on target networks, although it can be unidentified if it can be by layout or thanks to early detection and reaction.
Discovered this write-up appealing? Adhere to us on Twitter and LinkedIn to read much more exclusive information we publish.
Some sections of this article are sourced from:
thehackernews.com
Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts