Security
Headlines
HeadlinesLatestCVEs

Headline

Palo Alto Updates Remediation for Max-Critical Firewall Bug

Though PAN originally described the attacks exploiting the vulnerability as being limited, they are increasingly growing in volume, with more exploits disclosed by outside parties.

DARKReading
#vulnerability#web#auth

Source: SOPA Images Limited via Alamy Stock Photo

Palo Alto Networks (PAN) is sharing updated remediation information regarding a max-critical vulnerability that is actively being exploited in the wild.

The vulnerability, tracked as CVE-2024-3400, has a CVSS vulnerability-severity score of 10 out of 10, and can allow an unauthenticated threat actor to execute arbitrary code with root privileges on the firewall device, according to the update.

Present in PAN-OS 10.2, 11.0, and 11.1, the flaw was originally disclosed on April 12 after being discovered by researchers at Volexity.

PAN said that the number of attacks exploiting this vulnerability continue to grow and that “proof of concepts for this vulnerability have been publicly disclosed by third parties.”

The company is recommending that customers upgrade to a fixed version of PAN-OS, such as PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and all later PAN-OS versions, as this will fully protect their devices. PAN has also released additional hotfixes for other deployed maintenance releases.

PAN recommends that in order to mitigate the issue fully, customers should take actions based on suspected activity. For instance, if there has been probing or testing activity, users should update to the latest PAN-OS hotfix, and secure running-configs, create a master key and elect AES-256-GCM. This is defined as there being either no indication of a compromise, or evidence that the vulnerability being tested for on the device (i.e., a 0-byte file has been created and is resident on the firewall, but there’s no indication of any known unauthorized command execution).

“PAN-OS hotfixes sufficiently fix the vulnerability,” according to the update. “Private data reset or factory reset is not suggested as there is no indication of any known unauthorized command execution or exfiltration of files.”

However, if a file on the device has been copied to a location accessible via a Web request (in most cases, the file being copied is running_config.xml, according to PAN), users should perform a private data reset, which eliminates risks of potential misuse of device data. And if there’s evidence of interactive command execution (i.e., the presence of shell-based back doors, introduction of code, pulling files, running commands), PAN suggested doing a full factory reset.

Related news

U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware Attacks

U.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations across the country and coordinating with affiliates to deliver ransomware. The activity has been linked to a threat actor dubbed Pioneer Kitten, which is also known as Fox Kitten, Lemon Sandstorm (formerly Rubidium), Parisite, and UNC757, which it described as connected to

TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks

Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations. Recorded Future's Insikt Group is tracking the activity under the temporary moniker TAG-100, noting that the adversary likely compromised organizations in at least ten countries across Africa, Asia, North America,

AI Python Package Flaw ‘Llama Drama’ Threatens Software Supply Chain

By Waqas The Llama Drama vulnerability in the Llama-cpp-Python package exposes AI models to remote code execution (RCE) attacks, enabling attackers to steal data. Currently, over 6,000 models are affected by this vulnerability. This is a post from HackRead.com Read the original post: AI Python Package Flaw ‘Llama Drama’ Threatens Software Supply Chain

Siemens Working on Fix for Device Affected by Palo Alto Firewall Bug

Growing attacks targeting the flaw prompted CISA to include it in the known exploited vulnerabilities catalog earlier this month.

Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution

This Metasploit module exploits two vulnerabilities in Palo Alto Networks PAN-OS that allow an unauthenticated attacker to create arbitrarily named files and execute shell commands. Configuration requirements are PAN-OS with GlobalProtect Gateway or GlobalProtect Portal enabled and telemetry collection on (default). Multiple versions are affected. Payloads may take up to one hour to execute, depending on how often the telemetry service is set to run.

Palo Alto PAN-OS Command Execution / Arbitrary File Creation

Palo Alto PAN-OS versions prior to 11.1.2-h3 command injection and arbitrary file creation exploit.

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)

By Cyber Newswire Zero Knowledge Networking vendor shrugs off firewall flaw! This is a post from HackRead.com Read the original post: Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)

By cybernewswire Las Vegas, United States, April 17th, 2024, CyberNewsWire Zero Knowledge Networking vendor shrugs off firewall flaw In the… This is a post from HackRead.com Read the original post: Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)

Palo Alto OS Command Injection

Palo Alto OS was recently hit by a command injection zero day attack. These are exploitation details related to the zero day.

Palo Alto Network Issues Hotfixes for Zero-Day Bug in Its Firewall OS

A sophisticated threat actor is leveraging the bug to deploy a Python backdoor for stealing data and executing other malicious actions.

Palo Alto Patches 0-Day (CVE-2024-3400) Exploited by Python Backdoor

By Deeba Ahmed Firewall on fire! This is a post from HackRead.com Read the original post: Palo Alto Patches 0-Day (CVE-2024-3400) Exploited by Python Backdoor

DARKReading: Latest News

US Ban on TP-Link Routers More About Politics Than Exploitation Risk