Palo Alto Networks PAN-OS Vulnerability Exploited in Active Attacks
Palo Alto Networks has issued a caution about a serious vulnerability affecting PAN-OS software utilized in its GlobalProtect gateways, which is currently being exploited in the wild.
Known as CVE-2024-3400, this flaw has received a CVSS score of 10.0, denoting its utmost severity.
According to the company's advisory released today, the vulnerability lies in the GlobalProtect feature of Palo Alto Networks PAN-OS software, impacting specific versions and feature setups. It may empower an unauthorized attacker to execute arbitrary code with root privileges on the firewall.
The flaw impacts the following versions of PAN-OS,
The company also said that the issue is applicable only to firewalls that have the configurations for both GlobalProtect gateway (Network > GlobalProtect > Gateways) and device telemetry (Device > Setup > Telemetry) enabled.
Volexity, a company specializing in threat intelligence and incident response, has been recognized for discovering and reporting the bug.
While specific technical details about the intrusions or the identities of the threat actors are unavailable, Palo Alto Networks has acknowledged being "aware of a limited number of attacks" exploiting this vulnerability.
As a precaution, the company advises customers with a Threat Prevention subscription to activate Threat ID 95187 to bolster their defenses against this threat.
This development coincides with a trend where Chinese threat actors increasingly utilize zero-day flaws affecting Barracuda Networks, Fortinet, Ivanti, and VMware to infiltrate specific targets and establish concealed backdoors for continuous access.
For Further Reference